[OSM-dev] osm2pgsql deltas
Brett Henderson
brett at bretth.com
Wed Jan 20 21:19:43 GMT 2010
On Thu, Jan 21, 2010 at 3:21 AM, Steve Hill <steve at nexusuk.org> wrote:
> On Wed, 20 Jan 2010, Brett Henderson wrote:
>
> Matt's suggestion of running under strace might be the way to go here.
>> I've
>> never seen anything like this before.
>>
>
> Got it!
>
> For some reason, one of the threads creates a PF_INET6 socket on an
> ephemeral port, listenning on all network interfaces. The same thread then
> creates a connection to that socket. Due to a misconfiguration on my
> server, ip6tables was set to drop looped back IPv6 traffic, so it was
> sitting there waiting for the connection to time out.
>
> Fixing the ip6tables config to allow looped bak IPv6 traffic has resolved
> the problem.
>
Nice work! I'll try to remember this. I remember somebody on another list
having similar problems with osm2pgsql and IPv6 the other day ...
>
> Some odd notes:
>
> 1. This connection can't be especially important since it was able to carry
> on working just fine without the connection present.
> 2. Since it is on an ephemeral port, the socket is presumably only be used
> for internal communication between threads - as such, using a socket that is
> listenning for connections on all network interfaces seems like a really bad
> idea. This sort of stuff should be done with unix domain sockets, not
> public network sockets.
> 3. Of course, I have no idea if Osmosis or the JVM itself is responsible
> for this. :)
It must be the JVM ... The only socket stuff Osmosis does is making HTTP
requests, it never listens on sockets. I'm very surprised it's listening on
all interfaces though. I know there's some debug and profiling type ports
that Java 6 opens but I thought they were only available locally and I
(perhaps wrongly) assumed they were secured in some way (eg. You can connect
using the jconsole tool and get stats on running JVMs). When I get a chance
I'll take a look at it, but I suspect there's no much I can do about it.
I'd be surprised if there was a security risk created by this, but who knows
...
Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20100121/06f470c4/attachment.html>
More information about the dev
mailing list