* [PATCH 53/57] daemon: use FreeBSD accept filters on non-NNTP
2019-06-24 2:52 7% [PATCH 00/57] ds: shrink, TLS support, buffer writes to FS Eric Wong
@ 2019-06-24 2:52 6% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2019-06-24 2:52 UTC (permalink / raw)
To: meta
Similar to TCP_DEFER_ACCEPT on Linux, FreeBSD has a 'dataready'
accept filter which we can use to reduce wakeups when doing
TLS negotiation or plain HTTP. There's also a 'httpready'
which we can use for plain HTTP connections.
---
lib/PublicInbox/Daemon.pm | 23 +++++++++++++++--------
t/httpd-corner.t | 21 ++++++++++++++++++---
t/httpd.t | 10 ++++++++++
t/nntpd-tls.t | 14 +++++++++++++-
4 files changed, 56 insertions(+), 12 deletions(-)
diff --git a/lib/PublicInbox/Daemon.pm b/lib/PublicInbox/Daemon.pm
index 8b59b65f..cf011a20 100644
--- a/lib/PublicInbox/Daemon.pm
+++ b/lib/PublicInbox/Daemon.pm
@@ -8,7 +8,8 @@ use warnings;
use Getopt::Long qw/:config gnu_getopt no_ignore_case auto_abbrev/;
use IO::Handle;
use IO::Socket;
-use Socket qw(IPPROTO_TCP);
+use Socket qw(IPPROTO_TCP SOL_SOCKET);
+sub SO_ACCEPTFILTER () { 0x1000 }
use Cwd qw/abs_path/;
STDOUT->autoflush(1);
STDERR->autoflush(1);
@@ -553,20 +554,25 @@ sub tls_start_cb ($$) {
}
}
-sub defer_accept ($) {
+sub defer_accept ($$) {
+ my ($s, $af_name) = @_;
+ return unless defined $af_name;
if ($^O eq 'linux') {
- my ($s) = @_;
my $x = getsockopt($s, IPPROTO_TCP, Socket::TCP_DEFER_ACCEPT());
return unless defined $x; # may be Unix socket
my $sec = unpack('i', $x);
return if $sec > 0; # systemd users may set a higher value
setsockopt($s, IPPROTO_TCP, Socket::TCP_DEFER_ACCEPT(), 1);
+ } elsif ($^O eq 'freebsd') {
+ my $x = getsockopt($s, SOL_SOCKET, SO_ACCEPTFILTER);
+ return if defined $x; # don't change if set
+ my $accf_arg = pack('a16a240', $af_name, '');
+ setsockopt($s, SOL_SOCKET, SO_ACCEPTFILTER, $accf_arg);
}
- # TODO FreeBSD accf_http / accf_data
}
-sub daemon_loop ($$$) {
- my ($refresh, $post_accept, $nntpd) = @_;
+sub daemon_loop ($$$$) {
+ my ($refresh, $post_accept, $nntpd, $af_default) = @_;
PublicInbox::EvCleanup::enable(); # early for $refresh
my %post_accept;
while (my ($k, $v) = each %tls_opt) {
@@ -599,7 +605,7 @@ sub daemon_loop ($$$) {
# NNTPS, HTTPS, HTTP, and POP3S are client-first traffic
# NNTP and POP3 are server-first
- defer_accept($_) if $tls_cb || !$nntpd;
+ defer_accept($_, $tls_cb ? 'dataready' : $af_default);
# this calls epoll_create:
PublicInbox::Listener->new($_, $tls_cb || $post_accept)
@@ -612,8 +618,9 @@ sub daemon_loop ($$$) {
sub run ($$$;$) {
my ($default, $refresh, $post_accept, $nntpd) = @_;
daemon_prepare($default);
+ my $af_default = $default =~ /:8080\z/ ? 'httpready' : undef;
daemonize();
- daemon_loop($refresh, $post_accept, $nntpd);
+ daemon_loop($refresh, $post_accept, $nntpd, $af_default);
}
sub do_chown ($) {
diff --git a/t/httpd-corner.t b/t/httpd-corner.t
