7 Jul
2009
7 Jul
'09
9:53 a.m.
Hi Andrei!
Do you think this is also relevant for sip-router's TCP implementation?
regards
klaus
-------- Original-Nachricht --------
Betreff: Re: [Kamailio-Users] TCP supervisor process in Kamailio
Datum: Tue, 7 Jul 2009 15:00:49 +0200
Von: Pascal Maugeri <pascal.maugeri(a)gmail.com>
An: Daniel-Constantin Mierla <miconda(a)gmail.com>
CC: kamailio <users(a)lists.kamailio.org>
Referenzen:
<990aed650907070551k594ee26cl3056fa7090742e1b(a)mail.gmail.com>
<4A53466F.1070102(a)gmail.com>
On Tue, Jul 7, 2009 at 2:58 PM, Daniel-Constantin
Mierla<miconda(a)gmail.com> wrote:
Hello,
On 07/07/2009 02:51 PM, Pascal Maugeri wrote:
http://www.cs.rice.edu/CS/Architecture/docs/ram-ispass08.pdf (Section
4.3, page 6).
-pascal
Hi
I recently read the following in order to optimize OpenSER in handling
TCP connections:
"First, the TCP supervisor process must be given an elevated priority
level in order to prevent anomalous behavior due to the Linux
scheduler."
First of all, as this is quite old paper
where is this paper?
Thanks,
Daniel
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
(it refers to OpenSER 1.2),
I'm wondering if such a tuning is still needed for Kamailio 1.5 branch
? If yes, how can I do this ?
Regards,
Pascal
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
--
Daniel-Constantin Mierla
http://www.asipto.com/
7 Jul
7 Jul
1:22 p.m.
On Jul 07, 2009 at 15:53, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Hi Andrei!
Do you think this is also relevant for sip-router's TCP implementation?
The elevated priority for tcp_main is a good idea. I'll add a config
option for it (right now there are real time prio config options, but
only for the timer processes).
The rest of the paper does not apply to sr or recent ser versions
(fd cache was implemented long time ago, tcp timers are much better,
there is no known dealdock a.s.o.).
I also don't agree with what they are trying to prove (that TCP is
comparable with UDP in terms of scalability). While there might have
been some performance problems in early TCP implementations (and there
are still a few even in sr, at least until I'll add fd sharing), you
could never make sip over TCP use so few resources as sip over UDP.
It's not only slower (due to the extra complexity in dealing with TCP
connections, both in kernel and userspace, and due to the extra parsing
needed to find SIP message boundaries on TCP), but it uses way more
resources (lots of FDs, and lots of memory).
The same could be said also for SCTP. UDP is still the best option in
terms of performance and resources used.
Andrei
-------- Original-Nachricht --------
Betreff: Re: [Kamailio-Users] TCP supervisor process in Kamailio
Datum: Tue, 7 Jul 2009 15:00:49 +0200
Von: Pascal Maugeri <pascal.maugeri(a)gmail.com>
An: Daniel-Constantin Mierla <miconda(a)gmail.com>
CC: kamailio <users(a)lists.kamailio.org>
Referenzen:
<990aed650907070551k594ee26cl3056fa7090742e1b(a)mail.gmail.com>
<4A53466F.1070102(a)gmail.com>
On Tue, Jul 7, 2009 at 2:58 PM, Daniel-Constantin
Mierla<miconda(a)gmail.com> wrote:
Hello,
On 07/07/2009 02:51 PM, Pascal Maugeri wrote:
http://www.cs.rice.edu/CS/Architecture/docs/ram-ispass08.pdf (Section
4.3, page 6).
-pascal
Hi
I recently read the following in order to optimize OpenSER in handling
TCP connections:
"First, the TCP supervisor process must be given an elevated priority
level in order to prevent anomalous behavior due to the Linux
scheduler."
First of all, as this is quite old paper
where is this paper?
Thanks,
Daniel
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev (it refers to OpenSER 1.2),
I'm wondering if such a tuning is still needed for Kamailio 1.5 branch
? If yes, how can I do this ?
Regards,
Pascal
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
--
Daniel-Constantin Mierla
http://www.asipto.com/
9 Jul
9 Jul
4:27 a.m.
New subject: [Fwd: Re: [Kamailio-Users] TCP supervisor process in Kamailio]
Andrei Pelinescu-Onciul schrieb:
On Jul 07, 2009 at 15:53, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
Hi Andrei!
