From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id A896E653FC for ; Tue, 3 Nov 2020 10:16:53 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 943BE29EA0 for ; Tue, 3 Nov 2020 10:16:23 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 04C4E29E87 for ; Tue, 3 Nov 2020 10:16:23 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C6C8946010 for ; Tue, 3 Nov 2020 10:16:22 +0100 (CET) Date: Tue, 3 Nov 2020 10:16:21 +0100 From: Wolfgang Bumiller To: Dominik Csapak Cc: pbs-devel@lists.proxmox.com Message-ID: <20201103091621.4fiqjcuqf5uzv356@wobu-vie.proxmox.com> References: <20201102151005.7489-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201102151005.7489-1-d.csapak@proxmox.com> User-Agent: NeoMutt/20180716 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.012 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox-backup-proxy.rs] Subject: Re: [pbs-devel] [PATCH proxmox-backup] fix #3106: correctly queue incoming connections X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2020 09:16:53 -0000 On Mon, Nov 02, 2020 at 04:10:05PM +0100, Dominik Csapak wrote: > For incoming connections, we mapped the results from TcpListeners > accept with 'try_filter_map', where we awaited tokio_openssl::accept > > this resulted in blocking the incoming connection stream > > to circumvent this, we accept the openssl connection in a seperate > tokio task (with timeout) and send the resulting connection to a > channel > > hyper gets the wrapped receiver end of this channel > > the tokio task accepting in a loop gets selected with the shutdown > future, to handle the shutdown gracefully > > Signed-off-by: Dominik Csapak > --- > i am not sure if we need the select! at all, since on a shutdown, all > open futures get canceled anyway... > > also, not sure here about logging, timeouts and channel size > i chose values that seemed sensible, but if anyone has suggestions > with actual reasoning, please say so > > also the indentation seems weird, but rustfmt said this is the way.. > > src/bin/proxmox-backup-proxy.rs | 65 +++++++++++++++++++++++++-------- > 1 file changed, 49 insertions(+), 16 deletions(-) > > diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs > index 39254504..3eb92cbb 100644 > --- a/src/bin/proxmox-backup-proxy.rs > +++ b/src/bin/proxmox-backup-proxy.rs > @@ -113,23 +113,56 @@ async fn run() -> Result<(), Error> { > > let server = daemon::create_daemon( > ([0,0,0,0,0,0,0,0], 8007).into(), > - |listener, ready| { > - let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener) > - .map_err(Error::from) > - .try_filter_map(move |(sock, _addr)| { > - let acceptor = Arc::clone(&acceptor); > - async move { > - sock.set_nodelay(true).unwrap(); > - > - let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME); > - > - Ok(tokio_openssl::accept(&acceptor, sock) > - .await > - .ok() // handshake errors aren't be fatal, so return None to filter > - ) > + |mut listener, ready| { > + let (sender, receiver) = tokio::sync::mpsc::channel(100); > + please factorize the below code out into functions, this is too much indentation > + let accept_future = async move { > + loop { > + match listener.accept().await { > + Ok((sock, _)) => { > + let mut sender2 = sender.clone(); > + let acceptor = Arc::clone(&acceptor); > + tokio::spawn(async move { > + sock.set_nodelay(true).unwrap(); > + let _ = set_tcp_keepalive( > + sock.as_raw_fd(), > + PROXMOX_BACKUP_TCP_KEEPALIVE_TIME, > + ); > + > + if let Ok(connection) = tokio::time::timeout( > + Duration::new(60, 0), > + tokio_openssl::accept(&acceptor, sock), > + ) > + .await > + { ^ as that just gets too long > + if connection.is_err() { > + // ignore ssl connection errors > + return; > + } > + if let Err(err) = > + sender2.send_timeout(connection, Duration::new(60, 0)).await > + { > + eprintln!("send error: {}", err); > + } > + } // ignore ssl timeout errors > + }); > + } > + Err(err) => { > + eprintln!("error accepting tcp connection: {}", err); > + } > } > - }); > - let connections = proxmox_backup::tools::async_io::HyperAccept(connections); > + } > + }; > + > + // select with shutdown future for graceful shutdown > + tokio::spawn(async move { > + select! { > + _ = accept_future.fuse() => {}, > + _ = server::shutdown_future().fuse() => {}, > + }; > + }); > + > + let connections = hyper::server::accept::from_stream(receiver); > > Ok(ready > .and_then(|_| hyper::Server::builder(connections) > -- > 2.20.1