commit 707357d: [Rework] Include SSL flag into keepalive hash

Vsevolod Stakhov vsevolod at highsecure.ru
Wed Dec 8 11:49:04 UTC 2021 

Author: Vsevolod Stakhov
Date: 2021-12-08 10:49:29 +0000
URL: https://github.com/rspamd/rspamd/commit/707357d35e12ee833f358418f380b685100e70b9

[Rework] Include SSL flag into keepalive hash

---
 src/libserver/http/http_connection.c |  4 ++--
 src/libserver/http/http_connection.h |  2 +-
 src/libserver/http/http_context.c    | 44 ++++++++++++++++++++++++------------
 src/libserver/http/http_context.h    | 12 ++++------
 src/libserver/http/http_private.h    |  1 +
 5 files changed, 39 insertions(+), 24 deletions(-)

diff --git a/src/libserver/http/http_connection.c b/src/libserver/http/http_connection.c
index 0a5dee754..478e00984 100644
--- a/src/libserver/http/http_connection.c
+++ b/src/libserver/http/http_connection.c
@@ -1255,7 +1255,7 @@ rspamd_http_connection_new_keepalive (struct rspamd_http_context *ctx,
 		ctx = rspamd_http_context_default ();
 	}
 
-	conn = rspamd_http_context_check_keepalive (ctx, addr, host);
+	conn = rspamd_http_context_check_keepalive(ctx, addr, host, false);
 
 	if (conn) {
 		return conn;
@@ -1267,7 +1267,7 @@ rspamd_http_connection_new_keepalive (struct rspamd_http_context *ctx,
 			addr);
 
 	if (conn) {
-		rspamd_http_context_prepare_keepalive (ctx, conn, addr, host);
+		rspamd_http_context_prepare_keepalive(ctx, conn, addr, host, );
 	}
 
 	return conn;
diff --git a/src/libserver/http/http_connection.h b/src/libserver/http/http_connection.h
index 896f83c20..cc7c8a8f1 100644
--- a/src/libserver/http/http_connection.h
+++ b/src/libserver/http/http_connection.h
@@ -68,7 +68,7 @@ struct rspamd_storage_shmem {
  */
 #define RSPAMD_HTTP_FLAG_SHMEM_IMMUTABLE (1 << 3)
 /**
- * Use tls for this message
+ * Use tls for this message (how the fuck SSL flag could be used PER MESSAGE???)
  */
 #define RSPAMD_HTTP_FLAG_SSL (1 << 4)
 /**
diff --git a/src/libserver/http/http_context.c b/src/libserver/http/http_context.c
index 75bfbf2cf..b56f1c4c0 100644
--- a/src/libserver/http/http_context.c
+++ b/src/libserver/http/http_context.c
@@ -365,21 +365,29 @@ rspamd_http_context_default (void)
 gint32
 rspamd_keep_alive_key_hash (struct rspamd_keepalive_hash_key *k)
 {
-	gint32 h;
+	guint32 h;
 
 	h = rspamd_inet_address_port_hash (k->addr);
 
 	if (k->host) {
-		h = rspamd_cryptobox_fast_hash (k->host, strlen (k->host), h);
+		h ^= rspamd_cryptobox_fast_hash (k->host, strlen (k->host), h);
 	}
 
-	return h;
+	if (k->is_ssl) {
+		h = ~h;
+	}
+
+	return (gint32)h;
 }
 
 bool
 rspamd_keep_alive_key_equal (struct rspamd_keepalive_hash_key *k1,
 								  struct rspamd_keepalive_hash_key *k2)
 {
+	if (k1->is_ssl != k2->is_ssl) {
+		return false;
+	}
+
 	if (k1->host && k2->host) {
 		if (rspamd_inet_address_port_equal (k1->addr, k2->addr)) {
 			return strcmp (k1->host, k2->host) == 0;
@@ -393,16 +401,18 @@ rspamd_keep_alive_key_equal (struct rspamd_keepalive_hash_key *k1,
 	return false;
 }
 
-struct rspamd_http_connection*
-rspamd_http_context_check_keepalive (struct rspamd_http_context *ctx,
-		const rspamd_inet_addr_t *addr,
-		const gchar *host)
+struct rspamd_http_connection *
+rspamd_http_context_check_keepalive(struct rspamd_http_context *ctx,
+									const rspamd_inet_addr_t *addr,
+									const gchar *host,
+									bool is_ssl)
 {
 	struct rspamd_keepalive_hash_key hk, *phk;
 	khiter_t k;
 
 	hk.addr = (rspamd_inet_addr_t *)addr;
 	hk.host = (gchar *)host;
+	hk.is_ssl = is_ssl;
 
 	k = kh_get (rspamd_keep_alive_hash, ctx->keep_alive_hash, &hk);
 
