search

zmanda / amanda

Amanda Network Backup
https://www.zmanda.com/downloads/
Other
214 stars 107 forks source link

Wiki Page Request: document high port usage #241

Open DaveAtFraud opened 8 months ago

DaveAtFraud commented 8 months ago

I'm getting ready to do some hardware and OS (CentOS 7 -> Rocky 9) improvements that include my amanda server. I have cut in a temporary amanda server as part of this process with both the old and new server currently running in parallel at different times so there is no conflict. I'm seeing apparently random backup failures of some hosts. I traced this to the amanda client attempting to open some ports to the amanda server. What I see in the amanda debug logs is:

Sat Nov 11 18:15:08 2023: thd-0x55fa2bd08e00: amandad: dgram_send_addr(addr=0x55fa2bd12b70, dgram=0x7f744b4a97c8) Sat Nov 11 18:15:08 2023: thd-0x55fa2bd08e00: amandad: (sockaddr_in *)0x55fa2bd12b70 = { 2, 778, 192.168.0.4 } Sat Nov 11 18:15:08 2023: thd-0x55fa2bd08e00: amandad: dgram_send_addr: 0x7f744b4a97c8->socket = 0 Sat Nov 11 18:15:18 2023: thd-0x55fa2bd08e00: amandad: timeout Sat Nov 11 18:15:18 2023: thd-0x55fa2bd08e00: amandad: timeout waiting for ACK for our REP Sat Nov 11 18:15:18 2023: thd-0x55fa2bd08e00: amandad: security_close(handle=0x55fa2bd12b30, driver=0x7f744b48c720 (BSD)) Sat Nov 11 18:15:27 2023: thd-0x55fa2bd08e00: amandad: timeout exit Sat Nov 11 18:15:27 2023: thd-0x55fa2bd08e00: amandad: pid 8845 finish time Sat Nov 11 18:15:27 2023

Looking up the amandad debug log I saw:

Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20436 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: security_streaminit(stream=0x558f5c39a140, driver=0x7f2f1fe2a720 (BSD)) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server opening socket with family 2 (requested family was 2) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: send buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: receive buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20437: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20437

which seems to indicate that amandad on the client is attempting to open random (?) ports back to the amanda server system. I'm surprised this works at all since I only open the documented amanda client port. Amanda works as expected if I disable the firewall on the amanda server but this is not an acceptable workaround. At a minimum the specific ports or port range used should be documented. Better would be to have the ports configurable but this would be a software change.

konidev20 commented 7 months ago

Hey @DaveAtFraud,

Thank you for reporting this.

I will check with the Amanda team and get back to you on this.

I will document the list of allowed ports or port ranges I will push it to wiki.zmanda.com for future reference.

konidev20 commented 6 months ago

Hey @DaveAtFraud,

I want to understand your problem a little better.

Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20436 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: security_streaminit(stream=0x558f5c39a140, driver=0x7f2f1fe2a720 (BSD)) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server opening socket with family 2 (requested family was 2) Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: send buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: try_socksize: receive buffer size is 65536 Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20435: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20436: Available - Address already in use Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: bind_portrange2: Try port 20437: Available - Success Sat Nov 11 23:06:23 2023: thd-0x558f5c36ce00: amandad: stream_server: waiting for connection: 0.0.0.0:20437

These are server logs right? Is the server amandabackup user on your new machine a privileged root user. [Edit] because if it's not root, it will try to use unreserved ports [\Edit]

konidev20 commented 6 months ago

So I reviewed the code. If you're not a privileged user, we use unreserved ports between 1024 and 65535.

If you can confirm, I will add this piece of information into the documentation.