You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2017/05/25 17:04:26 UTC
Proposal to remove AjpApr connector
All,
At ApacheCon, a few of us were talking about things that could be
removed in upcoming versions of Tomcat. The issue of connectors came up,
and I was thinking that there doesn't seem to be a reason to have an
AjpApr connector any more.
The APR flavor of the AJP connector was only useful when BIO was the
only IO strategy available, but now NIO has been available for some
time. APR really only gives a benefit when used with OpenSSL for TLS,
and since AJP doesn't use crypto, I think it's no longer necessary.
I think we could even remove it as of Tomcat 9 if we want.
What do others think?
-chris
Re: Proposal to remove AjpApr connector
Posted by Rémy Maucherat <re...@apache.org>.
2017-05-30 15:57 GMT-05:00 Mark Thomas <ma...@apache.org>:
> On 30/05/17 21:00, Emmanuel Bourg wrote:
> > On 05/30/2017 08:01 PM, Christopher Schultz wrote:
> >
> >> Unless OpenSSL starts providing a JNI binding, we'll always have to
> >> have a wrapper for it.
> >
> > Unless JNA is used. Has anyone experimented with this yet?
>
>
> I've looked at it, but not worked with it. Essentially it is a general
> purpose JNI wrapper. It is ALv2 licensed. It looked like it could do the
> job. I wondered what the performance was like. Looks to be worth exploring.
>
> I didn't know about JNA, but I'm reading a single call is many times
slower. And SSL needs a lot of calls, so this probably desn't look very
good for us.
Rémy
Re: Proposal to remove AjpApr connector
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 5/30/17 4:57 PM, Mark Thomas wrote:
> On 30/05/17 21:00, Emmanuel Bourg wrote:
>> On 05/30/2017 08:01 PM, Christopher Schultz wrote:
>>
>>> Unless OpenSSL starts providing a JNI binding, we'll always
>>> have to have a wrapper for it.
>>
>> Unless JNA is used. Has anyone experimented with this yet?
>
> I've looked at it, but not worked with it. Essentially it is a
> general purpose JNI wrapper. It is ALv2 licensed. It looked like it
> could do the job. I wondered what the performance was like. Looks
> to be worth exploring.
I see only basic data types implemented. I suspect that calling puts()
would work just fine but trying to call fputs() isn't going to work.
Most of the OpenSSL methods need to accept parameters of type
SSL_whatever which may not be possible unless JNA views everything it
doesn't understand as a (void*) and therefore a "Pointer" object.
If the Java code doesn't have to do anything other than maintain the
pointer and pass it into all the various methods, JNA might be a
possibility.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJZLwx7AAoJEBzwKT+lPKRYyA8P/ReUInvL4ZdZAkzBzdIPvDjO
+jxuuE/gVdSwlEMLi7lifctQBqyYsI+GnHNQho8Ayy1o9otM7UG6FNQA7d2Yy8zk
6SeCQOF6W6g07x1so6SNk+MRzhJ3OUxIrxSE4Ti+05NJEvea94ByIzKPl742b9rm
agyPg/MECd7Ee5f3TmWEGrkit4xoPrFPZhiMTr/AEfZqU1pnbiCXVO5zY1bmjvuA
2aXnjNfyOR4Vy//xUQeQXekJvJdB7WQQ+QdESmFhFk/ZI/XS3KHBDJin2GRxkXpc
2Ks8eIogOV/9hwvDB2cDEH6+9/Rmf/55ZHZSOzRPVIkXSXsOC6PLlL3V/MSxdnKx
0lzf++Ml+rgBCoUuKMK5UrZa290lc0zJKUOVt9AOLw58ecnwECN2pTRtmZ6y6knY
T+LXN6vs3FA2ViMUSF9yaszyYzv17WYGEguefNKdrAWc2QQcLA/xu/Zh41Hy5L3O
1yjVsOXTz7fIjnjkq2S+XDOxkSYI3iXRnGK24KXm3C2av+lzXLb6GsA2Ji8CMnq3
Ixl5eA+b4DDAkJq7fqnYxtjZKaHQIUjZL5ywyiJ4ieLXM24Dkt+BFywRRd5Knkir
HS50K5GwO4rPECp4RTksszlvLoD5N9qoVBjbcoO9DK61kg5vWtzy4rwckRaWgbUt
CCQW6DoJ5GYl8b/Q0sjR
=LbjL
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Mark Thomas <ma...@apache.org>.
On 30/05/17 21:00, Emmanuel Bourg wrote:
> On 05/30/2017 08:01 PM, Christopher Schultz wrote:
>
>> Unless OpenSSL starts providing a JNI binding, we'll always have to
>> have a wrapper for it.
