httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: [PATCH]1. SHMEM (repost)
Date Wed, 07 Nov 2001 06:13:15 GMT
-----Original Message-----
From: Justin Erenkrantz [mailto:jerenkrantz@ebuilt.com]
>Can you please post the SHMHT / SHMCB patches?  I'm still not sold on 
>why we need the shared memory management at all.  If you can provide a 
>good use for this (i.e. whatever SHMHT is), that may provide some 
>impetus for adding this.  

I've just posted them :-).. SHMHT (hash table in SHM) allocated / releases
memory for the different buckets as and when the connections are cached /
expired.. What we require here is a method where I can dynamically allocate
and release memory - as would any hash table implementation need.. If you
require further information, pl. do let me know..

>I guess I'd also like to know what value this shared memory cache adds
>for mod_ssl.  I'm not at all clear on how shared memory would make
>SSL any better - as SSL is only a connection-oriented protocol and
>shouldn't use shared memory.  None of the MPMs in httpd migrate 
>connections between processes (I don't see this changing anytime soon).
>Since SSL works on the connection level, I'm not sure what this is.  
>So, I guess some explanation here would do wonders.  -- justin


SSL works based on SESSIONS.. So, when a certificate is exchanged and the
ciphers negotiated, a Session key is generated. This session key is valid
for a TIMEOUT period. During this TIMEOUT period, if the client wishes to
connect to the server again, it can just send this session key, and there'll
be no need to exchange the certificates and negotiate the ciphers.. This
reduces the negotiation time by atleast 50%.. (i can't tell the exact
timings..).. So, what the server needs to do is : cache these session keys
and the corresponding information - so, when the client comes back, we have
all the client information ready, verify it against the client credentials
and get going..  
There are a couple of methods this can be acheived - DBM or SHM OR File
etc.. Since access to SHM is faster/reliable than DBM, it's the preferred
method.. 

If you're still not clear, pl. do let me know - I'll try explaining again..

Thx
-Madhu


Mime
View raw message