index 13befcf1..1cfc2565 100644
--- a/t/httpd-corner.t
+++ b/t/httpd-corner.t
@@ -18,7 +18,7 @@ use File::Temp qw/tempdir/;
use IO::Socket;
use IO::Socket::UNIX;
use Fcntl qw(:seek);
-use Socket qw(IPPROTO_TCP TCP_NODELAY);
+use Socket qw(IPPROTO_TCP TCP_NODELAY SOL_SOCKET);
use POSIX qw(mkfifo);
require './t/common.perl';
my $tmpdir = tempdir('httpd-corner-XXXXXX', TMPDIR => 1, CLEANUP => 1);
@@ -36,7 +36,10 @@ my %opts = (
Listen => 1024,
);
my $sock = IO::Socket::INET->new(%opts);
-my $defer_accept_val;
+
+# Make sure we don't clobber socket options set by systemd or similar
+# using socket activation:
+my ($defer_accept_val, $accf_arg);
if ($^O eq 'linux') {
setsockopt($sock, IPPROTO_TCP, Socket::TCP_DEFER_ACCEPT(), 5) or die;
my $x = getsockopt($sock, IPPROTO_TCP, Socket::TCP_DEFER_ACCEPT());
@@ -45,6 +48,11 @@ if ($^O eq 'linux') {
if ($defer_accept_val <= 0) {
die "unexpected TCP_DEFER_ACCEPT value: $defer_accept_val";
}
+} elsif ($^O eq 'freebsd' && system('kldstat -m accf_data >/dev/null') == 0) {
+ require PublicInbox::Daemon;
+ my $var = PublicInbox::Daemon::SO_ACCEPTFILTER();
+ $accf_arg = pack('a16a240', 'dataready', '');
+ setsockopt($sock, SOL_SOCKET, $var, $accf_arg) or die "setsockopt: $!";
}
my $upath = "$tmpdir/s";
@@ -100,7 +108,7 @@ my $spawn_httpd = sub {
is(scalar(grep(/CLOSE FAIL/, @$after)), 1, 'body->close not called');
}
-{
+SKIP: {
my $conn = conn_for($sock, 'excessive header');
$SIG{PIPE} = 'IGNORE';
$conn->write("GET /callback HTTP/1.0\r\n");
@@ -515,6 +523,13 @@ SKIP: {
is(unpack('i', $x), $defer_accept_val,
'TCP_DEFER_ACCEPT unchanged if previously set');
};
+SKIP: {
+ skip 'SO_ACCEPTFILTER is FreeBSD-only', 1 if $^O ne 'freebsd';
+ skip 'accf_data not loaded: kldload accf_data' if !defined $accf_arg;
+ my $var = PublicInbox::Daemon::SO_ACCEPTFILTER();
+ defined(my $x = getsockopt($sock, SOL_SOCKET, $var)) or die;
+ is($x, $accf_arg, 'SO_ACCEPTFILTER unchanged if previously set');
+};
done_testing();
diff --git a/t/httpd.t b/t/httpd.t
index 8c2a3173..e085c4b9 100644
--- a/t/httpd.t
+++ b/t/httpd.t
@@ -106,6 +106,16 @@ SKIP: {
defined(my $x = getsockopt($sock, IPPROTO_TCP, $var)) or die;
ok(unpack('i', $x) > 0, 'TCP_DEFER_ACCEPT set');
};
+SKIP: {
+ skip 'SO_ACCEPTFILTER is FreeBSD-only', 1 if $^O ne 'freebsd';
+ if (system('kldstat -m accf_http >/dev/null') != 0) {
+ skip 'accf_http not loaded: kldload accf_http', 1;
+ }
+ require PublicInbox::Daemon;
+ my $var = PublicInbox::Daemon::SO_ACCEPTFILTER();
+ my $x = getsockopt($sock, SOL_SOCKET, $var);
+ like($x, qr/\Ahttpready\0+\z/, 'got httpready accf for HTTP');
+};
done_testing();
diff --git a/t/nntpd-tls.t b/t/nntpd-tls.t
index ef683cab..427d370f 100644
--- a/t/nntpd-tls.t
+++ b/t/nntpd-tls.t
@@ -4,7 +4,7 @@ use strict;
use warnings;
use Test::More;
use File::Temp qw(tempdir);
-use Socket qw(SOCK_STREAM IPPROTO_TCP);
+use Socket qw(SOCK_STREAM IPPROTO_TCP SOL_SOCKET);