How are incoming TCP messages handled in detail? e.g. if there is
incoming data on a TCP connection: which process reads the data and
constructs the SIP message? Is this the supervisor (which handles only
full messages over to the TCP workers) or a worker?
What happens if a bad client only sends a half SIP message: is the
process blocked until the full message is received or is it able to read
from multiple connections concurrently?
thanks
klaus
Hi Andrei!
Do you think this is also relevant for sip-router's TCP implementation?
The elevated priority for tcp_main is a good idea. I'll add a config
option for it (right now there are real time prio config options, but
only for the timer processes).
The rest of the paper does not apply to sr or recent ser versions
(fd cache was implemented long time ago, tcp timers are much better,
there is no known dealdock a.s.o.).
5:41 a.m.
On Jul 09, 2009 at 10:27, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Andrei Pelinescu-Onciul schrieb:
It's the worker ("tcp_receiver" in sercmd ps output).
The supervisor ("tcp main") passes entire connections to the workers and
not messages.
When there is new data on a connection, tcp_main passes it to the
workers (round-robin). The worker that gets the connection will read
from it until it exhausts all the received data. After that it will start
a 5 s timeout. If no new data is received in this interval, it will
give-up the connection back to tcp_main. If new data is received, the
timeout will be extended (this timeout will keep connection with heavy
traffic in the same worker all the time allowing fast handling and it
will also accommodate traffic peaks).
So a worker will read the data from the tcp connection, build the sip
message and run the routing script.
On Jul 07, 2009 at 15:53, Klaus Darilion
<klaus.mailinglists(a)pernau.at>
wrote:
Hi Andrei!
How are incoming TCP messages handled in detail? e.g. if there is
incoming data on a TCP connection: which process reads the data and
constructs the SIP message? Is this the supervisor (which handles only
full messages over to the TCP workers) or a worker? Hi Andrei!
Do you think this is also relevant for sip-router's TCP implementation?
The elevated priority for tcp_main is a good idea. I'll add a config
option for it (right now there are real time prio config options, but
only for the timer processes).
The rest of the paper does not apply to sr or recent ser versions
(fd cache was implemented long time ago, tcp timers are much better,
there is no known dealdock a.s.o.).
What happens if a bad client only sends a half SIP message: is the
process blocked until the full message is received or is it able to read
from multiple connections concurrently?
No, each worker can handle as many concurrent connections as memory
allows. If you are thinking about the recently publicized (but quite
obvious to people writing proxies) "slowloris" HTTP DoS, it wouldn't
work (either on sip-router or any other *ser, kamailio a.s.o).
Note that the tcp code is optimized for lots of connections (e.g.
outbound proxy, registrar) and not for very few connections (e.g.
inter-domain). Last time I've checked (older ser version pre 2.1) it
could handle 120k tcp connections with traffic on them, on a 4Gb RAM
machine (2Gb ser/ 2Gb free/kernel). After that the kernel will start to
run out of mem.
Andrei
7:50 a.m.
New subject: [Fwd: Re: [Kamailio-Users] TCP supervisor process in Kamailio]
Andrei Pelinescu-Onciul schrieb:
On Jul 09, 2009 at 10:27, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
So, a worker will read from multiple connections concurrently and as
soon as it received a full SIP message from any of these connections, it
will process this single message. After message processing it continues
reading from the connections. E.g:
|------
tcpcon1---->|tcp_receiver
tcpcon2---->|
|------
1. data is available on con1: read the data, e.g. a half SIP message
2. data is available on con2: read the data, e.g. a half SIP message
3. data is available on con1: read the data, e.g. the second part of the
SIP message
4. a complete message is available (con1), process the message
5. data is available on con2: read the data, e.g. the second part of the
SIP message
6. a complete message is available (con2), process the message
Is this description correct?
thanks
Klaus
Andrei Pelinescu-Onciul schrieb:
It's the worker ("tcp_receiver" in sercmd ps output).
The supervisor ("tcp main") passes entire connections to the workers and
not messages.
When there is new data on a connection, tcp_main passes it to the
workers (round-robin). The worker that gets the connection will read
from it until it exhausts all the received data. After that it will start
a 5 s timeout. If no new data is received in this interval, it will
give-up the connection back to tcp_main. If new data is received, the
timeout will be extended (this timeout will keep connection with heavy
traffic in the same worker all the time allowing fast handling and it
will also accommodate traffic peaks).
