Re: [1/3] git commit: TS-3080: Optimized SSL Session Cache
I thought you were going to format to our style guidelines before committing? On Oct 8, 2014, at 11:34 AM, bri...@apache.org wrote: Repository: trafficserver Updated Branches: refs/heads/master 195259b16 - f1bedb41e TS-3080: Optimized SSL Session Cache Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/53bf5d1e Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/53bf5d1e Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/53bf5d1e Branch: refs/heads/master Commit: 53bf5d1e7618ae38b0a8b49263a047282eec68d1 Parents: 72b7c05 Author: Brian Geffon bri...@apache.org Authored: Tue Oct 7 18:51:34 2014 -0700 Committer: Brian Geffon bri...@apache.org Committed: Tue Oct 7 18:52:34 2014 -0700 -- iocore/net/Makefile.am| 1 + iocore/net/P_SSLConfig.h | 12 +- iocore/net/P_SSLUtils.h | 4 + iocore/net/SSLConfig.cc | 19 ++- iocore/net/SSLSessionCache.cc | 246 + iocore/net/SSLSessionCache.h | 149 ++ iocore/net/SSLUtils.cc| 98 ++- lib/ts/ink_mutex.h| 29 + mgmt/RecordsConfig.cc | 8 +- proxy/Makefile.am | 2 +- 10 files changed, 559 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/Makefile.am -- diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am index 0120528..da7a476 100644 --- a/iocore/net/Makefile.am +++ b/iocore/net/Makefile.am @@ -88,6 +88,7 @@ libinknet_a_SOURCES = \ P_UnixUDPConnection.h \ Socks.cc \ SSLCertLookup.cc \ + SSLSessionCache.cc \ SSLConfig.cc \ SSLNetAccept.cc \ SSLNetProcessor.cc \ http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLConfig.h -- diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index aa4926f..0cad7d9 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -32,6 +32,7 @@ #define __P_SSLCONFIG_H__ #include ProxyConfig.h +#include SSLSessionCache.h struct SSLCertLookup; @@ -51,7 +52,8 @@ struct SSLConfigParams : public ConfigInfo enum SSL_SESSION_CACHE_MODE { SSL_SESSION_CACHE_MODE_OFF = 0, -SSL_SESSION_CACHE_MODE_SERVER = 1 +SSL_SESSION_CACHE_MODE_SERVER_OPENSSL_IMPL = 1, +SSL_SESSION_CACHE_MODE_SERVER_ATS_IMPL = 2 }; SSLConfigParams(); @@ -69,6 +71,8 @@ struct SSLConfigParams : public ConfigInfo int verify_depth; int ssl_session_cache; // SSL_SESSION_CACHE_MODE int ssl_session_cache_size; + int ssl_session_cache_num_buckets; + int ssl_session_cache_skip_on_contention; int ssl_session_cache_timeout; char * clientCertPath; @@ -88,6 +92,10 @@ struct SSLConfigParams : public ConfigInfo static int ssl_ocsp_request_timeout; static int ssl_ocsp_update_period; + static size_t session_cache_number_buckets; + static size_t session_cache_max_bucket_size; + static bool session_cache_skip_on_lock_contention; + static init_ssl_ctx_func init_ssl_ctx_cb; void initialize(); @@ -126,4 +134,6 @@ private: static int configid; }; +extern SSLSessionCache *session_cache; + #endif http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLUtils.h -- diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h index 3cf0c20..1c9f0b8 100644 --- a/iocore/net/P_SSLUtils.h +++ b/iocore/net/P_SSLUtils.h @@ -70,6 +70,10 @@ enum SSL_Stats ssl_total_tickets_verified_stat, ssl_total_tickets_not_found_stat, ssl_total_tickets_renewed_stat, + ssl_session_cache_hit, + ssl_session_cache_miss, + ssl_session_cache_eviction, + ssl_session_cache_lock_contention, /* error stats */ ssl_error_want_write, http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/SSLConfig.cc -- diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 402664a..3aaddc1 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -37,6 +37,7 @@ #include P_SSLConfig.h #include P_SSLUtils.h #include P_SSLCertLookup.h +#include SSLSessionCache.h #include records/I_RecHttp.h int SSLConfig::configid = 0; @@ -47,6 +48,10 @@ bool SSLConfigParams::ssl_ocsp_enabled = false; int SSLConfigParams::ssl_ocsp_cache_timeout = 3600; int SSLConfigParams::ssl_ocsp_request_timeout = 10; int SSLConfigParams::ssl_ocsp_update_period = 60; +size_t
