[jira] [Commented] (TS-3041) add a way to show the installation layout
[
https://issues.apache.org/jira/browse/TS-3041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110676#comment-14110676
]
ASF subversion and git services commented on TS-3041:
-
Commit 5772a88b9cad62eb0c1903f1dc192dc0453d821a in trafficserver's branch
refs/heads/master from [~amc]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=5772a88 ]
TS-3041: Fix build link errors.
add a way to show the installation layout
-
Key: TS-3041
URL: https://issues.apache.org/jira/browse/TS-3041
Project: Traffic Server
Issue Type: New Feature
Components: Configuration, Core
Reporter: James Peach
Assignee: James Peach
Fix For: 5.2.0
Add a new {{traffic_layout}} tool that shows the layout of the Traffic Server
installation. Nuke the really annoying code that dumps the layout to stdout
when you build with {--enable-debug}}.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TS-3041) add a way to show the installation layout
[
https://issues.apache.org/jira/browse/TS-3041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110675#comment-14110675
]
ASF subversion and git services commented on TS-3041:
-
Commit 6f49aac45d330dcabbeea339cc2e9d21a8956084 in trafficserver's branch
refs/heads/master from [~amc]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=6f49aac ]
TS-3041: Fix missing virtual destructor (make compiler happy).
add a way to show the installation layout
-
Key: TS-3041
URL: https://issues.apache.org/jira/browse/TS-3041
Project: Traffic Server
Issue Type: New Feature
Components: Configuration, Core
Reporter: James Peach
Assignee: James Peach
Fix For: 5.2.0
Add a new {{traffic_layout}} tool that shows the layout of the Traffic Server
installation. Nuke the really annoying code that dumps the layout to stdout
when you build with {--enable-debug}}.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TS-3033) reimplement management protocol
[ https://issues.apache.org/jira/browse/TS-3033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110737#comment-14110737 ] ASF subversion and git services commented on TS-3033: - Commit e6f56c5cfbb1bb90e29f30b34845ee161a32a41b in trafficserver's branch refs/heads/master from [~amc] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=e6f56c5 ] TS-3033: Build error fixes. reimplement management protocol --- Key: TS-3033 URL: https://issues.apache.org/jira/browse/TS-3033 Project: Traffic Server Issue Type: Bug Components: Core, Management API Reporter: James Peach Assignee: James Peach Fix For: 5.2.0 The management protocol is hand-crafted for each message type. That's a lot of code and it makes it unnecessarily complicated to add new message types. Let's introduce a simple, generic marshaling format and use that everywhere. The format I have implemented can be used for signaling traffic_server as well, but for now this is just changing API messages to traffic_manager. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2912) HEAD transaction on stale entry deletes cache entry
[ https://issues.apache.org/jira/browse/TS-2912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110825#comment-14110825 ] William Bardwell commented on TS-2912: -- As I said are you sure that this really fixes things? And are you sure that you want conditional headers on a HEAD request, which the patch seems to do? HEAD transaction on stale entry deletes cache entry --- Key: TS-2912 URL: https://issues.apache.org/jira/browse/TS-2912 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: William Bardwell Assignee: weijin Labels: review Fix For: 5.1.0 Attachments: ts-2912.try1.diff On a stale cache entry a HEAD gets tunneled to the origin, but when a 200 comes back HttpTransact::handle_cache_operation_on_forward_server_response(State* s) deletes the cache entry, it seems like it should just ignore it (or check ETag/Last-Modified and maybe delete if those don't match, but not unconditionally.) I am seeing this with 4.2.X with a plugin fiddling with stuff, but the code looks the same in trunk, line 4318 looks like the problem line. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2574) Sharing server sessions per thread doesn't work when doing https to http
[ https://issues.apache.org/jira/browse/TS-2574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110862#comment-14110862 ] Sudheer Vinukonda commented on TS-2574: --- Just wanted to emphasize that, the solution committed here is to replace ET_SSL threads with ET_NET threads when ssl_threads are configured with value -1, which will avoid having to share origin sessions across thread pools, when doing a mixed mode (http to https) connection. The limitation of not being able to share the origin sessions correctly when using ssl_threads still exists, but, (as discussed with Leif on the irc), with the plan to eventually phase out ET_SSL altogether in 6.0 or later, that limitation will not be addressed. Sharing server sessions per thread doesn't work when doing https to http Key: TS-2574 URL: https://issues.apache.org/jira/browse/TS-2574 Project: Traffic Server Issue Type: Bug Components: HTTP, SSL Reporter: Bryan Call Assignee: Brian Geffon Fix For: 5.1.0 Attachments: TS-2574.patch When running a reverse proxy with incoming https scheme and outgoing http, the share server sessions value of 2 doesn't work. Since the https and http thread pools are separate after using the http connection it will be released to the http thread. When a new https request comes in it will look in the https threads servers session pool to make a request to the origin even though it is a http request. Of course it will fail the lookup since the ports wont match. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (TS-3045) set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections
[ https://issues.apache.org/jira/browse/TS-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sudheer Vinukonda updated TS-3045: -- Affects Version/s: 6.0.0 set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections -- Key: TS-3045 URL: https://issues.apache.org/jira/browse/TS-3045 Project: Traffic Server Issue Type: Bug Components: Core Affects Versions: 6.0.0 Reporter: Sudheer Vinukonda Using ET_SSL threads to handle SSL connections affects sharing origin sessions per thread pool (refer TS-2574). This limitation is addressed in TS-2574 which forces to use ET_NET threads for SSL connections, when proxy.config.ssl.number.threads is configured to -1. This bug is to change the current default value 0 for proxy.config.ssl.number.threads to -1 to make this the default behavior. A separate bug for release 7.0 will be opened to phase out proxy.config.ssl.number.threads completely and always use ET_NET threads for ssl connections -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (TS-3045) set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections
