> -----Message d'origine-----
> De : Konstantin Kolinko <knst.koli...@gmail.com>
> Envoyé : lundi 12 avril 2021 17:10
> À : users@tomcat.apache.org
> Objet : Re: RemoteIpValve resolving localname is really slow
>
> пн, 12 апр. 2021 г. в 16:50, Bourdais Nicolas
> <nicolas.bourd...@bodet-software.com.invalid>:
> >
> > We are hosting our tomcats on windows vms behind a reverse proxy and have
> enabled RemoteIPValve.
> > In the same time we have many hardware which talk to tomcat through a
> vpn.
> > Recently we updated our tomcats to a more recent version (8.5.43 to 8.5.53)
> and our apps running on hardware through vpn had difficulties to talk to
> tomcat.
> >
> > We identified that these difficulties came from very slow localname
> resolution in RemoteIpValve when calling through vpn.
> > We added vpn IP to hosts file of our tomcat’s vms which resolved our errors.
> >
> > We found that these behaviour appeared with tomcat 8.5.44 and was a
> consequence of the new feature in RemoteIPValve and RemoteIpFilter :
> 'support x-forwarded-host’ id 57665.
> > Since this feature the valve begins by resolving localname (along
> > remoteAddr, remoteHost, serverName etc…) which in our case is time
> > consuming (> 5 s) and leads to communication errors
> >
> > Is this behaviour expected and necessary ?
> > Could localName be resolved only if changeLocalName is set to true ?
> > Should I comment on bugzilla ?
>
> 1. What is the configuration of your valve and your connectors?
>
Valve configuration is the default one.
Here is the full configuration
<Service name="Catalina">
<Connector port="8602" relaxedPathChars='[]' compression="force"
maxHttpHeaderSize="8192" maxPostSize="-1" protocol="HTTP/1.1"
maxThreads="300" minSpareThreads="25"
enableLookups="false" redirectPort="" acceptCount="100"
connectionTimeout="300000" disableUploadTimeout="true"
socketBuffer="64240" />
<Engine name="Catalina" defaultHost="localhost">
<Valve className="org.apache.catalina.valves.RemoteIpValve"/>
<Host name="localhost" appBase="webapps"
unpackWARs="false" autoDeploy="false">
</Host>
</Engine>
</Service>
> By default Tomcat does not perform a DNS lookup and thus there should not be
> noticeable timeouts. Can you show a stacktrace, what actually happens.
>
> https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Di
> agnostics#TroubleshootingandDiagnostics-CommonTroubleshootingScenario
>
I would'nt say that Tomcat perform a DNS lookup.
It's a native call that is performed by the following stack. We made a yourkit
profiling to find out why requests were longer than a previous tomcat.
java.net.Inet6AddressImpl.getHostByAddr(byte[]) Inet6AddressImpl.java (native)
java.net.InetAddress$2.getHostByAddr(byte[]) InetAddress.java:933
java.net.InetAddress.getHostFromNameService(InetAddress, boolean)
InetAddress.java:618
java.net.InetAddress.getHostName(boolean) InetAddress.java:560
java.net.InetAddress.getHostName() InetAddress.java:532
org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.populateLocalName()
NioEndpoint.java:1395
org.apache.tomcat.util.net.SocketWrapperBase.getLocalName()
SocketWrapperBase.java:231
org.apache.coyote.AbstractProcessor.action(ActionCode, Object)
AbstractProcessor.java:473
org.apache.coyote.Request.action(ActionCode, Object) Request.java:433
org.apache.catalina.connector.Request.getLocalName() Request.java:1335
org.apache.catalina.valves.RemoteIpValve.invoke(Request, Response)
RemoteIpValve.java:610
org.apache.catalina.connector.CoyoteAdapter.service(Request, Response)
CoyoteAdapter.java:343
org.apache.coyote.http11.Http11Processor.service(SocketWrapperBase)
Http11Processor.java:615
org.apache.coyote.AbstractProcessorLight.process(SocketWrapperBase,
SocketEvent) AbstractProcessorLight.java:65
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(SocketWrapperBase,
SocketEvent) AbstractProtocol.java:818
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun()
NioEndpoint.java:1623
org.apache.tomcat.util.net.SocketProcessorBase.run() SocketProcessorBase.java:49
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor$Worker)
ThreadPoolExecutor.java:1149
java.util.concurrent.ThreadPoolExecutor$Worker.run() ThreadPoolExecutor.java:624
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run()
TaskThread.java:61
java.lang.Thread.run() Thread.java:748
When I try to resolve localname by addr like what is called at
java.net.InetAddress$2.getHostByAddr(byte[]) outside of tomcat, in a
powershell, I get the same delay as in tomcat.
> 2. If one could confirm your trouble, it would better be filed as a new issue
> in
> Bugzilla.
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
