at a guess what is your limit states set to in pf.conf perhaps you are running out of session states in pf.conf ?
check what is your current states when you see the issue vs what is set in your pf.conf / defaults the defaults are set quite low (in my humble opinion) Hope this helps Thanks Tom Smyth On Wed, 18 Sep 2019 at 01:00, Pascal Guitierrez <[email protected]> wrote: > > I seem to be having the same issue as this post: > https://marc.info/?l=openbsd-misc&m=156080861431000&w=2 > > > however even with the suggestion of disabling socket splicing i'm still > hitting the same problem, which seems to be an hard timeout where the > relayd session is killed and then subsequently the HTTP session is cut and > the download from relayd fails, even if there's active traffic travelling > over the session. > > > To reproduce: > > # create a 100MB random file as the site index > > dd if=/dev/random of=/var/www/index.html bs=1M count=100 > > > httpd.conf: > > server "test" { > > listen on lo0 port 8080 > > } > > > relayd.conf: > > table <webhosts> {127.0.0.1} > > http protocol "web" { > > pass > > #tcp {no splice} > > } > > relay "localweb" { > > listen on lo0 port 80 > > protocol "web" > > session timeout 5 > > forward to <webhosts> port 8080 > > } > > > then to test i use: wget -O /dev/null --limit-rate 1k http://localhost > > > from benno@'s post, socket splicing means relayd cannot see the traffic on > the socket to know if it's idle > > so the behaviour should be that: > > 1. with splicing: the relayd session should be implicitly killed after 5 > seconds > > 2. no splicing: the relayd session should keep running until the HTTP > transfer is completed as it's actively got data travelling over it every 5 > seconds or less > > > are my assumptions correct? > > > here are the results: > > > with splice: > > relayd session is killed after 10 seconds, idle timeout is reset every 5 > seconds > > here's what relayctl show sessions looks like: > > age: 01, idle: 01 > > age: 05, idle: 00 > > age: 09, idle: 04 > > ... then when age = 10 session is killed (wget fails the fetch after a > total of 35 seconds from its execution) > > > no splice: > > relayd session is killed after 5 seconds > > here's what relayctl show sessions looks like: > > age: 01, idle: 01 > > age: 04, idle: 04 > > ... then when age = 5 session is killed (wget fails the fetch after a total > of 39 seconds from its execution) > > > This seems strange, is this expected behaviour? -- Kindest regards, Tom Smyth.
