64182 – 1.03s delay on every request via ajp

Bug 64182 - 1.03s delay on every request via ajp

Summary: 1.03s delay on every request via ajp

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Tomcat 8
Classification:	Unclassified
Component:	Connectors (show other bugs)
Version:	8.5.51
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-02-27 09:10 UTC by zac spitzer
Modified:	2020-02-29 07:52 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zac spitzer 2020-02-27 09:10:21 UTC

Since upgrading to 8.5.51, there seems to be a consistent 1.03s delay on every request.

I'm running via Apache 2.4, which doesn't support secrets until the next release (2.4.42) https://bz.apache.org/bugzilla/show_bug.cgi?id=53098, so I have secretRequired="false" and no secret defined due to https://bz.apache.org/bugzilla/show_bug.cgi?id=64180

Comment 1 zac spitzer 2020-02-27 09:12:40 UTC

This is occurring with Lucee, issue was first reported here https://dev.lucee.org/t/tomcat-cve-2020-1938-ghostcat-ajp/6650/20?u=zac_spitzer

Comment 2 mgrigorov 2020-02-27 09:31:46 UTC

Hi Zac,

Have you tried with plain Tomcat ? Without Lucee.
If the problem is still there could you please share with us your configurations, both Tomcat's and HTTPD's, and the steps to reproduce it.

Comment 3 Mark Thomas 2020-02-27 10:09:12 UTC

Tested with 8.5.51 and 8.5.x and httpd (2.4.34). Normal response times were observed.

Looking at the (minimal) changes to the AJP request processing, I don't see how those changes could lead to more than one second of delay.

If you'd like community help to track down what is going on, the Tomcat users list is the place to ask. A couple of things to that might help:
- The linked report indicates the issue appeared when Tomcat was updated from 8.0.28 to 8.5.51. There are over 4 years between those releases. It would be worth trying to narrow down which version the issue first appears in.
- The Tomcat and httpd access logs should tell you how long they each thought the request took. It would be interesting to see if they agree that the delay was in Tomcat.
- If Tomcat is the source of the delay, a profiler (I use YourKit because they give OSS committers free licenses for using on their OSS projects) may provide some insight
- If you'd like help tracking this down then providing the simplest possible test case that demonstrates the issue makes it much easier for people to help. If you need to include a web application in that test case, keep it as simple as possible and include source code

Comment 4 zac spitzer 2020-02-27 13:20:08 UTC

Ah, I think it might be an ipv4 vs ipv6 resolving issue. 

I had address"=127.0.0.1", I changed that to address="::f" and the delay went away

Comment 5 Andreas 2020-02-29 07:52:20 UTC

Just wanted to confirm Zac Spizters findings that adding attribute address="::1" on server.xml host connector tag for AJP solved the delay on Windows Server 2012 R2 (6.3) 64bit Tomcat/8.5.51
|Java|1.8.0_242 (Azul Systems, Inc.) 64bit with IIS 8.5.96.00 using boncode AJP conncetor. The delay isn't present whit this attribute. Originally there wasn't any address attribute set on that config tag.

Until now I couldn't reproduce the issue on my dev machine. Testing different tomcat versions to narrow down the issue on production servers is not an option at this moment.