From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 1FCCD65161 for ; Mon, 2 Nov 2020 16:10:38 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 0C2DB23FC4 for ; Mon, 2 Nov 2020 16:10:08 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id CD7E823FB9 for ; Mon, 2 Nov 2020 16:10:06 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 99A5546008 for ; Mon, 2 Nov 2020 16:10:06 +0100 (CET) From: Dominik Csapak To: pbs-devel@lists.proxmox.com Date: Mon, 2 Nov 2020 16:10:05 +0100 Message-Id: <20201102151005.7489-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.417 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup] fix #3106: correctly queue incoming connections X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Nov 2020 15:10:38 -0000 For incoming connections, we mapped the results from TcpListeners accept with 'try_filter_map', where we awaited tokio_openssl::accept this resulted in blocking the incoming connection stream to circumvent this, we accept the openssl connection in a seperate tokio task (with timeout) and send the resulting connection to a channel hyper gets the wrapped receiver end of this channel the tokio task accepting in a loop gets selected with the shutdown future, to handle the shutdown gracefully Signed-off-by: Dominik Csapak --- i am not sure if we need the select! at all, since on a shutdown, all open futures get canceled anyway... also, not sure here about logging, timeouts and channel size i chose values that seemed sensible, but if anyone has suggestions with actual reasoning, please say so also the indentation seems weird, but rustfmt said this is the way.. src/bin/proxmox-backup-proxy.rs | 65 +++++++++++++++++++++++++-------- 1 file changed, 49 insertions(+), 16 deletions(-) diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index 39254504..3eb92cbb 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -113,23 +113,56 @@ async fn run() -> Result<(), Error> { let server = daemon::create_daemon( ([0,0,0,0,0,0,0,0], 8007).into(), - |listener, ready| { - let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener) - .map_err(Error::from) - .try_filter_map(move |(sock, _addr)| { - let acceptor = Arc::clone(&acceptor); - async move { - sock.set_nodelay(true).unwrap(); - - let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME); - - Ok(tokio_openssl::accept(&acceptor, sock) - .await - .ok() // handshake errors aren't be fatal, so return None to filter - ) + |mut listener, ready| { + let (sender, receiver) = tokio::sync::mpsc::channel(100); + + let accept_future = async move { + loop { + match listener.accept().await { + Ok((sock, _)) => { + let mut sender2 = sender.clone(); + let acceptor = Arc::clone(&acceptor); + tokio::spawn(async move { + sock.set_nodelay(true).unwrap(); + let _ = set_tcp_keepalive( + sock.as_raw_fd(), + PROXMOX_BACKUP_TCP_KEEPALIVE_TIME, + ); + + if let Ok(connection) = tokio::time::timeout( + Duration::new(60, 0), + tokio_openssl::accept(&acceptor, sock), + ) + .await + { + if connection.is_err() { + // ignore ssl connection errors + return; + } + if let Err(err) = + sender2.send_timeout(connection, Duration::new(60, 0)).await + { + eprintln!("send error: {}", err); + } + } // ignore ssl timeout errors + }); + } + Err(err) => { + eprintln!("error accepting tcp connection: {}", err); + } } - }); - let connections = proxmox_backup::tools::async_io::HyperAccept(connections); + } + }; + + // select with shutdown future for graceful shutdown + tokio::spawn(async move { + select! { + _ = accept_future.fuse() => {}, + _ = server::shutdown_future().fuse() => {}, + }; + }); + + let connections = hyper::server::accept::from_stream(receiver); Ok(ready .and_then(|_| hyper::Server::builder(connections) -- 2.20.1