Bug 193221 - net/relayd 100% cpu when answering TLS requests
Summary: net/relayd 100% cpu when answering TLS requests
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-09-01 14:14 UTC by lists
Modified: 2020-06-17 07:37 UTC (History)
3 users (show)

See Also:
lwhsu: maintainer-feedback? (koue)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description lists 2014-09-01 14:14:31 UTC
I'm using relayd-5.5.20140810 with the config below, when relayd receives a request on TLS, the process consumes 100% cpu after the client sends a hello:

(ip addresses changed to protect the innocent)

ext_addr="10.0.0.1"
webhost1="192.168.0.1"
webhost2="192.168.0.1"

table <webhosts> { $webhost1 $webhost2 }

interval 10
timeout 200
prefork 5
log updates

http protocol http {
        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
        match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
        match request header set "Connection" value "close"
        tcp { nodelay, sack, socket buffer 65536, backlog 128 }
       ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
#      ssl session cache disable
}

relay www {
        listen on $ext_addr port 80
        protocol http
        forward to <webhosts> port http mode loadbalance check http "/" code 200
}

http protocol httpssl {
        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
        match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
        match request header set "Connection" value "close"
        tcp { nodelay, sack, socket buffer 65536, backlog 128 }
        ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
#        ssl session cache disable
}

relay wwwssl {
        listen on $ext_addr port 443 ssl
        protocol httpssl
        forward to <webhosts> port http mode loadbalance \
                check http "/" code 200
}
Comment 1 John Marino freebsd_committer 2014-09-01 15:17:55 UTC
over to maintainer
Comment 2 lists 2014-09-11 11:44:35 UTC
Hey,

Has anyone had chance to look at this?  I've been trying to get something useful out of it but failing :(

Cheers,
Joe
Comment 3 Walter Schwarzenfeld freebsd_triage 2018-01-17 09:38:29 UTC
Is this still relevant?
Comment 4 Martin Matuska freebsd_committer 2018-10-23 00:31:51 UTC
This port needs a serious update (catch up sources with OpenBSD 6.4 etc.). Don't know when I will have time for that.
Comment 5 Martin Matuska freebsd_committer 2019-03-18 22:49:37 UTC
I give up maintaining this port.