httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TOKI...@aol.com
Subject Re: HTTP Protocol Question
Date Thu, 17 Apr 2003 13:31:16 GMT

Hi Bill...

FWIW... If you were considering 'internet' versus
'intranet' for your idea then I think the real concern
would proably have to be what any 'inline' proxy
might do with your 'full-duplex' scenario.

I just happened to have Microsoft's ISA proxy
running on a box here this moring so I thought I
would give your idea a try.

It's doesn't seem to work.

The ISA Proxy 'plumbing' seems to get all
munged up when it suddenly starts getting
'full-duplex' traffic instead of 'half-duplex'.

The ISAPI engine in ISA just seems to
get all confused.

You would think that it would just be similar
to a real SSL CONNECT request in progress
and the SF_NOTIFY_RECEIVE_RAW_DATA
and the SF_NOTIFY_SEND_RAW_DATA 
event sinks would just be ping-ponging back
and forth... but you would be wrong.

That's not what happens.

ISA seems stuck in 'half-duplex' during the POST
and whatever the Server might be trying to say
back is just ganging up in some receive buffer
somewhere and SF_NOTIFY_SEND_RAW_DATA
is not firing when it should to fulfill the 'full-duplex'
part of the conversation.

It seems as if the ISAPI engine itself is not going
to pay attention to what the Server is saying until
all of the POST data has been uploaded.

The exeception, of course, seems to be if there
ends up an actual socket error during the POST
data upload. Only then does the ISA ISAPI turn
around and say 'Gee... I can't send any more
data... maybe I should check my receive buffer
to see if the Server sent an error page'.

Sure enough... SF_NOTIFY_SEND_RAW_DATA
then fires and you 'see' the error page sent by
Server in the middle of the POST data upload
but only because the connection was DROPPED
and it stopped the SF_NOTIFY_RECEIVE_RAW_DATA
event sinks from firing.

Weird.

Regular SSL CONNECT requests absolutely REQUIRE
full-duplex and that all seems to be fine, of course, but
it looks like non-SSL CONNECT stuff is simply stuck
in half-duplex at all times.

I am sure a lot of other proxies are coded this way.
The only time you will get true full-duplex is if it's
an actual SSL CONNECT 'pass-through' going on.

Later...
Kevin

Mime
View raw message