[ previous ] [ next ] [ threads ]
 
 From:  Frederic BRET <frederic dot bret at univ dash lr dot fr>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: Severe Problem with 1.2b1 HTTPS support
 Date:  Thu, 21 Oct 2004 17:22:39 +0200
Hello

So, it seems to be OK now. Following my idea that something was limiting 
the creation of the processes, rather than simply killing them, I looked 
at the scripts and guess one of the arguments of the mini_httpd running 
on port 8001 (line 173 /etc/inc/captiveportal.inc) ? -maxproc 16
So if we cannot cure the way IE acts, perhaps we can change this 
argument to lets say  ... 1000 ?
I remade a boot image and tested... Now the https login panel is 
accessed by an IE, a lot of mini_http are forked, but nothing dies and 
login pannel appears a few seconds later.

Here is the place to change the value in /etc/inc/captiveportal.inc :

    ../..
            fwrite($fd, "\n");
            fwrite($fd, $key);
            fclose($fd);
           
            mwexec("/usr/local/sbin/mini_httpd -S -a -M 0 -E 
{$g['varetc_path']}/cert-portal.pem" .
                " -u root -maxproc 1000 -p 8001" . 
                " -i {$g['varrun_path']}/mini_httpd.cps.pid");
        }
           
        /* start pruning process (interval = 60 seconds) */
        mwexec("/usr/local/bin/minicron 60 
{$g['varrun_path']}/minicron.pid " .
    ../..

perhaps a value of 1000 is way too big, I don't know. It's under the 
maxprocperuid (sysctl -a). You need to try in your own environment.

Happy evaluation !

Fred