Sudheer Vinukonda created TS-3045: - Summary: set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections Key: TS-3045 URL: https://issues.apache.org/jira/browse/TS-3045 Project: Traffic Server Issue Type: Bug Components: Core Reporter: Sudheer Vinukonda Using ET_SSL threads to handle SSL connections affects sharing origin sessions per thread pool (refer TS-2574). This limitation is addressed in TS-2574 which forces to use ET_NET threads for SSL connections, when proxy.config.ssl.number.threads is configured to -1. This bug is to change the current default value 0 for proxy.config.ssl.number.threads to -1 to make this the default behavior. A separate bug for release 7.0 will be opened to phase out proxy.config.ssl.number.threads completely and always use ET_NET threads for ssl connections -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (TS-3046) Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections
[ https://issues.apache.org/jira/browse/TS-3046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sudheer Vinukonda updated TS-3046: -- Affects Version/s: 7.0.0 Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections Key: TS-3046 URL: https://issues.apache.org/jira/browse/TS-3046 Project: Traffic Server Issue Type: Bug Components: Core Affects Versions: 7.0.0 Reporter: Sudheer Vinukonda This bug is a follow up on completely phasing out ET_SSL threads (refer TS-2574 and TS-3045). -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (TS-3046) Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections
Sudheer Vinukonda created TS-3046: - Summary: Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections Key: TS-3046 URL: https://issues.apache.org/jira/browse/TS-3046 Project: Traffic Server Issue Type: Bug Components: Core Reporter: Sudheer Vinukonda This bug is a follow up on completely phasing out ET_SSL threads (refer TS-2574 and TS-3045). -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (TS-3046) Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections
[ https://issues.apache.org/jira/browse/TS-3046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sudheer Vinukonda updated TS-3046: -- Description: This bug is a follow up on completely phasing out ET_SSL threads (refer TS-2574 and TS-3045). (was: This bug is a follow up on completely phasing out ET_SSL threads (refer TS-2574 and TS-3045).) Priority: Critical (was: Major) Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections Key: TS-3046 URL: https://issues.apache.org/jira/browse/TS-3046 Project: Traffic Server Issue Type: Bug Components: Core Affects Versions: 7.0.0 Reporter: Sudheer Vinukonda Priority: Critical This bug is a follow up on completely phasing out ET_SSL threads (refer TS-2574 and TS-3045). -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (TS-3045) set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections
[ https://issues.apache.org/jira/browse/TS-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sudheer Vinukonda updated TS-3045: -- Priority: Critical (was: Major) set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections -- Key: TS-3045 URL: https://issues.apache.org/jira/browse/TS-3045 Project: Traffic Server Issue Type: Bug Components: Core Affects Versions: 6.0.0 Reporter: Sudheer Vinukonda Priority: Critical Using ET_SSL threads to handle SSL connections affects sharing origin sessions per thread pool (refer TS-2574). This limitation is addressed in TS-2574 which forces to use ET_NET threads for SSL connections, when proxy.config.ssl.number.threads is configured to -1. This bug is to change the current default value 0 for proxy.config.ssl.number.threads to -1 to make this the default behavior. A separate bug for release 7.0 will be opened to phase out proxy.config.ssl.number.threads completely and always use ET_NET threads for ssl connections -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Assigned] (TS-3039) OCSP stapling memory leaks
[
https://issues.apache.org/jira/browse/TS-3039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Peach reassigned TS-3039:
---
Assignee: James Peach
OCSP stapling memory leaks
--
Key: TS-3039
URL: https://issues.apache.org/jira/browse/TS-3039
Project: Traffic Server
Issue Type: Bug
Components: Core, SSL
Reporter: James Peach
Assignee: James Peach
Fix For: 5.2.0
I enabled OCSP with a self-signed certificate (ie. a simple one that doesn't
have OCSP issuer information in it.).
{code}
Process: traffic_server [7506]
Path:/opt/ats/bin/traffic_server
Load Address:0x10a52d000
Identifier: traffic_server
Version: 0
Code Type: X86-64
Parent Process: bash [7289]
Date/Time: 2014-08-25 09:03:27.837 -0700
OS Version: Mac OS X 10.9.4 (13E28)
Report Version: 7
leaks Report Version: 2.0
Process 7506: 81597 nodes malloced for 54675 KB
Process 7506: 61 leaks for 2880 total leaked bytes.
Leak: 0x7fc5ba5091f0 size=112 zone: DefaultMallocZone_0xa643000
0x0b3ed6c0 0x0001 0x 0x ...
0x 0x 0x0001 0x0001
0x 0x 0x 0x
0x7115f3d0 0x7fff 0x 0x ...q
0x 0x 0x0001 0x
0x 0x 0x 0x
0x 0x 0x 0x2000 ...
Call stack: [thread 0x7fff727e3310]: | start | main Main.cc:1568 |
SSLNetProcessor::start(int, unsigned long) SSLNetProcessor.cc:71 |
SSLCertificateConfig::startup() SSLConfig.cc:326 |
SSLCertificateConfig::reconfigure() SSLConfig.cc:342 |
SSLParseCertificateConfiguration(SSLConfigParams const*, SSLCertLookup*)
SSLUtils.cc:1552 | ssl_store_ssl_context(SSLConfigParams const*,
SSLCertLookup*, ssl_user_config const) SSLUtils.cc:1395 |
ssl_stapling_init_cert(ssl_ctx_st*, char const*) OCSPStapling.cc:111 |
BIO_new_file | BIO_new | CRYPTO_malloc | ats_malloc ink_memory.cc:50 | malloc
| malloc_zone_malloc
Leak: 0x7fc5bc8f7900 size=32 zone: DefaultMallocZone_0xa643000
0x0f301131 0x04550306 0x74080c03 0x2e747365 1.0...Utest.
0x006d6f63 0x 0x 0x com.
Call stack: [thread 0x7fff727e3310]: | start | main Main.cc:1568 |
SSLNetProcessor::start(int, unsigned long) SSLNetProcessor.cc:71 |
SSLCertificateConfig::startup() SSLConfig.cc:326 |
SSLCertificateConfig::reconfigure() SSLConfig.cc:342 |
SSLParseCertificateConfiguration(SSLConfigParams const*, SSLCertLookup*)
SSLUtils.cc:1531 | ssl_store_ssl_context(SSLConfigParams const*,
SSLCertLookup*, ssl_user_config const) SSLUtils.cc:1395 |
ssl_stapling_init_cert(ssl_ctx_st*, char const*) OCSPStapling.cc:113 |
PEM_ASN1_read_bio | d2i_X509_AUX | ASN1_item_d2i | ASN1_item_ex_d2i |
asn1_template_ex_d2i | asn1_template_noexp_d2i | ASN1_item_ex_d2i |
asn1_template_ex_d2i | asn1_template_noexp_d2i | ASN1_item_ex_d2i |
x509_name_ex_d2i | x509_name_canon | CRYPTO_malloc | ats_malloc
ink_memory.cc:50 | malloc | malloc_zone_malloc
Leak: 0x7fc5bc8f7920 size=48 zone: DefaultMallocZone_0xa643000
0x 0x 0x 0x
0x 0x0003 0xbcb19af0 0x7fc5
0x0009 0x46455141 0x77415142 0x00035452 AQEFBQAwRT..
