Apache 1.2b2 not responding to any SYNs in Linux 2.0.27!

Apache 1.2b2 not responding to any SYNs in Linux 2.0.27!

Post by Bradley Ward All » Thu, 19 Dec 1996 04:00:00



Apache (tried 1.0.5, 1.1.1, 1.2b2, all with and without SSL) isn't
responding to the SYN sent to it under Linux (tried 2.0.* including
2.0.27, and about half a years' worth of libc releases):

Example:

[Note that 443 is the SSL port]

Q:~$ S sh
bash# fuser -n tcp -v 443

                     USER       PID ACCESS COMMAND
443/tcp              root     19774 f....  httpsd
                     root     19775 f....  httpsd
                     root     19776 f....  httpsd
                     root     19777 f....  httpsd
                     root     19778 f....  httpsd
                     root     19779 f....  httpsd
bash# netstat -an |egrep ':443'
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
bash#

Ok, all looks reasonable.  But then, either with Netscape 3.0 (beta)
or telnet, I get the following behavoir:

bash# telnet q.net 443
Trying 166.84.254.186...

[1]+  Stopped                 telnet q.net 443
bash# !net
netstat -an |egrep ':443'
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
tcp        0      2 166.84.254.186:1203     166.84.254.186:443      SYN_SENT
bash#

Apache never responds to the SYN that was sent.

I have experienced this in a range of Linux <-> Apache pairings.  Note
while I compiled SSL into it, I experience the exact same behavoir
without any SSL across all the Apache versions, so the SSL is not the
problem.

Questions:

1.  Anybody have a solution to this problem?
2.  How do I run strace or other debugging on Apache (preferably the beta)
    to diagnose this?
3.  I can find the Apache mailing list for myself.  Sigh.  More work ...

More information:

Apache 1.1.1 and 1.0.5 (is that the right version #?) used to work on
my Linux sometime in kernel 1.3, but mysteriously stopped working
sometime around 2.0-pre.  I suspect something in my configuration or
something in the kernel or Apache because it is common to so many
versions.

Please duplicate answers to email if at all possible since I sometimes
forget to check USENET groups.

 
 
 

Apache 1.2b2 not responding to any SYNs in Linux 2.0.27!

Post by Alan C » Fri, 20 Dec 1996 04:00:00




Quote:>Apache (tried 1.0.5, 1.1.1, 1.2b2, all with and without SSL) isn't
>responding to the SYN sent to it under Linux (tried 2.0.* including
>2.0.27, and about half a years' worth of libc releases):
>1.  Anybody have a solution to this problem?

Other than to answer that for zillions of people its not occuring. I'm
running apache 1.1.5 + SSLeay 0.6.5 + libc 5.3.12 and its been happy all
the time.

Quote:>2.  How do I run strace or other debugging on Apache (preferably the beta)
>    to diagnose this?

man strace

Alan
--

-------- http://www.cymru.net ----------       Phone: +44 1792 290194
Internet/Intranet Solutions, ISDN, Leased Lines, Consultancy and Support

 
 
 

Apache 1.2b2 not responding to any SYNs in Linux 2.0.27!

Post by Bradley Ward All » Wed, 25 Dec 1996 04:00:00


In article <59c3pn$...@snowcrash.cymru.net>,

Alan Cox <a...@snowcrash.cymru.net> wrote:
>In article <599f26$...@panix2.panix.com>,
>Bradley Ward Allen <u...@q.net> wrote:
>>Apache (tried 1.0.5, 1.1.1, 1.2b2, all with and without SSL) isn't
>>responding to the SYN sent to it under Linux (tried 2.0.* including
>>2.0.27, and about half a years' worth of libc releases):

>>1.  Anybody have a solution to this problem?

>Other than to answer that for zillions of people its not occuring. I'm
>running apache 1.1.5 + SSLeay 0.6.5 + libc 5.3.12 and its been happy all
>the time.

