nghttpx: Add options to set maximum retry and failure when getting ticket keys

a6fdca73 · Tatsuhiro Tsujikawa · 4949dd48 · a6fdca73 · a6fdca73 · a6fdca73
Commit a6fdca73 authored Jul 28, 2015 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 61 additions and 0 deletions

gennghttpxfun.py gennghttpxfun.py +2 -0

src/shrpx.cc src/shrpx.cc +28 -0

src/shrpx_config.cc src/shrpx_config.cc +27 -0

src/shrpx_config.h src/shrpx_config.h +4 -0

No files found.
--- a/gennghttpxfun.py
+++ b/gennghttpxfun.py
@@ -96,6 +96,8 @@ OPTIONS = [
    "tls-session-cache-memcached",
    "tls-ticket-key-memcached",
    "tls-ticket-key-memcached-interval",
+    "tls-ticket-key-memcached-max-retry",
+    "tls-ticket-key-memcached-max-fail",
    "conf",
 ]


--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1510,6 +1510,20 @@ SSL/TLS:
              Default: )"
      << util::duration_str(get_config()->tls_ticket_key_memcached_interval)
      << R"(
+  --tls-ticket-key-memcached-max-retry=<N>
+              Set  maximum   number  of  consecutive   retries  before
+              abandoning TLS ticket key  retrieval.  If this number is
+              reached,  the  attempt  is considered  as  failure,  and
+              "failure" count  is incremented by 1,  which contributed
+              to            the            value            controlled
+              --tls-ticket-key-memcached-max-fail option.
+              Default: )" << get_config()->tls_ticket_key_memcached_max_retry
+      << R"(
+  --tls-ticket-key-memcached-max-fail=<N>
+              Set  maximum   number  of  consecutive   failure  before
+              disabling TLS ticket until next scheduled key retrieval.
+              Default: )" << get_config()->tls_ticket_key_memcached_max_fail
+      << R"(

 HTTP/2 and SPDY:
  -c, --http2-max-concurrent-streams=<N>
@@ -1877,6 +1891,10 @@ int main(int argc, char **argv) {
        {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, required_argument, &flag, 87},
        {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, required_argument, &flag,
         88},
+        {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY, required_argument, &flag,
+         89},
+        {SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL, required_argument, &flag,
+         90},
        {nullptr, 0, nullptr, 0}};

    int option_index = 0;
@@ -2264,6 +2282,16 @@ int main(int argc, char **argv) {
        cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
                             optarg);
        break;
+      case 89:
+        // --tls-ticket-key-memcached-max-retry
+        cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
+                             optarg);
+        break;
+      case 90:
+        // --tls-ticket-key-memcached-max-fail
+        cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
+                             optarg);
+        break;
      default:
        break;
      }

--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -708,6 +708,8 @@ enum {
  SHRPX_OPTID_TLS_TICKET_KEY_FILE,
  SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED,
  SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
+  SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
+  SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
  SHRPX_OPTID_USER,
  SHRPX_OPTID_VERIFY_CLIENT,
  SHRPX_OPTID_VERIFY_CLIENT_CACERT,
@@ -1228,6 +1230,9 @@ int option_lookup_token(const char *name, size_t namelen) {
      if (util::strieq_l("tls-ticket-key-memcached-interva", name, 32)) {
        return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL;
      }
+      if (util::strieq_l("tls-ticket-key-memcached-max-fai", name, 32)) {
+        return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL;
+      }
      break;
    }
    break;
@@ -1243,6 +1248,11 @@ int option_lookup_token(const char *name, size_t namelen) {
        return SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST;
      }
      break;
+    case 'y':
+      if (util::strieq_l("tls-ticket-key-memcached-max-retr", name, 33)) {
+        return SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY;
+      }
+      break;
    }
    break;
  case 35:
@@ -1911,6 +1921,23 @@ int parse_config(const char *opt, const char *optarg,
  case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL:
    return parse_duration(&mod_config()->tls_ticket_key_memcached_interval, opt,
                          optarg);
+  case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY: {
+    int n;
+    if (parse_uint(&n, opt, optarg) != 0) {
+      return -1;
+    }
+
+    if (n > 30) {
+      LOG(ERROR) << opt << ": must be smaller than or equal to 30";
+      return -1;
+    }
+
+    mod_config()->tls_ticket_key_memcached_max_retry = n;
+    return 0;
+  }
+  case SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL:
+    return parse_uint(&mod_config()->tls_ticket_key_memcached_max_fail, opt,
+                      optarg);
  case SHRPX_OPTID_CONF:
    LOG(WARN) << "conf: ignored";


--- a/src/shrpx_config.h
+++ b/src/shrpx_config.h
@@ -179,6 +179,10 @@ constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED[] =
    "tls-ticket-key-memcached";
 constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL[] =
    "tls-ticket-key-memcached-interval";
+constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY[] =
+    "tls-ticket-key-memcached-max-retry";
+constexpr char SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL[] =
+    "tls-ticket-key-memcached-max-fail";

 union sockaddr_union {
  sockaddr_storage storage;