Re: Coredumps with 2.5.1p3

Doug> I'm running an Amanda client on a pair of FreeBSD 5.4 and after
Doug> upgrading from 2.4.5p1 to 2.5.1p3 I'm getting core dumps of amandad.

Doug> Anybody have any ideas before I simply downgrade back to 2.4.5?

Gene> When you did the upgrade was an ldconfig done as the last thing,
Gene> or very close to last in order to refresh the library linkages
Gene> correctly? 

Yup. I did the upgrade via portupgrade on FreeBSD, and at the very end
of the session:

  ===>   Compressing manual pages for amanda-client-2.5.1p3_1,1
  ===>   Running ldconfig
  /sbin/ldconfig -m /usr/local/lib
  ===>   Registering installation for amanda-client-2.5.1p3_1,1


Gene> It shouldn't hurt to do it again by hand, as root, just to
Gene> check.

Just did so and re-ran my test. Same result:

  Program terminated with signal 11, Segmentation fault.
  #0  0x0804ac8d in s_ackwait (as=0x805b000, action=A_RECVPKT, pkt=0x280bb000) 
at amandad.c:1068
  1068            security_stream_read(dh->netfd, process_writenetfd, dh);

Doug> These hosts are behind a firewall, but I checked that the
Doug> AMANDA_PORTRANGE=50001,50099 and AMANDA_UDPPORTRANGE=801,899 knobs
Doug> from /etc/make.conf are correctly finding their way into
Doug> config.status: '--with-udpportrange=801,899'
Doug> '--with-portrange=50001,50099'

Gene> And are these ports actually open to these protocols according
Gene> to the firewall rules? 

Yes, because the 2.4.5p1 version worked like a charm, and because my
packet filter config has:

  amanda="67.134.74.26"
  amandaports="50000:50100"
  [...]
  pass in log quick inet proto tcp  from $amanda    to $lan port $amandaports 
flags S/SARF keep state
  pass in log quick inet proto udp  from $amanda    to $lan port amanda         
           keep state

Damn it, the above is a lie. 

I just watched with tcpdump the actual traffic and clearly something
isn't happening right. From the packet filter log:

17:50:48.462364 rule 21/0(match): pass in on fxp0: IP 67.134.74.26.874 > 
207.109.234.250.10080: UDP, length: 125
17:50:48.591917 rule 21/0(match): pass in on fxp0: IP 67.134.74.26.877 > 
207.109.234.250.10080: UDP, length: 260
17:50:48.636197 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 611117423 0,sackOK,eol>
17:50:51.634698 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 611120423 0,sackOK,eol>
17:50:54.833986 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,nop,wscale 
1,nop,nop,timestamp 611123623 0,sackOK,eol>
17:50:58.033361 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,sackOK,eol>
17:51:01.232929 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,sackOK,eol>
17:51:04.432183 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,sackOK,eol>
17:51:10.630986 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,sackOK,eol>
17:51:22.828770 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,sackOK,eol>
17:51:47.024174 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.53055: S 160641676:160641676(0) win 65535 <mss 1460,sackOK,eol>
17:52:03.654909 rule 21/0(match): pass in on fxp0: IP 67.134.74.26.877 > 
207.109.234.250.10080: UDP, length: 257
17:52:03.735340 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,nop,wscale 1,nop,nop,timestamp 611192537 0,sackOK,eol>
17:52:06.734533 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,nop,wscale 1,nop,nop,timestamp 611195537 0,sackOK,eol>
17:52:09.933969 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,nop,wscale 1,nop,nop,timestamp 611198737 0,sackOK,eol>
17:52:13.133348 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,sackOK,eol>
17:52:16.332645 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,sackOK,eol>
17:52:19.532136 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,sackOK,eol>
17:52:25.730933 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,sackOK,eol>
17:52:37.928605 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,sackOK,eol>
17:53:02.124096 rule 0/0(match): block in on fxp0: IP 67.134.74.26.1026 > 
207.109.234.250.57850: S 2945510063:2945510063(0) win 65535 <mss 
1460,sackOK,eol>

So clearly the problem is that my new client isn't using the right
ports, which is further shown by this packet from the client to the
server:

  17:57:30.601244 IP 207.109.234.250.10080 > 67.134.74.26.891: UDP, length: 131
        0x0000:  4500 009f d4a8 0000 4011 5d9d cf6d eafa  E.......@.]..m..
        0x0010:  4386 4a1a 2760 037b 008b f2a2 416d 616e  C.J.'`.{....Aman
        0x0020:  6461 2032 2e35 2052 4550 2048 414e 444c  da.2.5.REP.HANDL
        0x0030:  4520 3030 302d 3030 3030 3030 3030 2053  E.000-00000000.S
        0x0040:  4551 2031 3137 3531 3634 3738 320a 434f  EQ.1175164782.CO
        0x0050:  4e4e 4543 5420 4441 5441 2035 3433 3230  NNECT.DATA.54320
        0x0060:  204d 4553 4720 3535 3433 3220 494e 4445  .MESG.55432.INDE
        0x0070:  5820 3537 3333 380a 4f50 5449 4f4e 5320  X.57338.OPTIONS.
        0x0080:  6665 6174 7572 6573 3d66 6666 6666 6566  features=fffffef
        0x0090:  6639 6666 6566 6666 6666 6637 663b 0a    f9ffeffffff7f;.

And then the server is unable to establish a connection to port 54320
on the client. From the config.status file here's the config line,
with some arbitrary white space added for readability:

  configured by ./configure, generated by GNU Autoconf 2.59,
  with options \"
      '--libexecdir=/usr/local/libexec/amanda'
      '--with-amandahosts'
      '--with-fqdn'
      '--with-dump-honor-nodump'
      '--with-buffered-dump'
      '--disable-libtool'
      '--with-user=operator'
      '--with-group=operator'
      '--with-index-server=amanda.meridian-enviro.com'
      '--with-tape-server=amanda.meridian-enviro.com'
      '--with-config=daily'
      '--with-udpportrange=801,899'
      '--with-portrange=50001,50099'
      '--with-gnutar-listdir=/var/amanda/gnutar-lists'
      '--with-gnutar=/usr/local/bin/gtar'
      '--without-server'
      '--prefix=/usr/local'
      '--build=i386-portbld-freebsd5.4'
      'CFLAGS=-g'
      'CXX=c++'
      'build_alias=i386-portbld-freebsd5.4'
      'CC=cc'
      'CXXFLAGS=-g'\"

And inspection of the configure script suggests that the ChangeLog is
incorrect:

  2001-08-14 John R. Jackson (jrj AT purdue DOT edu)
        [...]
        * configure.in: Added several more port range sanity checks.  Added
          --with-tcpportrange as an alias for --with-portrange.

It seems that rev 1.327 removed support for --with-portrange.

I just tweaked the Makefile for the misc/amanda-server port (which is
a slave of the amanda-client port) to use --with-tcpportrange instead
of --with-portrange and it works like a champ.

The interesting part is that I'm actually the guy that submitted the
patch to add the AMANDA_PORTRANGE and AMANDA_UDPPORTRANGE knobs to
/etc/make.conf for the FreeBSD port of amanda.  ;)

I'll submit a PR to fix this problem.