Fixing the way Selector handles SSL connection handshakes

[nsivabalan]

Currently, for connections over SSL, the ambry selector returns an established connection after a poll even before the handshake is completed. This is not very useful as the caller will then have to repeatedly check outside of the selector poll on whether the handshake is complete, which is not ideal.

This patch fixes this issue.
The selector will only return a connection after the connection is established and the handshake is complete. If the handshake does not complete for any reason, then it should be treated as a connection establishment failure. This way the callers of the selector can be agnostic to SSL, and can interact with the selector in a completely non-blocking way.

Coverage:
Selector 100% (1/ 1) 96.4% (27/ 28) 84.5% (191/ 226)
All the new lines are covered

SLA: 10 mins
Reviewers: Priyesh, Ming

Addresses issue #297

[xiahome]

A connectionId will only be removed here?

[nsivabalan]

I will update the patch with a minor fix. Someone can close it explicitly too by calling close(key)

[pnarayanan]

Why not avoid the map completely? Just use a list of objects of a private class:

private class PendingHandshakeTransmission {
  SSLTransmission transmission;
  long pendingSinceMs;
}

[pnarayanan]

Done with a pass. Let me know when you update the PR.

[xiahome]

1. If a key can be closed in a different thread, would this part be thread safe?
2. Not related to this PR.
   Transmission.close() will NOT throw an IOException if taking a look at its implementation in both PlainTextTransmission and SSLTransmission though the abstract method defines so.

[nsivabalan]

yes, looks like we might have an issue. even keyMap and activeConnections looks to be affected. Lets discuss in person.

[vgkholla]

From the documentation it looks like the Selector isn't meant to be thread safe. The documentation of the class on line 64 says so. There are a lot of parts in this class that work on the fact that this class was not meant to be thread safe.

[vgkholla]

Also, I cannot think of why we would want to use this Selector across threads.

[sriramsub]

selector should never be used across threads

[nsivabalan]

Sorry, my bad. I thought the processNewResponses() in SocketServer() was a daemon thread. Hence, the close(SelectionKey) could be called simultaneously when selector poll() is happening. Looks like its called sequentially and selector.poll() follows it. So, I don't think we have a problem of multiple threads accessing it.

[xiahome]

Left a few more minor comments. The rest LGTM.

[xiahome]

LGTM.

[vgkholla]

think doc can be improved. What are "those"?

[vgkholla]

same typo

[pnarayanan]

@nsivabalan I don't think you have updated the patch.

[vgkholla]

looks like you named the other arg as activeConnections so that the this is avoided. Could you do the same here? (or name the other also as numActiveConnections). This is minor but I would like some consistency.

[vgkholla]

@pnarayanan just told me that this requires some more work from @nsivabalan. Holding off reviewing until that is resolved.

[nsivabalan]

@pnarayanan : can you tell me what are the comments yet to be addressed?

[pnarayanan]

"... I have removed it. Updated the patch" - what have you removed?

[xiahome]

Should be connectionsPendingHandshake.

[nsivabalan]

fixed.

[xiahome]

@pnarayanan I think @nsivabalan meant the duplicate metric for ssl handshaking time is removed.

[nsivabalan]

@pnarayanan yes, I meant the same. That I have removed the duplicate metric

[nsivabalan]

@xiahome @pnarayanan @vgkholla : I have updated the patch.

[pnarayanan]

This should not be a selector metric as this is not "general". This should be moved below under SSL Metrics and SSLTransmission should be the one updating it.

That said, I would suggest getting rid of this metric completely. This is a Gauge and number of connections pending handshake at a particular instant is not useful as these will be very low in number and they would either error out or get established. Gauge would be sort of useful for things that stay for a while like numActiveConnections.

[nsivabalan]

This is just to track the pool (pending connections) size. This shouldn't be linearly growing. I expect the number to be stable as each connections take 5 to 6 poll() calls to complete its handshake. If the pending connections count is growing (which is not feasible to track if not for this metric), for some reason, we are doing something wrong. But that being said, I am not very pertinent in having this metric. @vgkholla @xiahome whats your take on this.

[pnarayanan]

Once again, selector should not refer to handshakes. Handshakes are internal to SSLTransmission. As far as the Selector is concerned, connections are ready or unready.

Your changes therefore should not make references to "handshakes" in the Selector code. And like I said in the other comment, the other metric does not seem useful, so I would think you wouldn't have to refer to "handshakes" anywhere in the patch.

p.s: The current selector code has references to handshakes, but only in comments (and that is wrong).

[pnarayanan]

could this be made a set?

[pnarayanan]

typo

[pnarayanan]

LGTM

[vgkholla]

final?

[vgkholla]

Two very minor comments. LGTM otherwise.

It looks like the tests cover the new code but could you add coverage details in the description and confirm that the new code is fully covered (including true and false for any conditionals that exist)?

[pnarayanan]

Haven't looked at the rest, but this Gauge is never registered as far as I can see.

[pnarayanan]

Not related to your change though, but we should get this fixed.