HttpFilteringEngine icon indicating copy to clipboard operation
HttpFilteringEngine copied to clipboard

Published 20 hours ago verified publisher icon TechnikEmpire

New host specific TLS contexts system is a memory hog

Open TechnikEmpire opened this issue 7 years ago • 3 comments

Didn't realize that TLS contexts were so memory hungry. After extended browsing, this will eat and hold forever a tremendous amount of RAM. This feature needs to be undone.

TechnikEmpire avatar Oct 03 '17 18:10 TechnikEmpire

We did notice significant performance increases from this system though. There may be a middle ground possible here where we just generate a new context per connection. Some things to consider in whatever solution here include:

  • Session caching
  • TLS session tickets

Disabling both may be necessary, no idea.

TechnikEmpire avatar Oct 03 '17 18:10 TechnikEmpire

Possibly use global yet ref counted host specific contexts. This may be possible by forcing down the ref count on the initial shared_ptr and then we just look for nullptr if we find an existing entry for a host, and re-init the instance when it is nullptr. That may work nicely.

TechnikEmpire avatar Oct 03 '17 18:10 TechnikEmpire

should be able to just do something like this:

auto firstSharedPtr = {...};
auto second = firstSharedPtr;
firstSharedPtr.reset();
shared_ptr_container.emplace("hostname", std::move(firstSharedPtr));
return second;

Then just do this when we find an existing elm:

auto res = shared_ptr_container.find("hostname");
if(res != shared_ptr_container.end())
{
    if(res->second.get() == nullptr)
    {
        // Needs to be created again.
    }
}

TechnikEmpire avatar Oct 03 '17 18:10 TechnikEmpire