httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sami Tikka" <sami.ti...@f-secure.com>
Subject Re: Win32DisableAcceptex
Date Fri, 16 Apr 2004 20:04:17 GMT
It seems I have tracked down the problem plagueing my client. It seems
it has absolutely nothing to do with AcceptEx().

AcceptEx() is reporting errors because the previous proxy is aborting
idle connections that Apache has not replied to in 150 seconds. That is
causing the "specified network name is no longer available" errors.

The real problem is why Apache does not handle those connections and it
is because Apache is out of free threads. All of its threads are busy
handling HTTP CONNECT methods (Apache was running as a proxy, remember).

It seems that SSL connections are extremely long-lived, I have seen them
last as long as 300 seconds. Also, mod_proxy_connect.so does not have
any timeout code in it. The tunnel will be open until someone else
closes it. (This may be how it is supposed to work, I'm not that familiar
with SSL and HTTP CONNECT.)

However, it seems to me that dedicating a thread or a process to run in
a tight while-loop copying bytes back and forth between 2 sockets is an
overkill. Would it be possible to have a dedicated thread/process for
that and mod_proxy_connect would not handle the request itself, (perhaps
create the backend connection) only pass the 2 sockets to the dedicated
thread/process.

Of course, the easy way out is to just increase the number of
threads/processes, but then the question is how many threads/processes
are enough to handle all HTTP CONNECTs and still have plenty to spare to
handle plain HTTP traffic. I think the dedicated handler for HTTP
CONNECTs would make more sense. Or would it be a really bad idea?

-- 
Sami Tikka                          tel: +358 9 2520 5115
Senior Software Engineer            fax: +358 9 2520 5013
F-Secure Corporation                http://www.f-secure.com/
BE SURE

Mime
View raw message