From: Vsevolod Stakhov Date: Wed, 8 Dec 2021 10:49:29 +0000 (+0000) Subject: [Rework] Include SSL flag into keepalive hash X-Git-Tag: 3.2~184 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=707357d35e12ee833f358418f380b685100e70b9;p=rspamd.git [Rework] Include SSL flag into keepalive hash --- diff --git a/src/libserver/http/http_connection.c b/src/libserver/http/http_connection.c index 0a5dee754..478e00984 100644 --- a/src/libserver/http/http_connection.c +++ b/src/libserver/http/http_connection.c @@ -1255,7 +1255,7 @@ rspamd_http_connection_new_keepalive (struct rspamd_http_context *ctx, ctx = rspamd_http_context_default (); } - conn = rspamd_http_context_check_keepalive (ctx, addr, host); + conn = rspamd_http_context_check_keepalive(ctx, addr, host, false); if (conn) { return conn; @@ -1267,7 +1267,7 @@ rspamd_http_connection_new_keepalive (struct rspamd_http_context *ctx, addr); if (conn) { - rspamd_http_context_prepare_keepalive (ctx, conn, addr, host); + rspamd_http_context_prepare_keepalive(ctx, conn, addr, host, ); } return conn; diff --git a/src/libserver/http/http_connection.h b/src/libserver/http/http_connection.h index 896f83c20..cc7c8a8f1 100644 --- a/src/libserver/http/http_connection.h +++ b/src/libserver/http/http_connection.h @@ -68,7 +68,7 @@ struct rspamd_storage_shmem { */ #define RSPAMD_HTTP_FLAG_SHMEM_IMMUTABLE (1 << 3) /** - * Use tls for this message + * Use tls for this message (how the fuck SSL flag could be used PER MESSAGE???) */ #define RSPAMD_HTTP_FLAG_SSL (1 << 4) /** diff --git a/src/libserver/http/http_context.c b/src/libserver/http/http_context.c index 75bfbf2cf..b56f1c4c0 100644 --- a/src/libserver/http/http_context.c +++ b/src/libserver/http/http_context.c @@ -365,21 +365,29 @@ rspamd_http_context_default (void) gint32 rspamd_keep_alive_key_hash (struct rspamd_keepalive_hash_key *k) { - gint32 h; + guint32 h; h = rspamd_inet_address_port_hash (k->addr); if (k->host) { - h = rspamd_cryptobox_fast_hash (k->host, strlen (k->host), h); + h ^= rspamd_cryptobox_fast_hash (k->host, strlen (k->host), h); } - return h; + if (k->is_ssl) { + h = ~h; + } + + return (gint32)h; } bool rspamd_keep_alive_key_equal (struct rspamd_keepalive_hash_key *k1, struct rspamd_keepalive_hash_key *k2) { + if (k1->is_ssl != k2->is_ssl) { + return false; + } + if (k1->host && k2->host) { if (rspamd_inet_address_port_equal (k1->addr, k2->addr)) { return strcmp (k1->host, k2->host) == 0; @@ -393,16 +401,18 @@ rspamd_keep_alive_key_equal (struct rspamd_keepalive_hash_key *k1, return false; } -struct rspamd_http_connection* -rspamd_http_context_check_keepalive (struct rspamd_http_context *ctx, - const rspamd_inet_addr_t *addr, - const gchar *host) +struct rspamd_http_connection * +rspamd_http_context_check_keepalive(struct rspamd_http_context *ctx, + const rspamd_inet_addr_t *addr, + const gchar *host, + bool is_ssl) { struct rspamd_keepalive_hash_key hk, *phk; khiter_t k; hk.addr = (rspamd_inet_addr_t *)addr; hk.host = (gchar *)host; + hk.is_ssl = is_ssl; k = kh_get (rspamd_keep_alive_hash, ctx->keep_alive_hash, &hk); @@ -430,20 +440,23 @@ rspamd_http_context_check_keepalive (struct rspamd_http_context *ctx, if (err != 0) { rspamd_http_connection_unref (conn); - msg_debug_http_context ("invalid reused keepalive element %s (%s); " + msg_debug_http_context ("invalid reused keepalive element %s (%s, ssl=%b); " "%s error; " "%d connections queued", rspamd_inet_address_to_string_pretty (phk->addr), phk->host, + phk->is_ssl, g_strerror (err), conns->length); return NULL; } - msg_debug_http_context ("reused keepalive element %s (%s), %d connections queued", + msg_debug_http_context ("reused keepalive element %s (%s, ssl=%b), %d connections queued", rspamd_inet_address_to_string_pretty (phk->addr), - phk->host, conns->length); + phk->host, + phk->is_ssl, + conns->length); /* We transfer refcount here! */ return conn; @@ -459,16 +472,18 @@ rspamd_http_context_check_keepalive (struct rspamd_http_context *ctx, } void -rspamd_http_context_prepare_keepalive (struct rspamd_http_context *ctx, - struct rspamd_http_connection *conn, - const rspamd_inet_addr_t *addr, - const gchar *host) +rspamd_http_context_prepare_keepalive(struct rspamd_http_context *ctx, + struct rspamd_http_connection *conn, + const rspamd_inet_addr_t *addr, + const gchar *host, + bool is_ssl) { struct rspamd_keepalive_hash_key hk, *phk; khiter_t k; hk.addr = (rspamd_inet_addr_t *)addr; hk.host = (gchar *)host; + hk.is_ssl = is_ssl; k = kh_get (rspamd_keep_alive_hash, ctx->keep_alive_hash, &hk); @@ -487,6 +502,7 @@ rspamd_http_context_prepare_keepalive (struct rspamd_http_context *ctx, phk = g_malloc (sizeof (*phk)); phk->conns = empty_init; phk->host = g_strdup (host); + phk->is_ssl = is_ssl; phk->addr = rspamd_inet_address_copy (addr); kh_put (rspamd_keep_alive_hash, ctx->keep_alive_hash, phk, &r); diff --git a/src/libserver/http/http_context.h b/src/libserver/http/http_context.h index 82ee400b0..f42164dba 100644 --- a/src/libserver/http/http_context.h +++ b/src/libserver/http/http_context.h @@ -74,9 +74,9 @@ struct rspamd_http_context *rspamd_http_context_default (void); * @param host * @return */ -struct rspamd_http_connection *rspamd_http_context_check_keepalive ( - struct rspamd_http_context *ctx, const rspamd_inet_addr_t *addr, - const gchar *host); +struct rspamd_http_connection * +rspamd_http_context_check_keepalive(struct rspamd_http_context *ctx, const rspamd_inet_addr_t *addr, const gchar *host, + bool is_ssl); /** * Prepares keepalive key for a connection by creating a new entry or by reusing existent @@ -86,10 +86,8 @@ struct rspamd_http_connection *rspamd_http_context_check_keepalive ( * @param addr * @param host */ -void rspamd_http_context_prepare_keepalive (struct rspamd_http_context *ctx, - struct rspamd_http_connection *conn, - const rspamd_inet_addr_t *addr, - const gchar *host); +void rspamd_http_context_prepare_keepalive(struct rspamd_http_context *ctx, struct rspamd_http_connection *conn, + const rspamd_inet_addr_t *addr, const gchar *host, bool is_ssl); /** * Pushes a connection to keepalive pool after client request is finished, diff --git a/src/libserver/http/http_private.h b/src/libserver/http/http_private.h index f2270277b..6306d197b 100644 --- a/src/libserver/http/http_private.h +++ b/src/libserver/http/http_private.h @@ -86,6 +86,7 @@ struct rspamd_http_message { struct rspamd_keepalive_hash_key { rspamd_inet_addr_t *addr; gchar *host; + bool is_ssl; GQueue conns; };