[1/2] git commit: TS-3080: fix SSL session cache build
Repository: trafficserver Updated Branches: refs/heads/master b4529fd61 - 50520e7fe TS-3080: fix SSL session cache build Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/067df58b Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/067df58b Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/067df58b Branch: refs/heads/master Commit: 067df58b5273ffb7773e161b0f3dae6e13c6e60e Parents: b4529fd Author: James Peach jpe...@apache.org Authored: Thu Oct 9 08:57:56 2014 -0700 Committer: James Peach jpe...@apache.org Committed: Thu Oct 9 09:17:29 2014 -0700 -- CHANGES | 7 +-- iocore/net/SSLSessionCache.cc | 9 + iocore/net/SSLSessionCache.h | 10 -- 3 files changed, 14 insertions(+), 12 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/067df58b/CHANGES -- diff --git a/CHANGES b/CHANGES index 12739ac..1f6d81d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,11 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.2.0 - + + *) [TS-3120] Overlapping remap rank when using .include directives. + Author: Feifei Cai ff...@yahoo-inc.com + *) [TS-3080] Optimized SSL session caching - + *) [TS-3121] Prevent sending garbage HTTP/0.8 responses from SPDY *) [TS-3116] Add support for tracking the use of the ioBuffers http://git-wip-us.apache.org/repos/asf/trafficserver/blob/067df58b/iocore/net/SSLSessionCache.cc -- diff --git a/iocore/net/SSLSessionCache.cc b/iocore/net/SSLSessionCache.cc index c936ee7..5b36907 100644 --- a/iocore/net/SSLSessionCache.cc +++ b/iocore/net/SSLSessionCache.cc @@ -103,7 +103,7 @@ void SSLSessionBucket::insertSession(const SSLSessionID id, const char *sni_nam size_t len = i2d_SSL_SESSION(sess, NULL); // make sure we're not going to need more than SSL_MAX_SESSION_SIZE bytes /* do not cache a session that's too big. */ if (len (size_t) SSL_MAX_SESSION_SIZE) { - Debug(ssl.session_cache, Unable to save SSL session because size of % PRId64 exceeds the max of %d, len, SSL_MAX_SESSION_SIZE); + Debug(ssl.session_cache, Unable to save SSL session because size of %zd exceeds the max of %d, len, SSL_MAX_SESSION_SIZE); return; } @@ -194,7 +194,7 @@ void inline SSLSessionBucket::print(const char *ref_str) const { } fprintf(stderr, -- BUCKET %p (%s) \n, this, ref_str); - fprintf(stderr, Current Size: %d, Max Size: % PRId64 \n, queue.size, SSLConfigParams::session_cache_max_bucket_size); + fprintf(stderr, Current Size: %d, Max Size: %zd\n, queue.size, SSLConfigParams::session_cache_max_bucket_size); fprintf(stderr, Queue: \n); SSLSession *node = queue.head; @@ -213,7 +213,7 @@ void inline SSLSessionBucket::removeOldestSession() { if (is_debug_tag_set(ssl.session_cache)) { char buf[old_head-session_id.len * 2 + 1]; old_head-session_id.toString(buf, sizeof(buf)); - Debug(ssl.session_cache, Removing session '%s' from bucket %p because the bucket has size %d and max % PRId64, buf, this, (queue.size + 1), SSLConfigParams::session_cache_max_bucket_size); + Debug(ssl.session_cache, Removing session '%s' from bucket %p because the bucket has size %d and max %zd, buf, this, (queue.size + 1), SSLConfigParams::session_cache_max_bucket_size); } delete old_head; } @@ -234,7 +234,8 @@ void SSLSessionBucket::removeSession(const SSLSessionID id) { } /* Session Bucket */ -SSLSessionBucket::SSLSessionBucket() : root(NULL) { +SSLSessionBucket::SSLSessionBucket() +{ Debug(ssl.session_cache, Created new bucket %p with max size %ld, this, SSLConfigParams::session_cache_max_bucket_size); ink_mutex_init(mutex, session_bucket); } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/067df58b/iocore/net/SSLSessionCache.h -- diff --git a/iocore/net/SSLSessionCache.h b/iocore/net/SSLSessionCache.h index 283438a..ce5c8b1 100644 --- a/iocore/net/SSLSessionCache.h +++ b/iocore/net/SSLSessionCache.h @@ -19,8 +19,9 @@ limitations under the License. */ -#ifndef SSL_SESSION_CACHE_ -#define SSL_SESSION_CACHE_ +#ifndef __SSLSESSIONCACHE_H__ +#define __SSLSESSIONCACHE_H__ + #include Map.h #include List.h #include ink_mutex.h @@ -129,7 +130,6 @@ private: mutable ink_mutex mutex; CountQueueSSLSession queue; - SSLSession *root; }; class SSLSessionCache { @@ -144,6 +144,4 @@ public: SSLSessionBucket *session_bucket; }; -#endif - - +#endif /* __SSLSESSIONCACHE_H__ */
