[jira] [Resolved] (TS-3456) SSL blind tunnel sometimes not created

Mon, 30 Mar 2015 08:07:24 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-3456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Susan Hinrichs resolved TS-3456.
--------------------------------
       Resolution: Fixed
    Fix Version/s:     (was: 6.0.0)
                   5.3.0

Pushed Lev's fix. Verified it via the sni-ssl-whitelist plugin as well.

> SSL blind tunnel sometimes not created 
> ---------------------------------------
>
>                 Key: TS-3456
>                 URL: https://issues.apache.org/jira/browse/TS-3456
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Plugins, SSL
>            Reporter: Lev Stipakov
>            Assignee: Susan Hinrichs
>             Fix For: 5.3.0
>
>         Attachments: ts-3456-2.diff, ts-tls.cc
>
>
> Hello,
> I made a simple plugin that sets up TS_SSL_SNI_HOOK and creates a
> blind tunnel from a separate thread. With low load everything works
> fine, but with moderate load (100 simultaneous users, each user sends
> 200 HTTPS requests) I see somewhat strange behavior.
> On a client side I use Tsung, which creates users and sends number of
> requests per user. For each user Tsung waits for a response before
> sending a new request, so if response never arrives, a particular user
> (and the whole test) stalls.
> So, with load mentioned above I see few 'stalled' connections on both
> client and proxy – netstat shows them as ”established”, ATS seems to
> have data structures for those (checked
> proxy.process.net.connections_currently_open value), but no traffic
> goes between proxy and client.
> Client side (.175):
> tcp 0 0 10.133.3.175:40737 10.133.3.250:443 ESTABLISHED 14332/beam.smp
> (more similar connections here)
> Proxy side (.250 is a server):
> tcp 0 0 10.133.3.250:443 10.133.3.175:40737 ESTABLISHED 28117/traffic_serve
> (more similar connections here)
> I checked traffic.out log and found out that
> ”SSLNextProtocolAccept:mainEvent” does not get called as many times as
> it should. This can probably be explained by the fact that client does
> not send requests for given user anymore if response to previous
> request hasn't been received. Which, in turn, may indicate that at
> some point tunnel has not been created.
> The interesting thing is that everything works fine if a tunnel is
> created directly from TS_SSL_SNI_HOOK but not from the separate
> thread.
> The plugin code is very simple – I set up TS_SSL_SNI_HOOK and start a
> thread with TSThreadCreate. When hook got called, I push TSVConn to a
> thread-safe queue. The thread wakes up when item has been pushed,
> calls TSVConnTunnel / TSVConnReenable for given vconn and then waits
> for the next item. I have attached the code.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to