[
https://issues.apache.org/jira/browse/TS-1424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13748237#comment-13748237
]
Alan M. Carroll commented on TS-1424:
-------------------------------------
I have a patch for master that seems to work. I need to clean it up and see if
I can apply it to 3.2.X.
It's not very complex, basically the key is to noticed the EADDRNOTAVAIL return
from connect and shut down the client connection at that point in the SM
processing. Making that happen without other things crashes was much more
challenging. The 502 responses seem to be removed, at least from this cause.
This should also not break other things as it is only done in this specific
case (and should make the failover to a new port faster, because it doesn't
wait on retries at all but immediately shuts down).
> Transparent proxy with proxy.config.http.use_client_source_port==1 has
> problems if the client is keep-alive and the origin server is not.
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: TS-1424
> URL: https://issues.apache.org/jira/browse/TS-1424
> Project: Traffic Server
> Issue Type: Bug
> Environment: 3.2 with transparent (TProxy) interception +
> proxy.config.http.use_client_source_port = 1
> Reporter: B Wyatt
> Assignee: Alan M. Carroll
> Fix For: 3.3.2
>
>
> As keep-alive is hop-to-hop ATS will happily support client keep-alive in
> instances where an Origin Server terminates the connection after each
> transaction.
> However, when using proxy.config.http.use_client_source_port this behavior
> can cause some sites to break.
> When the client is kept alive, subsequent requests are made rapidly and with
> the same 4-tuple for addressing. Since ATS is trying to match the 4-tuple
> (due to proxy.config.http.use_client_source_port) it enters a 3-way race
> between:
> # the FIN, FIN/ACK packets being exchanged with the origin server and the new
> request packets from the client. If the OS is slow it is possible that ATS
> will attempt to reconnect with the same port/address before the connection is
> legitimately closed.
> # Kernel timers for PAWS and recently closed sockets. This is different (and
> much shorter) than the time-wait state and there is no way to disable it
> # Everything working out just fine and the connection establishing like normal
> The best repro case I've seen is a slow origin server that serves pages in
> <frame> tags from the same host but does not support keep-alive
> (http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp for
> instance)
> It is possible that simply respecting a servers keep-alive settings when
> using proxy.config.http.use_client_source_port would work as the original
> client would change the 4-tuple address for its next connection.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