So a worker will read the data from the tcp connection, build the sip
message and run the routing script. On Jul 07, 2009 at 15:53, Klaus Darilion
<klaus.mailinglists(a)pernau.at>
wrote:
Hi Andrei!
How are incoming TCP messages handled in detail? e.g. if there is
incoming data on a TCP connection: which process reads the data and
constructs the SIP message? Is this the supervisor (which handles only
full messages over to the TCP workers) or a worker? Hi Andrei!
Do you think this is also relevant for sip-router's TCP implementation?
The elevated priority for tcp_main is a good idea. I'll add a config
option for it (right now there are real time prio config options, but
only for the timer processes).
The rest of the paper does not apply to sr or recent ser versions
(fd cache was implemented long time ago, tcp timers are much better,
there is no known dealdock a.s.o.).
7:56 a.m.
On Jul 09, 2009 at 13:50, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Andrei Pelinescu-Onciul schrieb:
Yes, it is.
Andrei
On Jul 09, 2009 at 10:27, Klaus Darilion
<klaus.mailinglists(a)pernau.at>
wrote:
So, a worker will read from multiple connections concurrently and as
soon as it received a full SIP message from any of these connections, it
will process this single message. After message processing it continues
reading from the connections. E.g:
|------
tcpcon1---->|tcp_receiver
tcpcon2---->|
|------
1. data is available on con1: read the data, e.g. a half SIP message
2. data is available on con2: read the data, e.g. a half SIP message
3. data is available on con1: read the data, e.g. the second part of the
SIP message
4. a complete message is available (con1), process the message
5. data is available on con2: read the data, e.g. the second part of the
SIP message
6. a complete message is available (con2), process the message
Is this description correct?
Andrei Pelinescu-Onciul schrieb:
It's the worker ("tcp_receiver" in sercmd ps output).
The supervisor ("tcp main") passes entire connections to the workers and
not messages.
When there is new data on a connection, tcp_main passes it to the
workers (round-robin). The worker that gets the connection will read
from it until it exhausts all the received data. After that it will start
a 5 s timeout. If no new data is received in this interval, it will
give-up the connection back to tcp_main. If new data is received, the
timeout will be extended (this timeout will keep connection with heavy
traffic in the same worker all the time allowing fast handling and it
will also accommodate traffic peaks).
So a worker will read the data from the tcp connection, build the sip
message and run the routing script. On Jul 07, 2009 at 15:53, Klaus Darilion
<klaus.mailinglists(a)pernau.at>
wrote:
>Hi Andrei!
>
>Do you think this is also relevant for sip-router's TCP implementation?
The elevated priority for tcp_main is a good idea. I'll add a config
option for it (right now there are real time prio config options, but
only for the timer processes).
The rest of the paper does not apply to sr or recent ser versions
(fd cache was implemented long time ago, tcp timers are much better,
there is no known dealdock a.s.o.).
Hi Andrei!
How are incoming TCP messages handled in detail? e.g. if there is
incoming data on a TCP connection: which process reads the data and
constructs the SIP message? Is this the supervisor (which handles only
full messages over to the TCP workers) or a worker?
8:05 a.m.
New subject: [Fwd: Re: [Kamailio-Users] TCP supervisor process in Kamailio]
Andrei Pelinescu-Onciul schrieb:
On Jul 09, 2009 at 13:50, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
So, reading is completely non-blocking? Can it happen that the read from
the connection (polling) can block for any reason (in the supervisor or
worker)?
What about sending? If TCP asynch mode is enabled, who is sending - the
worker or the supervisor process? Is it possible that the sending blocks
(e.g. due to sending timeout, window-size 0, ...)?
regards
klaus
Andrei Pelinescu-Onciul schrieb:
Yes, it is. On Jul 09, 2009 at 10:27, Klaus Darilion
<klaus.mailinglists(a)pernau.at>
wrote:
So, a worker will read from multiple
connections concurrently and as
soon as it received a full SIP message from any of these connections, it
will process this single message. After message processing it continues
reading from the connections. E.g:
|------
tcpcon1---->|tcp_receiver
tcpcon2---->|
|------
1. data is available on con1: read the data, e.g. a half SIP message
2. data is available on con2: read the data, e.g. a half SIP message
3. data is available on con1: read the data, e.g. the second part of the
SIP message
4. a complete message is available (con1), process the message
5. data is available on con2: read the data, e.g. the second part of the
SIP message
6. a complete message is available (con2), process the message
Is this description correct? Andrei Pelinescu-Onciul schrieb:
> On Jul 07, 2009 at 15:53, Klaus Darilion <klaus.mailinglists(a)pernau.at>
> wrote:
>> Hi Andrei!