@@ -430,20 +440,23 @@ rspamd_http_context_check_keepalive (struct rspamd_http_context *ctx,
 			if (err != 0) {
 				rspamd_http_connection_unref (conn);
 
-				msg_debug_http_context ("invalid reused keepalive element %s (%s); "
+				msg_debug_http_context ("invalid reused keepalive element %s (%s, ssl=%b); "
 							"%s error; "
 							"%d connections queued",
 						rspamd_inet_address_to_string_pretty (phk->addr),
 						phk->host,
+						phk->is_ssl,
 						g_strerror (err),
 						conns->length);
 
 				return NULL;
 			}
 
-			msg_debug_http_context ("reused keepalive element %s (%s), %d connections queued",
+			msg_debug_http_context ("reused keepalive element %s (%s, ssl=%b), %d connections queued",
 					rspamd_inet_address_to_string_pretty (phk->addr),
-					phk->host, conns->length);
+					phk->host,
+					phk->is_ssl,
+					conns->length);
 
 			/* We transfer refcount here! */
 			return conn;
@@ -459,16 +472,18 @@ rspamd_http_context_check_keepalive (struct rspamd_http_context *ctx,
 }
 
 void
-rspamd_http_context_prepare_keepalive (struct rspamd_http_context *ctx,
-											struct rspamd_http_connection *conn,
-											const rspamd_inet_addr_t *addr,
-											const gchar *host)
+rspamd_http_context_prepare_keepalive(struct rspamd_http_context *ctx,
+									  struct rspamd_http_connection *conn,
+									  const rspamd_inet_addr_t *addr,
+									  const gchar *host,
+									  bool is_ssl)
 {
 	struct rspamd_keepalive_hash_key hk, *phk;
 	khiter_t k;
 
 	hk.addr = (rspamd_inet_addr_t *)addr;
 	hk.host = (gchar *)host;
+	hk.is_ssl = is_ssl;
 
 	k = kh_get (rspamd_keep_alive_hash, ctx->keep_alive_hash, &hk);
 
@@ -487,6 +502,7 @@ rspamd_http_context_prepare_keepalive (struct rspamd_http_context *ctx,
 		phk = g_malloc (sizeof (*phk));
 		phk->conns = empty_init;
 		phk->host = g_strdup (host);
+		phk->is_ssl = is_ssl;
 		phk->addr = rspamd_inet_address_copy (addr);
 
 		kh_put (rspamd_keep_alive_hash, ctx->keep_alive_hash, phk, &r);
diff --git a/src/libserver/http/http_context.h b/src/libserver/http/http_context.h
index 82ee400b0..f42164dba 100644
--- a/src/libserver/http/http_context.h
+++ b/src/libserver/http/http_context.h
@@ -74,9 +74,9 @@ struct rspamd_http_context *rspamd_http_context_default (void);
  * @param host
  * @return
  */
-struct rspamd_http_connection *rspamd_http_context_check_keepalive (
-		struct rspamd_http_context *ctx, const rspamd_inet_addr_t *addr,
-		const gchar *host);
+struct rspamd_http_connection *
+rspamd_http_context_check_keepalive(struct rspamd_http_context *ctx, const rspamd_inet_addr_t *addr, const gchar *host,
+									bool is_ssl);
 
 /**
  * Prepares keepalive key for a connection by creating a new entry or by reusing existent
@@ -86,10 +86,8 @@ struct rspamd_http_connection *rspamd_http_context_check_keepalive (
  * @param addr
  * @param host
  */
-void rspamd_http_context_prepare_keepalive (struct rspamd_http_context *ctx,
-											struct rspamd_http_connection *conn,
-											const rspamd_inet_addr_t *addr,
-											const gchar *host);
+void rspamd_http_context_prepare_keepalive(struct rspamd_http_context *ctx, struct rspamd_http_connection *conn,
+										   const rspamd_inet_addr_t *addr, const gchar *host, bool is_ssl);
 
 /**
  * Pushes a connection to keepalive pool after client request is finished,
diff --git a/src/libserver/http/http_private.h b/src/libserver/http/http_private.h
index f2270277b..6306d197b 100644
--- a/src/libserver/http/http_private.h
+++ b/src/libserver/http/http_private.h
@@ -86,6 +86,7 @@ struct rspamd_http_message {
 struct rspamd_keepalive_hash_key {
 	rspamd_inet_addr_t *addr;
 	gchar *host;
+	bool is_ssl;
 	GQueue conns;
 };

More information about the Commits mailing list