>
> Unless JNA is used. Has anyone experimented with this yet?
I've looked at it, but not worked with it. Essentially it is a general
purpose JNI wrapper. It is ALv2 licensed. It looked like it could do the
job. I wondered what the performance was like. Looks to be worth exploring.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Emmanuel Bourg <eb...@apache.org>.
On 05/30/2017 08:01 PM, Christopher Schultz wrote:
> Unless OpenSSL starts providing a JNI binding, we'll always have to
> have a wrapper for it.
Unless JNA is used. Has anyone experimented with this yet?
Emmanuel Bourg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 5/26/17 7:46 AM, Mark Thomas wrote:
> On 25/05/17 18:04, Christopher Schultz wrote:
>> All,
>>
>> At ApacheCon, a few of us were talking about things that could
>> be removed in upcoming versions of Tomcat. The issue of
>> connectors came up, and I was thinking that there doesn't seem to
>> be a reason to have an AjpApr connector any more.
>>
>> The APR flavor of the AJP connector was only useful when BIO was
>> the only IO strategy available, but now NIO has been available
>> for some time. APR really only gives a benefit when used with
>> OpenSSL for TLS, and since AJP doesn't use crypto, I think it's
>> no longer necessary.
>>
>> I think we could even remove it as of Tomcat 9 if we want.
>>
>> What do others think?
>
> It is only 8 lines of code. It is probably simpler just to keep it
> than to take the time to document why that particular combination
> is no longer available.
>
> However, if you expand the proposal to removing the HTTP
> APR/native connector as well then that gets a lot more
> interesting.
That's where I was going. I figured that removing AjpApr would meet
less resistance, so I decided to start there.
> Now we have NIO/NIO2 + OpenSSL there is much less of a requirement
> for APR/native.
>
> On the plus side, it is probably (mariginally?) faster in some
> scenarios.
>
> On the down side, it is less stable (we still get the odd crash
> report) and it is ~1200 lines of code.
>
> Dropping the APR/native connectors also opens up the possibility of
> a significantly trimmed down native library - or possibly even
> going directly to OpenSSL.
Unless OpenSSL starts providing a JNI binding, we'll always have to
have a wrapper for it. Hopefully, the OpenSSL group doesn't start
producing *more* code, as most of their problems seem to stem from
writing WAY too much code.
> It feels a bit late to do this for 9.0.x although we code if we
> wanted to. It is more of an option for 10.0.x.
>
> My current thinking is that we should drop APR/native for 10.0.x.
> What do others think?
+1 for removal of the APR/native *Connector*
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJZLbOXAAoJEBzwKT+lPKRYqU4P/jCkBsi4nAejgaV7Tc+lvBoz
O1u/96dR6fxPOZe/FAv4dnS4rHxueLJfQ7d2334tgo0dK20pA4ZqVHTcjYJNYDwA
yrQkKgMhxc9rPDvy0LMVmEF5jYMgu85ntKv1vEcX3IgOGUterzAxgkUl8ErE3DYT
xYLfZcqI71QdcUc9c/5ke4Z+Ls8R++C28HBnyiQoEOUA+/eBjPfFI+twLbAvv/7F
RTHA5Aer/ocpTGJvqz0iNuiAL8+7spk/Nf3MnfjPlZV4U+pa9R5wXQphp/fITccD
A8qmYDGTkTpptG3s2DmErS8OO9OtHwPbKrKiZtZP646ifxVYYdUkq9diUb2Ww4cC
sPvPTS1dhTQCvftxvPi8ZcjqmQWYUK7d0b/1GZCshrjZPl/EJAO2miTAtvoSH/Gl
m/GNpFOuir5F1K3ShaM3dq+0CkQrcVI3O5ioHDLZXAW1g1fTpw8n/OoGWFq5bTuw
kiVRP7qZHlLrPiNVUf8JTiSsHhcTtkUTM7gqjBwb4q3F87WjczMokbuQewfR0e/2
Zg7McoSXqiW6uN5aOkzpYB/g7WWYjZNrprELwQJjAXkfkmjKdKU0wQvqun+6lYCQ
BkFcBaN0nDMoQkkc24wuvOXRM0ipd5pePRpPwqIFUz6wRbclSka2RnhL9VslxCI0
xNnd72vUg7oUh7G7Halr
=KAyk
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Violeta Georgieva <vi...@apache.org>.
Hi,
2017-05-26 14:46 GMT+03:00 Mark Thomas <ma...@apache.org>:
>
> On 25/05/17 18:04, Christopher Schultz wrote:
> > All,
> >
> > At ApacheCon, a few of us were talking about things that could be
> > removed in upcoming versions of Tomcat. The issue of connectors came up,
> > and I was thinking that there doesn't seem to be a reason to have an
> > AjpApr connector any more.
