ngx_http_dyups_module
ngx_http_dyups_module copied to clipboard
Published
20 hours ago •
yzprofile
yzprofile
[fix]: memory leak in mod_dyups when ssl session reuse is enabled.
Hi, @yzprofile
Issue #67 open for a long time, this problem also appeared in our online environment recently. I see @RocFang fix it just skip set_session and save_session function in PR #141, but after that will make proxy ssl session reuse not work.
So, I redesigned set_session and save_session function, the new solution will solve memory leak issue and keep ssl session reuse work:
- Save the pointer address to
ssl_sessiondata in the upstream related variable, not pre request related variable such asdyups_ctx, avoid losing after request complete. - Use the upstream related memory pool to allocate
ssl_sessionmemory, it will destroy when free dynamic upstream or exit process. - Free up extra ssl session memory which allocate at OpenSSL immediately after
ngx_ssl_set_session(pc->connection, ssl_session)success.
Steps to reproduce memory leak issue:
server {
listen 8080;
location / {
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
proxy_pass https://$host;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
server {
listen 8088 ssl;
ssl_certificate ssl/test.crt;
ssl_certificate_key ssl/test.key;
location / {
return 301;
}
}
server {
listen 8089 ssl;
ssl_certificate ssl/test.crt;
ssl_certificate_key ssl/test.key;
location / {
return 302;
}
}
server {
listen 8081;
location / {
dyups_interface;
}
}
case1: (keepalive or no keepalive)
-
curl -H "Host: dyhost" -d "server 127.0.0.1:8089;server 127.0.0.1:8088;" 127.0.0.1:8081/upstream/dyhost -v -
for i in {1..10000}; do curl -H "host: dyhost" 127.0.0.1:8080 -v; d
case2: (keepalive or no keepalive)
-
for i in {1..10000}; do curl -H "Host: dyhost" -d "server 127.0.0.1:8089;server 127.0.0.1:8088;" 127.0.0.1:8081/upstream/dyhost -v; done -
for i in {1..10000}; do curl -H "host: dyhost" 127.0.0.1:8080 -v; d
