You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2013/03/28 07:19:20 UTC

[jira] [Updated] (TS-1424) Transparent proxy with proxy.config.http.use_client_source_port==1 has problems if the client is keep-alive and the origin server is not.

     [ https://issues.apache.org/jira/browse/TS-1424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom updated TS-1424:
------------------------------

    Fix Version/s:     (was: 3.3.3)
                   3.3.2
    
> Transparent proxy with proxy.config.http.use_client_source_port==1 has problems if the client is keep-alive and the origin server is not.
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: TS-1424
>                 URL: https://issues.apache.org/jira/browse/TS-1424
>             Project: Traffic Server
>          Issue Type: Bug
>         Environment: 3.2 with transparent (TProxy) interception + proxy.config.http.use_client_source_port = 1
>            Reporter: B Wyatt
>            Assignee: Alan M. Carroll
>             Fix For: 3.3.2
>
>
> As keep-alive is hop-to-hop ATS will happily support client keep-alive in instances where an Origin Server terminates the connection after each transaction. 
> However, when using proxy.config.http.use_client_source_port this behavior can cause some sites to break.  
> When the client is kept alive, subsequent requests are made rapidly and with the same 4-tuple for addressing.  Since ATS is trying to match the 4-tuple (due to proxy.config.http.use_client_source_port) it enters a 3-way race between: 
> # the FIN, FIN/ACK packets being exchanged with the origin server and the new request packets from the client.  If the OS is slow it is possible that ATS will attempt to reconnect with the same port/address before the connection is legitimately closed.
> # Kernel timers for PAWS and recently closed sockets.  This is different (and much shorter) than the time-wait state and there is no way to disable it
> # Everything working out just fine and the connection establishing like normal
> The best repro case I've seen is a slow origin server that serves pages in <frame> tags from the same host but does not support keep-alive (http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp for instance)
> It is possible that simply respecting a servers keep-alive settings when using proxy.config.http.use_client_source_port would work as the original client would change the 4-tuple address for its next connection.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira