mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: provide a "show fd" helper to report important SSL information

Browse Source 
The SSL context contains a lot of important details that are currently
missing from debug outputs. Now that we detect ssl_sock, we can perform
some sanity checks, print the next xprt, the subscriber callback's context,
handler and number of calls. The process function is also resolved. This
now gives for example on an H2 connection:

   1029 : st=0x21(R:rA W:Ra) ev=0x01(heopI) [lc] tmask=0x2 umask=0x2 owner=0x7fc714881700 iocb=0x65b528(sock_conn_iocb) back=0 cflg=0x00001300 fe=recv mux=H2 ctx=0x7fc734545e50 h2c.st0=FRH .err=0 .maxid=217 .lastid=-1 .flg=0x0000 .nbst=0 .nbcs=0 .fctl_cnt=0 .send_cnt=0 .tree_cnt=0 .orph_cnt=0 .sub=1 .dsi=217 .dbuf=0@(nil)+0/0 .msi=-1 .mbuf=[1..1|32],h=[0@(nil)+0/0],t=[0@(nil)+0/0] xprt=SSL xprt_ctx=0x7fc73478f230 xctx.st=0 .xprt=RAW .wait.ev=1 .subs=0x7fc734546350(ev=1 tl=0x7fc7346702e0 tl.calls=278 tl.ctx=0x7fc734545e50 tl.fct=main-0x144efa) .sent_early=0 .early_in=0
This commit is contained in:
Willy Tarreau 2021-01-20 14:41:29 +01:00
parent 108a271049
commit de5675a38c
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
src/ssl_sock.c
View File

@ -6350,6 +6350,40 @@ static int ssl_check_async_engine_count(void) {
} }
#endif #endif
/* "show fd" helper to dump ssl internals. Warning: the output buffer is often
* the common trash!
*/
static void ssl_sock_show_fd(struct buffer *buf, const struct connection *conn, const void *ctx)
{
const struct ssl_sock_ctx *sctx = ctx;
if (!sctx)
return;
if (sctx->conn != conn)
chunk_appendf(&trash, " xctx.conn=%p(BOGUS!)", sctx->conn);
chunk_appendf(&trash, " xctx.st=%d", sctx->xprt_st);
if (sctx->xprt) {
chunk_appendf(&trash, " .xprt=%s", sctx->xprt->name);
if (sctx->xprt_ctx)
chunk_appendf(&trash, " .xctx=%p", sctx->xprt_ctx);
}
chunk_appendf(&trash, " .wait.ev=%d", sctx->wait_event.events);
chunk_appendf(&trash, " .subs=%p", sctx->subs);
if (sctx->subs) {
chunk_appendf(&trash, "(ev=%d tl=%p", sctx->subs->events, sctx->subs->tasklet);
chunk_appendf(&trash, " tl.calls=%d tl.ctx=%p tl.fct=",
sctx->subs->tasklet->calls,
sctx->subs->tasklet->context);
resolve_sym_name(&trash, NULL, sctx->subs->tasklet->process);
chunk_appendf(&trash, ")");
}
chunk_appendf(&trash, " .sent_early=%d", sctx->sent_early_data);
chunk_appendf(&trash, " .early_in=%d", (int)sctx->early_buf.data);
}
#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
/* This function is used with TLS ticket keys management. It permits to browse /* This function is used with TLS ticket keys management. It permits to browse
* each reference. The variable <ref> must point to the current node's list * each reference. The variable <ref> must point to the current node's list
@ -6633,6 +6667,7 @@ struct xprt_ops ssl_sock = {
.get_alpn = ssl_sock_get_alpn, .get_alpn = ssl_sock_get_alpn,
.takeover = ssl_takeover, .takeover = ssl_takeover,
.name = "SSL", .name = "SSL",
.show_fd = ssl_sock_show_fd,
}; };
enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px, enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,