mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-06 09:20:26 +00:00
fb2841f645
For some error conditions, the error handler depends on ctx->thr[idx]->dnsbase to be zeroed expicitly after allocation. To prevent this type of error, zero all allocated memory even though it will get written to in any case.
281 lines
7.1 KiB
C
281 lines
7.1 KiB
C
/*
|
|
* SSLsplit - transparent and scalable SSL/TLS interception
|
|
* Copyright (c) 2009-2014, Daniel Roethlisberger <daniel@roe.ch>
|
|
* All rights reserved.
|
|
* http://www.roe.ch/SSLsplit
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice unmodified, this list of conditions, and the following
|
|
* disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "pxythrmgr.h"
|
|
|
|
#include "sys.h"
|
|
#include "log.h"
|
|
|
|
#include <string.h>
|
|
#include <pthread.h>
|
|
|
|
/*
|
|
* Proxy thread manager: manages the connection handling worker threads
|
|
* and the per-thread resources (i.e. event bases). The load is shared
|
|
* across num_cpu * 2 connection handling threads, using the number of
|
|
* currently assigned connections as the sole metric.
|
|
*
|
|
* The attach and detach functions are thread-safe.
|
|
*/
|
|
|
|
typedef struct pxy_thr_ctx {
|
|
pthread_t thr;
|
|
size_t load;
|
|
struct event_base *evbase;
|
|
struct evdns_base *dnsbase;
|
|
int running;
|
|
} pxy_thr_ctx_t;
|
|
|
|
struct pxy_thrmgr_ctx {
|
|
int num_thr;
|
|
pxy_thr_ctx_t **thr;
|
|
pthread_mutex_t mutex;
|
|
};
|
|
|
|
/*
|
|
* Dummy recurring timer event to prevent the event loops from exiting when
|
|
* they run out of events.
|
|
*/
|
|
static void
|
|
pxy_thrmgr_timer_cb(UNUSED evutil_socket_t fd, UNUSED short what,
|
|
UNUSED void *arg)
|
|
{
|
|
/* do nothing */
|
|
}
|
|
|
|
/*
|
|
* Thread entry point; runs the event loop of the event base.
|
|
* Does not exit until the libevent loop is broken explicitly.
|
|
*/
|
|
static void *
|
|
pxy_thrmgr_thr(void *arg)
|
|
{
|
|
pxy_thr_ctx_t *ctx = arg;
|
|
struct timeval timer_delay = {60, 0};
|
|
struct event *ev;
|
|
|
|
ev = event_new(ctx->evbase, -1, EV_PERSIST, pxy_thrmgr_timer_cb, NULL);
|
|
if (!ev)
|
|
return NULL;
|
|
evtimer_add(ev, &timer_delay);
|
|
ctx->running = 1;
|
|
event_base_dispatch(ctx->evbase);
|
|
event_free(ev);
|
|
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* Create new thread manager but do not start any threads yet.
|
|
* This gets called before forking to background.
|
|
*/
|
|
pxy_thrmgr_ctx_t *
|
|
pxy_thrmgr_new(UNUSED opts_t *opts)
|
|
{
|
|
pxy_thrmgr_ctx_t *ctx;
|
|
|
|
if (!(ctx = malloc(sizeof(pxy_thrmgr_ctx_t))))
|
|
return NULL;
|
|
memset(ctx, 0, sizeof(pxy_thrmgr_ctx_t));
|
|
|
|
ctx->num_thr = 2 * sys_get_cpu_cores();
|
|
return ctx;
|
|
}
|
|
|
|
/*
|
|
* Start the thread manager and associated threads.
|
|
* This must be called after forking.
|
|
*
|
|
* Returns -1 on failure, 0 on success.
