search

saucelabs / forwarder

Forwarder is a production-ready, fast MITM proxy with PAC support. It's suitable for debugging, intercepting and manipulating HTTP traffic. It's used as a core component of Sauce Labs Sauce Connect Proxy.
https://forwarder-proxy.io
Mozilla Public License 2.0
233 stars 13 forks source link

mitm: improve parallelism when generating certificates #626

Closed mmatczuk closed 10 months ago

mmatczuk commented 10 months ago

The current mitm implementation uses RWMutex to protect the certificate cache. This causes stalls when multiple certificates are generated at the same time - which happens fairly often if the cache is cold.

I suggest to use sync.Map instead of RWMutex protected map, and allow parallel generation of multiple certificates by sharding.

The worker pool pattern will not work here because we want to avoid generating certificates for the same host twice. Instead we will:

Also, this requires less changes than adding a worker.

mmatczuk commented 10 months ago

This seems not to be an issue. The thing is that the certificates are generated in parallel and can be overwritten in cache using RWMutex.

I have implemented the fix and it's marginally slower in the benchmark 

benchmark            old ns/op     new ns/op     delta
BenchmarkCert-8      18650793      19137203      +2.61%
BenchmarkCert2-8     2371911       2375468       +0.15%

https://github.com/saucelabs/forwarder/compare/mmt/parallel_mkcert?expand=1

Maybe we'd go back to it but right now I'm closing the issue.