walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Add --rlimit-memlock option

This commit is contained in:
Tatsuhiro Tsujikawa 2021-09-24 18:01:47 +09:00
parent d0e8efac4d
commit 7271537a15
5 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docker/README.rst
View File

@ -20,6 +20,6 @@ certificate in server.key and server.crt respectively :
.. code-block:: text .. code-block:: text
$ docker run --rm -it -v $PWD:/shared --net=host --privileged \ $ docker run --rm -it -v $PWD:/shared --net=host --privileged \
--ulimit memlock=2048000 nghttp2 nghttpx \ nghttp2 nghttpx \
/shared/server.key /shared/server.crt \ /shared/server.key /shared/server.crt \
-f'*,443;quic' -f'*,443;quic' --rlimit-memlock 262144

1
gennghttpxfun.py
View File

@ -194,6 +194,7 @@ OPTIONS = [
"frontend-quic-congestion-controller", "frontend-quic-congestion-controller",
"frontend-quic-server-id", "frontend-quic-server-id",
"frontend-quic-secret-file", "frontend-quic-secret-file",
"rlimit-memlock",
] ]
LOGVARS = [ LOGVARS = [

21
src/shrpx.cc
View File

@ -2376,6 +2376,12 @@ Performance:
If 0 is given, nghttpx does not set the limit. If 0 is given, nghttpx does not set the limit.
Default: )" Default: )"
<< config->rlimit_nofile << R"( << config->rlimit_nofile << R"(
--rlimit-memlock=<N>
Set maximum number of bytes of memory that may be locked
into RAM. If 0 is given, nghttpx does not set the
limit.
Default: )"
<< config->rlimit_memlock << R"(
--backend-request-buffer=<SIZE> --backend-request-buffer=<SIZE>
Set buffer size used to store backend request. Set buffer size used to store backend request.
Default: )" Default: )"
@ -3599,6 +3605,16 @@ int process_options(Config *config,
} }
} }
if (config->rlimit_memlock) {
struct rlimit lim = {static_cast<rlim_t>(config->rlimit_memlock),
static_cast<rlim_t>(config->rlimit_memlock)};
if (setrlimit(RLIMIT_MEMLOCK, &lim) != 0) {
auto error = errno;
LOG(WARN) << "Setting rlimit-memlock failed: "
<< xsi_strerror(error, errbuf.data(), errbuf.size());
}
}
auto &fwdconf = config->http.forwarded; auto &fwdconf = config->http.forwarded;
if (fwdconf.by_node_type == ForwardedNode::OBFUSCATED && if (fwdconf.by_node_type == ForwardedNode::OBFUSCATED &&
@ -4080,6 +4096,7 @@ int main(int argc, char **argv) {
185}, 185},
{SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE.c_str(), required_argument, &flag, {SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE.c_str(), required_argument, &flag,
186}, 186},
{SHRPX_OPT_RLIMIT_MEMLOCK.c_str(), required_argument, &flag, 187},
{nullptr, 0, nullptr, 0}}; {nullptr, 0, nullptr, 0}};
int option_index = 0; int option_index = 0;
@ -4967,6 +4984,10 @@ int main(int argc, char **argv) {
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE, cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE,
StringRef{optarg}); StringRef{optarg});
break; break;
case 187:
// --rlimit-memlock
cmdcfgs.emplace_back(SHRPX_OPT_RLIMIT_MEMLOCK, StringRef{optarg});
break;
default: default:
break; break;
} }

22
src/shrpx_config.cc
View File

@ -2057,6 +2057,11 @@ int option_lookup_token(const char *name, size_t namelen) {
return SHRPX_OPTID_NO_SERVER_PUSH; return SHRPX_OPTID_NO_SERVER_PUSH;
} }
break; break;
case 'k':
if (util::strieq_l("rlimit-memloc", name, 13)) {
return SHRPX_OPTID_RLIMIT_MEMLOCK;
}
break;
case 'p': case 'p':
if (util::strieq_l("no-verify-ocs", name, 13)) { if (util::strieq_l("no-verify-ocs", name, 13)) {
return SHRPX_OPTID_NO_VERIFY_OCSP; return SHRPX_OPTID_NO_VERIFY_OCSP;
@ -4110,6 +4115,23 @@ int parse_config(Config *config, int optid, const StringRef &opt,
#endif // ENABLE_HTTP3 #endif // ENABLE_HTTP3
return 0; return 0;
case SHRPX_OPTID_RLIMIT_MEMLOCK: {
int n;
if (parse_uint(&n, opt, optarg) != 0) {
return -1;
}
if (n < 0) {
LOG(ERROR) << opt << ": specify the integer more than or equal to 0";
return -1;
}
config->rlimit_memlock = n;
return 0;
}
case SHRPX_OPTID_CONF: case SHRPX_OPTID_CONF:
LOG(WARN) << "conf: ignored"; LOG(WARN) << "conf: ignored";

4
src/shrpx_config.h
View File

@ -395,6 +395,7 @@ constexpr auto SHRPX_OPT_FRONTEND_QUIC_SERVER_ID =
StringRef::from_lit("frontend-quic-server-id"); StringRef::from_lit("frontend-quic-server-id");
constexpr auto SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE = constexpr auto SHRPX_OPT_FRONTEND_QUIC_SECRET_FILE =
StringRef::from_lit("frontend-quic-secret-file"); StringRef::from_lit("frontend-quic-secret-file");
constexpr auto SHRPX_OPT_RLIMIT_MEMLOCK = StringRef::from_lit("rlimit-memlock");
constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8; constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
@ -1064,6 +1065,7 @@ struct Config {
num_worker{0}, num_worker{0},
padding{0}, padding{0},
rlimit_nofile{0}, rlimit_nofile{0},
rlimit_memlock{0},
uid{0}, uid{0},
gid{0}, gid{0},
pid{0}, pid{0},
@ -1112,6 +1114,7 @@ struct Config {
size_t num_worker; size_t num_worker;
size_t padding; size_t padding;
size_t rlimit_nofile; size_t rlimit_nofile;
size_t rlimit_memlock;
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;
pid_t pid; pid_t pid;
@ -1281,6 +1284,7 @@ enum {
SHRPX_OPTID_REDIRECT_HTTPS_PORT, SHRPX_OPTID_REDIRECT_HTTPS_PORT,
SHRPX_OPTID_REQUEST_HEADER_FIELD_BUFFER, SHRPX_OPTID_REQUEST_HEADER_FIELD_BUFFER,
SHRPX_OPTID_RESPONSE_HEADER_FIELD_BUFFER, SHRPX_OPTID_RESPONSE_HEADER_FIELD_BUFFER,
SHRPX_OPTID_RLIMIT_MEMLOCK,
SHRPX_OPTID_RLIMIT_NOFILE, SHRPX_OPTID_RLIMIT_NOFILE,
SHRPX_OPTID_SERVER_NAME, SHRPX_OPTID_SERVER_NAME,
SHRPX_OPTID_SINGLE_PROCESS, SHRPX_OPTID_SINGLE_PROCESS,