Re: Revert: SUNRPC: xs_sock_mark_closed() does not need to trigger socket autoclose

From: Trond Myklebust
Date: Fri Jul 01 2016 - 19:02:39 EST



> On Jul 1, 2016, at 18:39, Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
>
> On Fri, 1 Jul 2016 22:34:02 +0000
> Trond Myklebust <trondmy@xxxxxxxxxxxxxxx> wrote:
>
>
>> NACK. This ocde was removed on purpose because it is dangerous to
>> have the TCP state change callbacks queue up a new close(). The
>> connect code sometimes has to close sockets that are misbehaving, and
>> so weâve seen races whereby the old socket closes and triggers an
>> autoclose for the new socket while it is connecting.
>
> OK fine. But can we please come up with a solution to get rid of the
> hidden port issue. It's very annoying that I get a message from
> rkhunter ever morning telling me "Please inspect this machine, because
> it may be infected.â
>

Can we look into why the socket disconnect is happening in the first place? Itâs presumably not the server, since that _would_ trigger an autoclose when the socket hits TCP_CLOSE_WAIT. That puts the two top suspects being the TCP keepalive and the TCP_USER_TIMEOUT. Are there any tracepoints we could use to look at whether or not they are triggering a close?

Thanks
Trond