[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] TLS deployments/feedback needed

To: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
From: Mindy <mindy@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 20 May 2015 17:01:24 +0100
Delivery-date: Wed, 20 May 2015 16:02:44 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Good news or bad news, depending on how you slice it: running theextremely naive test script below:


```
for i in `seq 1 2000`; do curl -1 -k https://192.168.3.2 >/dev/null; done
```

against a unikernel generated with mirage-seal results in the following:

```
[192.168.3.1:59481] TLS ok
[658] serving //192.168.3.2/.
Cannot handle page request order 9!
[658] closing.
Cannot handle page request order 9!
Fatal error: out of memory.
Mirage exiting with status 2
Do_exit called!
base is 0xd7f8b0 caller is 0x240a5f
base is 0x123000 caller is 0x4820ef8349757f3f
base is 0x7401f88348f8d148 GPF rip: 269317, error_code=0
RIP: e030:[<0000000000269317>]
RSP: e02b:0000000000d7f870  EFLAGS: 00010002
RAX: 000000000000001b RBX: 7401f88348f8d148 RCX: 000000000000cf10
RDX: 000000000000cf10 RSI: 0000000000d7f6c0 RDI: 0000000000000004
RBP: 0000000000d7f8b0 R08: 000000000000070f R09: 0000000000000020
R10: 000000000000001b R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000002e11068 R15: 0000000000000000
base is 0xd7f8b0 caller is 0x240a5f
base is 0x123000 caller is 0x4820ef8349757f3f
base is 0x7401f88348f8d148 GPF rip: 269707, error_code=0
RIP: e030:[<0000000000269707>]
RSP: e02b:0000000000d7f798  EFLAGS: 00010016
RAX: 000000000000001b RBX: 7401f88348f8d148 RCX: 000000000000d13c
RDX: 000000000000d13c RSI: 0000000000d7f5e8 RDI: 0000000000000004
RBP: 0000000000d7f7c8 R08: 000000000000013b R09: 0000000000000020
R10: 000000000000001b R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000002e11068 R15: 0000000000000000
base is 0xd7f7c8 caller is 0x2e11068

d7f780: 98 f7 d7 00 00 00 00 00 2b e0 00 00 00 00 00 00
d7f790: 07 97 26 00 00 00 00 00 03 00 00 00 30 00 00 00
d7f7a0: 70 f8 d7 00 00 00 00 00 48 d1 f8 48 83 f8 01 74
d7f7b0: b0 f8 d7 00 00 00 00 00 00 00 00 00 00 00 00 00

d7f7b0: b0 f8 d7 00 00 00 00 00 00 00 00 00 00 00 00 00
d7f7c0: 8f 99 26 00 00 00 00 00 00 00 00 00 00 00 00 00
d7f7d0: 68 10 e1 02 00 00 00 00 00 00 00 00 00 00 00 00
d7f7e0: 00 00 00 00 00 00 00 00 b0 f8 d7 00 00 00 00 00

2696f0: 48 8b 5d 20 0f 1f 40 00 48 89 de 31 c0 bf 0f a3
269700: 28 00 e8 d9 cf ff ff 48 8b 73 08 31 c0 bf 1d a3
269710: 28 00 e8 c9 cf ff ff 48 8b 1b 48 85 db 75 d9 4c
269720: 8b a5 98 00 00 00 49 81 fc ff 0f 00 00 76 61 49
```

I would've used httperf (as I did when hunting down the memory leak thatturned out to be in channel), but it seems to be SSLv3-only andtherefore can't negotiate with ocaml-tls.

(Side note: I'm running with 64MB of memory because mirage-seal'sdefault 16MB is barely big enough for my blog's content alone, and itOOMs before it even finishes booting. I'll retry with more but Isuspect this will just increase the counter on the last request to getserved before crash...)


On 05/20/2015 02:40 PM, Amir Chaudhry wrote:

Hi folks,

The TLS work is proceeding well and you might have noticed that https://mirage.io is 
working, which is using the TLS stack.  Since weâre on the brink of doing some 
releases, itâs important that we get a few more actual deployments out there to 
gather more feedback and highlight any issues.

Iâm inviting folks on this list to try out OCaml-TLS with some of the things theyâve 
already built.  Specifically, Iâm wondering if:

Thomas Leonard â Would you (have you already) got the new stuff working with 
your REST service?  How about Cuekeeper?

Mindy Preston â Would you up for trying this out on your static website (i.e. 
run https://somerandomidiot.com)?

Mort â As for Mindy, would you be able to set up https://mort.io?

In fact, *anyone* running a static website could probably have a go at this with minimal risk.  
Until recently, it's only been deployed on the Pinata and the TLS handshake site.  Although 
itâs worked well â and been stable â for those sites, we should try to make sure 
itâs working well when others try it out.

Please do let us know how you get on!

Thanks,
Amir



_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel



_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

Follow-Ups:
- Re: [MirageOS-devel] TLS deployments/feedback needed
  - From: Hannes Mehnert
- Re: [MirageOS-devel] TLS deployments/feedback needed
  - From: Anil Madhavapeddy

References:
- [MirageOS-devel] TLS deployments/feedback needed
  - From: Amir Chaudhry

Prev by Date: Re: [MirageOS-devel] Any way to get caml4p to run on ARM (cubietruck)?
Next by Date: Re: [MirageOS-devel] Any way to get caml4p to run on ARM (cubietruck)?
Previous by thread: Re: [MirageOS-devel] TLS deployments/feedback needed
Next by thread: Re: [MirageOS-devel] TLS deployments/feedback needed
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.