Date: Thu, 6 Dec 2012 14:35:46 -0600 (CST) From: Thomas Johnson <tom@claimlynx.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: root@claimlynx.com Subject: ports/174245: net/relayd Segfault on reload when checking https Message-ID: <20121206203546.C93CD28444@folsom-2.claimlynx.com> Resent-Message-ID: <201212062050.qB6Ko06X061767@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 174245
>Category: ports
>Synopsis: net/relayd Segfault on reload when checking https
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 06 20:50:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Thomas Johnson
>Release: FreeBSD 9.1-RC3 i386
>Organization:
ClaimLynx, Inc.
>Environment:
System: FreeBSD folsom-2.claimlynx.com 9.1-RC3 FreeBSD 9.1-RC3 #1: Sat Dec 1 12:52:30 CST 2012 root@folsom-2.claimlynx.com:/usr/obj/usr/src/sys/GENERIC-ALTQ i386
Relayd version relayd-5.2.20121122
>Description:
I have noticed that when relayd is configured to check https responses, issuing a 'relayctl reload' command faults relayd to quit with signal 11. The configuration snippet in the How-to-Repeat section below shows the problem configuration. The following log output shows an example relayd run (irrelevant testing output removed). Following startup, and a couple rounds of checks, 'relayctl reload' is issued.
> grep '69358\|69359\|69360' /var/log/all.log
Dec 6 12:49:09 folsom-2 relayd[69358]: startup
Dec 6 12:49:09 folsom-2 relayd[69360]: socket_rlimit: max open files 11095
Dec 6 12:49:09 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, setservent, not found, and no fallback provided
Dec 6 12:49:09 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, endservent, not found, and no fallback provided
Dec 6 12:49:09 folsom-2 relayd[69359]: init_filter: filter init done
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/www" and table "www"
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/https" and table "https"
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wiki" and table "wiki"
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wikis" and table "wikis"
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftp" and table "ftp"
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftps" and table "ftps"
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/sftp" and table "sftp"
Dec 6 12:49:09 folsom-2 relayd[69359]: init_tables: created 6 tables
Dec 6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table www
Dec 6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table https
Dec 6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table wiki
Dec 6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table wikis
Dec 6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table ftp
Dec 6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table ftps
Dec 6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table sftp
...
Dec 6 12:49:27 folsom-2 relayd[69358]: parent_reload: level 0 config file /etc/relayd.conf
Dec 6 12:49:27 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, setservent, not found, and no fallback provided
Dec 6 12:49:27 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, endservent, not found, and no fallback provided
Dec 6 12:49:27 folsom-2 relayd[69359]: init_filter: filter init done
Dec 6 12:49:27 folsom-2 kernel: pid 69360 (relayd), uid 913: exited on signal 11
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/www" and table "www"
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/https" and table "https"
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wiki" and table "wiki"
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wikis" and table "wikis"
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftp" and table "ftp"
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftps" and table "ftps"
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/sftp" and table "sftp"
Dec 6 12:49:27 folsom-2 relayd[69359]: init_tables: created 0 tables
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table www
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table https
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table wiki
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table wikis
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table ftp
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table ftps
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table sftp
Dec 6 12:49:27 folsom-2 relayd[69359]: kill_tables: deleted 7 tables
Dec 6 12:49:27 folsom-2 relayd[69359]: flush_rulesets: flushed rules
Dec 6 12:49:27 folsom-2 relayd[69359]: pfe exiting, pid 69359
Dec 6 12:49:27 folsom-2 relayd[69358]: parent terminating, pid 69358
>How-To-Repeat:
The following is relevant configuration that causes a segfault on reload.
interval 5
timeout 300
prefork 5
log updates
lion1="10.11.12.1"
lion2="10.11.12.2"
lion3="10.11.12.3"
lion4="10.11.12.4"
carp_if="10.11.12.5"
sorry_server="10.11.13.28"
table <webpool> { $lion1, $lion2, $lion3, $lion4 }
table <sorry> { $sorry_server retry 2}
redirect "https" {
listen on $carp_if port 443
# Enabling these checks causes segfaults on reload
forward to <webpool> check https "/favicon.ico" code 200 timeout 750
forward to <sorry> check https "/favicon.ico" code 200 timeout 750
# Old, working configuration
#forward to <webpool> check tcp timeout 300
#forward to <sorry> timeout 300 check icmp
sticky-address
}
>Fix:
Avoid using 'check https', or reloading your relayd configuration.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121206203546.C93CD28444>