See interleaved comments.
> -----Original Message-----
> From: Holger Hoffstätte [mailto:holger@wizards.de]
> Sent: Monday, October 04, 2004 4:20 PM
> To: users@subversion.tigris.org
> Subject: More insight on the 'slow browsing' problem
>
>
>
> Hi,
>
> I wanted to raise this point last week just minutes before my
> internet
> connection crapped out, so sorry for not posting earlier. I
> can confirm
> that the extreme slowdown that some people experience after
> upgrading to
> 1.0.8 or 1.1.0 is real, mostly because I've been hit by it myself. :-(
> I have investigated further:
>
> - it has nothing to do with neon, Win/Win TCP or the Nagle algorithm
Well, this is strange. With TSVN 1.0.x the node corresponding to a directory
containing even only 1 child took about 2 sec. to get opened.
With TSVN (that fixed Nagle alg. setting on neon) the troubles become visible with
more than 10-15 entries.
> - it affects http with BasicAuth
I am not so sure. I have a <Location> as follows
<Location /svndav>
DAV svn
SVNParentPath E:/SVNROOT/repositories
AuthzSVNAccessFile E:/SVNROOT/config/security/svn-http-authz.txt
<LimitExcept GET PROPFIND OPTIONS REPORT>
Deny from all
</LimitExcept>
</Location>
and accessing repositories thru this svndav location isn't faster than a <Location>
with BasicAuth enabled.
If the line with AuthzSVNAccessFile directoive is commented:
# AuthzSVNAccessFile E:/SVNROOT/config/security/svn-http-authz.txt
then yes, it's a little faster.
> - it happens with apache 2.0.49, .50, .51 and .52
> - it affects 1.0.8 and 1.1 (rc4 and final)
> - it does NOT affect 1.0.7! :-)
Never installed on Windows.
I will check.
> - it can be reproduced on Linux running against http(s)://localhost/
Windows->Linux is always faster that Windows->Windows
Windows->Linux (http proxy)->Windows is faster that Windows->Windows.
> - it 'only' affects svn list; co/up/log ist fast
> - it causes the serving apache instance to chew up 100% CPU
> - it is extremely unlikely to be caused by mixing versions, libs etc.
> since I use Gentoo which cleans up 100% after itself when installing
> - I know what I'm doing (no, really :)
>
> I had only limited time for debugging this on my deployed
> repository, but
> as far as I could tell by attaching gdb to the gone-nutty
> httpd, it seems
> to continually, over and over again, do some expensive
> authentication.
> Most of the time seems to be spent in (sorry if I get the exact names
> wrong, this is from memory) apr_md5_something coming from
> apr_authenticate_password, all the way up through svn & apache
> authentication. Eventually it succeeds, but as others have
> noted it takes
> _forever_. If you start apache with 1 child thread/process, other
> concurrent requests will probably hang (as expected).
> Access to my repository is authenticated via plain old
> BasicAuthentication
> over https (also tried http, no difference) and the htpasswd
> file is in
> /etc, readable etc.; I used md5 hashes - when I tried to use a crypt
> password, httpd looped around in apr_crypt_foo etc. so that's
> consistent.
> I'm not familiar with subversions' source code but since 1.0.7 works
> without a hitch, I had a look at both distributions via
> WInMerge and most
> of the changes to 1.0.8 seem to be related to some path-based
> authorization stuff (likely since that was the security fix
> behind 1.0.8
> IIRC). Anyway it really seems mod_dav_svn introduced a subtle
> regression
> that causes constantly-repeating authentication, which if of
> course pretty
> expensive when done for an entire repository.
>
> I hope this is useful and gives somebody an idea why this is
> happening.
> It's definitely a big problem; effectively I have to keep
> running 1.0.7 on
> the server until this gets resolved. :(
> Feel free to mail me if you need specific information on my
> setup or want
> me to try any patches or whatever. I know C and can help find
> & fix stuff
> if you tell me where to shoot.
>
> regards
> Holger
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Oct 4 17:00:05 2004