possible SSL error
Clive Holloway
clive.holloway at gmail.com
Fri Feb 15 19:39:46 UTC 2008
Yesterday, we were able to reproduce it by hammering the test sytem,
though I still haven't worked out a simple, reproducable case. Maybe I
should continue with Brad's idea and write a script that
"connects/disconnects to SSL port quickly".
l did go through that thread, and had a play, but lsof showed had only
74 lines in the output, and only 16 of which were TCP connections.
ulimit is unlimited on the box.
I'm running 0.83 (I guess you missed that in previous email :)
I've diffed trunk and 0.83 (what I'm running) versions of StartTLS.pm
and they are the same, so nothing has been recently patched.
I'll have a play with your patch though and see if that does make any
difference.
Any other suggestions on how to approach this though would be appreciated.
Short of throwing in a few dozen for log4perl debug statements in all
the SSL code though, I'm not really sure where to go next...
cLive ;-)
On Fri, Feb 15, 2008 at 7:15 AM, Jacob Burkhart <igotimac at gmail.com> wrote:
> Clive,
> how consistently can you reproduce this problem, and what revision/version
> of Djabberd are you running.
>
> If the problem you are experiencing is indeed the same as:
> http://www.mail-archive.com/djabberd@lists.danga.com/msg00250.html
>
> Then I'm curious to see if my patch does anything to help...
> http://www.mail-archive.com/djabberd@lists.danga.com/msg00544.html
>
> I theorize that:
> 192.168.0.151 private key 23378: 1 - error:02001018:system library:fopen:Too
> many open files
>
>
> is happening because every time an SSL client connects a new SSL_CTX object
> is created, which opens and reads your certificates. And that CTX is never
> freed...
>
>
>
>
> On Fri, Feb 15, 2008 at 4:13 AM, Clive Holloway <clive.holloway at gmail.com>
> wrote:
>
> > I've also posted this (with contextual links) over on Perlmonks:
> >
> > http://perlmonks.org/index.pl?node_id=668111
> >
> > but I figured that this might actually be the best place to ask.
> >
> > I've been scratching my head on this one for a few days now, and
> > wonder if I'm losing it, so any input would be appreciated :)
> >
> > I have a slightly tweaked DJabberd daemon running. After a while, and
> > for no reason that I can determine, the CPU load suddenly shoots up to
> > 97% and sticks.
> >
> > What's weird is that I'm tailing the XMPP message log, and can't see
> > continual messages (that to me would be indicative of something going
> > on). Well, there are messages that come in bursts, but after that
> > slows down, the CPU stays at 97%. Memory usage is consistant at 21Mb
> > (50Mb virtual).
> >
> > During this time, I can still send and receive messages with no lag,
> > so I'm wondering what the hell could be hogging the CPU.
> >
> > strace throws out an almost continual stream of:
> >
> > epoll_wait(11, {{EPOLLOUT, {u32=25, u64=25}}}, 1000, -1) = 1
> > epoll_wait(11, {{EPOLLOUT, {u32=25, u64=25}}}, 1000, -1) = 1
> > epoll_wait(11, {{EPOLLOUT, {u32=25, u64=25}}}, 1000, -1) = 1
> > epoll_wait(11, {{EPOLLOUT, {u32=25, u64=25}}}, 1000, -1) = 1
> > epoll_wait(11, {{EPOLLOUT, {u32=25, u64=25}}}, 1000, -1) = 1
> > epoll_wait(11, {{EPOLLOUT, {u32=25, u64=25}}}, 1000, -1) = 1
> >
> > A scan of the DJabberd lists shows that this is possibly an SSL error.
> > A search points to it possibly being a timing issue (?) with watching
> > the SSL connections, but it appears that that thread died with no
> > resolution.
> >
> > I've just disabled SSL in DJabberd (commented out
> > set_config_sslcertificatekey and set_config_sslcertificatefile sets) ,
> > and I cannot now recreate the high load problem.
> >
> > I'm running version 0.83 of DJabberd.
> >
> > Has anyone encountered this issue before? Or have any idea on how to
> > approach this?
> >
> > I've started examining the StartTLS code, but I'm not making much
> > progress yet (steep learning curve!).
> >
> > Any input on this would be much appreciated.
> >
> > cLive ;-)
> >
>
>
More information about the Djabberd
mailing list