Re: sslsplit needs to be restarted every 30 min.

[Stuart Henderson]

On 2015-05-11, C.L. Martinez <carlopm...@gmail.com> wrote:
> Yep, it seems the problem is "Too many open files" message:
>
> leapis.com/storage.googleapis.com sproto:TLSv1.2:AES128-SHA 
> dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
> ssl [172.22.55.1]:41558 [74.125.226.170]:443 
> sni:ci6.googleusercontent.com 
> names:*.googleusercontent.com/*.googleusercontent.com/*.blogspot.com/*.bp.blogspot.com/*.commondatastorage.googleapis.com/*.doubleclickusercontent.com/*.ggpht.com/*.googledrive.com/*.googlesyndication.com/*.googleweblight.com/*.safenup.googleusercontent.com/*.sandbox.googleusercontent.com/*.storage.googleapis.com/blogspot.com/bp.blogspot.com/commondatastorage.googleapis.com/doubleclickusercontent.com/ggpht.com/googledrive.com/googleusercontent.com/googleweblight.com/static.panoramio.com.storage.googleapis.com/storage.googleapis.com
>  
> sproto:TLSv1.2:AES128-SHA dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
> Warning: Failed to write to content log: Bad file descriptor
> Warning: Failed to write to content log: Bad file descriptor
> ssl [172.22.55.1]:50639 [74.125.226.171]:443 
> sni:ci4.googleusercontent.com 
> names:*.googleusercontent.com/*.googleusercontent.com/*.blogspot.com/*.bp.blogspot.com/*.commondatastorage.googleapis.com/*.doubleclickusercontent.com/*.ggpht.com/*.googledrive.com/*.googlesyndication.com/*.googleweblight.com/*.safenup.googleusercontent.com/*.sandbox.googleusercontent.com/*.storage.googleapis.com/blogspot.com/bp.blogspot.com/commondatastorage.googleapis.com/doubleclickusercontent.com/ggpht.com/googledrive.com/googleusercontent.com/googleweblight.com/static.panoramio.com.storage.googleapis.com/storage.googleapis.com
>  
> sproto:TLSv1.2:AES128-SHA dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
> Warning: Failed to write to content log: Bad file descriptor
> Failed to open 
> '/tmp/20150511T113718Z-[172.22.55.1]:50639-[74.125.226.171]:443.log': 
> Too many open files (24)
> Warning: Failed to write to content log: Bad file descriptor
> ssl [172.22.55.1]:59905 [74.125.226.160]:443 sni:plus.google.com 
> names:*.google.com/*.google.com/*.android.com/*.appengine.google.com/*.cloud.google.com/*.google-analytics.com/*.google.ca/*.google.cl/*.google.co.in/*.google.co.jp/*.google.co.uk/*.google.com.ar/*.google.com.au/*.google.com.br/*.google.com.co/*.google.com.mx/*.google.com.tr/*.google.com.vn/*.google.de/*.google.es/*.google.fr/*.google.hu/*.google.it/*.google.nl/*.google.pl/*.google.pt/*.googleadapis.com/*.googleapis.cn/*.googlecommerce.com/*.googlevideo.com/*.gstatic.cn/*.gstatic.com/*.gvt1.com/*.gvt2.com/*.metric.gstatic.com/*.urchin.com/*.url.google.com/*.youtube-nocookie.com/*.youtube.com/*.youtubeeducation.com/*.ytimg.com/android.com/g.co/goo.gl/google-analytics.com/google.com/googlecommerce.com/urchin.com/youtu.be/youtube.com/youtubeeducation.com
>  
> sproto:TLSv1.2:AES128-SHA dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
> Error 24 on listener: Too many open files
>
> Program exited normally.
> (gdb) backtrace full
> No stack.
> (gdb) thread apply all backtrace
> (gdb)
>
>

Aha. Unless it's very busy I wouldn't expect sslsplit to use a huge
number of openfiles simultaneously, so I wonder if it is failing
to close something.

Please try "fstat | grep sslsplit" soon after startup (allow a couple
of requests to go through first), then again after it has handled
a larger number of connections (maybe 5 minutes or so?) - let's see
if something is building up.

No need to run it in gdb for this now, it is exiting normally (i.e.
following normal error handling and reaching the end of the program)
so you could just use your normal startup script.