>>
>> Do you think this is also relevant for sip-router's TCP implementation?
> The elevated priority for tcp_main is a good idea. I'll add a config
> option for it (right now there are real time prio config options, but
> only for the timer processes).
> The rest of the paper does not apply to sr or recent ser versions
> (fd cache was implemented long time ago, tcp timers are much better,
> there is no known dealdock a.s.o.).
Hi Andrei!
How are incoming TCP messages handled in detail? e.g. if there is
incoming data on a TCP connection: which process reads the data and
constructs the SIP message? Is this the supervisor (which handles only
full messages over to the TCP workers) or a worker?
It's the worker
("tcp_receiver" in sercmd ps output).
The supervisor ("tcp main") passes entire connections to the workers and
not messages.
When there is new data on a connection, tcp_main passes it to the
workers (round-robin). The worker that gets the connection will read
from it until it exhausts all the received data. After that it will start
a 5 s timeout. If no new data is received in this interval, it will
give-up the connection back to tcp_main. If new data is received, the
timeout will be extended (this timeout will keep connection with heavy
traffic in the same worker all the time allowing fast handling and it
will also accommodate traffic peaks).
So a worker will read the data from the tcp connection, build the sip
message and run the routing script.
8:51 a.m.
On Jul 09, 2009 at 14:05, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Andrei Pelinescu-Onciul schrieb:
Yes, it's non-blocking. I can't say that's impossible to block
(there can always be a bug in some syscall or some unknown new bug),
but theoretically is shouldn't ever block (it's designed to be
non-blocking). If it does => critical bug.
So far I've never seen it blocking.
On Jul 09, 2009 at 13:50, Klaus Darilion
<klaus.mailinglists(a)pernau.at>
wrote:
So, reading is completely non-blocking? Can it happen that the read from
the connection (polling) can block for any reason (in the supervisor or
worker)?
Andrei Pelinescu-Onciul schrieb:
Yes, it is. On Jul 09, 2009 at 10:27, Klaus Darilion
<klaus.mailinglists(a)pernau.at>
wrote:
>Andrei Pelinescu-Onciul schrieb:
>>On Jul 07, 2009 at 15:53, Klaus Darilion
>><klaus.mailinglists(a)pernau.at> wrote:
>>>Hi Andrei!
>>>
>>>Do you think this is also relevant for sip-router's TCP
>>>implementation?
>>The elevated priority for tcp_main is a good idea. I'll add a config
>>option for it (right now there are real time prio config options, but
>>only for the timer processes).
>>The rest of the paper does not apply to sr or recent ser versions
>>(fd cache was implemented long time ago, tcp timers are much better,
>>there is no known dealdock a.s.o.).
>Hi Andrei!
>
>How are incoming TCP messages handled in detail? e.g. if there is
>incoming data on a TCP connection: which process reads the data and
>constructs the SIP message? Is this the supervisor (which handles only
>full messages over to the TCP workers) or a worker?
It's the worker ("tcp_receiver" in sercmd ps output).
The supervisor ("tcp main") passes entire connections to the workers and
not messages.
When there is new data on a connection, tcp_main passes it to the
workers (round-robin). The worker that gets the connection will read
from it until it exhausts all the received data. After that it will start
a 5 s timeout. If no new data is received in this interval, it will
give-up the connection back to tcp_main. If new data is received, the
timeout will be extended (this timeout will keep connection with heavy
traffic in the same worker all the time allowing fast handling and it
will also accommodate traffic peaks).
So a worker will read the data from the tcp connection, build the sip
message and run the routing script.
