SSL session cache lifetime vs session ticket lifetime
Maxim Dounin
mdounin at mdounin.ru
Fri Mar 28 11:45:46 UTC 2014
Hello!
On Fri, Mar 28, 2014 at 01:33:28PM +0400, kyprizel wrote:
> Will this patch be applied to mainline?
Most likely it will, but testing and review are appreciated, as
usual.
>
>
>
> On Thu, Mar 27, 2014 at 8:23 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> > Hello!
> >
> > On Wed, Mar 26, 2014 at 01:34:19PM +0400, kyprizel wrote:
> >
> > > will be "log_alloc_failures" better?
> >
> > I think something like "log_nomem" will be good enough.
> > Patch:
> >
> > # HG changeset patch
> > # User Maxim Dounin <mdounin at mdounin.ru>
> > # Date 1395937285 -14400
> > # Thu Mar 27 20:21:25 2014 +0400
> > # Node ID 2cc8b9fc7efbf6a98ce29f3f860782a1ebd7e6cf
> > # Parent 734f0babfc133c2dc532f2794deadcf9d90245f7
> > Core: slab log_nomem flag.
> >
> > The flag allows to suppress "ngx_slab_alloc() failed: no memory" messages
> > from a slab allocator, e.g., if an LRU expiration is used by a consumer
> > and allocation failures aren't fatal.
> >
> > The flag is now set in the SSL session cache code, and in the limit_req
> > module.
> >
> > diff --git a/src/core/ngx_slab.c b/src/core/ngx_slab.c
> > --- a/src/core/ngx_slab.c
> > +++ b/src/core/ngx_slab.c
> > @@ -129,6 +129,7 @@ ngx_slab_init(ngx_slab_pool_t *pool)
> > pool->pages->slab = pages;
> > }
> >
> > + pool->log_nomem = 1;
> > pool->log_ctx = &pool->zero;
> > pool->zero = '\0';
> > }
> > @@ -658,7 +659,10 @@ ngx_slab_alloc_pages(ngx_slab_pool_t *po
> > }
> > }
> >
> > - ngx_slab_error(pool, NGX_LOG_CRIT, "ngx_slab_alloc() failed: no
> > memory");
> > + if (pool->log_nomem) {
> > + ngx_slab_error(pool, NGX_LOG_CRIT,
> > + "ngx_slab_alloc() failed: no memory");
> > + }
> >
> > return NULL;
> > }
> > diff --git a/src/core/ngx_slab.h b/src/core/ngx_slab.h
> > --- a/src/core/ngx_slab.h
> > +++ b/src/core/ngx_slab.h
> > @@ -39,6 +39,8 @@ typedef struct {
> > u_char *log_ctx;
> > u_char zero;
> >
> > + unsigned log_nomem:1;
> > +
> > void *data;
> > void *addr;
> > } ngx_slab_pool_t;
> > diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> > --- a/src/event/ngx_event_openssl.c
> > +++ b/src/event/ngx_event_openssl.c
> > @@ -1834,6 +1834,8 @@ ngx_ssl_session_cache_init(ngx_shm_zone_
> > ngx_sprintf(shpool->log_ctx, " in SSL session shared cache \"%V\"%Z",
> > &shm_zone->shm.name);
> >
> > + shpool->log_nomem = 0;
> > +
> > return NGX_OK;
> > }
> >
> > @@ -1986,7 +1988,7 @@ failed:
> > ngx_shmtx_unlock(&shpool->mutex);
> >
> > ngx_log_error(NGX_LOG_ALERT, c->log, 0,
> > - "could not add new SSL session to the session cache");
> > + "could not allocate new session%s", shpool->log_ctx);
> >
> > return 0;
> > }
> > diff --git a/src/http/modules/ngx_http_limit_req_module.c
> > b/src/http/modules/ngx_http_limit_req_module.c
> > --- a/src/http/modules/ngx_http_limit_req_module.c
> > +++ b/src/http/modules/ngx_http_limit_req_module.c
> > @@ -451,6 +451,8 @@ ngx_http_limit_req_lookup(ngx_http_limit
> >
> > node = ngx_slab_alloc_locked(ctx->shpool, size);
> > if (node == NULL) {
> > + ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0,
> > + "could not allocate node%s",
> > ctx->shpool->log_ctx);
> > return NGX_ERROR;
> > }
> > }
> > @@ -674,6 +676,8 @@ ngx_http_limit_req_init_zone(ngx_shm_zon
> > ngx_sprintf(ctx->shpool->log_ctx, " in limit_req zone \"%V\"%Z",
> > &shm_zone->shm.name);
> >
> > + ctx->shpool->log_nomem = 0;
> > +
> > return NGX_OK;
> > }
> >
> >
> > --
> > Maxim Dounin
> > http://nginx.org/
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list