RE: [Pound Mailing List] Correct use of Threads for Pound 2.7

Tue, 09 May 2017 07:44:24 -0700 

After reading you last post. I did a clean, distclean and rebuilt the image and 
currently have OpenSSL 1.1.0e and Pound 2.7 in waiting. I will post my results 
once everything is compiled and tested. Thank you for giving me the heads up on 
the 2.7 only version that supports Threads.

Warren

-----Original Message-----
From: Joe Gooch [mailto:joseph.go...@sapphirek12.com] 
Sent: Tuesday, May 09, 2017 10:19 AM
To: pound@apsis.ch
Subject: Re: [Pound Mailing List] Correct use of Threads for Pound 2.7

Are you sure it's using the right version of pound? (i.e. pound -V)  In an 
earlier thread it was indicated pound -V returned 2.0, which doesn't support 
the "Threads" command.  Remember if you want to run pound from the current 
directory, you need to use ./pound - because Linux.

Are you sure it's reading the right config file? (i.e. pound -f configfile)

The threads parameter in the config will only work with 2.7, and needs to match 
this regex:
regcomp(&Threads, "^[ \t]*Threads[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | 
REG_NEWLINE | REG_EXTENDED)

Found in config.c.

ulimit -n is a standalone command and looks like this:

$ ulimit -n
1024



Which indicates I can only have 1024 open files/sockets at a time.




------
 
Joe

CONFIDENTIALITY STATEMENT
The documents and communication included in this email transmission may contain 
confidential information.  All information is intended only for the use of the 
above named recipient(s).  If you are not the named recipient, you are NOT 
authorized to read, disclose, copy, distribute, or take any action on the 
information and any action other than immediate delivery to the named recipient 
is strictly prohibited. If you have received this email in error, do NOT read 
the information and please immediately notify sender by telephone and email and 
immediately delete this email.  If you are the named recipient, you are NOT 
authorized to reveal any of this information to any unauthorized person and are 
hereby instructed to delete this email when no longer needed. 







-----Original Message-----
From: Warren Perdue <wper...@valcom.com>
Organization: Valcom, Inc.
Reply-To: "pound@apsis.ch" <pound@apsis.ch>
Date: Tuesday, May 9, 2017 at 10:03 AM
To: "pound@apsis.ch" <pound@apsis.ch>
Subject: RE: [Pound Mailing List] Correct use of Threads for Pound 2.7

