Jump to content

Logs flooded with "Error App: Error sending socket message"


sasagr

Recommended Posts

Since I installed Wireguard on my raspberry pi4, where I have emby server runnin, I got the logs flooded with:

2021-09-15 00:01:03.504 Error App: Error sending socket message from 10.6.0.1:33412 to 239.255.255.250:1900
	*** Error Report ***
	Version: 4.6.4.0
	Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_armhf.deb
	Operating system: Linux version 5.10.60-v7l+ (dom@buildbot) (arm-linux-gnueabihf-gcc-8 (Ubuntu/Linaro 8.4.0-3ubuntu1) 8.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #144
	Framework: .NET Core 3.1.13
	OS/Process: arm/arm
	Runtime: opt/emby-server/system/System.Private.CoreLib.dll
	Processor count: 4
	Data path: /var/lib/emby
	Application path: /opt/emby-server/system
	System.Net.Sockets.SocketException: System.Net.Sockets.SocketException (0xFFFFFFFF): Bad value for ai_flags
	   at Rssdp.SsdpCommunicationsServer.SendFromSocket(Tuple`3 socketTuple, Memory`1 messageData, IPEndPoint destination, CancellationToken cancellationToken)
	Source: System.Private.CoreLib
	TargetSite: Void Throw()
	
2021-09-15 00:01:03.712 Error App: Error sending socket message from 10.6.0.1:33412 to 239.255.255.250:1900
	*** Error Report ***
	Version: 4.6.4.0
	Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_armhf.deb

Emby seems to be working fine so maybe it is not a real problem but I would like to hear if any suggestion on how to avoid this.

Thanks

Link to comment
Share on other sites

I unchecked everything in Settings/Devices/DLNA, restarted the server, but I still get the messages:

2021-09-15 15:44:16.919 Error App: Error sending socket message from 10.6.0.1:45728 to 239.255.255.250:1900
....
2021-09-15 15:44:17.127 Error App: Error sending socket message from 10.6.0.1:45728 to 239.255.255.250:1900

Any idea what else to do?

Link to comment
Share on other sites

Dlna doesn't check the remote access filter because it's not something that is generally used over the internet. Removing the Dlna plugin is one approach but it is not the true source of the problem.

Your real problem, in both of your cases, is that you've got all ports on the server machine completely exposed on the internet. As a result, you're getting Dlna traffic from random internet addresses.

If you just want to make the problem go away quickly, then sure, you can remove the Dlna plugin, but I would strongly suggest closing the ports and only opening the ones you need, as you're really asking for trouble by fully exposing the machine like that.

Link to comment
Share on other sites

57 minutes ago, Luke said:

Dlna doesn't check the remote access filter because it's not something that is generally used over the internet. Removing the Dlna plugin is one approach but it is not the true source of the problem.

Your real problem, in both of your cases, is that you've got all ports on the server machine completely exposed on the internet. As a result, you're getting Dlna traffic from random internet addresses.

If you just want to make the problem go away quickly, then sure, you can remove the Dlna plugin, but I would strongly suggest closing the ports and only opening the ones you need, as you're really asking for trouble by fully exposing the machine like that.

I will definitely remove the DLNA plugin since I m not using it anyway but I m really curious to know why you said that all ports of this machine are exposed to internet. It is true that if I run a sudo lsof -i -P -n | grep LISTEN I see many ports listening, considering all the dockers, Emby, and some other services I use but only a few of them are visible to outside my network. I counted 3 ports including Emby and Wireguard. So I m not sure I m following. If you refer to Wireguard, then yes, it allows connection from any external/internal ip to any port in my network but that goes only through VPN secure tunneling.

Pls let me understand better where you see the issue, I know it is outside the Emby consideration, but in some you worried me.

Thanks in advance

Edited by sasagr
Link to comment
Share on other sites

and by the way... after removing the DLNA plugin and restarted the server I still see..

2021-09-15 20:31:32.452 Error App: Error sending socket message from 10.6.0.1:53433 to 239.255.255.250:1900
	*** Error Report ***
	Version: 4.6.4.0
	Command line: /opt/emby-server/system/EmbyServer.dll -programdata /var/lib/emby -ffdetect /opt/emby-server/bin/ffdetect -ffmpeg /opt/emby-server/bin/ffmpeg -ffprobe /opt/emby-server/bin/ffprobe -restartexitcode 3 -updatepackage emby-server-deb_{version}_armhf.deb
	Operating system: Linux version 5.10.60-v7l+ (dom@buildbot) (arm-linux-gnueabihf-gcc-8 (Ubuntu/Linaro 8.4.0-3ubuntu1) 8.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #144
	Framework: .NET Core 3.1.13
	OS/Process: arm/arm
	Runtime: opt/emby-server/system/System.Private.CoreLib.dll
	Processor count: 4
	Data path: /var/lib/emby
	Application path: /opt/emby-server/system
	System.Net.Sockets.SocketException: System.Net.Sockets.SocketException (0xFFFFFFFF): Bad value for ai_flags
	   at Rssdp.SsdpCommunicationsServer.SendFromSocket(Tuple`3 socketTuple, Memory`1 messageData, IPEndPoint destination, CancellationToken cancellationToken)
	Source: System.Private.CoreLib
	TargetSite: Void Throw()
	
2021-09-15 20:31:32.662 Error App: Error sending socket message from 10.6.0.1:53433 to 239.255.255.250:1900
Link to comment
Share on other sites

Complete log file? The server still has general network device detection features even without the dlna plugin.

Again, the root cause is you have your server machine fully exposed on the internet. If you close that up then this traffic will never even reach your emby server.

