I have processes that after started, bind to an address and port. These processes are run in screen using exec so that the screen closes when the child process closes.
When killing the process, I use kill -9 PID, but sometimes the screen ends, yet when I restart the process, the old process is still using the port, and I have to terminate the process again.
I've also read that SIGKILL leaves sockets open, stale memory, random resources in use, so I turned to just plain kill PID, which is a SIGTERM.
Is a SIGTERM guaranteed to allow the process to unbind from the address and port, or is there a better alternative?
If you SIGKILL all the processes that keep a listening port open, it is guaranteed to close.
However, it might not close for a few minutes, while it's in the TIME_WAIT state, as required by the TCP specification (to let listening clients know the port is closed in case they miss the original closing packet).
Well behaved servers will open the socket with the option SO_REUSEADDR, allowing it to reclaim the same port on restart immediately, but this is application specific. Without it, the port will appear to be in use for a few minutes.
Related
What is the correct behavior on close of a systemd AF_UNIX socket activated daemon.
daemon.socket service file creates the socket, passes it to my daemon, which accept()s new connections. What is supposed to happen when my daemon ends?
The usual is to close() and unlink() the socket. However, that does what it says, and the UNIX socket is no longer available in the FS, even though daemon.socket is still reporting as activated, basically disabling socket re-activation.
How to create a systemd socket restart-able daemon that listen()s on its socket? Is the correct approach to leave the socket open?
After experimentation and reading of relevant manpages and cups code, here is what I know:
There are two modes of functioning :
inetd mode, where systemd accept()s the connection and passes the accepted FD to a newly spawned subprocess. This method is used by default by ssh.socket, whereby every connection spawns a new ssh process.
Non-accepting mode, where the bound socket itself is forwarded to the daemon, which then handles all accept() calls.
per man systemd.socket
A daemon listening on an AF_UNIX socket may,
but does not need to, call close(2) on the received socket before exiting. However, it must not unlink the socket from a file system.
So a received bound socket must not be unlink()ed. On the other hand, even stopping the .socket service doesn't remove the inode. To that effect, the RemoveOnStop= directive exists.
It would appear the "recommended" way is to let systemd create the socket, pass it to the daemon, and in the daemon at most close() it. Once closed, it is of course only closed in the daemon, so the socket is still available in the system. Meaning after a close() the service will be again activated.
Presumably a call to sd_listen_fds() in a still running service would pass the FD anew. I have not tested this.
TLDR: In a systemd socket activated service, don't unlink(), you may close(), RemoveOnStop= also deletes the socket file on stop of the .socket service.
I need to kill process ID from an established nginx connection to worker process.
Is there a way to get PID from all nginx established connections?
If i do netstat on nginx worker processes, i am getting pids from worker processes which need to stay alive after I kill process that is connected to it.
I've tried with netstat -anp | grep "client_ip_address" | grep ESTABLISHED
and i am getting this:
tcp 0 0 client_ip:dest_port client_ip:source_port ESTABLISHED 15925/nginx: worker
so 15925 would be the process ID that needs to stay alive when i kill the connection to it.
Is there a way to do it?
I think maybe you're confusing Process IDs and Connections. Nginx starts a master process which then spawn off a handful of worker processes. You might only have (say) 5 workers on a fairly busy system.
As connections come in, nginx wakes up and one of the workers is assigned to that connection. From then on, any TCP traffic that flows goes from the remote client to that worker process. Workers can each handle a large number of connections. Most HTTP connections only last for a few seconds, so as they close, they make space for the worker to take on more new connections.
So... if you're trying to use the shell command 'kill', the best you could ever do would be to terminate one of the worker processes, which would close (potentially) a large number of connections.
If your aim is to disconnect one client, whilst leaving all the others connected you're out of luck. There isn't a way to do this with shell commands. If your HTTP connections are hanging around for a long time (like Websockets do, for example), then its possible you could write something on the application side which allows you to close connections that you don't like.
One more thing you may be thinking of is to close connections from places you don't like (a sort of 'spam' blocker). The more usual way to do this is just to reject the connection out-right so it uses as few of your resources as possible. Again, this is something you can do dynamically on the application side, or else you could put something like Naxsi (https://github.com/nbs-system/naxsi/wiki) and fail2ban together (https://github.com/nbs-system/naxsi/wiki/A-fail2ban-profile-for-Naxsi).
I use grep's PERL regex to achieve things like this.
$ PID_TO_KILL=`netstat -anp | grep "client_ip_address" | grep ESTABLISHED | grep -Po "(?<=ESTABLISHED).*(?=\/nginx)"`
$ kill -9 $PID_TO_KILL
I made a UDP server class and my program creates a process (running in the background). It is a command line utility, and so running 'udpserver.exe start' would bind the socket and begin a blocking recvfrom() call inside a for(;;) loop.
