gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

为了减少pinning, protocol error误判带来的影响,将service cache的淘汰方式改为FIFO,独立service_cache_expire_seconds参数,默认5分钟。

Browse Source
This commit is contained in:
zhengchao
2019-06-05 20:43:45 +08:00
parent 044d512184
commit d3afda0d4c
2 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
platform/src/ssl_service_cache.cpp
View File

@@ -283,7 +283,7 @@ struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsig
ret = MESA_htable_set_opt(htable, MHO_HASH_MAX_ELEMENT_NUM, &max_num, sizeof(max_num)); ret = MESA_htable_set_opt(htable, MHO_HASH_MAX_ELEMENT_NUM, &max_num, sizeof(max_num));
ret = MESA_htable_set_opt(htable, MHO_EXPIRE_TIME, &expire_seconds, sizeof(expire_seconds)); ret = MESA_htable_set_opt(htable, MHO_EXPIRE_TIME, &expire_seconds, sizeof(expire_seconds));
opt_val=HASH_ELIMINATE_ALGO_LRU; opt_val=HASH_ELIMINATE_ALGO_FIFO;
ret = MESA_htable_set_opt(htable, MHO_ELIMIMINATE_TYPE, ret = MESA_htable_set_opt(htable, MHO_ELIMIMINATE_TYPE,
&opt_val, sizeof(int)); &opt_val, sizeof(int));
ret = MESA_htable_set_opt(htable, MHO_CBFUN_DATA_FREE, ret = MESA_htable_set_opt(htable, MHO_CBFUN_DATA_FREE,

19
platform/src/ssl_stream.cpp
View File

@@ -126,9 +126,13 @@ struct ssl_mgr
int ssl_min_version, ssl_max_version; int ssl_min_version, ssl_max_version;
char ssl_session_context[8]; char ssl_session_context[8];
unsigned int cache_slots; unsigned int sess_cache_slots;
unsigned int sess_expire_seconds; unsigned int sess_expire_seconds;
unsigned int svc_cache_slots;
unsigned int svc_expire_seconds;
struct sess_cache * down_sess_cache; struct sess_cache * down_sess_cache;
struct sess_cache * up_sess_cache; struct sess_cache * up_sess_cache;
struct sess_ticket_box * down_stek_box; struct sess_ticket_box * down_stek_box;
@@ -656,15 +660,15 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite", MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite",
&(mgr->no_mirror_client_cipher_suite), 0); &(mgr->no_mirror_client_cipher_suite), 0);
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots",
&(mgr->cache_slots), 4 * 1024 * 1024); &(mgr->sess_cache_slots), 4 * 1024 * 1024);
MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds",
&(mgr->sess_expire_seconds), 30 * 60); &(mgr->sess_expire_seconds), 30 * 60);
if(!mgr->no_sesscache) if(!mgr->no_sesscache)
{ {
mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM); mgr->up_sess_cache = ssl_sess_cache_create(mgr->sess_cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM); mgr->down_sess_cache = ssl_sess_cache_create(mgr->sess_cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
} }
MESA_load_profile_uint_def(ini_profile, section, "stek_group_num", &stek_group_num, 1); MESA_load_profile_uint_def(ini_profile, section, "stek_group_num", &stek_group_num, 1);
@@ -675,7 +679,12 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
mgr->down_stek_box = sess_ticket_box_create(ev_base_gc, stek_group_num, stek_rotation_time, logger); mgr->down_stek_box = sess_ticket_box_create(ev_base_gc, stek_group_num, stek_rotation_time, logger);
} }
mgr->svc_cache=ssl_service_cache_create(mgr->cache_slots, mgr->sess_expire_seconds); MESA_load_profile_uint_def(ini_profile, section, "service_cache_slots",
&(mgr->svc_cache_slots), 4 * 1024 * 1024);
MESA_load_profile_uint_def(ini_profile, section, "service_cache_expire_seconds",
&(mgr->svc_expire_seconds), 5 * 60);
mgr->svc_cache=ssl_service_cache_create(mgr->svc_cache_slots, mgr->svc_expire_seconds);
mgr->key_keeper = key_keeper_init(ini_profile, "key_keeper", logger); mgr->key_keeper = key_keeper_init(ini_profile, "key_keeper", logger);
if (mgr->key_keeper == NULL) if (mgr->key_keeper == NULL)