It seems I have tracked down the problem plagueing my client. It seems it has absolutely nothing to do with AcceptEx().
AcceptEx() is reporting errors because the previous proxy is aborting idle connections that Apache has not replied to in 150 seconds. That is causing the "specified network name is no longer available" errors. The real problem is why Apache does not handle those connections and it is because Apache is out of free threads. All of its threads are busy handling HTTP CONNECT methods (Apache was running as a proxy, remember). It seems that SSL connections are extremely long-lived, I have seen them last as long as 300 seconds. Also, mod_proxy_connect.so does not have any timeout code in it. The tunnel will be open until someone else closes it. (This may be how it is supposed to work, I'm not that familiar with SSL and HTTP CONNECT.) However, it seems to me that dedicating a thread or a process to run in a tight while-loop copying bytes back and forth between 2 sockets is an overkill. Would it be possible to have a dedicated thread/process for that and mod_proxy_connect would not handle the request itself, (perhaps create the backend connection) only pass the 2 sockets to the dedicated thread/process. Of course, the easy way out is to just increase the number of threads/processes, but then the question is how many threads/processes are enough to handle all HTTP CONNECTs and still have plenty to spare to handle plain HTTP traffic. I think the dedicated handler for HTTP CONNECTs would make more sense. Or would it be a really bad idea? -- Sami Tikka tel: +358 9 2520 5115 Senior Software Engineer fax: +358 9 2520 5013 F-Secure Corporation http://www.f-secure.com/ BE SURE
