nginx-quic: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 1014:5ffd76a9ccf3

optimize the SSL session cache allocations

author	Igor Sysoev <igor@sysoev.ru>
date	Thu, 11 Jan 2007 17:39:02 +0000
parents	7dd987e09701
children	32ebb6b13ff3

comparison

equal deleted inserted replaced

-:7dd987e09701
+:5ffd76a9ccf3
 return NGX_OK;
 }
 /*
+* The length of the session id is 16 bytes for SSLv2 sessions and
+* between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
+* It seems that the typical length of the external ASN1 representation
+* of a session is 118 or 119 bytes for SSLv3/TSLv1.
+* Thus we allocate separatly an rbtree node, a session id, and an ASN1
+* representation and on 32-bit platforms they take accordingly 64, 32, and
+* 128 bytes.
+*
 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
 * so they are outside the code locked by shared pool mutex
 */
 static int
 ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
 {
 int                       len;
-u_char                   *p, *id;
+u_char                   *p, *id, *cached_sess;
 uint32_t                  hash;
 SSL_CTX                  *ssl_ctx;
 ngx_time_t               *tp;
 ngx_shm_zone_t           *shm_zone;
 ngx_connection_t         *c;
 ngx_slab_pool_t          *shpool;
 ngx_ssl_sess_id_t        *sess_id;
-ngx_ssl_cached_sess_t    *cached_sess;
 ngx_ssl_session_cache_t  *cache;
 u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
 len = i2d_SSL_SESSION(sess, NULL);
 ngx_shmtx_lock(&shpool->mutex);
 /* drop one or two expired sessions */
 ngx_ssl_expire_sessions(cache, shpool, 1);
-cached_sess = ngx_slab_alloc_locked(shpool,
+cached_sess = ngx_slab_alloc_locked(shpool, len);
-offsetof(ngx_ssl_cached_sess_t, asn1) + len);
 if (cached_sess == NULL) {
 /* drop the oldest non-expired session and try once more */
 ngx_ssl_expire_sessions(cache, shpool, 0);
-cached_sess = ngx_slab_alloc_locked(shpool,
+cached_sess = ngx_slab_alloc_locked(shpool, len);
-offsetof(ngx_ssl_cached_sess_t, asn1) + len);
 if (cached_sess == NULL) {
 id = NULL;
 goto failed;
 }
 sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
 if (sess_id == NULL) {
 goto failed;
 }
-ngx_memcpy(&cached_sess->asn1[0], buf, len);
+ngx_memcpy(cached_sess, buf, len);
 ngx_memcpy(id, sess->session_id, sess->session_id_length);
 hash = ngx_crc32_short(sess->session_id, sess->session_id_length);
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "http ssl new session: %08XD:%d:%d",
 hash, sess->session_id_length, len);
+tp = ngx_timeofday();
 sess_id->node.key = hash;
 sess_id->node.data = (u_char) sess->session_id_length;
 sess_id->id = id;
 sess_id->len = len;
 sess_id->session = cached_sess;
-tp = ngx_timeofday();
+sess_id->expire = tp->sec + SSL_CTX_get_timeout(ssl_ctx);
-cached_sess->expire = tp->sec + SSL_CTX_get_timeout(ssl_ctx);
+sess_id->next = cache->session_cache_head.next;
-cached_sess->sess_id = sess_id;
+sess_id->next->prev = sess_id;
+sess_id->prev = &cache->session_cache_head;
-cached_sess->next = cache->session_cache_head.next;
+cache->session_cache_head.next = sess_id;
-cached_sess->next->prev = cached_sess;
-cached_sess->prev = &cache->session_cache_head;
-cache->session_cache_head.next = cached_sess;
 ngx_rbtree_insert(cache->session_rbtree, &sess_id->node);
 ngx_shmtx_unlock(&shpool->mutex);
 ngx_slab_pool_t          *shpool;
