Module: sip-router Branch: andrei/tcp_tls_changes Commit: e40e993ef9039ace73caae09e983abd328ee28fc URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e40e993e...
Author: Andrei Pelinescu-Onciul andrei@iptel.org Committer: Andrei Pelinescu-Onciul andrei@iptel.org Date: Fri May 28 12:35:07 2010 +0200
tls: migrated to the runtime cfg framework
- moved all the module params to runtime config. Most of the variables are read-only (for now) with the following exceptions: config - can be changed at runtime and if followed by a tls.realod, the configuration from the new file will be loaded. log connection_timeout low_mem_threshold1 low_mem_threshold2 - renamed tls_fix_cfg() to tls_fix_domains_cfg() to avoid confusion with the runtime cfg (named tls_cfg).
---
modules/tls/tls_cfg.c | 222 +++++++++++++++++++++++++++++++++++++++++++++ modules/tls/tls_cfg.h | 102 +++++++++++++++++++++ modules/tls/tls_config.c | 1 + modules/tls/tls_domain.c | 32 +++++-- modules/tls/tls_domain.h | 2 +- modules/tls/tls_dump_vf.c | 4 + modules/tls/tls_init.c | 89 ++++++++++-------- modules/tls/tls_init.h | 5 - modules/tls/tls_mod.c | 195 ++++++++++++---------------------------- modules/tls/tls_mod.h | 8 -- modules/tls/tls_rpc.c | 6 +- modules/tls/tls_select.c | 5 +- modules/tls/tls_server.c | 18 +++- 13 files changed, 484 insertions(+), 205 deletions(-)
Diff: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commitdiff;h=e40e...
Am 28.05.2010 13:44, schrieb Andrei Pelinescu-Onciul:
config - can be changed at runtime and if followed by a tls.realod, the configuration from the new file will be loaded.
Andrei, the module README still states:
TLS specific config reloading is not safe, so for now better don't use it, especially under heavy traffic.
Is this still the case?
regards Klaus
On May 28, 2010 at 15:10, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Am 28.05.2010 13:44, schrieb Andrei Pelinescu-Onciul:
config - can be changed at runtime and if followed by a tls.realod, the configuration from the new file will be loaded.
Andrei, the module README still states:
TLS specific config reloading is not safe, so for now better don't use it, especially under heavy traffic.
Is this still the case?
Yes, there is a race condition when loading the config. It's very hard to trigger (since the tls domain configs are kept around for some time in an attempt to avoid this race) and probably if you don't continuously reload the config while having very heavy tls traffic and some swapping you'll never be able to trigger it.
Anyway it should be fixed (transformed into something race-free, similar with the runtime changes in the cfg framework).
Andrei