Mercurial > hg > nginx-quic
annotate contrib/geo2nginx.pl @ 5058:f25d0bbc4392 stable-1.2
Merge of r5004, r5019-r5025: ssl fixes.
*) SSL: speedup loading of configs with many ssl servers. The patch
saves one EC_KEY_generate_key() call per server{} block by informing
OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.
For a configuration file with 10k simple server{} blocks with SSL
enabled this change reduces startup time from 18s to 5s on a slow
test box here.
*) SSL: removed conditions that always hold true.
*) SSL: resetting of flush flag after the data was written. There is
no need to flush next chunk of data if it does not contain a buffer
with the flush or last_buf flags set.
*) SSL: preservation of flush flag for buffered data. Previously,
if SSL buffer was not sent we lost information that the data
must be flushed.
*) SSL: calculation of buffer size moved closer to its usage.
No functional changes.
*) SSL: avoid calling SSL_write() with zero data size. According to
documentation, calling SSL_write() with num=0 bytes to be sent
results in undefined behavior.
We don't currently call ngx_ssl_send_chain() with empty chain and
buffer. This check handles the case of a chain with total data size
that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer
at the end.
In practice such cases resulted in premature connection close and
critical error "SSL_write() failed (SSL:)" in the error log.
*) SSL: take into account data in the buffer while limiting output.
In some rare cases this can result in a more smooth sending rate.
*) SSL: fixed ngx_ssl_handshake() with level-triggered event methods.
Missing calls to ngx_handle_write_event() and ngx_handle_read_event()
resulted in a CPU hog during SSL handshake if an level-triggered event
method (e.g. select) was used.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 11 Feb 2013 15:12:06 +0000 |
parents | c9ad0d9c7d59 |
children |
rev | line source |
---|---|
537 | 1 #!/usr/bin/perl -w |
2 | |
3 # (c) Andrei Nigmatulin, 2005 | |
4 # | |
5 # this script provided "as is", without any warranties. use it at your own risk. | |
6 # | |
7 # special thanx to Andrew Sitnikov for perl port | |
8 # | |
9 # this script converts CSV geoip database (free download at http://www.maxmind.com/app/geoip_country) | |
10 # to format, suitable for use with nginx_http_geo module (http://sysoev.ru/nginx) | |
11 # | |
12 # for example, line with ip range | |
13 # | |
14 # "62.16.68.0","62.16.127.255","1041253376","1041268735","RU","Russian Federation" | |
15 # | |
16 # will be converted to four subnetworks: | |
17 # | |
18 # 62.16.68.0/22 RU; | |
19 # 62.16.72.0/21 RU; | |
20 # 62.16.80.0/20 RU; | |
21 # 62.16.96.0/19 RU; | |
22 | |
23 | |
24 use warnings; | |
25 use strict; | |
26 | |
27 while( <STDIN> ){ | |
28 if (/"[^"]+","[^"]+","([^"]+)","([^"]+)","([^"]+)"/){ | |
29 print_subnets($1, $2, $3); | |
30 } | |
31 } | |
32 | |
33 sub print_subnets { | |
34 my ($a1, $a2, $c) = @_; | |
35 my $l; | |
36 while ($a1 <= $a2) { | |
37 for ($l = 0; ($a1 & (1 << $l)) == 0 && ($a1 + ((1 << ($l + 1)) - 1)) <= $a2; $l++){}; | |
38 print long2ip($a1) . "/" . (32 - $l) . " " . $c . ";\n"; | |
39 $a1 += (1 << $l); | |
40 } | |
41 } | |
42 | |
43 sub long2ip { | |
44 my $ip = shift; | |
45 | |
46 my $str = 0; | |
47 | |
48 $str = ($ip & 255); | |
49 | |
50 $ip >>= 8; | |
51 $str = ($ip & 255).".$str"; | |
52 | |
53 $ip >>= 8; | |
54 $str = ($ip & 255).".$str"; | |
55 | |
56 $ip >>= 8; | |
57 $str = ($ip & 255).".$str"; | |
58 } |