Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(237)

Issue 76400046: code review 76400046: crypto/tls: make Conn.Read return (n, io.EOF) when EOF ... (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
10 years, 9 months ago by bradfitz
Modified:
10 years, 9 months ago
Reviewers:
agl1, gobot, rsc, dave
CC:
agl1, rsc, golang-codereviews
Visibility:
Public.

Description

crypto/tls: make Conn.Read return (n, io.EOF) when EOF is next in buffer Update Issue 3514 An io.Reader is permitted to return either (n, nil) or (n, io.EOF) on EOF or other error. The tls package previously always returned (n, nil) for a read of size n if n bytes were available, not surfacing errors at the same time. Amazon's HTTPS frontends like to hang up on clients without sending the appropriate HTTP headers. (In their defense, they're allowed to hang up any time, but generally a server hangs up after a bit of inactivity, not immediately.) In any case, the Go HTTP client tries to re-use connections by looking at whether the response headers say to keep the connection open, and because the connection looks okay, under heavy load it's possible we'll reuse it immediately, writing the next request, just as the Transport's always-reading goroutine returns from tls.Conn.Read and sees (0, io.EOF). But because Amazon does send an AlertCloseNotify record before it hangs up on us, and the tls package does its own internal buffering (up to 1024 bytes) of pending data, we have the AlertCloseNotify in an unread buffer when our Conn.Read (to the HTTP Transport code) reads its final bit of data in the HTTP response body. This change makes that final Read return (n, io.EOF) when an AlertCloseNotify record is buffered right after, if we'd otherwise return (n, nil). A dependent change in the HTTP code then notes whether a client connection has seen an io.EOF and uses that as an additional signal to not reuse a HTTPS connection. With both changes, the majority of Amazon request failures go away. Without either one, 10-20 goroutines hitting the S3 API leads to such an error rate that empirically up to 5 retries are needed to complete an API call.

Patch Set 1 #

Patch Set 2 : diff -r 62052ebe728b https://go.googlecode.com/hg/ #

Patch Set 3 : diff -r 62052ebe728b https://go.googlecode.com/hg/ #

Total comments: 1

Patch Set 4 : diff -r 4450c84265f0 https://go.googlecode.com/hg/ #

Unified diffs Side-by-side diffs Delta from patch set Stats (+91 lines, -8 lines) Patch
M src/pkg/crypto/tls/conn.go View 1 2 3 2 chunks +21 lines, -0 lines 0 comments Download
M src/pkg/crypto/tls/tls_test.go View 1 4 chunks +70 lines, -8 lines 0 comments Download

Messages

Total messages: 14
bradfitz
Hello agl@golang.org (cc: golang-codereviews@googlegroups.com), I'd like you to review this change to https://go.googlecode.com/hg/
10 years, 9 months ago (2014-03-24 02:39:52 UTC) #1
agl1
Most sites don't send close notify alerts so this seems rather AWS specific. (In fact, ...
10 years, 9 months ago (2014-03-24 14:29:40 UTC) #2
bradfitz
On Mon, Mar 24, 2014 at 7:29 AM, <agl@golang.org> wrote: > Most sites don't send ...
10 years, 9 months ago (2014-03-24 15:54:24 UTC) #3
agl1
On 2014/03/24 15:54:24, bradfitz wrote: > In any case, this change makes a night & ...
10 years, 9 months ago (2014-03-24 16:38:42 UTC) #4
bradfitz
On Mon, Mar 24, 2014 at 9:38 AM, <agl@golang.org> wrote: > On 2014/03/24 15:54:24, bradfitz ...
10 years, 9 months ago (2014-03-24 16:51:43 UTC) #5
rsc
this seems okay but it makes me uneasy. yes, crypto/tls is allowed to behave this ...
10 years, 9 months ago (2014-03-24 22:47:24 UTC) #6
bradfitz
On Mon, Mar 24, 2014 at 3:47 PM, <rsc@golang.org> wrote: > this seems okay but ...
10 years, 9 months ago (2014-03-24 23:09:16 UTC) #7
agl1
On 2014/03/24 23:09:16, bradfitz wrote: > The http package doesn't need it, but it gives ...
10 years, 9 months ago (2014-03-25 14:51:06 UTC) #8
rsc
LGTM Adam, I think you and I are viewing this the same way, but after ...
10 years, 9 months ago (2014-03-25 15:38:38 UTC) #9
agl1
Thanks for the writeup, Russ. LGTM.
10 years, 9 months ago (2014-03-25 16:09:56 UTC) #10
bradfitz
*** Submitted as https://code.google.com/p/go/source/detail?r=2e0323211d75 *** crypto/tls: make Conn.Read return (n, io.EOF) when EOF is next ...
10 years, 9 months ago (2014-03-25 17:58:36 UTC) #11
gobot
This CL appears to have broken the darwin-amd64-cheney builder. See http://build.golang.org/log/6591ea870ca7b750a512c71d8dc70425dcd55c03
10 years, 9 months ago (2014-03-26 19:38:45 UTC) #12
dave_cheney.net
This is a real failure # ../test/bench/go1 ok _/Users/builder/workspace/darwin-amd64-cheney-2e0323211d75/go/test/bench/go1 2.660s # ../test Build complete, duration ...
10 years, 9 months ago (2014-03-26 19:48:24 UTC) #13
bradfitz
10 years, 9 months ago (2014-03-26 22:02:02 UTC) #14
This has nothing to do with this tls change, though.



On Wed, Mar 26, 2014 at 12:48 PM, Dave Cheney <dave@cheney.net> wrote:

> This is a real failure
>
> # ../test/bench/go1
> ok
> _/Users/builder/workspace/darwin-amd64-cheney-2e0323211d75/go/test/bench/go1
> 2.660s
>
> # ../test
> Build complete, duration 1h0m0.003083969s. Result: error: timed out after
> 1h0m0s
>
> The builder normally takes less than 10 minutes for the whole thing,
> but something in ./test is wedging
>
> On Thu, Mar 27, 2014 at 6:38 AM,  <gobot@golang.org> wrote:
> > This CL appears to have broken the darwin-amd64-cheney builder.
> > See http://build.golang.org/log/6591ea870ca7b750a512c71d8dc70425dcd55c03
> >
> >
> > https://codereview.appspot.com/76400046/
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "golang-codereviews" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to golang-codereviews+unsubscribe@googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
>
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b