Bug 257806

Summary:	sys-apps/xinetd services reject connections from localhost when "only_from = localhost"
Product:	Gentoo Linux	Reporter:	Noah Sheppard <nlshep>
Component:	[OLD] Server	Assignee:	Gentoo's Team for Core System packages <base-system>
Status:	RESOLVED WORKSFORME
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Noah Sheppard 2009-02-05 19:01:13 UTC

I am attempting to activate the echo-stream service via xinetd on a gentoo server at work.  When I reload xinetd and attempt to connect on port 7, the connection is immediately closed.  Running 'xinetd -d' shows that the child process spawned to handle the connection is exiting immediately.

Reproducibility: 100% of the time, on both a server here at work and my own system at home.

Steps to reproduce:
1-Enable the echo-stream service by setting 'disable = no' in /etc/xinetd.d/echo-stream.  All other settings in that file, and all settings in /etc/xinetd.conf, are unchanged from the default.
2-Attempt to run 'telnet localhost 7' on the same server.

What happens: The connection is immediately closed, and debugging reports that the child process exited with signal 17.  Results of running telnet:

matthew ~ # telnet localhost 7
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
Connection closed by foreign host.

Results of running 'xinetd -d':
09/2/5@13:58:15: DEBUG: 12443 {main_loop} select returned 1
09/2/5@13:58:15: DEBUG: 12443 {server_start} Starting service echo
09/2/5@13:58:15: DEBUG: 12443 {main_loop} active_services = 2
09/2/5@13:58:15: DEBUG: 12443 {main_loop} select returned 1
09/2/5@13:58:15: DEBUG: 12443 {check_pipe} Got signal 17 (Child exited)
09/2/5@13:58:15: DEBUG: 12443 {child_exit} waitpid returned = 12831
09/2/5@13:58:15: DEBUG: 12443 {server_end} echo-stream server 12831 exited
09/2/5@13:58:15: INFO: 12443 {conn_free} freeing connection
09/2/5@13:58:15: DEBUG: 12443 {child_exit} waitpid returned = -1
09/2/5@13:58:15: DEBUG: 12443 {main_loop} active_services = 2

What should happen: The connection should be accepted and begin echoing back to me whatever I type.

emerge --info:
Portage 2.1.6.4 (default/linux/x86/2008.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.26-gentoo-r4 i686)
=================================================================
System uname: Linux-2.6.26-gentoo-r4-i686-Intel-R-_Core-TM-2_Quad_CPU_@_2.40GHz-with-glibc2.0
Timestamp of tree: Thu, 29 Jan 2009 18:45:02 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7-r1, 2.1.6-r1
dev-lang/python:     2.4.4-r13, 2.5.2-r7
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
dev-util/cmake:      2.4.6-r1
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer"
DISTDIR="/exclude/distfiles"
FEATURES="ccache distlocks fixpackages parallel-fetch prelink protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://ftp.ussg.iu.edu/pub/linux/gentoo"
LANG="en_US"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j3"
PKGDIR="/exclude/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/exclude/port-tmp"
PORTDIR="/exclude/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="X acl acpi alsa arts audiofile bash-completion berkdb bzip2 cdparanoia cdr cli cracklib crypt cups curl dbus dri dvd dvdr dvdread emacs esd exif ffmpeg flac fortran ftp gcj gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv ieee1394 isdnlog java javascript jpeg kde lame latex ldap mad midi mp3 mpeg mplayer mudflap mysql ncurses nls nptl nptlonly nsplugin ogg opengl openmp pam pcre pdf perl png pppd python qt3 qt4 readline reflection ruby samba scanner sdl session slang sndfile spell spl sqlite ssl svg symlink sysfs tcpd tk truetype unicode usb vim-syntax vorbis win32codecs wxwindows x86 xine xinerama xml xorg xscreensaver xulrunner zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nvidia nv vesa fbdev"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Thanks,
Noah

Comment 1 Noah Sheppard 2009-02-06 18:12:26 UTC

I've been doing some more investigating today and discovered that neither gentoo's nor arch linux's xinetd versions' echo-stream services work properly.  However, RHEL5's version does.  After more testing, I've determined that the vanilla xinetd sources do not work, but one of the patches that redhat applies makes it work.  I will determine which patch makes it work and what the fix is and then comment again.

Comment 2 Noah Sheppard 2009-02-06 18:45:07 UTC

Please ignore my previous comment that vanilla xinetd sources' echo-stream does not work. This is not the case; they do work.  I am not sure what was happening, but will investigate more.

Comment 3 Noah Sheppard 2009-02-06 20:22:26 UTC

It appears that the setting "only_from = localhost" in /etc/xinetd.conf (this is the default as installed by portage) is preventing me from connecting.  However, I am attempting to connect from the same server on which xinetd is running.

Any ideas why connections on localhost would be getting rejected?

Comment 4 SpanKY gentoo-dev

2009-02-08 19:14:01 UTC

works fine for me

# emerge xinetd -qpv
[ebuild   R   ] sys-apps/xinetd-2.3.14  USE="perl tcpd" 295 kB

# grep -v -e '^#' -e '^$' /etc/xinetd.d/echo-stream
service echo
{
        disable         = no
        id              = echo-stream
        type            = INTERNAL
        wait            = no
        socket_type     = stream
        only_from       = localhost
}

# /etc/init.d/xinetd -q start
# netstat -napt | grep xinetd
tcp   0   0 0.0.0.0:7      0.0.0.0:*      LISTEN   19447/xinetd

# nc -q 5 localhost 7 <<< "moo"
moo
#