diff --git a/conf/cert_store.ini b/conf/cert_store.ini index 6929e72..d0bbd3c 100644 --- a/conf/cert_store.ini +++ b/conf/cert_store.ini @@ -7,6 +7,8 @@ RUN_LOG_PATH = ./logs [CONFIG] #Number of running threads thread-nu = 4 +#1 rsync, 0 sync +mode=0 #Local default root certificate is valid for 30 days by default expire_after = 30 #Local default root certificate path diff --git a/src/cert_conf.c b/src/cert_conf.c index 950f6e0..ea06ffc 100644 --- a/src/cert_conf.c +++ b/src/cert_conf.c @@ -42,6 +42,11 @@ static int load_system_config(char *config) mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed"); } + xret = MESA_load_profile_int_def(config, "CONFIG", "mode", &(rte->mode), 0); + if (xret < 0){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of run mode failed"); + } + xret = MESA_load_profile_uint_nodef(config, "CONFIG", "expire_after", &(rte->expire_after)); if (xret < 0){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of valid time failed"); @@ -54,7 +59,6 @@ static int load_system_config(char *config) goto finish; } - xret = MESA_load_profile_uint_nodef(config, "CONFIG", "local_debug", &(rte->local_debug)); if (xret < 0){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of local_debug failed"); diff --git a/src/cert_conf.h b/src/cert_conf.h index 1c6c781..30fd70e 100644 --- a/src/cert_conf.h +++ b/src/cert_conf.h @@ -36,7 +36,6 @@ struct request_t{ struct pxy_obj_keyring{ int keyring_id; - int bits; uint64_t expire_time; EVP_PKEY *key; X509 *root; @@ -71,6 +70,7 @@ struct ntc_maat_t{ struct config_bucket_t{ Maat_feather_t feather; int table_id; + int mode; unsigned int local_debug; unsigned int thread_nu; unsigned int expire_after; diff --git a/src/cert_session.c b/src/cert_session.c index 2cbe242..7238eba 100644 --- a/src/cert_session.c +++ b/src/cert_session.c @@ -62,8 +62,18 @@ static cert_thread_ctx *threads; +enum http_action +{ + HTTP_ACTION_REQ = 0, + HTTP_ACTION_SQL, + HTTP_ACTION_SIGN, + HTTP_ACTION_ERR, + HTTP_ACTION_TIME, + __HTTP_ACTION_MAX +}; + struct fs_stats_t{ - int line_ids[4]; + int line_ids[__HTTP_ACTION_MAX]; screen_stat_handle_t handle; }; @@ -114,8 +124,27 @@ finish: return; } +static int x509_public_str2idx(const char *public_algo) +{ + int bits = 1024; + + if (strcasestr(public_algo, "1024") != NULL) + { + bits = 1024; + } + if (strcasestr(public_algo, "2048") != NULL) + { + bits = 2048; + } + if (strcasestr(public_algo, "4096") != NULL) + { + bits = 4096; + } + return bits; +} + static -int create_client_key(EVP_PKEY** pkey, char *pubkey, int bits) +int create_client_key(EVP_PKEY** pkey, char *pubkey, char *public_algo) { RSA *rsa = NULL; EVP_PKEY *pk = NULL; @@ -125,7 +154,7 @@ int create_client_key(EVP_PKEY** pkey, char *pubkey, int bits) goto err; } - rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL); + rsa = RSA_generate_key(x509_public_str2idx(public_algo), RSA_F4, NULL, NULL); if(!EVP_PKEY_assign_RSA(pk, rsa)){ mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "create_client_key, assign key failed!"); EVP_PKEY_free(pk); @@ -488,14 +517,14 @@ static time_t ASN1_GetTimeT(ASN1_TIME* time) } X509 * -x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int *expire_time, char *crlurl, int bits) +x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int *expire_time, char *crlurl, char *public_algo) { int rv; X509 *crt = NULL; EVP_PKEY* key = NULL; X509_NAME *subject = NULL, *issuer = NULL; - if(!create_client_key(&key, pkey, bits)){ + if(!create_client_key(&key, pkey, public_algo)){ goto err; } //subjectname,issuername @@ -515,7 +544,7 @@ x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int !X509_set_pubkey(crt, key)) goto errout; - if (*expire_time == -1) + if (*expire_time <= 0) { int day = 0, sec = 0; ASN1_TIME_set(X509_get_notBefore(crt), ASN1_GetTimeT(X509_get_notBefore(origcrt))); @@ -530,6 +559,7 @@ x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int { goto errout; } + *expire_time = half_hours(*expire_time); } EVP_PKEY_free(key); @@ -779,6 +809,14 @@ finish: return xret; } +static int +evhttp_socket_send_error(struct evhttp_request *req, int id, int error) +{ + FS_internal_operate(SGstats.handle, id, SGstats.line_ids[HTTP_ACTION_ERR], FS_OP_ADD, 1); + evhttp_send_error(req, error, 0); + return 0; +} + /* Callback used for the /dump URI, and for every non-GET