diff options
| author | zhengchao <[email protected]> | 2019-01-14 18:23:46 +0600 |
|---|---|---|
| committer | zhengchao <[email protected]> | 2019-01-14 18:23:46 +0600 |
| commit | f21d51de3d1de5dc94e8ccd0fa7638dd3836cf75 (patch) | |
| tree | 4dadf3426507c00cf419bc68b3c826a2e3f061f3 | |
| parent | f5c153c59ec0c7c0e0a3d1d1b65f3e3ee171ec66 (diff) | |
1. ssl增加no_verify_cert开关,可以关闭证书校验;
2. ssl_utils.cc改名为ssl_utils.cpp;
3. 暂时使用tcmalloc接管内存分配;
4. 原work thread选择算法存在bug,暂时改为轮询;
5. FieldStat状态输出暂时改为Field格式,便于观察实时性能,Future的状态输出暂时改为累计值;
| -rw-r--r-- | common/src/tfe_future.cpp | 2 | ||||
| -rw-r--r-- | platform/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | platform/src/proxy.cpp | 33 | ||||
| -rw-r--r-- | platform/src/ssl_stream.cpp | 16 | ||||
| -rw-r--r-- | platform/src/ssl_utils.cpp (renamed from platform/src/ssl_utils.cc) | 4 | ||||
| -rw-r--r-- | plugin/business/pangu-http/src/pangu_http.cpp | 2 | ||||
| -rw-r--r-- | vendor/CMakeLists.txt | 19 | ||||
| -rw-r--r-- | vendor/gperftools-2.7.tar.gz | bin | 0 -> 1523562 bytes |
8 files changed, 53 insertions, 26 deletions
diff --git a/common/src/tfe_future.cpp b/common/src/tfe_future.cpp index 042ff06..00488fd 100644 --- a/common/src/tfe_future.cpp +++ b/common/src/tfe_future.cpp @@ -64,7 +64,7 @@ void future_promise_library_init(const char* profile) int value=0; memset(&g_FP_instance,0,sizeof(g_FP_instance)); - g_FP_instance.favorite=FS_CALC_SPEED; + g_FP_instance.favorite=FS_CALC_CURRENT; strcpy(g_FP_instance.histogram_bins, FP_HISTOGRAM_BINS); if(profile!=NULL) { diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt index 09ae435..a17c417 100644 --- a/platform/CMakeLists.txt +++ b/platform/CMakeLists.txt @@ -1,6 +1,6 @@ add_executable(tfe src/key_keeper.cpp src/kni_acceptor.cpp src/ssl_stream.cpp src/ssl_sess_cache.cpp src/ssl_trusted_cert_storage.cpp - src/ssl_utils.cc src/tcp_stream.cpp src/main.cpp src/proxy.cpp) + src/ssl_utils.cpp src/tcp_stream.cpp src/main.cpp src/proxy.cpp) target_include_directories(tfe PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include/external) target_include_directories(tfe PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include/internal) @@ -12,6 +12,7 @@ target_link_libraries(tfe pthread dl libevent-static libevent-static-openssl libevent-static-pthreads + gperftools-static MESA_handle_logger MESA_prof_load cjson diff --git a/platform/src/proxy.cpp b/platform/src/proxy.cpp index 2ba022f..910854b 100644 --- a/platform/src/proxy.cpp +++ b/platform/src/proxy.cpp @@ -75,7 +75,9 @@ struct tfe_thread_ctx * tfe_proxy_thread_ctx_acquire(struct tfe_proxy * ctx) { unsigned int min_thread_id = 0; unsigned int min_load = 0; - + static unsigned int counter=0; + counter++; + /* for (unsigned int tid = 0; tid < ctx->nr_work_threads; tid++) { struct tfe_thread_ctx * thread_ctx = ctx->work_threads[tid]; @@ -84,7 +86,8 @@ struct tfe_thread_ctx * tfe_proxy_thread_ctx_acquire(struct tfe_proxy * ctx) min_thread_id = min_load > thread_load ? tid : min_thread_id; min_load = min_load > thread_load ? thread_load : min_load; } - +*/ + min_thread_id=counter%ctx->nr_work_threads; ATOMIC_INC(&ctx->work_threads[min_thread_id]->load); return