>Hi again Joe,
>
>Thank you so much for responding. I'll try and keep this simple. I have a 
>Blackfin device running bfin version 537 with uClinux Dist v4.0, BOA 0.9.4, 
>Pound 2.7 and OpenSSL 1.1.0e.
>
>My plan is to use BOA as web server and use Pound as the load balancer and 
>initial security layer and then follow that up with an additional security 
>layer to SSL. I will be sending two certs from the 
>user/terminal/website/application. One for initial security check by Pound and 
>the second to be used with the secondary security layer. 
>
>I can get it to work but I can crash Pound with hardly any stress placed on it 
>and cause Pound to reboot the device or force the device off line. 6 Processes 
>and Pound causes device to reboot or freeze. There is a lot of memory and 
>processor so memory and processor even under heavy load has enough memory and 
>processor to handle Pound. I was trying to enact Threads to limit the amount 
>of processes pound runs and I cannot get any version of Pound to read the 
>Threads command in the Pound Config file.
>Threads 10
>I have tried using multiple command lines in the config file and no version of 
>Pound understands Threads, Alive, Client, Timeout, Grace and so forth that I 
>try. Pound compiles and runs fine until you start adding additional command 
>lines like the above and it breaks. Pound will not initialize or run if any of 
>those global variables are present in the config file. Pound is perfectly fine 
>and content and plays nice with until you start to limit its processes and how 
>large it gets.
>
>That is why I have been flipping around the different version of Pound to try 
>and find one that reads the commands. And each Pound/OpenSSL have different 
>issues when they try to work together. 
>I started out with Pound 2.7 with OpenSSL 1.1.0e and over the course of a 
>couple of months have worked my way down to OpenSSL 0.9.8c and Pound 1.0. 
>Still no luck on the crashing. So I am back at Pound 2.7 and OpenSSL 1.1.0e.
>
>That is why you are seeing different versions mention throughout my emails and 
>messages on the thread. I know it can be confusing so I try to keep it simple 
>for everyone involved. Because I really want to get Pound and OpenSSL to run 
>on my devices because I think Pound works great as a load balancer and does 
>everything I need my first layer to do.
>
>Hopefully I helped clear up the confusion you are seeing in my threads and if 
>you have any advice or suggestions, I am open and free to any help you or 
>anyone else can give me. 
>
>Once again thank you so much for being patient me and trying to help me 
>through this issue. 
>
>
>Warren
>
>
>
>
>
>-----Original Message-----
>From: Joe Gooch [mailto:joseph.go...@sapphirek12.com]
>Sent: Tuesday, May 09, 2017 8:59 AM
>To: pound@apsis.ch
>Subject: Re: [Pound Mailing List] Correct use of Threads for Pound 2.7
>
>Warren,
>
>I've been watching this thread, and I'm really uncertain what your goal is and 
>what you're trying to accomplish.
>
>1) You're using ucLinux - which if I'm reading the website, was released in 
>2014?
>2) You started with Pound 2.0 (released 2006-02-01)
>2) You now say you're trying to use Pound 1.0.7 - which is really really old, 
>and predates the existence of openssl 1.  Release 1.2 was released 2003-01-20 
>- 1.0 releases aren't even in the changelog anymore, and probably have tons of 
>unfixed bugs.
>3) You got it to compile and work - and then tried to remove one of the 
>libraries it was using? Why?
>4) Your command line indicated "pound ulimit -n", which will never work - 
>ulimit -n is a command, pound is a command, you don't run them both on the 
>same command line.
>
>There's no list of Pound version <-> openssl versions because - why?  Why 
>would you use a version so old?  Most people (that I've seen) are using 2.5, 
>2.6 or 2.7.  I can't think of a good reason to use anything older.  From the 
>changelog, OpenSSL 1.0 support was added in 2.6c, released 2010-12-27.  
