RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl engines: Fix async engines fds were not considered to fix fd limit automatically. 

The number of async fd is computed considering the maxconn, the number
of sides using ssl and the number of engines using async mode.

This patch should be backported on haproxy 1.8
This commit is contained in:
Emeric Brun 2017-12-06 13:51:49 +01:00 committed by Willy Tarreau
parent 473cf5d0cd
commit ece0c334bd
3 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/types/global.h
View File

@ -97,6 +97,7 @@ struct global {
int ssl_handshake_max_cost; /* how many bytes an SSL handshake may use */
int ssl_used_frontend; /* non-zero if SSL is used in a frontend */
int ssl_used_backend; /* non-zero if SSL is used in a backend */
int ssl_used_async_engines; /* number of used async engines */
unsigned int ssl_server_verify; /* default verify mode on servers side */
struct freq_ctr conn_per_sec;
struct freq_ctr sess_per_sec;

5
src/haproxy.c
View File

@ -1780,6 +1780,11 @@ static void init(int argc, char **argv)
global.hardmaxconn = global.maxconn; /* keep this max value */
global.maxsock += global.maxconn * 2; /* each connection needs two sockets */
global.maxsock += global.maxpipes * 2; /* each pipe needs two FDs */
/* compute fd used by async engines */
if (global.ssl_used_async_engines) {
int sides = !!global.ssl_used_frontend + !!global.ssl_used_backend;
global.maxsock += global.maxconn * sides * global.ssl_used_async_engines;
}
if (global.stats_fe)
global.maxsock += global.stats_fe->maxconn;

5
src/ssl_sock.c
View File

@ -161,6 +161,7 @@ enum {
int sslconns = 0;
int totalsslconns = 0;
static struct xprt_ops ssl_sock;
int nb_engines = 0;
static struct {
char *crt_base; /* base directory path for certificates */
@ -411,6 +412,9 @@ static int ssl_init_single_engine(const char *engine_id, const char *def_algorit
el = calloc(1, sizeof(*el));
el->e = engine;
LIST_ADD(&openssl_engines, &el->list);
nb_engines++;
if (global_ssl.async)
global.ssl_used_async_engines = nb_engines;
return 0;
fail_set_method:
@ -7978,6 +7982,7 @@ static int ssl_parse_global_ssl_async(char **args, int section_type, struct prox
{
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
global_ssl.async = 1;
global.ssl_used_async_engines = nb_engines;
return 0;
#else
memprintf(err, "'%s': openssl library does not support async mode", args[0]);