So, a worker will read from multiple connections
concurrently and as
soon as it received a full SIP message from any of these connections, it
will process this single message. After message processing it continues
reading from the connections. E.g:
|------
tcpcon1---->|tcp_receiver
tcpcon2---->|
|------
1. data is available on con1: read the data, e.g. a half SIP message
2. data is available on con2: read the data, e.g. a half SIP message
3. data is available on con1: read the data, e.g. the second part of the
SIP message
4. a complete message is available (con1), process the message
5. data is available on con2: read the data, e.g. the second part of the
SIP message
6. a complete message is available (con2), process the message
Is this description correct?
What about sending? If TCP asynch mode is enabled, who is sending - the
worker or the supervisor process? Is it possible that the sending blocks
(e.g. due to sending timeout, window-size 0, ...)?
In async mode the sending can be done directly by a "worker" (a tcp reader
process, a udp or sctp receiver) or by the supervisor.
On a fresh connection (no write data queued), a worker will attempt to
send directly. If it fails it enters async mode and it will queue the
data.
On a connection with data already queued (in "async mode"), the worker will
directly queue the data (will not attempt sending directly anymore).
All the "async" queued data is sent by the supervisor (in the future I
might add some write workers if it proves to make a difference in
tests). When all the async data was sent, the connection exists "async
mode" (the next worker will try again to send directly).
Almost all ser-side initiated connections will enter "async" mode when
they are first opened (because the connect() takes time and during the
connect phase the kernel does not queue any data on the socket, so we
have to do it in ser).
In async mode the send never blocks (with the same disclaimers as for
the non-blocking read). If no "real" send happens for tcp_send_timeout
(or tcp_connect_timeout if this is a not yet connected connection),
the connection will be closed, a failure will be reported and the
destination will be blacklisted. Same thing happens if the per
connection queued data exceeds tcp_conn_wq_max or the total queued data
in ser exceed tcp_wq_max.
Note that there are two data queues: one in the kernel (the socket write
buffer) and one in ser. Above by queued data I meant the data queued in
ser and not in the kernel.
Andrei
10:18 a.m.
New subject: [Fwd: Re: [Kamailio-Users] TCP supervisor process in Kamailio]
Hi Andrei!
Thanks for the detailed description, we should put it on the wiki.
Andrei Pelinescu-Onciul wrote:
In async mode the send never blocks (with the same
disclaimers as for
the non-blocking read). If no "real" send happens for tcp_send_timeout
(or tcp_connect_timeout if this is a not yet connected connection),
the connection will be closed, a failure will be reported and the
destination will be blacklisted. Same thing happens if the per
So, how does send_timeout work in async mode? The write is non-blocking,
that means the kernel accepts the data and the write/send function
returns immediately. Now, the kernel tries to send the data for
send_timeout seconds. If this fails, what happens now? Is there a
callback from kernel to ser or does ser somehow poll if the sending was
successful?
thanks
klaus
10:24 a.m.
On Jul 09, 2009 at 16:18, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Hi Andrei!
Thanks for the detailed description, we should put it on the wiki.
Andrei Pelinescu-Onciul wrote:
No, it does not work for data already queued in the kernel, only for
data queued in ser. So it's in fact the timeout for moving data from ser
buffers to kernel buffers and not a "on-the-wire" timeout.
In fact even in non-async mode the send_timeout is the same thing
(timeout for moving the data into the kernel socket buffers and not the
real send timeout).
We have real send timeouts only for sctp.
Andrei
In async mode the send never blocks (with the same
disclaimers as for
the non-blocking read). If no "real" send happens for tcp_send_timeout
(or tcp_connect_timeout if this is a not yet connected connection),
the connection will be closed, a failure will be reported and the
destination will be blacklisted. Same thing happens if the per
So, how does send_timeout work in async mode? The write is non-blocking,
that means the kernel accepts the data and the write/send function
returns immediately. Now, the kernel tries to send the data for
send_timeout seconds. If this fails, what happens now? Is there a
callback from kernel to ser or does ser somehow poll if the sending was
successful? 
12:14 p.m.
New subject: [Fwd: Re: [Kamailio-Users] TCP supervisor process in Kamailio]
Andrei Pelinescu-Onciul wrote:
In async mode the sending can be done directly by a "worker" (a tcp reader
process, a udp or sctp receiver) or by the supervisor.
On a fresh connection (no write data queued), a worker will attempt to
send directly. If it fails it enters async mode and it will queue the
data.
