From owner-freebsd-stable@FreeBSD.ORG Thu Jun 14 00:28:33 2007 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 71A8316A468 for ; Thu, 14 Jun 2007 00:28:33 +0000 (UTC) (envelope-from bright@elvis.mu.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 6137013C447 for ; Thu, 14 Jun 2007 00:28:33 +0000 (UTC) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id BEB6A1A4D80; Wed, 13 Jun 2007 16:58:50 -0700 (PDT) Date: Wed, 13 Jun 2007 16:58:50 -0700 From: Alfred Perlstein To: Alexandre Biancalana Message-ID: <20070613235850.GM96936@elvis.mu.org> References: <7ad7ddd90706130722t6731afa7j5fa9a78a3e87f9e5@mail.gmail.com> <8e10486b0706131214m9e04f36rbaf9db859e9e65da@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8e10486b0706131214m9e04f36rbaf9db859e9e65da@mail.gmail.com> User-Agent: Mutt/1.4.2.2i Cc: stable@freebsd.org, rwatson@freebsd.org Subject: Re: Unix domain socket leak in 6-STABLE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2007 00:28:33 -0000 * Alexandre Biancalana [070613 12:40] wrote: > On 6/13/07, Ulrich Spoerlein wrote: > > > >Hi, > > > >as you are aware, there is a unix domain socket leak in 6-STABLE, > >which AFAIK is not yet fully fixed. > > > >I wanted to ask about the status or some possible fixes, as I know a > >way to reproduce the problem in a matter of minutes. > > > >We are running Cyrus and Postfix with the user DB in OpenLDAP. When > >using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for > >both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd > >quickly runs out of filedescriptors as it is not closing any unix > >sockets (judging by ever increasing lsof output). > > > >Using TCP sockets is just fine. If there are patches I could try, > >don't hesitate to send them to me. > > > > Ohhh !! I had exactly the same problem last night. > > After change the line of /usr/local/etc/nss_ldap.conf from > > uri ldap://127.0.0.1/ > > to > > uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/ > > The open sockets off this machine started to increase until reach maxfiles > limit and show messages like this: > > kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7). > > and slapd stopped to accept new connections. > > During the day (production hours) the number off connections (using TCP > sockets) to OpenLDAP range from 16 to 45. Last night after change the type > connection to Unix Domain Socket the number of connections raised rapidly to > about 4000. I get this numbers using sockstat -c command. > > This machine is our Samba PDC, running 6.2-STABLE compile in Apr 5 13:33:50 > using samba-3.0.24,1, nss_ldap-1.255, openldap-server-2.3.34_1 > > I can provide more information if need. > > Any Advises/Patches ? I would advise running "truss" or ktrace against the process to see if it's actually attempting to close the descriptor. this would explain if the leak is in the application, or maybe libc/kernel. -- - Alfred Perlstein