Close body object after socket hijacking or not?

Close body object after socket hijacking or not?

[Hongli Lai]

[-- Attachment #1.1: Type: text/plain, Size: 1224 bytes --]

Some users are experiencing problems with Rack::Lock and socket hijacking 
in combination with some servers, such as Phusion Passenger. They've 
noticed that when Rack::Lock is used in a request that hijacks the socket, 
the next request fails with "deadlock; recursive locking" inside Rack::Lock.

I've posted the results of my investigation 
here: https://github.com/ngauthier/tubesock/issues/10#issuecomment-72539461. 
But the bottom line is that different servers handle the response body 
object differently in the face of socket hijacking.

So I'd like to have clarification on the following question: are servers 
supposed to call #close on the body object or not, after the request as 
been hijacked? The way the specification is currently written is ambiguous. 
It seems to imply that servers must only call #close on the body object if 
the request was partially hijacked, but not when the request was fully 
hijacked.

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[-- Attachment #1.2: Type: text/html, Size: 1455 bytes --]

Re: Close body object after socket hijacking or not?

[Eric Wong]

I would like clarication on this issue, too.  Ping?

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Close body object after socket hijacking or not?

[Hongli Lai]

[-- Attachment #1.1: Type: text/plain, Size: 800 bytes --]

On Friday, April 17, 2015 at 10:43:38 PM UTC+2, Eric Wong wrote:
>
> I would like clarication on this issue, too.  Ping? 
>

No clarification has appeared. But as far as I'm concerned, closing the 
body anyway is the best thing to do. Rack::Lock is currently broken if we 
*don't* close the body upon hijacking, and there seems to be no 
alternative. I'll modify Passenger to follow this behavior. Starting from 
version 5.0.9, Passenger will also close the body upon hijacking, just like 
Puma and Thin.

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[-- Attachment #1.2: Type: text/html, Size: 1147 bytes --]

Re: Close body object after socket hijacking or not?

[Eric Wong]

Hongli Lai <honglilai@gmail.com> wrote:
> On Friday, April 17, 2015 at 10:43:38 PM UTC+2, Eric Wong wrote:
> >
> > I would like clarication on this issue, too.  Ping? 
> >
> 
> No clarification has appeared. But as far as I'm concerned, closing the 
> body anyway is the best thing to do. Rack::Lock is currently broken if we 
> *don't* close the body upon hijacking, and there seems to be no 
> alternative. I'll modify Passenger to follow this behavior. Starting from 
> version 5.0.9, Passenger will also close the body upon hijacking, just like 
> Puma and Thin.

Where does thin do this?  I can see puma doing it, but it doesn't look
like thin supports hijack at all.

git clone git://github.com/macournoyer/thin && cd thin && git grep -i hijack
<no output from git grep>

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Close body object after socket hijacking or not?

[Hongli Lai]

On Thu, Jun 4, 2015 at 4:11 AM, Eric Wong <e@80x24.org> wrote:
> Where does thin do this?  I can see puma doing it, but it doesn't look
> like thin supports hijack at all.
>
> git clone git://github.com/macournoyer/thin && cd thin && git grep -i hijack
> <no output from git grep>

You are right. It seems I am mistaken about this and got confused with
another related aspect I was researching.

I was researching
https://github.com/ngauthier/tubesock/issues/10#issuecomment-72539461
and came to the conclusion that the bug doesn't occur in the same way
on Thin, and somehow I got confused later on to conclude that Thin
supports hijacking.

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Close body object after socket hijacking or not?

[Marc-André Cournoyer]

[-- Attachment #1: Type: text/plain, Size: 1130 bytes --]

Indeed, no support for hijacking planned in Thin atm.

On Thu, Jun 4, 2015 at 2:53 AM, Hongli Lai <honglilai@gmail.com> wrote:

> On Thu, Jun 4, 2015 at 4:11 AM, Eric Wong <e@80x24.org> wrote:
> > Where does thin do this?  I can see puma doing it, but it doesn't look
> > like thin supports hijack at all.
> >
> > git clone git://github.com/macournoyer/thin && cd thin && git grep -i
> hijack
> > <no output from git grep>
>
> You are right. It seems I am mistaken about this and got confused with
> another related aspect I was researching.
>
> I was researching
> https://github.com/ngauthier/tubesock/issues/10#issuecomment-72539461
> and came to the conclusion that the bug doesn't occur in the same way
> on Thin, and somehow I got confused later on to conclude that Thin
> supports hijacking.
>



-- 
M-A
http://macournoyer.com

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[-- Attachment #2: Type: text/html, Size: 2044 bytes --]

Re: Close body object after socket hijacking or not?

[James Tucker]

[-- Attachment #1: Type: text/plain, Size: 2406 bytes --]

Rack::Lock is a hack. Users wanting to operate with hijack should really
not be doing this under Rack::Lock.

Rack::Lock adds "server" (-like) semantics in the middle of the middleware
stack, and can break conventions required between the app and the server
for things like hijack.

Regarding the calling of close, yes, this should be done. Rack::Lock is the
most "visible" requirement to do this, but servers that support all of
HTTP/1.1 (i.e. pipelining) will require this. It should be noted that some
popular articles missed that this is what rack.hijack? is about, among
other things.

Sorry I missed this thread for so long, but I've been doing other things.
Implementors with questions should feel free to cc me directly if I'm not
picking up on stuff, I'll help where I can.

On Thu, Jun 4, 2015 at 5:38 AM Marc-André Cournoyer <macournoyer@gmail.com>
wrote:

> Indeed, no support for hijacking planned in Thin atm.
>
> On Thu, Jun 4, 2015 at 2:53 AM, Hongli Lai <honglilai@gmail.com> wrote:
>
>> On Thu, Jun 4, 2015 at 4:11 AM, Eric Wong <e@80x24.org> wrote:
>> > Where does thin do this?  I can see puma doing it, but it doesn't look
>> > like thin supports hijack at all.
>> >
>> > git clone git://github.com/macournoyer/thin && cd thin && git grep -i
>> hijack
>> > <no output from git grep>
>>
>> You are right. It seems I am mistaken about this and got confused with
>> another related aspect I was researching.
>>
>> I was researching
>> https://github.com/ngauthier/tubesock/issues/10#issuecomment-72539461
>> and came to the conclusion that the bug doesn't occur in the same way
>> on Thin, and somehow I got confused later on to conclude that Thin
>> supports hijacking.
>>
>
>
>
> --
> M-A
> http://macournoyer.com
>
>  --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Rack Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to rack-devel+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[-- Attachment #2: Type: text/html, Size: 3794 bytes --]