Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (487)
Games in Android Showcase (112)
games submitted by our members
Games in WIP (553)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  ServerSocket.bind() hanging?  (Read 2000 times)
0 Members and 1 Guest are viewing this topic.
Offline elias

Senior Member





« Posted 2003-12-03 12:42:02 »

Hi,

Implementing loopback networking for TT I ran into the problem that the ServerSocket.bind call can hang under some circumstances:

1  
2  
3  
4  
        ServerSocketChannel server_channel = ServerSocketChannel.open();
        server_channel.configureBlocking(false);
        SocketAddress address = new InetSocketAddress(port);
        server_channel.socket().bind(address);


It turns out that the last line hangs for several minutes in SUSE 9 when the firewall is activated. After that, the socket works normally and can be connected to. It seems like some request is timing out, but which one exactly? The firewall is accepting all outgoing connections.

- elias

Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #1 - Posted 2003-12-03 13:21:20 »

Timeouts that long are usually due to DNS timeouts (or automatic authentication - e.g. "incorrect password" retries in broken Windows Networking implementations like NT4, 95 and 98 used to have timeouts measured in minutes ... I take it you aren't using any remote authentication?)

AFAIAA all the "features" in java where it uses DNS (e.g. automatic unwanted reverse lookups) have by now been classed as bugs and fixed Smiley, so I would suggest it's not a problem within java.

Are you using IPChains (EDIT: or IPtables, same difference Smiley)? If so, what is your ruleset, and have you narrowed down which rule(s) is causing the problem?

Stab in the dark: If you're using the default "security features" there are a large number of things that are being done automatically, some of which are really stupid, and often the distro won't actually tell you what it's done, let alone allow you to pick-n-mix (the linux distros often don't seem to be able to appreciate there's a middle ground between kernel-programmers and 5-year-olds in their user base!). If so, you'll need to run through the list of "helpful" things that are being done. There are all sorts of advanced options by now to do things like artificially delay the initial response to certain ports / packet sigs in order to weaken DoS attacks whilst still allowing legitimate traffic through.

malloc will be first against the wall when the revolution comes...
Offline elias

Senior Member





« Reply #2 - Posted 2003-12-04 07:26:33 »

More info: I'm using the default firewall in SUSE 9, which means iptables with god knows how many rules. I've tried to track the offending rule by making the firewall log every dropped _and_ accepted packet to syslog. However, no log entry is ever generated.

The real problem is that I can't see how the firewall should ever be involved when a port is bound to? I have no problem connecting to the port after it is bound (a few minutes later).

Note that all the normal linux services restart almost instantly, hinting that native applications can bind ports without problems. Of course, most of them probably run on priviledged ports and I'm not sure if that gives extra permissions.

- elias

Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline elias

Senior Member





« Reply #3 - Posted 2003-12-04 07:34:51 »

I did a minimal test program showing the problem:

1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
 import java.net.*;
 import java.io.*;
 public class TestServer {
         public static void main(String[] args) {
                 try {
                         new ServerSocket(21000);
                 } catch (IOException e) {
                         System.exit(10);
                 }
                 System.out.println("Er der flere chips?");
         }
}


And it hangs a few minutes as expected.

- elias

Offline blahblahblahh

JGO Coder


Medals: 1


http://t-machine.org


« Reply #4 - Posted 2003-12-04 08:30:01 »

This probably won't help much, but have you tried "stop"ping one of your native services (e.g. FTP), then (as root) running your simple java test on the port that service was on? I'm sure it won't have any positive effect, but if it did...

It's been a while since I used SuseConfig but it was pretty comprehensive - does it have options to "downgrade" the secureness of your system?

Also, how are you turning the firewall off? (I'm just suspicious that perhaps when you turn it off, more is happening than just stopping iptables).

