Re: "port xxx not secure" errors
2007-04-30 08:28:51
Amanda try to use proviledged port in the range 512-1023.
It will not use port reserved for other services, as listed in
/etc/services.
There is less port available for tcp than udp.
Which amanda version are you using?
What is your OS?
Did it list all port from 512 to 1026 or it jump from 603 to 1026?
How many lines have the "Address already in use" failed message?
How many DLE do you have for 209.123.46.102?
What is the maxdumps setting?
Do you configure with --without-reuseaddr? You should probably not.
What is the output of: grep USE_REUSEADDR config/config.h
Next time, attach the complete debug file.
You can try to remove some service from /etc/services.
Jean-Louis
Charles Sprickman wrote:
On Sun, 29 Apr 2007, Jean-Louis Martineau wrote:
The dumper must be installed suid root.
[devel2]/tmp/amanda/server/DailySet1 # ls -l
/usr/local/libexec/amanda/dumper
-r-sr-x--- 1 root operator 30344 Mar 14 01:54
/usr/local/libexec/amanda/dumper
What's in the dumper.<timestamps>.debug file?
I've got the following. It looks like it steps through all services
in /etc/services and decides that they are used by other services. I
don't have the same log left around, but in short the sequence of
events in the dumper debug log is this:
-searches through all services in /etc/services, decides most are already
assigned to another service -
dumper: connect_port: Skip port 597: Owned by ptcnameservice.
dumper: connect_port: Skip port 598: Owned by sco-websrvrmg3.
dumper: connect_port: Skip port 599: Owned by acp.
dumper: connect_port: Skip port 600: Owned by ipcserver.
dumper: connect_port: Try port 601: Available
note that these aren't actually in use, just defined in /etc/services
-it seems to do this on each connect and quite often will try a port that
it's already using on another dump job -
dumper: connect_portrange: connect from 0.0.0.0.601 failed: Address
already in use
dumper: connect_portrange: connect to 209.123.46.102.10080 failed:
Address already in use
-this goes on and on, with the port number increasing until it reaches
something outside the privileged port range -
security_stream_seterr(0x8086000, EOF)
security_stream_close(0x8086000)
security_stream_seterr(0x806d000, EOF)
security_stream_close(0x806d000)
security_stream_seterr(0x807d000, EOF)
security_stream_close(0x807d000)
dumper: connect_port: Try port 1026: Available -
dumper: connected to 127.0.0.1.4133
dumper: our side is 0.0.0.0.1026
dumper: try_socksize: send buffer size is zu
security_getdriver(name=bsdtcp) returns 0x480c1380
security_handleinit(handle=0x805d100, driver=0x480c1380 (BSDTCP))
security_streaminit(stream=0x8064000, driver=0x480c1380 (BSDTCP))
dumper: connect_port: Try port 585: Available -
dumper: connect_portrange: connect from 0.0.0.0.585 failed: Address
already in use
dumper: connect_portrange: connect to 209.123.46.110.10080 failed:
Address already in use
dumper: connect_port: Skip port 512: Owned by exec.
(repeat - eventually it finds a low port that works)
This process repeats in the debug files, it works it's way down to a
lower port, sees it's in use already, increments up until it gets to
1026 again.
Keep in mind I'm using bsdtcp-auth, which I suppose is somewhat new.
If I had to guess I'd say that there's either some odd problem in
parsing /etc/services as there's always this huge jump from port 603
or so right to 1026 or higher.
What do you folks think?
Thanks,
Charles
|
|
|