ctx->work_threads[min_thread_id]; } @@ -276,19 +279,19 @@ int tfe_proxy_config(struct tfe_proxy * proxy, const char * profile) static const char * __str_stat_spec_map[] = { [STAT_SIGPIPE] = "SIGPIPE", - [STAT_FD_OPEN_BY_KNI_ACCEPT] = "FdRcv", - [STAT_FD_CLOSE_BY_KNI_ACCEPT_FAIL] = "FdRcvFail", - [STAT_FD_INSTANT_CLOSE] = "FdClsInstant", - [STAT_FD_DEFER_CLOSE_IN_QUEUE] = "FdClsDefInQ", - [STAT_FD_DEFER_CLOSE_SUCCESS] = "FdClsDefSuc", - [STAT_STREAM_OPEN] = "StrOpen", - [STAT_STREAM_CLS] = "StrCls", - [STAT_STREAM_CLS_DOWN_EOF] = "StrDownEOF", - [STAT_STREAM_CLS_UP_EOF] = "StrUpEOF", - [STAT_STREAM_CLS_DOWN_ERR] = "StrDownErr", - [STAT_STREAM_CLS_UP_ERR] = "StrUpErr", - [STAT_STREAM_CLS_KILL] = "StrKill", - [STAT_STREAM_TCP_PLAIN] = "Plain", + [STAT_FD_OPEN_BY_KNI_ACCEPT] = "fd_rx", + [STAT_FD_CLOSE_BY_KNI_ACCEPT_FAIL] = "fd_rx_err", + [STAT_FD_INSTANT_CLOSE] = "fd_inst_cls", + [STAT_FD_DEFER_CLOSE_IN_QUEUE] = "fd_dfr_cls", + [STAT_FD_DEFER_CLOSE_SUCCESS] = "fd_dfr_clsd", + [STAT_STREAM_OPEN] = "stm_open", + [STAT_STREAM_CLS] = "stm_cls", + [STAT_STREAM_CLS_DOWN_EOF] = "dstm_eof", + [STAT_STREAM_CLS_UP_EOF] = "ustm_eof", + [STAT_STREAM_CLS_DOWN_ERR] = "dstm_err", + [STAT_STREAM_CLS_UP_ERR] = "ustm_err", + [STAT_STREAM_CLS_KILL] = "stm_kill", + [STAT_STREAM_TCP_PLAIN] = "plain", [STAT_STREAM_TCP_SSL] = "SSL", [TFE_STAT_MAX] = NULL }; diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 62184ec..bb6d57b 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -121,7 +121,7 @@ struct ssl_mgr unsigned int no_tls12; unsigned int no_sessticket; unsigned int no_alpn; - + unsigned int no_cert_verify; CONST_SSL_METHOD * (* sslmethod)(void); //Parameter of SSL_CTX_new int ssl_min_version, ssl_max_version; char ssl_session_context[8]; @@ -312,7 +312,7 @@ void ssl_stat_init(struct ssl_mgr * mgr) { if(spec[i]!=NULL) { - mgr->fs_id[i]=FS_register(mgr->fs_handle, FS_STYLE_STATUS, FS_CALC_CURRENT,spec[i]); + mgr->fs_id[i]=FS_register(mgr->fs_handle, FS_STYLE_FIELD, FS_CALC_CURRENT,spec[i]); } } @@ -578,10 +578,9 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section sizeof(mgr->default_ciphers), DFLT_CIPHERS); MESA_load_profile_uint_def(ini_profile, section, "no_session_ticket", &(mgr->no_sessticket), 0); MESA_load_profile_uint_def(ini_profile, section, "no_alpn", &(mgr->no_alpn), 0); + MESA_load_profile_uint_def(ini_profile, section, "no_cert_verify", &(mgr->no_cert_verify), 0); - - MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024); MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", &(mgr->sess_expire_seconds), 30 * 60); @@ -1033,8 +1032,15 @@ static void ssl_server_connected_eventcb(struct bufferevent * bev, short events, if(!SSL_session_reused(s_stream->ssl)) { - s_stream->is_peer_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store, + if(mgr->no_cert_verify) + { + s_stream->is_peer_cert_verify_passed=1; + } + else + { + s_stream->is_peer_cert_verify_passed = ssl_trusted_cert_storage_verify_conn(s_stream->mgr->trust_CA_store, s_stream->ssl, error_str, sizeof(error_str)); + } if(s_stream->is_peer_cert_verify_passed) { //ONLY verified session is cacheable. diff --git a/platform/src/ssl_utils.cc