Re: [naviserver-devel] "ns_server active" request IP - proxy aware?

David Osborne Fri, 06 Oct 2017 05:11:04 -0700

That doesn't seem to quite do it... still getting a segfault in the same
place using naviserver built from tip.


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffed783700 (LWP 25127)]
Ns_SetFindCmp (set=0x0, key=0x7ffff7bae306 "X-Forwarded-For",
cmp=0x7ffff63945a0 <__strcasecmp_avx>) at set.c:281
281 for (i = 0u; i < set->size; i++) {
(gdb) bt
#0  Ns_SetFindCmp (set=0x0, key=0x7ffff7bae306 "X-Forwarded-For",
cmp=0x7ffff63945a0 <__strcasecmp_avx>) at set.c:281
#1  0x00007ffff7b77009 in Ns_SetGetCmp (set=0x0, key=key@entry=0x7ffff7bae306
"X-Forwarded-For", cmp=<optimized out>) at set.c:330
#2  0x00007ffff7b7708c in Ns_SetIGet (set=<optimized out>,
key=key@entry=0x7ffff7bae306
"X-Forwarded-For") at set.c:497
#3  0x00007ffff7b716c0 in AppendConn (dsPtr=dsPtr@entry=0x7fffed782590,
connPtr=connPtr@entry=0x6a4ca8, state=state@entry=0x7ffff7bb1b99 "running",
checkforproxy=checkforproxy@entry=1)
    at queue.c:2416
#4  0x00007ffff7b6f114 in AppendConnList (checkforproxy=<optimized out>,
state=<optimized out>, firstPtr=0x6a4ca8, dsPtr=<optimized out>) at
queue.c:2490
#5  ServerListActive (dsPtr=0x7fffed782590, interp=<optimized out>,
objc=<optimized out>, objv=<optimized out>, poolPtr=0x6910b0,
nargs=<optimized out>) at queue.c:1041
#6  0x00007ffff7b6fc5f in NsTclServerObjCmd (clientData=0x0,
interp=0x7fffcc004f60, objc=7, objv=0x7ffff7ff914b <gettimeofday+635>) at
queue.c:1343
#7  0x00007ffff71c2dfd in TclEvalObjvInternal () from
/usr/lib/x86_64-linux-gnu/libtcl8.5.so
#8  0x00007ffff72095ce in TclExecuteByteCode () from
/usr/lib/x86_64-linux-gnu/libtcl8.5.so
#9  0x00007ffff724c6d0 in TclObjInterpProcCore () from
/usr/lib/x86_64-linux-gnu/libtcl8.5.so
#10 0x00007ffff71c2dfd in TclEvalObjvInternal () from
/usr/lib/x86_64-linux-gnu/libtcl8.5.so
#11 0x00007ffff71c3b4a in TclEvalEx () from /usr/lib/x86_64-linux-gnu/libt
cl8.5.so
#12 0x00007ffff71c3373 in Tcl_EvalEx () from /usr/lib/x86_64-linux-gnu/libt
cl8.5.so
#13 0x00007ffff7b8de10 in NsTclFilterProc (arg=0x709e70, conn=0x6a44f8,
why=NS_FILTER_PRE_AUTH) at tclrequest.c:537
#14 0x00007ffff7b63ddf in NsRunFilters (conn=conn@entry=0x6a44f8,
why=why@entry=NS_FILTER_PRE_AUTH) at filter.c:160
#15 0x00007ffff7b7131d in ConnRun (connPtr=0x6a44f8) at queue.c:2157
#16 NsConnThread (arg=0x6bbab0) at queue.c:1867
#17 0x00007ffff74bf76d in NsThreadMain (arg=<optimized out>) at thread.c:232
#18 0x00007ffff74c0799 in ThreadMain (arg=<optimized out>) at pthread.c:829
#19 0x00007ffff5e57064 in start_thread (arg=0x7fffed783700) at
pthread_create.c:309
#20 0x00007ffff635862d in clone () at ../sysdeps/unix/sysv/linux/
x86_64/clone.S:111
(gdb) f 3
#3  0x00007ffff7b716c0 in AppendConn (dsPtr=dsPtr@entry=0x7fffed782590,
connPtr=connPtr@entry=0x6a4ca8, state=state@entry=0x7ffff7bb1b99 "running",
checkforproxy=checkforproxy@entry=1)
    at queue.c:2416
2416                         p = Ns_SetIGet(connPtr->headers,
"X-Forwarded-For");
(gdb) list
2411             if ((connPtr->flags & NS_CONN_CONFIGURED) != 0u) {
2412                 const char *p;
2413
2414                 if ( checkforproxy ) {
2415                     if ((connPtr->flags & NS_CONN_CONFIGURED) != 0u) {
2416                         p = Ns_SetIGet(connPtr->headers,
"X-Forwarded-For");
2417                     } else {
2418                         Ns_Log(Notice, "AppendConn falls back to
physical peer address, since connection has no header fields");
2419                         p = NULL;
2420                     }

On 6 October 2017 at 12:18, Gustaf Neumann <neum...@wu.ac.at> wrote:

> Hi David,
>
> This was a classical race condition, where one thread was accessing the
> connPtr of another thread while it
> was de-allocating. The committed version should not lead to this situation
> anymore.
>
> In general, it is not the best approach to check in every connection the
> state of all connections, which
> is a quadratic operation on the number of running connections. I would
> rather recommend to use
> either nsvs to track connections/peers, or to use a separate monitoring
> thread keeping this information
> up to date, receiving information about starting and ending threads.
>
> please check, if the changes work as well with your setup and tests.
> -g
>
> Am 06.10.17 um 11:46 AM schrieb David Osborne:
>
> However, the ns_server call is the first thing it does. In fact I can
> strip the filter down to only do the following and still get the same
> signal 11 (it also segfaults if returning  filter_ok but takes longer)
>
> proc filter_dos_check { event args } {
>     set requests_active [ns_server -server [ns_info server] -pool {}
> active -checkforproxy]
>     return filter_return
> }
>
> Thanks for the patch.
>
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel

Re: [naviserver-devel] "ns_server active" request IP - proxy aware?

Reply via email to