Re: [1/3] git commit: TS-3080: Optimized SSL Session Cache
I thought you were going to format to our style guidelines before committing? On Oct 8, 2014, at 11:34 AM, bri...@apache.org wrote: Repository: trafficserver Updated Branches: refs/heads/master 195259b16 - f1bedb41e TS-3080: Optimized SSL Session Cache Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/53bf5d1e Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/53bf5d1e Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/53bf5d1e Branch: refs/heads/master Commit: 53bf5d1e7618ae38b0a8b49263a047282eec68d1 Parents: 72b7c05 Author: Brian Geffon bri...@apache.org Authored: Tue Oct 7 18:51:34 2014 -0700 Committer: Brian Geffon bri...@apache.org Committed: Tue Oct 7 18:52:34 2014 -0700 -- iocore/net/Makefile.am| 1 + iocore/net/P_SSLConfig.h | 12 +- iocore/net/P_SSLUtils.h | 4 + iocore/net/SSLConfig.cc | 19 ++- iocore/net/SSLSessionCache.cc | 246 + iocore/net/SSLSessionCache.h | 149 ++ iocore/net/SSLUtils.cc| 98 ++- lib/ts/ink_mutex.h| 29 + mgmt/RecordsConfig.cc | 8 +- proxy/Makefile.am | 2 +- 10 files changed, 559 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/Makefile.am -- diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am index 0120528..da7a476 100644 --- a/iocore/net/Makefile.am +++ b/iocore/net/Makefile.am @@ -88,6 +88,7 @@ libinknet_a_SOURCES = \ P_UnixUDPConnection.h \ Socks.cc \ SSLCertLookup.cc \ + SSLSessionCache.cc \ SSLConfig.cc \ SSLNetAccept.cc \ SSLNetProcessor.cc \ http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLConfig.h -- diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index aa4926f..0cad7d9 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -32,6 +32,7 @@ #define __P_SSLCONFIG_H__ #include ProxyConfig.h +#include SSLSessionCache.h struct SSLCertLookup; @@ -51,7 +52,8 @@ struct SSLConfigParams : public ConfigInfo enum SSL_SESSION_CACHE_MODE { SSL_SESSION_CACHE_MODE_OFF = 0, -SSL_SESSION_CACHE_MODE_SERVER = 1 +SSL_SESSION_CACHE_MODE_SERVER_OPENSSL_IMPL = 1, +SSL_SESSION_CACHE_MODE_SERVER_ATS_IMPL = 2 }; SSLConfigParams(); @@ -69,6 +71,8 @@ struct SSLConfigParams : public ConfigInfo int verify_depth; int ssl_session_cache; // SSL_SESSION_CACHE_MODE int ssl_session_cache_size; + int ssl_session_cache_num_buckets; + int ssl_session_cache_skip_on_contention; int ssl_session_cache_timeout; char * clientCertPath; @@ -88,6 +92,10 @@ struct SSLConfigParams : public ConfigInfo static int ssl_ocsp_request_timeout; static int ssl_ocsp_update_period; + static size_t session_cache_number_buckets; + static size_t session_cache_max_bucket_size; + static bool session_cache_skip_on_lock_contention; + static init_ssl_ctx_func init_ssl_ctx_cb; void initialize(); @@ -126,4 +134,6 @@ private: static int configid; }; +extern SSLSessionCache *session_cache; + #endif http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLUtils.h -- diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h index 3cf0c20..1c9f0b8 100644 --- a/iocore/net/P_SSLUtils.h +++ b/iocore/net/P_SSLUtils.h @@ -70,6 +70,10 @@ enum SSL_Stats ssl_total_tickets_verified_stat, ssl_total_tickets_not_found_stat, ssl_total_tickets_renewed_stat, + ssl_session_cache_hit, + ssl_session_cache_miss, + ssl_session_cache_eviction, + ssl_session_cache_lock_contention, /* error stats */ ssl_error_want_write, http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/SSLConfig.cc -- diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 402664a..3aaddc1 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -37,6 +37,7 @@ #include P_SSLConfig.h #include P_SSLUtils.h #include P_SSLCertLookup.h +#include SSLSessionCache.h #include records/I_RecHttp.h int SSLConfig::configid = 0; @@ -47,6 +48,10 @@ bool SSLConfigParams::ssl_ocsp_enabled = false; int SSLConfigParams::ssl_ocsp_cache_timeout = 3600; int SSLConfigParams::ssl_ocsp_request_timeout = 10; int SSLConfigParams::ssl_ocsp_update_period = 60; +size_t
[1/3] git commit: TS-3080: Optimized SSL Session Cache
Repository: trafficserver Updated Branches: refs/heads/master 195259b16 - f1bedb41e TS-3080: Optimized SSL Session Cache Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/53bf5d1e Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/53bf5d1e Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/53bf5d1e Branch: refs/heads/master Commit: 53bf5d1e7618ae38b0a8b49263a047282eec68d1 Parents: 72b7c05 Author: Brian Geffon bri...@apache.org Authored: Tue Oct 7 18:51:34 2014 -0700 Committer: Brian Geffon bri...@apache.org Committed: Tue Oct 7 18:52:34 2014 -0700 -- iocore/net/Makefile.am| 1 + iocore/net/P_SSLConfig.h | 12 +- iocore/net/P_SSLUtils.h | 4 + iocore/net/SSLConfig.cc | 19 ++- iocore/net/SSLSessionCache.cc | 246 + iocore/net/SSLSessionCache.h | 149 ++ iocore/net/SSLUtils.cc| 98 ++- lib/ts/ink_mutex.h| 29 + mgmt/RecordsConfig.cc | 8 +- proxy/Makefile.am | 2 +- 10 files changed, 559 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/Makefile.am -- diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am index 0120528..da7a476 100644 --- a/iocore/net/Makefile.am +++ b/iocore/net/Makefile.am @@ -88,6 +88,7 @@ libinknet_a_SOURCES = \ P_UnixUDPConnection.h \ Socks.cc \ SSLCertLookup.cc \ + SSLSessionCache.cc \ SSLConfig.cc \ SSLNetAccept.cc \ SSLNetProcessor.cc \ http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLConfig.h -- diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index aa4926f..0cad7d9 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -32,6 +32,7 @@ #define __P_SSLCONFIG_H__ #include ProxyConfig.h +#include SSLSessionCache.h struct SSLCertLookup; @@ -51,7 +52,8 @@ struct SSLConfigParams : public ConfigInfo enum SSL_SESSION_CACHE_MODE { SSL_SESSION_CACHE_MODE_OFF = 0, -SSL_SESSION_CACHE_MODE_SERVER = 1 +SSL_SESSION_CACHE_MODE_SERVER_OPENSSL_IMPL = 1, +SSL_SESSION_CACHE_MODE_SERVER_ATS_IMPL = 2 }; SSLConfigParams(); @@ -69,6 +71,8 @@ struct SSLConfigParams : public ConfigInfo int verify_depth; int ssl_session_cache; // SSL_SESSION_CACHE_MODE int ssl_session_cache_size; + int ssl_session_cache_num_buckets; + int ssl_session_cache_skip_on_contention; int ssl_session_cache_timeout; char * clientCertPath; @@ -88,6 +92,10 @@ struct SSLConfigParams : public ConfigInfo static int ssl_ocsp_request_timeout; static int ssl_ocsp_update_period; + static size_t session_cache_number_buckets; + static size_t session_cache_max_bucket_size; + static bool session_cache_skip_on_lock_contention; + static init_ssl_ctx_func init_ssl_ctx_cb; void initialize(); @@ -126,4 +134,6 @@ private: static int configid; }; +extern SSLSessionCache *session_cache; + #endif http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/P_SSLUtils.h -- diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h index 3cf0c20..1c9f0b8 100644 --- a/iocore/net/P_SSLUtils.h +++ b/iocore/net/P_SSLUtils.h @@ -70,6 +70,10 @@ enum SSL_Stats ssl_total_tickets_verified_stat, ssl_total_tickets_not_found_stat, ssl_total_tickets_renewed_stat, + ssl_session_cache_hit, + ssl_session_cache_miss, + ssl_session_cache_eviction, + ssl_session_cache_lock_contention, /* error stats */ ssl_error_want_write, http://git-wip-us.apache.org/repos/asf/trafficserver/blob/53bf5d1e/iocore/net/SSLConfig.cc -- diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 402664a..3aaddc1 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -37,6 +37,7 @@ #include P_SSLConfig.h #include P_SSLUtils.h #include P_SSLCertLookup.h +#include SSLSessionCache.h #include records/I_RecHttp.h int SSLConfig::configid = 0; @@ -47,6 +48,10 @@ bool SSLConfigParams::ssl_ocsp_enabled = false; int SSLConfigParams::ssl_ocsp_cache_timeout = 3600; int SSLConfigParams::ssl_ocsp_request_timeout = 10; int SSLConfigParams::ssl_ocsp_update_period = 60; +size_t SSLConfigParams::session_cache_number_buckets = 1024; +bool SSLConfigParams::session_cache_skip_on_lock_contention = false; +size_t SSLConfigParams::session_cache_max_bucket_size = 100; + init_ssl_ctx_func