[
https://issues.apache.org/jira/browse/TS-1424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13749284#comment-13749284
]
ASF subversion and git services commented on TS-1424:
-----------------------------------------------------
Commit f63b27d5220c95cd95764fb0ca0cb4e648b2f055 in branch refs/heads/master
from [~amc]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=f63b27d ]
TS-1424: Fix KeepAlive 4-tuple collision for transparent proxy
> Transparent proxy with proxy.config.http.use_client_source_port==1 has
> problems if the client is keep-alive and the origin server is not.
> -----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: TS-1424
> URL: https://issues.apache.org/jira/browse/TS-1424
> Project: Traffic Server
> Issue Type: Bug
> Environment: 3.2 with transparent (TProxy) interception +
> proxy.config.http.use_client_source_port = 1
> Reporter: B Wyatt
> Assignee: Alan M. Carroll
> Fix For: 4.1.0
>
> Attachments: ts-1424-3-2-x.diff
>
>
> As keep-alive is hop-to-hop ATS will happily support client keep-alive in
> instances where an Origin Server terminates the connection after each
> transaction.
> However, when using proxy.config.http.use_client_source_port this behavior
> can cause some sites to break.
> When the client is kept alive, subsequent requests are made rapidly and with
> the same 4-tuple for addressing. Since ATS is trying to match the 4-tuple
> (due to proxy.config.http.use_client_source_port) it enters a 3-way race
> between:
> # the FIN, FIN/ACK packets being exchanged with the origin server and the new
> request packets from the client. If the OS is slow it is possible that ATS
> will attempt to reconnect with the same port/address before the connection is
> legitimately closed.
> # Kernel timers for PAWS and recently closed sockets. This is different (and
> much shorter) than the time-wait state and there is no way to disable it
> # Everything working out just fine and the connection establishing like normal
> The best repro case I've seen is a slow origin server that serves pages in
> <frame> tags from the same host but does not support keep-alive
> (http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp for
> instance)
> It is possible that simply respecting a servers keep-alive settings when
> using proxy.config.http.use_client_source_port would work as the original
> client would change the 4-tuple address for its next connection.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