>Anything before that needs 0.9.x.
>
>
>Based on what you've posted, I assume you misspoke - and you're using OPENSSL 
>1.0.7k, not Pound 1.0.7k.
>
>Also trying to fill some gaps, are you cross compiling? Are you trying to 
>compile elsewhere and "upload" to a ucLinux machine?  If so, you've compiled 
>OpenSSL and Pound, so what you're running into isn't a pound issue, it's a 
>compilation issue, and from the lack of responses I'm guessing it's because no 
>one here has experience with ucLinux... So your ability to get support is 
>hindered by the OS+Components you've chosen.  Since you're having an issue 
>with dynamic libraries - have you tried to compile Pound statically? Or at the 
>very least, include OpenSSL Library statically?
>
>
>If you're looking for SSL cipher support and security, PFS, etc... You really 
>need to be using a new version of Pound with a recent version of OpenSSL, the 
>newer the better.
>
>If SSL isn't your concern - well, that plays back to, what are you trying to 
>accomplish, and if you don't need SSL, it shouldn't matter what OpenSSL 
>library you have - you can just turn it off.
>
>Can you provide context as to what you're trying to accomplish and why you're 
>using the components you've chosen please?
>
>------
> 
>Joe
>
>CONFIDENTIALITY STATEMENT
>The documents and communication included in this email transmission may 
>contain confidential information.  All information is intended only for the 
>use of the above named recipient(s).  If you are not the named recipient, you 
>are NOT authorized to read, disclose, copy, distribute, or take any action on 
>the information and any action other than immediate delivery to the named 
>recipient is strictly prohibited. If you have received this email in error, do 
>NOT read the information and please immediately notify sender by telephone and 
>email and immediately delete this email.  If you are the named recipient, you 
>are NOT authorized to reveal any of this information to any unauthorized 
>person and are hereby instructed to delete this email when no longer needed. 
>
>
>
>
>
>
>
>From:  Warren Perdue <wper...@valcom.com>
>Organization:  Valcom, Inc.
>Reply-To:  "pound@apsis.ch" <pound@apsis.ch>
>Date:  Monday, May 8, 2017 at 1:10 PM
>To:  "pound@apsis.ch" <pound@apsis.ch>
>Subject:  RE: [Pound Mailing List] Correct use of Threads for Pound 2.7
>
>
>Hey guys,
> 
>Is there a list of the different compatibilities each version is compatible 
>with OpenSSL?
> 
>Warren
> 
>From: Scott McKeown [mailto:sc...@loadbalancer.org]
>
>Sent: Monday, May 08, 2017 11:40 AM
>To: Pound Mailing List
>Subject: Re: [Pound Mailing List] Correct use of Threads for Pound 2.7
>
> 
>Hi Guys,
>
>I'm sure Pound v1.x only works with OpenSSL v0.9.x
>
>Can you expand on the error message that you are getting when you try to start 
>pound please.
>
>
>
> 
>On 8 May 2017 at 16:21, Emilio Campos <emilio.campos.mar...@gmail.com> wrote:
>libcrypto is used for ssl support, execute ldd in order to check the path that 
>pound binary searches for libcrypto.
> 
>
>Here my ldd output for my production pound:
>
> 
>
> ldd $PATH_TO_POUND/pound        linux-vdso.so.1 (0x00007fff8eb2a000)        
> libssl.so.1.0.0 => not found        libcrypto.so.1.0.0 => 
> /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f8101668000)        
> libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f8101450000)   
>      libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f8101248000)      
>   libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f8100f40000)        
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f8100d20000) 
>        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f8100980000)      
>   /lib64/ld-linux-x86-64.so.2 (0x000055f5a3a09000) If there is some issue 
> with linked libs also you will show with this command.it seems like pound 
> can't find libcrypto in /lib/ if your libcrypto is in another path then try 