Ok, I finally got it working.  I had a maximalist kernel where lots of
extra modules were compiled in as well as a few other non-module
things.  So I made a minimalist kernel and that fixed it for a while,
for the first time in ages.  The reason I have a maximalist kernel is
to exacerbate bugs lest no one is around to fix them in the future; I
guess I achieved my goal :\ .  I rebooted today to find that the
minimalist kernel and Apache once again (both httpd and httpsd) would
not work.  Noting a few modules I really do need that the minimalist
kernel excluded, I made a compromise kernel and rebooted; httpd and
httpsd are both working fine again (I figured as much, see next PP).

So it seems there is some bug or configuration error somewhere, and
that it can be triggered by extra things compiled into the kernel, but
that isn't necessary to trigger it.  It seems to be something such as,
oh, for example, a configuration race condition that corrupts settings
for that kernel session.  I haven't been able to diagnose it further
than what I say below.

>>2.  How do I run strace or other debugging on Apache (preferably the beta)
>>    to diagnose this?
>man strace

I know this and people have to tell me to do it.  Indeed, "man strace"
revealed the -f option which is exactly what I needed.  (*bop*)

In strace, Apache had absolutely no reaction to the SYNs.  Regardless
of where the error is, the symptoms are that the SYN gets ignored
somewhere in the kernel.

In the following unified diff, "small" is my compromise mid-size
kernel where Apache works (at least sometimes), and "normal" is the
maximalist large-size kernel where I've never seen Apache work.

Hmm, CONFIG_ULMO_MODIFICATIONS is something that does the following in
include/linux/socket.h ... duh this must be the problem.  I would try
it before posting but I have to go to a Dec 24th engagement and want
to finish this thread:

/* Maximum queue length specifiable by listen.  */
#ifdef CONFIG_ULMO_MODIFICATIONS
#define SOMAXCONN       2048
#else
#define SOMAXCONN       128
#endif

However, thinking about it, I did that when the SYN attack was announced,
which as far as I can recall is *after* my Apache stopped working.  I'll
have to do some tests, sorry.

Q:/usr/src/linux-2.0$ diff -u small normal
--- small       Tue Dec 24 17:25:04 1996
+++ normal      Thu Dec 19 18:04:34 1996
@@ -5,26 +5,28 @@
 #
 # Code maturity level options
 #
-# CONFIG_EXPERIMENTAL is not set
+CONFIG_EXPERIMENTAL=y

 #
 # Loadable module support
 #
 CONFIG_MODULES=y
 CONFIG_MODVERSIONS=y
-# CONFIG_KERNELD is not set
+CONFIG_KERNELD=y

 #
 # General setup
 #
-# CONFIG_ULMO_MODIFICATIONS is not set
+CONFIG_ULMO_MODIFICATIONS=y
 # CONFIG_MATH_EMULATION is not set
 CONFIG_NET=y
 # CONFIG_MAX_16M is not set
 CONFIG_PCI=y
+CONFIG_PCI_OPTIMIZE=y
 CONFIG_SYSVIPC=y
 CONFIG_BINFMT_AOUT=y
 CONFIG_BINFMT_ELF=y
+CONFIG_BINFMT_JAVA=y
 CONFIG_KERNEL_ELF=y
 CONFIG_M586=y

@@ -41,37 +43,52 @@
 # CONFIG_BLK_DEV_RZ1000 is not set
 CONFIG_BLK_DEV_TRITON=y
 # CONFIG_IDE_CHIPSETS is not set
-# CONFIG_BLK_DEV_LOOP is not set
-# CONFIG_BLK_DEV_MD is not set
-# CONFIG_BLK_DEV_RAM is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_MD=y
+CONFIG_MD_LINEAR=y
+CONFIG_MD_STRIPED=y
+CONFIG_BLK_DEV_RAM=y
+CONFIG_BLK_DEV_INITRD=y
 # CONFIG_BLK_DEV_XD is not set
 # CONFIG_BLK_DEV_HD is not set