> >
> > The APR flavor of the AJP connector was only useful when BIO was the
> > only IO strategy available, but now NIO has been available for some
> > time. APR really only gives a benefit when used with OpenSSL for TLS,
> > and since AJP doesn't use crypto, I think it's no longer necessary.
> >
> > I think we could even remove it as of Tomcat 9 if we want.
> >
> > What do others think?
>
> It is only 8 lines of code. It is probably simpler just to keep it than
> to take the time to document why that particular combination is no
> longer available.
>
> However, if you expand the proposal to removing the HTTP APR/native
> connector as well then that gets a lot more interesting.
>
> Now we have NIO/NIO2 + OpenSSL there is much less of a requirement for
> APR/native.
>
> On the plus side, it is probably (mariginally?) faster in some scenarios.
>
> On the down side, it is less stable (we still get the odd crash report)
> and it is ~1200 lines of code.
>
> Dropping the APR/native connectors also opens up the possibility of a
> significantly trimmed down native library - or possibly even going
> directly to OpenSSL.
>
> It feels a bit late to do this for 9.0.x although we code if we wanted
> to. It is more of an option for 10.0.x.
>
> My current thinking is that we should drop APR/native for 10.0.x. What
> do others think?
+1
Regards,
Violeta
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
Re: Proposal to remove AjpApr connector
Posted by Coty Sutherland <cs...@redhat.com>.
On May 26, 2017 07:46, "Mark Thomas" <ma...@apache.org> wrote:
On 25/05/17 18:04, Christopher Schultz wrote:
> All,
>
> At ApacheCon, a few of us were talking about things that could be
> removed in upcoming versions of Tomcat. The issue of connectors came up,
> and I was thinking that there doesn't seem to be a reason to have an
> AjpApr connector any more.
>
> The APR flavor of the AJP connector was only useful when BIO was the
> only IO strategy available, but now NIO has been available for some
> time. APR really only gives a benefit when used with OpenSSL for TLS,
> and since AJP doesn't use crypto, I think it's no longer necessary.
>
> I think we could even remove it as of Tomcat 9 if we want.
>
> What do others think?
It is only 8 lines of code. It is probably simpler just to keep it than
to take the time to document why that particular combination is no
longer available.
However, if you expand the proposal to removing the HTTP APR/native
connector as well then that gets a lot more interesting.
Now we have NIO/NIO2 + OpenSSL there is much less of a requirement for
APR/native.
On the plus side, it is probably (mariginally?) faster in some scenarios.
On the down side, it is less stable (we still get the odd crash report)
and it is ~1200 lines of code.
Dropping the APR/native connectors also opens up the possibility of a
significantly trimmed down native library - or possibly even going
directly to OpenSSL.
It feels a bit late to do this for 9.0.x although we code if we wanted
to. It is more of an option for 10.0.x.
My current thinking is that we should drop APR/native for 10.0.x. What
do others think?
+1
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Rémy Maucherat <re...@apache.org>.
2017-05-26 6:46 GMT-05:00 Mark Thomas <ma...@apache.org>:
> On 25/05/17 18:04, Christopher Schultz wrote:
> > All,
> >
> > At ApacheCon, a few of us were talking about things that could be
> > removed in upcoming versions of Tomcat. The issue of connectors came up,
> > and I was thinking that there doesn't seem to be a reason to have an
> > AjpApr connector any more.
> >
> > The APR flavor of the AJP connector was only useful when BIO was the
> > only IO strategy available, but now NIO has been available for some
> > time. APR really only gives a benefit when used with OpenSSL for TLS,
> > and since AJP doesn't use crypto, I think it's no longer necessary.
> >
> > I think we could even remove it as of Tomcat 9 if we want.
> >
> > What do others think?
>
> It is only 8 lines of code. It is probably simpler just to keep it than
> to take the time to document why that particular combination is no
> longer available.
>
> However, if you expand the proposal to removing the HTTP APR/native
> connector as well then that gets a lot more interesting.
>
> Now we have NIO/NIO2 + OpenSSL there is much less of a requirement for
> APR/native.
>
> On the plus side, it is probably (mariginally?) faster in some scenarios.
>
I can confirm it is faster, although it marginal ;)
>
> On the down side, it is less stable (we still get the odd crash report)
> and it is ~1200 lines of code.
>
> Dropping the APR/native connectors also opens up the possibility of a
> significantly trimmed down native library - or possibly even going
> directly to OpenSSL.
>
Yes, there was an experiment we did on that, the code reduction is
significant, although it doesn't bring any tangible benefit to the user (=
it's not faster or any easier to use).
