#167 增加已拦截连接数、字节数、PASSTHROUGH连接数统计并调整FieldStat状态文件的输出位置。
This commit is contained in:
luqiuwen
@@ -307,9 +307,7 @@ static const char * __str_stat_spec_map[] =
|
||||
[STAT_SIGPIPE] = "SIGPIPE",
|
||||
[STAT_FD_OPEN_BY_KNI_ACCEPT] = "fd_rx",
|
||||
[STAT_FD_CLOSE_BY_KNI_ACCEPT_FAIL] = "fd_rx_err",
|
||||
[STAT_FD_INSTANT_CLOSE] = "fd_inst_cls",
|
||||
[STAT_FD_DEFER_CLOSE_IN_QUEUE] = "fd_dfr_cls",
|
||||
[STAT_FD_DEFER_CLOSE_SUCCESS] = "fd_dfr_clsd",
|
||||
[STAT_FD_CLOSE] = "fd_inst_cls",
|
||||
[STAT_STREAM_OPEN] = "stm_open",
|
||||
[STAT_STREAM_CLS] = "stm_cls",
|
||||
[STAT_STREAM_CLS_DOWN_EOF] = "dstm_eof",
|
||||
@@ -317,16 +315,19 @@ static const char * __str_stat_spec_map[] =
|
||||
[STAT_STREAM_CLS_DOWN_ERR] = "dstm_err",
|
||||
[STAT_STREAM_CLS_UP_ERR] = "ustm_err",
|
||||
[STAT_STREAM_CLS_KILL] = "stm_kill",
|
||||
[STAT_STREAM_INTERCEPT] = "stm_incpt",
|
||||
[STAT_STREAM_BYPASS] = "stm_byp",
|
||||
[STAT_STREAM_INCPT_BYTES] = "stm_incpt_B",
|
||||
[STAT_STREAM_INCPT_DOWN_BYTES] = "dstm_incpt_B",
|
||||
[STAT_STREAM_INCPT_UP_BYTES] = "ustm_incpt_B",
|
||||
[STAT_STREAM_TCP_PLAIN] = "plain",
|
||||
[STAT_STREAM_TCP_SSL] = "SSL",
|
||||
[STAT_STREAM_DOWN_RX_BYTES] = "dstm_bytes",
|
||||
[STAT_STREAM_UP_RX_BYTES] = "ustm_bytes",
|
||||
[STAT_STREAM_TCP_SSL] = "ssl",
|
||||
[TFE_STAT_MAX] = NULL
|
||||
};
|
||||
|
||||
int tfe_stat_init(struct tfe_proxy * proxy, const char * profile)
|
||||
{
|
||||
static const char * fieldstat_output = "./tfe.fieldstat";
|
||||
static const char * fieldstat_output = "log/tfe.fs2";
|
||||
static const char * app_name = "tfe3a";
|
||||
|
||||
int value = 0, i = 0;
|
||||
|
||||
@@ -609,7 +609,7 @@ void ssl_manager_destroy(struct ssl_mgr * mgr)
|
||||
}
|
||||
|
||||
|
||||
struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section,
|
||||
struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section,
|
||||
struct event_base * ev_base_gc, struct key_keeper * key_keeper, void * logger)
|
||||
{
|
||||
unsigned int stek_group_num = 0;
|
||||
@@ -705,7 +705,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
|
||||
mgr->svc_fail_as_proto_err_cnt,
|
||||
mgr->svc_succ_as_app_not_pinning_cnt,
|
||||
mgr->svc_cnt_time_window);
|
||||
|
||||
|
||||
mgr->key_keeper = key_keeper;
|
||||
MESA_load_profile_uint_def(ini_profile, section, "trusted_cert_load_local",
|
||||
&(mgr->trusted_cert_load_local), 1);
|
||||
@@ -1971,145 +1971,6 @@ void ssl_async_downstream_create(struct future * f, struct ssl_mgr * mgr, struct
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Cleanly shut down an SSL socket. Libevent currently has no support for
|
||||
* cleanly shutting down an SSL socket so we work around that by using a
|
||||
* low-level event. This works for recent versions of OpenSSL. OpenSSL
|
||||
* with the older SSL_shutdown() semantics, not exposing WANT_READ/WRITE
|
||||
* may or may not work.
