Nmap Development mailing list archives
Re: [NSE] Socket dead-lock
From: nnposter () users sourceforge net
Date: Thu, 11 Jul 2013 17:37:30 +0000
While working on a new script I am experiencing what appears to be a reproducible dead-lock in a socket operation. By reproducible I mean about 80% while targeting a specific system. My vague suspicion is that a socket object is getting automatically destroyed when a thread that originally created it finishes. Is it perhaps that passing a socket object from thread to thread is prohibited? Even if so, should it result in a dead-lock, as opposed to an error? The script performs password guessing, leveraging brute.lua. It is not doing any unusual socket work; all it does is connect, read, write, and close. It maintains a connection pool so that a new connection is not required for every guess attempt. In the course of the run a connection may be passed from from one worker to another. Running the script with -d -d -d shows this particular sequence when it fails to return from socket:connect(): -- close() invoked on a connected socket object in thread: 0x8c0bd90 NSE: TCP P.Q.R.S:49514 > A.B.C.D:XY | CLOSE NSOCK (0.5580s) nsi_delete (IOD #4) -- returns with true,nil ... -- one of other brute.lua worker threads finishes NSE: Finished 'xyz' worker (thread: 0x8c56a28) against A.B.C.D:XY. ... -- worker thread that originally created and used the socket object finishes NSE: Finished 'xyz' worker (thread: 0x8c0bd90) against A.B.C.D:XY. ... -- connect() on the same socket object in thread: 0x8c07030 NSOCK (0.5580s) nsi_new (IOD #6) NSOCK (0.5600s) TCP connection requested to A.B.C.D:XY (IOD #6) EID 968 -- this closing of the socket is not explicitly called from my script NSE: TCP P.Q.R.S:49516 > A.B.C.D:XY | CLOSE NSOCK (0.5600s) nsi_delete (IOD #6) NSOCK (0.5600s) msevent_cancel on event #968 (type CONNECT) NSOCK (0.5600s) Callback: CONNECT CANCELLED for EID 968 [A.B.C.D:XY] -- connect() never returns In the minority of cases when the dead-lock does not occur the log does not show this intersection of nsi_new and nsi_delete on the same IOD. Event nsi_delete comes only after connect() completes: -- close() invoked on a connected socket object in thread: 0xa2fcaf8 NSE: TCP P.Q.R.S:49531 > A.B.C.D:XY | CLOSE NSOCK (0.6020s) nsi_delete (IOD #3) -- returns with true,nil ... -- connect() on the same socket object in thread: 0xa2fcaf8 NSOCK (0.6020s) nsi_new (IOD #6) NSOCK (0.6040s) TCP connection requested to A.B.C.D:XY (IOD #6) EID 976 .. -- one of other brute.lua worker threads finishes NSE: Finished 'xyz' worker (thread: 0xa2afd90) against A.B.C.D:XY. ... -- one of other brute.lua worker threads finishes NSE: Finished 'xyz' worker (thread: 0xa2ab030) against A.B.C.D:XY. ... NSOCK (0.6060s) Callback: CONNECT SUCCESS for EID 976 [A.B.C.D:XY] NSE: TCP P.Q.R.S:49534 > A.B.C.D:XY | CONNECT -- returns with true,nil ... -- the thread that originally created and now still/again holds the socket NSE: Finished 'xyz' worker (thread: 0xa2fcaf8) against A.B.C.D:XY. NSE: TCP P.Q.R.S:49534 > A.B.C.D:XY | CLOSE NSOCK (0.6070s) nsi_delete (IOD #6) The dead-lock is observed in release 6.25 on both Ubuntu 12.04 LTS and Windows XP (compiled from source). I would be grateful if anybody could shed some light onto this peculiar problem. Cheers, nnposter _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Socket dead-lock nnposter (Jul 11)
- Re: [NSE] Socket dead-lock Patrick Donnelly (Jul 11)