[stunnel-users] Effect of SIGHUP on connections

Philippe Anctil philippe.anctil at gmail.com
Thu Feb 11 21:10:03 CET 2016


Hello,

I have been testing if sending sighup to stunnel has adverse effects on
existing connections (in fork mode, v5.19). I have found new connections
may fail to complete.

In real world scenarios it is not a big issue. First you will reload only
once. Second, you will probably do it during slow hours. Chances to impact
someone are very low.

In any case, I wanted to understand the circumstances leading to failed
connections.

My test is simple. I try to establish 10 connections at 1 second interval.
At the same time, I generate a lot of sighup signals. At least one
connection fails every time.

Even with debug turned on, I can't find any indication of failed
connections in stunnel log.

But the real mystery is this. If I run a tcp capture, I will see
established connections.

     29 2016-02-10 12:07:14.304987 0.000000    142.168.148.114
142.168.66.111        TCP      66     56572→4443 [SYN] Seq=0 Win=8192 Len=0
MSS=1260 WS=256 SACK_PERM=1
     30 2016-02-10 12:07:14.305001 0.000014    142.168.66.111
 142.168.148.114       TCP      66     4443→56572 [SYN, ACK] Seq=0 Ack=1
Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=128
     31 2016-02-10 12:07:14.312908 0.007907    142.168.148.114
142.168.66.111        TCP      60     56572→4443 [ACK] Seq=1 Ack=1
Win=66560 Len=0
     32 2016-02-10 12:07:14.312918 0.000010    142.168.66.111
 142.168.148.114       TCP      54     4443→56572 [RST] Seq=1 Win=0 Len=0
     33 2016-02-10 12:07:14.313097 0.000179    142.168.148.114
142.168.66.111        SSL      371    Client Hello
     34 2016-02-10 12:07:14.313102 0.000005    142.168.66.111
 142.168.148.114       TCP      54     4443→56572 [RST] Seq=1 Win=0 Len=0

How could a tcp connection be established and yet find no indication of
that in stunnel.log?

Thanks!


-- 
Philippe Anctil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160211/7dfc195c/attachment.html>


More information about the stunnel-users mailing list