 #
 # Networking options
 #
-# CONFIG_FIREWALL is not set
+CONFIG_FIREWALL=y
 CONFIG_NET_ALIAS=y
 CONFIG_INET=y
-# CONFIG_IP_FORWARD is not set
-# CONFIG_IP_MULTICAST is not set
-# CONFIG_IP_ACCT is not set
+CONFIG_IP_FORWARD=y
+CONFIG_IP_MULTICAST=y
+CONFIG_IP_FIREWALL=y
+CONFIG_IP_FIREWALL_VERBOSE=y
+CONFIG_IP_MASQUERADE=y
+# CONFIG_IP_TRANSPARENT_PROXY is not set
+# CONFIG_IP_ALWAYS_DEFRAG is not set
+CONFIG_IP_ACCT=y
+CONFIG_IP_ROUTER=y
+CONFIG_NET_IPIP=y
+CONFIG_IP_MROUTE=y
 CONFIG_IP_ALIAS=y
+# CONFIG_ARPD is not set
 # CONFIG_INET_PCTCP is not set
-# CONFIG_INET_RARP is not set
+CONFIG_INET_RARP=m
 # CONFIG_NO_PATH_MTU_DISCOVERY is not set
 # CONFIG_IP_NOSR is not set
-# CONFIG_SKB_LARGE is not set
-# CONFIG_IPX is not set
-# CONFIG_ATALK is not set
+CONFIG_SKB_LARGE=y
+CONFIG_IPX=y
+# CONFIG_IPX_INTERN is not set
+CONFIG_ATALK=m
 # CONFIG_AX25 is not set
-# CONFIG_NETLINK is not set
+# CONFIG_BRIDGE is not set
+CONFIG_NETLINK=y
+CONFIG_RTNETLINK=y

 #
 # SCSI support
 #
-CONFIG_SCSI=m
-CONFIG_BLK_DEV_SD=m
+CONFIG_SCSI=y
+CONFIG_BLK_DEV_SD=y
 CONFIG_CHR_DEV_ST=m
 CONFIG_BLK_DEV_SR=m
 CONFIG_CHR_DEV_SG=m
@@ -82,7 +99,7 @@
 # SCSI low-level drivers
 #
 # CONFIG_SCSI_7000FASST is not set
-# CONFIG_SCSI_AHA152X is not set
+CONFIG_SCSI_AHA152X=m
 # CONFIG_SCSI_AHA1542 is not set
 # CONFIG_SCSI_AHA1740 is not set
 # CONFIG_SCSI_AIC7XXX is not set
@@ -98,12 +115,14 @@
 # CONFIG_SCSI_GENERIC_NCR5380 is not set
 # CONFIG_SCSI_NCR53C406A is not set
 # CONFIG_SCSI_NCR53C7xx is not set
-CONFIG_SCSI_NCR53C8XX=m
+CONFIG_SCSI_NCR53C8XX=y
 CONFIG_SCSI_NCR53C8XX_TAGGED_QUEUE=y
 # CONFIG_SCSI_NCR53C8XX_IOMAPPED is not set
 # CONFIG_SCSI_NCR53C8XX_NO_DISCONNECT is not set
 # CONFIG_SCSI_NCR53C8XX_FORCE_ASYNCHRONOUS is not set
 # CONFIG_SCSI_NCR53C8XX_FORCE_SYNC_NEGO is not set
+# CONFIG_SCSI_NCR53C8XX_DISABLE_MPARITY_CHECK is not set
+# CONFIG_SCSI_NCR53C8XX_DISABLE_PARITY_CHECK is not set
 CONFIG_SCSI_PPA=m
 # CONFIG_SCSI_PAS16 is not set
 # CONFIG_SCSI_QLOGIC_FAS is not set
@@ -117,16 +136,54 @@
 # Network device support
 #
 CONFIG_NETDEVICES=y
-# CONFIG_DUMMY is not set
+CONFIG_DUMMY=m
 CONFIG_EQUALIZER=m
-# CONFIG_PLIP is not set
+CONFIG_DLCI=m
+CONFIG_DLCI_COUNT=24
+CONFIG_DLCI_MAX=8
+CONFIG_SDLA=m
+CONFIG_PLIP=m
 CONFIG_PPP=y
 CONFIG_SLIP=y
 CONFIG_SLIP_COMPRESSED=y
 CONFIG_SLIP_SMART=y
-# CONFIG_SLIP_MODE_SLIP6 is not set
+CONFIG_SLIP_MODE_SLIP6=y
 # CONFIG_NET_RADIO is not set
-# CONFIG_NET_ETHERNET is not set
+CONFIG_NET_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_EL1 is not set
+# CONFIG_EL2 is not set
+# CONFIG_ELPLUS is not set
+# CONFIG_EL16 is not set
+CONFIG_EL3=m
+CONFIG_VORTEX=m
+# CONFIG_LANCE is not set
+# CONFIG_NET_VENDOR_SMC is not set
+CONFIG_NET_ISA=y
+# CONFIG_AT1700 is not set
+# CONFIG_E2100 is not set
+# CONFIG_DEPCA is not set
+# CONFIG_EWRK3 is not set
+# CONFIG_EEXPRESS is not set
+# CONFIG_EEXPRESS_PRO is not set
+# CONFIG_FMV18X is not set
+# CONFIG_HPLAN_PLUS is not set
+# CONFIG_HPLAN is not set
+# CONFIG_HP100 is not set
+# CONFIG_ETH16I is not set
+CONFIG_NE2000=m
+# CONFIG_NI52 is not set
+# CONFIG_NI65 is not set
+# CONFIG_SEEQ8005 is not set
+# CONFIG_SK_G16 is not set
+CONFIG_NET_EISA=y
+# CONFIG_AC3200 is not set
+# CONFIG_APRICOT is not set
+# CONFIG_DE4X5 is not set
+# CONFIG_DEC_ELCP is not set
+# CONFIG_DGRS is not set
+# CONFIG_ZNET is not set
+# CONFIG_NET_POCKET is not set
 # CONFIG_TR is not set
 # CONFIG_FDDI is not set
 # CONFIG_ARCNET is not set
@@ -134,7 +191,14 @@
 #
 # ISDN subsystem
 #
-# CONFIG_ISDN is not set
+CONFIG_ISDN=m
+CONFIG_ISDN_PPP=y
+CONFIG_ISDN_PPP_VJ=y
+CONFIG_ISDN_MPP=y
+CONFIG_ISDN_AUDIO=y
+CONFIG_ISDN_DRV_ICN=m
+CONFIG_ISDN_DRV_PCBIT=m
+CONFIG_ISDN_DRV_TELES=m

