Reset inactivity timeout in SSL read loop.#2242
Reset inactivity timeout in SSL read loop.#2242shinrich wants to merge 190 commits intoapache:masterfrom
Conversation
(cherry picked from commit 547ac54)
(cherry picked from commit ffab45c)
BIO and BIO_METHOD were made opaque in OpenSSL 1.1 [1]. [1] https://www.openssl.org/news/changelog#x4 (cherry picked from commit 742f25c)
time_t may or may not be equivalent to long, it's up to the implementation. Fixes apache#1311 (cherry picked from commit 8ace435)
(cherry picked from commit 934e5d3)
Change-Id: I45c9cdbe305e8b3d186beafb87ab5f8c5b03b757 (cherry picked from commit 6e6607a)
Modify TSHttpTxnHookAdd to add hook only once. Change-Id: I737ca666cc05f2e2e2006cbef7f6b5a68b0eb71f (cherry picked from commit 78bd265)
(cherry picked from commit 9b8b25c)
…nal timeout event to SM (cherry picked from commit 977e27d)
Fixes apache#1340 (cherry picked from commit 8caf5cf)
complexity of ::size is not O(1). (cherry picked from commit 87ca6b4)
(cherry picked from commit 0d6dc58)
(cherry picked from commit f8afd36)
(cherry picked from commit 7fd2e4b)
Fixes apache#1353 (cherry picked from commit 69c760b)
(cherry picked from commit b95f4c6)
Fixes apache#1307 (cherry picked from commit d1f44c3)
(cherry picked from commit 6968355)
(cherry picked from commit 0235d55)
…/main.cc (cherry picked from commit e0a4e6e)
…gression Test (cherry picked from commit 8e8a4b4)
ATS to work (cherry picked from commit 2149929)
(cherry picked from commit 0fa2b66)
init_customizations() was added in Docutils 0.13. (cherry picked from commit 111e7f5)
We can use it in 0.12 and 0.13. (cherry picked from commit 977aa2c)
This will work better with the various OpenSSL forks. (cherry picked from commit 40310af)
…rror header. (cherry picked from commit 0abc78d)
HPACK Huffman code didn't care whether all padding bits are one. This is prohibited by the spec(Sec 5.2), and it must be treated as a decode error. (cherry picked from commit b228c13)
(cherry picked from commit ea60fd3)
…st transform start. The request transform would be applied to POST and/or PUT request. The server_vc should be established (writeable) before request transform start. The CheckConnect is created by connect_s, It will callback NET_EVENT_OPEN to HttpSM if server_vc is WRITE_READY, Otherwise NET_EVENT_OPEN_FAILED is callbacked. (cherry picked from commit 91724db)
(cherry picked from commit f43abe5)
(cherry picked from commit 0564042)
(cherry picked from commit 7fe208b)
(cherry picked from commit 55e576b) Conflicts: tests/gold_tests/body_factory/gold/http-get-304.gold
Based on prior patch TS-3109. (cherry picked from commit adf906d)
(cherry picked from commit 191aaef)
(cherry picked from commit eaffae3)
(cherry picked from commit 294135b)
(cherry picked from commit 84ecfc0)
|
I applied this patch and still see timeouts happening that match the timeout timer, even though data is flowing up with POST |
This reverts commit 6b4d1c6.
|
I am able to reproduce the effect that @realpdm is seeing by setting up a remap rule to httpbin I set the timeouts to 3 and 4 seconds. Then I issue a curl request with a 10MB post body. Curl returns "curl: (52) Empty reply from server" and I see ERR_CLIENT_ABORT in our access log. I added warning messages when we update the next_inactivity_timeout_at in the ssl_read_from_net and when we trigger the inactivity event. The logs show lots and lots of timeout updates (1 every ms or so). Then 3 seconds and the timeout event is sent. Then I did a tcpdump on the client side and server side. It shows that both sides are busy for quite a while uploading the post body. Then evidently the origin thinks about things for 3-4 seconds. Then ATS shuts down the connection to the client. Is it possible that your origin is just a bit overwhelmed with the large upload and is taking a couple seconds to process before responding? |
|
I don't think it is related to the origin because I can make it fail at particular times by adjusting the timeout. Ie, with the same file. It seems to be a total time on the transaction. If a file is small enough to upload within the timer, it works fine. If it is large enough it will fail at the value the timer is set to as the total transaction time (ttms). Example, I upload a 256MB file and set timer to 30s it will fail at Change timer to 5 seconds.. Change timer to 2 seconds.. "ttms":6411 with same error |
|
I thought moving Even if we update Therefore, the inactive timeout is still active while ATS is sending data to the origin server (red arrow in the figure), and it won't be done within
So, I think we have to get out of the loop at times, and should send the received data to the origin server, and probably the timeout should be canceled when ATS received the last part of POST data. |
|
@maskit I see your point. If the client is super aggressive and never leaves the loop, we will suck the entire 10MB post body into a buffer (which is bad on several levels). That isn't what I was seeing from my packet traces for a curl off-box. |
shinrich
force-pushed
the
post_no_activity
branch
from
2c8075e to
44029f4
Compare
|
Bleah. Tried to update with my latest experiment. Forgot that I was working against 7.1.x. Close and will reopen. |
20 participants
Reset inactivity timeout after every successful SSL_read. Hopefully avoids timeouts during POST.