Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_openssl_compat.h @ 9299:2706b60dc225 default tip
Core: error logging rate limiting.
With this change, error logging to files can be rate-limited with
the "rate=" parameter. The parameter specifies allowed log messages
rate to a particular file (per worker), in messages per second (m/s).
By default, "rate=1000m/s" is used.
Rate limiting is implemented using the "leaky bucket" method, similarly
to the limit_req module.
Maximum burst size is set to the number of log messages per second
for each severity level, so "error" messages are logged even if the
rate limit is hit by "info" messages (but not vice versa). When the
limit is reached for a particular level, the "too many log messages,
limiting" message is logged at this level.
If debug logging is enabled, either for the particular log file or for
the particular connection, rate limiting is not used.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 25 Jun 2024 22:58:56 +0300 |
| parents | daf8f5ba23d8 |
| children |
| rev | line source |
|---|---|
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 */ |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 |
|
9113
bddd3f76e3e5
QUIC: fixed OpenSSL compat layer with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9080
diff
changeset
|
10 #if defined SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION \ |
|
bddd3f76e3e5
QUIC: fixed OpenSSL compat layer with OpenSSL master branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9080
diff
changeset
|
11 || defined LIBRESSL_VERSION_NUMBER |
|
9080
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
12 #undef NGX_QUIC_OPENSSL_COMPAT |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
13 #else |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
14 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
15 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
16 #include <ngx_config.h> |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
17 #include <ngx_core.h> |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
18 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
19 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
20 typedef struct ngx_quic_compat_s ngx_quic_compat_t; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
21 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
22 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
23 enum ssl_encryption_level_t { |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
24 ssl_encryption_initial = 0, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
25 ssl_encryption_early_data, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
26 ssl_encryption_handshake, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
27 ssl_encryption_application |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
28 }; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
29 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
30 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
31 typedef struct ssl_quic_method_st { |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
32 int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
33 const SSL_CIPHER *cipher, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
34 const uint8_t *rsecret, size_t secret_len); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
35 int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
36 const SSL_CIPHER *cipher, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
37 const uint8_t *wsecret, size_t secret_len); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
38 int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
39 const uint8_t *data, size_t len); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
40 int (*flush_flight)(SSL *ssl); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
41 int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
42 uint8_t alert); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
43 } SSL_QUIC_METHOD; |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
44 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
45 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
46 ngx_int_t ngx_quic_compat_init(ngx_conf_t *cf, SSL_CTX *ctx); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
47 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
48 int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
49 int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
50 const uint8_t *data, size_t len); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
51 int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
52 size_t params_len); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
53 void SSL_get_peer_quic_transport_params(const SSL *ssl, |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
54 const uint8_t **out_params, size_t *out_params_len); |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
55 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
56 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
57 #endif /* TLSEXT_TYPE_quic_transport_parameters */ |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
58 |
|
7da4791e0264
QUIC: OpenSSL compatibility layer.
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
59 #endif /* _NGX_EVENT_QUIC_OPENSSL_COMPAT_H_INCLUDED_ */ |