Date: Wed, 13 Jun 2007 16:58:50 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: Alexandre Biancalana <biancalana@gmail.com> Cc: stable@freebsd.org, rwatson@freebsd.org Subject: Re: Unix domain socket leak in 6-STABLE Message-ID: <20070613235850.GM96936@elvis.mu.org> In-Reply-To: <8e10486b0706131214m9e04f36rbaf9db859e9e65da@mail.gmail.com> References: <7ad7ddd90706130722t6731afa7j5fa9a78a3e87f9e5@mail.gmail.com> <8e10486b0706131214m9e04f36rbaf9db859e9e65da@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* Alexandre Biancalana <biancalana@gmail.com> [070613 12:40] wrote: > On 6/13/07, Ulrich Spoerlein <uspoerlein@gmail.com> wrote: > > > >Hi, > > > >as you are aware, there is a unix domain socket leak in 6-STABLE, > >which AFAIK is not yet fully fixed. > > > >I wanted to ask about the status or some possible fixes, as I know a > >way to reproduce the problem in a matter of minutes. > > > >We are running Cyrus and Postfix with the user DB in OpenLDAP. When > >using ldapi://%2fvar%2frun%2fopenldap%2fldapi/ as a connection URL for > >both Postfix' user lookup and cyrus' user lookup (via nss_ldap). slapd > >quickly runs out of filedescriptors as it is not closing any unix > >sockets (judging by ever increasing lsof output). > > > >Using TCP sockets is just fine. If there are patches I could try, > >don't hesitate to send them to me. > > > > Ohhh !! I had exactly the same problem last night. > > After change the line of /usr/local/etc/nss_ldap.conf from > > uri ldap://127.0.0.1/ > > to > > uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/ > > The open sockets off this machine started to increase until reach maxfiles > limit and show messages like this: > > kernel: kern.maxfiles limit exceeded by uid 65534, please see tuning(7). > > and slapd stopped to accept new connections. > > During the day (production hours) the number off connections (using TCP > sockets) to OpenLDAP range from 16 to 45. Last night after change the type > connection to Unix Domain Socket the number of connections raised rapidly to > about 4000. I get this numbers using sockstat -c command. > > This machine is our Samba PDC, running 6.2-STABLE compile in Apr 5 13:33:50 > using samba-3.0.24,1, nss_ldap-1.255, openldap-server-2.3.34_1 > > I can provide more information if need. > > Any Advises/Patches ? I would advise running "truss" or ktrace against the process to see if it's actually attempting to close the descriptor. this would explain if the leak is in the application, or maybe libc/kernel. -- - Alfred Perlstein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070613235850.GM96936>