tfe.conf中系统参数的section改为system,兼容kniv1测试完毕。
This commit is contained in:
zhengchao
@@ -31,10 +31,10 @@ enum tfe_cmsg_tlv_type
|
||||
TFE_CMSG_STREAM_TRACE_ID = 0x11,
|
||||
|
||||
TFE_CMSG_SSL_INTERCEPT_STATE, //size uint64_t, 0-passthrough, 1-intercept, 2-shutdown, referer from enum ssl_stream_action
|
||||
TFE_CMSG_SSL_UPSTREAM_LATENCY, //size uint64_t, milisecond
|
||||
TFE_CMSG_SSL_DOWNSTREAM_LATENCY, //size uint64_t, milisecond
|
||||
TFE_CMSG_SSL_UPSTREAM_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
|
||||
TFE_CMSG_SSL_DOWNSTREAM_VERSION,
|
||||
TFE_CMSG_SSL_SERVER_SIDE_LATENCY, //size uint64_t, milisecond
|
||||
TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, //size uint64_t, milisecond
|
||||
TFE_CMSG_SSL_SERVER_SIDE_VERSION, //string, SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 unknown
|
||||
TFE_CMSG_SSL_CLIENT_SIDE_VERSION,
|
||||
TFE_CMSG_SSL_PINNING_STATE, //size uint64_t, 0-not pinning 1-pinning 2-maybe pinning
|
||||
TFE_CMSG_SSL_CERT_VERIFY,
|
||||
TFE_CMSG_SSL_ERROR //string
|
||||
|
||||
@@ -1,38 +1,51 @@
|
||||
[system]
|
||||
nr_worker_threads=1
|
||||
enable_kni_v1=1
|
||||
enable_kni_v2=0
|
||||
[kni]
|
||||
uxdomain=/home/server_unixsocket_file
|
||||
ip=127.0.0.1
|
||||
scm_port=8888
|
||||
|
||||
[ssl]
|
||||
ssl_max_version=tls12
|
||||
ssl_max_version=tls13
|
||||
ssl_min_version=ssl3
|
||||
no_session_cache=0
|
||||
no_session_ticket=0
|
||||
log_master_key=1
|
||||
trusted_cert_file=resource/tfe/tls-ca-bundle.pem
|
||||
trusted_cert_dir=resource/tfe/trusted_storage
|
||||
key_log_file=log/sslkeylog.log
|
||||
no_alpn=1
|
||||
|
||||
no_alpn=0
|
||||
stek_group_num=4
|
||||
stek_rotation_time=3600
|
||||
[key_keeper]
|
||||
#Mode: debug - generate cert with ca_path, normal - generate cert with cert store
|
||||
#mode = normal
|
||||
mode = debug
|
||||
cert_store_host=192.168.11.100
|
||||
#0 on cache 1 off cache
|
||||
no_cache=0
|
||||
mode=normal
|
||||
cert_store_host=192.168.10.8
|
||||
cert_store_port=9991
|
||||
ca_path=resource/tfe/mesalab-ca.pem
|
||||
untrusted_ca_path=resource/tfe/mesalab-ca-untrust.pem
|
||||
|
||||
[ratelimit]
|
||||
#read_rate=1048576
|
||||
#read_burst=1048576
|
||||
#write_rate=1048576
|
||||
#write_burst=1048576
|
||||
ca_path=resource/tfe/tango-ca-trust-ca.pem
|
||||
untrusted_ca_path=resource/tfe/tango-ca-untrust-ca.pem
|
||||
|
||||
[debug]
|
||||
passthrough_all_tcp=0
|
||||
|
||||
[ratelimit]
|
||||
#read_rate=200000
|
||||
#read_burst=200000
|
||||
#write_rate=200000
|
||||
#write_burst=200000
|
||||
|
||||
[tcp]
|
||||
so_keepalive=0
|
||||
so_keepalive=1
|
||||
tcp_keepcnt=8
|
||||
tcp_keepintvl=15
|
||||
tcp_keepidle=30
|
||||
tcp_user_timeout=30
|
||||
tcp_ttl_upstream=75
|
||||
tcp_ttl_downstream=70
|
||||
|
||||
[log]
|
||||
level=10
|
||||
@@ -40,9 +53,6 @@ level=10
|
||||
[stat]
|
||||
statsd_server=192.168.10.72
|
||||
statsd_port=8126
|
||||
histogram_bins=0.50,0.80,0.9,0.95
|
||||
|
||||
[sender_scm]
|
||||
switch = 1
|
||||
kni_ip = 192.168.10.37
|
||||
kni_port = 8888
|
||||
[http]
|
||||
loglevel=20
|
||||
|
||||
@@ -206,8 +206,8 @@ void __kni_event_cb(evutil_socket_t fd, short what, void * user)