 ngx_connection_t         *c;
 ngx_rbtree_node_t        *node, *sentinel;
 ngx_ssl_session_t        *sess;
 ngx_ssl_sess_id_t        *sess_id;
-ngx_ssl_cached_sess_t    *cached_sess;
 ngx_ssl_session_cache_t  *cache;
 u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
 c = ngx_ssl_get_connection(ssl_conn);
 if ((u_char) len == node->data) {
 sess_id = (ngx_ssl_sess_id_t *) node;
 if (ngx_strncmp(id, sess_id->id, len) == 0) {
-cached_sess = sess_id->session;
 tp = ngx_timeofday();
-if (cached_sess->expire > tp->sec) {
+if (sess_id->expire > tp->sec) {
-ngx_memcpy(buf, &cached_sess->asn1[0], sess_id->len);
+ngx_memcpy(buf, sess_id->session, sess_id->len);
 ngx_shmtx_unlock(&shpool->mutex);
 p = buf;
 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
 return sess;
 }
-cached_sess->next->prev = cached_sess->prev;
+sess_id->next->prev = sess_id->prev;
-cached_sess->prev->next = cached_sess->next;
+sess_id->prev->next = sess_id->next;
 ngx_rbtree_delete(cache->session_rbtree, node);
-ngx_slab_free_locked(shpool, cached_sess);
+ngx_slab_free_locked(shpool, sess_id->session);
 ngx_slab_free_locked(shpool, sess_id->id);
 ngx_slab_free_locked(shpool, sess_id);
 sess = NULL;
 uint32_t                  hash;
 ngx_shm_zone_t           *shm_zone;
 ngx_slab_pool_t          *shpool;
 ngx_rbtree_node_t        *node, *sentinel;
 ngx_ssl_sess_id_t        *sess_id;
-ngx_ssl_cached_sess_t    *cached_sess;
 ngx_ssl_session_cache_t  *cache;
 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
 cache = shm_zone->data;
 if ((u_char) len == node->data) {
 		sess_id = (ngx_ssl_sess_id_t *) node;
 		if (ngx_strncmp(id, sess_id->id, (size_t) len) == 0) {
-		    cached_sess = sess_id->session;
+		    sess_id->next->prev = sess_id->prev;
+		    sess_id->prev->next = sess_id->next;
-		    cached_sess->next->prev = cached_sess->prev;
-		    cached_sess->prev->next = cached_sess->next;
 		    ngx_rbtree_delete(cache->session_rbtree, node);
-		    ngx_slab_free_locked(shpool, cached_sess);
+		    ngx_slab_free_locked(shpool, sess_id->session);
 		    ngx_slab_free_locked(shpool, sess_id->id);
 		    ngx_slab_free_locked(shpool, sess_id);
 		    goto done;
 		}
 static void
 ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
 ngx_slab_pool_t *shpool, ngx_uint_t n)
 {
-ngx_time_t                  *tp;
+ngx_time_t         *tp;
-ngx_ssl_sess_id_t      *sess_id;
+ngx_ssl_sess_id_t  *sess_id;
-ngx_ssl_cached_sess_t  *sess;
 tp = ngx_timeofday();
 while (n < 3) {
-sess = cache->session_cache_tail.prev;
+sess_id = cache->session_cache_tail.prev;
-if (sess == &cache->session_cache_head) {
+if (sess_id == &cache->session_cache_head) {
 return;
 }
-if (n++ != 0 && sess->expire > tp->sec) {
+if (n++ != 0 && sess_id->expire > tp->sec) {
 break;
 }
-sess->next->prev = sess->prev;
+sess_id->next->prev = sess_id->prev;
-sess->prev->next = sess->next;
+sess_id->prev->next = sess_id->next;
-sess_id = sess->sess_id;
 ngx_rbtree_delete(cache->session_rbtree, &sess_id->node);
 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
 "expire session: %08Xi", sess_id->node.key);
-ngx_slab_free_locked(shpool, sess);
+ngx_slab_free_locked(shpool, sess_id->session);
 ngx_slab_free_locked(shpool, sess_id->id);
 ngx_slab_free_locked(shpool, sess_id);
 }
 }

Mercurial > hg > nginx-quic

comparison src/event/ngx_event_openssl.c @ 1014:5ffd76a9ccf3