Fix sending large batch of events over TLS #51
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When writing data over an `OpenSSL::SSL::SSLSocket`, we have two buffers
that can fill-in: the `TCPSocket` and the `SSLSocket`.
* When the `TCPSocket` buffer is full, the `TcpClient#write` method
wait for the socket to be writable again, and `retry` the operation;
* When the `SSLSocket` buffer is full, the `SSLClient#write` method
wait for the socket to be writable again, and `retry` the operation.
However, `SSLClient#write` is a wrapper around `TcpClient#write`, and
when it `retry` after caching a `OpenSSL::SSL::SSLErrorWaitWritable` it
has no idea of the amount of data that got send and restart a full
transfer of the data with `TcpClient#write`. When this happen, the new
transfer can fail in a similar fashion any number of time and will
eventually come to completion after sending multiple partial copies of
the message followed by a complete copy, which is just garbage for
Riemann on the other side. Riemann will discard the message and return
an error that will be passed to the calling code.
In order to fix this, make `TcpClient#write` aware of `IO::WaitWritable`
(a base class of `OpenSSL::SSL::SSLErrorWaitWritable`) and remove the
`SSLClient#write` method so that the parent class method is used
directly instead.
While here, do the same for `TcpClient#read` / `SSLClient#read` for
consistency.
While here, also handle `IO::WaitReadable` exception in
`TcpClient#write` to cope with TLS renegociation as recommended in the
`IO#select` documentation.
smortex
force-pushed
the
fix-sending-large-batch-of-events-over-tls
branch
from
32afb61
to
b13c73c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When writing data over an
OpenSSL::SSL::SSLSocket, we have two buffers that can fill-in: theTCPSocketand theSSLSocket.TCPSocketbuffer is full, theTcpClient#writemethod wait for the socket to be writable again, andretrythe operation;SSLSocketbuffer is full, theSSLClient#writemethod wait for the socket to be writable again, andretrythe operation.However,
SSLClient#writeis a wrapper aroundTcpClient#write, and when itretryafter caching aOpenSSL::SSL::SSLErrorWaitWritableit has no idea of the amount of data that got send and restart a full transfer of the data withTcpClient#write. When this happen, the new transfer can fail in a similar fashion any number of time and will eventually come to completion after sending multiple partial copies of the message followed by a complete copy, which is just garbage for Riemann on the other side. Riemann will discard the message and return an error that will be passed to the calling code.In order to fix this, make
TcpClient#writeaware ofIO::WaitWritable(a base class ofOpenSSL::SSL::SSLErrorWaitWritable) and remove theSSLClient#writemethod so that the parent class method is used directly instead.While here, do the same for
TcpClient#read/SSLClient#readfor consistency.While here, also handle
IO::WaitReadableexception inTcpClient#writeto cope with TLS renegociation as recommended in theIO#selectdocumentation.