On a connection with data already queued (in "async mode"), the worker will
directly queue the data (will not attempt sending directly anymore).
All the "async" queued data is sent by the supervisor (in the future I
might add some write workers if it proves to make a difference in
tests). When all the async data was sent, the connection exists "async
mode" (the next worker will try again to send directly).
Almost all ser-side initiated connections will enter "async" mode when
they are first opened (because the connect() takes time and during the
connect phase the kernel does not queue any data on the socket, so we
have to do it in ser).
In async mode the send never blocks (with the same disclaimers as for
the non-blocking read). If no "real" send happens for tcp_send_timeout
(or tcp_connect_timeout if this is a not yet connected connection),
the connection will be closed, a failure will be reported and the
destination will be blacklisted. Same thing happens if the per
connection queued data exceeds tcp_conn_wq_max or the total queued data
in ser exceed tcp_wq_max.
Note that there are two data queues: one in the kernel (the socket write
buffer) and one in ser. Above by queued data I meant the data queued in
ser and not in the kernel.
Andrei
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
Andrei,
Could you please elaborate on SSL based connections, how are they handled?
The same as TCP-based.
Thanks
Vadim
13 Jul
13 Jul
6:42 a.m.
On Jul 09, 2009 at 18:14, Vadim Lebedev <vadim(a)mbdsys.com> wrote:
Andrei Pelinescu-Onciul wrote:
In principle yes. However the async mode is not supported yet for SSL,
so if a SSL write blocks, it will block the whole process.
There is also a problem with read. On SSL a read might block because it
wants to write data (SSL_ERROR_WANT_WRITE) if the kernel socket send
buffer is full. This could happen due to a key renegotiation. This case
is not handled and so a read blocked because it wants to write might
never be awaken (this read waiting for write condition ends only if the
peer sends more data or some ser process tries to send something on tls,
but if neither happen the read will be blocked until the connection
lifetime timeout hits and the connection is closed). Luckily in practice
key renegotiation is very seldom and even then there's a very low
probability of meeting all the condition needed to trigger this bug.
Support for making tls async and fixing the read problem is partially
commited, however this is low priority so it might take me a while until
I get back to it.
Another big problem is the licence of the module. The module is GPL
licensed but uses OpenSSL and since the openssl license adds additional
restrictions we need an openssl exemption granted by all of (c) holders.
However one of (c) holders is FSF, so we might need to remove all that
code (I don't think there is much remaining in the tls modules, but
still someone would need to do the checking).
Note that the above problems are common to all *ser versions. The main
differences between sip-router/ser 2.* and other versions are:
- proper locking (vs. relying on luck and few simultaneous connections)
- more workarounds for various openssl bugs
- support for domain config file (certificate and various options on a
per domain basis), which can be reloaded at runtime
- less work on tcp_main (supervisor) (vs more work in tcp_main and less
in the workers)
Andrei
In async mode the sending can be done directly by a "worker" (a tcp reader
process, a udp or sctp receiver) or by the supervisor.
On a fresh connection (no write data queued), a worker will attempt to
send directly. If it fails it enters async mode and it will queue the
data.
On a connection with data already queued (in "async mode"), the worker will
directly queue the data (will not attempt sending directly anymore).
All the "async" queued data is sent by the supervisor (in the future I
might add some write workers if it proves to make a difference in
tests). When all the async data was sent, the connection exists "async
mode" (the next worker will try again to send directly).
Almost all ser-side initiated connections will enter "async" mode when
they are first opened (because the connect() takes time and during the
connect phase the kernel does not queue any data on the socket, so we
have to do it in ser).
In async mode the send never blocks (with the same disclaimers as for
the non-blocking read). If no "real" send happens for tcp_send_timeout
(or tcp_connect_timeout if this is a not yet connected connection),
the connection will be closed, a failure will be reported and the
destination will be blacklisted. Same thing happens if the per
connection queued data exceeds tcp_conn_wq_max or the total queued data
in ser exceed tcp_wq_max.
Note that there are two data queues: one in the kernel (the socket write
buffer) and one in ser. Above by queued data I meant the data queued in
Andrei,
Could you please elaborate on SSL based connections, how are they handled?
The same as TCP-based.
5467
days inactive
5473
days old
11 comments
3 participants
participants (3)
-
Andrei Pelinescu-Onciul -
Klaus Darilion -
Vadim Lebedev