>
> It feels a bit late to do this for 9.0.x although we code if we wanted
> to. It is more of an option for 10.0.x.
>
> My current thinking is that we should drop APR/native for 10.0.x. What
> do others think?
>
>
+1 for 10.
Rémy
Re: Proposal to remove AjpApr connector
Posted by Rainer Jung <ra...@kippdata.de>.
Am 30.05.2017 um 22:06 schrieb Emmanuel Bourg:
> On 05/26/2017 01:46 PM, Mark Thomas wrote:
>
>> It feels a bit late to do this for 9.0.x although we code if we wanted
>> to. It is more of an option for 10.0.x.
>
> Tomcat 9 is still in an alpha stage and not widely deployed yet. I
> wouldn't be shocked if APR was dropped in this release.
Dropping APR already in 9 would also be OK for me. Either 9 or 10. I
always felt uneasy with the combination of very bad potential problem
(process crash) and the difficulties to analyze root causes for the APR
connector.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Emmanuel Bourg <eb...@apache.org>.
On 05/26/2017 01:46 PM, Mark Thomas wrote:
> It feels a bit late to do this for 9.0.x although we code if we wanted
> to. It is more of an option for 10.0.x.
Tomcat 9 is still in an alpha stage and not widely deployed yet. I
wouldn't be shocked if APR was dropped in this release.
Emmanuel Bourg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Rainer Jung <ra...@kippdata.de>.
Am 26.05.2017 um 13:46 schrieb Mark Thomas:
> On 25/05/17 18:04, Christopher Schultz wrote:
>> All,
>>
>> At ApacheCon, a few of us were talking about things that could be
>> removed in upcoming versions of Tomcat. The issue of connectors came up,
>> and I was thinking that there doesn't seem to be a reason to have an
>> AjpApr connector any more.
>>
>> The APR flavor of the AJP connector was only useful when BIO was the
>> only IO strategy available, but now NIO has been available for some
>> time. APR really only gives a benefit when used with OpenSSL for TLS,
>> and since AJP doesn't use crypto, I think it's no longer necessary.
>>
>> I think we could even remove it as of Tomcat 9 if we want.
>>
>> What do others think?
>
> It is only 8 lines of code. It is probably simpler just to keep it than
> to take the time to document why that particular combination is no
> longer available.
>
> However, if you expand the proposal to removing the HTTP APR/native
> connector as well then that gets a lot more interesting.
>
> Now we have NIO/NIO2 + OpenSSL there is much less of a requirement for
> APR/native.
>
> On the plus side, it is probably (mariginally?) faster in some scenarios.
>
> On the down side, it is less stable (we still get the odd crash report)
> and it is ~1200 lines of code.
>
> Dropping the APR/native connectors also opens up the possibility of a
> significantly trimmed down native library - or possibly even going
> directly to OpenSSL.
>
> It feels a bit late to do this for 9.0.x although we code if we wanted
> to. It is more of an option for 10.0.x.
>
> My current thinking is that we should drop APR/native for 10.0.x. What
> do others think?
I'm also +1 for dropping in 10. We might want to also add a note to the
9 docs and deprecate it there, so that user's are aware of the coming
changes.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Proposal to remove AjpApr connector
Posted by Mark Thomas <ma...@apache.org>.
On 25/05/17 18:04, Christopher Schultz wrote:
> All,
>
> At ApacheCon, a few of us were talking about things that could be
> removed in upcoming versions of Tomcat. The issue of connectors came up,
> and I was thinking that there doesn't seem to be a reason to have an
> AjpApr connector any more.
>
> The APR flavor of the AJP connector was only useful when BIO was the
> only IO strategy available, but now NIO has been available for some
> time. APR really only gives a benefit when used with OpenSSL for TLS,
> and since AJP doesn't use crypto, I think it's no longer necessary.
>
> I think we could even remove it as of Tomcat 9 if we want.
>
> What do others think?
It is only 8 lines of code. It is probably simpler just to keep it than
to take the time to document why that particular combination is no
longer available.
However, if you expand the proposal to removing the HTTP APR/native
connector as well then that gets a lot more interesting.
Now we have NIO/NIO2 + OpenSSL there is much less of a requirement for
APR/native.
On the plus side, it is probably (mariginally?) faster in some scenarios.
On the down side, it is less stable (we still get the odd crash report)
and it is ~1200 lines of code.
Dropping the APR/native connectors also opens up the possibility of a
significantly trimmed down native library - or possibly even going
directly to OpenSSL.
It feels a bit late to do this for 9.0.x although we code if we wanted
to. It is more of an option for 10.0.x.
My current thinking is that we should drop APR/native for 10.0.x. What
do others think?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org