On 05/13/2015 06:57 AM, Stuart Henderson wrote:
On 2015-05-13, Stuart Henderson <s...@spacehopper.org> wrote:
On 2015-05-11, C.L. Martinez <carlopm...@gmail.com> wrote:
Yep, it seems the problem is "Too many open files" message:
leapis.com/storage.googleapis.com sproto:TLSv1.2:AES128-SHA
dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
ssl [172.22.55.1]:41558 [74.125.226.170]:443
sni:ci6.googleusercontent.com
names:*.googleusercontent.com/*.googleusercontent.com/*.blogspot.com/*.bp.blogspot.com/*.commondatastorage.googleapis.com/*.doubleclickusercontent.com/*.ggpht.com/*.googledrive.com/*.googlesyndication.com/*.googleweblight.com/*.safenup.googleusercontent.com/*.sandbox.googleusercontent.com/*.storage.googleapis.com/blogspot.com/bp.blogspot.com/commondatastorage.googleapis.com/doubleclickusercontent.com/ggpht.com/googledrive.com/googleusercontent.com/googleweblight.com/static.panoramio.com.storage.googleapis.com/storage.googleapis.com
sproto:TLSv1.2:AES128-SHA dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
Warning: Failed to write to content log: Bad file descriptor
Warning: Failed to write to content log: Bad file descriptor
ssl [172.22.55.1]:50639 [74.125.226.171]:443
sni:ci4.googleusercontent.com
names:*.googleusercontent.com/*.googleusercontent.com/*.blogspot.com/*.bp.blogspot.com/*.commondatastorage.googleapis.com/*.doubleclickusercontent.com/*.ggpht.com/*.googledrive.com/*.googlesyndication.com/*.googleweblight.com/*.safenup.googleusercontent.com/*.sandbox.googleusercontent.com/*.storage.googleapis.com/blogspot.com/bp.blogspot.com/commondatastorage.googleapis.com/doubleclickusercontent.com/ggpht.com/googledrive.com/googleusercontent.com/googleweblight.com/static.panoramio.com.storage.googleapis.com/storage.googleapis.com
sproto:TLSv1.2:AES128-SHA dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
Warning: Failed to write to content log: Bad file descriptor
Failed to open
'/tmp/20150511T113718Z-[172.22.55.1]:50639-[74.125.226.171]:443.log':
Too many open files (24)
Warning: Failed to write to content log: Bad file descriptor
ssl [172.22.55.1]:59905 [74.125.226.160]:443 sni:plus.google.com
names:*.google.com/*.google.com/*.android.com/*.appengine.google.com/*.cloud.google.com/*.google-analytics.com/*.google.ca/*.google.cl/*.google.co.in/*.google.co.jp/*.google.co.uk/*.google.com.ar/*.google.com.au/*.google.com.br/*.google.com.co/*.google.com.mx/*.google.com.tr/*.google.com.vn/*.google.de/*.google.es/*.google.fr/*.google.hu/*.google.it/*.google.nl/*.google.pl/*.google.pt/*.googleadapis.com/*.googleapis.cn/*.googlecommerce.com/*.googlevideo.com/*.gstatic.cn/*.gstatic.com/*.gvt1.com/*.gvt2.com/*.metric.gstatic.com/*.urchin.com/*.url.google.com/*.youtube-nocookie.com/*.youtube.com/*.youtubeeducation.com/*.ytimg.com/android.com/g.co/goo.gl/google-analytics.com/google.com/googlecommerce.com/urchin.com/youtu.be/youtube.com/youtubeeducation.com
sproto:TLSv1.2:AES128-SHA dproto:TLSv1.2:ECDHE-ECDSA-CHACHA20-POLY1305
Error 24 on listener: Too many open files
Program exited normally.
(gdb) backtrace full
No stack.
(gdb) thread apply all backtrace
(gdb)
Aha. Unless it's very busy I wouldn't expect sslsplit to use a huge
number of openfiles simultaneously, so I wonder if it is failing
to close something.
Please try "fstat | grep sslsplit" soon after startup (allow a couple
of requests to go through first), then again after it has handled
a larger number of connections (maybe 5 minutes or so?) - let's see
if something is building up.
No need to run it in gdb for this now, it is exiting normally (i.e.
following normal error handling and reaching the end of the program)
so you could just use your normal startup script.
Also, as mentioned before, please show the command line you're using,
I've just done some small tests with divert-to ("ipfw" nat engine),
rdr-to ("pf" nat engine) and static destination and haven't noticed
an FD leak in the normal case.
Of course if it is just very busy, you may need to raise an openfiles
limit (ulimit -n if starting manually, or via the relevant class in
login.conf if using an rc.d script, which would be 'daemon' unless
you've added a separate class for it).
Uhmmm ... I think you are right Stu, my pf rules needs to be wrong:
pass in quick inet proto tcp from $laptop to { !<internal_networks>
!<unsupp_sslsplit_hosts> } port $sslsplit_ssl_ports rdr-to 127.0.0.1
port 8443 tag intlans-to-inet
As you can see, I redirect directly to sslsplit's listening port, but
according to sslsplit's man page, that is wrong... And it seems, this is
the explination about the error of "Too many open files" ...
Am I right??