|
||||
*/
|
||||
UNUSED static struct ssl_shutdown_ctx * ssl_shutdown_ctx_new(struct ssl_stream * s_stream, struct event_base * evbase)
|
||||
{
|
||||
struct ssl_shutdown_ctx * ctx = ALLOC(struct ssl_shutdown_ctx, 1);
|
||||
ctx->evbase = evbase;
|
||||
ctx->s_stream = s_stream;
|
||||
ctx->ev = NULL;
|
||||
ctx->mgr = s_stream->mgr;
|
||||
ctx->dir = s_stream->dir;
|
||||
ctx->retries = 0;
|
||||
ctx->dir==CONN_DIR_DOWNSTREAM ? ATOMIC_INC(&(ctx->mgr->stat_val[SSL_DOWN_CLOSING]))
|
||||
: ATOMIC_INC(&(ctx->mgr->stat_val[SSL_UP_CLOSING]));
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
static void ssl_shutdown_ctx_free(struct ssl_shutdown_ctx * ctx)
|
||||
{
|
||||
ctx->dir==CONN_DIR_DOWNSTREAM ? ATOMIC_DEC(&(ctx->mgr->stat_val[SSL_DOWN_CLOSING]))
|
||||
: ATOMIC_DEC(&(ctx->mgr->stat_val[SSL_UP_CLOSING]));
|
||||
memset(ctx, 0, sizeof(struct ssl_shutdown_ctx));
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
/*
|
||||
* The shutdown socket event handler. This is either
|
||||
* scheduled as a timeout-only event, or as a fd read or
|
||||
* fd write event, depending on whether SSL_shutdown()
|
||||
* indicates it needs read or write on the socket.
|
||||
*/
|
||||
static void pxy_ssl_shutdown_cb(evutil_socket_t fd, short what, void * arg)
|
||||
{
|
||||
struct ssl_shutdown_ctx * ctx = (struct ssl_shutdown_ctx *) arg;
|
||||
struct timeval retry_delay = {0, 100};
|
||||
|
||||
void * logger = ctx->s_stream->mgr->logger;
|
||||
struct ssl_mgr* mgr=ctx->s_stream->mgr;
|
||||
short want = 0;
|
||||
int rv = 0, sslerr = 0;
|
||||
if (ctx->ev)
|
||||
{
|
||||
event_free(ctx->ev);
|
||||
ctx->ev = NULL;
|
||||
}
|
||||
|
||||
if(what == 0)
|
||||
{
|
||||
TFE_PROXY_STAT_INCREASE(STAT_FD_DEFER_CLOSE_IN_QUEUE, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Use the new (post-2008) semantics for SSL_shutdown() on a
|
||||
* non-blocking socket. SSL_shutdown() returns -1 and WANT_READ
|
||||
* if the other end's close notify was not received yet, and
|
||||
* WANT_WRITE it could not write our own close notify.
|
||||
*
|
||||
* This is a good collection of recent and relevant documents:
|
||||
* http://bugs.python.org/issue8108
|
||||
*/
|
||||
if(what == EV_TIMEOUT)
|
||||
{
|
||||
SSL_set_shutdown(ctx->s_stream->ssl, SSL_RECEIVED_SHUTDOWN);
|
||||
}
|
||||
rv = SSL_shutdown(ctx->s_stream->ssl);
|
||||
|
||||
if (rv == 1)
|
||||
goto complete;
|
||||
|
||||
if (rv != -1)
|
||||
{
|
||||
goto retry;
|
||||
}
|
||||
|
||||
switch ((sslerr = SSL_get_error(ctx->s_stream->ssl, rv)))
|
||||
{
|
||||
case SSL_ERROR_WANT_READ: want = EV_READ;
|
||||
goto retry;
|
||||
case SSL_ERROR_WANT_WRITE: want = EV_WRITE;
|
||||
goto retry;
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
case SSL_ERROR_SYSCALL:
|
||||
case SSL_ERROR_SSL: goto complete;
|
||||
default: TFE_LOG_ERROR(logger, "Unhandled SSL_shutdown() "
|
||||
"error %i. Closing fd.\n", sslerr);
|
||||
goto complete;
|
||||
}
|
||||
|
||||
goto complete;
|
||||
|
||||
retry:
|
||||
if (ctx->retries++ >= MAX_NET_RETRIES)
|
||||
{
|
||||
/*
|
||||
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, ctx->s_stream->dir);
|
||||
char* addr_string=tfe_stream_addr_to_str(addr);
|
||||
TFE_LOG_ERROR(logger, "Failed to shutdown %s SSL connection cleanly: %s "
|
||||
"Max retries reached. Closing fd %d.",
|
||||
tfe_stream_conn_dir_to_str(ctx->s_stream->dir),
|
||||
addr_string, fd);
|
||||
tfe_stream_addr_free(addr);
|
||||
free(addr_string);
|
||||
*/
|
||||
if(ctx->s_stream->dir==CONN_DIR_DOWNSTREAM)
|
||||
{
|
||||
ATOMIC_INC(&(mgr->stat_val[SSL_DOWN_DIRTY_CLOSED]));
|
||||
}
|
||||
else
|
||||
{
|
||||
ATOMIC_INC(&(mgr->stat_val[SSL_UP_DIRTY_CLOSED]));
|
||||
}
|
||||
goto complete;
|
||||
}
|
||||
|
||||
ctx->ev = event_new(ctx->evbase, fd, want, pxy_ssl_shutdown_cb, ctx);
|
||||
|
||||
if (ctx->ev)
|
||||
{
|
||||
event_add(ctx->ev, &retry_delay);
|
||||
}
|
||||
else
|
||||
{
|
||||
TFE_LOG_ERROR(logger, "Failed to shutdown SSL connection cleanly: "
|
||||
"Cannot create event. Closing fd %d.", fd);
|
||||
}
|
||||
return;
|
||||
|
||||
complete:
|
||||
TFE_PROXY_STAT_INCREASE(STAT_FD_DEFER_CLOSE_SUCCESS, 1);
|
||||
ssl_stream_free(ctx->s_stream);
|
||||
evutil_closesocket(fd);
|
||||
ssl_shutdown_ctx_free(ctx);
|
||||
}
|
||||
|
||||
/*
|
||||
* Cleanly shutdown an SSL session on file descriptor fd using low-level
|
||||
* file descriptor readiness events on event base evbase.
|
||||
|
||||
@@ -422,7 +422,7 @@ static void __conn_private_destory(struct tfe_conn_private * conn)
|
||||
|
||||
free(conn);
|
||||
(void)ret;
|
||||
TFE_PROXY_STAT_INCREASE(STAT_FD_INSTANT_CLOSE, 1);
|
||||
TFE_PROXY_STAT_INCREASE(STAT_FD_CLOSE, 1);
|
||||
}
|
||||
|
||||
static void __conn_private_destory_with_ssl(struct event_base * ev_base,
|
||||
@@ -445,6 +445,12 @@ static void __stream_bev_passthrough_readcb(struct bufferevent * bev, void * arg
|
||||
return;
|
||||
}
|
||||
|
||||
if (_stream->is_first_call_rxcb == 0)
|
||||
{
|
||||
TFE_PROXY_STAT_INCREASE(STAT_STREAM_BYPASS, 1);
|
||||
_stream->is_first_call_rxcb = 1;
|
||||
}
|
||||
|
||||
struct evbuffer * __output_buffer = bufferevent_get_output(peer_conn->bev);
|
||||
evbuffer_add_buffer(__output_buffer, __input_buffer);
|
||||
}
|
||||
@@ -589,6 +595,12 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
|
||||
return;
|
||||
}
|
||||
|
||||
if (_stream->is_first_call_rxcb == 0)
|
||||
{
|
||||
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INTERCEPT, 1);
|
||||
_stream->is_first_call_rxcb = 1;
|
||||
}
|
||||
|
||||
struct evbuffer * outbuf = bufferevent_get_output(peer_conn->bev);
|
||||
assert(inbuf != NULL && outbuf != NULL);
|
||||
|
||||
@@ -673,15 +685,18 @@ static void __stream_bev_readcb(struct bufferevent * bev, void * arg)
|
||||
|
||||
if (dir == CONN_DIR_DOWNSTREAM)
|
||||
{
|
||||
TFE_PROXY_STAT_INCREASE(STAT_STREAM_DOWN_RX_BYTES, rx_offset_increase);
|
||||
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_DOWN_BYTES, rx_offset_increase);
|
||||
_stream->downstream_rx_offset += rx_offset_increase;
|
||||
}
|
||||
else
|
||||
{
|
||||
TFE_PROXY_STAT_INCREASE(STAT_STREAM_UP_RX_BYTES, rx_offset_increase);
|
||||
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_UP_BYTES, rx_offset_increase);
|
||||
_stream->upstream_rx_offset += rx_offset_increase;
|
||||
}
|
||||
|
||||
/* Total Bytes */
|
||||
TFE_PROXY_STAT_INCREASE(STAT_STREAM_INCPT_BYTES, rx_offset_increase);
|
||||
|
||||
if(_stream->need_to_be_kill)
|
||||
{
|
||||
const static struct linger sl{.l_onoff = 1, .l_linger = 0};
|
||||
@@ -997,18 +1012,18 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
|
||||
enum ssl_stream_action ssl_action = ssl_upstream_create_result_release_action(result);
|
||||
if (SSL_ACTION_PASSTHROUGH == ssl_action)
|
||||
{
|
||||
_stream->tcp_passthough = true;
|
||||
_stream->conn_upstream = __conn_private_create_by_fd(_stream, _stream->defer_fd_upstream);
|
||||
_stream->conn_downstream = __conn_private_create_by_fd(_stream, _stream->defer_fd_downstream);
|
||||
__conn_private_enable(_stream->conn_downstream);
|
||||
__conn_private_enable(_stream->conn_upstream);
|
||||
|
||||
_stream->tcp_passthough = 1;
|
||||
_stream->defer_fd_downstream = 0;
|
||||
_stream->defer_fd_upstream = 0;
|
||||
}
|
||||
else if (SSL_ACTION_SHUTDOWN == ssl_action)
|
||||
{
|
||||
tfe_stream_destory(_stream);
|
||||
return tfe_stream_destory(_stream);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1232,7 +1247,8 @@ void __stream_fd_option_setup(struct tfe_stream_private * _stream, evutil_socket
|
||||
struct tfe_proxy_tcp_options * tcp_options = &_stream->proxy_ref->tcp_options;
|
||||
|
||||
/* Make it non-blocking */
|
||||
evutil_make_socket_nonblocking(fd);
|
||||
int ret = evutil_make_socket_nonblocking(fd);
|
||||
assert(ret >= 0);
|
||||
|
||||
/* Recv Buffer */
|
||||
if (tcp_options->sz_rcv_buffer >= 0)
|
||||
@@ -1307,6 +1323,8 @@ void __stream_fd_option_setup(struct tfe_stream_private * _stream, evutil_socket
|
||||
TFE_LOG_ERROR(g_default_logger, "%s: Failed at setup FD's ttl option, ttl = %d, fd = %d",
|
||||
stream->str_stream_info, __ttl, fd);
|
||||
}
|
||||
|
||||
(void)ret;
|
||||
}
|
||||
|
||||
int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downstream, evutil_socket_t fd_upstream)
|
||||
@@ -1325,8 +1343,7 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
|
||||
if (unlikely(_stream->head.addr == NULL))
|
||||
{
|
||||
TFE_LOG_ERROR(_stream->stream_logger, "Failed to create address from fd %d, %d, terminate fds.",
|
||||
fd_downstream, fd_upstream);
|
||||
goto __errout;
|
||||
fd_downstream, fd_upstream); goto __errout;
|
||||
}
|
||||
|
||||
_stream->str_stream_addr = tfe_stream_addr_to_str(_stream->head.addr);
|
||||
|
||||
Reference in New Issue
Block a user