为了减少pinning, protocol error误判带来的影响,将service cache的淘汰方式改为FIFO,独立service_cache_expire_seconds参数,默认5分钟。
This commit is contained in:
zhengchao
@@ -283,7 +283,7 @@ struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsig
|
||||
ret = MESA_htable_set_opt(htable, MHO_HASH_MAX_ELEMENT_NUM, &max_num, sizeof(max_num));
|
||||
ret = MESA_htable_set_opt(htable, MHO_EXPIRE_TIME, &expire_seconds, sizeof(expire_seconds));
|
||||
|
||||
opt_val=HASH_ELIMINATE_ALGO_LRU;
|
||||
opt_val=HASH_ELIMINATE_ALGO_FIFO;
|
||||
ret = MESA_htable_set_opt(htable, MHO_ELIMIMINATE_TYPE,
|
||||
&opt_val, sizeof(int));
|
||||
ret = MESA_htable_set_opt(htable, MHO_CBFUN_DATA_FREE,
|
||||
|
||||
@@ -126,9 +126,13 @@ struct ssl_mgr
|
||||
int ssl_min_version, ssl_max_version;
|
||||
char ssl_session_context[8];
|
||||
|
||||
unsigned int cache_slots;
|
||||
unsigned int sess_cache_slots;
|
||||
unsigned int sess_expire_seconds;
|
||||
|
||||
unsigned int svc_cache_slots;
|
||||
unsigned int svc_expire_seconds;
|
||||
|
||||
|
||||
struct sess_cache * down_sess_cache;
|
||||
struct sess_cache * up_sess_cache;
|
||||
struct sess_ticket_box * down_stek_box;
|
||||
@@ -656,15 +660,15 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_mirror_client_cipher_suite",
|
||||
&(mgr->no_mirror_client_cipher_suite), 0);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots",
|
||||
&(mgr->cache_slots), 4 * 1024 * 1024);
|
||||
&(mgr->sess_cache_slots), 4 * 1024 * 1024);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds",
|
||||
&(mgr->sess_expire_seconds), 30 * 60);
|
||||
|
||||
|
||||
if(!mgr->no_sesscache)
|
||||
{
|
||||
mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
|
||||
mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
|
||||
mgr->up_sess_cache = ssl_sess_cache_create(mgr->sess_cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
|
||||
mgr->down_sess_cache = ssl_sess_cache_create(mgr->sess_cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
|
||||
}
|
||||
|
||||
MESA_load_profile_uint_def(ini_profile, section, "stek_group_num", &stek_group_num, 1);
|
||||
@@ -675,7 +679,12 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
|
||||
mgr->down_stek_box = sess_ticket_box_create(ev_base_gc, stek_group_num, stek_rotation_time, logger);
|
||||
}
|
||||
|
||||
mgr->svc_cache=ssl_service_cache_create(mgr->cache_slots, mgr->sess_expire_seconds);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "service_cache_slots",
|
||||
&(mgr->svc_cache_slots), 4 * 1024 * 1024);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "service_cache_expire_seconds",
|
||||
&(mgr->svc_expire_seconds), 5 * 60);
|
||||
|
||||
mgr->svc_cache=ssl_service_cache_create(mgr->svc_cache_slots, mgr->svc_expire_seconds);
|
||||
|
||||
mgr->key_keeper = key_keeper_init(ini_profile, "key_keeper", logger);
|
||||
if (mgr->key_keeper == NULL)
|
||||
|
||||
Reference in New Issue
Block a user