b/platform/src/ssl_utils.cpp index 3e882cd..d07a57d 100644 --- a/platform/src/ssl_utils.cc +++ b/platform/src/ssl_utils.cpp @@ -2101,6 +2101,7 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, *result = CHELLO_PARSE_INVALID_FORMAT; return _chello; } + /* int n = sizeof(cipher_suite_list) / sizeof(struct cipher_suite); _chello->cipher_suites = parse_cipher_suites(cipher_suite_list, n, buff + pos, len, result); if(*result != CHELLO_PARSE_SUCCESS) @@ -2112,8 +2113,9 @@ struct ssl_chello* ssl_chello_parse(const unsigned char* buff, size_t buff_len, if(*result != CHELLO_PARSE_SUCCESS) { return _chello; - } + }*/ pos += len; + /* Compression Methods */ if (pos >= buff_len) { diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp index c671bc2..7470e3d 100644 --- a/plugin/business/pangu-http/src/pangu_http.cpp +++ b/plugin/business/pangu-http/src/pangu_http.cpp @@ -230,7 +230,7 @@ static void pangu_http_stat_init(struct pangu_rt * pangu_runtime) { if(spec[i]!=NULL) { - pangu_runtime->fs_id[i]=FS_register(pangu_runtime->fs_handle, FS_STYLE_STATUS, FS_CALC_CURRENT, spec[i]); + pangu_runtime->fs_id[i]=FS_register(pangu_runtime->fs_handle, FS_STYLE_FIELD, FS_CALC_CURRENT, spec[i]); } } g_pangu_rt->gcev = event_new(pangu_runtime->gc_evbase, -1, EV_PERSIST, pangu_http_gc_cb, NULL); diff --git a/vendor/CMakeLists.txt b/vendor/CMakeLists.txt index 51e96bd..a0c4e2f 100644 --- a/vendor/CMakeLists.txt +++ b/vendor/CMakeLists.txt @@ -29,7 +29,6 @@ set_property(TARGET openssl-ssl-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR} set_property(TARGET openssl-ssl-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include) ### Libevent 2.1.8 -### Use openssl 1.1.1 ExternalProject_Add(libevent PREFIX libevent URL ${CMAKE_CURRENT_SOURCE_DIR}/libevent-2.1.8-stable.tar.gz URL_MD5 f3eeaed018542963b7d2416ef1135ecc @@ -307,4 +306,20 @@ add_library(brotlienc-static STATIC IMPORTED GLOBAL) add_dependencies(brotlienc-static brotli) set_property(TARGET brotlienc-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib64/libbrotlienc-static.a) set_property(TARGET brotlienc-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include) -target_link_libraries(brotlienc-static INTERFACE brotlicommon-static)
\ No newline at end of file +target_link_libraries(brotlienc-static INTERFACE brotlicommon-static) + +### gperftools +ExternalProject_Add(gperftools + PREFIX gperftools + URL ${CMAKE_CURRENT_SOURCE_DIR}/gperftools-2.7.tar.gz + URL_MD5 c6a852a817e9160c79bdb2d3101b4601 + CONFIGURE_COMMAND ./configure --prefix=<INSTALL_DIR> --disable-shared + BUILD_IN_SOURCE 1) + +ExternalProject_Get_Property(gperftools INSTALL_DIR) +file(MAKE_DIRECTORY ${INSTALL_DIR}/include) + +add_library(gperftools-static STATIC IMPORTED GLOBAL) +add_dependencies(gperftools-static gperftools) +set_property(TARGET gperftools-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libtcmalloc.a) +set_property(TARGET gperftools-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include) diff --git a/vendor/gperftools-2.7.tar.gz b/vendor/gperftools-2.7.tar.gz Binary files differnew file mode 100644 index 0000000..e0a82a2 --- /dev/null +++ b/vendor/gperftools-2.7.tar.gz |