tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pier Fumagalli <p...@betaversion.org>
Subject Re: 5.0 proposal
Date Tue, 25 Jun 2002 00:08:32 GMT
Remy Maucherat <remm@apache.org> wrote:

> I don't see that much to remove. I assume JNDI is the ever popular
> target, but I didn't notice it causing major problems (either
> performance or reliability), so I'd say it's not worth it.

Actually, I have a complaint... 4.1.3 tries to write into my conf directory:
especially the tomcat-users.xml.new file (and since the directory is read
only, the VM falls over).

Call it defensive administration, but I don't want my engine to write a
single file if it's not where I tell him to do: /tmp. And for sure it must
not attempt to modify my tomcat-users.xml.

Only _root_ can do that, and if this is one of those things you call
"features", I call it a big huge security hole.

Attached there is a nice output of my logfile.

Plus, about that random BOUND socket I had, I noticed it's a leftover
somehow in some friggin' initialization stage...

My ports are 8005 (control) and 8080 (http/coyote)

When I start up the thing it's all clear. I start 4.1.2 and notice:

Local Address   Remote Address  Swind Send-Q Rwind Recv-Q State
--------------- --------------- ----- ------ ----- ------ ---------
localhost.8080  localhost.47420 32768      0 32768      0 TIME_WAIT
localhost.47422 localhost.47421 32768      0 32768      0 TIME_WAIT
        *.8080          *.*         0      0 24576      0 LISTEN

Why in the world is TC first of all opening a serversocket on port 47421?
(this port number always varies) what's going on here?

And why the hell does TC has to call himself up on port 8080? Is it
absolutely stupid?

Now one of TIME_WAIT (of course) expire (60 seconds in my kernel config) and
all seems back to normal:

Local Address   Remote Address  Swind Send-Q Rwind Recv-Q State
--------------- --------------- ----- ------ ----- ------ ---------
localhost.47422 localhost.47421 32768      0 32768      0 TIME_WAIT
        *.8080          *.*         0      0 24576      0 LISTEN
localhost.8005          *.*         0      0 24576      0 LISTEN

So, we can observe that FIRST TC disconnects to itself on port 8080, and
THEN on port 47422... (the first expiring is the first that got
disconnected)

And then the second expires as well...

Local Address   Remote Address  Swind Send-Q Rwind Recv-Q State
--------------- --------------- ----- ------ ----- ------ ---------
        *.47422         *.*         0      0 24576      0 BOUND
        *.8080          *.*         0      0 24576      0 LISTEN
localhost.8005          *.*         0      0 24576      0 LISTEN

Uhoh... There you go... The stinkin' brat is still there.. A nice BOUND
socket, incredibly enough, the one that the connection was originated from,
but why did that socket had to connect to port 47421? Why isn't it closed
now? Why is it left hanging in my TCP stack? I can tell you that after 5
days it doesn't go away, therefore I believe that the Socket object to which
it refers to doesn't ever gets garbage collected...

A truss of what's going on: effectively, tomcat is doing a great job at
playing around with sockets, but for sure I don't get why it needs to
CONNECT (it's a dumb server), It does it two times, as reported by me
beautifully crafted Solaris kernel, On those connections, as far as I can
see, it never writes (or reads) anything,

