Michal Trojnara wrote:
Zhuang Yuyao wrote:
The gateway is running an embedded system, no harddisk is available, so it is not possible to add more RAM or swap.
Most embedded PC boards do have a memory module...
Yes, but my main purpose is to test its stability under limited resources instead of increasing its capacity.
In your case I'd try: ulimit - n 100 to stop stunnel from openning more than about 50 connections.
Did it work?
ulimit works. I also wrote a little patch against 4.15b2 to allow user to set the max concurrent clients in stunnel.conf global section. it's not a perfect solution but just a workaround.
just add "maxclients = 50" to stunnel.conf global section and it works. if this line is omitted, the default max_clients will be used.
see attached patch file for details if you are interested.
I am still trying to find another better solution: let kernel to send stunnel a signal while available memory is under a special threshold, then stunnel will stop accepting new connections and try to release some memory (kill the latest created threads?) until kernel notifies us the available memory is increased and enough for new connections/threads.
Oh, GOD, embedded system is a nightmare :-)
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Best regards,
Zhuang Yuyao
--- stunnel-4.15/src/options.c 2005-11-15 10:47:38.000000000 +0000 +++ stunnel/src/options.c 2006-03-10 06:30:08.000000000 +0000 @@ -180,6 +180,24 @@ break; }
+ /* max client */ + switch(cmd) { + case CMD_INIT: + options.max_clients=-1; + break; + case CMD_EXEC: + if(strcasecmp(opt, "maxclients")) + break; + options.max_clients=atoi(arg); + return NULL; /* OK */ + case CMD_DEFAULT: + break; + case CMD_HELP: + log_raw("%-15s = maximum concurrent clients", + "maxclients"); + break; + } + /* client */ switch(cmd) { case CMD_INIT: --- stunnel-4.15/src/stunnel.c 2005-11-15 09:41:06.000000000 +0000 +++ stunnel/src/stunnel.c 2006-03-13 06:23:10.000000000 +0000 @@ -279,13 +326,22 @@ #endif if(max_fds && max_fds<16) /* stunnel needs at least 16 file desriptors */ max_fds=16; - if(max_fds) { + if(options.max_clients > 0) { + max_clients = options.max_clients; + } + else { + if(max_fds) { max_clients=max_fds>=256 ? max_fds*125/256 : (max_fds-6)/2; - s_log(LOG_NOTICE, "%d clients allowed", max_clients); - } else { + } else { max_clients=0; - s_log(LOG_NOTICE, "No limit detected for the number of clients"); - } + } + } + if(max_clients > 0) { + s_log(LOG_NOTICE, "%d clients allowed", max_clients); + } + else { + s_log(LOG_NOTICE, "No limit detected for the number of clients"); + } #endif }
--- stunnel-4.15/src/prototypes.h 2006-03-14 01:10:29.000000000 +0000 +++ stunnel/src/prototypes.h 2006-03-14 01:11:07.000000000 +0000 @@ -115,6 +115,8 @@ int verify_use_only_my; long ssl_options;
+ int max_clients; /* maximum concurrent clients allowed */ + /* some global data for stunnel.c */ #ifndef USE_WIN32 #ifdef HAVE_CHROOT