git:andrei/tcp_tls_changes: tls: config options for the internal queues - sr-dev

4 Jun 2010

Module: sip-router
Branch: andrei/tcp_tls_changes
Commit: 86cfe85e9ef7cb473c9672bf0e38875852106c52
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=86cfe85e...
Author: Andrei Pelinescu-Onciul andrei@iptel.org
Committer: Andrei Pelinescu-Onciul andrei@iptel.org
Date:   Fri Jun  4 18:38:50 2010 +0200
tls: config options for the internal queues
Added runtime config options for the internal queues used when
data has to be queued due to renegotiations or on-going
initialization of the connections:
ct_wq_max - maximum bytes queued globally for write when write has
           to wait due to TLS-level renegotiation.
con_ct_wq_max - maximum bytes queued for write per connection.
ct_wq_blk_size - internal TLS pre-write (clear-text) queue
                 minimum block size (advanced tunning or
                 debugging).
---
modules/tls/tls_cfg.c    |   20 ++++++++++++++++++--
 modules/tls/tls_cfg.h    |    3 +++
 modules/tls/tls_ct_wrq.c |   14 +++++++-------
 3 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/modules/tls/tls_cfg.c b/modules/tls/tls_cfg.c
index e3d7b00..b255626 100644
--- a/modules/tls/tls_cfg.c
+++ b/modules/tls/tls_cfg.c
@@ -57,8 +57,11 @@ struct cfg_group_tls default_tls_cfg = {
    -1, /* ssl_freelist_max  (use the default: 32) */
    -1, /* ssl_max_send_fragment (use the default: 16k)*/
    1, /* ssl_read_ahead (set, use -1 for the openssl default value)*/
-	-1, /* low_mem_treshold1 */
-	-1, /* low_mem_treshold2 */
+	-1, /* low_mem_threshold1 */
+	-1, /* low_mem_threshold2 */
+	10*1024*1024, /* ct_wq_max: 10 Mb by default */
+	64*1024, /* con_ct_wq_max: 64Kb by default */
+	4096 /* ct_wq_blk_size */
 };
void* tls_cfg = &default_tls_cfg;
@@ -175,6 +178,19 @@ cfg_def_t	tls_cfg_def[] = {
    {"low_mem_threshold2", CFG_VAR_INT | CFG_ATOMIC, -1, 1<<30, 0, 0,
    	"sets the minimum amount of free memory after which no more TLS"
    	" operations will be attempted (even on existing connections)" },
+	{"ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 1<<30, 0, 0,
+		"maximum bytes queued globally for write when write has to wait due"
+		" to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
+		" connection establishment (it is different from tcp.wq_max,"
+		" which works at the TCP connection level)"},
+	{"con_ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 4*1024*1024, 0, 0,
+		"maximum bytes queued for write per connection when write has to wait"
+		" due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
+		" connection establishment (it is different from tcp.conn_wq_max,"
+		" which works at the TCP connection level)"},
+	{"ct_wq_blk_size", CFG_VAR_INT | CFG_ATOMIC, 1, 65536, 0, 0,
+		"internal TLS pre-write (clear-text) queue minimum block size"
+		" (advanced tunning or debugging for now)"},
    {0, 0, 0, 0, 0, 0}
 };
diff --git a/modules/tls/tls_cfg.h b/modules/tls/tls_cfg.h
index 5dfcec2..41e149c 100644
--- a/modules/tls/tls_cfg.h
+++ b/modules/tls/tls_cfg.h
@@ -87,6 +87,9 @@ struct cfg_group_tls {
    int ssl_read_ahead;
    int low_mem_threshold1;
    int low_mem_threshold2;
+	int ct_wq_max; /* maximum overall tls write clear text queued bytes */
+	int con_ct_wq_max; /* maximum clear text write queued bytes per con */
+	int ct_wq_blk_size; /* minimum block size for the clear text write queue */
 };
diff --git a/modules/tls/tls_ct_wrq.c b/modules/tls/tls_ct_wrq.c
index e939f51..b3a6e3d 100644
--- a/modules/tls/tls_ct_wrq.c
+++ b/modules/tls/tls_ct_wrq.c
@@ -29,13 +29,10 @@
 */
#include "tls_ct_wrq.h"
+#include "tls_cfg.h"
 #include "../../atomic_ops.h"
 #include "../../mem/shm_mem.h"
-/* FIXME: change to runtime configurable variables */
-#define TLS_CT_WQ_MAX_CON_SZ  4*1024*1024 /* 4 MB  max. overall */
-#define TLS_CT_WQ_MAX			262144  /* 256 k max. per connection */
-#define TLS_CT_WQ_BLK_SZ		  4096  /* 4k max. block size */
atomic_t* tls_total_ct_wq; /* total clear text bytes queued for a future
    						  SSL_write() (due to renegotiations/
@@ -135,10 +132,13 @@ int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int size)
 {
    int ret;
    
-	if (unlikely( (*ct_q && (((*ct_q)->queued + size) > TLS_CT_WQ_MAX_CON_SZ))
-					|| (atomic_get(tls_total_ct_wq) + size) > TLS_CT_WQ_MAX))
+	if (unlikely( (*ct_q && (((*ct_q)->queued + size) >
+						cfg_get(tls, tls_cfg, con_ct_wq_max))) ||
+				(atomic_get(tls_total_ct_wq) + size) > 
+						cfg_get(tls, tls_cfg, ct_wq_max)))
    	return -2;
-	ret = tls_ct_q_add(ct_q, data, size, TLS_CT_WQ_BLK_SZ);
+	ret = tls_ct_q_add(ct_q, data, size,
+						cfg_get(tls, tls_cfg, ct_wq_blk_size));
    if (likely(ret > 0))
    	atomic_add(tls_total_ct_wq, ret);
    return ret;

    