use Getopt::Long qw/:config gnu_getopt no_ignore_case auto_abbrev/;
use IO::Handle;
use IO::Socket;
+use Socket qw(IPPROTO_TCP SOL_SOCKET);
+sub SO_ACCEPTFILTER () { 0x1000 }
use Cwd qw/abs_path/;
STDOUT->autoflush(1);
STDERR->autoflush(1);
}
my $ctx = IO::Socket::SSL::SSL_Context->new(%ctx_opt) or
die 'SSL_Context->new: '.PublicInbox::TLS::err();
+
+ # save ~34K per idle connection (cf. SSL_CTX_set_mode(3ssl))
+ # RSS goes from 346MB to 171MB with 10K idle NNTPS clients on amd64
+ # cf. https://rt.cpan.org/Ticket/Display.html?id=129463
+ my $mode = eval { Net::SSLeay::MODE_RELEASE_BUFFERS() };
+ if ($mode && $ctx->{context}) {
+ eval { Net::SSLeay::CTX_set_mode($ctx->{context}, $mode) };
+ warn "W: $@ (setting SSL_MODE_RELEASE_BUFFERS)\n" if $@;
+ }
+
{ SSL_server => 1, SSL_startHandshake => 0, SSL_reuse_ctx => $ctx };
}
my $s = eval { $sock_pkg->new(%o) };
warn "error binding $l: $! ($@)\n" unless $s;
umask $prev;
-
if ($s) {
$listener_names{sockname($s)} = $s;
+ $s->blocking(0);
push @listeners, $s;
}
}
sub worker_quit {
- my ($reason) = @_;
# killing again terminates immediately:
exit unless @listeners;
$_->close foreach @listeners; # call PublicInbox::DS::close
@listeners = ();
- $reason->close if ref($reason) eq 'PublicInbox::ParentPipe';
my $proc_name;
my $warn = 0;
foreach my $fd (3..$end) {
my $s = IO::Handle->new_from_fd($fd, 'r');
if (my $k = sockname($s)) {
+ if ($s->blocking) {
+ $s->blocking(0);
+ warn <<"";
+Inherited socket (fd=$fd) is blocking, making it non-blocking.
+Set 'NonBlocking = true' in the systemd.service unit to avoid stalled
+processes when multiple service instances start.
+
+ }
$listener_names{$k} = $s;
push @rv, $s;
} else {
}
}
-sub daemon_loop ($$$) {
- my ($refresh, $post_accept, $nntpd) = @_;
+sub defer_accept ($$) {
+ my ($s, $af_name) = @_;
+ return unless defined $af_name;
+ if ($^O eq 'linux') {
+ my $x = getsockopt($s, IPPROTO_TCP, Socket::TCP_DEFER_ACCEPT());
+ return unless defined $x; # may be Unix socket
+ my $sec = unpack('i', $x);
+ return if $sec > 0; # systemd users may set a higher value
+ setsockopt($s, IPPROTO_TCP, Socket::TCP_DEFER_ACCEPT(), 1);
+ } elsif ($^O eq 'freebsd') {
+ my $x = getsockopt($s, SOL_SOCKET, SO_ACCEPTFILTER);
+ return if defined $x; # don't change if set
+ my $accf_arg = pack('a16a240', $af_name, '');
+ setsockopt($s, SOL_SOCKET, SO_ACCEPTFILTER, $accf_arg);
+ }
+}
+
+sub daemon_loop ($$$$) {
+ my ($refresh, $post_accept, $nntpd, $af_default) = @_;
PublicInbox::EvCleanup::enable(); # early for $refresh
my %post_accept;
while (my ($k, $v) = each %tls_opt) {
} else {
reopen_logs();
$set_user->() if $set_user;
- $SIG{USR2} = sub { worker_quit('USR2') if upgrade() };
+ $SIG{USR2} = sub { worker_quit() if upgrade() };
$refresh->();
}
$uid = $gid = undef;
$SIG{HUP} = $refresh;
$SIG{CHLD} = 'DEFAULT';
$SIG{$_} = 'IGNORE' for qw(USR2 TTIN TTOU WINCH);
- # this calls epoll_create:
- @listeners = map {
- PublicInbox::Listener->new($_,
- $post_accept{sockname($_)} || $post_accept)
+ @listeners = map {;
+ my $tls_cb = $post_accept{sockname($_)};
+
+ # NNTPS, HTTPS, HTTP, and POP3S are client-first traffic
+ # NNTP and POP3 are server-first
+ defer_accept($_, $tls_cb ? 'dataready' : $af_default);
+
+ # this calls epoll_create:
+ PublicInbox::Listener->new($_, $tls_cb || $post_accept)
} @listeners;
PublicInbox::DS->EventLoop;
$parent_pipe = undef;
sub run ($$$;$) {
my ($default, $refresh, $post_accept, $nntpd) = @_;
daemon_prepare($default);
+ my $af_default = $default =~ /:8080\z/ ? 'httpready' : undef;
daemonize();
- daemon_loop($refresh, $post_accept, $nntpd);
+ daemon_loop($refresh, $post_accept, $nntpd, $af_default);
}
sub do_chown ($) {