Re: [1/3] git commit: TS-3080: Optimized SSL Session Cache
I thought you were going to format to our style guidelines before committing?
On Oct 8, 2014, at 11:34 AM, bri...@apache.org wrote:
Repository: trafficserver
Updated Branches:
refs/heads/master 195259b16 - f1bedb41e
TS-3080: Optimized SSL Session Cache
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/53bf5d1e
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/53bf5d1e
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/53bf5d1e
Branch: refs/heads/master
Commit: 53bf5d1e7618ae38b0a8b49263a047282eec68d1
Parents: 72b7c05
Author: Brian Geffon bri...@apache.org
Authored: Tue Oct 7 18:51:34 2014 -0700
Committer: Brian Geffon bri...@apache.org
Committed: Tue Oct 7 18:52:34 2014 -0700
--
iocore/net/Makefile.am| 1 +
iocore/net/P_SSLConfig.h | 12 +-
iocore/net/P_SSLUtils.h | 4 +
iocore/net/SSLConfig.cc | 19 ++-
iocore/net/SSLSessionCache.cc | 246 +
iocore/net/SSLSessionCache.h | 149 ++
iocore/net/SSLUtils.cc| 98 ++-
lib/ts/ink_mutex.h| 29 +
mgmt/RecordsConfig.cc | 8 +-
proxy/Makefile.am | 2 +-
10 files changed, 559 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/Makefile.am
--
diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am
index 0120528..da7a476 100644
--- a/iocore/net/Makefile.am
+++ b/iocore/net/Makefile.am
@@ -88,6 +88,7 @@ libinknet_a_SOURCES = \
P_UnixUDPConnection.h \
Socks.cc \
SSLCertLookup.cc \
+ SSLSessionCache.cc \
SSLConfig.cc \
SSLNetAccept.cc \
SSLNetProcessor.cc \
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLConfig.h
--
diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h
index aa4926f..0cad7d9 100644
--- a/iocore/net/P_SSLConfig.h
+++ b/iocore/net/P_SSLConfig.h
@@ -32,6 +32,7 @@
#define __P_SSLCONFIG_H__
#include ProxyConfig.h
+#include SSLSessionCache.h
struct SSLCertLookup;
@@ -51,7 +52,8 @@ struct SSLConfigParams : public ConfigInfo
enum SSL_SESSION_CACHE_MODE
{
SSL_SESSION_CACHE_MODE_OFF = 0,
-SSL_SESSION_CACHE_MODE_SERVER = 1
+SSL_SESSION_CACHE_MODE_SERVER_OPENSSL_IMPL = 1,
+SSL_SESSION_CACHE_MODE_SERVER_ATS_IMPL = 2
};
SSLConfigParams();
@@ -69,6 +71,8 @@ struct SSLConfigParams : public ConfigInfo
int verify_depth;
int ssl_session_cache; // SSL_SESSION_CACHE_MODE
int ssl_session_cache_size;
+ int ssl_session_cache_num_buckets;
+ int ssl_session_cache_skip_on_contention;
int ssl_session_cache_timeout;
char * clientCertPath;
@@ -88,6 +92,10 @@ struct SSLConfigParams : public ConfigInfo
static int ssl_ocsp_request_timeout;
static int ssl_ocsp_update_period;
+ static size_t session_cache_number_buckets;
+ static size_t session_cache_max_bucket_size;
+ static bool session_cache_skip_on_lock_contention;
+
static init_ssl_ctx_func init_ssl_ctx_cb;
void initialize();
@@ -126,4 +134,6 @@ private:
static int configid;
};
+extern SSLSessionCache *session_cache;
+
#endif
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLUtils.h
--
diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h
index 3cf0c20..1c9f0b8 100644
--- a/iocore/net/P_SSLUtils.h
+++ b/iocore/net/P_SSLUtils.h
@@ -70,6 +70,10 @@ enum SSL_Stats
ssl_total_tickets_verified_stat,
ssl_total_tickets_not_found_stat,
ssl_total_tickets_renewed_stat,
+ ssl_session_cache_hit,
+ ssl_session_cache_miss,
+ ssl_session_cache_eviction,
+ ssl_session_cache_lock_contention,
/* error stats */
ssl_error_want_write,
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/SSLConfig.cc
--
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 402664a..3aaddc1 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -37,6 +37,7 @@
#include P_SSLConfig.h
#include P_SSLUtils.h
#include P_SSLCertLookup.h
+#include SSLSessionCache.h
#include records/I_RecHttp.h
int SSLConfig::configid = 0;
@@ -47,6 +48,10 @@ bool SSLConfigParams::ssl_ocsp_enabled = false;
int SSLConfigParams::ssl_ocsp_cache_timeout = 3600;
int SSLConfigParams::ssl_ocsp_request_timeout = 10;
int SSLConfigParams::ssl_ocsp_update_period = 60;