Call stack: [thread 0x7fff727e3310]: | start | main Main.cc:1568 |
SSLNetProcessor::start(int, unsigned long) SSLNetProcessor.cc:71 |
SSLCertificateConfig::startup() SSLConfig.cc:326 |
SSLCertificateConfig::reconfigure() SSLConfig.cc:342 |
SSLParseCertificateConfiguration(SSLConfigParams const*, SSLCertLookup*)
SSLUtils.cc:1531 | ssl_store_ssl_context(SSLConfigParams const*,
SSLCertLookup*, ssl_user_config const) SSLUtils.cc:1395 |
ssl_stapling_init_cert(ssl_ctx_st*, char const*) OCSPStapling.cc:113 |
PEM_ASN1_read_bio | d2i_X509_AUX | ASN1_item_d2i | ASN1_item_ex_d2i |
asn1_template_ex_d2i | asn1_template_noexp_d2i | ASN1_item_ex_d2i |
asn1_template_ex_d2i | asn1_template_noexp_d2i | ASN1_item_ex_d2i |
asn1_template_ex_d2i | asn1_template_noexp_d2i | ASN1_item_ex_d2i |
asn1_d2i_ex_primitive | asn1_ex_c2i | c2i_ASN1_OBJECT | ASN1_OBJECT_new |
CRYPTO_malloc | ats_malloc ink_memory.cc:50 | malloc | malloc_zone_malloc
Leak: 0x7fc5bc8f8ed0 size=48 zone: DefaultMallocZone_0xa643000
0x 0x 0x 0x
0x 0x0009 0xbc8f8f00 0x7fc5
0x0009 0x 0x 0x
Call stack: [thread 0x7fff727e3310]: |
[jira] [Commented] (TS-3021) hosting.config vs volume.config
[ https://issues.apache.org/jira/browse/TS-3021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110898#comment-14110898 ] Zhao Yongming commented on TS-3021: --- the hosting and volume is the same usage? I don't think so. the volume defines the partation spliting of the storage space, and the hosting assign them to hostname. unless you want to remove the control matcher, I'd not suggest to change thire file syntax. the config file is End User Interface, and we should do carefully discuss before we take any action. changes in UI is much evil than function renames in codes hosting.config vs volume.config --- Key: TS-3021 URL: https://issues.apache.org/jira/browse/TS-3021 Project: Traffic Server Issue Type: Bug Components: Configuration Reporter: Igor Galić Fix For: sometime it appears to me that hosting.config and volume.config have a very similar purpose / use-case. perhaps it would be good to merge those two. --- n.b.: i'm not up-to-date on the plans re lua-config, but even then we'll need to consider how to present. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-3020) Blind Tunnel fake request URL is IPv4 only
[
https://issues.apache.org/jira/browse/TS-3020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110912#comment-14110912
]
Patrick McGleenon commented on TS-3020:
---
Here it is - there haven't been any significant changes in this file since 3.2
{code}
From ba734420a4adb8a2c68d917ae22dcfa287bf101b Mon Sep 17 00:00:00 2001
From: root r...@bfs-dl360g8-03-km4.bfs.openwave.com
Date: Tue, 26 Aug 2014 17:32:02 +0100
Subject: [PATCH] fixed Blind Tunnel fake URL for IPv6
---
proxy/http/HttpTransact.cc |5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index b41f4c1..2c6f81a 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -613,10 +613,9 @@ HttpTransact::HandleBlindTunnel(State* s)
HTTPVersion ver(0, 9);
s-hdr_info.client_request.version_set(ver);
- struct in_addr dest_addr;
- dest_addr.s_addr = s-state_machine-ua_session-get_netvc()-get_local_ip();
+ char new_host[INET6_ADDRSTRLEN];
+ ats_ip_ntop(s-state_machine-ua_session-get_netvc()-get_local_addr(),
new_host, sizeof(new_host));
- char *new_host = inet_ntoa(dest_addr);
s-hdr_info.client_request.url_get()-host_set(new_host, strlen(new_host));
s-hdr_info.client_request.url_get()-port_set(s-state_machine-ua_session-get_netvc()-get_local_port());
--
1.7.1
{code}
Blind Tunnel fake request URL is IPv4 only
--
Key: TS-3020
URL: https://issues.apache.org/jira/browse/TS-3020
Project: Traffic Server
Issue Type: Bug
Affects Versions: 3.2.5
Reporter: Patrick McGleenon
Assignee: Leif Hedstrom
Priority: Minor
Fix For: 5.2.0
HttpTransact::HandleBlindTunnel creates a fake request with HTTP version 0.9
and CONNECT method. The URL for CONNECT used is created from destination IP
and port - currently this is IPv4 only.
