Welcome! Log In Create A New Profile

Advanced

Re: [PATCH 02 of 11] SSL: reduced logging of session cache failures (ticket #621)

Sergey Kandaurov
September 15, 2022 01:38AM
> On 26 Aug 2022, at 07:01, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1661481947 -10800
> # Fri Aug 26 05:45:47 2022 +0300
> # Node ID 5b137f110e84af974ef2b9efcf35bec2d883c187
> # Parent 2cd8fbeb4edc5a99b725585edc02a16a8a0c503e
> SSL: reduced logging of session cache failures (ticket #621).
>
> Session cache allocations might fail as long as the new session is different
> in size from the one least recently used (and freed when the first allocation
> fails). In particular, it might not be possible to allocate space for
> sessions with client certificates, since they are noticeably bigger than
> normal sessions.
>
> To ensure such allocation failures won't clutter logs, logging level changed
> to "warn", and logging is now limited to at most one warning per second.
>
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -3949,8 +3949,11 @@ failed:
>
> ngx_shmtx_unlock(&shpool->mutex);
>
> - ngx_log_error(NGX_LOG_ALERT, c->log, 0,
> - "could not allocate new session%s", shpool->log_ctx);
> + if (cache->fail_time != ngx_time()) {
> + cache->fail_time = ngx_time();
> + ngx_log_error(NGX_LOG_WARN, c->log, 0,
> + "could not allocate new session%s", shpool->log_ctx);
> + }
>

This makes three ngx_time() calls in this function in total.
A good reason to cache value in a local variable.

> return 0;
> }
> diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
> --- a/src/event/ngx_event_openssl.h
> +++ b/src/event/ngx_event_openssl.h
> @@ -150,6 +150,7 @@ typedef struct {
> ngx_rbtree_t session_rbtree;
> ngx_rbtree_node_t sentinel;
> ngx_queue_t expire_queue;
> + time_t fail_time;
> } ngx_ssl_session_cache_t;
>

Missed initialization to something sensible (zero?).

--
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH 02 of 11] SSL: reduced logging of session cache failures (ticket #621)

Maxim Dounin 338 August 25, 2022 11:14PM

Re: [PATCH 02 of 11] SSL: reduced logging of session cache failures (ticket #621)

Sergey Kandaurov 50 September 15, 2022 01:38AM

Re: [PATCH 02 of 11] SSL: reduced logging of session cache failures (ticket #621)

Maxim Dounin 50 September 16, 2022 05:04PM

Re: [PATCH 02 of 11] SSL: reduced logging of session cache failures (ticket #621)

Sergey Kandaurov 57 September 26, 2022 06:14AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 97
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready