Re: [Dnsmasq-discuss] excessive file descriptor usage after upgrading to 2.81
Hello. I have another update with more information. It turns out this statement I made isn't entirely accurate: "Since I knew this did not happen with 2.78 I also tried Dnsmasq versions 2.79 and 2.80 and this does not happen." This is true when IPv6 is disabled but if I remove the -DNO_IPV6 flag in the CFLAGS I can get it to happen. Without the -DNO_IPV6 version 2.80 uses ~195 file descriptors and version 2.78 uses ~45 file descriptors. To get around this we're going to roll back to version 2.80 from 2.81, use the -DNO_IPV6 flag, and apply the patch for CVE-2019-14834. From: WU, CHRIS Sent: Wednesday, October 21, 2020 8:02 PM To: 'dnsmasq-discuss@lists.thekelleys.org.uk' Subject: RE: excessive file descriptor usage after upgrading to 2.81 I have more information about what's happening. It seems that the large number of file descriptors doesn't change when you leave dnsmasq running. However, I realized that if I restarted dnsmasq that the number of file descriptors in use went back to normal (less than twenty). I looked in /var/log/messages and I saw that there were an excessive number of these failures when dnsmasq initially started after boot. The date is Jan 1 because the clock hadn't been set yet at this point. Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use The message is printed by the "make_sock" function. I don't see where it changed significantly between 2.80 and 2.81. When I looked up how many times this error appears I found that it is almost equal to the number of file descriptors dnsmasq has open. # grep -i failed.to.create /var/log/messages* | wc -l 140 # lsof -P -n | grep dnsmasq | grep -i udp | wc -l 144 The "can't identify protocol" in my earlier message was because I was using a version of lsof that didn't support v6 sockets. After uprading to a newer version of lsof those messages went away. From: WU, CHRIS Sent: Thursday, October 15, 2020 7:48 PM To: 'dnsmasq-discuss@lists.thekelleys.org.uk' mailto:dnsmasq-discuss@lists.thekelleys.org.uk>> Subject: excessive file descriptor usage after upgrading to 2.81 Hello. We've been using Dnsmasq version 2.78 for quite a while but upgraded to 2.81 because of CVE-2019-14834. Upon inspecting the output of lsof we realized that Dnsmasq is using almost 200 file descriptors upon boot and after an hour later the number remains unchanged. Since I knew this did not happen with 2.78 I also tried Dnsmasq versions 2.79 and 2.80 and this does not happen. It looks like it started with 2.81 and also happens with 2.82. My operating environment is armv7l GNU/Linux. Here's an example of (clipped) output of lsof: version 2.81 (195 file descriptors open) dnsmasq1222 nobody 187u inet 2847UDP 10.10.12.1:53 dnsmasq1222 nobody 188u sock0,7 2849 can't identify protocol dnsmasq1222 nobody 189u inet 2853UDP 10.10.15.1:53 dnsmasq1222 nobody 190u inet 2855UDP 10.10.12.1:53 dnsmasq1222 nobody 191u sock0,7 2857 can't identify protocol dnsmasq1222 nobody 192u inet 2886UDP 10.10.15.1:53 dnsmasq1222 nobody 193u inet 2888UDP 10.10.12.1:53 dnsmasq1222 nobody 194u sock0,7 2890 can't identify protocol dnsmasq1222 nobody 195u sock0,7 2893 can't identify protocol [root@U115 ~]# dnsmasq -v Dnsmasq version 2.81 Copyright (c) 2000-2020 Simon Kelley version 2.80 dnsmasq 4893 nobody 10r 0,9 0 6 anon_inode dnsmasq 4893 nobody 11r FIFO0,8 6848 pipe dnsmasq 4893 nobody 12w FIFO0,8 6848 pipe dnsmasq 4893 nobody 13u unix 0xf7791905 6850 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley version 2.79 dnsmasq466 nobody7u inet 1760TCP 127.0.0.1:53 (LISTEN) dnsmasq466 nobody8u inet 1761UDP 127.0.0.1:53 dnsmasq466 nobody9u inet 1762TCP 127.0.0.1:53 (LISTEN) dnsmasq466 nobody 10r 0,9 0 6 anon_inode dnsmasq466 nobody 11r FIFO0,8 1763 pipe dnsmasq466 nobody 12w FIFO0,8 1763 pipe dnsmasq466 nobody 13u unix 0xea856025 1765 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.79 Copyright (c) 2000-2018 Simon Kelley version 2.78 dnsmasq4
