[ http://issues.apache.org/jira/browse/DIRMINA-235?page=comments#action_12441668 ] Jörg Henne commented on DIRMINA-235: ------------------------------------
After a thorough debugging session I've come to the conclusion that this is, in fact, not a problem of either MINA or DS, but a problem generated by Windows XP's application level gateway which is part of the Windows internet firewall. Sorry for accusing non-culprits for this mess... :-/ Just in case anybody cares, I'll give a quick roundup of what I found: I started by generating traces of calls and data flow both on the client and the server side by adding appropriate debugging code to MINA's SocketIoProcessor and SUN's LDAP Connection object (the latter by downloading and modifying the sources). I generated separate traces per connection, i.e. text files named after the local port number of the client. Early on I noticed that the port numbers on the client and the server didn't match, because of the fact that the Windows internet firewall proxies those calls through the application level gateway (i.e. there are in fact two connections, one from the client to the gateway and one from the gateway to the server - all of which can be seen using netstat or Sysinternal's TCPView). I wasn't terribly worried about this, because things should work even with the gateway in place. One interesting thing I noticed is that under high networking loads, i.e. about 20 active and open connections, the application level gateway seems to "lose it", which is indicated by new connections being made directly, bypassing the application level gateway. In other words: for some new connections the port numbers did suddenly match up. Note to the guys with the black hats: you' may want to try to by-pass the application level gateway by inundating it with connections for a brief period. Anyway, back to the problem: once those "direct" connections start to occur, some other, previously existing connections seem to go dead: the client sends something, but the server never receives anything causing the client to time out. The weird thing about the application level gateway is that it is not only used for connections crossing a protected gateway, but for all connections, even local loopbacks. In other words: if you have even one interface with an active firewall in your system (which I do, for the wireless interface), even if this interface is down, all TCP connections go through the application level gateway. Well, an of course the punchline of all that is: once you completely turn off the Windows internet firewall by shutting down the respective service, everything works fine and rock-solid again. *sigh* > Reliable hang of DS during query > -------------------------------- > > Key: DIRMINA-235 > URL: http://issues.apache.org/jira/browse/DIRMINA-235 > Project: Directory MINA > Issue Type: Bug > Affects Versions: 1.0, 0.9.4, 0.9.5 > Reporter: Jörg Henne > Assigned To: Trustin Lee > Fix For: 1.0.1 > > > In DIRSERVER-586 I describe a weird behaviour where channels vanish from the > SocketIoProcessor's selector. I strongly suspect there's a problem wit MINA > here. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