# IO::Poll and Net::NNTP are part of the standard library, but
# distros may split them off...
foreach my $mod (qw(DBD::SQLite IO::Socket::SSL Net::NNTP IO::Poll)) {
@@ -190,6 +190,18 @@ for my $args (
defined($x = getsockopt($starttls, IPPROTO_TCP, $var)) or die;
is(unpack('i', $x), 0, 'TCP_DEFER_ACCEPT is 0 on plain NNTP');
};
+ SKIP: {
+ skip 'SO_ACCEPTFILTER is FreeBSD-only', 2 if $^O ne 'freebsd';
+ if (system('kldstat -m accf_data >/dev/null')) {
+ skip 'accf_data not loaded? kldload accf_data', 2;
+ }
+ require PublicInbox::Daemon;
+ my $var = PublicInbox::Daemon::SO_ACCEPTFILTER();
+ my $x = getsockopt($nntps, SOL_SOCKET, $var);
+ like($x, qr/\Adataready\0+\z/, 'got dataready accf for NNTPS');
+ $x = getsockopt($starttls, IPPROTO_TCP, $var);
+ is($x, undef, 'no BSD accept filter for plain NNTP');
+ };
$c = undef;
kill('TERM', $pid);
--
EW
^ permalink raw reply related [relevance 6%]
* [PATCH 00/57] ds: shrink, TLS support, buffer writes to FS
@ 2019-06-24 2:52 7% Eric Wong
2019-06-24 2:52 6% ` [PATCH 53/57] daemon: use FreeBSD accept filters on non-NNTP Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2019-06-24 2:52 UTC (permalink / raw)
To: meta
I finally took the step of making changes to DS after
wanting to do something along these lines to Danga::Socket
for the past decade or so And down the rabitt-hole I went.
Write buffering now goes to the filesystem (which is quite fast
on Linux and FreeBSD), so memory usage with giant messages is
slightly reduced compared to before. It could be better if we
replace Email::(Simple|MIME) with something which doesn't
require slurping (but that's a big task).
Fields for read (for NNTP) and all write buffers are lazily
allocated, now, so there's some memory savings with 10K clients
Further memory savings were achieved by passing $self to
DS->write(sub {...}), eliminiating the need for most anonymous
subs.
NNTPS and NNTP+STARTTLS are now supported via public-inbox-nntpd
using the --key and --cert parameters (HTTPS coming). I'm very
happy with how I was able to reuse the write-buffering code for
TLS negotiation and not have to add additional fields or code in
hot paths.
I'm pretty happy with this, so far; but there's still plenty
left to be done. I'm not too impressed with the per-client
memory cost of IO::Socket::SSL, even with
SSL_MODE_RELEASE_BUFFERS, and will need to do further analysis
to see what memory reductions are possible.
