RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 986038 - Rsyslog gets in a loop rejecting all incoming connections when listening over gnutls.
Summary: Rsyslog gets in a loop rejecting all incoming connections when listening over...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: rsyslog7
Version: 6.4
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: 6.6
Assignee: Radovan Sroka
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-18 20:25 UTC by Wesley Hearn
Modified: 2017-11-30 12:51 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-30 12:51:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Wesley Hearn 2013-07-18 20:25:46 UTC 
Description of problem:
When using rsyslog as a central server listening on TCP/IP with SSL. If too many messages are sent to the server at a time one of the threads(I am thinking it is the imtcp module) gets in a locked state. If you attach strace to the thread it is in a loop where it cannot open a resource and blocks all incoming messages.

Version-Release number of selected component (if applicable):
rsyslog-5.8.10-6.el6.x86_64
rsyslog-gnutls-5.8.10-6.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set up a rsyslog server listening for SSL over TCP using gtls and imtcp
2. Set up several clients to forward their log messages to the server
3. Spawn a loop of logger to spam the server

Actual results:
Rsyslog blocks incoming messages which cause the clients to lock where you cannot ssh into them.

Expected results:
The rsyslog server to still be able to accept incomming messages

Additional info:
Comment 2 Tomas Heinrich 2013-07-19 09:13:46 UTC 
Thanks, I'll look into reproducing the symptoms. Meanwhile, you can prevent the clients from being unresponsive with a bit of a configuration. In plain English: configure each of the forwarding actions to have an in-memory queue that spools messages to disk if it gets full. This way you won't loose messages (as long as there is free disk space), the queue won't get full and the logger won't jam as you've experienced and rsyslog won't eat all your ram.

Here's a link to some upstream docs and a config snippet:
http://www.rsyslog.com/doc/rsyslog_conf_global.html
http://www.rsyslog.com/doc/queues.html

--- 8< ---
$ActionQueueType LinkedList
$ActionQueueFileName fwd-spool-file
$ActionQueueSaveOnShutdown on
$ActionResumeRetryCount -1
$ActionQueueMaxDiskSpace 15g
*.* @@server.com:1234 # some fwd action
--- 8< ---
Comment 3 Tomas Heinrich 2013-07-22 17:24:26 UTC 
I haven't managed to reproduce the symptoms yet. I'm using openssl's s_client as the sender and a variation of this script:

for j in {1..99}; do for i in {1..999}; do echo "<13>clihost clitag: asdf_${j}_${i}"; done | openssl s_client -connect localhost:1234 & done

Could you please provide more details on the configuration of the server and the steps you're using to reproduce the fault?
Comment 4 Wesley Hearn 2013-07-31 17:39:40 UTC 
Updating ticket to remove needinfo? flag, I have provided him with access to a server that I ws able to reproduce this on and he was able to get what he needed from there.
Comment 5 RHEL Program Management 2013-10-14 03:06:02 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 6 Rich Megginson 2016-03-03 17:14:53 UTC 
Tomas - do you know if this is still a problem with rsyslog v7 or rsyslog v8?
Comment 7 Peter Portante 2016-03-03 19:00:33 UTC 
Two recent fixes for gnutls code in rsyslog to be aware of:

1. https://github.com/rsyslog/rsyslog/pull/801
   Fix for: "Errors with TLS connections in 8.15" #732
2. https://github.com/rsyslog/rsyslog/pull/649
   gnutls: fixed memory leak when gtlsRecordRecv returned a failure.
Comment 8 Tomas Heinrich 2016-03-04 13:30:59 UTC 
(In reply to Rich Megginson from comment #6)
> Tomas - do you know if this is still a problem with rsyslog v7 or rsyslog v8?

Can't really say. AFAIR, we never really found the actual cause and there is a giant diff between v5 and v8. We'd have to run the test again but I've never been able to reproduce it in my environment.

Have you run into any TLS related issues? There are still some outstanding bugs.
Comment 9 Rich Megginson 2016-03-04 15:44:45 UTC 
(In reply to Tomas Heinrich from comment #8)
> (In reply to Rich Megginson from comment #6)
> > Tomas - do you know if this is still a problem with rsyslog v7 or rsyslog v8?
> 
> Can't really say. AFAIR, we never really found the actual cause and there is
> a giant diff between v5 and v8. We'd have to run the test again but I've
> never been able to reproduce it in my environment.
> 
> Have you run into any TLS related issues? There are still some outstanding
> bugs.

I have not done any testing with secure connections or HTTPS.  I need to do that.
Note You need to log in before you can comment on or make changes to this bug.