 #
 # CD-ROM drivers (not for SCSI or IDE/ATAPI drives)
@@ -144,24 +208,30 @@
 #
 # Filesystems
 #
-# CONFIG_QUOTA is not set
+CONFIG_QUOTA=y
 # CONFIG_LOCK_MANDATORY is not set
-# CONFIG_SYMLINK_FIX is not set
+CONFIG_SYMLINK_FIX=y
 CONFIG_MINIX_FS=m
 # CONFIG_EXT_FS is not set
 CONFIG_EXT2_FS=y
 # CONFIG_XIA_FS is not set
-# CONFIG_FAT_FS is not set
-# CONFIG_MSDOS_FS is not set
-# CONFIG_VFAT_FS is not set
-# CONFIG_UMSDOS_FS is not set
+CONFIG_FAT_FS=m
+CONFIG_MSDOS_FS=m
+CONFIG_VFAT_FS=m
+CONFIG_UMSDOS_FS=m
 CONFIG_PROC_FS=y
-# CONFIG_NFS_FS is not set
-# CONFIG_SMB_FS is not set
+CONFIG_NFS_FS=m
+CONFIG_SMB_FS=m
+# CONFIG_SMB_WIN95 is not set
+CONFIG_NCP_FS=m
 CONFIG_ISO9660_FS=y
-# CONFIG_HPFS_FS is not set
-# CONFIG_SYSV_FS is not set
-# CONFIG_UFS_FS is not set
+CONFIG_HPFS_FS=m
+CONFIG_SYSV_FS=m
+CONFIG_AFFS_FS=m
+CONFIG_AMIGA_PARTITION=y
+CONFIG_UFS_FS=m
+CONFIG_BSD_DISKLABEL=y
+CONFIG_SMD_DISKLABEL=y

