Server stops communicating using ''old style ssl''

guus · March 11, 2007, 12:04pm

The server sometimes stops communicating over 5223. People cannot login or logout any more. A (temporary) workaround is by first disabling ‘‘old style ssl’’ in the webadmin (security settings), then enabling it again.

Does anyone know what might be causing this?

LG1 · March 11, 2007, 2:25pm

Hi Guus,

which version are you using, if it’'s 3.2.0 then you may want to update as JM-970 was fixed in 3.2.1 and as far as I know introduced in 3.2.0.

LG

guus · March 11, 2007, 2:28pm

Sorry, I should have mentioned we were using 3.2.2.

LG1 · March 11, 2007, 3:16pm

Hi Guus,

maybe Gato has already an idea, but it may help to have a javacore (kill -3 wildfirepid) and some more information. Is the SSL socket still open and one get’'s a timeout?

LG

guus · March 12, 2007, 9:00am

I’'ve attached the thread-dump that we took when we had the problem.
full-tread-dump.txt (93133 Bytes)

guus · March 12, 2007, 9:29am

It seems that a lot of threads are waiting for the operation NIOConnection.deliverRawText(NIOConnection.java:239) to finish. This method is called as part of the mechanism that closes idle sessions:

- locked <0x00002aaaf68827f0> (a org.jivesoftware.wildfire.nio.NIOConnection)
     at org.jivesoftware.wildfire.nio.ConnectionHandler.sessionIdle(ConnectionHandler.java:96)

I wonder if this problem is related to JM-993

guus · March 12, 2007, 9:59am

deliverRawText uses this code to write </stream:stream> after a connection has been idle:

ioSession.write(buffer).join();

The write method called on the ioSession object returns an IoFuture instance. This ‘‘future’’ can be used to track the asynchronous results of operations called on the original object. The “join” method that’'s being called on the ‘‘future’’ object waits for the asynchronous operation to end.

Waiting for an asynchronous operation to end on an object that is know to be in a non-expected state (’‘idle’’ while it should have sent whitespaces) can be considered tricky. The IoFuture class has an overloaded join method, that takes a timeout. Can we use that instead of the -wait-forever- method that’'s used now?

Message was edited by: Guus

I just realized that this is probably causing JM-993 as well: An attempt to </stream:stream> locks forever before the session is closed - causing the session not to be closed.

LG1 · March 14, 2007, 12:06am

Hi Guus,

I just took a look at the thread dump. It seems that the number of nio threads is limited and as soon as all threads are locked as you posted above one get’'s this problem. Is this really the case / can you reproduce this issue using one client to login and logoff 40 times?

LG

matt · March 16, 2007, 7:48am

I’'m pretty sure that JM-993 covers this case, which was fixed for the 3.2.3 release. Gato is continuing to do some tweaking to the Mina layer, though.

Regards,

Matt