+size_t
[1/2] git commit: TS-3080: fix SSL session cache build
Repository: trafficserver
Updated Branches:
refs/heads/master b4529fd61 - 50520e7fe
TS-3080: fix SSL session cache build
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/067df58b
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/067df58b
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/067df58b
Branch: refs/heads/master
Commit: 067df58b5273ffb7773e161b0f3dae6e13c6e60e
Parents: b4529fd
Author: James Peach jpe...@apache.org
Authored: Thu Oct 9 08:57:56 2014 -0700
Committer: James Peach jpe...@apache.org
Committed: Thu Oct 9 09:17:29 2014 -0700
--
CHANGES | 7 +--
iocore/net/SSLSessionCache.cc | 9 +
iocore/net/SSLSessionCache.h | 10 --
3 files changed, 14 insertions(+), 12 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/067df58b/CHANGES
--
diff --git a/CHANGES b/CHANGES
index 12739ac..1f6d81d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,8 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache Traffic Server 5.2.0
-
+
+ *) [TS-3120] Overlapping remap rank when using .include directives.
+ Author: Feifei Cai ff...@yahoo-inc.com
+
*) [TS-3080] Optimized SSL session caching
-
+
*) [TS-3121] Prevent sending garbage HTTP/0.8 responses from SPDY
*) [TS-3116] Add support for tracking the use of the ioBuffers
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/067df58b/iocore/net/SSLSessionCache.cc
--
diff --git a/iocore/net/SSLSessionCache.cc b/iocore/net/SSLSessionCache.cc
index c936ee7..5b36907 100644
--- a/iocore/net/SSLSessionCache.cc
+++ b/iocore/net/SSLSessionCache.cc
@@ -103,7 +103,7 @@ void SSLSessionBucket::insertSession(const SSLSessionID
id, const char *sni_nam
size_t len = i2d_SSL_SESSION(sess, NULL); // make sure we're not going to
need more than SSL_MAX_SESSION_SIZE bytes
/* do not cache a session that's too big. */
if (len (size_t) SSL_MAX_SESSION_SIZE) {
- Debug(ssl.session_cache, Unable to save SSL session because size of
% PRId64 exceeds the max of %d, len, SSL_MAX_SESSION_SIZE);
+ Debug(ssl.session_cache, Unable to save SSL session because size of
%zd exceeds the max of %d, len, SSL_MAX_SESSION_SIZE);
return;
}
@@ -194,7 +194,7 @@ void inline SSLSessionBucket::print(const char *ref_str)
const {
}
fprintf(stderr, -- BUCKET %p (%s) \n, this,
ref_str);
- fprintf(stderr, Current Size: %d, Max Size: % PRId64 \n, queue.size,
SSLConfigParams::session_cache_max_bucket_size);
+ fprintf(stderr, Current Size: %d, Max Size: %zd\n, queue.size,
SSLConfigParams::session_cache_max_bucket_size);
fprintf(stderr, Queue: \n);
SSLSession *node = queue.head;
@@ -213,7 +213,7 @@ void inline SSLSessionBucket::removeOldestSession() {
if (is_debug_tag_set(ssl.session_cache)) {
char buf[old_head-session_id.len * 2 + 1];
old_head-session_id.toString(buf, sizeof(buf));
- Debug(ssl.session_cache, Removing session '%s' from bucket %p because
the bucket has size %d and max % PRId64, buf, this, (queue.size + 1),
SSLConfigParams::session_cache_max_bucket_size);
+ Debug(ssl.session_cache, Removing session '%s' from bucket %p because
the bucket has size %d and max %zd, buf, this, (queue.size + 1),
SSLConfigParams::session_cache_max_bucket_size);
}
delete old_head;
}
@@ -234,7 +234,8 @@ void SSLSessionBucket::removeSession(const SSLSessionID
id) {
}
/* Session Bucket */
-SSLSessionBucket::SSLSessionBucket() : root(NULL) {
+SSLSessionBucket::SSLSessionBucket()
+{
Debug(ssl.session_cache, Created new bucket %p with max size %ld, this,
SSLConfigParams::session_cache_max_bucket_size);
ink_mutex_init(mutex, session_bucket);
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/067df58b/iocore/net/SSLSessionCache.h
--
diff --git a/iocore/net/SSLSessionCache.h b/iocore/net/SSLSessionCache.h
index 283438a..ce5c8b1 100644
--- a/iocore/net/SSLSessionCache.h
+++ b/iocore/net/SSLSessionCache.h
@@ -19,8 +19,9 @@
limitations under the License.