> with a symlink.  
>
> 
>2017-05-08 17:10 GMT+02:00 Warren Perdue <wper...@valcom.com>:
>Hi Emilio and Aaron;
> 
>I finally recompiled by Pound in line with Blackfin uClinux and it compiled 
>great. I had to revert  back to Pound 1.0.7k. But now I am having an issue 
>with it not loading Libcrypto.so.1.0.0.
>
> 
>If I remove the libcrypto file it says when I try to run Pound:
>Pound: can’t load library ‘libcrypto.so.1.0.0’
> 
>If I upload libcrypto.so.1.0.0, I get the following and do chmod 777 on it:
>pound:582: can’t map ‘/lib/libcrypto.so.1.0.0’
>pound:582: can’t map ‘/lib/libcrypto.so.1.0.0’
>pound: can’t load library ‘libcrypto.so.1.0.0’
> 
>Any ideas?
> 
>Warren
> 
> 
>From: Emilio Campos [mailto:emilio.campos.mar...@gmail.com]
>
>Sent: Monday, May 08, 2017 9:26 AM
>To: pound@apsis.ch
>
>Subject: Re: [Pound Mailing List] Correct use of Threads for Pound 2.7
>
>
>
> 
>--with-ssl is configured in compilation time and it is related with openssl 
>libs. 
> 
>
>On the other hand is your pound using 4000 Threads all the time? I ask because 
>we have made test in our lab and we realised that pound was 2-5% faster in 
>thread dynamic than static,  not appreciated really, so I think dynamic method 
>is better if you are running pound in a server where other apps are running 
>too because this memory will be released if pound doesn't require more 
>threads. 
>
> 
>
> 
>
> 
>
> 
>
>
> 
>2017-05-04 20:04 GMT+02:00 Warren Perdue <wper...@valcom.com>:
> 
>Hi Aaron,
> 
>Finally got every working again and here are the results:
> 
>#pound –V
>Starting…
>Version 2.7
>Configuration switches:
>--disable-super
>--enable-cert1l
>--with-ssl=/home/jarvis/blkacfin/uclinux/staging/openssl10/usr
>--with-dh=2048
>Exiting…
> 
>#pound ulimit –n
>Starting…
> 
>Bad flag –n
> 
>When goes to look at that with-ssl= line, where is it looking or what is it 
>looking for? Is that  just for build/compile purposes or does that point to a 
>specific directory looking for specific files?
> 
>Warren
> 
> 
>From: Aaron West [mailto:aa...@loadbalancer.org]
>
>Sent: Wednesday, May 03, 2017 3:59 PM
>
>To: wper...@valcom.com;
>pound@apsis.ch
>Subject: Re: [Pound Mailing List] Correct use of Threads for Pound 2.7
>
>
>
> 
>Ah! That suggests you are running 2.0 which is fairly old(2006ish) so much 
>will have changed.
> 
>
>Where did you get pound from? Your distro?
>
>
>
>
>Aaron West
>
> 
>
>Loadbalancer.org Limited
>
>+44 (0)330 380 1064 <tel:+44%20330%20380%201064>
>www.loadbalancer.org <http://www.loadbalancer.org/>
>
>
>
>
>
>
> 
>On 3 May 2017 at 20:56, Warren Perdue <wper...@valcom.com> wrote:
>All I get is Version 2.0
>Exiting…
> 
>From: Aaron West [mailto:aa...@loadbalancer.org]
>
>Sent: Wednesday, May 03, 2017 3:54 PM
>To: wper...@valcom.com;
>pound@apsis.ch
>
>Subject: Re: [Pound Mailing List] Correct use of Threads for Pound 2.7
>
>
>
> 
>Can I also compare the output of "pound -V", mine shows:
> 
>
>starting...
>
>detect_tproxy(): tproxy is is detected
>
>tproxy: available
>
>Version 2.7
>
>  Configuration switches:
>
>    --enable-cert1l
>
>    --with-ssl=/usr/src/binaries/OpenSSL_1_0_1q-no_march/usr/local/
>
>    --with-maxbuf=4096
>
>    --with-dh=2048
>
>Exiting...
>
>
> 
>
>My config looks like this:
>
> 
>
>User
>"nobody"
> Group "nobody"
> LogLevel 0
> Client 30
> Timeout 60
> Threads 4000
> ListenHTTPS # Label: TEST
> Address 172.16.200.114
> Port 443
> Cert "/etc/loadbalancer.org/certs/server.pem 
> <http://loadbalancer.org/certs/server.pem>"
> ReWriteLocation 1
> Ciphers 
>"ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:A
>ES128-GCM-SHA256:AES  
>256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-SHA256!RC
>4:!MD5:!aNULL:!EDH:!3DES" SSLHonorCipherOrder
>1
> SSLAllowClientRenegotiation 0
> Disable SSLv2 Disable SSLv3 Disable TLSv1 Service BackEnd Address 
>172.16.200.108  Port 80  End End End
>
>
>
>
>Aaron West
>
> 
>
>Loadbalancer.org Limited
>
>+44 (0)330 380 1064 <tel:0330%20380%201064>
