[
https://issues.apache.org/jira/browse/TS-1883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216557#comment-14216557
]
Leif Hedstrom edited comment on TS-1883 at 8/15/16 9:07 PM:
------------------------------------------------------------
Actually, if we look at the do_http_server_open() code in 5.x more closely, we
see that only the CONNECT method will set up the timeouts here. See the code
snippet below with some extra SKH comments.
It appears for the other methods, attach_server_session() sets up an inactivity
timeout to enforce the connect timeout. This appears to hold for both http and
https (if we are proxying the https). Verified by examining the code and
setting break points while passing through requests.
I'm guessing that this code has evolved since it was reported in 3.x, and was
fixed along the way.
In the non-proxy case, the SSL logic does not go through any of this. But I am
assuming that this bug is concerning itself only with the proxied SSL
connections.
{code}
if (scheme_to_use == URL_WKSIDX_HTTPS) {
DebugSM("http", "calling sslNetProcessor.connect_re");
int len = 0;
const char * host = t_state.hdr_info.server_request.host_get(&len);
opt.set_sni_servername(host, len);
connect_action_handle = sslNetProcessor.connect_re(this, // state machine
&t_state.current.server->addr.sa, // addr + port
&opt);
} else {
// SKH - If I'm anything other than a connect method, go ahead and set up
the connections
if (t_state.method != HTTP_WKSIDX_CONNECT) {
DebugSM("http", "calling netProcessor.connect_re");
connect_action_handle = netProcessor.connect_re(this, // state machine
&t_state.current.server->addr.sa, // addr + port
&opt);
} else {
// Setup the timeouts
// Set the inactivity timeout to the connect timeout so that we
// we fail this server if it doesn't start sending the response
// header
MgmtInt connect_timeout;
// SKH Only t_state.method == HTTP_WKSIDX_CONNECT should get here, so
this first case doesn't make any sense
// SKH In any case, the connect timeout is only passed into the connect_s
code for the method=CONNECT case
if (t_state.method == HTTP_WKSIDX_POST || t_state.method ==
HTTP_WKSIDX_PUT) {
connect_timeout = t_state.txn_conf->post_connect_attempts_timeout;
} else if (t_state.current.server == &t_state.parent_info) {
connect_timeout = t_state.http_config_param->parent_connect_timeout;
} else {
if (t_state.pCongestionEntry != NULL)
connect_timeout = t_state.pCongestionEntry->connect_timeout();
else
connect_timeout = t_state.txn_conf->connect_attempts_timeout;
}
DebugSM("http", "calling netProcessor.connect_s");
connect_action_handle = netProcessor.connect_s(this, // state machine
&t_state.current.server->addr.sa, // addr + port
connect_timeout, &opt);
}
}
{code}
was (Author: shinrich):
Actually, if we look at the do_http_server_open() code in 5.x more closely, we
see that only the CONNECT method will set up the timeouts here. See the code
snippet below with some extra SKH comments.
It appears for the other methods, attach_server_session() sets up an inactivity
timeout to enforce the connect timeout. This appears to hold for both http and
https (if we are proxying the https). Verified by examining the code and
setting break points while passing through requests.
I'm guessing that this code has evolved since it was reported in 3.x, and was
fixed along the way.
In the non-proxy case, the SSL logic does not go through any of this. But I am
assuming that this bug is concerning itself only with the proxied SSL
connections.
if (scheme_to_use == URL_WKSIDX_HTTPS) {
DebugSM("http", "calling sslNetProcessor.connect_re");
int len = 0;
const char * host = t_state.hdr_info.server_request.host_get(&len);
opt.set_sni_servername(host, len);
connect_action_handle = sslNetProcessor.connect_re(this, // state machine
&t_state.current.server->addr.sa, // addr + port
&opt);
} else {
// SKH - If I'm anything other than a connect method, go ahead and set up
the connections
if (t_state.method != HTTP_WKSIDX_CONNECT) {
DebugSM("http", "calling netProcessor.connect_re");
connect_action_handle = netProcessor.connect_re(this, // state machine
&t_state.current.server->addr.sa, // addr + port
&opt);
} else {
// Setup the timeouts
// Set the inactivity timeout to the connect timeout so that we
// we fail this server if it doesn't start sending the response
// header
MgmtInt connect_timeout;
// SKH Only t_state.method == HTTP_WKSIDX_CONNECT should get here, so
this first case doesn't make any sense
// SKH In any case, the connect timeout is only passed into the connect_s
code for the method=CONNECT case
if (t_state.method == HTTP_WKSIDX_POST || t_state.method ==
HTTP_WKSIDX_PUT) {
connect_timeout = t_state.txn_conf->post_connect_attempts_timeout;
} else if (t_state.current.server == &t_state.parent_info) {
connect_timeout = t_state.http_config_param->parent_connect_timeout;
} else {
if (t_state.pCongestionEntry != NULL)
connect_timeout = t_state.pCongestionEntry->connect_timeout();
else
connect_timeout = t_state.txn_conf->connect_attempts_timeout;
}
DebugSM("http", "calling netProcessor.connect_s");
connect_action_handle = netProcessor.connect_s(this, // state machine
&t_state.current.server->addr.sa, // addr + port
connect_timeout, &opt);
}
}
> SSL origin connections do not support connection timeouts
> ---------------------------------------------------------
>
> Key: TS-1883
> URL: https://issues.apache.org/jira/browse/TS-1883
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, SSL
> Reporter: James Peach
> Fix For: 7.0.0
>
>
> In {{proxy/http/HttpSM.cc}}, we can see that origin connections do not
> support timeouts if the scheme is HTTPS:
> {code}
> void
> HttpSM::do_http_server_open(bool raw)
> {
> ...
> if (t_state.scheme == URL_WKSIDX_HTTPS) {
> DebugSM("http", "calling sslNetProcessor.connect_re");
> connect_action_handle = sslNetProcessor.connect_re(this, // state
> machine
>
> &t_state.current.server->addr.sa, // addr + port
> &opt);
> } else {
> ...
> // Setup the timeouts
> // Set the inactivity timeout to the connect timeout so that we
> // we fail this server if it doesn't start sending the response
> // header
> MgmtInt connect_timeout;
> if (t_state.method == HTTP_WKSIDX_POST || t_state.method ==
> HTTP_WKSIDX_PUT) {
> connect_timeout = t_state.txn_conf->post_connect_attempts_timeout;
> } else if (t_state.current.server == &t_state.parent_info) {
> connect_timeout = t_state.http_config_param->parent_connect_timeout;
> } else {
> if (t_state.pCongestionEntry != NULL)
> connect_timeout = t_state.pCongestionEntry->connect_timeout();
> else
> connect_timeout = t_state.txn_conf->connect_attempts_timeout;
> }
> DebugSM("http", "calling netProcessor.connect_s");
> connect_action_handle = netProcessor.connect_s(this, // state
> machine
>
> &t_state.current.server->addr.sa, // addr + port
> connect_timeout, &opt);
> ...
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