request: * dumps all information to stdout and gives back a trivial 200 ok */ static int @@ -793,7 +831,8 @@ evhttp_socket_send(struct evhttp_request *req, char *sendbuf) goto err; } evhttp_add_header(evhttp_request_get_output_headers(req), - "Content-Type", "test"); + "Content-Type", "text/html"); + evhttp_add_header(evhttp_request_get_output_headers(req), "Connection", "keep-alive"); evbuffer_add_printf(evb, "%s", sendbuf); evhttp_send_reply(req, HTTP_OK, "OK", evb); goto done; @@ -890,69 +929,6 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) return ret; } -X509 *x509_modify_by_cert_bak(X509 *cacrt, EVP_PKEY *cakey, const char* host, - char *pubkey, const int days) -{ - X509* x = NULL; - EVP_PKEY* pk = NULL; - - char* ctx[] = {(char*)host, "CN", "mystate", - "mycity", "myorganization", "mygroup", - "sample@sample.com"}; - - if(!create_client_key(&pk, pubkey, 1024)){ - goto err; - } - - if((x = X509_new()) == NULL){ - goto err; - } - - if (!X509_set_version(x, 0x02)){ - goto err; - } - - if (!X509_set_version(x, 0x02) || - !X509_set_issuer_name(x, X509_get_subject_name(cacrt)) || - !rand_serial(NULL, X509_get_serialNumber(x)) || - !X509_gmtime_adj(X509_get_notBefore(x), 0L) || - !X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) || - !X509_set_pubkey(x, pk) || - !add_cert_ctx(X509_get_subject_name(x), ctx, 7)) - goto err; -#if 1 - - /* Add various extensions: standard extensions */ - add_ext(cacrt, x, NID_basic_constraints, "critical,CA:FALSE"); - add_ext(cacrt, x, NID_subject_key_identifier, "hash"); - add_ext(cacrt, x, NID_key_usage, "Digital Signature, Key Encipherment, Data Encipherment"); - - /**/ - - add_ext(cacrt, x, NID_authority_key_identifier, "keyid:always"); - - add_ext(cacrt, x, NID_ext_key_usage, "serverAuth,clientAuth"); - /*NID_certificate_policies*/ -/* - char dns[128] = {0}, domain[16] = {0}; - sscanf(host, "%*[^.].%[^.]", domain); - snprintf(dns, 127, "DNS:%s.com, DNS:*.%s.com, DNS:www.%s.cn", domain, domain, domain); - add_ext(cacrt, x, NID_subject_alt_name, dns); -*/ -#endif - if(!X509_sign(x, cakey, EVP_sha256())){ - goto err; - } - return x; - -err: - if(x) - X509_free(x); - if(pk) - EVP_PKEY_free(pk); - return NULL; -} - char *x509_get_sn(X509 *x509) { ASN1_INTEGER *asn1_i = NULL; @@ -993,8 +969,8 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req { X509* x509 = NULL; int is_valid = request->is_valid; int keyring_id = request->keyring_id; - int expire_time = 0, bits = 0; char *crlurl = NULL; - char *serial = NULL; + int expire_time = 0; char *crlurl = NULL; + char *serial = NULL, *public_algo = NULL; X509 *cacrt = NULL; EVP_PKEY *cakey = NULL; struct config_bucket_t *rte = cert_default_config(); @@ -1046,9 +1022,9 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req cakey = pxy_obj->key; expire_time = pxy_obj->expire_time; crlurl = pxy_obj->v3_ctl; - bits = pxy_obj->bits; + public_algo = pxy_obj->public_algo; modify: - x509 = x509_modify_by_cert(cacrt, cakey, request->origin, pkey, &expire_time, crlurl, bits); + x509 = x509_modify_by_cert(cacrt, cakey, request->origin, pkey, &expire_time, crlurl, public_algo); if (!x509){ goto finish; } @@ -1080,8 +1056,33 @@ static char readBytes(char *str) return c; } +static void +redis_sync_reget_callback(struct request_t *request, struct redisContext *sync) +{ + struct evhttp_request *evh_req = request->evh_req; + + redisReply *reply = (redisReply *)redisCommand(sync, "GET %s", request->rkey); + if (NULL == reply) + { + goto free; + } + switch (readBytes(reply->str)) + { + case '+' : + evhttp_socket_send(evh_req, reply->str); + break; + default : + evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0); + break; + } +free: + freeReplyObject(reply); + request_destroy(request); + return; +} + static int -rediSyncCommand(redisAsyncContext *cl_ctx, struct request_t *request, char *odata, int expire_after) +rediSyncCommand(redisContext *sync, struct request_t *request, char *odata, int expire_after) { int xret = -1; redisReply *reply; @@ -1096,20 +1097,24 @@ rediSyncCommand(redisAsyncContext *cl_ctx, struct request_t *request, char *odat switch (readBytes(reply->str)) { case '+' : mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Writing data(%s) to redis successfully", request->rkey); - FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[2], FS_OP_ADD, 1); + FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[HTTP_ACTION_SIGN], FS_OP_ADD, 1); evhttp_socket_send(evh_req, request->odata); goto free; case '$' : mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Writing data(%s) to redis failed", request->rkey); - FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[1], FS_OP_ADD, 1); - - redisAsyncCommand(cl_ctx, redis_reget_callback, request, "GET %s", request->rkey); + FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[HTTP_ACTION_SQL], FS_OP_ADD, 1); + struct config_bucket_t *config = cert_default_config(); + if (config->mode){ + redisAsyncCommand(thread->cl_ctx, redis_reget_callback, request, "GET %s", request->rkey); + }else{ + redis_sync_reget_callback(request, sync); + } freeReplyObject(reply); goto finish; default : mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Read redis data(%s) return code failed", request->rkey); - evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0); + evhttp_socket_send_error(request->evh_req, thread->column_ids, HTTP_NOTFOUND); goto free; } xret = 0; @@ -1188,7 +1193,7 @@ web_json_table_add(char *privatekey, char *sign, } static int -redis_clnt_pdu_send(struct request_t *request, redisAsyncContext *c) +redis_clnt_pdu_send(struct request_t *request) { #define MAX_CHAIN_LEN 6 int xret = -1, i = 0; @@ -1200,11 +1205,11 @@ redis_clnt_pdu_send(struct request_t *request, redisAsyncContext *c) expire_time = x509_online_append(&info->def, request, &root, &sign, pkey, &stack_ca); if (sign == NULL && pkey[0] == '\0'){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to sign certificate"); - evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0); + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to sign certificate"); + evhttp_socket_send_error(request->evh_req, info->column_ids, HTTP_NOTFOUND); goto finish; } - FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[3], FS_OP_SET, info->diffTime); + FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[HTTP_ACTION_TIME], FS_OP_SET, info->diffTime); FS_internal_operate(SGstats.handle, info->field_ids, 0, FS_OP_ADD, 1); char *single = NULL; @@ -1223,15 +1228,15 @@ redis_clnt_pdu_send(struct request_t *request, redisAsyncContext *c) } web_json_table_add(pkey, sign, chain, &request->odata); - if (NULL == c){ + if (info->sync == NULL){ struct evhttp_request *evh_req = request->evh_req; - FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[2], FS_OP_ADD, 1); + FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[HTTP_ACTION_SIGN], FS_OP_ADD, 1); evhttp_socket_send(evh_req, request->odata); request_destroy(request); xret = 0; goto finish; } - xret = rediSyncCommand(c, request, request->odata, expire_time); + xret = rediSyncCommand(info->sync, request, request->odata, expire_time); if (xret < 0){ goto finish; } @@ -1248,11 +1253,10 @@ redis_clnt_send(struct request_t *request, redisReply *reply) cert_thread_ctx *thread = threads + request->thread_id; if (!reply && !reply->str){ - evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0); + evhttp_socket_send_error(request->evh_req, thread->column_ids, HTTP_NOTFOUND); goto finish; } - - FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[1], FS_OP_ADD, 1); + FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[HTTP_ACTION_SQL], FS_OP_ADD, 1); FS_internal_operate(SGstats.handle, thread->field_ids, 0, FS_OP_ADD, 1); @@ -1265,7 +1269,7 @@ finish: return xret; } -void redis_get_callback(redisAsyncContext *c, void *r, void *privdata) +void redis_get_callback(redisAsyncContext __attribute__((__unused__))*c, void *r, void *privdata) { int __attribute__((__unused__))xret = -1; @@ -1282,7 +1286,7 @@ void redis_get_callback(redisAsyncContext *c, void *r, void *privdata) case REDIS_REPLY_NIL: mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Generating certificate information"); - xret = redis_clnt_pdu_send(request, c); + xret = redis_clnt_pdu_send(request); break; default: break; @@ -1461,23 +1465,58 @@ finish: return 0; } +static int +redis_sync_command(struct request_t *request, struct redisContext __attribute__((__unused__))*c) +{ + int xret = -1; + redisReply *reply; + + cert_thread_ctx *thread_ctx = threads + request->thread_id; + + reply = (redisReply *)redisCommand(thread_ctx->sync, "GET %s", request->rkey); + if (NULL == reply) + goto free; + + switch (readBytes(reply->str)) { + case '+' : + mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Sends the certificate information to the requestor"); + xret = redis_clnt_send(request, reply); + break; + case '$' : + mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Generating certificate information"); + xret = redis_clnt_pdu_send(request); + goto finish; + default : + mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Read redis data(%s) return code failed", request->rkey); + evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0); + goto free; + } + xret = 0; + +free: + freeReplyObject(reply); + +finish: + return xret; +} + void http_get_cb(struct evhttp_request *evh_req, void *arg) { int xret = -1; - cert_thread_ctx *info = (cert_thread_ctx *)arg; + cert_thread_ctx *info = (cert_thread_ctx *)arg; + struct config_bucket_t *config = cert_default_config(); if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST) { mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "FAILED (post type)"); goto error; } - struct request_t *request = (struct request_t *) kmalloc (sizeof(struct request_t), MPF_CLR, -1); request->keyring_id = 0; request->thread_id = info->id; request->evh_req = evh_req; http_decode_uri(evh_req, request); - mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[Thread %d]Received request for uri, kering_id:%d, sni:%s, valid:%d", + mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "[Thread %d]Received request for uri, kering_id:%d, sni:%s, valid:%d", request->thread_id, request->keyring_id, request->sni, request->is_valid); char *input = NULL; ssize_t inputlen=0; @@ -1500,26 +1539,32 @@ void http_get_cb(struct evhttp_request *evh_req, void *arg) goto error; } mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Redis key is %s", request->rkey); - FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[0], FS_OP_ADD, 1); + FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[HTTP_ACTION_REQ], FS_OP_ADD, 1); /* we want to know if this connection closes on us */ evhttp_connection_set_closecb(evhttp_request_get_connection(evh_req), evhttp_socket_close_cb, NULL); - - if (info->cl_ctx->err != 0){ - xret = redis_clnt_pdu_send(request, NULL); + if (info->sync == NULL){ + xret = redis_clnt_pdu_send(request); if (xret < 0) mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Local sign certificate failed"); goto free; }else{ - xret = redisAsyncCommand(info->cl_ctx, redis_get_callback, request, "GET %s", request->rkey); - if (xret < 0) - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get information from redis server"); + if (config->mode) + { + xret = redisAsyncCommand(info->cl_ctx, redis_get_callback, request, "GET %s", request->rkey); + if (xret < 0) + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get information from redis server"); + }else{ + xret = redis_sync_command(request, info->sync); + if (xret < 0) + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get information from redis server"); + } } free: goto finish; error: - evhttp_send_error(evh_req, HTTP_BADREQUEST, 0); + evhttp_socket_send_error(evh_req, info->column_ids, HTTP_BADREQUEST); finish: return; } @@ -1554,11 +1599,13 @@ task_private_init(struct event_base *base, cert_thread_ctx *info) struct config_bucket_t *config = cert_default_config(); /* Initialize the redis connection*/ - xret = redis_rsync_init(base, &info->cl_ctx); - if (xret < 0 || !info->cl_ctx){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the redis connection is failure"); - } - + if (config->mode){ + xret = redis_rsync_init(base, &info->cl_ctx); + if (xret < 0 || !info->cl_ctx){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the redis connection is failure"); + } + } + xret = redis_sync_init(&info->sync); if (xret < 0 || !info->sync){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the sync redis connection is failure"); @@ -1617,6 +1664,8 @@ static void *pthread_worker_libevent(void *arg) mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Bound(%p) to port %d - Awaiting connections ... ", bound, cert_default_config()->addr_t.e_port); } + mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Work thread %u is run...", thread_ctx->id); + event_base_dispatch(base); error: event_base_free(base); @@ -1690,10 +1739,8 @@ redis_link_detection(uint32_t __attribute__((__unused__)) uid, unsigned int thread_nu = cert_default_config()->thread_nu; for (tid = 0; tid < (int)thread_nu; tid++) { info = threads + tid; - if(info->cl_ctx->err != 0){ - if (info->sync) - redisFree(info->sync); - + if(info->sync == NULL){ + redisFree(info->sync); xret = redis_sync_init(&info->sync); if (xret < 0 || !info->sync){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect sync redis failed", tid); @@ -1702,12 +1749,15 @@ redis_link_detection(uint32_t __attribute__((__unused__)) uid, mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect sync redis success", tid); } - xret = redis_rsync_init(info->base, &info->cl_ctx); - if (xret < 0 || !info->cl_ctx){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis failed", tid); - }else{ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis success", tid); - } + if(cert_default_config()->mode) + { + xret = redis_rsync_init(info->base, &info->cl_ctx); + if (xret < 0 || !info->cl_ctx){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis failed", tid); + }else{ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis success", tid); + } + } } } } @@ -1838,19 +1888,21 @@ static int mesa_fiel_stat_init() MESA_internal_set_para(SGstats.handle, CREATE_THREAD, 1); MESA_internal_set_para(SGstats.handle, STAT_CYCLE, 3); - snprintf(buff,sizeof(buff),"%s", "Req"); - SGstats.line_ids[0] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); - snprintf(buff,sizeof(buff),"%s", "DB"); - SGstats.line_ids[1] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); - snprintf(buff,sizeof(buff),"%s", "Local"); - SGstats.line_ids[2] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); + snprintf(buff,sizeof(buff),"%s", "REQ"); + SGstats.line_ids[HTTP_ACTION_REQ] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); + snprintf(buff,sizeof(buff),"%s", "SQL"); + SGstats.line_ids[HTTP_ACTION_SQL] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); + snprintf(buff,sizeof(buff),"%s", "SIGN"); + SGstats.line_ids[HTTP_ACTION_SIGN] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); + snprintf(buff,sizeof(buff),"%s", "ERR"); + SGstats.line_ids[HTTP_ACTION_ERR] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); snprintf(buff,sizeof(buff),"%s", "take-time"); - SGstats.line_ids[3] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); + SGstats.line_ids[HTTP_ACTION_TIME] = FS_internal_register(SGstats.handle, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); - MESA_internal_set_para(SGstats.handle, ID_INVISBLE, SGstats.line_ids[3]); + MESA_internal_set_para(SGstats.handle, ID_INVISBLE, SGstats.line_ids[HTTP_ACTION_TIME]); snprintf(buff,sizeof(buff),"Cert/Nsec"); - FS_internal_register_ratio(SGstats.handle, SGstats.line_ids[3], - SGstats.line_ids[2], 1, + FS_internal_register_ratio(SGstats.handle, SGstats.line_ids[HTTP_ACTION_TIME], + SGstats.line_ids[HTTP_ACTION_SIGN], 1, FS_STYLE_COLUMN, FS_CALC_CURRENT, buff); FS_internal_start(SGstats.handle); @@ -1895,10 +1947,10 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__) memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring)); atomic64_set(&pxy_obj->ref_cnt, 1); - ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d", &pxy_obj->keyring_id, profile_name, - pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_time, pxy_obj->public_algo, - pxy_obj->v3_ctl, &pxy_obj->bits, &pxy_obj->is_valid); - if(ret!=10) + ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%s\t%lu\t%s\t%d", &pxy_obj->keyring_id, profile_name, + pxy_obj->keyring_type, private_file, public_file, pxy_obj->public_algo, &pxy_obj->expire_time, + pxy_obj->v3_ctl, &pxy_obj->is_valid); + if(ret!=9) { kfree(&pxy_obj); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore parse config failed: %s", table_line); diff --git a/src/cert_store.c b/src/cert_store.c index e4dd4aa..6ccab36 100644 --- a/src/cert_store.c +++ b/src/cert_store.c @@ -86,6 +86,7 @@ void cert_preview () struct config_bucket_t *rte = cert_default_config(); printf("\r\nBasic Configuration of CertStore \n"); + printf("%30s:%45s\n", "Run Mode", (rte->mode == 1)?"rsync":"sync"); printf("%30s:%45d\n", "The Threads", rte->thread_nu); printf("%30s:%45s\n", "Store Redis Ip", rte->addr_t.store_ip); printf("%30s:%45d\n", "Store Redis Port", rte->addr_t.store_port);