Hi Lev,
I didn't see that kind of behavior when working with the ssl_cert_loader
(one of the experimental plugins). It also spawns a thread in the case
where it needs to load a certificate from a file. Are you perhaps
calling TSVConnReenable() in the case that you want to delay? That
would cause SSL logic to get called too soon perhaps causing the SNI
callback to be triggered again.
I'll get my plugin set up again and double check that I'm not seeing
thread flicker.
Susan
On 1/5/2015 10:40 AM, Lev Stipakov wrote:
Hello,
In my plugin I play with SNI callback which was introduced in TS-3006.
I have patched OpenSSL, made iptables route packets to ATS and was
able to start a blind tunnel from TS_SSL_SNI_HOOK callback. So far so
good.
However I'd like to make decision on blind tunnel / proxying / closing
connection at some point in the future. So I start a thread, where I
do some calculations and call, say, TSVConnTunnel().
The problem is that while thread does some work (it may take, say,
second), my TS_SSL_SNI_HOOK gets continuously called. Because of that
I have to keep state that particular SSL connection is already
processed and, much more important, that continuous calling eats CPU a
lot.
What I would like to have is to make ATS call TS_SSL_SNI_HOOK *just
once* and, when TSVConnTunnel is called from a thread, start a blind
tunnel (latter seems to be already implemented).
This will probably require some changes in SSLNetVConnection, could
someone please point me where should I start looking at and (or) maybe
give some advices how this can be achieved.
