Hi,
unfortunatly you do not show your configfile, so i have to guess (you can
send it to me in private if you do not want to send it to a mailing-list).
You have a relay or redirect with ssl in your config?
Please try the attached patch, it's against -current, but should apply
on 5.3.
Apply by doing:
cd /usr/src/usr.sbin/relayd/
patch < thisemail
make obj
make depend
make
make install
/Benno
Index: ssl.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/ssl.c,v
retrieving revision 1.18
diff -u -p -r1.18 ssl.c
--- ssl.c 30 May 2013 20:17:12 -0000 1.18
+++ ssl.c 31 May 2013 20:16:35 -0000
@@ -220,8 +220,10 @@ ssl_cleanup(struct ctl_tcp_event *cte)
SSL_shutdown(cte->ssl);
SSL_clear(cte->ssl);
}
- if (cte->buf != NULL)
+ if (cte->buf != NULL) {
ibuf_free(cte->buf);
+ cte->buf = NULL;
+ }
}
void
Andrew Klettke(aklet...@opticfusion.net) on 2013.06.03 14:50:33 -0700:
> Hey all,
>
> Ever since upgrading to 5.3 a pair of firewalls whose main job is
> running relayd, we're seeing significant instability compared to the 5.2
> version. Right now we're seeing relayd crash around 8 times a day, with
> the following not-so-informative error message 'hce exiting' (names of
> relays and IPs edited out):
>
>
> relay *******, session 39269 (43 active), 0, ***.***.19.132 ->
> ***.***.15.81:80, done
> relay *******, session 38573 (43 active), 0, ***.***.93.209 -> :0, closed
> relay_close: sessions inflight decremented, now 0
> relay *******, session 38318 (40 active), 0, ***.***.93.209 ->
> ***.***.15.104:443, done
> relay *******, session 39165 (44 active), 0, ***.***.19.132 ->
> ***.***.15.81:80, done
> hce exiting, pid 19342
> relay *******, session 38371 (43 active), 0, ***.***.93.209 ->
> ***.***.15.104:443, done
> kill_tables: deleted 2 tables
> flush_rulesets: flushed rules
> relay_close: sessions inflight decremented, now 1
> relay_close: sessions inflight decremented, now 0
> relay_close: sessions inflight decremented, now 0
> relay exiting, pid 2067
> pfe exiting, pid 12850
> relay exiting, pid 20156
> relay exiting, pid 7514
> relay_close: sessions inflight decremented, now 0
> relay exiting, pid 576
> relay exiting, pid 3186
> parent terminating, pid 11155
> relay exiting, pid 26777
> relay exiting, pid 19108
> relay exiting, pid 4265
>
>
> When these firewalls were running 5.2, we saw relayd crash maybe 3-4
> times a month with these same settings and load levels, now its
> occurring around 10 times a day. I was hoping for any ideas or hints on
> where to look next. These are production firewalls so I'm waiting on
> word from the customer about if/when I can drop in compiled relayd and
> relayctl binaries from the -CURRENT source tree.
>
> dmesg:
>
> OpenBSD 5.3 (GENERIC.MP) #58: Tue Mar 12 18:43:53 MDT 2013
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
> cpu0: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz ("GenuineIntel"
> 686-class) 2.94 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,LAHF,PERF
> real mem = 2145374208 (2045MB)
> avail mem = 2099318784 (2002MB)
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 11/03/09, BIOS32 rev. 0 @ 0xfdb70,
> SMBIOS rev. 2.5 @ 0x7fedf000 (39 entries)
> bios0: vendor Phoenix Technologies LTD version "1.3a" date 11/03/2009
> bios0: Supermicro X7SBi
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S4 S5
> acpi0: tables DSDT FACP _MAR MCFG APIC BOOT SPCR ERST HEST BERT EINJ
> SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
> acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5)
> USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5)
> USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-16
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: apic clock running at 290MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz ("GenuineIntel"
> 686-class) 3.20 GHz
> cpu1:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,LAHF,PERF
> ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
> ioapic1 at mainbus0: apid 3 pa 0xfecc0000, version 20, 24 pins
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 2 (PXHA)
> acpiprt2 at acpi0: bus 3 (PEX_)
> acpiprt3 at acpi0: bus 5 (EXP1)
> acpiprt4 at acpi0: bus 13 (EXP5)
> acpiprt5 at acpi0: bus 15 (EXP6)
> acpiprt6 at acpi0: bus 17 (PCIB)
> acpicpu0 at acpi0: C3, PSS
> acpicpu1 at acpi0: C3, PSS
> acpibtn0 at acpi0: PWRB
> acpivideo0 at acpi0: IGD0
> bios0: ROM list: 0xc0000/0x9000 0xc9000/0x1000 0xca000/0x1000
> ipmi at mainbus0 not configured
> cpu0: Enhanced SpeedStep 3198 MHz: speeds: 2933, 2667, 2400, 2133, 1867,
> 1600 MHz
