Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace GFSM calls with direct calls to TLS and HTTP #1568

Merged
merged 1 commit into from
Feb 24, 2022
Merged

Replace GFSM calls with direct calls to TLS and HTTP #1568

merged 1 commit into from
Feb 24, 2022

Conversation

ttaym
Copy link
Contributor

@ttaym ttaym commented Feb 21, 2022
edited
Loading

Contributes to #755

Porting of 2eae1da

Replace GFSM calls with direct calls to TLS and HTTP handlers
 on low level networking layers.

GFSM was designed to build graphs of network protocols FSMs (this
design was inspired by FreeBSD netgraph). However, during the years
neither we nor external users have any requirements to introduce
any modules which use GFSM to hook TLS or HTTP entry code. There
are only 2 users of the mechanism for TLS and HTTP for now:
1. TLS -> HTTP protocols handling
2. HTTP limits (the frang module)

This patch replaces GFSM calls with direct calls to
tfw_http_req_process(), tfw_tls_msg_process() and frang_tls_handler()
in following paths:
1. sync sockets -> TLS
2. sync sockets -> HTTP
3. TLS -> HTTP
4. TLS -> Frang

As the result the function tfw_connection_recv() was eliminated.
Now the code is simpler and has lower overhead.

We still might need GFSM for the user-space requests handling (#77)
and Tempesta Language (#102).

Based-on-patch-by: Alexander K ak@tempesta-tech.com
Signed-off-by: Aleksey Mikhaylov aym@tempesta-tech.com

@ttaym ttaym force-pushed the am-755-replace-gfsm-calls branch 2 times, most recently from 684fb94 to 9ef4513 Compare February 22, 2022 07:36
@ttaym ttaym linked an issue Feb 22, 2022 that may be closed by this pull request
Websocket #755
Closed
@ttaym ttaym removed a link to an issue Feb 22, 2022
Websocket #755
Closed
@ttaym ttaym force-pushed the am-755-replace-gfsm-calls branch 2 times, most recently from 38a7a4a to 372f341 Compare February 22, 2022 10:14
@ttaym
Replace GFSM calls with direct calls to TLS and HTTP
0a28e8e 
Almost literaly follow ak patch from 2eae1da

Replace GFSM calls with direct calls to TLS and HTTP handlers
 on low level networking layers.

GFSM was designed to build graphs of network protocols FSMs (this
design was inspired by FreeBSD netgraph). However, during the years
neither we nor external users have any requirements to introduce
any modules which use GFSM to hook TLS or HTTP entry code. There
are only 2 users of the mechanism for TLS and HTTP for now:
1. TLS -> HTTP protocols handling
2. HTTP limits (the frang module)

This patch replaces GFSM calls with direct calls to
tfw_http_req_process(), tfw_tls_msg_process() and frang_tls_handler()
in following paths:
1. sync sockets -> TLS
2. sync sockets -> HTTP
3. TLS -> HTTP
4. TLS -> Frang

As the result the function tfw_connection_recv() was eliminated.
Now the code is simpler and has lower overhead.

We still might need GFSM for the user-space requests handling (#77)
and Tempesta Language (#102).

Contributes to #755

Based-on-patch-by: Alexander K <ak@tempesta-tech.com>
Signed-off-by: Aleksey Mikhaylov <aym@tempesta-tech.com>
@ttaym ttaym marked this pull request as ready for review February 22, 2022 10:23
krizhanovsky
krizhanovsky approved these changes Feb 22, 2022
View reviewed changes
Copy link
Contributor

@krizhanovsky krizhanovsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ttaym
Copy link
Contributor Author

ttaym commented Feb 24, 2022

I manually test patch on VPS instance with:

~$ curl -vik --resolve debian.tempesta:443:44.93.154.134 https://debian.tempesta/

And config:

listen 443 proto=https;

srv_group default {
    server 127.0.0.1:8000 conns_n=4;
}

vhost debian.tempesta {
    proxy_pass default;
    tls_certificate     /root/cert.pem;
    tls_certificate_key /root/privkey.pem;
}

cache 1;
cache_fulfill * *;

block_action attack reply;

http_chain {
    -> debian.tempesta;
}

Connection established and https request served.

@ttaym ttaym merged commit 5f2851d into master Feb 24, 2022
@ttaym ttaym deleted the am-755-replace-gfsm-calls branch February 24, 2022 12:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krizhanovsky krizhanovsky krizhanovsky approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ttaym @krizhanovsky