/1:     -> libsocket:socket(0x1a, 0x2, 0x0)
/1:     <- libsocket:socket() = 5
/1:     -> libsocket:socket(0x2, 0x2, 0x0)
/1:     <- libsocket:socket() = 5
/1:     -> libsocket:listen(0x5, 0x1)
/1:     <- libsocket:listen() = 0
/1:     -> libsocket:getsockname(0x5, 0x8046584, 0x80465b4)
/1:     <- libsocket:getsockname() = 0
/1:     -> libsocket:socket(0x2, 0x2, 0x0)
/1:     <- libsocket:socket() = 6
/1:     -> libsocket:connect(0x6, 0x8046584, 0x10)
/1:     <- libsocket:connect() = 0
/1:     -> libsocket:accept(0x5, 0x8046584, 0x80465b4)
/1:     <- libsocket:accept() = 7
/1:     -> libsocket:shutdown(0x6, 0x2)
/1:     <- libsocket:shutdown() = 0
/1:     -> libsocket:socket(0x2, 0x2, 0x0)
/1:     <- libsocket:socket() = 5
/1:     -> libsocket:setsockopt(0x5, 0xffff, 0x4, 0x8046834)
/1:     <- libsocket:setsockopt() = 0
/1:     -> libsocket:bind(0x5, 0x804685c, 0x10)
/1:     <- libsocket:bind() = 0
/1:     -> libsocket:listen(0x5, 0x32)
/1:     <- libsocket:listen() = 0
/1:     -> libsocket:socket(0x2, 0x2, 0x0)
/1:     <- libsocket:socket() = 8
/1:     -> libsocket:setsockopt(0x8, 0xffff, 0x4, 0x8046948)
/1:     <- libsocket:setsockopt() = 0
/1:     -> libsocket:bind(0x8, 0x8046970, 0x10)
/1:     <- libsocket:bind() = 0
/1:     -> libsocket:listen(0x8, 0x32)
/1:     <- libsocket:listen() = 0
/1:     -> libsocket:accept(0x8, 0x80469b0, 0x80469d0)
/22:    -> libsocket:accept(0x5, 0xd1ec08d0, 0xd1ec08f0)
/22:    <- libsocket:accept() = -1
/22:    -> libsocket:accept(0x5, 0xd1ec08d0, 0xd1ec08f0)
/22:    <- libsocket:accept() = 11
/22:    -> libsocket:setsockopt(0xb, 0xffff, 0x80, 0xd1ec0844)
/22:    <- libsocket:setsockopt() = 0
/22:    -> libsocket:setsockopt(0xb, 0x6, 0x1, 0xd1ec0848)
/22:    <- libsocket:setsockopt() = 0
/22:    -> libsocket:send(0xb, 0xd1ebf718, 0xa8, 0x0)
/22:    <- libsocket:send() = 168
/22:    -> libsocket:send(0xb, 0xd1ebf734, 0x6, 0x0)
/22:    <- libsocket:send() = 6
/22:    -> libsocket:send(0xb, 0x8514960, 0x1cfb, 0x0)
/22:    <- libsocket:send() = 7419
/22:    -> libsocket:send(0xb, 0xd1ebf734, 0x2, 0x0)
/22:    <- libsocket:send() = 2
/22:    -> libsocket:send(0xb, 0xd1ebff6c, 0x5, 0x0)
/22:    <- libsocket:send() = 5
/21:    -> libsocket:accept(0x5, 0xd1f108d0, 0xd1f108f0)
/21:    <- libsocket:accept() = 12
/21:    -> libsocket:setsockopt(0xc, 0xffff, 0x80, 0xd1f10844)
/21:    <- libsocket:setsockopt() = 0
/21:    -> libsocket:setsockopt(0xc, 0x6, 0x1, 0xd1f10848)
/21:    <- libsocket:setsockopt() = 0
/20:    -> libsocket:accept(0x5, 0xd1f608d0, 0xd1f608f0)
/20:    <- libsocket:accept() = 13
/20:    -> libsocket:setsockopt(0xd, 0xffff, 0x80, 0xd1f60844)
/20:    <- libsocket:setsockopt() = 0
/20:    -> libsocket:setsockopt(0xd, 0x6, 0x1, 0xd1f60848)
/20:    <- libsocket:setsockopt() = 0
/19:    -> libsocket:accept(0x5, 0xd1fb08d0, 0xd1fb08f0)
/19:    <- libsocket:accept() = 14
/19:    -> libsocket:setsockopt(0xe, 0xffff, 0x80, 0xd1fb0844)
/19:    <- libsocket:setsockopt() = 0
/21:    -> libsocket:send(0xc, 0xd1f0fee4, 0xe3, 0x0)
/21:    <- libsocket:send() = 227
/21:    -> libsocket:send(0xc, 0xd1f0ff0c, 0x78e, 0x0)
/21:    <- libsocket:send() = 1934
/19:    -> libsocket:setsockopt(0xe, 0x6, 0x1, 0xd1fb0848)
/20:    -> libsocket:send(0xd, 0xd1f5fee4, 0xe3, 0x0)
/20:    <- libsocket:send() = 227
/19:    <- libsocket:setsockopt() = 0
/20:    -> libsocket:send(0xd, 0x8515a38, 0x1f46, 0x0)
/20:    <- libsocket:send() = 8006
/19:    -> libsocket:send(0xe, 0xd1fafee4, 0xe3, 0x0)
/19:    <- libsocket:send() = 227
/19:    -> libsocket:send(0xe, 0x83defe0, 0x914, 0x0)
/19:    <- libsocket:send() = 2324
/1:     <- libsocket:accept() = -1
/1:     -> libsocket:accept(0x8, 0x80469b0, 0x80469d0)
/30:    -> libsocket:socket(0x2, 0x2, 0x0)
/30:    <- libsocket:socket() = 11
/30:    -> libsocket:bind(0xb, 0xd1c4088c, 0x10)
/30:    <- libsocket:bind() = 0
/30:    -> libsocket:getsockname(0xb, 0xd1c4088c, 0xd1c408ac)
/30:    <- libsocket:getsockname() = 0
/30:    -> libsocket:connect(0xb, 0xd1c40744, 0x10)
/27:    -> libsocket:accept(0x5, 0xd1d308d0, 0xd1d308f0)
/27:    <- libsocket:accept() = 12
/30:    <- libsocket:connect() = 0

For those who are interested in actually making the sucker work, and not
leaving up resources all around the place, I have the full truss output with
all system calls...

This are a couple of things that, apart from performances, tell me that no
one ever actually tried to put this sucker in a _real_ production
environment (I did, and it failed).

    Pier

--
[Perl] combines all the worst aspects of C and Lisp:  a billion of different
sublanguages in  one monolithic executable.  It combines the power of C with
the readability of PostScript. [Jamie Zawinski - DNA Lounge - San Francisco]


Mime
View raw message