[ https://issues.apache.org/jira/browse/TS-4882?focusedWorklogId=29572&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-29572 ]
ASF GitHub Bot logged work on TS-4882: -------------------------------------- Author: ASF GitHub Bot Created on: 23/Sep/16 02:28 Start Date: 23/Sep/16 02:28 Worklog Time Spent: 10m Work Description: Github user SolidWallOfCode commented on a diff in the pull request: https://github.com/apache/trafficserver/pull/1036#discussion_r80172719 --- Diff: iocore/net/BIO_fastopen.cc --- @@ -0,0 +1,168 @@ +/** @file + * + * OpenSSL socket BIO that does TCP Fast Open. + * + * @section license License + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "P_Net.h" +#include "I_SocketManager.h" +#include "ts/ink_assert.h" + +#include "BIO_fastopen.h" + +static int +fastopen_create(BIO *bio) +{ + bio->init = 0; + bio->num = NO_FD; + bio->flags = 0; + bio->ptr = NULL; + + return 1; +} + +static int +fastopen_destroy(BIO *bio) +{ + if (bio) { + // We expect this BIO to not own the socket, so we must always + // be in NOCLOSE mode. + ink_assert(bio->shutdown == BIO_NOCLOSE); + fastopen_create(bio); + } + + return 1; +} + +static int +fastopen_bwrite(BIO *bio, const char *in, int insz) +{ + int64_t err; + + errno = 0; + BIO_clear_retry_flags(bio); + ink_assert(bio->num != NO_FD); + + if (bio->ptr) { + // On the first write only, make a TFO request if TFO is enabled. + // The best documentation on the behavior of the Linux API is in + // RFC 7413. If we get EINPROGRESS it means that the SYN has been + // sent without data and we should retry. + const sockaddr *dst = reinterpret_cast<const sockaddr *>(bio->ptr); + ProxyMutex *mutex = this_ethread()->mutex.get(); + + NET_INCREMENT_DYN_STAT(net_fastopen_attempts_stat); + + err = socketManager.sendto(bio->num, (void *)in, insz, MSG_FASTOPEN, dst, ats_ip_size(dst)); + if (err < 0) { + NET_INCREMENT_DYN_STAT(net_fastopen_failures_stat); + } + + bio->ptr = NULL; + } else { + err = socketManager.write(bio->num, (void *)in, insz); + } + + if (err < 0) { + errno = -err; + if (BIO_sock_non_fatal_error(errno)) { + BIO_set_retry_write(bio); + } + } + + return err < 0 ? -1 : err; +} + +static int +fastopen_bread(BIO *bio, char *out, int outsz) +{ + int64_t err; + + errno = 0; + BIO_clear_retry_flags(bio); + ink_assert(bio->num != NO_FD); + + // TODO: If we haven't done the fastopen, ink_abort(). + + err = socketManager.read(bio->num, out, outsz); + if (err < 0) { + errno = -err; + if (BIO_sock_non_fatal_error(errno)) { + BIO_set_retry_write(bio); + } + } + + return err < 0 ? -1 : err; +} + +static long +fastopen_ctrl(BIO *bio, int cmd, long larg, void *ptr) +{ + switch (cmd) { + case BIO_C_SET_FD: + ink_assert(larg == BIO_CLOSE || larg == BIO_NOCLOSE); + ink_assert(bio->num = NO_FD); + + bio->init = 1; + bio->shutdown = larg; + bio->num = *reinterpret_cast<int *>(ptr); + return 0; + + case BIO_C_SET_CONNECT: + // We only support BIO_set_conn_address(), which sets a sockaddr. + ink_assert(larg == 2); + bio->ptr = ptr; + return 0; + + // We are unbuffered so unconditionally succeed on BIO_flush(). + case BIO_CTRL_FLUSH: + return 1; + + case BIO_CTRL_PUSH: + case BIO_CTRL_POP: + return 0; + + default: +#if DEBUG --- End diff -- Use `ink_assert`? But I suppose that doesn't have `printf` like support. Maybe look at using a debug action instead of checking the compile time `DEBUG` flag. Issue Time Tracking ------------------- Worklog Id: (was: 29572) Time Spent: 3h (was: 2h 50m) > TCP Fast Open support for SSL server sessions. > ---------------------------------------------- > > Key: TS-4882 > URL: https://issues.apache.org/jira/browse/TS-4882 > Project: Traffic Server > Issue Type: Improvement > Components: Core, SSL > Reporter: James Peach > Assignee: James Peach > Fix For: 7.1.0 > > Time Spent: 3h > Remaining Estimate: 0h > > Add support for using TCP Fast Open on TLS server sessions. This is mainly > interesting for CONNECT tunnels where we can't use long running persistent > sessions. -- This message was sent by Atlassian JIRA (v6.3.4#6332)