*/
-#ifndef SSL_SESSION_CACHE_
-#define SSL_SESSION_CACHE_
+#ifndef __SSLSESSIONCACHE_H__
+#define __SSLSESSIONCACHE_H__
+
#include Map.h
#include List.h
#include ink_mutex.h
@@ -129,7 +130,6 @@ private:
mutable ink_mutex mutex;
CountQueueSSLSession queue;
- SSLSession *root;
};
class SSLSessionCache {
@@ -144,6 +144,4 @@ public:
SSLSessionBucket *session_bucket;
};
-#endif
-
-
+#endif /* __SSLSESSIONCACHE_H__ */
[2/2] git commit: TS-3120: overlapping remap rank when using .include directives
TS-3120: overlapping remap rank when using .include directives
As described in the docs, we use line number for remap rule rank:
Once these rules are executed we pick the lowest line number as
the match (which replicates first-match-wins).
However, when we use .include directives to include some other remap
config files, there will be overlapping and conflict with the line
numbers in each other file.
*Examples*
remap.config
.include remap1.config
.include remap2.config
remap1.config
map /foo/ https://www.yahoo.com
remap2.config
map /foo/bar1 https://www.yahoo.com
map /foo/bar2 https://www.yahoo.com
When parsing remap1.config, first entry in remap1.config is inserted
with rank 0, second with rank 1. Then parsing remap2.config, the
single entry is inserted with rank 0 again. So the entry in
remap2.config is overlapped with first entry in remap1.config and
takes precedence with second entry. This would confuse customers.
I use count in UrlRewrite::_addToStore for rank. It is used to count
the number of each type of map rules(map, reverse_map,
map_with_referer...). When we insert a new url_mapping, it is stored
in a separate MappingsStore. So there would be no conflict with
each type's count.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/50520e7f
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/50520e7f
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/50520e7f
Branch: refs/heads/master
Commit: 50520e7fe5dea63ace1df4a03cdcbf0029bd820d
Parents: 067df58
Author: Feifei Cai ff...@yahoo-inc.com
Authored: Thu Oct 9 08:48:14 2014 -0700
Committer: James Peach jpe...@apache.org
Committed: Thu Oct 9 09:17:44 2014 -0700
--
doc/reference/configuration/remap.config.en.rst | 6 +++---
proxy/http/remap/RemapConfig.cc | 2 +-
proxy/http/remap/UrlMapping.h | 1 +
proxy/http/remap/UrlRewrite.cc | 1 +
4 files changed, 6 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/doc/reference/configuration/remap.config.en.rst
--
diff --git a/doc/reference/configuration/remap.config.en.rst
b/doc/reference/configuration/remap.config.en.rst
index c32fc80..46b5b79 100644
--- a/doc/reference/configuration/remap.config.en.rst
+++ b/doc/reference/configuration/remap.config.en.rst
@@ -113,9 +113,9 @@ Traffic Server recognizes three space-delimited fields:
``type``,
Precedence
==
-Remap rules are not processed top-down, but based on an internal priority. Once
-these rules are executed we pick the lowest line number as the match (which
-replicates first-match-wins).
+Remap rules are not processed top-down, but based on an internal
+priority. Once these rules are executed we pick the first match
+based on configuration file parse order.