requests with IPv6 destination IP addresses still work fine with the
BlindTunnel since ATS is able to figure out the correct IPv6 destination from
the Host Header of the fake URL. So this is a problem just in the ATS
logging
attached is a suggested patch for 3.2 - the latest version of the file hasn't
changed much since then
{code}
--- trafficserver-3.2.0/proxy/http/HttpTransact.cc2014-08-15
16:05:40.625721000 +0100
+++ trafficserver-3.2.0.patched/proxy/http/HttpTransact.cc2014-08-15
16:58:23.563658000 +0100
@@ -615,11 +615,12 @@
HTTPVersion ver(0, 9);
s-hdr_info.client_request.version_set(ver);
- struct in_addr dest_addr;
- dest_addr.s_addr =
s-state_machine-ua_session-get_netvc()-get_local_ip();
-
- char *new_host = inet_ntoa(dest_addr);
+ // struct in_addr dest_addr;
+ // dest_addr.s_addr =
s-state_machine-ua_session-get_netvc()-get_local_ip();
+ char new_host[INET6_ADDRSTRLEN];
+ ats_ip_ntop(s-state_machine-ua_session-get_netvc()-get_local_addr(),
new_host, sizeof(new_host));
s-hdr_info.client_request.url_get()-host_set(new_host, strlen(new_host));
+
// get_local_port() returns a port number in network order
//opwv- FastPath
// so it needs to be converted to host order (eg, in i386 machine)
//opwv- FastPath
//s-hdr_info.client_request.url_get()-port_set(ntohs(s-state_machine-ua_session-get_netvc()-get_local_port()));
//opwv- FastPath
{code}
With patch:
IPv4:
Aug 18 09:49:24 - INFO - + Proxy's Request +
Aug 18 09:49:24 - INFO - -- State Machine Id: 2
Aug 18 09:49:24 - INFO - CONNECT 10.20.51.53:443 HTTP/1.1^M
Aug 18 09:49:24 - INFO - Host: 10.20.51.53^M
Aug 18 09:49:24 - INFO - Connection: close^M
Aug 18 09:49:24 - INFO - ^M
IPv6:
Aug 18 09:47:18 - INFO - + Proxy's Request +
Aug 18 09:47:18 - INFO - -- State Machine Id: 0
Aug 18 09:47:18 - INFO - CONNECT [2001:410:0:51:20d:60ff:fe9c:eec4]:443
HTTP/1.1^M
Aug 18 09:47:18 - INFO - Host: 2001:410:0:51:20d:60ff:fe9c:eec4^M
Aug 18 09:47:18 - INFO - Connection: close^M
Aug 18 09:47:18 - INFO - ^M
without patch:
Aug 13 14:44:45 - INFO - + Proxy's Request +
Aug 13 14:44:45 - INFO - -- State Machine Id: 17
Aug 13 14:44:45 - INFO - CONNECT 0.0.0.0:443 HTTP/1.1^M
Aug 13 14:44:45 - INFO - Host: 2001:410:0:51:20d:60ff:fe9c:eec4^M
Aug 13 14:44:45 - INFO - Connection: close^M
Aug 13 14:44:45 - INFO - ^M
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TS-3032) FATAL: ats_malloc: couldn't allocate XXXXXX bytes
[
https://issues.apache.org/jira/browse/TS-3032?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14110941#comment-14110941
]
Zhao Yongming commented on TS-3032:
---
I'd suggest you get some tool to log the memory usage and other history data. a
tool we used very often in tracing issues like this is
https://github.com/alibaba/tsar
https://blog.zymlinux.net/index.php/archives/251 , any other tool that can find
out the data to compare is great.
when we deal with TS-1006, I even make some excel sheet to point out that the
memory is a big problem, the more data the better
FATAL: ats_malloc: couldn't allocate XX bytes
-
Key: TS-3032
URL: https://issues.apache.org/jira/browse/TS-3032
Project: Traffic Server
Issue Type: Bug
Components: Core
Affects Versions: 5.0.1
Reporter: Nikolai Gorchilov
Assignee: Brian Geffon
Labels: crash
Fix For: 5.2.0
ATS 5.0.1 under Unbuntu 12.04.4 running happily for days suddenly crashes due
to memory allocation issue. Happens once or twice a week.
Server is having plenty of RAM - 128G - out of which 64G+ are free. Nothing
suspicious in dmesg.
{noformat}
FATAL: ats_malloc: couldn't allocate 155648 bytes
/z/bin/traffic_server - STACK TRACE:
/z/lib/libtsutil.so.5(+0x1e837)[0x2b6251b3d837]
/z/lib/libtsutil.so.5(ats_malloc+0x30)[0x2b6251b40c50]
/z/bin/traffic_server(HdrHeap::coalesce_str_heaps(int)+0x34)[0x62e834]
/z/bin/traffic_server(http_hdr_clone(HTTPHdrImpl*, HdrHeap*,
HdrHeap*)+0x8f)[0x62a54f]
/z/bin/traffic_server(HttpTransactHeaders::copy_header_fields(HTTPHdr*,
HTTPHdr*, bool, long)+0x1ae)[0x5d08de]
/z/bin/traffic_server(HttpTransact::build_request(HttpTransact::State*,
HTTPHdr*, HTTPHdr*, HTTPVersion)+0x5c)[0x5b280c]
/z/bin/traffic_server(HttpTransact::HandleCacheOpenReadMiss(HttpTransact::State*)+0x2c8)[0x5c2ce8]
/z/bin/traffic_server(HttpSM::call_transact_and_set_next_state(void
(*)(HttpTransact::State*))+0x66)[0x58e356]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x343)[0x599c03]
/z/bin/traffic_server(HttpSM::set_next_state()+0x238)[0x5a0528]
/z/bin/traffic_server(HttpSM::do_hostdb_lookup()+0x27a)[0x58e84a]
/z/bin/traffic_server(HttpSM::set_next_state()+0xd48)[0x5a1038]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x343)[0x599c03]
/z/bin/traffic_server(HttpSM::state_api_callback(int, void*)+0x8a)[0x59c81a]
/z/bin/traffic_server(TSHttpTxnReenable+0x141)[0x4caa51]
/z/lib/plugins/x3me_dscp.so(http_txn_hook(tsapi_cont*, TSEvent,
void*)+0x236)[0x2b626342b508]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x102)[0x5999c2]
/z/bin/traffic_server(HttpSM::state_cache_open_read(int,
void*)+0x180)[0x59b070]
/z/bin/traffic_server(HttpSM::main_handler(int, void*)+0xd8)[0x59ad98]
/z/bin/traffic_server(HttpCacheSM::state_cache_open_read(int,
void*)+0x173)[0x57bbb3]
/z/bin/traffic_server(Cache::open_read(Continuation*, INK_MD5*, HTTPHdr*,
CacheLookupHttpConfig*, CacheFragType, char*, int)+0x616)[0x6d65a6]
/z/bin/traffic_server(CacheProcessor::open_read(Continuation*, URL*, bool,
HTTPHdr*, CacheLookupHttpConfig*, long, CacheFragType)+0xb0)[0x6b1af0]
/z/bin/traffic_server(HttpCacheSM::open_read(URL*, HTTPHdr*,
CacheLookupHttpConfig*, long)+0x83)[0x57c2d3]
/z/bin/traffic_server(HttpSM::do_cache_lookup_and_read()+0xfb)[0x58baeb]
/z/bin/traffic_server(HttpSM::set_next_state()+0x888)[0x5a0b78]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x343)[0x599c03]
/z/bin/traffic_server(HttpSM::set_next_state()+0x238)[0x5a0528]
/z/bin/traffic_server(HttpSM::set_next_state()+0x7e2)[0x5a0ad2]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x343)[0x599c03]
/z/bin/traffic_server(HttpSM::set_next_state()+0x238)[0x5a0528]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x343)[0x599c03]
/z/bin/traffic_server(HttpSM::state_api_callback(int, void*)+0x8a)[0x59c81a]
/z/bin/traffic_server(TSHttpTxnReenable+0x141)[0x4caa51]
/z/lib/plugins/cacheurl.so(+0x17dc)[0x2b6263a477dc]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x102)[0x5999c2]
/z/bin/traffic_server(HttpSM::state_api_callback(int, void*)+0x8a)[0x59c81a]
/z/bin/traffic_server(TSHttpTxnReenable+0x141)[0x4caa51]
/z/lib/plugins/tslua.so(+0x596f)[0x2b626363396f]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x102)[0x5999c2]
/z/bin/traffic_server(HttpSM::state_api_callback(int, void*)+0x8a)[0x59c81a]
/z/bin/traffic_server(TSHttpTxnReenable+0x141)[0x4caa51]
/z/lib/plugins/stats_over_http.so(+0x1235)[0x2b6263228235]
/z/bin/traffic_server(HttpSM::state_api_callout(int, void*)+0x102)[0x5999c2]
/z/bin/traffic_server(HttpSM::set_next_state()+0x238)[0x5a0528]
/z/bin/traffic_server(HttpSM::state_read_client_request_header(int,
[jira] [Updated] (TS-3045) set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections
