From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 1FCCD65161
for <pbs-devel@lists.proxmox.com>; Mon, 2 Nov 2020 16:10:38 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 0C2DB23FC4
for <pbs-devel@lists.proxmox.com>; Mon, 2 Nov 2020 16:10:08 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[212.186.127.180])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id CD7E823FB9
for <pbs-devel@lists.proxmox.com>; Mon, 2 Nov 2020 16:10:06 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 99A5546008
for <pbs-devel@lists.proxmox.com>; Mon, 2 Nov 2020 16:10:06 +0100 (CET)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Mon, 2 Nov 2020 16:10:05 +0100
Message-Id: <20201102151005.7489-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.417 Adjusted score from AWL reputation of From: address
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/,
medium trust
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pbs-devel] [PATCH proxmox-backup] fix #3106: correctly queue
incoming connections
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
<pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 15:10:38 -0000
For incoming connections, we mapped the results from TcpListeners
accept with 'try_filter_map', where we awaited tokio_openssl::accept
this resulted in blocking the incoming connection stream
to circumvent this, we accept the openssl connection in a seperate
tokio task (with timeout) and send the resulting connection to a
channel
hyper gets the wrapped receiver end of this channel
the tokio task accepting in a loop gets selected with the shutdown
future, to handle the shutdown gracefully
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
i am not sure if we need the select! at all, since on a shutdown, all
open futures get canceled anyway...
also, not sure here about logging, timeouts and channel size
i chose values that seemed sensible, but if anyone has suggestions
with actual reasoning, please say so
also the indentation seems weird, but rustfmt said this is the way..
src/bin/proxmox-backup-proxy.rs | 65 +++++++++++++++++++++++++--------
1 file changed, 49 insertions(+), 16 deletions(-)
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index 39254504..3eb92cbb 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -113,23 +113,56 @@ async fn run() -> Result<(), Error> {
let server = daemon::create_daemon(
([0,0,0,0,0,0,0,0], 8007).into(),
- |listener, ready| {
- let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)
- .map_err(Error::from)
- .try_filter_map(move |(sock, _addr)| {
- let acceptor = Arc::clone(&acceptor);
- async move {
- sock.set_nodelay(true).unwrap();
-
- let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
-
- Ok(tokio_openssl::accept(&acceptor, sock)
- .await
- .ok() // handshake errors aren't be fatal, so return None to filter
- )
+ |mut listener, ready| {
+ let (sender, receiver) = tokio::sync::mpsc::channel(100);
+
+ let accept_future = async move {
+ loop {
+ match listener.accept().await {
+ Ok((sock, _)) => {
+ let mut sender2 = sender.clone();
+ let acceptor = Arc::clone(&acceptor);
+ tokio::spawn(async move {
+ sock.set_nodelay(true).unwrap();
+ let _ = set_tcp_keepalive(
+ sock.as_raw_fd(),
+ PROXMOX_BACKUP_TCP_KEEPALIVE_TIME,
+ );
+
+ if let Ok(connection) = tokio::time::timeout(
+ Duration::new(60, 0),
+ tokio_openssl::accept(&acceptor, sock),
+ )
+ .await
+ {
+ if connection.is_err() {
+ // ignore ssl connection errors
+ return;
+ }
+ if let Err(err) =
+ sender2.send_timeout(connection, Duration::new(60, 0)).await
+ {
+ eprintln!("send error: {}", err);
+ }
+ } // ignore ssl timeout errors
+ });
+ }
+ Err(err) => {
+ eprintln!("error accepting tcp connection: {}", err);
+ }
}
- });
- let connections = proxmox_backup::tools::async_io::HyperAccept(connections);
+ }
+ };
+
+ // select with shutdown future for graceful shutdown
+ tokio::spawn(async move {
+ select! {
+ _ = accept_future.fuse() => {},
+ _ = server::shutdown_future().fuse() => {},
+ };
+ });
+
+ let connections = hyper::server::accept::from_stream(receiver);
Ok(ready
.and_then(|_| hyper::Server::builder(connections)
--
2.20.1