Hi Susan, James, Just reproduced same behavior on latest master.
1) TS_SSL_SNI_HOOK gets called: #0 CB_servername (contp=0x2877b90, event=18, edata=0x2b9bfc0195a0) at ../ts-tls.cc:27 #1 0x0000000000519503 in INKContInternal::handle_event (this=0x2877b90, event=18, edata=0x2b9bfc0195a0) at InkAPI.cc:1004 #2 0x000000000050536c in Continuation::handleEvent (this=0x2877b90, event=18, data=0x2b9bfc0195a0) at ../iocore/eventsystem/I_Continuation.h:146 #3 0x0000000000519d1d in APIHook::invoke (this=0x28c0780, event=18, edata=0x2b9bfc0195a0) at InkAPI.cc:1223 #4 0x000000000073dabc in SSLNetVConnection::callHooks (this=0x2b9bfc0195a0, eventId=TS_SSL_SNI_HOOK) at SSLNetVConnection.cc:1239 #5 0x0000000000740631 in ssl_servername_callback (ssl=0x2b9c00000900, ad=0x2b9be2b2a8fc) at SSLUtils.cc:319 #6 0x00002b9bd253653d in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0 #7 0x00002b9bd2521660 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0 #8 0x00002b9bd2525bdd in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0 #9 0x00002b9bd25334a4 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0 #10 0x0000000000745ba2 in SSLAccept (ssl=0x2b9c00000900) at SSLUtils.cc:1922 #11 0x000000000073cccc in SSLNetVConnection::sslServerHandShakeEvent (this=0x2b9bfc0195a0, err=@0x2b9be2b2ac9c: 0) at SSLNetVConnection.cc:955 #12 0x000000000073c9a4 in SSLNetVConnection::sslStartHandShake (this=0x2b9bfc0195a0, event=0, err=@0x2b9be2b2ac9c: 0) at SSLNetVConnection.cc:874 #13 0x000000000073af55 in SSLNetVConnection::net_read_io (this=0x2b9bfc0195a0, nh=0x2b9be2f44a30, lthread=0x2b9be2f41010) at SSLNetVConnection.cc:433 2) Hook returns TS_SUCCESS without calling TSVConnTunnel 3) SSLAccept returns SSL_ERROR_WANT_SNI_RESOLVE (SSLNetVConnection.cc:955) 4) SSLNetVConnection::sslServerHandShakeEvent returns EVENT_CONT (SSLNetVConnection.cc:1046) 5) sslStartHandshake returns EVENT_CONT (SSLNetVConnection.cc:433) 6) SSLNetVConnection::net_read_io calls readReschedule, which triggers net_read_io 7) goto 1 Am I doing anything wrong? The part of a small test plugin code is here: http://pastebin.com/gL6u1Sny 2015-01-05 18:49 GMT+02:00 James Peach <[email protected]>: > >> On Jan 5, 2015, at 8:40 AM, Lev Stipakov <[email protected]> wrote: >> >> Hello, >> >> >> In my plugin I play with SNI callback which was introduced in TS-3006. >> I have patched OpenSSL, made iptables route packets to ATS and was >> able to start a blind tunnel from TS_SSL_SNI_HOOK callback. So far so >> good. >> >> However I'd like to make decision on blind tunnel / proxying / closing >> connection at some point in the future. So I start a thread, where I >> do some calculations and call, say, TSVConnTunnel(). >> >> The problem is that while thread does some work (it may take, say, >> second), my TS_SSL_SNI_HOOK gets continuously called. Because of that >> I have to keep state that particular SSL connection is already >> processed and, much more important, that continuous calling eats CPU a >> lot. > > I don't think that any subsequent hooks are supposed to be called until you > re-enable the vconn with TSVConnReenable(). > >> What I would like to have is to make ATS call TS_SSL_SNI_HOOK *just >> once* and, when TSVConnTunnel is called from a thread, start a blind >> tunnel (latter seems to be already implemented). >> >> This will probably require some changes in SSLNetVConnection, could >> someone please point me where should I start looking at and (or) maybe >> give some advices how this can be achieved. >> >> -- >> -Lev > -- -Lev
