walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Add options to set maximum retry and failure when getting ticket keys

This commit is contained in:
Tatsuhiro Tsujikawa 2015-07-28 01:17:29 +09:00
parent 4949dd4888
commit a6fdca730d
4 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gennghttpxfun.py
View File

@ -96,6 +96,8 @@ OPTIONS = [
"tls-session-cache-memcached", "tls-session-cache-memcached",
"tls-ticket-key-memcached", "tls-ticket-key-memcached",
"tls-ticket-key-memcached-interval", "tls-ticket-key-memcached-interval",
"tls-ticket-key-memcached-max-retry",
"tls-ticket-key-memcached-max-fail",
"conf", "conf",
] ]

28
src/shrpx.cc
View File

@ -1510,6 +1510,20 @@ SSL/TLS:
Default: )" Default: )"
<< util::duration_str(get_config()->tls_ticket_key_memcached_interval) << util::duration_str(get_config()->tls_ticket_key_memcached_interval)
<< R"( << R"(
--tls-ticket-key-memcached-max-retry=<N>
Set maximum number of consecutive retries before
abandoning TLS ticket key retrieval. If this number is
reached, the attempt is considered as failure, and
"failure" count is incremented by 1, which contributed
to the value controlled
--tls-ticket-key-memcached-max-fail option.
Default: )" << get_config()->tls_ticket_key_memcached_max_retry
<< R"(
--tls-ticket-key-memcached-max-fail=<N>
Set maximum number of consecutive failure before
disabling TLS ticket until next scheduled key retrieval.
Default: )" << get_config()->tls_ticket_key_memcached_max_fail
<< R"(
HTTP/2 and SPDY: HTTP/2 and SPDY:
-c, --http2-max-concurrent-streams=<N> -c, --http2-max-concurrent-streams=<N>
@ -1877,6 +1891,10 @@ int main(int argc, char **argv) {
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, required_argument, &flag, 87}, {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, required_argument, &flag, 87},
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, required_argument, &flag, {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, required_argument, &flag,
88}, 88},
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY, required_argument, &flag,
89},
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL, required_argument, &flag,
90},
{nullptr, 0, nullptr, 0}}; {nullptr, 0, nullptr, 0}};
int option_index = 0; int option_index = 0;
@ -2264,6 +2282,16 @@ int main(int argc, char **argv) {
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
optarg); optarg);
break; break;
case 89:
// --tls-ticket-key-memcached-max-retry
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
optarg);
break;
case 90:
// --tls-ticket-key-memcached-max-fail
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
optarg);
break;
default: default:
break; break;
} }

27
src/shrpx_config.cc
View File

@ -708,6 +708,8 @@ enum {
SHRPX_OPTID_TLS_TICKET_KEY_FILE, SHRPX_OPTID_TLS_TICKET_KEY_FILE,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED, SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL, SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
SHRPX_OPTID_USER, SHRPX_OPTID_USER,
SHRPX_OPTID_VERIFY_CLIENT, SHRPX_OPTID_VERIFY_CLIENT,
SHRPX_OPTID_VERIFY_CLIENT_CACERT, SHRPX_OPTID_VERIFY_CLIENT_CACERT,
@ -1228,6 +1230,9 @@ int option_lookup_token(const char *name, size_t namelen) {
if (util::strieq_l("tls-ticket-key-memcached-interva", name, 32)) { if (util::strieq_l("tls-ticket-key-memcached-interva", name, 32)) {
return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL; return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL;
} }
if (util::strieq_l("tls-ticket-key-memcached-max-fai", name, 32)) {
return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL;
}
break; break;
} }
break; break;
@ -1243,6 +1248,11 @@ int option_lookup_token(const char *name, size_t namelen) {
return SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST; return SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST;
} }
break; break;
case 'y':
if (util::strieq_l("tls-ticket-key-memcached-max-retr", name, 33)) {
return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY;
}
break;
} }
break; break;
case 35: case 35:
@ -1911,6 +1921,23 @@ int parse_config(const char *opt, const char *optarg,
case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL: case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL:
return parse_duration(&mod_config()->tls_ticket_key_memcached_interval, opt, return parse_duration(&mod_config()->tls_ticket_key_memcached_interval, opt,
optarg); optarg);
case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY: {
int n;
if (parse_uint(&n, opt, optarg) != 0) {
return -1;
}
if (n > 30) {
LOG(ERROR) << opt << ": must be smaller than or equal to 30";
return -1;
}
mod_config()->tls_ticket_key_memcached_max_retry = n;
return 0;
}
case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL:
return parse_uint(&mod_config()->tls_ticket_key_memcached_max_fail, opt,
optarg);
case SHRPX_OPTID_CONF: case SHRPX_OPTID_CONF:
LOG(WARN) << "conf: ignored"; LOG(WARN) << "conf: ignored";

4
src/shrpx_config.h
View File

@ -179,6 +179,10 @@ constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED[] =
"tls-ticket-key-memcached"; "tls-ticket-key-memcached";
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL[] = constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL[] =
"tls-ticket-key-memcached-interval"; "tls-ticket-key-memcached-interval";
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY[] =
"tls-ticket-key-memcached-max-retry";
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL[] =
"tls-ticket-key-memcached-max-fail";
union sockaddr_union { union sockaddr_union {
sockaddr_storage storage; sockaddr_storage storage;