Hi,
On 12/04/2023 18:00, Kishore Mokkarala wrote:
Thanks Emmanuel for the quick response.I have few more questions on the
upgrade.Please do the needful.
If i want to upgrade from Apache mina 2.0.21 to mina 2.2.1 what all steps
do i need to follow ?
There are two pages that explains the diffence between 2.0 and 2.1, and
2. and 2.2:
* https://mina.apache.org/mina-project/2.1-vs-2.0.html
* https://mina.apache.org/mina-project/2.2-vs-2.1.html
The 2.1 vs 2.0 difference is mainly about the way we detect a secured
session. It's pretty trivial.
The 2.2. vs 2.1 migration is a bit more complicated, *if* you were using
startTLS.
Otherwise, it's pretty straightforward.
ALso note that teh SSL handler has been completeley reworked in 2.2.
Is it just a jar file change in the classpath or do i need to do any more
changes ?
It should be just about changing the jar.
Also we are also using https for communication ? in this case what all
changes are needed ?
Nothing, AFAICT.
I have seen there is a change the way we pass the SNI host name in 2.0.21
vs 2.2.1 ?
Hmmm, not that I remeber. Do you have any pointer?
First of all is it recommended to migrate from 2.0.21 to mina 2.2.1 ?
Oh yes! Simply because the SSL rewrite was necessary, also because 2.2
branch is clearly the one we maintain.
will the state machine work without doing any changes ?
It should not have changed.
Hope it helps.
Regards,
------------------------------------------
M.V.S.Kishore
On Mon, 10 Apr 2023 at 18:42, Emmanuel Lécharny <elecha...@gmail.com> wrote:
Hi,
Mina 2.0 branch is pretty old (5 years) and we have made significant
changes in the 2.1 and more important the 2.2 branches. You should
seriously consider migrating to 2.2. That being said:
- 40 seconds to do whatever that was taking a few milliseconds snounds
like a major regression, aka bug.
- If you weren't using the HTTP part of MINA, migrating to 2.0.23 makes
little sense. The CVE only impacts the HTTP decoder. In other words, if
it's working, don't break it...
- We don't have enough context to tell you what could go wrong in your
code. If you provide some piece of code we can run, we can investigate,
otherwise it's like shouting in the dark... Typically, we have no clue
about what the gpbMessageFilter does.
On 10/04/2023 13:37, Kishore Mokkarala wrote:
Hi,
There was a security vulnerability in mina 2.0.21,So we were migrated
from apache mina 2.0.21 to 2.0.23,locally in the dev environment
everything
looks good, but in production we are facing connection timeout issue with
the mina version 2.0.23.
For connection set up it was taking 10-20 milliseconds (less than a
second)
with the old version (2.0.21).
With the new version even after 40 seconds connection was timed out.
We use the same NioSocketConnector instance for opening 100
parallel connections.
*Question:*
*My query is why it is taking more time more than 40 seconds for opening
the socket with the new version ?*
We are not using https communication.
*Could you please suggest a work around.*
What's happening in the below code is mina is time out after 40 seconds
and
also IO session has been created using state machine in separate
threads,both are running in two parallel threads,This issue is not seen
with the mina 2.0.21 version.
*Here is the code snippet.*
private static final ExecutorFilter executorFilter = new
ExecutorFilter(16,32);
StateMachine stateMachine =
StateMachineFactory.getInstance(IoHandlerTransition.class).create(
G10MinaClient.CONNECTED, new G10MinaClient(processor));
IoHandler ioHandler = new
StateMachineProxyBuilder().setStateContextLookup(
new IoSessionStateContextLookup(new
StateContextFactory() {
@Override
public StateContext create() {
final G10StateContext stateContext = new
G10StateContext();
stateContext.setStartedTime(new Date());
return stateContext;
}
})).create(IoHandler.class, stateMachine);
NioSocketConnector connector = new NioSocketConnector();
connector.getFilterChain().addLast("LoggingFilter",
G10CaptureService.loggingFilter);
connector.getFilterChain().addLast("codecFilter",
G10CaptureService.probeCodecFilter);
connector.getFilterChain().addLast("executorFilter",
G10CaptureService.executorFilter);
connector.getFilterChain().addLast("gpbMessageFilter",
G10CaptureService.gpbMessageFilter);
connector.getFilterChain().addLast("keepAliveFilter",
G10CaptureService.keepAliveFilter);
connector.setHandler(ioHandler);
ConnectFuture primaryConnectFuture = connector.connect(primaryAddress,
initializer);
if (!primaryConnectFuture.awaitUninterruptibly(MINA_CLOSE_TIMEOUT))
//MINA_CLOSE_TIMEOUT is 40 seconds
{
if (handleIOException(searchExpression,
captureHandler)) {
return;
}
LOG.info("{} Apache mina connection setup time out
happend.",
handleConnectionFailed(primaryAddress,
captureHandler,
"Primary IP connection timeout");
return;
}
Regards,
M.V.S.Kishore
91-9886412814
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@mina.apache.org
For additional commands, e-mail: users-h...@mina.apache.org
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@mina.apache.org
For additional commands, e-mail: users-h...@mina.apache.org