[ https://issues.apache.org/jira/browse/TS-3045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sudheer Vinukonda updated TS-3045: -- Affects Version/s: (was: 6.0.0) Fix Version/s: 6.0.0 set default value for proxy.config.ssl.number.threads to -1, to default ET_NET threads to handle SSL connections -- Key: TS-3045 URL: https://issues.apache.org/jira/browse/TS-3045 Project: Traffic Server Issue Type: Bug Components: Core Reporter: Sudheer Vinukonda Priority: Critical Fix For: 6.0.0 Using ET_SSL threads to handle SSL connections affects sharing origin sessions per thread pool (refer TS-2574). This limitation is addressed in TS-2574 which forces to use ET_NET threads for SSL connections, when proxy.config.ssl.number.threads is configured to -1. This bug is to change the current default value 0 for proxy.config.ssl.number.threads to -1 to make this the default behavior. A separate bug for release 7.0 will be opened to phase out proxy.config.ssl.number.threads completely and always use ET_NET threads for ssl connections -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (TS-3046) Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections
[ https://issues.apache.org/jira/browse/TS-3046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sudheer Vinukonda updated TS-3046: -- Affects Version/s: (was: 7.0.0) Fix Version/s: 7.0.0 Phase out proxy.config.ssl.number.threads and force ET_NET threads to handle SSL connections Key: TS-3046 URL: https://issues.apache.org/jira/browse/TS-3046 Project: Traffic Server Issue Type: Bug Components: Core Reporter: Sudheer Vinukonda Priority: Critical Fix For: 7.0.0 This bug is a follow up on completely phasing out ET_SSL threads (refer TS-2574 and TS-3045). -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (TS-2883) core dump in TSFetchCreate()
[
https://issues.apache.org/jira/browse/TS-2883?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alan M. Carroll updated TS-2883:
Fix Version/s: (was: 5.1.0)
5.2.0
core dump in TSFetchCreate()
Key: TS-2883
URL: https://issues.apache.org/jira/browse/TS-2883
Project: Traffic Server
Issue Type: Bug
Components: Core, SPDY
Reporter: Sudheer Vinukonda
Assignee: Bryan Call
Labels: crash, yahoo
Fix For: 5.2.0
Attachments: TS-2883.diff
{code}
(gdb) bt
#0 ink_freelist_new (f=0x2923050) at ink_queue.cc:202
#1 0x004c0cd2 in alloc (contp=0x2b86821e2120,
method=TS_FETCH_METHOD_POST,
url=0x2b865d64f228
https://aa-mg5.mail.yahoo.com/ws/mail/v2.0/jsonrpc?appid=YahooMailNeom=BatchExecutewssid=nG7kmTWsJCDaction=compose_0_savedraftactionCount=88debugmid=2_0_0_3_126623_AMNwimIAAC82U5ZXLwAAAFWGrR8deb;...,
version=0x2b865da5ace8 HTTP/1.1, client_addr=value optimized out,
flags=value optimized out) at ../lib/ts/Allocator.h:117
#2 TSFetchCreate (contp=0x2b86821e2120, method=TS_FETCH_METHOD_POST,
url=0x2b865d64f228
https://aa-mg5.mail.yahoo.com/ws/mail/v2.0/jsonrpc?appid=YahooMailNeom=BatchExecutewssid=nG7kmTWsJCDaction=compose_0_savedraftactionCount=88debugmid=2_0_0_3_126623_AMNwimIAAC82U5ZXLwAAAFWGrR8deb;...,
version=0x2b865da5ace8 HTTP/1.1, client_addr=value optimized out,
flags=value optimized out) at InkAPI.cc:7289
#3 0x005f117e in spdy_fetcher_launch (req=0x2b871c2fa900,
method=TS_FETCH_METHOD_POST) at SpdyCallbacks.cc:187
#4 0x005f1faa in spdy_process_syn_stream_frame (session=value
optimized out, type=value optimized out, frame=value optimized out,
user_data=0x2b86821e2120)
at SpdyCallbacks.cc:295
#5 spdy_on_ctrl_recv_callback (session=value optimized out, type=value
optimized out, frame=value optimized out, user_data=0x2b86821e2120) at
SpdyCallbacks.cc:335
#6 0x00738050 in spdylay_session_on_syn_stream_received
(session=0x2b865defce10, frame=0x2b858f987a20) at spdylay_session.c:1782
#7 0x00738d57 in spdylay_session_process_ctrl_frame
(session=0x2b865defce10, in=0x2b858f987a90 \200\003, inlen=value optimized
out) at spdylay_session.c:2246
#8 spdylay_session_mem_recv (session=0x2b865defce10, in=0x2b858f987a90
\200\003, inlen=value optimized out) at spdylay_session.c:2805
#9 0x00738f89 in spdylay_session_recv (session=0x2b865defce10) at
spdylay_session.c:2828
#10 0x005ef17b in spdy_process_read (this=0x2b86821e2120, event=100,
edata=value optimized out) at SpdyClientSession.cc:279
#11 SpdyClientSession::state_session_readwrite (this=0x2b86821e2120,
event=100, edata=value optimized out) at SpdyClientSession.cc:236
#12 0x0070dbd7 in handleEvent (this=0x2b86fc1d2cf0, event=value
optimized out) at ../../iocore/eventsystem/I_Continuation.h:146
#13 read_signal_and_update (this=0x2b86fc1d2cf0, event=value optimized out)
at UnixNetVConnection.cc:138
#14 UnixNetVConnection::readSignalAndUpdate (this=0x2b86fc1d2cf0,
event=value optimized out) at UnixNetVConnection.cc:914
#15 0x006fe66f in SSLNetVConnection::net_read_io
(this=0x2b86fc1d2cf0, nh=0x2b858d46bbf0, lthread=0x2b858d468010) at
SSLNetVConnection.cc:294
#16 0x00705a72 in NetHandler::mainNetEvent (this=0x2b858d46bbf0,
event=value optimized out, e=value optimized out) at UnixNet.cc:399
#17 0x007323ef in handleEvent (this=0x2b858d468010, e=0x2a7db30,
calling_code=5) at I_Continuation.h:146
#18 EThread::process_event (this=0x2b858d468010, e=0x2a7db30, calling_code=5)
at UnixEThread.cc:145
#19 0x00732d93 in EThread::execute (this=0x2b858d468010) at
UnixEThread.cc:269
#20 0x0073179a in spawn_thread_internal (a=0x2e404e0) at Thread.cc:88
#21 0x2b835bf28851 in start_thread () from /lib64/libpthread.so.0
#22 0x00361a0e894d in clone () from /lib64/libc.so.6
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (TS-2653) SSL Error message cleanup
[
https://issues.apache.org/jira/browse/TS-2653?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alan M. Carroll updated TS-2653:
Assignee: Susan Hinrichs (was: Bryan Call)
SSL Error message cleanup
-
Key: TS-2653
URL: https://issues.apache.org/jira/browse/TS-2653
Project: Traffic Server
Issue Type: Bug
Components: Logging, SSL
Reporter: Bryan Call
Assignee: Susan Hinrichs
Fix For: 5.2.0
We see a lot of SSL error messages in production. It would be good to
determine if these are really errors or remove logging of some of these
errors:
{code}
-bash-4.1$ tail -10 diags.log | cut -f4-20 -d : | grep SSL | sort | uniq
-c | sort -rn
3108 SSL::36:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3079 SSL::32:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3068 SSL::27:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3051 SSL::44:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3043 SSL::24:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3041 SSL::47:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3041 SSL::38:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3040 SSL::46:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3025 SSL::34:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3025 SSL::25:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3021 SSL::31:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3011 SSL::42:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3006 SSL::39:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3004 SSL::29:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3000 SSL::30:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2996 SSL::43:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2993 SSL::45:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2977 SSL::40:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2976 SSL::33:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2974 SSL::41:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2974 SSL::28:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2958 SSL::37:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2947 SSL::35:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2922 SSL::26:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
