Skip to content

Commit

Permalink
rework based on tfw_tls_encrypt and skb->cb
Browse files Browse the repository at this point in the history
  • Loading branch information
@kingluo
kingluo committed Jul 10, 2024
1 parent dbcfe81 commit c3d466b
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 11 deletions.
2 changes: 1 addition & 1 deletion fw/http_frame.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,7 @@ __tfw_h2_send_frame(TfwH2Ctx *ctx, TfwFrameHdr *hdr, TfwStr *data,
}

if (is_control_frame) {
skb_set_tfw_flags(it.skb, SS_F_HTTT2_FRAME_CONTROL);
it.skb->cb[SKB_CB_FLAGS_IDX] |= SS_F_HTTT2_FRAME_CONTROL;
++ctx->queued_control_frames;
}

Expand Down
7 changes: 1 addition & 6 deletions fw/http_frame.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,7 @@ extern unsigned int max_queued_control_frames;
#define FRAME_MAX_LENGTH ((1U << 24) - 1)
#define FRAME_DEF_LENGTH (16384)

/**
* MAX_QUEUED_CONTROL_FRAMES is the maximum number of control frames like
* SETTINGS, PING and RST_STREAM that will be queued for writing before
* the connection is closed to prevent memory exhaustion attacks.
*/
#define MAX_QUEUED_CONTROL_FRAMES 10000
#define SKB_CB_FLAGS_IDX 47

enum {
/* This skb contains control frame. */
Expand Down
3 changes: 0 additions & 3 deletions fw/sock_clnt.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -460,9 +460,6 @@ tfw_sk_write_xmit(struct sock *sk, struct sk_buff *skb, unsigned int mss_now,
if (h2_mode) {
h2 = tfw_h2_context(conn);
tbl = &h2->hpack.enc_tbl;
if (flags & SS_F_HTTT2_FRAME_CONTROL) {
--h2->queued_control_frames;
}
}

r = tfw_tls_encrypt(sk, skb, mss_now, limit, nskbs);
Expand Down
11 changes: 10 additions & 1 deletion fw/tls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
*
* Transport Layer Security (TLS) interfaces to Tempesta TLS.
*
* Copyright (C) 2015-2023 Tempesta Technologies, Inc.
* Copyright (C) 2015-2024 Tempesta Technologies, Inc.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -261,6 +261,8 @@ tfw_tls_encrypt(struct sock *sk, struct sk_buff *skb, unsigned int mss_now,
struct scatterlist sg[AUTO_SEGS_N], out_sg[AUTO_SEGS_N];
struct page **pages = NULL, **pages_end, **p;
struct page *auto_pages[AUTO_SEGS_N];
TfwConn *conn = sk->sk_user_data;
TfwH2Ctx *h2;

tls = tfw_tls_context(sk->sk_user_data);
io = &tls->io_out;
Expand Down Expand Up @@ -316,6 +318,13 @@ tfw_tls_encrypt(struct sock *sk, struct sk_buff *skb, unsigned int mss_now,
sgt.nents += skb_shinfo(next)->nr_frags + !!skb_headlen(next);
out_sgt.nents += skb_shinfo(next)->nr_frags + !!skb_headlen(next);
skb_tail = next;

if (TFW_CONN_PROTO(conn) == TFW_FSM_H2) {
h2 = tfw_h2_context(conn);
if (unlikely(skb->cb[SKB_CB_FLAGS_IDX] & SS_F_HTTT2_FRAME_CONTROL)) {
--h2->queued_control_frames;
}
}
}

/*
Expand Down

0 comments on commit c3d466b

Please sign in to comment.