>www.loadbalancer.org <http://www.loadbalancer.org/>
>
>
>
>
>
>
> 
>On 3 May 2017 at 20:19, Warren Perdue <wper...@valcom.com> wrote:
>Hey Aaron,
> 
>Thank you for responding to my email. I am trying to limit the amount of 
>threads to less than 10.
> I am working on a new protocol and Pound is my encryption and decryption 
> software. I have not touched the “ulimit –n” yet. My config file is the 
> simple config file.
>
> 
>Threads 8
>TimeOut 5
>Grace 5
> 
>ListenHTTPS
>     Address 192.168.1.5
>     Port    443
>     Cert    "/etc/pound/sign.pem"
>     Service
>           BackEnd
>                  Address 192.168.1.80
>                  Port 80
>           End
>     End
>End
> 
>For whatever reason, I cannot get ulimit –n to run. Just like my Pound 2.7 
>doesn’t recognize Threads,  Alive, Grace and several other commands. Pound is 
>compiled and runs and recognizes the encryption and controls the backend 
>perfect and also controls both HTTP and HTTPS transferring to back backend. It 
>also will handle Pound PEMs and transfer cert information  to my OpenSSL as a 
>second layer of encryption and security. But for whatever reason my config 
>will not recognize any of the globals commands in this  link. So I am not sure 
>what is going on but I am not sure where to go form here.
> 
>https://linux.die.net/man/8/pound
> 
> 
> 
>From: Aaron West [mailto:aa...@loadbalancer.org]
>
>Sent: Wednesday, May 03, 2017 2:02 PM
>To: pound@apsis.ch;
>wper...@valcom.com <mailto:wper...@valcom.com>
>Subject: Re: [Pound Mailing List] Correct use of Threads for Pound 2.7
>
> 
>Sorry I mean "ulimit -n" not "unlimit...".
>
>
>
>Aaron West
>
> 
>
>Loadbalancer.org Limited
>
>+44 (0)330 380 1064 <tel:0330%20380%201064>
>www.loadbalancer.org <http://www.loadbalancer.org/>
>
>
>
>
>
>
> 
>On 3 May 2017 at 18:57, Aaron West <aa...@loadbalancer.org> wrote:
>Hi Warren,
> 
>
>Yes, I've had threads at about 4000 or so, I don't have a config to hand but 
>I'm fairly sure you need to increase the ulimit to about twice the desired 
>threads and then simply add  the threads directive with a number and you're 
>set.
>
> 
>
>Can we see your config and an output of "unlimit -n" for the user running 
>pound, out of interest I believe the default for pound is 128 without the 
>threads directive even set.
>
>
>
>
>Aaron West
>
> 
>
>Loadbalancer.org Limited
>
>+44 (0)330 380 1064 <tel:0330%20380%201064>
>www.loadbalancer.org <http://www.loadbalancer.org/>
>
>
>
>
>
>
> 
>On 3 May 2017 at 16:22, Warren Perdue <wper...@valcom.com> wrote:
>Hey guys,
> 
>Does anyone have an example of a pound.cfg properly using Threads?
>I have been trying to get my Thread limitation to work and Pound 2.7 does like 
>Threads 100 or any thread implementation. Have any of you used Pound’s Thread 
>command and if so did  it work and if you could include an example of the .cfg 
>file utilizing Threads?
> 
>Warren
>
>
>
>
> 
>
>
>
>
> 
>
>
>
>
>
>
> 
>
>
>
>
>
>
> 
>
>
>
>
>
>
>
>
>
> 
>
>--
>
>Load balancer distribution - Open Source Project 
>http://www.zenloadbalancer.com Distribution list (subscribe): 
>zenloadbalancer-supp...@lists.sourceforge.net 
><mailto:zenloadbalancer-supp...@lists.sourceforge.net>
>
>
>
>
>
>
>
>
>
>
> 
>
>--
>Load balancer distribution - Open Source Project 
>http://www.zenloadbalancer.com Distribution list (subscribe): 
>zenloadbalancer-supp...@lists.sourceforge.net 
><mailto:zenloadbalancer-supp...@lists.sourceforge.net>
>
>
>
>
>
>
>
>
>--
>With Kind Regards.
>
>Scott McKeown
>Loadbalancer.org
>http://www.loadbalancer.org
>Tel (UK) - +44 (0) 3303801064 (24x7)
>
>Tel (US) - +1 888.867.9504 (Toll Free)(24x7)
>N   r z u    +  y˞˱ m릋u   >W  ֶ z? +    *
>
>
>
>--
>To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
>Please contact ro...@apsis.ch for questions.
N   r z u    +  y˞˱ m릋u   >W  ֶ z +    *



--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact ro...@apsis.ch for questions.

Reply via email to