28 SSL::36:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
26 SSL::24:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
25 SSL::44:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
25 SSL::27:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
24 SSL::34:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
24 SSL::30:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
23 SSL::39:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
23 SSL::33:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
23 SSL::32:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
22 SSL::44:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca:s3_pkt.c:1256:SSL alert number 48
21 SSL::38:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
20 SSL::45:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate
[jira] [Updated] (TS-2653) SSL Error message cleanup
[
https://issues.apache.org/jira/browse/TS-2653?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alan M. Carroll updated TS-2653:
Fix Version/s: (was: 5.1.0)
5.2.0
SSL Error message cleanup
-
Key: TS-2653
URL: https://issues.apache.org/jira/browse/TS-2653
Project: Traffic Server
Issue Type: Bug
Components: Logging, SSL
Reporter: Bryan Call
Assignee: Bryan Call
Fix For: 5.2.0
We see a lot of SSL error messages in production. It would be good to
determine if these are really errors or remove logging of some of these
errors:
{code}
-bash-4.1$ tail -10 diags.log | cut -f4-20 -d : | grep SSL | sort | uniq
-c | sort -rn
3108 SSL::36:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3079 SSL::32:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3068 SSL::27:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3051 SSL::44:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3043 SSL::24:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3041 SSL::47:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3041 SSL::38:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3040 SSL::46:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3025 SSL::34:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3025 SSL::25:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3021 SSL::31:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3011 SSL::42:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3006 SSL::39:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3004 SSL::29:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
3000 SSL::30:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2996 SSL::43:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2993 SSL::45:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2977 SSL::40:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2976 SSL::33:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2974 SSL::41:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2974 SSL::28:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2958 SSL::37:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2947 SSL::35:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
2922 SSL::26:error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
28 SSL::36:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
26 SSL::24:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
25 SSL::44:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
25 SSL::27:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
24 SSL::34:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
24 SSL::30:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
23 SSL::39:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
23 SSL::33:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
23 SSL::32:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
22 SSL::44:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca:s3_pkt.c:1256:SSL alert number 48
21 SSL::38:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
certificate expired:s3_pkt.c:1256:SSL alert number 45
20 SSL::45:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert
[jira] [Resolved] (TS-3043) auth_proxy plugin doc doesn't talk about auth remap rule required
[ https://issues.apache.org/jira/browse/TS-3043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Miles Libbey resolved TS-3043. -- Resolution: Fixed auth_proxy plugin doc doesn't talk about auth remap rule required - Key: TS-3043 URL: https://issues.apache.org/jira/browse/TS-3043 Project: Traffic Server Issue Type: Bug Components: Documentation Reporter: Miles Libbey When using the authproxy plugin, one must configure a remap rule to handle the request that goes to the authorization server. The current docs don't mention this. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-3043) auth_proxy plugin doc doesn't talk about auth remap rule required
[ https://issues.apache.org/jira/browse/TS-3043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111489#comment-14111489 ] Miles Libbey commented on TS-3043: -- arg. missed the jira number in the commit: mlib...@apache.org master * b9cd6e3 (doc/reference/plugins/authproxy.en.rst) https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=b9cd6e3 : auth_proxy plugin doc doesn't talk about auth remap rule required - Key: TS-3043 URL: https://issues.apache.org/jira/browse/TS-3043 Project: Traffic Server Issue Type: Bug Components: Documentation Reporter: Miles Libbey When using the authproxy plugin, one must configure a remap rule to handle the request that goes to the authorization server. The current docs don't mention this. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-3022) OCSP double free or corruption (!prev)
[
https://issues.apache.org/jira/browse/TS-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111528#comment-14111528
]
Alan M. Carroll commented on TS-3022:
-
I think I've replicated this. You must set this up, and then (2 or 3 times) do
* Modify ssl_multicert.config.
* traffic_line -x
Just doing one of these, or doing this sequence just once, has never triggered
the crash for me. I can get it to go off reliably if I do it repeatedly.
The crash is happening when freeing the certinfo instance. However, I cannot
find where the first free happens, even if I break on ats_free with the address
that will eventually cause the double free crash. It appears to crash on the
first free.
