ssl debugging
Fred Moyer
fred at redhotpenguin.com
Sat Apr 5 00:04:08 UTC 2008
Mark Smith wrote:
>> Any pointers you might offer if we wanted to work on a patch that would
>> allow for a Perlbal SSL enabled webserver? It
>> would be nice to get this working for us and others.
>
> Around line 505 of ClientHTTPBase.pm where it calls reproxy_fh, that's
> where the logic begins to do the sendfile work. Instead of doing
> that, you would have to start basically doing aio_reads against the
> file, then send the bytes out...
>
> You'd have to have some sort of 'disable sendfile' flag on
> ClientHTTPBase, and then change the logic... actually you could
> probably just change the reproxy_fh function to Do The Right Thing.
> Just remember to aio_read.
Here's a first try at this, I had a bit of free time last night so I
thought I would give it a shot. No new tests fail, and it _appears_ to
be working ok. But I don't have a good handle on if this is the right
approach or not. I ripped some of this off from the Palimg plugin, and
I am still really green on the Perlbal internals. So any comments welcome!
> There might want to be some sort of warning, if someone turns on ssl
> on web_server mode, print, 'Hey, this doesn't use sendfile and can
> suffer a performance penalty!' or something to let the admin know
> what's going on.
I added this at runtime per request, but am still digging through the
startup process to understand how I would implement this at startup.
fred at fjnord ~/svn/perlbal/trunk $ svn diff
Index: lib/Perlbal/ClientHTTPBase.pm
===================================================================
--- lib/Perlbal/ClientHTTPBase.pm (revision 770)
+++ lib/Perlbal/ClientHTTPBase.pm (working copy)
@@ -215,11 +215,41 @@
$self->{reproxy_fh} = $fh;
$self->{reproxy_file_offset} = 0;
$self->{reproxy_file_size} = $size;
- # call hook that we're reproxying a file
- return $fh if $self->{service}->run_hook("start_send_file", $self);
- # turn on writes (the hook might not have wanted us to)
- $self->watch_write(1);
- return $fh;
+
+ my $is_ssl_webserver = ( $self->{service}->{listener}->{sslopts} &&
+ ( $self->{service}->{role} eq
'web_server') );
+
+ unless ($is_ssl_webserver) {
+ # call hook that we're reproxying a file
+ return $fh if $self->{service}->run_hook("start_send_file",
$self);
+ # turn on writes (the hook might not have wanted us to)
+ $self->watch_write(1);
+ return $fh;
+ } else { # use aio_read for ssl webserver instead of sendfile
+
+ print "webserver in ssl mode, sendfile disabled!\n"
+ if $Perlbal::DEBUG >= 3;
+
+ # turn off writes
+ $self->watch_write(0);
+ #create filehandle for reading
+ my $data = '';
+ Perlbal::AIO::aio_read($self->reproxy_fh, 0, 2048, $data, sub {
+ # got data? undef is error
+ return $self->_simple_response(500) unless $_[0] > 0;
+
+ # seek into the file now so sendfile starts further in
+ my $ld = length $data;
+ sysseek($self->{reproxy_fh}, $ld, &POSIX::SEEK_SET);
+ $self->{reproxy_file_offset} = $ld;
+ # reenable writes after we get data
+ $self->tcp_cork(1); # by setting reproxy_file_offset above,
+ # it won't cork, so we cork it
+ $self->write($data);
+ $self->watch_write(1);
+ });
+ return 1;
+ }
}
return $self->{reproxy_fh};
More information about the perlbal
mailing list