You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Lev Stipakov (JIRA)" <ji...@apache.org> on 2015/03/20 15:28:39 UTC
[jira] [Comment Edited] (TS-3456) SSL blind tunnel sometimes not
created
[ https://issues.apache.org/jira/browse/TS-3456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14371237#comment-14371237 ]
Lev Stipakov edited comment on TS-3456 at 3/20/15 2:28 PM:
-----------------------------------------------------------
Found out that {{HttpSM::setup_blind_tunnel}} is called N times less than {{SSLNextProtocolAccept:mainEvent}}, where N is exact amount of stalled connections.
was (Author: lstipakov):
Found out that {{SSLNextProtocolAccept:mainEvent}} is called N times less than {{HttpSM::setup_blind_tunnel}}, where N is exact amount of stalled connections.
> SSL blind tunnel sometimes not created
> ---------------------------------------
>
> Key: TS-3456
> URL: https://issues.apache.org/jira/browse/TS-3456
> Project: Traffic Server
> Issue Type: Bug
> Components: Plugins, SSL
> Reporter: Lev Stipakov
> Assignee: Susan Hinrichs
> Fix For: 6.0.0
>
> Attachments: ts-tls.cc
>
>
> Hello,
> I made a simple plugin that sets up TS_SSL_SNI_HOOK and creates a
> blind tunnel from a separate thread. With low load everything works
> fine, but with moderate load (100 simultaneous users, each user sends
> 200 HTTPS requests) I see somewhat strange behavior.
> On a client side I use Tsung, which creates users and sends number of
> requests per user. For each user Tsung waits for a response before
> sending a new request, so if response never arrives, a particular user
> (and the whole test) stalls.
> So, with load mentioned above I see few 'stalled' connections on both
> client and proxy – netstat shows them as ”established”, ATS seems to
> have data structures for those (checked
> proxy.process.net.connections_currently_open value), but no traffic
> goes between proxy and client.
> Client side (.175):
> tcp 0 0 10.133.3.175:40737 10.133.3.250:443 ESTABLISHED 14332/beam.smp
> (more similar connections here)
> Proxy side (.250 is a server):
> tcp 0 0 10.133.3.250:443 10.133.3.175:40737 ESTABLISHED 28117/traffic_serve
> (more similar connections here)
> I checked traffic.out log and found out that
> ”SSLNextProtocolAccept:mainEvent” does not get called as many times as
> it should. This can probably be explained by the fact that client does
> not send requests for given user anymore if response to previous
> request hasn't been received. Which, in turn, may indicate that at
> some point tunnel has not been created.
> The interesting thing is that everything works fine if a tunnel is
> created directly from TS_SSL_SNI_HOOK but not from the separate
> thread.
> The plugin code is very simple – I set up TS_SSL_SNI_HOOK and start a
> thread with TSThreadCreate. When hook got called, I push TSVConn to a
> thread-safe queue. The thread wakes up when item has been pushed,
> calls TSVConnTunnel / TSVConnReenable for given vconn and then waits
> for the next item. I have attached the code.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)