OCSP double free or corruption (!prev)
--
Key: TS-3022
URL: https://issues.apache.org/jira/browse/TS-3022
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: bettydramit
Assignee: James Peach
Priority: Blocker
Fix For: 5.1.0
Centos 6 x86_64 gitmaster
Enable ocsp
config set
{code}
CONFIG proxy.config.ssl.ocsp.enabled INT 1
CONFIG proxy.config.ssl.ocsp.update_period INT 60
{code}
{code}
[E. Mgmt] log == [TrafficManager] using root directory '/usr'
[TrafficServer] using root directory '/usr'
*** glibc detected *** /usr/bin/traffic_server: double free or corruption
(!prev): 0x02af8be0 ***
=== Backtrace: =
/lib64/libc.so.6(+0x76166)[0x2ac6c2294166]
/lib64/libc.so.6(+0x78c93)[0x2ac6c2296c93]
/usr/lib64/libcrypto.so.10(CRYPTO_free+0x1d)[0x2ac6bfb990ad]
/usr/lib64/libcrypto.so.10(+0x68ada)[0x2ac6bfb9aada]
/usr/lib64/libssl.so.10(SSL_CTX_free+0x6e)[0x2ac6bf907e7e]
/usr/bin/traffic_server(_ZN17SSLContextStorageD1Ev+0x59)[0x72c489]
/usr/bin/traffic_server(_ZN13SSLCertLookupD0Ev+0x29)[0x72c5f9]
/usr/bin/traffic_server(_ZN18ConfigInfoReleaser12handle_eventEiPv+0x17)[0x665da7]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8f)[0x73f7bf]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0x5c3)[0x740173]
/usr/bin/traffic_server[0x73eb5a]
/lib64/libpthread.so.0(+0x79d1)[0x2ac6c13109d1]
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Assigned] (TS-3022) OCSP double free or corruption (!prev)
[
https://issues.apache.org/jira/browse/TS-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Peach reassigned TS-3022:
---
Assignee: Alan M. Carroll (was: James Peach)
[~amc] was looking at this one
OCSP double free or corruption (!prev)
--
Key: TS-3022
URL: https://issues.apache.org/jira/browse/TS-3022
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: bettydramit
Assignee: Alan M. Carroll
Priority: Blocker
Fix For: 5.1.0
Centos 6 x86_64 gitmaster
Enable ocsp
config set
{code}
CONFIG proxy.config.ssl.ocsp.enabled INT 1
CONFIG proxy.config.ssl.ocsp.update_period INT 60
{code}
{code}
[E. Mgmt] log == [TrafficManager] using root directory '/usr'
[TrafficServer] using root directory '/usr'
*** glibc detected *** /usr/bin/traffic_server: double free or corruption
(!prev): 0x02af8be0 ***
=== Backtrace: =
/lib64/libc.so.6(+0x76166)[0x2ac6c2294166]
/lib64/libc.so.6(+0x78c93)[0x2ac6c2296c93]
/usr/lib64/libcrypto.so.10(CRYPTO_free+0x1d)[0x2ac6bfb990ad]
/usr/lib64/libcrypto.so.10(+0x68ada)[0x2ac6bfb9aada]
/usr/lib64/libssl.so.10(SSL_CTX_free+0x6e)[0x2ac6bf907e7e]
/usr/bin/traffic_server(_ZN17SSLContextStorageD1Ev+0x59)[0x72c489]
/usr/bin/traffic_server(_ZN13SSLCertLookupD0Ev+0x29)[0x72c5f9]
/usr/bin/traffic_server(_ZN18ConfigInfoReleaser12handle_eventEiPv+0x17)[0x665da7]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8f)[0x73f7bf]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0x5c3)[0x740173]
/usr/bin/traffic_server[0x73eb5a]
/lib64/libpthread.so.0(+0x79d1)[0x2ac6c13109d1]
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TS-3022) OCSP double free or corruption (!prev)
[
https://issues.apache.org/jira/browse/TS-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111648#comment-14111648
]
ASF subversion and git services commented on TS-3022:
-
Commit 51abbb40137acaa57a3a5caacca2b6c3690f365e in trafficserver's branch
refs/heads/master from [~amc]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=51abbb4 ]
TS-3022: Fix double free for OCSP.
OCSP double free or corruption (!prev)
--
Key: TS-3022
URL: https://issues.apache.org/jira/browse/TS-3022
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: bettydramit
Assignee: Alan M. Carroll
Priority: Blocker
Fix For: 5.1.0
Centos 6 x86_64 gitmaster
Enable ocsp
config set
{code}
CONFIG proxy.config.ssl.ocsp.enabled INT 1
CONFIG proxy.config.ssl.ocsp.update_period INT 60
{code}
{code}
[E. Mgmt] log == [TrafficManager] using root directory '/usr'
[TrafficServer] using root directory '/usr'
*** glibc detected *** /usr/bin/traffic_server: double free or corruption
(!prev): 0x02af8be0 ***
=== Backtrace: =
/lib64/libc.so.6(+0x76166)[0x2ac6c2294166]
/lib64/libc.so.6(+0x78c93)[0x2ac6c2296c93]
/usr/lib64/libcrypto.so.10(CRYPTO_free+0x1d)[0x2ac6bfb990ad]
/usr/lib64/libcrypto.so.10(+0x68ada)[0x2ac6bfb9aada]
/usr/lib64/libssl.so.10(SSL_CTX_free+0x6e)[0x2ac6bf907e7e]
/usr/bin/traffic_server(_ZN17SSLContextStorageD1Ev+0x59)[0x72c489]
/usr/bin/traffic_server(_ZN13SSLCertLookupD0Ev+0x29)[0x72c5f9]
/usr/bin/traffic_server(_ZN18ConfigInfoReleaser12handle_eventEiPv+0x17)[0x665da7]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8f)[0x73f7bf]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0x5c3)[0x740173]
/usr/bin/traffic_server[0x73eb5a]
/lib64/libpthread.so.0(+0x79d1)[0x2ac6c13109d1]
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Resolved] (TS-3022) OCSP double free or corruption (!prev)
[
https://issues.apache.org/jira/browse/TS-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alan M. Carroll resolved TS-3022.
-
Resolution: Fixed
If anyone is interested, the problem was the ticket logic call
SSL_get_ex_new_index instead of SSL_CTX_get_ex_new_index.
