[jira] [Created] (TS-1424) Transparent proxy with proxy.config.http.use_client_source_port==1 has problems if the client is keep-alive and the origin server is not.

Tue, 28 Aug 2012 09:02:07 -0700 

B Wyatt created TS-1424:
---------------------------

             Summary: Transparent proxy with 
proxy.config.http.use_client_source_port==1 has problems if the client is 
keep-alive and the origin server is not.
                 Key: TS-1424
                 URL: https://issues.apache.org/jira/browse/TS-1424
             Project: Traffic Server
          Issue Type: Bug
         Environment: 3.2 with transparent (TProxy) interception + 
proxy.config.http.use_client_source_port = 1
            Reporter: B Wyatt
            Assignee: Alan M. Carroll


As keep-alive is hop-to-hop ATS will happily support client keep-alive in 
instances where an Origin Server terminates the connection after each 
transaction. 

However, when using proxy.config.http.use_client_source_port this behavior can 
cause some sites to break.  

When the client is kept alive, subsequent requests are made rapidly and with 
the same 4-tuple for addressing.  Since ATS is trying to match the 4-tuple (due 
to proxy.config.http.use_client_source_port) it enters a 3-way race between: 

# the FIN, FIN/ACK packets being exchanged with the origin server and the new 
request packets from the client.  If the OS is slow it is possible that ATS 
will attempt to reconnect with the same port/address before the connection is 
legitimately closed.
# Kernel timers for PAWS and recently closed sockets.  This is different (and 
much shorter) than the time-wait state and there is no way to disable it
# Everything working out just fine and the connection establishing like normal

The best repro case I've seen is a slow origin server that serves pages in 
<frame> tags from the same host but does not support keep-alive 
(http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp for instance)

It is possible that simply respecting a servers keep-alive settings when using 
proxy.config.http.use_client_source_port would work as the original client 
would change the 4-tuple address for its next connection.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to