Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 01 Sep 2014 14:14:31 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 193221] New: net/relayd 100% cpu when answering TLS requests
Message-ID:  <bug-193221-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193221

            Bug ID: 193221
           Summary: net/relayd 100% cpu when answering TLS requests
           Product: Ports Tree
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: Needs Triage
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs@FreeBSD.org
          Reporter: lists@rewt.org.uk

I'm using relayd-5.5.20140810 with the config below, when relayd receives a
request on TLS, the process consumes 100% cpu after the client sends a hello:

(ip addresses changed to protect the innocent)

ext_addr="10.0.0.1"
webhost1="192.168.0.1"
webhost2="192.168.0.1"

table <webhosts> { $webhost1 $webhost2 }

interval 10
timeout 200
prefork 5
log updates

http protocol http {
        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
        match request header append "X-Forwarded-By" value
"$SERVER_ADDR:$SERVER_PORT"
        match request header set "Connection" value "close"
        tcp { nodelay, sack, socket buffer 65536, backlog 128 }
       ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
#      ssl session cache disable
}

relay www {
        listen on $ext_addr port 80
        protocol http
        forward to <webhosts> port http mode loadbalance check http "/" code
200
}

http protocol httpssl {
        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
        match request header append "X-Forwarded-By" value
"$SERVER_ADDR:$SERVER_PORT"
        match request header set "Connection" value "close"
        tcp { nodelay, sack, socket buffer 65536, backlog 128 }
        ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
#        ssl session cache disable
}

relay wwwssl {
        listen on $ext_addr port 443 ssl
        protocol httpssl
        forward to <webhosts> port http mode loadbalance \
                check http "/" code 200
}

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193221-13>