Module: sip-router
Branch: andrei/tcp_tls_changes
Commit: 86cfe85e9ef7cb473c9672bf0e38875852106c52
URL:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=86cfe85…
Author: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
Committer: Andrei Pelinescu-Onciul <andrei(a)iptel.org>
Date: Fri Jun 4 18:38:50 2010 +0200
tls: config options for the internal queues
Added runtime config options for the internal queues used when
data has to be queued due to renegotiations or on-going
initialization of the connections:
ct_wq_max - maximum bytes queued globally for write when write has
to wait due to TLS-level renegotiation.
con_ct_wq_max - maximum bytes queued for write per connection.
ct_wq_blk_size - internal TLS pre-write (clear-text) queue
minimum block size (advanced tunning or
debugging).
---
modules/tls/tls_cfg.c | 20 ++++++++++++++++++--
modules/tls/tls_cfg.h | 3 +++
modules/tls/tls_ct_wrq.c | 14 +++++++-------
3 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c
index e3d7b00..b255626 100644
--- a/modules/tls/tls_cfg.c
+++ b/modules/tls/tls_cfg.c
@@ -57,8 +57,11 @@ struct cfg_group_tls default_tls_cfg = {
-1, /* ssl_freelist_max (use the default: 32) */
-1, /* ssl_max_send_fragment (use the default: 16k)*/
1, /* ssl_read_ahead (set, use -1 for the openssl default value)*/
- -1, /* low_mem_treshold1 */
- -1, /* low_mem_treshold2 */
+ -1, /* low_mem_threshold1 */
+ -1, /* low_mem_threshold2 */
+ 10*1024*1024, /* ct_wq_max: 10 Mb by default */
+ 64*1024, /* con_ct_wq_max: 64Kb by default */
+ 4096 /* ct_wq_blk_size */
};
void* tls_cfg = &default_tls_cfg;
@@ -175,6 +178,19 @@ cfg_def_t tls_cfg_def[] = {
{"low_mem_threshold2", CFG_VAR_INT | CFG_ATOMIC, -1, 1<<30, 0, 0,
"sets the minimum amount of free memory after which no more TLS"
" operations will be attempted (even on existing connections)" },
+ {"ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 1<<30, 0, 0,
+ "maximum bytes queued globally for write when write has to wait due"
+ " to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
+ " connection establishment (it is different from tcp.wq_max,"
+ " which works at the TCP connection level)"},
+ {"con_ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 4*1024*1024, 0, 0,
+ "maximum bytes queued for write per connection when write has to wait"
+ " due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
+ " connection establishment (it is different from tcp.conn_wq_max,"
+ " which works at the TCP connection level)"},
+ {"ct_wq_blk_size", CFG_VAR_INT | CFG_ATOMIC, 1, 65536, 0, 0,
+ "internal TLS pre-write (clear-text) queue minimum block size"
+ " (advanced tunning or debugging for now)"},
{0, 0, 0, 0, 0, 0}
};
diff --git a/modules/tls/tls_cfg.h b/modules/tls/tls_cfg.h
index 5dfcec2..41e149c 100644
--- a/modules/tls/tls_cfg.h
+++ b/modules/tls/tls_cfg.h
@@ -87,6 +87,9 @@ struct cfg_group_tls {
int ssl_read_ahead;
int low_mem_threshold1;
int low_mem_threshold2;
+ int ct_wq_max; /* maximum overall tls write clear text queued bytes */
+ int con_ct_wq_max; /* maximum clear text write queued bytes per con */
+ int ct_wq_blk_size; /* minimum block size for the clear text write queue */
};
diff --git a/modules/tls/tls_ct_wrq.c b/modules/tls/tls_ct_wrq.c
index e939f51..b3a6e3d 100644
--- a/modules/tls/tls_ct_wrq.c
+++ b/modules/tls/tls_ct_wrq.c
@@ -29,13 +29,10 @@
*/
#include "tls_ct_wrq.h"
+#include "tls_cfg.h"
#include "../../atomic_ops.h"
#include "../../mem/shm_mem.h"
-/* FIXME: change to runtime configurable variables */
-#define TLS_CT_WQ_MAX_CON_SZ 4*1024*1024 /* 4 MB max. overall */
-#define TLS_CT_WQ_MAX 262144 /* 256 k max. per connection */
-#define TLS_CT_WQ_BLK_SZ 4096 /* 4k max. block size */
atomic_t* tls_total_ct_wq; /* total clear text bytes queued for a future
SSL_write() (due to renegotiations/
@@ -135,10 +132,13 @@ int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int
size)
{
int ret;
- if (unlikely( (*ct_q && (((*ct_q)->queued + size) >
TLS_CT_WQ_MAX_CON_SZ))
- || (atomic_get(tls_total_ct_wq) + size) > TLS_CT_WQ_MAX))
+ if (unlikely( (*ct_q && (((*ct_q)->queued + size) >
+ cfg_get(tls, tls_cfg, con_ct_wq_max))) ||
+ (atomic_get(tls_total_ct_wq) + size) >
+ cfg_get(tls, tls_cfg, ct_wq_max)))
return -2;
- ret = tls_ct_q_add(ct_q, data, size, TLS_CT_WQ_BLK_SZ);
+ ret = tls_ct_q_add(ct_q, data, size,
+ cfg_get(tls, tls_cfg, ct_wq_blk_size));
if (likely(ret > 0))
atomic_add(tls_total_ct_wq, ret);
return ret;