Return-Path: X-Original-To: apmail-httpd-modules-dev-archive@minotaur.apache.org Delivered-To: apmail-httpd-modules-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9B05217A2D for ; Thu, 16 Oct 2014 05:56:38 +0000 (UTC) Received: (qmail 34152 invoked by uid 500); 16 Oct 2014 05:56:38 -0000 Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org Received: (qmail 34104 invoked by uid 500); 16 Oct 2014 05:56:38 -0000 Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: modules-dev@httpd.apache.org Delivered-To: mailing list modules-dev@httpd.apache.org Received: (qmail 34092 invoked by uid 99); 16 Oct 2014 05:56:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Oct 2014 05:56:37 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of pon.umapathy@gmail.com designates 74.125.82.45 as permitted sender) Received: from [74.125.82.45] (HELO mail-wg0-f45.google.com) (74.125.82.45) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Oct 2014 05:56:11 +0000 Received: by mail-wg0-f45.google.com with SMTP id m15so2901432wgh.16 for ; Wed, 15 Oct 2014 22:56:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=m1tgy1F3MzP3ssfF0rmpFPlSZygOoJWDM7NtVnAMeV8=; b=Ycy/KEggMSRJ6M2cBx1eruR0NmMQCF7QZ5iOhqtuSeb/EbbJ/EkFS58KZimxnaE6Ny vYCJ/EXAmSd+k6V3SQF0+vEdOHdNOuaW0+DtodF9TcoKUF/nU+yZDD1KVaABx3/qkwAu p2bh7331D7zCO3+M/jaAp+yEZByX7//EHNSvKVJ8tHXpdDRrG8so+DZ2rkqMGON1B0Hp M6I0/NlABfb+UzYdOQA8hJUPhug5VFHf4Yis6HLkcPRSh77ue4JiQjz1HVaybbpJdZNf KutpkUWh6nxSdnItr34gW7mToHmDxpuSiXPlf4wA5eYAoUWkitb59/RXBDME6sTGcWm/ dKXg== MIME-Version: 1.0 X-Received: by 10.180.19.40 with SMTP id b8mr18018737wie.5.1413438970841; Wed, 15 Oct 2014 22:56:10 -0700 (PDT) Received: by 10.216.171.196 with HTTP; Wed, 15 Oct 2014 22:56:10 -0700 (PDT) Date: Thu, 16 Oct 2014 11:26:10 +0530 Message-ID: Subject: debugging ssl packet drop From: Pon Umapathy Kailash S To: modules-dev@httpd.apache.org Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org Hi, I am facing the an issue where a SSL packet from IE10 doesn't reach the client processing thread for a particular connection(more details below). Can you please provide me pointers on where to look/add more debug logs in the code to figure out what's happening? We use mpm worker threads. I have added support for websockets in a customised manner(as required for our application) inside apache. At a high level, it's done as follows: - the initial GET request with 101 code is handled by a handler hook function which computes the required security keys and sends back the response. Also, the socket on which the request came in is not closed(by maintaining a list and patching some parts of the apache code to not close if a socket is present in this list). - the child thread which processes this connection will relinquish the connection after the keep-alive timeout , which is ok since all we need is for the server to send messages to the client, with one exception. - At this point, the socket is recognised as a websocket client which is not yet authenticated(since from browsers we cannot set custom headers with the initial websocket connection request). - Authentication is done by the client sending the cookie as the 1st(and only) message on this connection to the server within the keep-alive timeout period(at which point the cookie is authenticated and the socket is marked as a valid, authenticated subscriber). (* there are other functions/timers to take care of stale, unauth connections etc) This works fine in all browsers with support for websockets with the following exceptions: IE10 over ssl(https/wss) and IE11 over ssl on 32-bit client machines. Doing a packet capture, we could figure out that the initial connection goes through fine and when the cookie is sent from the client, it reaches the server(and there's a tcp ack received at the client for this packet). However, the client processing this connection doesn't seem to receive this packet(this is well within the keep alive interval and the client thread is still actively processing that connection). Can you please let me know at which points in the code flow it might be useful to add debugging info to see where this is getting dropped? Regards, Umapathy