Re: general/3301: Severe performance problems under heavy load - not noticed in apache-1.3.1

10 Nov 1998 00:18:35 -0000 

Marc,

I've determined the problem and have developed a fix for my environment.
This fix will have to be generalized to be applicable to others - but the
process of completing the fix should now be pretty straight forward.

Here's the problem.....

I run my apache proxy behind a socks4 firewall.  Specifically, it is a
socks 4.2.2 firewall daemon.

In general, the process of "socksifying" apache is not totally correct.
In reality, we only want to socksify the the remote connection portion.
All local connections do NOT want to be socksified.  

The big problems occured in http_main.c.  In this routine, socks issues
both bind and accept calls.  These were causing increased fork system
calls (yes - socks will fork on a bind if the remote client is not ready
to talk to it).  Forcing Apache NOT to use socks in http_main.c cleared up
the problems.

To fix it, attached are three patch files.  They modify the behavior of
the Configure script (used to create the Makefiles), proxy_util.c (where
most of the proxy connections are performed), proxy_ftp.c (where the
special connections are preformed for non-pasv connections).

These are SOCK4.2.2 fixes only.  Continued review should be performed for
both SOCKS 4.3beta 2 users as well as the SOCKS5 users.  

I left the connection processing if rfc1413 alone (forced to used
non-socks connections) since I am assuming these are requesting data from
the local client.

Results of these fixes.....

1. Fast performance - yet - it really outperforms the Cern proxy now -
hands down.
2. Significantly reduced CPU utilization - I gained back about 1/2 of my
processor. 

Please let me know if you have any questions or comments.

ted keller - bfg.com


*** proxy_util.c.orig   Sat Nov  7 21:33:10 1998
--- proxy_util.c        Sat Nov  7 21:56:06 1998
***************
*** 1229,1235 ****
--- 1229,1241 ----
  
      ap_hard_timeout("proxy connect", r);
      do {
+ 
+ #ifdef SOCKS4
+       i = Rconnect(sock, (struct sockaddr *) addr, sizeof(struct 
sockaddr_in));
+ #else
        i = connect(sock, (struct sockaddr *) addr, sizeof(struct sockaddr_in));
+ #endif /* SOCK4 */
+ 
  #ifdef WIN32
        if (i == SOCKET_ERROR)
            errno = WSAGetLastError();

*** proxy_ftp.c.orig    Sat Nov  7 21:59:38 1998
--- proxy_ftp.c Sat Nov  7 22:08:22 1998
***************
*** 876,882 ****
--- 876,888 ----
  
      if (!pasvmode) {          /* set up data connection */
        clen = sizeof(struct sockaddr_in);
+ 
+ #ifdef SOCKS4
+       if (Rgetsockname(sock, (struct sockaddr *) &server, &clen) < 0) {
+ #else
        if (getsockname(sock, (struct sockaddr *) &server, &clen) < 0) {
+ #endif /* SOCKS4 */
+ 
            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
                         "proxy: error getting socket address");
            ap_bclose(f);
***************
*** 905,911 ****
--- 911,922 ----
  #endif /*_OSD_POSIX*/
        }
  
+ #ifdef SOCKS4
+       if (Rbind(dsock, (struct sockaddr *) &server,
+ #else
        if (bind(dsock, (struct sockaddr *) &server,
+ #endif /* SOCKS4 */
+ 
                 sizeof(struct sockaddr_in)) == -1) {
            char buff[22];
  
***************
*** 916,922 ****
--- 927,939 ----
            ap_pclosesocket(p, dsock);
            return HTTP_INTERNAL_SERVER_ERROR;
        }
+ 
+ #ifdef SOCKS4
+       Rlisten(dsock, 2);      /* only need a short queue */
+ #else
        listen(dsock, 2);       /* only need a short queue */
+ #endif /* SOCKS4 */
+ 
      }
  
  /* set request; "path" holds last path component */
***************
*** 1146,1152 ****
--- 1163,1175 ----
        ap_hard_timeout("proxy ftp data connect", r);
        clen = sizeof(struct sockaddr_in);
        do
+ 
+ #ifdef SOCK4
+           csd = Raccept(dsock, (struct sockaddr *) &server, &clen);
+ #else
            csd = accept(dsock, (struct sockaddr *) &server, &clen);
+ #endif /* socks4 */
+ 
        while (csd == -1 && errno == EINTR);
        if (csd == -1) {
            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,

*** Configure.orig      Wed Oct  7 05:19:30 1998
--- Configure   Sat Nov  7 22:19:58 1998
***************
*** 1275,1285 ****
  # otherwise we assume "-L/usr/local/lib -lsocks"
  if [ "$RULE_SOCKS4" = "yes" ]; then
      echo " + enabling SOCKS4 support"
!     CFLAGS="$CFLAGS -DSOCKS -DSOCKS4"
!     CFLAGS="$CFLAGS -Dconnect=Rconnect -Dselect=Rselect"
!     CFLAGS="$CFLAGS -Dgethostbyname=Rgethostbyname"
      if [ ".`grep EXTRA_ Makefile | grep lsocks`" = . ]; then
!       LIBS="$LIBS -L/usr/local/lib -lsocks"
      fi
      case $PLAT in
          *-solaris2* )
--- 1275,1287 ----
  # otherwise we assume "-L/usr/local/lib -lsocks"
  if [ "$RULE_SOCKS4" = "yes" ]; then
      echo " + enabling SOCKS4 support"
!       CFLAGS="$CFLAGS -DSOCKS -DSOCKS4"
! #    CFLAGS="$CFLAGS -DSOCKS -DSOCKS4"
! #    CFLAGS="$CFLAGS -Dconnect=Rconnect -Dselect=Rselect"
! #    CFLAGS="$CFLAGS -Dgethostbyname=Rgethostbyname"
      if [ ".`grep EXTRA_ Makefile | grep lsocks`" = . ]; then
! #     LIBS="$LIBS -L/usr/local/lib -lsocks"
!       LIBS="$LIBS -lsocks"
      fi
      case $PLAT in
          *-solaris2* )

Reply via email to