finish calculation of duration when start reading client response
This commit is contained in:
parent
79d0b7cc5a
commit
145f7c7d66
@ -18,6 +18,7 @@
|
|||||||
// Enforce this protocol version
|
// Enforce this protocol version
|
||||||
#define TLS_PROT_VERSION TLS1_3_VERSION
|
#define TLS_PROT_VERSION TLS1_3_VERSION
|
||||||
static const int Curves[3] = {NID_CECPQ2, NID_CECPQ2b, NID_X25519};
|
static const int Curves[3] = {NID_CECPQ2, NID_CECPQ2b, NID_X25519};
|
||||||
|
int ssl_data_idx_def_cb = -1;
|
||||||
|
|
||||||
static const struct CertDesc_t {
|
static const struct CertDesc_t {
|
||||||
const char* arg;
|
const char* arg;
|
||||||
@ -104,7 +105,8 @@ static int accept_once(void) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct st_t {
|
struct st_t {
|
||||||
uint64_t duration;
|
uint64_t start;
|
||||||
|
uint64_t stop;
|
||||||
};
|
};
|
||||||
|
|
||||||
static uint64_t time_now() {
|
static uint64_t time_now() {
|
||||||
@ -122,7 +124,7 @@ static void chained_cb(const SSL *ssl, int type, int value) {
|
|||||||
//printf("CHAINED > \n");
|
//printf("CHAINED > \n");
|
||||||
ngx_default_info_cb_t cb =
|
ngx_default_info_cb_t cb =
|
||||||
SSL_CTX_get_ex_data(
|
SSL_CTX_get_ex_data(
|
||||||
SSL_get_SSL_CTX(ssl), SSL_DEF_CB);
|
SSL_get_SSL_CTX(ssl), ssl_data_idx_def_cb);
|
||||||
|
|
||||||
if (cb) {
|
if (cb) {
|
||||||
cb(ssl,type,value);
|
cb(ssl,type,value);
|
||||||
@ -131,24 +133,35 @@ static void chained_cb(const SSL *ssl, int type, int value) {
|
|||||||
|
|
||||||
static void after_keygen_handshake_time(const SSL *ssl, int type, int value) {
|
static void after_keygen_handshake_time(const SSL *ssl, int type, int value) {
|
||||||
|
|
||||||
static const char* ss_exp = "send_server_hello";
|
static const char ss1_exp[] = "send_server_hello";
|
||||||
static const size_t ss_exp_len = 17;
|
static const char rr1_exp[] = "read_second_client_flight";
|
||||||
|
static const char rr2_exp[] = "read_client_finished";
|
||||||
switch (type) {
|
|
||||||
case SSL_CB_ACCEPT_LOOP: {
|
|
||||||
const char* ss = SSL_state_string_long(ssl);
|
|
||||||
size_t ss_len = strlen(ss);
|
|
||||||
// OZAPTF: jak to zrobic to porzadnie?
|
|
||||||
if ((ss_len >= strlen(ss_exp)) &&
|
|
||||||
!memcmp(ss_exp, &ss[ss_len-ss_exp_len], ss_exp_len)) {
|
|
||||||
|
|
||||||
|
#define IS_STATE(exp) ( \
|
||||||
|
(ss_len >= (ARRAY_SIZE(exp)-1)) \
|
||||||
|
&& (!memcmp(exp, &ss[ss_len - (ARRAY_SIZE(exp) - 1)], ARRAY_SIZE(exp)-1)))
|
||||||
|
|
||||||
struct st_t *data =
|
struct st_t *data =
|
||||||
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA);
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA);
|
||||||
if (!data) {
|
if (!data) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
data->duration = time_now();
|
|
||||||
|
switch (type) {
|
||||||
|
case SSL_CB_ACCEPT_LOOP: {
|
||||||
|
const char* ss = SSL_state_string_long(ssl);
|
||||||
|
size_t ss_len = strlen(ss);
|
||||||
|
if (IS_STATE(ss1_exp)) {
|
||||||
|
struct st_t *data =
|
||||||
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA);
|
||||||
|
data->start = time_now();
|
||||||
|
} else if (!data->stop && (IS_STATE(rr1_exp) || IS_STATE(rr2_exp))) {
|
||||||
|
if (!data->start) {
|
||||||
|
// if initial time not set, then do not report
|
||||||
|
assert(0);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
data->stop = time_now();
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -156,17 +169,16 @@ static void after_keygen_handshake_time(const SSL *ssl, int type, int value) {
|
|||||||
struct st_t *data =
|
struct st_t *data =
|
||||||
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA);
|
(struct st_t*) SSL_get_ex_data(ssl, SSL_CONN_DATA);
|
||||||
|
|
||||||
if (!data->duration) {
|
if (!data->start || !data->stop) {
|
||||||
// if initial time not set, then do not report
|
// if initial time not set, then do not report
|
||||||
|
assert(0);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
printf("SH to FIN duration; %lu\n", data->stop - data->start);
|
||||||
printf("SH to FIN duration [%s]> %lu\n",
|
|
||||||
SSL_get_curve_name(SSL_get_curve_id(ssl)),
|
|
||||||
time_now() - data->duration);
|
|
||||||
}
|
}
|
||||||
default: ;;
|
default: ;;
|
||||||
}
|
}
|
||||||
|
#undef IS_STATE
|
||||||
}
|
}
|
||||||
|
|
||||||
static SSL_CTX* setup_server_ctx(const char* cert_name) {
|
static SSL_CTX* setup_server_ctx(const char* cert_name) {
|
||||||
@ -185,7 +197,7 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) {
|
|||||||
ERR("Error setting cipher list");
|
ERR("Error setting cipher list");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!SSL_CTX_set1_curves(ctx, c->curves, 3)) {
|
if (!SSL_CTX_set1_curves(ctx, c->curves, ARRAY_SIZE(Curves))) {
|
||||||
ERR("Enforcing curve");
|
ERR("Enforcing curve");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -194,9 +206,11 @@ static SSL_CTX* setup_server_ctx(const char* cert_name) {
|
|||||||
ERR("Enforcing protocol to TLSv1.2");
|
ERR("Enforcing protocol to TLSv1.2");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ssl_data_idx_def_cb = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|
||||||
SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time);
|
SSL_CTX_set_info_callback(ctx, after_keygen_handshake_time);
|
||||||
ngx_default_info_cb_t cb = SSL_CTX_get_info_callback(ctx);
|
ngx_default_info_cb_t cb = SSL_CTX_get_info_callback(ctx);
|
||||||
SSL_CTX_set_ex_data(ctx, SSL_DEF_CB, (void*)cb);
|
SSL_CTX_set_ex_data(ctx, ssl_data_idx_def_cb, (void*)cb);
|
||||||
SSL_CTX_set_info_callback(ctx, chained_cb);
|
SSL_CTX_set_info_callback(ctx, chained_cb);
|
||||||
return ctx;
|
return ctx;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user