Apr Channel is a more distinctive tomcat channel, in the early JDK of the NIO framework is immature, because of the inefficient Java network package, tomcat use APR open source project to do network IO, so effectively alleviate the Java language deficiencies, Provides a high-performance channel that uses the underlying IO communication memory directly through the JNI interface. However, when subsequent versions of the JDK are launched,The performance of the JDK's network Underlying library is also up, with a variety of advanced IO models, threading models and APR open source projects Almost equal, this time, often a test scenario is, plus APR channel after not too much real ascension, which is understandable, However, the performance of the SSL channel in the JDK, at least from the current point of view, and Apr channel based on the OpenSSL engine channel implementation, there is no small gap, because the SSL protocol defined in the Handshake protocol, the number of interactions, andThe OpenSSL project has been highly efficient for many years, so the main thrust is the efficient support for this SSL/TLS protocol from the current tomcat channel:In addition to the above 1, 22 points, for FIPS 140-2,Chinese Name: U.S. Federal Information processing standards. Foreign name: Federal Information Processing Standard. according to FIPS 140-2, the cryptographic module is a collection of "hardware (Hardware), software (software), and/or firmware (Firmware) that implements approved security features (including cryptographic algorithms and key generation) and is included in a certain cipher system boundary ( Boundary) within. Overall,FIPS 140-2 is a high standard definition of password-safe authentication, which is supported by OpenSSL, and because the APR connector uses OpenSSL.
Take a look at the architecture diagram in the TOMCATAPR channel:
1.APR ChannelAs you can see, for connector channels there are a total of several channels, bio is a blocking channel, NIO is the use of high-performance Linux (Windows also have) poll or epoll model, Apr channel is the content of this article, For the current JDK also supports NIO2 channels, for an overview of these channels, we can view them in detail:
This diagram is the difference between these channels, for APR, SSL support is the most distinguished, using OpenSSL as the channel for SSL, and from the IO model point of view, for the HTTP request header read, SSL handshake because the invocation of JNI is also blocked, This is the gap with NiO and NIO2, but the support for SSL channels is efficient OpenSSL. Therefore, if you analyze from this angle, some of the above test scenarios can be easily explained by the conclusion.
Simply look at the APR channel code, which still has aprendpoint and can see its components:
There is still acceptor receive thread pool, Poller polling, worker worker thread pool, these and other channels of the architecture is not very different, it is important to the socket call and SSL handshake and so on. Take a looksocket received in acceptor:
The direct call is native, and for the SSL handshake, you can look at the creation of Sslcontext in Aprendpoint:
The Sslcontext context is at the bottom, and for Java this block simply returns a value that tells whether to create a success or some identity:
So far, we can make a summary of the APR channel, the APR channel and other channel structure is not very poor, but also a few thread pool components work together, only because the invocation of different methods in blocking and non-blocking and several other channels have a difference, for the socket is established, SSL channel setup is done by invoking the lower-level native package.
2.tomcat-nativeIn Tomcat, for the invocation of these JNI parts, a Tomcat sub-project called Tomcat-native, which is part of the Java section, the native method seen in the aprendpoint above, is made in this invocation hierarchy:
These Java packages correspond to the code that calls the native C of JNI, which corresponds to one by one:
We can look at the composition of the Tomcat-native publishing directory: the best tutorial for tomcat-native should be the example directory, which uses an example to fully reproduce the working mode of several threaded components of the Tomcat front-end Aprendpoint , for the test directory can also be cut in from this point, is a good debugging tomcat-native code process.
3.APR High Performance network libraryThe Tomcat-native project, which can be said to be an integration package, is somewhat similar to the Tomee for Java EE Specification integration, it integrates the content of one is OpenSSL, this is the implementation of the SSL channel, and the other is a high-performance Apr network library. What is the APR high Performance network library?
Apache Portable Runtime (APR) project, which is positioned to encapsulate an abstraction of a high-performance library at the bottom of the operating system, masks differences in operating systems. can be analyzed, Apr equivalent to a role in the JDK, but it is mostly concerned about the network IO related to this block:
Example of an IO multiplexing example:
From this perspective, there is no multiplexing technology for Windows, which is a pity that can be seen from several common IO multiplexing models in UNIX systems, Epoll,poll,select, and even kqueue in FreeBSD, from this point of view , Apr support is still possible. The same is true for lock parts:
Support for more system environments.
To summarize, APR provides processing of the underlying high-performance network IO, which solves the problem of Tomcat's early network IO inefficiencies.
4.openssl LibraryIn addition to calling the APR network library to guarantee high-performance network transport, OpenSSL is also called for support for SSL/TLS (tomcat-native).
For OpenSSL projects, the choice of most SSL channel implementations on the market isOpenSSL does, that is to say, if you want toOpenSSLexposing a loophole that is destructive is astonishing.
The OpenSSL directory structure code flow is clear and there is no more redundancy.
Summary:
Apr Channel is a small part of Java, most of the source code is C, and the operating system environment has this close relationship, different operating system custom interface, performance characteristics are different
From for notes (Wiz)
What's going on with the H.APR channel?