Re: [Dnsmasq-discuss] excessive file descriptor usage after upgrading to 2.81
I have more information about what's happening. It seems that the large number of file descriptors doesn't change when you leave dnsmasq running. However, I realized that if I restarted dnsmasq that the number of file descriptors in use went back to normal (less than twenty). I looked in /var/log/messages and I saw that there were an excessive number of these failures when dnsmasq initially started after boot. The date is Jan 1 because the clock hadn't been set yet at this point. Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use Jan 1 01:00:00 dnsmasq[1149]: failed to create listening socket for 127.0.0.1: Address already in use The message is printed by the "make_sock" function. I don't see where it changed significantly between 2.80 and 2.81. When I looked up how many times this error appears I found that it is almost equal to the number of file descriptors dnsmasq has open. # grep -i failed.to.create /var/log/messages* | wc -l 140 # lsof -P -n | grep dnsmasq | grep -i udp | wc -l 144 The "can't identify protocol" in my earlier message was because I was using a version of lsof that didn't support v6 sockets. After uprading to a newer version of lsof those messages went away. From: WU, CHRIS Sent: Thursday, October 15, 2020 7:48 PM To: 'dnsmasq-discuss@lists.thekelleys.org.uk' Subject: excessive file descriptor usage after upgrading to 2.81 Hello. We've been using Dnsmasq version 2.78 for quite a while but upgraded to 2.81 because of CVE-2019-14834. Upon inspecting the output of lsof we realized that Dnsmasq is using almost 200 file descriptors upon boot and after an hour later the number remains unchanged. Since I knew this did not happen with 2.78 I also tried Dnsmasq versions 2.79 and 2.80 and this does not happen. It looks like it started with 2.81 and also happens with 2.82. My operating environment is armv7l GNU/Linux. Here's an example of (clipped) output of lsof: version 2.81 (195 file descriptors open) dnsmasq1222 nobody 187u inet 2847UDP 10.10.12.1:53 dnsmasq1222 nobody 188u sock0,7 2849 can't identify protocol dnsmasq1222 nobody 189u inet 2853UDP 10.10.15.1:53 dnsmasq1222 nobody 190u inet 2855UDP 10.10.12.1:53 dnsmasq1222 nobody 191u sock0,7 2857 can't identify protocol dnsmasq1222 nobody 192u inet 2886UDP 10.10.15.1:53 dnsmasq1222 nobody 193u inet 2888UDP 10.10.12.1:53 dnsmasq1222 nobody 194u sock0,7 2890 can't identify protocol dnsmasq1222 nobody 195u sock0,7 2893 can't identify protocol [root@U115 ~]# dnsmasq -v Dnsmasq version 2.81 Copyright (c) 2000-2020 Simon Kelley version 2.80 dnsmasq 4893 nobody 10r 0,9 0 6 anon_inode dnsmasq 4893 nobody 11r FIFO0,8 6848 pipe dnsmasq 4893 nobody 12w FIFO0,8 6848 pipe dnsmasq 4893 nobody 13u unix 0xf7791905 6850 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley version 2.79 dnsmasq466 nobody7u inet 1760TCP 127.0.0.1:53 (LISTEN) dnsmasq466 nobody8u inet 1761UDP 127.0.0.1:53 dnsmasq466 nobody9u inet 1762TCP 127.0.0.1:53 (LISTEN) dnsmasq466 nobody 10r 0,9 0 6 anon_inode dnsmasq466 nobody 11r FIFO0,8 1763 pipe dnsmasq466 nobody 12w FIFO0,8 1763 pipe dnsmasq466 nobody 13u unix 0xea856025 1765 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.79 Copyright (c) 2000-2018 Simon Kelley version 2.78 dnsmasq430 nobody 10r 0,9 0 6 anon_inode dnsmasq430 nobody 11r FIFO0,8460 pipe dnsmasq430 nobody 12w FIFO0,8460 pipe dnsmasq430 nobody 13u unix 0xcc699e5c462 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.78 Copyright (c) 2000-2017 Simon Kelley . ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] excessive file descriptor usage after upgrading to 2.81
