• 10 dec 2017: forum version update. In case of issues use this topic.
  • 30 nov 2017: pilight moved servers. In case of issues use this topic.
Hello There, Guest! Login Register


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
pilight in Docker not accepting connections due to possible SYN flooding
#1
Hi everyone,

I'm trying to run pilight within Docker, with no luck. I tried using this Dockerfile:
https://github.com/akloeckner/pilight-do...Dockerfile

Which is a simpe fork from
https://github.com/monsterwels/pilight

I also followed the regular installation manual in a fresh debian stretch container:
https://manual.pilight.org/installation.html

pilight starts in the container, it can also receive 433MHz signals correctly.

However, the webserver and websocket server are not reachable. 

Not even from within the container, as a simple wget fails to retrieve any webpage:
Code:
root@8aaffc6a2a42:/# wget localhost:5001
--2021-01-31 20:14:48--  http://localhost:5001/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:5001... ^C

The error I am getting is

Code:
root@8aaffc6a2a42:/# dmesg |tail
[605779.647611] device vethacf2e25 left promiscuous mode
[605779.647615] docker0: port 3(vethacf2e25) entered disabled state
[605814.519146] docker0: port 3(veth1d981e4) entered blocking state
[605814.519149] docker0: port 3(veth1d981e4) entered disabled state
[605814.519420] device veth1d981e4 entered promiscuous mode
[605814.786424] eth0: renamed from veth56b2e25
[605814.799927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1d981e4: link becomes ready
[605814.799978] docker0: port 3(veth1d981e4) entered blocking state
[605814.799980] docker0: port 3(veth1d981e4) entered forwarding state
[606045.066603] TCP: request_sock_TCP: Possible SYN flooding on port 5001. Dropping request.  Check SNMP counters.

I have no idea, why this fails. 

The following page suggests, this ia problem with TCP connection backlogs:
https://access.redhat.com/solutions/30453

But I cannot set any sysctl variables as suggested in the solutions.
Code:
root@8aaffc6a2a42:/# apt-get install -y procps
[...]
root@8aaffc6a2a42:/# sysctl net.core.somaxconn
net.core.somaxconn = 128
root@8aaffc6a2a42:/# sysctl -w net.core.somaxconn=512
sysctl: setting key "net.core.somaxconn": Read-only file system
root@8aaffc6a2a42:/#


Also, I believe it would probably not have any effect, because pilight listens to the socket with zero backlog from this line of code:
https://github.com/pilight/pilight/blob/...er.c#L1962

Does anyone have pilight running in docker with its server being availale to the outside world? What am I missing?

Thanks for your help!
 
Reply
#2
I don't know. Would be great if someone can shed a light on this Smile
 
Reply
#3
I thought, I'd give it a try and tamper with the source code. Successfully!

So, I installed the manually compiled version in a fresh debianConfusedtretch container. That worked flawlessly, except I needed to touch the pilight.pem file.

However, a wget localhost:5001 still hang and gave the same error as described above.

So, I changed the line mentioned above (https://github.com/pilight/pilight/blob/...er.c#L1962) to a backlog > 0,
Code:
if((listen(sockfd, 1)) < 0) {

recompiled, restarted, and, voila, wget gets the index.html and there is no error anymore in the dmesg logs!

I figure, the error itself is somehow related to the combination of
  • my libreelec base system and its hardware
  • the docker image
  • network stack configuration
  • pilight not defining a tcp backlog.
The sum of it maybe leads to the server not responding fast enough, such that the tcp connection times out.

Simply using a small buffer/backlog on the pilight side seems to fix that.


I'll try if this fix also works for the actual websocket server and report back. I expect this fix to work there, too.

If it does work, I'll PR the change on github, unless you have reason this backlog setting in the listen call should remain to be 0?
 
Reply
#4
I created the PR to further discuss there: https://github.com/pilight/pilight/pull/463

The issue with the websocket connection was simply due to me not providing a port setting. So, a random port was chosen and connecting to 5000 was bound to fail.
 
Reply
  


Possibly Related Threads...
Thread Author Replies Views Last Post
  update pilight Traeumer 0 53 07-29-2021, 09:41 PM
Last Post: Traeumer
  problem publish to pilight MQTT server Emiks5 8 1,588 07-24-2021, 06:46 PM
Last Post: Emiks5
  Hardware Switch and pilight-send/-control iTommix 3 549 02-14-2021, 09:25 PM
Last Post: iTommix
  pilight error after update to 8.1.5 on Odroid C2 WitchDoctor 4 1,731 02-07-2021, 09:50 PM
Last Post: pilightalpine
  pilight-debug format Rschnauzer 2 460 12-17-2020, 07:09 PM
Last Post: Rschnauzer
  pilight-flash not working danny 14 3,384 12-12-2020, 10:00 AM
Last Post: tox
  pilight does not start, Deamon is not found. Dekkertje 6 775 12-08-2020, 06:55 PM
Last Post: Dekkertje
  Failed pilight-send that say they succeeded hepcat72 2 500 12-05-2020, 05:30 PM
Last Post: hepcat72
  apt.pilight.org/dists/stable/main/binary 301 Moved Permanently Rschnauzer 6 854 11-23-2020, 01:49 PM
Last Post: Rschnauzer
  bridging pilight and mosquitto hansrijn2 5 1,258 10-26-2020, 06:31 PM
Last Post: hansrijn2

Forum Jump:


Browsing: 1 Guest(s)