ssl debugging

[Fred Moyer]

Mark Smith wrote:
>> Any pointers you might offer if we wanted to work on a patch that would
>> allow for a Perlbal SSL enabled webserver?  It
>> would be nice to get this working for us and others.
> 
> Around line 505 of ClientHTTPBase.pm where it calls reproxy_fh, that's
> where the logic begins to do the sendfile work.  Instead of doing
> that, you would have to start basically doing aio_reads against the
> file, then send the bytes out...
> 
> You'd have to have some sort of 'disable sendfile' flag on
> ClientHTTPBase, and then change the logic... actually you could
> probably just change the reproxy_fh function to Do The Right Thing.
> Just remember to aio_read.

Here's a first try at this, I had a bit of free time last night so I 
thought I would give it a shot.  No new tests fail, and it _appears_ to 
be working ok.  But I don't have a good handle on if this is the right 
approach or not.  I ripped some of this off from the Palimg plugin, and 
I am still really green on the Perlbal internals.  So any comments welcome!

> There might want to be some sort of warning, if someone turns on ssl
> on web_server mode, print, 'Hey, this doesn't use sendfile and can
> suffer a performance penalty!' or something to let the admin know
> what's going on.

I added this at runtime per request, but am still digging through the 
startup process to understand how I would implement this at startup.


fred at fjnord ~/svn/perlbal/trunk $ svn diff
Index: lib/Perlbal/ClientHTTPBase.pm
===================================================================
--- lib/Perlbal/ClientHTTPBase.pm       (revision 770)
+++ lib/Perlbal/ClientHTTPBase.pm       (working copy)
@@ -215,11 +215,41 @@
          $self->{reproxy_fh} = $fh;
          $self->{reproxy_file_offset} = 0;
          $self->{reproxy_file_size} = $size;
-        # call hook that we're reproxying a file
-        return $fh if $self->{service}->run_hook("start_send_file", $self);
-        # turn on writes (the hook might not have wanted us to)
-        $self->watch_write(1);
-        return $fh;
+
+        my $is_ssl_webserver = ( $self->{service}->{listener}->{sslopts} &&
+                               ( $self->{service}->{role} eq 
'web_server') );
+
+        unless ($is_ssl_webserver) {
+            # call hook that we're reproxying a file
+            return $fh if $self->{service}->run_hook("start_send_file", 
$self);
+            # turn on writes (the hook might not have wanted us to)
+            $self->watch_write(1);
+            return $fh;
+        } else { # use aio_read for ssl webserver instead of sendfile
+
+            print "webserver in ssl mode, sendfile disabled!\n"
+                           if $Perlbal::DEBUG >= 3;
+
+            # turn off writes
+            $self->watch_write(0);
+            #create filehandle for reading
+            my $data = '';
+            Perlbal::AIO::aio_read($self->reproxy_fh, 0, 2048, $data, sub {
+                # got data? undef is error
+                return $self->_simple_response(500) unless $_[0] > 0;
+
+                # seek into the file now so sendfile starts further in
+                my $ld = length $data;
+                sysseek($self->{reproxy_fh}, $ld, &POSIX::SEEK_SET);
+                $self->{reproxy_file_offset} = $ld;
+                # reenable writes after we get data
+                $self->tcp_cork(1); # by setting reproxy_file_offset above,
+                                    # it won't cork, so we cork it
+                $self->write($data);
+                $self->watch_write(1);
+            });
+            return 1;
+        }
      }

      return $self->{reproxy_fh};