If any other output would be useful I'd be happy to provide it! -Original Message- From: Dnsmasq-discuss On Behalf Of Geert Stappers Sent: Friday, October 16, 2020 1:37 AM To: dnsmasq-disc...@thekelleys.org.uk Subject: Re: [Dnsmasq-discuss] excessive file descriptor usage after upgrading to 2.81 On Thu, Oct 15, 2020 at 11:47:44PM +, WU, CHRIS wrote: > Hello. We've been using Dnsmasq version 2.78 for quite a while but > upgraded to 2.81 because of CVE-2019-14834. Upon inspecting the output > of lsof we realized that Dnsmasq is using almost 200 file descriptors > upon boot and after an hour later the number remains unchanged. Since > I knew this did not happen with 2.78 I also tried Dnsmasq versions > 2.79 and 2.80 and this does not happen. It looks like it started with > 2.81 and also happens with 2.82. > My operating environment is armv7l GNU/Linux. > Looking forward to what `git bisect` says. Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://urldefense.com/v3/__http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss__;!!BhdT!w73f5y3PfUpo3tfm5iA6GH8IveO_iC_S3-AQscg3-U_FIrSGPe0Ll2JISx1dRA$ ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] excessive file descriptor usage after upgrading to 2.81
On Thu, Oct 15, 2020 at 11:47:44PM +, WU, CHRIS wrote: > Hello. We've been using Dnsmasq version 2.78 for quite a while but > upgraded to 2.81 because of CVE-2019-14834. Upon inspecting the output > of lsof we realized that Dnsmasq is using almost 200 file descriptors > upon boot and after an hour later the number remains unchanged. Since > I knew this did not happen with 2.78 I also tried Dnsmasq versions > 2.79 and 2.80 and this does not happen. It looks like it started with > 2.81 and also happens with 2.82. > My operating environment is armv7l GNU/Linux. > Looking forward to what `git bisect` says. Regards Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] excessive file descriptor usage after upgrading to 2.81
Hello. We've been using Dnsmasq version 2.78 for quite a while but upgraded to 2.81 because of CVE-2019-14834. Upon inspecting the output of lsof we realized that Dnsmasq is using almost 200 file descriptors upon boot and after an hour later the number remains unchanged. Since I knew this did not happen with 2.78 I also tried Dnsmasq versions 2.79 and 2.80 and this does not happen. It looks like it started with 2.81 and also happens with 2.82. My operating environment is armv7l GNU/Linux. Here's an example of (clipped) output of lsof: version 2.81 (195 file descriptors open) dnsmasq1222 nobody 187u inet 2847UDP 10.10.12.1:53 dnsmasq1222 nobody 188u sock0,7 2849 can't identify protocol dnsmasq1222 nobody 189u inet 2853UDP 10.10.15.1:53 dnsmasq1222 nobody 190u inet 2855UDP 10.10.12.1:53 dnsmasq1222 nobody 191u sock0,7 2857 can't identify protocol dnsmasq1222 nobody 192u inet 2886UDP 10.10.15.1:53 dnsmasq1222 nobody 193u inet 2888UDP 10.10.12.1:53 dnsmasq1222 nobody 194u sock0,7 2890 can't identify protocol dnsmasq1222 nobody 195u sock0,7 2893 can't identify protocol [root@U115 ~]# dnsmasq -v Dnsmasq version 2.81 Copyright (c) 2000-2020 Simon Kelley version 2.80 dnsmasq 4893 nobody 10r 0,9 0 6 anon_inode dnsmasq 4893 nobody 11r FIFO0,8 6848 pipe dnsmasq 4893 nobody 12w FIFO0,8 6848 pipe dnsmasq 4893 nobody 13u unix 0xf7791905 6850 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley version 2.79 dnsmasq466 nobody7u inet 1760TCP 127.0.0.1:53 (LISTEN) dnsmasq466 nobody8u inet 1761UDP 127.0.0.1:53 dnsmasq466 nobody9u inet 1762TCP 127.0.0.1:53 (LISTEN) dnsmasq466 nobody 10r 0,9 0 6 anon_inode dnsmasq466 nobody 11r FIFO0,8 1763 pipe dnsmasq466 nobody 12w FIFO0,8 1763 pipe dnsmasq466 nobody 13u unix 0xea856025 1765 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.79 Copyright (c) 2000-2018 Simon Kelley version 2.78 dnsmasq430 nobody 10r 0,9 0 6 anon_inode dnsmasq430 nobody 11r FIFO0,8460 pipe dnsmasq430 nobody 12w FIFO0,8460 pipe dnsmasq430 nobody 13u unix 0xcc699e5c462 socket [root@U115 ~]# dnsmasq -v Dnsmasq version 2.78 Copyright (c) 2000-2017 Simon Kelley . ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss