#167 增加已拦截连接数、字节数、PASSTHROUGH连接数统计并调整FieldStat状态文件的输出位置。
This commit is contained in:
luqiuwen
@@ -609,7 +609,7 @@ void ssl_manager_destroy(struct ssl_mgr * mgr)
|
||||
}
|
||||
|
||||
|
||||
struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section,
|
||||
struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section,
|
||||
struct event_base * ev_base_gc, struct key_keeper * key_keeper, void * logger)
|
||||
{
|
||||
unsigned int stek_group_num = 0;
|
||||
@@ -705,7 +705,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
|
||||
mgr->svc_fail_as_proto_err_cnt,
|
||||
mgr->svc_succ_as_app_not_pinning_cnt,
|
||||
mgr->svc_cnt_time_window);
|
||||
|
||||
|
||||
mgr->key_keeper = key_keeper;
|
||||
MESA_load_profile_uint_def(ini_profile, section, "trusted_cert_load_local",
|
||||
&(mgr->trusted_cert_load_local), 1);
|
||||
@@ -1971,145 +1971,6 @@ void ssl_async_downstream_create(struct future * f, struct ssl_mgr * mgr, struct
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Cleanly shut down an SSL socket. Libevent currently has no support for
|
||||
* cleanly shutting down an SSL socket so we work around that by using a
|
||||
* low-level event. This works for recent versions of OpenSSL. OpenSSL
|
||||
* with the older SSL_shutdown() semantics, not exposing WANT_READ/WRITE
|
||||
* may or may not work.
|
||||
*/
|
||||
UNUSED static struct ssl_shutdown_ctx * ssl_shutdown_ctx_new(struct ssl_stream * s_stream, struct event_base * evbase)
|
||||
{
|
||||
struct ssl_shutdown_ctx * ctx = ALLOC(struct ssl_shutdown_ctx, 1);
|
||||
ctx->evbase = evbase;
|
||||
ctx->s_stream = s_stream;
|
||||
ctx->ev = NULL;
|
||||
ctx->mgr = s_stream->mgr;
|
||||
ctx->dir = s_stream->dir;
|
||||
ctx->retries = 0;
|
||||
ctx->dir==CONN_DIR_DOWNSTREAM ? ATOMIC_INC(&(ctx->mgr->stat_val[SSL_DOWN_CLOSING]))
|
||||
: ATOMIC_INC(&(ctx->mgr->stat_val[SSL_UP_CLOSING]));
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
static void ssl_shutdown_ctx_free(struct ssl_shutdown_ctx * ctx)
|
||||
{
|
||||
ctx->dir==CONN_DIR_DOWNSTREAM ? ATOMIC_DEC(&(ctx->mgr->stat_val[SSL_DOWN_CLOSING]))
|
||||
: ATOMIC_DEC(&(ctx->mgr->stat_val[SSL_UP_CLOSING]));
|
||||
memset(ctx, 0, sizeof(struct ssl_shutdown_ctx));
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
/*
|
||||
* The shutdown socket event handler. This is either
|
||||
* scheduled as a timeout-only event, or as a fd read or
|
||||
* fd write event, depending on whether SSL_shutdown()
|
||||
* indicates it needs read or write on the socket.
|
||||
*/
|
||||
static void pxy_ssl_shutdown_cb(evutil_socket_t fd, short what, void * arg)
|
||||
{
|
||||
struct ssl_shutdown_ctx * ctx = (struct ssl_shutdown_ctx *) arg;
|
||||
struct timeval retry_delay = {0, 100};
|
||||
|
||||
void * logger = ctx->s_stream->mgr->logger;
|
||||
struct ssl_mgr* mgr=ctx->s_stream->mgr;
|
||||
short want = 0;
|
||||
int rv = 0, sslerr = 0;
|
||||
if (ctx->ev)
|
||||
{
|
||||
event_free(ctx->ev);
|
||||
ctx->ev = NULL;
|
||||
}
|
||||
|
||||
if(what == 0)
|
||||
{
|
||||
TFE_PROXY_STAT_INCREASE(STAT_FD_DEFER_CLOSE_IN_QUEUE, 1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Use the new (post-2008) semantics for SSL_shutdown() on a
|
||||
* non-blocking socket. SSL_shutdown() returns -1 and WANT_READ
|
||||
* if the other end's close notify was not received yet, and
|
||||
* WANT_WRITE it could not write our own close notify.
