Re: relayd, rsae_send_imsg: privenc poll timeout
Allan Streib(astr...@fastmail.fm) on 2021.09.28 17:40:58 -0400: > On Thu, Sep 16, 2021, at 6:43 PM, Allan Streib wrote: > > On Tue, Sep 14, 2021, at 5:09 PM, Allan Streib wrote: > > > Seen a few of these in my logs (OpenBSD 6.9 release amd64) > > > > > > Sep 14 02:12:05 relayd[78491]: rsae_send_imsg: privenc poll > > > timeout, keyop #946 > > > Sep 14 02:12:06 relayd[78491]: relay_dispatch_ca: privenc result > > > after timeout > > > > > > The number after "keyop" varies. > > > > Seeing a few more of these, the system is lightly loaded but it's a hosted > > KVM "slice" > > so perhaps the host system is oversubscribed? > > Just to close loop, hosting provider found that host machine was overheating. > > Moved VM to another host machine and have not seen any repeat of this problem. Thanks for the feedback!
Re: relayd, rsae_send_imsg: privenc poll timeout
On Thu, Sep 16, 2021, at 6:43 PM, Allan Streib wrote: > On Tue, Sep 14, 2021, at 5:09 PM, Allan Streib wrote: > > Seen a few of these in my logs (OpenBSD 6.9 release amd64) > > > > Sep 14 02:12:05 relayd[78491]: rsae_send_imsg: privenc poll > > timeout, keyop #946 > > Sep 14 02:12:06 relayd[78491]: relay_dispatch_ca: privenc result > > after timeout > > > > The number after "keyop" varies. > > Seeing a few more of these, the system is lightly loaded but it's a hosted > KVM "slice" > so perhaps the host system is oversubscribed? Just to close loop, hosting provider found that host machine was overheating. Moved VM to another host machine and have not seen any repeat of this problem. Allan
Re: relayd, rsae_send_imsg: privenc poll timeout
On Tue, Sep 14, 2021, at 5:09 PM, Allan Streib wrote: > Seen a few of these in my logs (OpenBSD 6.9 release amd64) > > Sep 14 02:12:05 relayd[78491]: rsae_send_imsg: privenc poll timeout, > keyop #946 > Sep 14 02:12:06 relayd[78491]: relay_dispatch_ca: privenc result > after timeout > > The number after "keyop" varies. Seeing a few more of these, the system is lightly loaded but it's a hosted KVM "slice" so perhaps the host system is oversubscribed? The browser (Firefox 88) gives the message: Secure Connection Failed An error occurred during a connection to www..com. Peer reports it experienced an internal error. Error code: SSL_ERROR_INTERNAL_ERROR_ALERT The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I thought about trying to increase RELAY_TLS_PRIV_TIMEOUT but it looks like that value has been unchanged for years so maybe not a good idea? Allan
relayd, rsae_send_imsg: privenc poll timeout
Seen a few of these in my logs (OpenBSD 6.9 release amd64)
Sep 14 02:12:05 relayd[78491]: rsae_send_imsg: privenc poll timeout,
keyop #946
Sep 14 02:12:06 relayd[78491]: relay_dispatch_ca: privenc result after
timeout
The number after "keyop" varies.
Seems to correlate with TLS errors in the browser but have not found a way to
reliably reproduce. So far, reloading the page has always worked.
What does this indicate?
My (slightly redacted) relayd.conf:
# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
#
# Macros
#
ext_addr="xxx.xxx.250.60"
#
# Global Options
#
# interval 10
# timeout 1000
# prefork 5
#
# Tables
#
table { 127.0.0.1 }
#
# Relay and protocol for HTTP layer 7 loadbalancing and SSL/TLS acceleration
#
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value
"$SERVER_ADDR:$SERVER_PORT"
match header set "Keep-Alive" value "$TIMEOUT"
# HTTP options
http { websockets }
# Various TCP options
tcp { sack, backlog 128 }
tls { keypair www..com }
}
relay wwwtls {
listen on $ext_addr port 443 tls
protocol https
# Forward to hosts in the nitrogen table
forward to port 8000 check http "/" code 200
}