[2/2] git commit: TS-3120: overlapping remap rank when using .include directives
TS-3120: overlapping remap rank when using .include directives As described in the docs, we use line number for remap rule rank: Once these rules are executed we pick the lowest line number as the match (which replicates first-match-wins). However, when we use .include directives to include some other remap config files, there will be overlapping and conflict with the line numbers in each other file. *Examples* remap.config .include remap1.config .include remap2.config remap1.config map /foo/ https://www.yahoo.com remap2.config map /foo/bar1 https://www.yahoo.com map /foo/bar2 https://www.yahoo.com When parsing remap1.config, first entry in remap1.config is inserted with rank 0, second with rank 1. Then parsing remap2.config, the single entry is inserted with rank 0 again. So the entry in remap2.config is overlapped with first entry in remap1.config and takes precedence with second entry. This would confuse customers. I use count in UrlRewrite::_addToStore for rank. It is used to count the number of each type of map rules(map, reverse_map, map_with_referer...). When we insert a new url_mapping, it is stored in a separate MappingsStore. So there would be no conflict with each type's count. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/50520e7f Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/50520e7f Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/50520e7f Branch: refs/heads/master Commit: 50520e7fe5dea63ace1df4a03cdcbf0029bd820d Parents: 067df58 Author: Feifei Cai ff...@yahoo-inc.com Authored: Thu Oct 9 08:48:14 2014 -0700 Committer: James Peach jpe...@apache.org Committed: Thu Oct 9 09:17:44 2014 -0700 -- doc/reference/configuration/remap.config.en.rst | 6 +++--- proxy/http/remap/RemapConfig.cc | 2 +- proxy/http/remap/UrlMapping.h | 1 + proxy/http/remap/UrlRewrite.cc | 1 + 4 files changed, 6 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/doc/reference/configuration/remap.config.en.rst -- diff --git a/doc/reference/configuration/remap.config.en.rst b/doc/reference/configuration/remap.config.en.rst index c32fc80..46b5b79 100644 --- a/doc/reference/configuration/remap.config.en.rst +++ b/doc/reference/configuration/remap.config.en.rst @@ -113,9 +113,9 @@ Traffic Server recognizes three space-delimited fields: ``type``, Precedence == -Remap rules are not processed top-down, but based on an internal priority. Once -these rules are executed we pick the lowest line number as the match (which -replicates first-match-wins). +Remap rules are not processed top-down, but based on an internal +priority. Once these rules are executed we pick the first match +based on configuration file parse order. 1. ``map_with_recv_port`` and ```regex_map_with_recv_port``` #. ``map`` and ``regex_map`` and ``reverse_map`` http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/proxy/http/remap/RemapConfig.cc -- diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc index 398039f..70987e1 100644 --- a/proxy/http/remap/RemapConfig.cc +++ b/proxy/http/remap/RemapConfig.cc @@ -984,7 +984,7 @@ remap_parse_config_bti(const char * path, BUILD_TABLE_INFO * bti) goto MAP_ERROR; } -new_mapping = new url_mapping(cln); // use line # for rank for now +new_mapping = new url_mapping(); // apply filter rules if we have to if ((errStr = process_filter_opt(new_mapping, bti, errStrBuf, sizeof(errStrBuf))) != NULL) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/proxy/http/remap/UrlMapping.h -- diff --git a/proxy/http/remap/UrlMapping.h b/proxy/http/remap/UrlMapping.h index cd4b1e3..ad9c1de 100644 --- a/proxy/http/remap/UrlMapping.h +++ b/proxy/http/remap/UrlMapping.h @@ -117,6 +117,7 @@ public: LINK(url_mapping, link); // For use with the main Queue linked list holding all the mapping int getRank() const { return _rank; }; + void setRank(int rank) { _rank = rank; }; private: remap_plugin_info* _plugin_list[MAX_REMAP_PLUGIN_CHAIN]; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/50520e7f/proxy/http/remap/UrlRewrite.cc -- diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc index a9897e9..a3f547c 100644 --- a/proxy/http/remap/UrlRewrite.cc +++ b/proxy/http/remap/UrlRewrite.cc @@ -582,6 +582,7 @@
svn commit: r1630544 - /trafficserver/site/trunk/content/index.html
Author: zwoop Date: Thu Oct 9 18:02:24 2014 New Revision: 1630544 URL: http://svn.apache.org/r1630544 Log: Update the News section with latest releases Modified: trafficserver/site/trunk/content/index.html Modified: trafficserver/site/trunk/content/index.html URL: http://svn.apache.org/viewvc/trafficserver/site/trunk/content/index.html?rev=1630544r1=1630543r2=1630544view=diff == --- trafficserver/site/trunk/content/index.html (original) +++ trafficserver/site/trunk/content/index.html Thu Oct 9 18:02:24 2014 @@ -260,6 +260,9 @@ div class=twelvecol div id=blurbbox ul + libSeptember 18, 2014:/bWe are pleased to announce the relase + of our quarterly minor release, v5.1.0. It's available from our + Downloads page./li libSeptember 08, 2014:/bThe old, legacy release of ATS, v3.2.x, is no longer supported. We have removed it from the download site, but it is available via the archives. We urge @@ -269,7 +272,8 @@ This is our LTS branch for 4.x./li libJuly 23, 2014:/bA security flaw in handling of healthchecks was discovered, affecting all versions of ATS. We urge everyone to - upgrade to v4.2.1.1 or v5.1.0 immediately. See CVE-2014-3525 for details./li + upgrade to v4.2.1.1 or v5.0.1 immediately. See CVE-2014-3525 for + details./li libJune 17, 2014:/bWe are extremely pleased to announce the release of our latest major release, v5.0.0! This has been a year in the making, and includes a number of new features and bug fixes./li
svn commit: r925184 - in /websites/staging/trafficserver/trunk: cgi-bin/ content/ content/index.html
Author: buildbot Date: Thu Oct 9 18:02:31 2014 New Revision: 925184 Log: Staging update by buildbot for trafficserver Modified: websites/staging/trafficserver/trunk/cgi-bin/ (props changed) websites/staging/trafficserver/trunk/content/ (props changed) websites/staging/trafficserver/trunk/content/index.html Propchange: websites/staging/trafficserver/trunk/cgi-bin/ -- --- cms:source-revision (original) +++ cms:source-revision Thu Oct 9 18:02:31 2014 @@ -1 +1 @@ -1626317 +1630544 Propchange: websites/staging/trafficserver/trunk/content/ -- --- cms:source-revision (original) +++ cms:source-revision Thu Oct 9 18:02:31 2014 @@ -1 +1 @@ -1626317 +1630544 Modified: websites/staging/trafficserver/trunk/content/index.html == --- websites/staging/trafficserver/trunk/content/index.html (original) +++ websites/staging/trafficserver/trunk/content/index.html Thu Oct 9 18:02:31 2014 @@ -260,6 +260,9 @@ div class=twelvecol div id=blurbbox ul + libSeptember 18, 2014:/bWe are pleased to announce the relase + of our quarterly minor release, v5.1.0. It's available from our + Downloads page./li libSeptember 08, 2014:/bThe old, legacy release of ATS, v3.2.x, is no longer supported. We have removed it from the download site, but it is available via the archives. We urge @@ -269,7 +272,8 @@ This is our LTS branch for 4.x./li libJuly 23, 2014:/bA security flaw in handling of healthchecks was discovered, affecting all versions of ATS. We urge everyone to - upgrade to v4.2.1.1 or v5.1.0 immediately. See CVE-2014-3525 for details./li + upgrade to v4.2.1.1 or v5.0.1 immediately. See CVE-2014-3525 for + details./li libJune 17, 2014:/bWe are extremely pleased to announce the release of our latest major release, v5.0.0! This has been a year in the making, and includes a number of new features and bug fixes./li
