Moin,
i have been running into memleaks with nginx 1.24.0 for some time;
Nginx is self-build (as i need the http_sub module); It is configures
with: ./configure --with-http_sub_module --with-http_ssl_module --with-
http_stub_status_module --prefix=/usr/local --conf-
path=/etc/nginx/nginx.conf --use
Moin,
> So you didn't mention http_sub_module before, which precludes
> directly using packages from 7.4, but can you try building from the
> port so that the only change compared to what anyone else is running
> is enabling the additional module? (You can use 'FLAVOR="no_passenger
> no_lua no_nj
Moin,I ran through the experiments i had suggested. As you assumed, this is
indeed related to outbound TLS1.3 connections, specifically:
+-+
| Config (syspatched OpenBSD 7.4) | Memleak? |
+--
>
> > Here's a simpler nginx.conf to reproduce. Note that the leak goes
> > away if you don't use Connection: Upgrade.
It also goes away if you use the 'sophisticated' example from
https://nginx.org/en/docs/http/websocket.html and the client does not
request an upgrade. Obviously, it returns if a
> I am not really sure whether this is an openbsd/libressl issue then.
> Let me test this against a linux box.
Nope, does not leak.
With best regards,
Tobias
Moin,
I have run into some issues with v6 PMTUD on OpenBSD 7.4, and am
somewhat at a loss on how to proceed finding a proper reproducer.
I first brushed into MTU issues when some of my mailers suddenly
started to put out ~50mbit of traffic with no apparent reason. Back
then further debugging lead
Moin,
> Note that I have also written some scapy script to test path MTU
> discovery. /usr/src/regress/sys/netinet/pmtu/tcp_connect.py
> and tcp_connect6.py
> Sometimes these tests fail, so PMTU may have bugs. Or my tests are
> just unreliable.
Awesome, thanks!
> How does the route look like
Moin
> How does the route look like where the path MTU is saved?
> netstat -rn has a Mtu column.
Just noticed i sent route -n -T0 get instead of netstat -rn;
gw02.dus01.as59645.net ~ # route -T0 exec netstat -rn | grep
2a06:d1c0::b
2a06:d1c0::b/1282a06:d1c0::dead:bee
Moin,
ok, had a hunch, and i think i got closer to this. I can now semi-
reproduce this in a lab environment. with six OpenBSD 7.4. I guess the
last missing component is bringing in a Linux router, i.e., in a pure
openbsd setup it is not that bad because openbsd does not send type 2
ad infinum (un
Moin,
On Sat, 2024-01-27 at 16:54 +0100, Theo Buehler wrote:
> This should be fixed with
>
> https://cvsweb.openbsd.org/src/lib/libssl/tls13_legacy.c#rev1.43
>
> which you should be able to backport to 7.4 without issues if you
> don't want to use current.
Took me longer than i wanted to to giv
somehow.
With best regards,
Tobias
On Thu, 2024-03-07 at 23:20 +0100, Tobias Fiebig wrote:
> Moin,
>
> ok, had a hunch, and i think i got closer to this. I can now semi-
> reproduce this in a lab environment. with six OpenBSD 7.4. I guess
> the
> last missing component is bringing
Moin,
> I will also poke in the linux direction so they can fix their ICMP6
> rate limiting issue.
Another FYI on this: Not ratelimiting ICMP6 Packet-too-big
(Type 2) and Echo/Reply (Type 128/129) is the default setting in
Linux, see Documentation/networking/ip-sysctl.rst l2776 of the
Linux sour
12 matches
Mail list logo
