This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new 9cca7f2 TS-2365: Fix crash in tls dynamic record size
9cca7f2 is described below
commit 9cca7f291afd9fb9b8f4cdcbc7d8b8f0038bc935
Author: Susan Hinrichs <[email protected]>
AuthorDate: Thu May 24 08:50:10 2018 -0500
TS-2365: Fix crash in tls dynamic record size
(cherry picked from commit a48082a54b0c53957b1ebe52bc3a19cf9bb320f9)
Conflicts:
iocore/net/P_SSLNetVConnection.h
---
iocore/net/P_SSLNetVConnection.h | 1 +
iocore/net/P_SSLUtils.h | 1 +
iocore/net/SSLNetVConnection.cc | 37 ++++++++++++++++++++++++-------------
iocore/net/SSLUtils.cc | 8 ++++++++
4 files changed, 34 insertions(+), 13 deletions(-)
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index 14a5ae2..47a937c 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -330,6 +330,7 @@ private:
Continuation *npnEndpoint;
SessionAccept *sessionAcceptPtr;
bool sslTrace;
+ int64_t redoWriteSize;
};
typedef int (SSLNetVConnection::*SSLNetVConnHandler)(int, void *);
diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h
index 9b9b261..61cc731 100644
--- a/iocore/net/P_SSLUtils.h
+++ b/iocore/net/P_SSLUtils.h
@@ -73,6 +73,7 @@ enum SSL_Stats {
ssl_total_tickets_renewed_stat,
ssl_total_dyn_def_tls_record_count,
ssl_total_dyn_max_tls_record_count,
+ ssl_total_dyn_redo_tls_record_count,
ssl_session_cache_hit,
ssl_session_cache_miss,
ssl_session_cache_eviction,
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index a28831c..70afedc 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -698,18 +698,26 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite,
MIOBufferAccessor &buf
// TS-2365: If the SSL max record size is set and we have
// more data than that, break this into smaller write
// operations.
- if (SSLConfigParams::ssl_maxrecord > 0 && l >
SSLConfigParams::ssl_maxrecord) {
- l = SSLConfigParams::ssl_maxrecord;
- } else if (SSLConfigParams::ssl_maxrecord == -1) {
- if (sslTotalBytesSent < SSL_DEF_TLS_RECORD_BYTE_THRESHOLD) {
- dynamic_tls_record_size = SSL_DEF_TLS_RECORD_SIZE;
- SSL_INCREMENT_DYN_STAT(ssl_total_dyn_def_tls_record_count);
- } else {
- dynamic_tls_record_size = SSL_MAX_TLS_RECORD_SIZE;
- SSL_INCREMENT_DYN_STAT(ssl_total_dyn_max_tls_record_count);
- }
- if (l > dynamic_tls_record_size) {
- l = dynamic_tls_record_size;
+ //
+ // TS-4424: Don't mess with record size if last SSL_write failed with
+ // needs write
+ if (redoWriteSize) {
+ l = redoWriteSize;
+ redoWriteSize = 0;
+ } else {
+ if (SSLConfigParams::ssl_maxrecord > 0 && l >
SSLConfigParams::ssl_maxrecord) {
+ l = SSLConfigParams::ssl_maxrecord;
+ } else if (SSLConfigParams::ssl_maxrecord == -1) {
+ if (sslTotalBytesSent < SSL_DEF_TLS_RECORD_BYTE_THRESHOLD) {
+ dynamic_tls_record_size = SSL_DEF_TLS_RECORD_SIZE;
+ SSL_INCREMENT_DYN_STAT(ssl_total_dyn_def_tls_record_count);
+ } else {
+ dynamic_tls_record_size = SSL_MAX_TLS_RECORD_SIZE;
+ SSL_INCREMENT_DYN_STAT(ssl_total_dyn_max_tls_record_count);
+ }
+ if (l > dynamic_tls_record_size) {
+ l = dynamic_tls_record_size;
+ }
}
}
@@ -748,6 +756,7 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite,
MIOBufferAccessor &buf
sslLastWriteTime = now;
sslTotalBytesSent += total_written;
}
+ redoWriteSize = 0;
if (num_really_written > 0) {
needs |= EVENTIO_WRITE;
} else {
@@ -765,6 +774,7 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite,
MIOBufferAccessor &buf
case SSL_ERROR_WANT_X509_LOOKUP: {
if (SSL_ERROR_WANT_WRITE == err) {
SSL_INCREMENT_DYN_STAT(ssl_error_want_write);
+ redoWriteSize = l;
} else if (SSL_ERROR_WANT_X509_LOOKUP == err) {
SSL_INCREMENT_DYN_STAT(ssl_error_want_x509_lookup);
TraceOut(trace, get_remote_addr(), get_remote_port(), "Want X509
lookup");
@@ -820,7 +830,8 @@ SSLNetVConnection::SSLNetVConnection()
sslHandshakeHookState(HANDSHAKE_HOOKS_PRE),
npnSet(nullptr),
npnEndpoint(nullptr),
- sslTrace(false)
+ sslTrace(false),
+ redoWriteSize(0)
{
}
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index f39c998..40792dc 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -994,6 +994,14 @@ SSLInitializeStatistics()
RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.ssl_session_cache_lock_contention", RECD_COUNTER,
RECP_PERSISTENT,
(int)ssl_session_cache_lock_contention,
RecRawStatSyncCount);
+ /* Track dynamic record size */
+ RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.default_record_size_count", RECD_COUNTER, RECP_PERSISTENT,
+ (int)ssl_total_dyn_def_tls_record_count,
RecRawStatSyncSum);
+ RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.max_record_size_count", RECD_COUNTER, RECP_PERSISTENT,
+ (int)ssl_total_dyn_max_tls_record_count,
RecRawStatSyncSum);
+ RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.redo_record_size_count", RECD_COUNTER, RECP_PERSISTENT,
+ (int)ssl_total_dyn_redo_tls_record_count,
RecRawStatSyncCount);
+
/* error stats */
RecRegisterRawStat(ssl_rsb, RECT_PROCESS,
"proxy.process.ssl.ssl_error_want_write", RECD_COUNTER, RECP_PERSISTENT,
(int)ssl_error_want_write, RecRawStatSyncCount);
--
To stop receiving notification emails like this one, please contact
[email protected].
