[GitHub] trafficserver pull request: TS-4661: SSL Client Connections not cl...

[shinrich]

GitHub user shinrich opened a pull request:

    https://github.com/apache/trafficserver/pull/669

    TS-4661: SSL Client Connections not closed.

    Ultimately the issue was that SSL connections that stall in the 
ProtocolTrampoline never have the inactivity timeout cleanup.  The problem was 
introduced in 6.0.0 due to an unfortunately interaction between the addition of 
the ssl_handshake_timeout_in and inactivity_timeout mechanism.  
    
    The problem occurs when ssl_handshake_timeout_in is set to 0, which is the 
scenario that @bcall and I were testing.  This causes 
vc->set_inactivity_timeout(0) to be called.  This sets 
vc->inactivity_timeout_in to 0 and vc->next_inactivity_timeout_at to current 
time.
    
    Looking at UnixNetVConnection::mainEvent, the inactivity timeout event is 
not propagate if inactivity_timeout_in is 0 even if next_inactivity_timeout_at 
is non-zero and less than the current time.
    
    Looking at check_inactivity, if next_inactivity_timeout_at is 0, it will 
call vc->set_inactivity_timeout with the default_inactivity_timeout.
    
    But since next_inactivity_timeout_at is not 0, the default is never set and 
inactivity_timeout_in is never set to non-zero, so the inactivity_timeout 
signal is never propagated and thus the connection is never closed.
    I adjusted set_inactivity_timeout to not set the next_inactivity_timeout_at 
if the argument is 0.  This fix has been tested in production against the 6.2 
code, and the client connections all close after the box is removed from 
traffic.
    
    This patch also includes a fix to add the Http1ClientSessions to the 
appropriate _queues.  That fix will be needed eventually, but wasn't essential 
for this particular scenario.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/shinrich/trafficserver ts-4461

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/669.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #669
    
----
commit a559295f4c36677e1f8044ac259591ce5bb48830
Author: Susan Hinrichs <shinr...@ieee.org>
Date:   2016-05-26T02:09:48Z

    TS-4661: SSL Client Connections not closed.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---