Eric Wong (57):
ds: get rid of {closed} field
ds: get rid of more unused debug instance methods
ds: use and export monotonic now()
AddTimer: avoid clock_gettime for the '0' case
ds: get rid of on_incomplete_write wrapper
ds: lazy initialize wbuf_off
ds: split out from ->flush_write and ->write
ds: lazy-initialize wbuf
ds: don't pass `events' arg to EPOLL_CTL_DEL
ds: remove support for DS->write(undef)
http: favor DS->write(strref) when reasonable
ds: share send(..., MSG_MORE) logic
ds: switch write buffering to use a tempfile
ds: get rid of redundant and unnecessary POLL* constants
syscall: get rid of unused EPOLL* constants
syscall: get rid of unnecessary uname local vars
ds: set event flags directly at initialization
ds: import IO::KQueue namespace
ds: share watch_chg between watch_read/watch_write
ds: remove IO::Poll support (for now)
ds: get rid of event_watch field
httpd/async: remove EINTR check
spawn: remove `Blocking' flag handling
qspawn: describe where `$rpipe' come from
http|nntp: favor "$! == EFOO" over $!{EFOO} checks
ds: favor `delete' over assigning fields to `undef'
http: don't pass extra args to PublicInbox::DS::close
ds: pass $self to code references
evcleanup: replace _run_asap with `event_step' callback
ds: remove pointless exit calls
http|nntp: be explicit about bytes::length on rbuf
ds: hoist out do_read from NNTP and HTTP
nntp: simplify re-arming/requeue logic
allow use of PerlIO layers for filesystem writes
ds: deal better with FS-related errors IO buffers
nntp: wait for writability before sending greeting
nntp: NNTPS and NNTP+STARTTLS working
certs/create-certs.perl: fix cert validity on 32-bit
daemon: map inherited sockets to well-known schemes
ds|nntp: use CORE::close on socket
nntp: call SSL_shutdown in normal cases
t/nntpd-tls: slow client connection test
daemon: use SSL_MODE_RELEASE_BUFFERS
ds: allow ->write callbacks to syswrite directly
nntp: reduce allocations for greeting
ds: always use EV_ADD with EV_SET
nntp: simplify long response logic and fix nesting
ds: flush_write runs ->write callbacks even if closed
nntp: lazily allocate and stash rbuf
ci: require IO::KQueue on FreeBSD, for now
nntp: send greeting immediately for plain sockets
daemon: set TCP_DEFER_ACCEPT on everything but NNTP
daemon: use FreeBSD accept filters on non-NNTP
ds: split out IO::KQueue-specific code
ds: reimplement IO::Poll support to look like epoll
Revert "ci: require IO::KQueue on FreeBSD, for now"
ds: reduce overhead of tempfile creation
MANIFEST | 7 +
certs/.gitignore | 4 +
certs/create-certs.perl | 132 +++++++
lib/PublicInbox/DS.pm | 635 ++++++++++++------------------
lib/PublicInbox/DSKQXS.pm | 73 ++++
lib/PublicInbox/DSPoll.pm | 58 +++
lib/PublicInbox/Daemon.pm | 152 ++++++-
lib/PublicInbox/EvCleanup.pm | 20 +-
lib/PublicInbox/GitHTTPBackend.pm | 18 +-
lib/PublicInbox/HTTP.pm | 154 +++-----
lib/PublicInbox/HTTPD/Async.pm | 44 ++-
lib/PublicInbox/Listener.pm | 4 +-
lib/PublicInbox/NNTP.pm | 243 +++++-------
lib/PublicInbox/NNTPD.pm | 2 +
lib/PublicInbox/ParentPipe.pm | 3 +-
lib/PublicInbox/Qspawn.pm | 11 +-
lib/PublicInbox/Spawn.pm | 2 -
lib/PublicInbox/Syscall.pm | 27 +-
lib/PublicInbox/TLS.pm | 24 ++
script/public-inbox-nntpd | 3 +-
t/ds-poll.t | 58 +++
t/httpd-corner.t | 38 +-
t/httpd.t | 18 +
t/nntpd-tls.t | 224 +++++++++++
t/nntpd.t | 2 +
t/spawn.t | 11 -
26 files changed, 1251 insertions(+), 716 deletions(-)
create mode 100644 certs/.gitignore
create mode 100755 certs/create-certs.perl
create mode 100644 lib/PublicInbox/DSKQXS.pm
create mode 100644 lib/PublicInbox/DSPoll.pm
create mode 100644 lib/PublicInbox/TLS.pm
create mode 100644 t/ds-poll.t
create mode 100644 t/nntpd-tls.t
--
EW
^ permalink raw reply [relevance 7%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2019-06-24 2:52 7% [PATCH 00/57] ds: shrink, TLS support, buffer writes to FS Eric Wong
2019-06-24 2:52 6% ` [PATCH 53/57] daemon: use FreeBSD accept filters on non-NNTP Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).