[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] TLS deployments/feedback needed



Good news or bad news, depending on how you slice it: running the extremely naive test script below:

```
for i in `seq 1 2000`; do curl -1 -k https://192.168.3.2 >/dev/null; done
```

against a unikernel generated with mirage-seal results in the following:

```
[192.168.3.1:59481] TLS ok
[658] serving //192.168.3.2/.
Cannot handle page request order 9!
[658] closing.
Cannot handle page request order 9!
Fatal error: out of memory.
Mirage exiting with status 2
Do_exit called!
base is 0xd7f8b0 caller is 0x240a5f
base is 0x123000 caller is 0x4820ef8349757f3f
base is 0x7401f88348f8d148 GPF rip: 269317, error_code=0
RIP: e030:[<0000000000269317>]
RSP: e02b:0000000000d7f870  EFLAGS: 00010002
RAX: 000000000000001b RBX: 7401f88348f8d148 RCX: 000000000000cf10
RDX: 000000000000cf10 RSI: 0000000000d7f6c0 RDI: 0000000000000004
RBP: 0000000000d7f8b0 R08: 000000000000070f R09: 0000000000000020
R10: 000000000000001b R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000002e11068 R15: 0000000000000000
base is 0xd7f8b0 caller is 0x240a5f
base is 0x123000 caller is 0x4820ef8349757f3f
base is 0x7401f88348f8d148 GPF rip: 269707, error_code=0
RIP: e030:[<0000000000269707>]
RSP: e02b:0000000000d7f798  EFLAGS: 00010016
RAX: 000000000000001b RBX: 7401f88348f8d148 RCX: 000000000000d13c
RDX: 000000000000d13c RSI: 0000000000d7f5e8 RDI: 0000000000000004
RBP: 0000000000d7f7c8 R08: 000000000000013b R09: 0000000000000020
R10: 000000000000001b R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000002e11068 R15: 0000000000000000
base is 0xd7f7c8 caller is 0x2e11068

d7f780: 98 f7 d7 00 00 00 00 00 2b e0 00 00 00 00 00 00
d7f790: 07 97 26 00 00 00 00 00 03 00 00 00 30 00 00 00
d7f7a0: 70 f8 d7 00 00 00 00 00 48 d1 f8 48 83 f8 01 74
d7f7b0: b0 f8 d7 00 00 00 00 00 00 00 00 00 00 00 00 00

d7f7b0: b0 f8 d7 00 00 00 00 00 00 00 00 00 00 00 00 00
d7f7c0: 8f 99 26 00 00 00 00 00 00 00 00 00 00 00 00 00
d7f7d0: 68 10 e1 02 00 00 00 00 00 00 00 00 00 00 00 00
d7f7e0: 00 00 00 00 00 00 00 00 b0 f8 d7 00 00 00 00 00

2696f0: 48 8b 5d 20 0f 1f 40 00 48 89 de 31 c0 bf 0f a3
269700: 28 00 e8 d9 cf ff ff 48 8b 73 08 31 c0 bf 1d a3
269710: 28 00 e8 c9 cf ff ff 48 8b 1b 48 85 db 75 d9 4c
269720: 8b a5 98 00 00 00 49 81 fc ff 0f 00 00 76 61 49
```

I would've used httperf (as I did when hunting down the memory leak that turned out to be in channel), but it seems to be SSLv3-only and therefore can't negotiate with ocaml-tls.

(Side note: I'm running with 64MB of memory because mirage-seal's default 16MB is barely big enough for my blog's content alone, and it OOMs before it even finishes booting. I'll retry with more but I suspect this will just increase the counter on the last request to get served before crash...)

On 05/20/2015 02:40 PM, Amir Chaudhry wrote:
Hi folks,

The TLS work is proceeding well and you might have noticed that https://mirage.io is 
working, which is using the TLS stack.  Since weâre on the brink of doing some 
releases, itâs important that we get a few more actual deployments out there to 
gather more feedback and highlight any issues.

Iâm inviting folks on this list to try out OCaml-TLS with some of the things theyâve 
already built.  Specifically, Iâm wondering if:

Thomas Leonard â Would you (have you already) got the new stuff working with 
your REST service?  How about Cuekeeper?

Mindy Preston â Would you up for trying this out on your static website (i.e. 
run https://somerandomidiot.com)?

Mort â As for Mindy, would you be able to set up https://mort.io?

In fact, *anyone* running a static website could probably have a go at this with minimal risk.  
Until recently, it's only been deployed on the Pinata and the TLS handshake site.  Although 
itâs worked well â and been stable â for those sites, we should try to make sure 
itâs working well when others try it out.

Please do let us know how you get on!

Thanks,
Amir



_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel


_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.