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 3200/3210 Host" rev 0x01
> ppb0 at pci0 dev 1 function 0 "Intel 3200/3210 PCIE" rev 0x01: apic 2 int 16
> pci1 at ppb0 bus 1
> ppb1 at pci1 dev 0 function 0 "Intel 6702PXH PCIE-PCIX" rev 0x09
> pci2 at ppb1 bus 2
> "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured
> ppb2 at pci0 dev 6 function 0 "Intel 3210 PCIE" rev 0x01: apic 2 int 16
> pci3 at ppb2 bus 3
> em0 at pci3 dev 0 function 0 "Intel PRO/1000 PT (82575EB)" rev 0x02:
> msi, address 00:25:90:04:c7:00
> em1 at pci3 dev 0 function 1 "Intel PRO/1000 PT (82575EB)" rev 0x02:
> msi, address 00:25:90:04:c7:01
> uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 16
> uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 17
> uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18
> ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 18
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb3 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 2 int 16
> pci4 at ppb3 bus 5
> ppb4 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 2 int 16
> pci5 at ppb4 bus 13
> em2 at pci5 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: msi,
> address 00:30:48:fa:ec:c8
> ppb5 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: apic 2 int 17
> pci6 at ppb5 bus 15
> em3 at pci6 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: msi,
> address 00:30:48:fa:ec:c9
> uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 23
> uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 22
> uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18
> ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 23
> usb1 at ehci1: USB revision 2.0
> uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92
> pci7 at ppb6 bus 17
> vga1 at pci7 dev 3 function 0 "ATI ES1000" rev 0x02
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> radeondrm0 at vga1: apic 2 int 22
> drm0 at radeondrm0
> pciide0 at pci7 dev 4 function 0 "ITExpress IT8213F" rev 0x00: DMA
> (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
> pciide0: using apic 2 int 23 for native-PCI interrupt
> pciide0: channel 0 ignored (not responding; disabled or no drives?)
> pciide0: channel 1 ignored (not responding; disabled or no drives?)
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02: PM disabled
> pciide1 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA,
> channel 0 configured to native-PCI, channel 1 configured to native-PCI
> pciide1: using apic 2 int 17 for native-PCI interrupt
> wd0 at pciide1 channel 0 drive 0: <ST3160316CS>
> wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
> ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 2
> int 17
> iic0 at ichiic0
> lm1 at iic0 addr 0x2d: W83627HF
> wbng0 at iic0 addr 0x2f: w83793g
> spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM ECC PC2-6400CL5
> spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM ECC PC2-6400CL5
> pciide2 at pci0 dev 31 function 5 "Intel 82801I SATA" rev 0x02: DMA,
> channel 0 wired to native-PCI, channel 1 wired to native-PCI
> pciide2: using apic 2 int 18 for native-PCI interrupt
> "Intel 82801I Thermal" rev 0x02 at pci0 dev 31 function 6 not configured
> usb2 at uhci0: USB revision 1.0
> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci1: USB revision 1.0
> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb4 at uhci2: USB revision 1.0
> uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb5 at uhci3: USB revision 1.0
> uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb6 at uhci4: USB revision 1.0
> uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb7 at uhci5: USB revision 1.0
> uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> isa0 at ichpcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
> lm2 at wbsio0 port 0x290/8: W83627HF
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> mtrr: Pentium Pro MTRR support
> lm1: disabling sensors due to alias with lm2
> uhidev0 at uhub1 port 2 configuration 1 interface 0 "Peppercon AG
> Multidevice" rev 2.00/0.01 addr 2
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> wskbd1: connecting to wsdisplay0
> uhidev1 at uhub1 port 2 configuration 1 interface 1 "Peppercon AG
> Multidevice" rev 2.00/0.01 addr 2
> uhidev1: iclass 3/0
> ums0 at uhidev1: 3 buttons, Z dir
> wsmouse0 at ums0 mux 0
> vscsi0 at root
> scsibus0 at vscsi0: 256 targets
> softraid0 at root
> scsibus1 at softraid0: 256 targets
> root on wd0a swap on wd0b dump on wd0b
>
> --
> Thanks,
>
> Andrew Klettke
> Systems Admin
> Optic Fusion
>
--
