REORG: ssl-sock: move the sslconns/totalsslconns counters to global
These two counters were the only ones not in the global struct, while
the SSL freq counters or the req counts are already in it, this forces
stats.c to include ssl_sock just to know about them. Let's move them
over there with their friends. This reduces from 408 to 384 the number
of includes of opensslconf.h.
diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h
index d7c9481..554d1d9 100644
--- a/include/haproxy/global-t.h
+++ b/include/haproxy/global-t.h
@@ -179,6 +179,7 @@
struct freq_ctr comp_bps_in; /* bytes per second, before http compression */
struct freq_ctr comp_bps_out; /* bytes per second, after http compression */
struct freq_ctr out_32bps; /* #of 32-byte blocks emitted per second */
+ uint sslconns, totalsslconns; /* active, total # of SSL conns */
unsigned long long out_bytes; /* total #of bytes emitted */
unsigned long long spliced_out_bytes; /* total #of bytes emitted though a kernel pipe */
int cps_lim, cps_max;
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 2fdf8e2..3d0eee9 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -32,8 +32,6 @@
#include <haproxy/thread.h>
extern struct list tlskeys_reference;
-extern int sslconns;
-extern int totalsslconns;
extern struct eb_root ckchs_tree;
extern struct eb_root crtlists_tree;
extern struct eb_root cafile_tree;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ae28bca..8b81ef8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -92,8 +92,6 @@
* to conditionally define it in openssl-compat.h than using lots of ifdefs.
*/
-int sslconns = 0;
-int totalsslconns = 0;
int nb_engines = 0;
static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
@@ -708,7 +706,7 @@
/* Now we can safely call SSL_free, no more pending job in engines */
SSL_free(ssl);
- _HA_ATOMIC_DEC(&sslconns);
+ _HA_ATOMIC_DEC(&global.sslconns);
_HA_ATOMIC_DEC(&jobs);
}
/*
@@ -5438,7 +5436,7 @@
goto err;
}
- if (global.maxsslconn && sslconns >= global.maxsslconn) {
+ if (global.maxsslconn && global.sslconns >= global.maxsslconn) {
conn->err_code = CO_ER_SSL_TOO_MANY;
goto err;
}
@@ -5467,8 +5465,8 @@
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
- _HA_ATOMIC_INC(&sslconns);
- _HA_ATOMIC_INC(&totalsslconns);
+ _HA_ATOMIC_INC(&global.sslconns);
+ _HA_ATOMIC_INC(&global.totalsslconns);
*xprt_ctx = ctx;
return 0;
}
@@ -5500,8 +5498,8 @@
conn->flags |= CO_FL_EARLY_SSL_HS;
#endif
- _HA_ATOMIC_INC(&sslconns);
- _HA_ATOMIC_INC(&totalsslconns);
+ _HA_ATOMIC_INC(&global.sslconns);
+ _HA_ATOMIC_INC(&global.totalsslconns);
*xprt_ctx = ctx;
return 0;
}
@@ -6440,7 +6438,7 @@
b_free(&ctx->early_buf);
tasklet_free(ctx->wait_event.tasklet);
pool_free(ssl_sock_ctx_pool, ctx);
- _HA_ATOMIC_DEC(&sslconns);
+ _HA_ATOMIC_DEC(&global.sslconns);
}
}
diff --git a/src/stats.c b/src/stats.c
index 2b5c0e5..4c8ea0c 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -55,7 +55,6 @@
#include <haproxy/resolvers.h>
#include <haproxy/server.h>
#include <haproxy/session.h>
-#include <haproxy/ssl_sock.h>
#include <haproxy/stats.h>
#include <haproxy/stream.h>
#include <haproxy/stream_interface.h>
@@ -4447,8 +4446,8 @@
info[INF_CUM_REQ] = mkf_u32(FN_COUNTER, global.req_count);
#ifdef USE_OPENSSL
info[INF_MAX_SSL_CONNS] = mkf_u32(FN_MAX, global.maxsslconn);
- info[INF_CURR_SSL_CONNS] = mkf_u32(0, sslconns);
- info[INF_CUM_SSL_CONNS] = mkf_u32(FN_COUNTER, totalsslconns);
+ info[INF_CURR_SSL_CONNS] = mkf_u32(0, global.sslconns);
+ info[INF_CUM_SSL_CONNS] = mkf_u32(FN_COUNTER, global.totalsslconns);
#endif
info[INF_MAXPIPES] = mkf_u32(FO_CONFIG|FN_LIMIT, global.maxpipes);
info[INF_PIPES_USED] = mkf_u32(0, pipes_used);