ports/174245: net/relayd Segfault on reload when checking https

Thomas Johnson tom at claimlynx.com
Thu Dec 6 20:50:00 UTC 2012 

>Number:         174245
>Category:       ports
>Synopsis:       net/relayd Segfault on reload when checking https
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 06 20:50:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Johnson
>Release:        FreeBSD 9.1-RC3 i386
>Organization:
ClaimLynx, Inc.
>Environment:
System: FreeBSD folsom-2.claimlynx.com 9.1-RC3 FreeBSD 9.1-RC3 #1: Sat Dec 1 12:52:30 CST 2012 root at folsom-2.claimlynx.com:/usr/obj/usr/src/sys/GENERIC-ALTQ i386

Relayd version relayd-5.2.20121122

>Description:
I have noticed that when relayd is configured to check https responses, issuing a 'relayctl reload' command faults relayd to quit with signal 11. The configuration snippet in the How-to-Repeat section below shows the problem configuration. The following log output shows an example relayd run (irrelevant testing output removed). Following startup, and a couple rounds of checks, 'relayctl reload' is issued.

> grep '69358\|69359\|69360' /var/log/all.log
Dec  6 12:49:09 folsom-2 relayd[69358]: startup
Dec  6 12:49:09 folsom-2 relayd[69360]: socket_rlimit: max open files 11095
Dec  6 12:49:09 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, setservent, not found, and no fallback provided
Dec  6 12:49:09 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, endservent, not found, and no fallback provided
Dec  6 12:49:09 folsom-2 relayd[69359]: init_filter: filter init done
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/www" and table "www"
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/https" and table "https"
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wiki" and table "wiki"
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wikis" and table "wikis"
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftp" and table "ftp"
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftps" and table "ftps"
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/sftp" and table "sftp"
Dec  6 12:49:09 folsom-2 relayd[69359]: init_tables: created 6 tables
Dec  6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table www
Dec  6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table https
Dec  6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table wiki
Dec  6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table wikis
Dec  6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table ftp
Dec  6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table ftps
Dec  6 12:49:09 folsom-2 relayd[69359]: flush_table: flushed table sftp
...
Dec  6 12:49:27 folsom-2 relayd[69358]: parent_reload: level 0 config file /etc/relayd.conf
Dec  6 12:49:27 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, setservent, not found, and no fallback provided
Dec  6 12:49:27 folsom-2 relayd[69358]: NSSWITCH(_nsdispatch): ldap, services, endservent, not found, and no fallback provided
Dec  6 12:49:27 folsom-2 relayd[69359]: init_filter: filter init done
Dec  6 12:49:27 folsom-2 kernel: pid 69360 (relayd), uid 913: exited on signal 11
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/www" and table "www"
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/https" and table "https"
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wiki" and table "wiki"
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/wikis" and table "wikis"
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftp" and table "ftp"
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/ftps" and table "ftps"
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: prepare anchor "relayd/sftp" and table "sftp"
Dec  6 12:49:27 folsom-2 relayd[69359]: init_tables: created 0 tables
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table www
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table https
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table wiki
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table wikis
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table ftp
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table ftps
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_table: flushed table sftp
Dec  6 12:49:27 folsom-2 relayd[69359]: kill_tables: deleted 7 tables
Dec  6 12:49:27 folsom-2 relayd[69359]: flush_rulesets: flushed rules
Dec  6 12:49:27 folsom-2 relayd[69359]: pfe exiting, pid 69359
Dec  6 12:49:27 folsom-2 relayd[69358]: parent terminating, pid 69358

>How-To-Repeat:
The following is relevant configuration that causes a segfault on reload.

interval 5
timeout 300
prefork 5
log updates

lion1="10.11.12.1"
lion2="10.11.12.2"
lion3="10.11.12.3"
lion4="10.11.12.4"
carp_if="10.11.12.5"
sorry_server="10.11.13.28"

table <webpool> { $lion1, $lion2, $lion3, $lion4 }
table <sorry> { $sorry_server retry 2}

redirect "https" {
	listen on $carp_if port 443
	# Enabling these checks causes segfaults on reload
	forward to <webpool> check https "/favicon.ico" code 200 timeout 750
	forward to <sorry> check https "/favicon.ico" code 200 timeout 750
	# Old, working configuration
	#forward to <webpool> check tcp timeout 300
	#forward to <sorry> timeout 300 check icmp
	sticky-address
}
>Fix:
Avoid using 'check https', or reloading your relayd configuration.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list