|
||||
struct tfe_cmsg * __tfe_cmsg;
|
||||
struct tfe_proxy_accept_para __accept_para{};
|
||||
|
||||
uint16_t session_type;
|
||||
uint16_t keyring_id;
|
||||
uint8_t session_type;
|
||||
int32_t keyring_id;
|
||||
|
||||
int * __fds = NULL;
|
||||
assert(__ctx != NULL && __ctx->thread == pthread_self());
|
||||
|
||||
@@ -258,8 +258,8 @@ int tfe_proxy_work_thread_run(struct tfe_proxy * proxy)
|
||||
int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile)
|
||||
{
|
||||
/* Worker threads */
|
||||
MESA_load_profile_uint_def(profile, "main", "nr_worker_threads", &proxy->nr_work_threads, 1);
|
||||
MESA_load_profile_uint_def(profile, "main", "buffer_output_limit", &proxy->buffer_output_limit, 0);
|
||||
MESA_load_profile_uint_def(profile, "system", "nr_worker_threads", &proxy->nr_work_threads, 1);
|
||||
MESA_load_profile_uint_def(profile, "system", "buffer_output_limit", &proxy->buffer_output_limit, 0);
|
||||
|
||||
/* Debug */
|
||||
MESA_load_profile_uint_def(profile, "debug", "passthrough_all_tcp", &proxy->tcp_all_passthrough, 0);
|
||||
@@ -355,13 +355,13 @@ int tfe_stat_init(struct tfe_proxy * proxy, const char * profile)
|
||||
|
||||
void tfe_proxy_acceptor_init(struct tfe_proxy * proxy, const char * profile)
|
||||
{
|
||||
MESA_load_profile_uint_def(profile, "acceptor", "en_kni_v1", &proxy->en_kni_v1_acceptor, 0);
|
||||
MESA_load_profile_uint_def(profile, "acceptor", "en_kni_v2", &proxy->en_kni_v2_acceptor, 1);
|
||||
MESA_load_profile_uint_def(profile, "system", "enable_kni_v1", &proxy->en_kni_v1_acceptor, 0);
|
||||
MESA_load_profile_uint_def(profile, "system", "enable_kni_v2", &proxy->en_kni_v2_acceptor, 1);
|
||||
|
||||
if (proxy->en_kni_v1_acceptor)
|
||||
{
|
||||
g_default_proxy->kni_v1_acceptor = acceptor_kni_v1_create(proxy, profile, proxy->logger);
|
||||
CHECK_OR_EXIT(g_default_proxy->kni_v2_acceptor, "Failed at init KNIv2 acceptor. Exit. ");
|
||||
CHECK_OR_EXIT(g_default_proxy->kni_v1_acceptor, "Failed at init KNIv1 acceptor. Exit. ");
|
||||
}
|
||||
|
||||
if (proxy->en_kni_v2_acceptor)
|
||||
@@ -438,7 +438,7 @@ int main(int argc, char * argv[])
|
||||
tfe_proxy_acceptor_init(g_default_proxy, main_profile);
|
||||
|
||||
/* SCM Sender */
|
||||
g_default_proxy->scm_sender = sender_scm_init(main_profile, "sender_scm", g_default_logger);
|
||||
g_default_proxy->scm_sender = sender_scm_init(main_profile, "kni", g_default_logger);
|
||||
CHECK_OR_EXIT(g_default_proxy->scm_sender != NULL, "Failed at creating scm sender, Exit.");
|
||||
|
||||
/* PLUGIN INIT */
|
||||
|
||||
@@ -41,26 +41,14 @@ struct sender_scm* sender_scm_init(const char *profile, const char *section, voi
|
||||
struct sockaddr_in server_addr;
|
||||
struct sender_scm *sender = ALLOC(struct sender_scm, 1);
|
||||
sender->logger = logger;
|
||||
int ret = MESA_load_profile_int_nodef(profile, section, "send_switch", &send_switch);
|
||||
if(ret < 0)
|
||||
MESA_load_profile_int_def(profile, section, "send_switch", &send_switch, 1);
|
||||
if(send_switch)
|
||||
{
|
||||
TFE_LOG_ERROR(logger, "MESA_prof_load: send_switch not set, profile is %s, section is %s", profile, section);
|
||||
