On Sat, 16 Jan 2016 04:47:01 +0000, Kaz Kylheku wrote:
> Of course it isn't immune. What steps in the script do you see that lock
> down the port so that no other process can create a socket and bind to
> it?
>
> In your loop, you have to actually run the program which binds the port
> that you think you have found. The program has to be designed to accept
> a specified port as input, try to bind a socket to that port, or else
> fail.
>
> The script can detect that the program has failed, and then run the loop
> again.
>
> Basically, if your loop doesn't *acquire* the port before terminating,
> there is a race.
Thanks a lot for your analysis.
In fact, the background that I post this thread is the problem I
encountered as follows:
I want to find the usable vpngate's free vpn servers. The steps are
described as follows:
1- Obtain all of the OpenVPN Configuration File (.ovpn file) which are
using TCP protocol from the following website:
http://www.vpngate.net/en/
2- Runing on all of these .ovpn files in parallel with the following
command for each of the .ovpn file:
sudo openvpn --config the-ovpn-file --route-nopull --connect-retry-max 1
--remap-usr1 SIGTERM --tls-exit
Currently, I've 8000+ .ovpn files accumulated for long time. Therefor I
must run the above command in parallel to do the testing, i.e., put each
running of the above command into background like the following:
for i in list-of-all-the-ovpn-files
do
sudo openvpn --config $i --route-nopull --connect-retry-max 1
--remap-usr1 SIGTERM --tls-exit &> /dev/null &
done
When I do the above loop testing on all of these ovpn files, it seems
some of the connected openvpn instances will be
closed when I run a number of openvpn commands with the above method.
Furthermore, I inspected all of the ovpn config files, they all have the
following three lines in them besides other stuff:
proto tcp
remote <the-ip-of-vpn-server> <the-port-of-server>
nobind
After a further thinking, it seems that the above issue is cause by
the nobind option used in the config files. In detail, with the nobind
option, the openvpn client with using lport = 0, which means the openvpn
client will ask the kernel to allocate a port from it's
ip_local_port_range.
For my case, I running all of these openvpn client in parallel by putting
them into background, which maybe cause race condition for the kernel to
allocate *same* unused ports for each openvpn client instance.
Currently, I think the possible solutions for this issue are as follows:
Method 1:
Find all of the unused local port and ranomly pick one from them each
time for each openvpn client instance, i.e., the topic of this thread.
Method 2:
Sleep some time between each initial running of openvpn client instance:
for i in list-of-all-the-ovpn-files
do
sudo openvpn --config $i --route-nopull --connect-retry-max 1
--remap-usr1 SIGTERM --tls-exit &> /dev/null &
sleep 0.1
done
The sleep command will give enough time for the kernel to solve the race
condition and dynamically allocate appropriate local ports for each
openvpn client instance.
Method 3:
Comment out the nobind line in the config file, and then using the --
lport
option to assign a unused random ports for each openvpn client instance.
To summarize, the method 1 and 3 are based on the user-space's local-port
assign scheme, and the method 2 are based on the OS to assign the dynamic
local ports.