svn commit: r925185 - in /websites/production/trafficserver: cgi-bin/ content/
Author: zwoop Date: Thu Oct 9 18:03:01 2014 New Revision: 925185 Log: Updated News section. Added: websites/production/trafficserver/cgi-bin/ - copied from r925184, websites/staging/trafficserver/trunk/cgi-bin/ websites/production/trafficserver/content/ - copied from r925184, websites/staging/trafficserver/trunk/content/
svn commit: r925186 - in /websites/production/trafficserver: cgi-bin/ content/
Author: zwoop Date: Thu Oct 9 18:09:55 2014 New Revision: 925186 Log: Updated news Added: websites/production/trafficserver/cgi-bin/ - copied from r925185, websites/staging/trafficserver/trunk/cgi-bin/ websites/production/trafficserver/content/ - copied from r925185, websites/staging/trafficserver/trunk/content/
git commit: Update the STATUS file with all the recent releases
Repository: trafficserver Updated Branches: refs/heads/master 50520e7fe - 023dd5233 Update the STATUS file with all the recent releases Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/023dd523 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/023dd523 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/023dd523 Branch: refs/heads/master Commit: 023dd523306207cabef41c7b6ca17de9cf785c92 Parents: 50520e7 Author: Leif Hedstrom zw...@apache.org Authored: Thu Oct 9 12:22:39 2014 -0600 Committer: Leif Hedstrom zw...@apache.org Committed: Thu Oct 9 12:22:39 2014 -0600 -- STATUS | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/023dd523/STATUS -- diff --git a/STATUS b/STATUS index aaad22e..6c5fedc 100644 --- a/STATUS +++ b/STATUS @@ -8,8 +8,15 @@ The current version of this file can be found at: Release history: +5.1.0 : Released on Sep 18th, 2014 +5.0.1 : Released on Jul 23rd, 2014 +5.0.0 : Released on Jun 17th, 2014 + +4.2.2 : Released on Sep 4th, 2014 +4.2.1.1 : Released on Jul 23rd, 2014 +4.2.1 : Released on Apr 29th, 2014 +4.2.0 : Released on Mar 19th, 2014 4.1.2 : Released on Dec 17th, 2013 - 4.0.2 : Released on Oct 14th, 2013 4.0.1 : Released on Aug 30th, 2013
git commit: Fixing small documentation inconsistency
Repository: trafficserver Updated Branches: refs/heads/master 023dd5233 - a13a52734 Fixing small documentation inconsistency Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a13a5273 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a13a5273 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a13a5273 Branch: refs/heads/master Commit: a13a5273454c66e0376b07e6bd07e8627025aa39 Parents: 023dd52 Author: Brian Geffon bri...@apache.org Authored: Thu Oct 9 11:38:23 2014 -0700 Committer: Brian Geffon bri...@apache.org Committed: Thu Oct 9 11:38:34 2014 -0700 -- doc/reference/configuration/records.config.en.rst | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a13a5273/doc/reference/configuration/records.config.en.rst -- diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst index 305ed09..f4b3a91 100644 --- a/doc/reference/configuration/records.config.en.rst +++ b/doc/reference/configuration/records.config.en.rst @@ -2181,9 +2181,7 @@ SSL Termination This configuration specifies the lifetime of SSL session cache entries in seconds. If it is ``0``, then the SSL library will use - a default value, typically 300 seconds. Note: This option has no affect - when using the Traffic Server session cache (option ``2`` in - ``proxy.config.ssl.session_cache``) + a default value, typically 300 seconds. .. ts:cv:: CONFIG proxy.config.ssl.session_cache.size INT 102400