MEDIUM: dumpstats: make stats_tlskeys_list() yield-aware during tls-keys dump
The previous dump algorithm was not trying to yield when the buffer is
full, it's not a problem with the TLS_TICKETS_NO which is 3 by default
but it can become one if the buffer size is lowered and if the
TLS_TICKETS_NO is increased.
The index of the latest ticket dumped is now stored to ensure we can
resume the dump after a yield.
diff --git a/include/types/applet.h b/include/types/applet.h
index 0543f94..10f49f1 100644
--- a/include/types/applet.h
+++ b/include/types/applet.h
@@ -107,6 +107,7 @@
#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
struct {
int dump_all;
+ int dump_keys_index;
struct tls_keys_ref *ref;
} tlskeys;
#endif
diff --git a/src/dumpstats.c b/src/dumpstats.c
index b9f85da..d0c11f2 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -6153,6 +6153,7 @@
return 0;
}
+ appctx->ctx.tlskeys.dump_keys_index = 0;
/* Now, we start the browsing of the references lists.
* Note that the following call to LIST_ELEM return bad pointer. The only
@@ -6169,27 +6170,34 @@
case STAT_ST_LIST:
while (appctx->ctx.tlskeys.ref) {
- int i;
int head = appctx->ctx.tlskeys.ref->tls_ticket_enc_index;
chunk_reset(&trash);
- if (appctx->st0 == STAT_CLI_O_TLSK_ENT)
+ if (appctx->st0 == STAT_CLI_O_TLSK_ENT && appctx->ctx.tlskeys.dump_keys_index == 0)
chunk_appendf(&trash, "# ");
- chunk_appendf(&trash, "%d (%s)\n", appctx->ctx.tlskeys.ref->unique_id,
- appctx->ctx.tlskeys.ref->filename);
+ if (appctx->ctx.tlskeys.dump_keys_index == 0)
+ chunk_appendf(&trash, "%d (%s)\n", appctx->ctx.tlskeys.ref->unique_id,
+ appctx->ctx.tlskeys.ref->filename);
if (appctx->st0 == STAT_CLI_O_TLSK_ENT) {
- for (i = 0; i < TLS_TICKETS_NO; i++) {
+ while (appctx->ctx.tlskeys.dump_keys_index < TLS_TICKETS_NO) {
struct chunk *t2 = get_trash_chunk();
- int b64_len;
chunk_reset(t2);
- b64_len = a2base64((char *)(appctx->ctx.tlskeys.ref->tlskeys + (head + 2 + i) % TLS_TICKETS_NO),
+ /* should never fail here because we dump only a key in the t2 buffer */
+ t2->len = a2base64((char *)(appctx->ctx.tlskeys.ref->tlskeys + (head + 2 + appctx->ctx.tlskeys.dump_keys_index) % TLS_TICKETS_NO),
sizeof(struct tls_sess_key), t2->str, t2->size);
- if (b64_len < 0)
+ chunk_appendf(&trash, "%d.%d %s\n", appctx->ctx.tlskeys.ref->unique_id, appctx->ctx.tlskeys.dump_keys_index, t2->str);
+
+ if (bi_putchk(si_ic(si), &trash) == -1) {
+ /* let's try again later from this stream. We add ourselves into
+ * this stream's users so that it can remove us upon termination.
+ */
+ si_applet_cant_put(si);
return 0;
- t2->len = b64_len;
- chunk_appendf(&trash, "%d.%d %s\n", appctx->ctx.tlskeys.ref->unique_id, i, t2->str);
+ }
+ appctx->ctx.tlskeys.dump_keys_index++;
}
+ appctx->ctx.tlskeys.dump_keys_index = 0;
}
if (bi_putchk(si_ic(si), &trash) == -1) {
/* let's try again later from this stream. We add ourselves into