Do not collapse ssl_crtd requests across reconfigurations 2 #228
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In this new approach each Ssl::Helper object has its own GeneratorRequests map (used for collapsing). Since a reconfiguration creates a new Sll::Helper, the collapsed request are not shared across reconfigurations.
rousskov
requested changes
Sep 14, 2023
src/helper.cc
Outdated
| @@ -132,7 +132,7 @@ HelperServerBase::dropQueued() | |||
| void *cbdata; | |||
| if (cbdataReferenceValidDone(r->request.data, &cbdata)) { | |||
| r->reply.result = Helper::Unknown; | |||
| r->request.callback(cbdata, r->reply); | |||
| parentHelper()->callBack(r->request.callback, cbdata, r->reply); | |||
There was a problem hiding this comment.
Instead of adding a virtual parentHelper() -- a red flag for several reasons -- I would rather add a Helper::Client reference as a dropQueued() parameter.
src/helper.cc
Outdated
| result = Helper::Unknown; | ||
| callback(data, Helper::Reply(Helper::Unknown)); | ||
| } else { // pretend the helper has responded with ERR | ||
| hlp->callBack(callback, data, Helper::Reply(Helper::Error)); |
There was a problem hiding this comment.
Please do not send answers to never-submitted queries through the helper. Keep the old direct callback-calling code virtually unchanged here.
There was a problem hiding this comment.
Left this code as-is in PR229..
src/helper.cc
Outdated
| @@ -576,6 +574,12 @@ helper::submit(const char *buf, HLPCB * callback, void *data) | |||
| debugs(84, DBG_DATA, Raw("buf", buf, strlen(buf))); | |||
| } | |||
|
|
|||
| void | |||
| helper::callBack(HLPCB *callback, void *data, const Helper::Reply &reply) | |||
There was a problem hiding this comment.
Most likely, this method should take just Xaction or Request+Reply parameters, not raw data+Reply.
There was a problem hiding this comment.
Without SubmissionFailure() changes, we do not need these parameters of course. In PR229, callBack() takes a single Xaction * argument.
rousskov
requested changes
Sep 28, 2023
src/ssl/helper.h
Outdated
| /** | ||
| * Set of thread for ssl_crtd. This class is singleton. | ||
| * This class use helper structure for threads management. | ||
| */ | ||
| class Helper | ||
| class Helper : public ::Helper::Client |
There was a problem hiding this comment.
Please use this formatting variation for new and modified class declarations:
Suggested change
| class Helper : public ::Helper::Client | |
| class Helper: public ::Helper::Client |
src/ssl/helper.h
Outdated
| /// query:GeneratorRequest map | ||
| using GeneratorRequests = std::unordered_map<SBuf, GeneratorRequest*>; | ||
|
|
||
| explicit Helper(const char *name): Helper::Client(name) {} |
There was a problem hiding this comment.
Suggested change
| explicit Helper(const char *name): Helper::Client(name) {} | |
| explicit Helper(const char * const name): Helper::Client(name) {} |
src/ssl/helper.h
Outdated
| static Pointer Make(const char *name) { return new Helper(name); } | ||
|
|
||
| /// pending Helper requests (to all certificate generator helpers combined) | ||
| GeneratorRequests generatorRequests; |
There was a problem hiding this comment.
If possible, please make this and related type alias declaration private.
and restored the (lost) removal of processed queries from generatorRequests map.
src/ssl/helper.h
Outdated
| /** | ||
| * Set of thread for ssl_crtd. This class is singleton. | ||
| * This class use helper structure for threads management. | ||
| */ | ||
| class Helper | ||
| class Helper : public ::Helper::Client |
src/ssl/helper.h
Outdated
| /// query:GeneratorRequest map | ||
| using GeneratorRequests = std::unordered_map<SBuf, GeneratorRequest*>; | ||
|
|
||
| explicit Helper(const char *name): Helper::Client(name) {} |
src/ssl/helper.h
Outdated
| static Pointer Make(const char *name) { return new Helper(name); } | ||
|
|
||
| /// pending Helper requests (to all certificate generator helpers combined) | ||
| GeneratorRequests generatorRequests; |
Now it is unlocked before it gets deleted in Ssl::HandleGeneratorReply(). With the previous approach, it was unlocked in Helper::Request destructor after Ssl::HandleGeneratorReply() - the memory would not leak in this case. The updated callBack() looks more in line with the base Helper::Client::callBack().
We must remove GeneratorRequest object (and clear its generatorRequests map entry) if Helper::Client::trySubmit() returns an error or throws.
Temporalily added compiler '-H' option to figure out why sbuf/Algorithms.h is missed on the buildserver.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Squid collapses ssl_crtd requests on a pending request with an identical
helper query. This collapsing “works” across Squid reconfigurations even
though the old helper responsible for the first request is replaced with
a new one during reconfiguration; that old helper must complete
servicing pending requests.
However, since the helper program itself could have been changed (just
prior to reconfiguration), it is conceptually wrong for
post-reconfiguration requests to reuse the old helper program response:
Squid must conservatively assume that the response may have changed
because the helper protocol does not allow Squid to validate the
freshness of the helper response (to a collapsed request). Such blind
reuse also creates runtime problems if a buggy helper never responds to
a request X, stalling all the new requests getting collapsed on X (until
a Squid restart).
To avoid this post-reconfiguration collapsing, we now switch to a new
GeneratorRequests object during reconfiguration, instead of keeping
all collapsed requests in a global GeneratorRequests object.