Finally, can you dump your iptables and post, or is it REALLY huge Smiley (more than about 30 rules)? IIRC command is something like

iptables -vL

Oh, and one more thing; are there any delays when you run that last command? If so, do they vanish when you do "iptables -nvL" (or NvL? - arrgh; hate case-sensitivity!)

malloc will be first against the wall when the revolution comes...
Offline elias

Senior Member





« Reply #5 - Posted 2003-12-04 08:36:26 »

I did a corresponding test in native C with the same port:

1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  
17  
18  
19  
20  
21  
22  
23  
24  
25  
26  
27  
28  
29  
30  
31  
32  
33  
34  
35  
36  
37  
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdio.h>

int main() {
      struct sockaddr_in address;
      int desc = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
      int retval;
      if (desc == -1) {
            perror("socket() failed");
            return 10;
      }
      address.sin_family = AF_INET;
      address.sin_port = htons(21000);
      address.sin_addr.s_addr = INADDR_ANY;
      retval = bind(desc, (struct sockaddr*) &address, sizeof(address));
      if (retval != 0) {
            perror("bind() failed");
            return 20;
      }
      retval = listen(desc, 5);
      if (retval == -1) {
            perror("listen() failed");
            return 35;
      }
      printf("Socket is listening\n");
      struct sockaddr_in accept_addr;
      int size = sizeof(accept_addr);
      int accept_desc = accept(desc, (struct sockaddr*) &accept_addr, &size);
      if (accept_desc == -1) {
            perror("accept failed");
            return 30;
      }
      close(desc);
      return 0;
}


Need I say that it works without delay? After the listen() call, the port is open in a "netstat -l -n --inet".

BTW, blahblahblah you've probably debugged a lot of networking applications, and I'm curious as to which tools you're using to simulate different network environments? Specifically, I'd like to specify the mean lag, bandwidth and packet loss on my ethernet devices - 100 Mbit LAN testing is rather far from the rogue internet environment.

- elias

Offline elias

Senior Member





« Reply #6 - Posted 2003-12-04 09:45:06 »

If I shut down the ftp service and run the minimal test on port 21, the program still hangs.

There's no security granularity in the firewall config in Yast2. I stop the firewall with "rcSuSEfirewall2 stop", and I'm not sure what else that script does.

I tried flushing the rules with iptables --flush and checked that there were no rules left with iptables --list. And the testprogram still hangs, so the problem must be somethinge else, right? Now, the core firewall script is unfortunately miles long and I have little chance of figuring it out from that.

But what could the difference between the C and java code sample be?

- elias

Offline Golthar

Junior Member




;)


« Reply #7 - Posted 2004-01-07 09:33:38 »

How many IP's does your system have?
Perhaps the C variant binds to just one IP and the Java variant tries to bind to all?

I had a problem with my Linux server like this once after I specified the right interface/IP adress to bind on, all was fine

come visit us: http://www.otf1337.com
Offline elias

Senior Member





« Reply #8 - Posted 2004-01-07 11:59:17 »

No, specifying a particular interface doesn't seem to work :/

- elias

Offline Golthar

Junior Member




;)


« Reply #9 - Posted 2004-01-08 06:46:13 »

Sorry it was not helpful.

By the way it sounds, one of the interfaces is having an hard time binding.
Did you try doing: demsg after finaly binding?

It opens the last kernel logs, I usualy find things like dropped packets in there, perhaps it shows you more networking data

come visit us: http://www.otf1337.com
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

TehJavaDev (12 views)
2014-08-28 18:26:30

CopyableCougar4 (24 views)
2014-08-22 19:31:30

atombrot (37 views)
2014-08-19 09:29:53

Tekkerue (30 views)
2014-08-16 06:45:27

Tekkerue (29 views)
2014-08-16 06:22:17

Tekkerue (18 views)
2014-08-16 06:20:21

Tekkerue (28 views)
2014-08-16 06:12:11

Rayexar (65 views)
2014-08-11 02:49:23

BurntPizza (41 views)
2014-08-09 21:09:32

BurntPizza (33 views)
2014-08-08 02:01:56
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!