Bug 22889 - xinetd locks services
xinetd locks services
Product: Red Hat Raw Hide
Classification: Retired
Component: xinetd (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2000-12-27 13:43 EST by Need Real Name
Modified: 2007-04-18 12:30 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-02-26 19:20:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-12-27 13:43:00 EST
xinetd will lock and not start any services.  The main
service used is ipop3.  When it happens, the telnet server
will not startup and users cannot retrieve mail.  There are
around 15-20 people hitting the pop server in varying frequencies.

This is a RedHat 7.0 system with updates
and xinetd- installed.
Comment 1 Derek Tattersall 2000-12-27 14:36:02 EST
Have you enabled ipop3 (disabled by default)?  Use ntsysv to enable it.  Are you
trying to telnet as root?
Comment 2 Need Real Name 2000-12-27 15:42:50 EST
The services work fine for maybe 2 hours and then just lock up.
I have never had any xinetd work for over a day.  I am currently
using the old inetd super server.  I generally use chkconfig to
enable services.

Here is my latest xinet configuration for ipop3
service pop3
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/ipop3d

I tried changing some logging options to see if that would help,
but lockups still occurred.
Comment 3 Trond Eivind Glomsrxd 2000-12-27 19:05:12 EST
Do you have the same problems with the released  xinetd? DLT, can you try get a
load test of this?
Comment 4 Need Real Name 2000-12-27 19:41:40 EST
I was under the impression that this problem was similar to bug 19355.
I have tried the released versions for 7.0 and get similar results.
Comment 5 Trond Eivind Glomsrxd 2000-12-28 06:00:36 EST
Do you use /etc/hosts.{allow,deny}? Try removing these files, and use the
"only_from" syntax instead... Also, try stracing the process when this happens,
see if you have many concurrently running servers and add the "-d" option to xinetd.
Comment 6 Derek Tattersall 2000-12-29 13:28:07 EST
I ran 20 clients using fetchmail to a server which was generating mail at a rate
of 1/sec.  The clients
were using fetchmail in demon mode every 2 seconds (also at 1 second).  I
couldn't get xinetd to lock up at all.  I repeated the experiment using imap. 
Still no lockup.  Both of these test cases cause the server to achieve a load
average of 5.0 - 6.0.  

Without more information, I can't reproduce this.
Comment 7 Trond Eivind Glomsrxd 2001-01-09 14:53:29 EST
As we can't reproduce this in our own load tests, I'm closing this.
Comment 8 Need Real Name 2001-01-09 19:58:15 EST
Ok, it finally repeated itself.  It took someone to travel back out to a remote
site and try to get mail.  When they do try to access the pop server, the entire
pop server hangs.  Even telnet hangs for LAN users at

Connected to CatInTheHat.kaivo.com (
Escape character is '^]'.

I do not as of yet know the details of the remote site.  All I currently know is
that all day people have been complaining of their mail app hanging when
checking mail.

I use hosts.allow/deny due to the use of at least SSH and portmap.  I cannot do
away with them.
Comment 9 Trond Eivind Glomsrxd 2001-01-20 18:24:16 EST
What is the load mix when this happens? Can you try pre14, which should fix a
couple of minor issues and make tcp_wrapper handling more efficient?
Comment 10 Trond Eivind Glomsrxd 2001-01-30 20:19:40 EST
Had a chance to try the new xinetd rpm yet?
Comment 11 Need Real Name 2001-02-01 11:53:32 EST
I am currently using it.  Sometimes it errors out with:

xinetd[13779]: execv( /usr/sbin/ipop3d ) failed: Bad address (errno = 14)

A restart seems to take care of it for the moment.

We have not had anyone go back yet to the customer's location where the problem
occurs.  Therefore, I have not seen the problem occur again.
Comment 12 Trond Eivind Glomsrxd 2001-02-16 14:34:46 EST
The latter was a problem with the envp not being terminated properly, and has
been fixed - the primary problem should be fixed as well, reopen if you find it
Comment 13 Need Real Name 2001-02-26 13:17:22 EST
Now with xinetd- I get a slightly different problem.  It seems at
least the xinetd process is no longer being blocked so that people can still
retrieve mail.  The problem is now just with the single connection getting stuck
while connecting.  Here is how telnet looks:

Connected to popserver (
Escape character is '^]'.

Telnet hangs there and does not bring up the +OK POP3 reply before the mail
client times out.

I am currently back to using the old inetd superserver again.
Comment 14 Trond Eivind Glomsrxd 2001-02-26 17:50:46 EST
Does reverse DNS lookup on the client work? Can you try removing the
identification information in the options (does it try to talk to the identd?
Comment 15 Need Real Name 2001-02-26 18:41:30 EST
Reverse lookup appears to work.  It looks like it is some CIDR delegated block.

I initially changed /etc/hosts.allow from ALL@ALL to ALL for the service.  It
seemed like that took care of the problem.  Afterward, I removed the
log_on_failure line from the ipop3 xinetd configuration file as well.  That
seemed to have no effect.

Is this a known misconfiguration on my part?  As long as it is documented, I am
now happy with xinetd.
Comment 16 Rob Braun 2001-02-26 18:58:58 EST
The fact that things improved after changing ALL@ALL to ALL would 
seem to indicate that it was an auth lookup problem.  The curious part is 
that ALL@ALL worked with inetd, but not with xinetd.  That is very strange.
There are numerous records of my rants about why auth/ident is stupid 
and should not be used at all.
Since the demo you've given us is a designated non-routable address, I'll 
assume that you're using this address range internally and you have DNS 
properly setup to respond to forward and reverse lookups for the address 
Comment 17 Need Real Name 2001-02-26 19:20:23 EST
The server does have a routable address.  I just threw in a fake one.  As far as
I know, DNS is setup correctly.  In my case, I really was overusing ident.  It
was not needed even for debugging.
Comment 18 Trond Eivind Glomsrxd 2001-02-27 01:01:22 EST
Local configuration issue - closing as "RAWHIDE" for the original solution.

Note You need to log in before you can comment on or make changes to this bug.