1. ``map_with_recv_port`` and ```regex_map_with_recv_port```
#. ``map`` and ``regex_map`` and ``reverse_map``
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/proxy/http/remap/RemapConfig.cc
--
diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc
index 398039f..70987e1 100644
--- a/proxy/http/remap/RemapConfig.cc
+++ b/proxy/http/remap/RemapConfig.cc
@@ -984,7 +984,7 @@ remap_parse_config_bti(const char * path, BUILD_TABLE_INFO
* bti)
goto MAP_ERROR;
}
-new_mapping = new url_mapping(cln); // use line # for rank for now
+new_mapping = new url_mapping();
// apply filter rules if we have to
if ((errStr = process_filter_opt(new_mapping, bti, errStrBuf,
sizeof(errStrBuf))) != NULL) {
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/proxy/http/remap/UrlMapping.h
--
diff --git a/proxy/http/remap/UrlMapping.h b/proxy/http/remap/UrlMapping.h
index cd4b1e3..ad9c1de 100644
--- a/proxy/http/remap/UrlMapping.h
+++ b/proxy/http/remap/UrlMapping.h
@@ -117,6 +117,7 @@ public:
LINK(url_mapping, link); // For use with the main Queue linked list holding
all the mapping
int getRank() const { return _rank; };
+ void setRank(int rank) { _rank = rank; };
private:
remap_plugin_info* _plugin_list[MAX_REMAP_PLUGIN_CHAIN];
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/proxy/http/remap/UrlRewrite.cc
--
diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc
index a9897e9..a3f547c 100644
--- a/proxy/http/remap/UrlRewrite.cc
+++ b/proxy/http/remap/UrlRewrite.cc
@@ -582,6 +582,7 @@
svn commit: r1630544 - /trafficserver/site/trunk/content/index.html
Author: zwoop Date: Thu Oct 9 18:02:24 2014 New Revision: 1630544 URL: http://svn.apache.org/r1630544 Log: Update the News section with latest releases Modified: trafficserver/site/trunk/content/index.html Modified: trafficserver/site/trunk/content/index.html URL: http://svn.apache.org/viewvc/trafficserver/site/trunk/content/index.html?rev=1630544r1=1630543r2=1630544view=diff == --- trafficserver/site/trunk/content/index.html (original) +++ trafficserver/site/trunk/content/index.html Thu Oct 9 18:02:24 2014 @@ -260,6 +260,9 @@ div class=twelvecol div id=blurbbox ul + libSeptember 18, 2014:/bWe are pleased to announce the relase + of our quarterly minor release, v5.1.0. It's available from our + Downloads page./li libSeptember 08, 2014:/bThe old, legacy release of ATS, v3.2.x, is no longer supported. We have removed it from the download site, but it is available via the archives. We urge @@ -269,7 +272,8 @@ This is our LTS branch for 4.x./li libJuly 23, 2014:/bA security flaw in handling of healthchecks was discovered, affecting all versions of ATS. We urge everyone to - upgrade to v4.2.1.1 or v5.1.0 immediately. See CVE-2014-3525 for details./li + upgrade to v4.2.1.1 or v5.0.1 immediately. See CVE-2014-3525 for + details./li libJune 17, 2014:/bWe are extremely pleased to announce the release of our latest major release, v5.0.0! This has been a year in the making, and includes a number of new features and bug fixes./li
svn commit: r925184 - in /websites/staging/trafficserver/trunk: cgi-bin/ content/ content/index.html
Author: buildbot Date: Thu Oct 9 18:02:31 2014 New Revision: 925184 Log: Staging update by buildbot for trafficserver Modified: websites/staging/trafficserver/trunk/cgi-bin/ (props changed) websites/staging/trafficserver/trunk/content/ (props changed) websites/staging/trafficserver/trunk/content/index.html Propchange: websites/staging/trafficserver/trunk/cgi-bin/ -- --- cms:source-revision (original) +++ cms:source-revision Thu Oct 9 18:02:31 2014 @@ -1 +1 @@ -1626317 +1630544 Propchange: websites/staging/trafficserver/trunk/content/ -- --- cms:source-revision (original) +++ cms:source-revision Thu Oct 9 18:02:31 2014 @@ -1 +1 @@ -1626317 +1630544 Modified: websites/staging/trafficserver/trunk/content/index.html == --- websites/staging/trafficserver/trunk/content/index.html (original) +++ websites/staging/trafficserver/trunk/content/index.html Thu Oct 9 18:02:31 2014 @@ -260,6 +260,9 @@ div class=twelvecol div id=blurbbox ul + libSeptember 18, 2014:/bWe are pleased to announce the relase + of our quarterly minor release, v5.1.0. It's available from our + Downloads page./li