|
||||
*
|
||||
* This is a good collection of recent and relevant documents:
|
||||
* http://bugs.python.org/issue8108
|
||||
*/
|
||||
if(what == EV_TIMEOUT)
|
||||
{
|
||||
SSL_set_shutdown(ctx->s_stream->ssl, SSL_RECEIVED_SHUTDOWN);
|
||||
}
|
||||
rv = SSL_shutdown(ctx->s_stream->ssl);
|
||||
|
||||
if (rv == 1)
|
||||
goto complete;
|
||||
|
||||
if (rv != -1)
|
||||
{
|
||||
goto retry;
|
||||
}
|
||||
|
||||
switch ((sslerr = SSL_get_error(ctx->s_stream->ssl, rv)))
|
||||
{
|
||||
case SSL_ERROR_WANT_READ: want = EV_READ;
|
||||
goto retry;
|
||||
case SSL_ERROR_WANT_WRITE: want = EV_WRITE;
|
||||
goto retry;
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
case SSL_ERROR_SYSCALL:
|
||||
case SSL_ERROR_SSL: goto complete;
|
||||
default: TFE_LOG_ERROR(logger, "Unhandled SSL_shutdown() "
|
||||
"error %i. Closing fd.\n", sslerr);
|
||||
goto complete;
|
||||
}
|
||||
|
||||
goto complete;
|
||||
|
||||
retry:
|
||||
if (ctx->retries++ >= MAX_NET_RETRIES)
|
||||
{
|
||||
/*
|
||||
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, ctx->s_stream->dir);
|
||||
char* addr_string=tfe_stream_addr_to_str(addr);
|
||||
TFE_LOG_ERROR(logger, "Failed to shutdown %s SSL connection cleanly: %s "
|
||||
"Max retries reached. Closing fd %d.",
|
||||
tfe_stream_conn_dir_to_str(ctx->s_stream->dir),
|
||||
addr_string, fd);
|
||||
tfe_stream_addr_free(addr);
|
||||
free(addr_string);
|
||||
*/
|
||||
if(ctx->s_stream->dir==CONN_DIR_DOWNSTREAM)
|
||||
{
|
||||
ATOMIC_INC(&(mgr->stat_val[SSL_DOWN_DIRTY_CLOSED]));
|
||||
}
|
||||
else
|
||||
{
|
||||
ATOMIC_INC(&(mgr->stat_val[SSL_UP_DIRTY_CLOSED]));
|
||||
}
|
||||
goto complete;
|
||||
}
|
||||
|
||||
ctx->ev = event_new(ctx->evbase, fd, want, pxy_ssl_shutdown_cb, ctx);
|
||||
|
||||
if (ctx->ev)
|
||||
{
|
||||
event_add(ctx->ev, &retry_delay);
|
||||
}
|
||||
else
|
||||
{
|
||||
TFE_LOG_ERROR(logger, "Failed to shutdown SSL connection cleanly: "
|
||||
"Cannot create event. Closing fd %d.", fd);
|
||||
}
|
||||
return;
|
||||
|
||||
complete:
|
||||
TFE_PROXY_STAT_INCREASE(STAT_FD_DEFER_CLOSE_SUCCESS, 1);
|
||||
ssl_stream_free(ctx->s_stream);
|
||||
evutil_closesocket(fd);
|
||||
ssl_shutdown_ctx_free(ctx);
|
||||
}
|
||||
|
||||
/*
|
||||
* Cleanly shutdown an SSL session on file descriptor fd using low-level
|
||||
* file descriptor readiness events on event base evbase.
|
||||
|
||||
Reference in New Issue
Block a user