goto error_out;
|
||||
}
|
||||
ret = MESA_load_profile_string_nodef(profile, section, "kni_ip", kni_ip, sizeof(kni_ip));
|
||||
if(ret < 0)
|
||||
{
|
||||
TFE_LOG_ERROR(logger, "MESA_prof_load: kni_ip not set, profile is %s, section is %s", profile, section);
|
||||
goto error_out;
|
||||
}
|
||||
ret = MESA_load_profile_int_nodef(profile, section, "kni_port", &kni_port);
|
||||
if(ret < 0)
|
||||
{
|
||||
TFE_LOG_ERROR(logger, "MESA_prof_load: kni_port not set, profile is %s, section is %s", profile, section);
|
||||
goto error_out;
|
||||
}
|
||||
MESA_load_profile_string_def(profile, section, "ip", kni_ip, sizeof(kni_ip), "127.0.0.1");
|
||||
MESA_load_profile_int_def(profile, section, "cmsg_port", &kni_port, 2475);
|
||||
TFE_LOG_INFO(logger, "MESA_prof_load, [%s]:\n kni_ip: %s\n kni_port: %d",
|
||||
section, kni_ip, kni_port);
|
||||
}
|
||||
sender->send_switch = send_switch;
|
||||
if(send_switch == 0)
|
||||
{
|
||||
|
||||
@@ -1179,7 +1179,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect server latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni);
|
||||
}
|
||||
s_stream->connect_latency_ms=jiffies_ms;
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_UPSTREAM_LATENCY, jiffies_ms);
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_SERVER_SIDE_LATENCY, jiffies_ms);
|
||||
|
||||
if(!SSL_session_reused(s_stream->ssl))
|
||||
{
|
||||
@@ -1253,7 +1253,7 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
}
|
||||
}
|
||||
s_stream->negotiated_version=SSL_version(s_stream->ssl);
|
||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_UPSTREAM_VERSION, SSL_get_version(s_stream->ssl));
|
||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_SERVER_SIDE_VERSION, SSL_get_version(s_stream->ssl));
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CERT_VERIFY, s_upstream->is_server_cert_verify_passed);
|
||||
promise_success(p, ctx);
|
||||
}
|
||||
@@ -1777,7 +1777,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
|
||||
TFE_LOG_ERROR(mgr->logger, "Warning: ssl connect client latency %ld ms: addr=%s, sni=%s", jiffies_ms, s_stream->tcp_stream->str_stream_info, sni);
|
||||
}
|
||||
s_stream->connect_latency_ms=jiffies_ms;
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_DOWNSTREAM_LATENCY, jiffies_ms);
|
||||
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_CLIENT_SIDE_LATENCY, jiffies_ms);
|
||||
bufferevent_disable(ctx->bev_down, EV_READ | EV_WRITE);
|
||||
bufferevent_setcb(ctx->bev_down, NULL, NULL, NULL, NULL); //leave a clean bev for on_success
|
||||
|
||||
@@ -1786,7 +1786,7 @@ static void ssl_client_connected_eventcb(struct bufferevent * bev, short events,
|
||||
log_ssl_master_key(s_stream->ssl, ctx->fd_downstream, CONN_DIR_DOWNSTREAM, mgr->fp_master_key);
|
||||
}
|
||||
s_stream->negotiated_version=SSL_version(s_stream->ssl);
|
||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_DOWNSTREAM_VERSION, SSL_get_version(s_stream->ssl));
|
||||
ssl_stream_set_cmsg_string(s_stream, TFE_CMSG_SSL_CLIENT_SIDE_VERSION, SSL_get_version(s_stream->ssl));
|
||||
promise_success(p, ctx);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user