What is the best way to safely and 'gracefully' stop the server?
I was thinking about 'udpserver.exe stop' would send a udp msg such as 'stop' and the ongoing process from 'udpserver.exe start' would recognize this msg, break from the loop, and clean up (closesocket/wsacleanup).
Also, is just killing the process not a good idea?
Why are you running the UDP server as an external process instead of as a worker thread inside of your main program? That would make it a lot easier to manage the server. Simple close the socket, which will abort a blocked recvfrom(), thus allowing the thread to terminate itself.
But if you must run the UDP server in an external process, personally I would just kill that process, quick and simple. But if you really want to be graceful about it, you could make the server program handle CTRL-BREAK via SetConsoleCtrlHandler() so it knows when it needs to close its socket, stopping recvfrom(). Then you can have the main program spawn the server program via CreateProcess() with the CREATE_NEW_PROCESS_GROUP flag to get a group ID that can then be used to send CTRL-BREAK to the server process via GenerateConsoleCtrlEvent() when needed.
I am facing issue with c++ service which uses port 30015.It runs fine,but sometime it fails to start as the port 30015 is occupied and bind fails with error WSAEADDRINUSE.
I ran netstat command to know the port status
netstat -aon | findstr 30015
Output:
TCP 0.0.0.0:30015 0.0.0.0 LISTENING 6740
I checked the PID 6740 in task manager,this PID is not be taken by an process.
After searching in the net, I used TCPVIEW to see the status of the port. TCPView is showing port in listening mode and process name is "non-existance".
Application basically compress,decompress the file using 7za. Application listen on 30015 port for request and than create a child process and pass the commandline to run 7za command to compress and decompress file.
Here child process doesn't uses socket. Server runs on the main thread and listen on port 30015. This problem comes after restart of the server.
Here child process does not use socket as such. Do I need to make bInheritHandle = FALSE ?
Are you sure? This all sounds very confused. It's not possible for netstat to show a socket in the LISTEN state but for there to be no process -- especially if it shows the pid! You're confused because the process simply exited by the time you looked in Task Manager. All TCP connections in netstat are associated with a running process (except for unusual cases like TIME-WAIT sockets). So, find out which process has the socket open.
Secondly, I think you're trying to say that using bInheritHandles=TRUE as an argument to CreateProcess can lead to handle leaks. Only you have your code -- why not just look at the handles in your child and see if you do have a leak? It is only possible to use bInheritHandles=TRUE with great discipline, in the hands of novice programmers it will only lead to bugs. Create a named pipe with a suitable security descriptor, pass the name on the commandline to the child, and connect back, rather than using handle inheritance which is much too coarse-grained.
Finally, just to make sure, you do know to bind listening sockets with SO_REUSEADDR to prevent conflicting with active sockets using the same port? (SO_REUSEADDR still won't let two passive sockets be created on the same address/port combination, although it is a bit broken on Windows.)
Yes this can happen on Windows. If you've created a child process that inherits handles from the parent process then that includes TCP server sockets in the LISTEN state that will always be listed as owned by the parent PID even after that PID has died.
These sockets will disappear when all child processes that you spawned have exited, causing the reference count on their handles to reach zero.
From a security standpoint you should not use inter-process handle-inheritance, particularly when launching a 3rd part application, unless you have a good reason to need the feature.
I can't find much documentation to say whether this is supposed to happen or not:
Some thread opens a TCP (or other stream) socket
Thread 1 starts a blocking recv()
Thread 2 calls shutdown() on the socket with SHUT_RDWR (or SHUT_RD I think)
Thread 1 is now "woken up" from its blocking call, and returns zero, as it would if the other party closed its socket.
This behaviour appears on modern Linux and FreeBSD systems. I haven't tested it with any others.
A comment on a Microsoft MSDN help page here: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740481%28v=vs.85%29.aspx suggests that this behaviour is "responsible" in Windows; it also states that this is "not currently the case" but this may be out of date.
Is this behaviour specified anywhere? Can I rely on it?
I don't think you can rely on it. shutdown() initiales socket shutdown, but the details depend on particular circumstances. Some protocols may indeed close connection and socket immediately which would wake up processes sleeping on that socket. In other cases, shutdown just kicks protocol state machine into action, but it would take some time until it would get to the point where it would make sense to wake up anyone. For instance, established TCP connection would have to transition through few states until it reaches CLOSED state. You will eventually wake up, but you can't rely on it happening right away.