 #
 # Character devices
@@ -171,7 +241,7 @@
 # CONFIG_CYCLADES is not set
 # CONFIG_STALDRV is not set
 # CONFIG_RISCOM8 is not set
-# CONFIG_PRINTER is not set
+CONFIG_PRINTER=m
 CONFIG_MOUSE=y
 # CONFIG_ATIXL_BUSMOUSE is not set
 # CONFIG_BUSMOUSE is not set
@@ -180,15 +250,19 @@
 # CONFIG_82C710_MOUSE is not set
 # CONFIG_UMISC is not set
 # CONFIG_QIC02_TAPE is not set
-# CONFIG_FTAPE is not set
+CONFIG_FTAPE=m
 # CONFIG_APM is not set
-# CONFIG_WATCHDOG is not set
-# CONFIG_RTC is not set
+CONFIG_WATCHDOG=y
+# CONFIG_WATCHDOG_NOWAYOUT is not set
+# CONFIG_WDT is not set
+CONFIG_SOFT_WATCHDOG=y
+# CONFIG_PCWATCHDOG is not set
+CONFIG_RTC=y

 #
 # Sound
 #
-CONFIG_SOUND=m
+CONFIG_SOUND=y
 # CONFIG_PAS is not set
 CONFIG_SB=y
 # CONFIG_ADLIB is not set
@@ -211,7 +285,7 @@
 SBC_IRQ=7
 SBC_DMA=1
 SB_DMA2=5
-SB_MPU_BASE=0
+SB_MPU_BASE=330
 SB_MPU_IRQ=-1
 DSP_BUFFSIZE=65536
 CONFIG_LOWLEVEL_SOUND=y
@@ -221,4 +295,5 @@
 #
 # Kernel hacking
 #
-# CONFIG_PROFILE is not set
+CONFIG_PROFILE=y
+CONFIG_PROFILE_SHIFT=2
Q:/usr/src/linux-2.0$

Also note I recently set profiling, that won't be the problem either.

Bradley

 
 
 

1. Help Compiling Apache 1.2.0 on Linux 2.0.27 == Help VirtualHost Cgi Directory

Hi

Answer By Email Please !

==================================================================
I have a problem of compilation on Apache 1.2.0 on Linux 2.0.27 :

gcc -c -Iregex  -O2 -DLINUX=2   buff.c
In file included from buff.c:66:
/usr/include/sys/uio.h:33: redefinition of `struct iovec'
make: *** [buff.o] Error 1

Anyone know this problems ??
===================================================================

===================================================================
I use Apache 1.1.3 and i want create a cgi-bin directory for a
VirtualHost (different) !

Ex: http://www.domaine1.com/cgi-bin/       =>   /usr/www/domaine1/cgi-bin/
Ex: http://www.domaine2.com/cgi-bin/       =>   /usr/www/domaine2/cgi-bin/

on one Linux machine

Thanks for your help

------------------------------------------------------------------------
    ("`-/")_.-'"``-._        Jerome Schevingt - Ingenieur Unix/Windows
     . . `; -._    )-;-,_`)          

   _.- _..-_/ / ((.'      
 ((,.-'   ((,/                          http://www.avo.fr
AVO France SARL
21 Avenue de Firminy
F-43110 Aurec sur Loire
FRANCE
------------------------------------------------------------------------
Toute reception d'e-Mail commercial non sollicite, sera consideree comme
une attaque de mon serveur de mail et donnera lieu a des ripostes ...
------------------------------------------------------------------------

2. Q: Windows Fonts?

3. Secure Apache 1.1.3 Server under Linux 2.0.27

4. Buying PowerPC parts

5. Problem Compiling Apache SSL on LinuX 2.0.27

6. XF86 4 - error - pointer protocol??

7. Apache under Linux 2.0.27 problems

8. Problem adding remote windows printer in AFPS

9. libg++.so.27 and libstc++.so.27?

10. Apache 1.3b3 on Linux 2.0.27 -- MMap failures

11. Apache 1.2b4 ftp proxy error on Linux 2.0.27

12. 2.5.40 s390 (27/27): control characters.

13. VARARGS not working on linux 2.0.27 - what is needed?