mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 22:31:28 +02:00
Code Issues Projects Releases Wiki Activity

MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump

Browse Source 
The previous dump algorithm was not trying to yield when the buffer is
full, it's not a problem with the TLS_TICKETS_NO which is 3 by default
but it can become one if the buffer size is lowered and if the
TLS_TICKETS_NO is increased.

The index of the latest ticket dumped is now stored to ensure we can
resume the dump after a yield.
This commit is contained in:
William Lallemand 2016-06-14 18:58:55 +02:00 committed by Willy Tarreau
parent cf9e788790
commit 72a8a18e89
2 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/types/applet.h
View File

@ -107,6 +107,7 @@ struct appctx {
#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
struct { struct {
int dump_all; int dump_all;
int dump_keys_index;
struct tls_keys_ref *ref; struct tls_keys_ref *ref;
} tlskeys; } tlskeys;
#endif #endif

24
src/dumpstats.c
View File

@ -6153,6 +6153,7 @@ static int stats_tlskeys_list(struct stream_interface *si) {
return 0; return 0;
} }
appctx->ctx.tlskeys.dump_keys_index = 0;
/* Now, we start the browsing of the references lists. /* Now, we start the browsing of the references lists.
* Note that the following call to LIST_ELEM return bad pointer. The only * Note that the following call to LIST_ELEM return bad pointer. The only
@ -6169,27 +6170,34 @@ static int stats_tlskeys_list(struct stream_interface *si) {
case STAT_ST_LIST: case STAT_ST_LIST:
while (appctx->ctx.tlskeys.ref) { while (appctx->ctx.tlskeys.ref) {
int i;
int head = appctx->ctx.tlskeys.ref->tls_ticket_enc_index; int head = appctx->ctx.tlskeys.ref->tls_ticket_enc_index;
chunk_reset(&trash); chunk_reset(&trash);
if (appctx->st0 == STAT_CLI_O_TLSK_ENT) if (appctx->st0 == STAT_CLI_O_TLSK_ENT && appctx->ctx.tlskeys.dump_keys_index == 0)
chunk_appendf(&trash, "# "); chunk_appendf(&trash, "# ");
if (appctx->ctx.tlskeys.dump_keys_index == 0)
chunk_appendf(&trash, "%d (%s)\n", appctx->ctx.tlskeys.ref->unique_id, chunk_appendf(&trash, "%d (%s)\n", appctx->ctx.tlskeys.ref->unique_id,
appctx->ctx.tlskeys.ref->filename); appctx->ctx.tlskeys.ref->filename);
if (appctx->st0 == STAT_CLI_O_TLSK_ENT) { if (appctx->st0 == STAT_CLI_O_TLSK_ENT) {
for (i = 0; i < TLS_TICKETS_NO; i++) { while (appctx->ctx.tlskeys.dump_keys_index < TLS_TICKETS_NO) {
struct chunk *t2 = get_trash_chunk(); struct chunk *t2 = get_trash_chunk();
int b64_len;
chunk_reset(t2); chunk_reset(t2);
b64_len = a2base64((char *)(appctx->ctx.tlskeys.ref->tlskeys + (head + 2 + i) % TLS_TICKETS_NO), /* should never fail here because we dump only a key in the t2 buffer */
t2->len = a2base64((char *)(appctx->ctx.tlskeys.ref->tlskeys + (head + 2 + appctx->ctx.tlskeys.dump_keys_index) % TLS_TICKETS_NO),
sizeof(struct tls_sess_key), t2->str, t2->size); sizeof(struct tls_sess_key), t2->str, t2->size);
if (b64_len < 0) chunk_appendf(&trash, "%d.%d %s\n", appctx->ctx.tlskeys.ref->unique_id, appctx->ctx.tlskeys.dump_keys_index, t2->str);
if (bi_putchk(si_ic(si), &trash) == -1) {
/* let's try again later from this stream. We add ourselves into
* this stream's users so that it can remove us upon termination.
*/
si_applet_cant_put(si);
return 0; return 0;
t2->len = b64_len;
chunk_appendf(&trash, "%d.%d %s\n", appctx->ctx.tlskeys.ref->unique_id, i, t2->str);
} }
appctx->ctx.tlskeys.dump_keys_index++;
}
appctx->ctx.tlskeys.dump_keys_index = 0;
} }
if (bi_putchk(si_ic(si), &trash) == -1) { if (bi_putchk(si_ic(si), &trash) == -1) {
/* let's try again later from this stream. We add ourselves into /* let's try again later from this stream. We add ourselves into