Link to comment
Share on other sites

here is the log

embyserver.txt

 

but you say that my server machine is fully exposed? There are only 3 ports opened to outside the network and the ip 10.6.0.1 the I see in the logs is the wireguard server running in the same machine. Maybe the issue can be solved to block emby to communicate with the 10.6.0.1 but as said before blacklisting it was not enough.

Link to comment
Share on other sites

7 minutes ago, sasagr said:

blacklisting it was not enough.

Again this is not your answer. What are you going to do when you start seeing more ip addresses with the same thing? Are you going to keep blocking them one by one?

It's the port that you want to worry about. You probably are exposing port 0 which means all ports.

Link to comment
Share on other sites

But if you want to bandaid it, you'll need to remove the port mapper plugin as well. It's looking for wan ip connection managers on your network and you've got some random ip's on the internet responding to that.

Link to comment
Share on other sites

Happy2Play

@Luke but that is a local network according to Emby, so is this a manually configure LAN network?

Quote

2021-09-15 20:28:26.483 Info NetworkManager: Detected local ip addresses: 192.168.1.163, 192.168.1.213, 172.17.0.1, 172.19.0.1, 172.18.0.1, 127.0.0.1, 10.6.0.1, fe80::79ec:6146:a6d:3aa4%2, fe80::42:d7ff:fee0:76ea%5, fe80::42:d9ff:fe47:ea67%6, fe80::42:fdff:fe7d:7e68%7, fe80::b88e:1ff:feea:4bd9%9, fe80::30ad:18ff:fe93:36c4%11, fe80::3496:bdff:fe24:fe75%13, fe80::8c1d:6aff:feb5:7e75%15, fe80::3801:aff:feb8:dbcf%17, fe80::1028:9ff:fe09:8c3a%19, ::1

 

Link to comment
Share on other sites

1 minute ago, Happy2Play said:

@Luke but that is a local network according to Emby, so is this a manually configure LAN network?

 

That could be due to their server network settings, and/or a vpn virtual network adapter, which if that's the case, can be solved via server network settings.

Link to comment
Share on other sites

15 minutes ago, Luke said:

Again this is not your answer. What are you going to do when you start seeing more ip addresses with the same thing? Are you going to keep blocking them one by one?

It's the port that you want to worry about. You probably are exposing port 0 which means all ports.

Well on my wg conf file I have 

AllowedIPs = 0.0.0.0/0, ::0/0

but this is allowed within the VPN   It means that WG is allowing all the ip and ports. 
I still don’t get the point why you say it is all exposed to internet

 

Link to comment
Share on other sites

17 minutes ago, sasagr said:

Well on my wg conf file I have 

AllowedIPs = 0.0.0.0/0, ::0/0

but this is allowed within the VPN   It means that WG is allowing all the ip and ports. 
I still don’t get the point why you say it is all exposed to internet

 

Because you can stop this behavior by disabling features in Emby Server if you really want to, but normally this traffic never even reaches the server because it's blocked higher layers (router, reverse proxy, etc).

Link to comment
Share on other sites

I stopped the wg service, restarted emby and this is the log now. I m getting still some other errors but I m not getting the socket message from 10.6.0.1

I m still not sure what practically do to avoid this message when WG is enabled.

embyserver.txt

Link to comment
Share on other sites

12 hours ago, Luke said:

That could be due to their server network settings, and/or a vpn virtual network adapter, which if that's the case, can be solved via server network settings.

I tried to filter out all the rest, but the socket messages are still there

Error sending socket message from 10.6.0.1:45825 to 239.255.255.250:1900

I checked with https://www.yougetsignal.com/tools/open-ports/ and only 3 ports (intended) are open to internet from the server machine.

I also changed the profile wg conf file to AllowedIPs = 192.168.1.0/24, if that could make a difference.

The only solution so far it is to remove DLNA and Port Mapper Plugin

image.png.e09ebec91b486d4047b7555fec159a06.png

Link to comment
Share on other sites

Actually the solution (or band-aid) seems to be to disable the automatic port mapping from Network settings, no need to remove DLNA or Port Mapper Plugin  

Link to comment
Share on other sites

kikinjo
16 hours ago, Luke said:

Dlna doesn't check the remote access filter because it's not something that is generally used over the internet. Removing the Dlna plugin is one approach but it is not the true source of the problem.

Your real problem, in both of your cases, is that you've got all ports on the server machine completely exposed on the internet. As a result, you're getting Dlna traffic from random internet addresses.

If you just want to make the problem go away quickly, then sure, you can remove the Dlna plugin, but I would strongly suggest closing the ports and only opening the ones you need, as you're really asking for trouble by fully exposing the machine like that.

This is not true and it is not the root cause. I have firewall active and only 2 ports are active, one for emby and one for ssh, dlna is not available at all.Still had this spamming issue also.

Link to comment
Share on other sites

@Luke how do I edit my own posts? it seems I cannot from the 3 dots.

It seems I cannot edit the older posts.

I just noticed that the logs I put here contains sensitive informations (like ip) that should have been masked.

Can you pls remove them?

Thanks

Edited by sasagr
Link to comment
Share on other sites

Happy2Play
17 minutes ago, sasagr said:

@Luke how do I edit my own posts? it seems I cannot from the 3 dots.

It seems I cannot edit the older posts.

I just noticed that the logs I put here contains sensitive informations (like ip) that should have been masked.

Can you pls remove them?

Thanks

Edit was limited to 10 minute as a few users were going back and clearing entire posts.  Do you still have access to your attachments via the dropdown on your username at the top of the forum.  If you can not remove them from there let me know and I will remove them.

Link to comment
Share on other sites

1 hour ago, Happy2Play said:

Edit was limited to 10 minute as a few users were going back and clearing entire posts.  Do you still have access to your attachments via the dropdown on your username at the top of the forum.  If you can not remove them from there let me know and I will remove them.

I managed. Thanks!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...