OCSP double free or corruption (!prev)
--
Key: TS-3022
URL: https://issues.apache.org/jira/browse/TS-3022
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: bettydramit
Assignee: Alan M. Carroll
Priority: Blocker
Fix For: 5.1.0
Centos 6 x86_64 gitmaster
Enable ocsp
config set
{code}
CONFIG proxy.config.ssl.ocsp.enabled INT 1
CONFIG proxy.config.ssl.ocsp.update_period INT 60
{code}
{code}
[E. Mgmt] log == [TrafficManager] using root directory '/usr'
[TrafficServer] using root directory '/usr'
*** glibc detected *** /usr/bin/traffic_server: double free or corruption
(!prev): 0x02af8be0 ***
=== Backtrace: =
/lib64/libc.so.6(+0x76166)[0x2ac6c2294166]
/lib64/libc.so.6(+0x78c93)[0x2ac6c2296c93]
/usr/lib64/libcrypto.so.10(CRYPTO_free+0x1d)[0x2ac6bfb990ad]
/usr/lib64/libcrypto.so.10(+0x68ada)[0x2ac6bfb9aada]
/usr/lib64/libssl.so.10(SSL_CTX_free+0x6e)[0x2ac6bf907e7e]
/usr/bin/traffic_server(_ZN17SSLContextStorageD1Ev+0x59)[0x72c489]
/usr/bin/traffic_server(_ZN13SSLCertLookupD0Ev+0x29)[0x72c5f9]
/usr/bin/traffic_server(_ZN18ConfigInfoReleaser12handle_eventEiPv+0x17)[0x665da7]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8f)[0x73f7bf]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0x5c3)[0x740173]
/usr/bin/traffic_server[0x73eb5a]
/lib64/libpthread.so.0(+0x79d1)[0x2ac6c13109d1]
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Commented] (TS-3022) OCSP double free or corruption (!prev)
[
https://issues.apache.org/jira/browse/TS-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111657#comment-14111657
]
ASF subversion and git services commented on TS-3022:
-
Commit d0da9a84101ef67376b4736b42e4e429dd26be9d in trafficserver's branch
refs/heads/5.1.x from [~amc]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=d0da9a8 ]
TS-3022: Fix double free for OCSP.
OCSP double free or corruption (!prev)
--
Key: TS-3022
URL: https://issues.apache.org/jira/browse/TS-3022
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: bettydramit
Assignee: Alan M. Carroll
Priority: Blocker
Fix For: 5.1.0
Centos 6 x86_64 gitmaster
Enable ocsp
config set
{code}
CONFIG proxy.config.ssl.ocsp.enabled INT 1
CONFIG proxy.config.ssl.ocsp.update_period INT 60
{code}
{code}
[E. Mgmt] log == [TrafficManager] using root directory '/usr'
[TrafficServer] using root directory '/usr'
*** glibc detected *** /usr/bin/traffic_server: double free or corruption
(!prev): 0x02af8be0 ***
=== Backtrace: =
/lib64/libc.so.6(+0x76166)[0x2ac6c2294166]
/lib64/libc.so.6(+0x78c93)[0x2ac6c2296c93]
/usr/lib64/libcrypto.so.10(CRYPTO_free+0x1d)[0x2ac6bfb990ad]
/usr/lib64/libcrypto.so.10(+0x68ada)[0x2ac6bfb9aada]
/usr/lib64/libssl.so.10(SSL_CTX_free+0x6e)[0x2ac6bf907e7e]
/usr/bin/traffic_server(_ZN17SSLContextStorageD1Ev+0x59)[0x72c489]
/usr/bin/traffic_server(_ZN13SSLCertLookupD0Ev+0x29)[0x72c5f9]
/usr/bin/traffic_server(_ZN18ConfigInfoReleaser12handle_eventEiPv+0x17)[0x665da7]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8f)[0x73f7bf]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0x5c3)[0x740173]
/usr/bin/traffic_server[0x73eb5a]
/lib64/libpthread.so.0(+0x79d1)[0x2ac6c13109d1]
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Comment Edited] (TS-3022) OCSP double free or corruption (!prev)
[
https://issues.apache.org/jira/browse/TS-3022?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14111652#comment-14111652
]
Alan M. Carroll edited comment on TS-3022 at 8/27/14 12:45 AM:
---
If anyone is interested, the problem was the ticket logic called
SSL_get_ex_new_index instead of SSL_CTX_get_ex_new_index.
was (Author: amc):
If anyone is interested, the problem was the ticket logic call
SSL_get_ex_new_index instead of SSL_CTX_get_ex_new_index.
OCSP double free or corruption (!prev)
--
Key: TS-3022
URL: https://issues.apache.org/jira/browse/TS-3022
Project: Traffic Server
Issue Type: Bug
Components: SSL
Reporter: bettydramit
Assignee: Alan M. Carroll
Priority: Blocker
Fix For: 5.1.0
Centos 6 x86_64 gitmaster
Enable ocsp
config set
{code}
CONFIG proxy.config.ssl.ocsp.enabled INT 1
CONFIG proxy.config.ssl.ocsp.update_period INT 60
{code}
{code}
[E. Mgmt] log == [TrafficManager] using root directory '/usr'
[TrafficServer] using root directory '/usr'
*** glibc detected *** /usr/bin/traffic_server: double free or corruption
(!prev): 0x02af8be0 ***
=== Backtrace: =
/lib64/libc.so.6(+0x76166)[0x2ac6c2294166]
/lib64/libc.so.6(+0x78c93)[0x2ac6c2296c93]
/usr/lib64/libcrypto.so.10(CRYPTO_free+0x1d)[0x2ac6bfb990ad]
/usr/lib64/libcrypto.so.10(+0x68ada)[0x2ac6bfb9aada]
/usr/lib64/libssl.so.10(SSL_CTX_free+0x6e)[0x2ac6bf907e7e]
/usr/bin/traffic_server(_ZN17SSLContextStorageD1Ev+0x59)[0x72c489]
/usr/bin/traffic_server(_ZN13SSLCertLookupD0Ev+0x29)[0x72c5f9]
/usr/bin/traffic_server(_ZN18ConfigInfoReleaser12handle_eventEiPv+0x17)[0x665da7]
/usr/bin/traffic_server(_ZN7EThread13process_eventEP5Eventi+0x8f)[0x73f7bf]
/usr/bin/traffic_server(_ZN7EThread7executeEv+0x5c3)[0x740173]
/usr/bin/traffic_server[0x73eb5a]
/lib64/libpthread.so.0(+0x79d1)[0x2ac6c13109d1]
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
