Long ago I had a server with a bad network card. Every once in a while it
would spew uncontrollable bytes onto the network. If you open a stunnel
connection and it does that this could very well be the problem. If it
cheap, try changing the network card. If not, you should be able to look in
your firewall/router and it will tell you who is sending what bytes to
whomever. See if that machine is indeed streaming the bytes in massive
quantities. If not, I would suspect your stunnel is getting stuck in it's
own loop. There are a million reasons this can happen (well a few less than
a million) - such as maybe a bad library in the FreeBSD or a bad choice in
the Makefile - such as doing threads or something in a way your O/S does not
like (I use threads=fork or whatever it is, instead of actual threading).
You might tinker with some of the options that make the stunnel build and
try different ones. Especially if stunnel was compiled on a different
version of the O/S - could be differences in bytes in things and who knows
what.
That is all I can suggest beyond setting the debug level to 7 (I think is
highest) and then watching the log file.
Eric
From: stunnel-users [mailto:stunnel-users-bounces@stunnel.org] On Behalf Of
Murrey, Brian J.
Sent: Wednesday, October 17, 2018 10:57 AM
To: stunnel-users(a)stunnel.org
Subject: [stunnel-users] CPU 100%
We are running stunnel 5.49 on FreeBSD 11.2 and we're running into a problem
once in a while.
CPU pegs at 100% when we get an stunnel connection from one of our external
devices.
This affects 100% of all cores and we can't even log in to console.
To mitigate this temporarily, we have a script running in the background to
watch when stunnel begins to spike and restarts the daemon.
It doesn't happen 100% of the time, and so far I have been unable to
distinguish what makes the connection do this to the CPU.
Have any of you run in to this issue?
Sincerely,
Brian Murrey
System Engineer II, IT Infrastructure
_____
NOTICE: This message may contain privileged and confidential information
and/or protected health information intended solely for the use of the named
recipient and may be privileged or otherwise protected by law. If you are
not the intended recipient of this message, you should immediately notify
the sender and delete this message. Do not disseminate, reproduce, or review
this message or attachments if you are not the intended recipient. The
sender or others may have legal rights restricting the dissemination of the
information contained in this message and, as a result, remedies against you
in the event of the improper dissemination of confidential information,
trade secrets, personal information or privileged communications. This
message is the work of the sender and does not necessarily reflect the
position, views, or policies of TriMedx LLC or its affiliates.
WARNING: The integrity and security of this message cannot be guaranteed and
may contain or transmit a virus or other illicit code. Neither TriMedx LLC
or its affiliates accept liability for any damage attributable to viruses or
illicit code transmitted through this message or an attachment.