stunnel log file fills up with errors very fast - stunnel-users

19 Jan 2025


      Hello stunnel users,
With stunnel (version: 5.71) setup and running (used to secure NFSv4 mounts), when the network interface is brought down,
a huge number of messages are written to the log file (configured with the "output" option) in a
very short amount of time.
Below are some sample logs:
2025.01.19 14:19:58 LOG5[1044766]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.01.19 14:19:58 LOG5[1044767]: Service [xxxxx] accepted connection from 127.0.0.1:994
2025.01.19 14:19:58 LOG3[1044767]: s_connect: connect 192.168.x.xx:xxxx: Network is unreachable (101)
2025.01.19 14:19:58 LOG3[1044767]: No more addresses to connect
2025.01.19 14:19:58 LOG5[1044767]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2025.01.19 14:19:58 LOG5[1044768]: Service [xxxxx] accepted connection from 127.0.0.1:994
2025.01.19 14:19:58 LOG3[1044768]: s_connect: connect 192.168.x.xx:xxxx: Network is unreachable (101)
2025.01.19 14:19:58 LOG3[1044768]: No more addresses to connect
...
This causes the log size to grow very quickly, sometimes overwhelming the filesystem.
Log rotation alleviates this issue to some extent. But still, the archived logs would be filled with duplicate
logs.
This issue has been discussed by another user in the following thread:
https://www.stunnel.org/mailman3/hyperkitty/list/stunnel-users@stunnel.org/t...
(Note, while the user in the thread above received "Connection refused" messages, here the error is "Network is unreachable".
Otherwise, the behaviour with respect to logs is the same.)
We would like to know if there is a way to control this connection behaviour from stunnel when "Network is unreachable"
in such a manner. If not, is there a way to control/limit the log output from stunnel (without reducing the log level from default)?
Steps to reproduce the issue:
1.  Mount an NFSv4 filesystem using stunnel (configured to output logs to a file)
  2.  Bring down the network interfaces such that stunnel is not able to reach the configured server.
(Please make sure to not lose access to the server while doing this.)
  3.  Wait ~300 seconds
  4.  Bring the interface(s) back up.
  5.  Examine the log size and contents.
Thanks,
Alan M Varghese