1. ssl增加no_verify_cert开关,可以关闭证书校验;
2. ssl_utils.cc改名为ssl_utils.cpp; 3. 暂时使用tcmalloc接管内存分配; 4. 原work thread选择算法存在bug,暂时改为轮询; 5. FieldStat状态输出暂时改为Field格式,便于观察实时性能,Future的状态输出暂时改为累计值;
This commit is contained in:
zhengchao
@@ -75,7 +75,9 @@ struct tfe_thread_ctx * tfe_proxy_thread_ctx_acquire(struct tfe_proxy * ctx)
|
||||
{
|
||||
unsigned int min_thread_id = 0;
|
||||
unsigned int min_load = 0;
|
||||
|
||||
static unsigned int counter=0;
|
||||
counter++;
|
||||
/*
|
||||
for (unsigned int tid = 0; tid < ctx->nr_work_threads; tid++)
|
||||
{
|
||||
struct tfe_thread_ctx * thread_ctx = ctx->work_threads[tid];
|
||||
@@ -84,7 +86,8 @@ struct tfe_thread_ctx * tfe_proxy_thread_ctx_acquire(struct tfe_proxy * ctx)
|
||||
min_thread_id = min_load > thread_load ? tid : min_thread_id;
|
||||
min_load = min_load > thread_load ? thread_load : min_load;
|
||||
}
|
||||
|
||||
*/
|
||||
min_thread_id=counter%ctx->nr_work_threads;
|
||||
ATOMIC_INC(&ctx->work_threads[min_thread_id]->load);
|
||||
return ctx->work_threads[min_thread_id];
|
||||
}
|
||||
@@ -276,19 +279,19 @@ int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile)
|
||||
static const char * __str_stat_spec_map[] =
|
||||
{
|
||||
[STAT_SIGPIPE] = "SIGPIPE",
|
||||
[STAT_FD_OPEN_BY_KNI_ACCEPT] = "FdRcv",
|
||||
[STAT_FD_CLOSE_BY_KNI_ACCEPT_FAIL] = "FdRcvFail",
|
||||
[STAT_FD_INSTANT_CLOSE] = "FdClsInstant",
|
||||
[STAT_FD_DEFER_CLOSE_IN_QUEUE] = "FdClsDefInQ",
|
||||
[STAT_FD_DEFER_CLOSE_SUCCESS] = "FdClsDefSuc",
|
||||
[STAT_STREAM_OPEN] = "StrOpen",
|
||||
[STAT_STREAM_CLS] = "StrCls",
|
||||
[STAT_STREAM_CLS_DOWN_EOF] = "StrDownEOF",
|
||||
[STAT_STREAM_CLS_UP_EOF] = "StrUpEOF",
|
||||
[STAT_STREAM_CLS_DOWN_ERR] = "StrDownErr",
|
||||
[STAT_STREAM_CLS_UP_ERR] = "StrUpErr",
|
||||
[STAT_STREAM_CLS_KILL] = "StrKill",
|
||||
[STAT_STREAM_TCP_PLAIN] = "Plain",
|
||||
[STAT_FD_OPEN_BY_KNI_ACCEPT] = "fd_rx",
|
||||
[STAT_FD_CLOSE_BY_KNI_ACCEPT_FAIL] = "fd_rx_err",
|
||||
[STAT_FD_INSTANT_CLOSE] = "fd_inst_cls",
|
||||
[STAT_FD_DEFER_CLOSE_IN_QUEUE] = "fd_dfr_cls",
|
||||
[STAT_FD_DEFER_CLOSE_SUCCESS] = "fd_dfr_clsd",
|
||||
[STAT_STREAM_OPEN] = "stm_open",
|
||||
[STAT_STREAM_CLS] = "stm_cls",
|
||||
[STAT_STREAM_CLS_DOWN_EOF] = "dstm_eof",
|
||||
[STAT_STREAM_CLS_UP_EOF] = "ustm_eof",
|
||||
[STAT_STREAM_CLS_DOWN_ERR] = "dstm_err",
|
||||
[STAT_STREAM_CLS_UP_ERR] = "ustm_err",
|
||||
[STAT_STREAM_CLS_KILL] = "stm_kill",
|
||||
[STAT_STREAM_TCP_PLAIN] = "plain",
|
||||
[STAT_STREAM_TCP_SSL] = "SSL",
|
||||
[TFE_STAT_MAX] = NULL
|
||||
};
|
||||
|
||||
@@ -121,7 +121,7 @@ struct ssl_mgr
|
||||
unsigned int no_tls12;
|
||||
unsigned int no_sessticket;
|
||||
unsigned int no_alpn;
|
||||
|
||||
unsigned int no_cert_verify;
|
||||
CONST_SSL_METHOD * (* sslmethod)(void); //Parameter of SSL_CTX_new
|
||||
int ssl_min_version, ssl_max_version;
|
||||
char ssl_session_context[8];
|
||||
@@ -312,7 +312,7 @@ void ssl_stat_init(struct ssl_mgr * mgr)
|
||||
{
|
||||
if(spec[i]!=NULL)
|
||||
{
|
||||
mgr->fs_id[i]=FS_register(mgr->fs_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,spec[i]);
|
||||
mgr->fs_id[i]=FS_register(mgr->fs_handle, FS_STYLE_FIELD, FS_CALC_CURRENT,spec[i]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -578,10 +578,9 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
|
||||
sizeof(mgr->default_ciphers), DFLT_CIPHERS);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_session_ticket", &(mgr->no_sessticket), 0);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_alpn", &(mgr->no_alpn), 0);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "no_cert_verify", &(mgr->no_cert_verify), 0);
|
||||
|
||||
|
||||
|
||||
|
||||
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024);
|
||||
MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", &(mgr->sess_expire_seconds), 30 * 60);
|
||||
|
||||
@@ -1033,8 +1032,15 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events,
|
||||
|
||||
if(!SSL_session_reused(s_stream->ssl))
|
||||
{
|
||||
s_stream->is_peer_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
|
||||
if(mgr->no_cert_verify)
|
||||
{
|
||||
s_stream->is_peer_cert_verify_passed=1;
|
||||
}
|
||||
else
|
||||
{
|
||||
s_stream->is_peer_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store,
|
||||
s_stream->ssl, error_str, sizeof(error_str));
|
||||
}
|
||||
if(s_stream->is_peer_cert_verify_passed)
|
||||
{
|
||||
//ONLY verified session is cacheable.
|
||||
|
||||
@@ -2101,6 +2101,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
|
||||
*result = CHELLO_PARSE_INVALID_FORMAT;
|
||||
return _chello;
|
||||
}
|
||||
/*
|
||||
int n = sizeof(cipher_suite_list) / sizeof(struct cipher_suite);
|
||||
_chello->cipher_suites = parse_cipher_suites(cipher_suite_list, n, buff + pos, len, result);
|
||||
if(*result != CHELLO_PARSE_SUCCESS)
|
||||
@@ -2112,8 +2113,9 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len,
|
||||
if(*result != CHELLO_PARSE_SUCCESS)
|
||||
{
|
||||
return _chello;
|
||||
}
|
||||
}*/
|
||||
pos += len;
|
||||
|
||||
/* Compression Methods */
|
||||
if (pos >= buff_len)
|
||||
{
|
||||
Reference in New Issue
Block a user