SSL process leak after alert?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL process leak after alert?

Roger Lipscombe-2
(re-submitting this now I've got the underlying cause)

Per http://erlang.org/pipermail/erlang-questions/2018-February/094933.html:

I'm using a gen_server with {active, once} handling, with ranch_ssl
(though I don't think ranch is part of the problem), and it's leaking
connection processes. I'm never seeing the 'ssl_closed' message.

My code looks like this:

1. ranch calls my_protocol:start_link.
2. my_protocol:start_link calls proc_lib:spawn_link.
3. my_protocol:init calls ranch:accept_ack. This returns 'ok'.
4. my_protocol:init calls Transport:setopts(Socket, [{active, once}]).
5. my_protocol:init calls gen_server:enter_loop.

I see some packets sent from the client in Wireshark, and then an SSL
alert. In my logs, I see the following:

SSL: {connection,{alert,2,20,{"tls_record.erl",488},undefined}}:
ssl_connection.erl:861:Fatal error: unexpected message

...and the socket is closed (neither netstat nor inet:i() show it),
but my Erlang process never sees an 'ssl_closed' message (or any other
message), so it never dies.

Erlang/OTP 19.3.6.4

Regards,
Roger.
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: SSL process leak after alert?

Roger Lipscombe-2
On 16 February 2018 at 15:03, Roger Lipscombe <[hidden email]> wrote:

> (re-submitting this now I've got the underlying cause)
>
> Per http://erlang.org/pipermail/erlang-questions/2018-February/094933.html:
>
> I'm using a gen_server with {active, once} handling, with ranch_ssl
> (though I don't think ranch is part of the problem), and it's leaking
> connection processes. I'm never seeing the 'ssl_closed' message.
>
> My code looks like this:
>
> 1. ranch calls my_protocol:start_link.
> 2. my_protocol:start_link calls proc_lib:spawn_link.
> 3. my_protocol:init calls ranch:accept_ack. This returns 'ok'.
> 4. my_protocol:init calls Transport:setopts(Socket, [{active, once}]).
> 5. my_protocol:init calls gen_server:enter_loop.

It's essentially the same as
https://github.com/ninenines/ranch/blob/master/examples/tcp_reverse/src/reverse_protocol.erl,
but with the SSL transport and a slightly more complicated protocol
than "echo" :)

> I see some packets sent from the client in Wireshark, and then an SSL
> alert.

I should note that the "client" is an IoT device with flaky ...
something. Could be Wifi, RAM, something else. It could be a dodgy
router between it and us, for example. It's one of N identical devices
(where N is a large but confidential number), all the rest of which
are working fine. It's just that this one -- which I have no access
to, just an IP address -- is causing this process leak on my server.
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: SSL process leak after alert?

Roger Lipscombe-2
Hmm, it does look suspiciously related. I'll try to backport it to our
current version (19.3.6.4) and see if it resolves the problem.

On 18 February 2018 at 16:12, Ingela Andin <[hidden email]> wrote:

> Hi!
>
> Have you seen PR-1709 this merged to master? Would it solve your problmem?
>
> Regards Ingela Erlang OTP-team
> lör 17 feb. 2018 kl. 12:25 skrev Roger Lipscombe <[hidden email]>:
>>
>> On 16 February 2018 at 15:03, Roger Lipscombe <[hidden email]>
>> wrote:
>> > (re-submitting this now I've got the underlying cause)
>> >
>> > Per
>> > http://erlang.org/pipermail/erlang-questions/2018-February/094933.html:
>> >
>> > I'm using a gen_server with {active, once} handling, with ranch_ssl
>> > (though I don't think ranch is part of the problem), and it's leaking
>> > connection processes. I'm never seeing the 'ssl_closed' message.
>> >
>> > My code looks like this:
>> >
>> > 1. ranch calls my_protocol:start_link.
>> > 2. my_protocol:start_link calls proc_lib:spawn_link.
>> > 3. my_protocol:init calls ranch:accept_ack. This returns 'ok'.
>> > 4. my_protocol:init calls Transport:setopts(Socket, [{active, once}]).
>> > 5. my_protocol:init calls gen_server:enter_loop.
>>
>> It's essentially the same as
>>
>> https://github.com/ninenines/ranch/blob/master/examples/tcp_reverse/src/reverse_protocol.erl,
>> but with the SSL transport and a slightly more complicated protocol
>> than "echo" :)
>>
>> > I see some packets sent from the client in Wireshark, and then an SSL
>> > alert.
>>
>> I should note that the "client" is an IoT device with flaky ...
>> something. Could be Wifi, RAM, something else. It could be a dodgy
>> router between it and us, for example. It's one of N identical devices
>> (where N is a large but confidential number), all the rest of which
>> are working fine. It's just that this one -- which I have no access
>> to, just an IP address -- is causing this process leak on my server.
>> _______________________________________________
>> erlang-questions mailing list
>> [hidden email]
>> http://erlang.org/mailman/listinfo/erlang-questions
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions