Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1E02410DA0 for ; Sun, 4 Aug 2013 22:38:29 +0000 (UTC) Received: (qmail 28172 invoked by uid 500); 4 Aug 2013 22:38:27 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 28113 invoked by uid 500); 4 Aug 2013 22:38:27 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 28105 invoked by uid 99); 4 Aug 2013 22:38:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 04 Aug 2013 22:38:27 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of minfrin@sharp.fm designates 174.143.229.200 as permitted sender) Received: from [174.143.229.200] (HELO chandler.sharp.fm) (174.143.229.200) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 04 Aug 2013 22:38:21 +0000 Received: from chandler.sharp.fm (localhost [127.0.0.1]) by chandler.sharp.fm (Postfix) with ESMTP id EAC58848060 for ; Sun, 4 Aug 2013 17:37:58 -0500 (CDT) Received: from [192.168.88.207] (pepperpotdsl.claranet.co.uk [217.158.253.219]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: minfrin@sharp.fm) by chandler.sharp.fm (Postfix) with ESMTP id 8ECAB848055 for ; Sun, 4 Aug 2013 17:37:58 -0500 (CDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Subject: Re: r1470679, async write completion, non blocking writes, and mod_ssl From: Graham Leggett In-Reply-To: <1965246.dTmAyLRneo@k> Date: Mon, 5 Aug 2013 00:37:57 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <1965246.dTmAyLRneo@k> To: dev@httpd.apache.org X-Mailer: Apple Mail (2.1508) X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Checked: Checked by ClamAV on apache.org On 04 Aug 2013, at 8:52 PM, Stefan Fritsch wrote: > Hi, >=20 > I did some testing/reviewing of the ssl/event backport proposal >=20 > * core, mod_ssl: Lift the restriction that prevents mod_ssl taking > full advantage of the event MPM. Enable the ability for a module > to reverse the sense of a poll event from a read to a write or > vice versa. >=20 > The general idea of the patch is good. Unfortunately, the current=20 > version doesn't have much effect. The problem is that the core output=20= > filter, which does all the decisions about buffering, flushing,=20 > blocking, and async write completion, comes after the ssl output=20 > filter. Therefore core_output_filter only sees encrypted data and=20 > never sees file buckets. Therefore it will only do async write=20 > completion if the encrypted data left to send for a request is less=20 > than THRESHOLD_MAX_BUFFER (64k). >=20 > To be more efficient the order of the filter doing the=20 > buffering/flushing decitions and the ssl output filter would have to=20= > be reversed. I haven't looked how this could be achieved. Maybe=20 > mod_ssl would have to do its encryption in a AP_FTYPE_NETWORK filter=20= > that comes after the core_output_filter(). >=20 > Does it make sense to backport the current state nonetheless? While it=20= > seems likely to me that the current API would be sufficient even if=20 > this issue is fixed, it may be prudent to wait with a backport until=20= > we know how the issue should be fixed exactly. Are you seeing a specific problem? The way openssl's async behaviour works, is that is the middle of a = read, openssl might need to write, and in the middle of a write, openssl = might need to read. Openssl tells you this through the codes = SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE. You receive these codes, = re-run the select or poll or whatever with the sense that openssl has = asked for, and you're done. It is that simple. Sure, httpd might do all sorts of buffering of reads and writes, but at = the end of the day it won't matter, because openssl will never attempt = to write-during read or read-during-write without asking you whether it = is ok first. I can see a potential problem if the core decided to buffer a write, but = in theory that could be solved by mod_ssl simply sending a flush bucket = down the stack whenever the sense changes. I don't see why the core = needs to care that the data is a file, or encrypted, or whatever, the = core should just do what the core does. Regards, Graham --