From b1a14bd303ef104a966ade5d831d0c950aff7c5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Tue, 17 Jan 2023 22:23:43 +0000 Subject: [PATCH] If SSL is used for frontend connections or fast_forward , try to consume all the bytes on the network buffer --- lib/ClickHouse_Server.cpp | 6 +++--- lib/MySQL_Thread.cpp | 8 +++++--- lib/ProxySQL_Admin.cpp | 6 +++--- src/SQLite3_Server.cpp | 6 +++--- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/lib/ClickHouse_Server.cpp b/lib/ClickHouse_Server.cpp index b3b61061c..ef3b2ec0e 100644 --- a/lib/ClickHouse_Server.cpp +++ b/lib/ClickHouse_Server.cpp @@ -1375,11 +1375,11 @@ static void *child_mysql(void *arg) { // PMC-10004 // we probably should use SSL_pending() and/or SSL_has_pending() to determine // if there is more data to be read, but it doesn't seem to be working. - // Therefore we hardcored the values 4096 (4K) as a special case and - // we try to call read_from_net() again. + // Therefore we try to call read_from_net() again as long as there is data. // Previously we hardcoded 16KB but it seems that it can return in smaller // chunks of 4KB. - while (rb > 0 && rb%4096 == 0) { + // We finally removed the chunk size as it seems that any size is possible. + while (rb > 0) { rb = myds->read_from_net(); if (myds->net_failure) goto __exit_child_mysql; myds->read_pkts(); diff --git a/lib/MySQL_Thread.cpp b/lib/MySQL_Thread.cpp index 6c0771812..64b6f592d 100644 --- a/lib/MySQL_Thread.cpp +++ b/lib/MySQL_Thread.cpp @@ -3598,15 +3598,17 @@ bool MySQL_Thread::process_data_on_data_stream(MySQL_Data_Stream *myds, unsigned // PMC-10004 // we probably should use SSL_pending() and/or SSL_has_pending() to determine // if there is more data to be read, but it doesn't seem to be working. - // Therefore we hardcored the value 16384 (16KB) as a special case and - // we try to call read_from_net() again + // Therefore we try to call read_from_net() again as long as there is data. + // Previously we hardcoded 16KB but it seems that it can return in smaller + // chunks of 4KB. + // We finally removed the chunk size as it seems that any size is possible. /* int sslp = SSL_pending(myds->ssl); int sslhp = SSL_has_pending(myds->ssl); proxy_debug(PROXY_DEBUG_NET, 5, "Session=%p: in fast_forward mode and SSL read %d bytes , SSL_pending: %d bytes , SSL_has_pending: %d\n", myds->sess, rb, sslp, sslhp); */ proxy_debug(PROXY_DEBUG_NET, 5, "Session=%p, DataStream=%p , thread_session_id=%u -- in fast_forward mode and SSL read %d bytes\n", myds->sess, myds, myds->sess->thread_session_id, rb); - while (rb == 16384) { + while (rb > 0) { rb = myds->read_from_net(); if (rb > 0 && myds->myds_type == MYDS_FRONTEND) { status_variables.stvar[st_var_queries_frontends_bytes_recv] += rb; diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index 54f8644a9..238f18830 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -5466,11 +5466,11 @@ void *child_mysql(void *arg) { // PMC-10004 // we probably should use SSL_pending() and/or SSL_has_pending() to determine // if there is more data to be read, but it doesn't seem to be working. - // Therefore we hardcored the values 4096 (4K) as a special case and - // we try to call read_from_net() again. + // Therefore we try to call read_from_net() again as long as there is data. // Previously we hardcoded 16KB but it seems that it can return in smaller // chunks of 4KB. - while (rb > 0 && rb%4096 == 0) { + // We finally removed the chunk size as it seems that any size is possible. + while (rb > 0) { rb = myds->read_from_net(); if (myds->net_failure) goto __exit_child_mysql; myds->read_pkts(); diff --git a/src/SQLite3_Server.cpp b/src/SQLite3_Server.cpp index 3c04a3f74..34fd09e72 100644 --- a/src/SQLite3_Server.cpp +++ b/src/SQLite3_Server.cpp @@ -944,11 +944,11 @@ static void *child_mysql(void *arg) { // PMC-10004 // we probably should use SSL_pending() and/or SSL_has_pending() to determine // if there is more data to be read, but it doesn't seem to be working. - // Therefore we hardcored the values 4096 (4K) as a special case and - // we try to call read_from_net() again. + // Therefore we try to call read_from_net() again as long as there is data. // Previously we hardcoded 16KB but it seems that it can return in smaller // chunks of 4KB. - while (rb > 0 && rb%4096 == 0) { + // We finally removed the chunk size as it seems that any size is possible. + while (rb > 0) { rb = myds->read_from_net(); if (myds->net_failure) goto __exit_child_mysql; myds->read_pkts();