walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Add options to specify address family of memcached connections

This commit is contained in:
Tatsuhiro Tsujikawa 2016-02-13 18:45:23 +09:00
parent 3a41e4dd1a
commit c0078ab45a
4 changed files with 97 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gennghttpxfun.py
View File

@ -118,9 +118,11 @@ OPTIONS = [
"backend-tls-session-cache-per-worker",
"tls-session-cache-memcached-cert-file",
"tls-session-cache-memcached-private-key-file",
"tls-session-cache-memcached-address-family",
"tls-ticket-key-memcached-tls",
"tls-ticket-key-memcached-cert-file",
"tls-ticket-key-memcached-private-key-file"
"tls-ticket-key-memcached-private-key-file",
"tls-ticket-key-memcached-address-family",
]
LOGVARS = [

39
src/shrpx.cc
View File

@ -1051,6 +1051,13 @@ void fill_default_config() {
memcachedconf.max_retry = 3;
memcachedconf.max_fail = 2;
memcachedconf.interval = 10_min;
memcachedconf.family = AF_UNSPEC;
}
auto &session_cacheconf = tlsconf.session_cache;
{
auto &memcachedconf = session_cacheconf.memcached;
memcachedconf.family = AF_UNSPEC;
}
ticketconf.cipher = EVP_aes_128_cbc();
@ -1530,6 +1537,13 @@ SSL/TLS:
ticket key generator to rotate keys frequently. See
"TLS SESSION TICKET RESUMPTION" section in manual page
to know the data format in memcached entry.
--tls-ticket-key-memcached-address-family=(auto|IPv4|IPv6)
Specify address family of memcached connections to get
TLS ticket keys. If "auto" is given, both IPv4 and IPv6
are considered. If "IPv4" is given, only IPv4 address
is considered. If "IPv6" is given, only IPv6 address is
considered.
Default: auto
--tls-ticket-key-memcached-interval=<DURATION>
Set interval to get TLS ticket keys from memcached.
Default: )"
@ -1573,6 +1587,13 @@ SSL/TLS:
Specify address of memcached server to store session
cache. This enables shared session cache between
multiple nghttpx instances.
--tls-session-cache-memcached-address-family=(auto|IPv4|IPv6)
Specify address family of memcached connections to store
session cache. If "auto" is given, both IPv4 and IPv6
are considered. If "IPv4" is given, only IPv4 address
is considered. If "IPv6" is given, only IPv6 address is
considered.
Default: auto
--tls-session-cache-memcached-tls
Enable SSL/TLS on memcached connections to store session
cache.
@ -2199,7 +2220,7 @@ void process_options(
auto &memcachedconf = tlsconf.session_cache.memcached;
if (memcachedconf.host) {
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
memcachedconf.port, AF_UNSPEC) == -1) {
memcachedconf.port, memcachedconf.family) == -1) {
exit(EXIT_FAILURE);
}
}
@ -2209,7 +2230,7 @@ void process_options(
auto &memcachedconf = tlsconf.ticket.memcached;
if (memcachedconf.host) {
if (resolve_hostname(&memcachedconf.addr, memcachedconf.host.get(),
memcachedconf.port, AF_UNSPEC) == -1) {
memcachedconf.port, memcachedconf.family) == -1) {
exit(EXIT_FAILURE);
}
}
@ -2428,6 +2449,10 @@ int main(int argc, char **argv) {
112},
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE, required_argument,
&flag, 113},
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY, required_argument,
&flag, 114},
{SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY,
required_argument, &flag, 115},
{nullptr, 0, nullptr, 0}};
int option_index = 0;
@ -2914,6 +2939,16 @@ int main(int argc, char **argv) {
cmdcfgs.emplace_back(
SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE, optarg);
break;
case 114:
// --tls-ticket-key-memcached-address-family
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY,
optarg);
break;
case 115:
// --tls-session-cache-memcached-address-family
cmdcfgs.emplace_back(
SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY, optarg);
break;
default:
break;
}

47
src/shrpx_config.cc
View File

@ -575,6 +575,26 @@ std::vector<LogFragment> parse_log_format(const char *optarg) {
return res;
}
namespace {
int parse_address_family(int *dest, const char *opt, const char *optarg) {
if (util::strieq("auto", optarg)) {
*dest = AF_UNSPEC;
return 0;
}
if (util::strieq("IPv4", optarg)) {
*dest = AF_INET;
return 0;
}
if (util::strieq("IPv6", optarg)) {
*dest = AF_INET6;
return 0;
}
LOG(ERROR) << opt << ": bad value: '" << optarg << "'";
return -1;
}
} // namespace
namespace {
int parse_duration(ev_tstamp *dest, const char *opt, const char *optarg) {
auto t = util::parse_duration_with_unit(optarg);
@ -758,12 +778,14 @@ enum {
SHRPX_OPTID_TLS_DYN_REC_WARMUP_THRESHOLD,
SHRPX_OPTID_TLS_PROTO_LIST,
SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED,
SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY,
SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE,
SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE,
SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_TLS,
SHRPX_OPTID_TLS_TICKET_KEY_CIPHER,
SHRPX_OPTID_TLS_TICKET_KEY_FILE,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_CERT_FILE,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
@ -1440,6 +1462,15 @@ int option_lookup_token(const char *name, size_t namelen) {
break;
}
break;
case 39:
switch (name[38]) {
case 'y':
if (util::strieq_l("tls-ticket-key-memcached-address-famil", name, 38)) {
return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY;
}
break;
}
break;
case 41:
switch (name[40]) {
case 'e':
@ -1450,6 +1481,16 @@ int option_lookup_token(const char *name, size_t namelen) {
break;
}
break;
case 42:
switch (name[41]) {
case 'y':
if (util::strieq_l("tls-session-cache-memcached-address-famil", name,
41)) {
return SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY;
}
break;
}
break;
case 44:
switch (name[43]) {
case 'e':
@ -2301,6 +2342,12 @@ int parse_config(const char *opt, const char *optarg,
mod_config()->tls.ticket.memcached.private_key_file = optarg;
return 0;
case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY:
return parse_address_family(&mod_config()->tls.ticket.memcached.family, opt,
optarg);
case SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY:
return parse_address_family(
&mod_config()->tls.session_cache.memcached.family, opt, optarg);
case SHRPX_OPTID_CONF:
LOG(WARN) << "conf: ignored";

10
src/shrpx_config.h
View File

@ -215,12 +215,16 @@ constexpr char SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE[] =
"tls-session-cache-memcached-cert-file";
constexpr char SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE[] =
"tls-session-cache-memcached-private-key-file";
constexpr char SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY[] =
"tls-session-cache-memcached-address-family";
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_TLS[] =
"tls-ticket-key-memcached-tls";
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_CERT_FILE[] =
"tls-ticket-key-memcached-cert-file";
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE[] =
"tls-ticket-key-memcached-private-key-file";
constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY[] =
"tls-ticket-key-memcached-address-family";
constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
@ -357,6 +361,9 @@ struct TLSConfig {
// Maximum number of consecutive error from memcached, when this
// limit reached, TLS ticket is disabled.
size_t max_fail;
// Address family of memcached connection. One of either
// AF_INET, AF_INET6 or AF_UNSPEC.
int family;
bool tls;
} memcached;
std::vector<std::string> files;
@ -374,6 +381,9 @@ struct TLSConfig {
// Client private key and certificate for authentication
ImmutableString private_key_file;
ImmutableString cert_file;
// Address family of memcached connection. One of either
// AF_INET, AF_INET6 or AF_UNSPEC.
int family;
bool tls;
} memcached;
} session_cache;