libSeptember 08, 2014:/bThe old, legacy release of ATS, v3.2.x, is no longer supported. We have removed it from the download site, but it is available via the archives. We urge @@ -269,7 +272,8 @@ This is our LTS branch for 4.x./li libJuly 23, 2014:/bA security flaw in handling of healthchecks was discovered, affecting all versions of ATS. We urge everyone to - upgrade to v4.2.1.1 or v5.1.0 immediately. See CVE-2014-3525 for details./li + upgrade to v4.2.1.1 or v5.0.1 immediately. See CVE-2014-3525 for + details./li libJune 17, 2014:/bWe are extremely pleased to announce the release of our latest major release, v5.0.0! This has been a year in the making, and includes a number of new features and bug fixes./li
svn commit: r925185 - in /websites/production/trafficserver: cgi-bin/ content/
Author: zwoop Date: Thu Oct 9 18:03:01 2014 New Revision: 925185 Log: Updated News section. Added: websites/production/trafficserver/cgi-bin/ - copied from r925184, websites/staging/trafficserver/trunk/cgi-bin/ websites/production/trafficserver/content/ - copied from r925184, websites/staging/trafficserver/trunk/content/
svn commit: r925186 - in /websites/production/trafficserver: cgi-bin/ content/
Author: zwoop Date: Thu Oct 9 18:09:55 2014 New Revision: 925186 Log: Updated news Added: websites/production/trafficserver/cgi-bin/ - copied from r925185, websites/staging/trafficserver/trunk/cgi-bin/ websites/production/trafficserver/content/ - copied from r925185, websites/staging/trafficserver/trunk/content/
git commit: Update the STATUS file with all the recent releases
Repository: trafficserver Updated Branches: refs/heads/master 50520e7fe - 023dd5233 Update the STATUS file with all the recent releases Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/023dd523 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/023dd523 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/023dd523 Branch: refs/heads/master Commit: 023dd523306207cabef41c7b6ca17de9cf785c92 Parents: 50520e7 Author: Leif Hedstrom zw...@apache.org Authored: Thu Oct 9 12:22:39 2014 -0600 Committer: Leif Hedstrom zw...@apache.org Committed: Thu Oct 9 12:22:39 2014 -0600 -- STATUS | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/023dd523/STATUS -- diff --git a/STATUS b/STATUS index aaad22e..6c5fedc 100644 --- a/STATUS +++ b/STATUS @@ -8,8 +8,15 @@ The current version of this file can be found at: Release history: +5.1.0 : Released on Sep 18th, 2014 +5.0.1 : Released on Jul 23rd, 2014 +5.0.0 : Released on Jun 17th, 2014 + +4.2.2 : Released on Sep 4th, 2014 +4.2.1.1 : Released on Jul 23rd, 2014 +4.2.1 : Released on Apr 29th, 2014 +4.2.0 : Released on Mar 19th, 2014 4.1.2 : Released on Dec 17th, 2013 - 4.0.2 : Released on Oct 14th, 2013 4.0.1 : Released on Aug 30th, 2013
git commit: Fixing small documentation inconsistency
Repository: trafficserver Updated Branches: refs/heads/master 023dd5233 - a13a52734 Fixing small documentation inconsistency Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a13a5273 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a13a5273 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a13a5273 Branch: refs/heads/master Commit: a13a5273454c66e0376b07e6bd07e8627025aa39 Parents: 023dd52 Author: Brian Geffon bri...@apache.org Authored: Thu Oct 9 11:38:23 2014 -0700 Committer: Brian Geffon bri...@apache.org Committed: Thu Oct 9 11:38:34 2014 -0700 -- doc/reference/configuration/records.config.en.rst | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a13a5273/doc/reference/configuration/records.config.en.rst -- diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst index 305ed09..f4b3a91 100644 --- a/doc/reference/configuration/records.config.en.rst +++ b/doc/reference/configuration/records.config.en.rst @@ -2181,9 +2181,7 @@ SSL Termination This configuration specifies the lifetime of SSL session cache entries in seconds. If it is ``0``, then the SSL library will use - a default value, typically 300 seconds. Note: This option has no affect - when using the Traffic Server session cache (option ``2`` in - ``proxy.config.ssl.session_cache``) + a default value, typically 300 seconds. .. ts:cv:: CONFIG proxy.config.ssl.session_cache.size INT 102400
