You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by Jack Bates <6n...@nottheoilrig.com> on 2012/06/22 12:12:24 UTC

Re: Download mirrors, plugin, GSoC

What's the best way to compute SHA-256 digests for content in the cache? 
I am thinking of using libgcrypt [1], can anyone comment on whether this 
is a good choice, or offer advice?

To read the content, I am thinking of following the null transform 
example, and whenever I copy from the input to the output buffer, update 
the digest with this chunk of content. Is the null transform example the 
best way to read the content, for the purpose of computing the digest?

Should I worry about tying up the event loop with calls to libgcrypt?

Here is a first attempt, on GitHub, at using libgcrypt and following the 
null transform example [2]. I would love any feedback

My GSoC project is a plugin to exploit RFC 6249, Metalink/HTTP: Mirrors 
and Hashes [3], and redirect clients to mirrors that are already cached. 
So far it works just well enough that, given a response with a URL in 
the "Location: ..." header that is not already cached and a URL in a 
"Link: <...>; rel=duplicate" header that is already cached, it will 
rewrite the "Location: ..." header with the cached URL. This should 
redirect clients that are not Metalink aware to mirrors that are already 
cached

I think the next step is for this plugin to check the digest of the 
cached content:

    If Instance Digests are not provided by the Metalink servers, the
    Link header fields pertaining to this specification MUST be ignored.

So I plan to compute digests for content in the cache and check the 
"Digest: ..." header against these. Does this sound like the right approach?

   [1] http://directory.fsf.org/wiki/Libgcrypt
   [2] https://github.com/jablko/dedup
   [3] http://tools.ietf.org/html/rfc6249

Re: Download mirrors, plugin, GSoC

Posted by Jack Bates <6n...@nottheoilrig.com>.

On 22/06/12 07:34 AM, Leif Hedstrom wrote:
> On 6/22/12 4:12 AM, Jack Bates wrote:
>> What's the best way to compute SHA-256 digests for content in the
>> cache? I am thinking of using libgcrypt [1], can anyone comment on
>> whether this is a good choice, or offer advice?
>
> hmmm, maybe consider something from OpenSSL? We already link / use it
> heavily, and I believe there's a SHA-256 in it as well?

Thanks Leif, done. I switched from libgcrypt to OpenSSL [1]

This plugin now computes SHA-256 digests for content in the cache. Given 
a response with a "Location: ..." header and a "Digest: SHA-256=..." 
header, if the "Location: ..." URL isn't already cached but content with 
a matching digest does exist in the cache, the plugin will rewrite the 
"Location: ..." header with the cached URL. This should redirect clients 
that are not Metalink aware to mirrors that are already cached

The code is up on GitHub [2] I would love any feedback

To check for content with a matching digest, this plugin uses 
TSCacheWrite() and TSCacheRead() to map the SHA-256 digest of the 
content to the request URL

It listens for responses from origin servers with 
TS_EVENT_HTTP_READ_RESPONSE_HDR and sets up a transform. The transform 
doesn't alter the content, just feeds it to OpenSSL SHA256_Update(). 
When complete, it calls TSCacheKeyDigestSet() on the SHA-256 digest, and 
TSCacheWrite() to store there the request URL

It also listens for responses to clients (from cache or from origin 
server) with TS_EVENT_HTTP_SEND_RESPONSE_HDR. If the response has a 
"Location: ..." header and a "Digest: SHA-256=..." header then it calls 
TSCacheKeyDigestFromUrlSet() and TSCacheRead() to check if the 
"Location: ..." URL is already cached. If not then it calls 
TSCacheKeyDigestSet() and TSCacheRead() to check if the "Digest: 
SHA-256=..." digest already exists in the cache. If so then it calls 
TSVConnRead() to read the URL associated with the digest

Finally it calls TSCacheKeyDigestFromUrlSet() and TSCacheRead() again, 
on the URL associated with the digest, to check that the content is 
still fresh. If it is then the plugin rewrites the "Location: ..." 
header with the cached URL

What are your thoughts on this approach?

This satisfies the requirement from RFC 6249:

    If Instance Digests are not provided by the Metalink servers, the
    Link header fields pertaining to this specification MUST be ignored.

RFC 6249 also requires the SHA-256 digest:

    Metalinks contain whole file hashes as described in
    Section 6, and MUST include SHA-256, as specified in [FIPS-180-3].

The plugin could support additional digest algorithms, if they are useful?

   [1] 
https://github.com/jablko/dedup/commit/3d1e6c1980df5b75aa44ace24f6a4886d6ba4215
   [2] https://github.com/jablko/dedup

Re: Download mirrors, plugin, GSoC

Posted by Leif Hedstrom <zw...@apache.org>.

On 6/22/12 4:12 AM, Jack Bates wrote:
> What's the best way to compute SHA-256 digests for content in the cache? I 
> am thinking of using libgcrypt [1], can anyone comment on whether this is 
> a good choice, or offer advice?

hmmm, maybe consider something from OpenSSL? We already link / use it 
heavily, and I believe there's a SHA-256 in it as well?

-- leif