1

I have searched a lot in various forums and most indicate that the solution is to open ports in the firewall or restart the xinetd service. Although that may be the solution in some cases, I think the problem is another and is still pending solution.

I have Red Hat 6, iptables service is off, and I have not modified the executables rshd/rsh.

Initially, when I start the system, rsh works fine:

# rsh localhost pwd
/root

If I simply restart the service "xinetd", I get the known message "poll: protocol failure in circuit setup":

# service xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]
# rsh localhost pwd
poll: protocol failure in circuit setup

I have only been able to fix the problem in two ways: rebooting the system or going through level 2.

# init 2; sleep 1; init 3
# rsh localhost pwd
/root

I'd like to reach the root cause. It is not a firewall problem.

This is the strace output when it fails: (see highlighted passage)

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
bind(3, {sa_family=AF_INET, sin_port=htons(1023), in_addr=inet_addr("0.0.0.0")}, 16) = 0
fcntl(3, F_SETOWN, 23277)               = 0
connect(3, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4
bind(4, {sa_family=AF_INET, sin_port=htons(1022), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(4, 1)                            = 0
write(3, "1022\0", 5)                   = 5
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}], 2, -1) = 1 ([{fd=3, revents=POLLIN|POLLERR|POLLHUP}])
write(2, "poll: protocol failure in circui"..., 40) = 40
close(4)                                = 0
close(3)                                = 0
rt_sigprocmask(SIG_SETMASK, [], [URG], 8) = 0
exit_group(1)

This is the strace output when it works fine: (see highlighted passage)

socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
bind(3, {sa_family=AF_INET, sin_port=htons(1023), in_addr=inet_addr("0.0.0.0")}, 16) = 0
fcntl(3, F_SETOWN, 24718)               = 0
connect(3, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 4
bind(4, {sa_family=AF_INET, sin_port=htons(1022), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(4, 1)                            = 0
write(3, "1022\0", 5)                   = 5
poll([{fd=3, events=POLLIN}, {fd=4, events=POLLIN}], 2, -1) = 1 ([{fd=4, revents=POLLIN}])
accept(4, {sa_family=AF_INET, sin_port=htons(1020), in_addr=inet_addr("127.0.0.1")}, [16]) = 5
close(4)                                = 0
writev(3, [{"root\0", 5}, {"root\0", 5}, {"pwd\0", 4}], 3) = 14
read(3, "\0", 1)                        = 1
rt_sigprocmask(SIG_SETMASK, [], [URG], 8) = 0
setuid(0)                               = 0
rt_sigprocmask(SIG_BLOCK, [INT QUIT TERM], [], 8) = 0
rt_sigaction(SIGINT, {SIG_IGN, [INT], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x2abd2db30080, [INT], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, {SIG_IGN, [INT], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN, [QUIT], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x2abd2db30080, [QUIT], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, {SIG_IGN, [QUIT], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN, [TERM], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x2abd2db30080, [TERM], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, {SIG_IGN, [TERM], SA_RESTORER|SA_RESTART, 0x2abd2e3c1920}, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2abd2eb893b0) = 24721
ioctl(5, FIONBIO, [1])                  = 0
ioctl(3, FIONBIO, [1])                  = 0
rt_sigprocmask(SIG_SETMASK, [], [INT QUIT TERM], 8) = 0
select(6, [3 5], NULL, NULL, NULL)      = 1 (in [3])
read(3, "/root\n", 8192)                = 6
write(1, "/root\n", 6)                  = 6
select(6, [3 5], NULL, NULL, NULL)      = 1 (in [3])
read(3, "", 8192)                       = 0
select(6, [5], NULL, NULL, NULL)        = 1 (in [5])
read(5, "", 8192)                       = 0
kill(24721, SIGKILL)                    = 0
exit_group(0)                           = ?

Thank you in advance for your help.

Best regards,

Octavio

AdminBee
  • 21,637
  • 21
  • 47
  • 71
Octavio Rodriguez Perez
  • 11
  • 2
  • 1
    If you don’t mind me asking, why are you using a dead protocol on a dead platform in the first place? – jsbillings Feb 14 '21 at 23:48
  • Does this answer your question? [rsh shows "poll: protocol failure in circuit setup", why?](https://unix.stackexchange.com/questions/68310/rsh-shows-poll-protocol-failure-in-circuit-setup-why) – jsbillings Feb 14 '21 at 23:50
  • Anything in the logs? – Mark Plotnick Feb 15 '21 at 00:47
  • 1
    Can you show us the xinetd config file for rsh? – Mark Plotnick Feb 15 '21 at 07:18
  • This is the config file /etc/xinetd.d/rsh service shell { socket_type = stream wait = no user = root log_on_success += USERID log_on_failure += USERID server = /usr/sbin/in.rshd disable = no } – Octavio Rodriguez Perez Feb 16 '21 at 12:04
  • We keep a system on the client under closed configuration control. The system used must be this. – Octavio Rodriguez Perez Feb 16 '21 at 12:04
  • The indicated thread [ rsh shows "poll: protocol failure in circuit setup, why?" ] does not answer my question. Although the symptom is the same, in my case I have not modified the source code of rsh/rshd nor is it a firewall problem because it occurs on the local machine and iptables is disabled. – Octavio Rodriguez Perez Feb 16 '21 at 12:09
  • The /var/log/messages shows this error: rshd[5251]: Could not allocate space for cmdbuf I think this can be a rshd bug. So if it has no solution without modifying the souce code, I would at least recover the service rshd in a smooth way. At the moment, it can be restablished in two ways: 1. reboot (too drastic) 2. init 2; sleep 1; init 3 (or init 5) I have tried this to recover it (unsuccessfully): cd /etc/init.d ./xinetd stop; ./rpcbind stop; ./portreserve stop; ./network stop; sleep 2; ./network start; ./portreserve start; ./rpcbind start; ./xinetd start Thank you in advance. – Octavio Rodriguez Perez Feb 16 '21 at 12:27
  • If you wait a few minutes after the `poll: protocol failure in circuit setup` failure - enough that all the connections in TIME_WAIT in `netstat -atp` go away - and try rsh again, does it still fail? – Mark Plotnick Feb 25 '21 at 19:38

0 Answers0