|
|
*/
|
|
int
|
|
pxy_thrmgr_run(pxy_thrmgr_ctx_t *ctx)
|
|
{
|
|
int idx = -1;
|
|
|
|
if (!ctx)
|
|
return -1;
|
|
|
|
pthread_mutex_init(&ctx->mutex, NULL);
|
|
|
|
if (!(ctx->thr = malloc(ctx->num_thr * sizeof(pxy_thr_ctx_t*)))) {
|
|
log_dbg_printf("Failed to allocate memory\n");
|
|
goto leave;
|
|
}
|
|
memset(ctx->thr, 0, ctx->num_thr * sizeof(pxy_thr_ctx_t*));
|
|
|
|
for (idx = 0; idx < ctx->num_thr; idx++) {
|
|
if (!(ctx->thr[idx] = malloc(sizeof(pxy_thr_ctx_t)))) {
|
|
log_dbg_printf("Failed to allocate memory\n");
|
|
goto leave;
|
|
}
|
|
memset(ctx->thr[idx], 0, sizeof(pxy_thr_ctx_t));
|
|
ctx->thr[idx]->evbase = event_base_new();
|
|
if (!ctx->thr[idx]->evbase) {
|
|
log_dbg_printf("Failed to create evbase %d\n", idx);
|
|
goto leave;
|
|
}
|
|
ctx->thr[idx]->dnsbase = evdns_base_new(
|
|
ctx->thr[idx]->evbase, 1);
|
|
if (!ctx->thr[idx]->dnsbase) {
|
|
log_dbg_printf("Failed to create dnsbase %d\n", idx);
|
|
goto leave;
|
|
}
|
|
ctx->thr[idx]->load = 0;
|
|
ctx->thr[idx]->running = 0;
|
|
}
|
|
|
|
log_dbg_printf("Initialized %d connection handling threads\n",
|
|
ctx->num_thr);
|
|
|
|
for (idx = 0; idx < ctx->num_thr; idx++) {
|
|
if (pthread_create(&ctx->thr[idx]->thr, NULL,
|
|
pxy_thrmgr_thr, ctx->thr[idx]))
|
|
goto leave_thr;
|
|
while (!ctx->thr[idx]->running) {
|
|
sched_yield();
|
|
}
|
|
}
|
|
|
|
log_dbg_printf("Started %d connection handling threads\n",
|
|
ctx->num_thr);
|
|
|
|
return 0;
|
|
|
|
leave_thr:
|
|
idx--;
|
|
while (idx >= 0) {
|
|
pthread_cancel(ctx->thr[idx]->thr);
|
|
pthread_join(ctx->thr[idx]->thr, NULL);
|
|
idx--;
|
|
}
|
|
idx = ctx->num_thr - 1;
|
|
|
|
leave:
|
|
while (idx >= 0) {
|
|
if (ctx->thr[idx]) {
|
|
if (ctx->thr[idx]->dnsbase) {
|
|
evdns_base_free(ctx->thr[idx]->dnsbase, 0);
|
|
}
|
|
if (ctx->thr[idx]->evbase) {
|
|
event_base_free(ctx->thr[idx]->evbase);
|
|
}
|
|
free(ctx->thr[idx]);
|
|
}
|
|
idx--;
|
|
}
|
|
pthread_mutex_destroy(&ctx->mutex);
|
|
if (ctx->thr) {
|
|
free(ctx->thr);
|
|
ctx->thr = NULL;
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
/*
|
|
* Destroy the event manager and stop all threads.
|
|
*/
|
|
void
|
|
pxy_thrmgr_free(pxy_thrmgr_ctx_t *ctx)
|
|
{
|
|
if (!ctx)
|
|
return;
|
|
pthread_mutex_destroy(&ctx->mutex);
|
|
if (ctx->thr) {
|
|
for (int idx = 0; idx < ctx->num_thr; idx++) {
|
|
event_base_loopbreak(ctx->thr[idx]->evbase);
|
|
sched_yield();
|
|
}
|
|
for (int idx = 0; idx < ctx->num_thr; idx++) {
|
|
pthread_join(ctx->thr[idx]->thr, NULL);
|
|
}
|
|
for (int idx = 0; idx < ctx->num_thr; idx++) {
|
|
evdns_base_free(ctx->thr[idx]->dnsbase, 0);
|
|
event_base_free(ctx->thr[idx]->evbase);
|
|
free(ctx->thr[idx]);
|
|
}
|
|
free(ctx->thr);
|
|
}
|
|
free(ctx);
|
|
}
|
|
|
|
/*
|
|
* Attach a new connection to a thread. Chooses the thread with the fewest
|
|
* currently active connections, returns the appropriate event bases.
|
|
* Returns the index of the chosen thread (for passing to _detach later).
|
|
* This function cannot fail.
|
|
*/
|
|
int
|
|
pxy_thrmgr_attach(pxy_thrmgr_ctx_t *ctx, struct event_base **evbase,
|
|
struct evdns_base **dnsbase)
|
|
{
|
|
int thridx;
|
|
size_t minload;
|
|
|
|
thridx = 0;
|
|
pthread_mutex_lock(&ctx->mutex);
|
|
minload = ctx->thr[thridx]->load;
|
|
#ifdef DEBUG_THREAD
|
|
log_dbg_printf("===> Proxy connection handler thread status:\n"
|
|
"thr[%d]: %zu\n", thridx, minload);
|
|
#endif /* DEBUG_THREAD */
|
|
for (int idx = 1; idx < ctx->num_thr; idx++) {
|
|
#ifdef DEBUG_THREAD
|
|
log_dbg_printf("thr[%d]: %zu\n", idx, ctx->thr[idx]->load);
|
|
#endif /* DEBUG_THREAD */
|
|
if (minload > ctx->thr[idx]->load) {
|
|
minload = ctx->thr[idx]->load;
|
|
thridx = idx;
|
|
}
|
|
}
|
|
*evbase = ctx->thr[thridx]->evbase;
|
|
*dnsbase = ctx->thr[thridx]->dnsbase;
|
|
ctx->thr[thridx]->load++;
|
|
pthread_mutex_unlock(&ctx->mutex);
|
|
|
|
#ifdef DEBUG_THREAD
|
|
log_dbg_printf("thridx: %d\n", thridx);
|
|
#endif /* DEBUG_THREAD */
|
|
|
|
return thridx;
|
|
}
|
|
|
|
/*
|
|
* Detach a connection from a thread by index.
|
|
* This function cannot fail.
|
|
*/
|
|
void
|
|
pxy_thrmgr_detach(pxy_thrmgr_ctx_t *ctx, int thridx)
|
|
{
|
|
pthread_mutex_lock(&ctx->mutex);
|
|
ctx->thr[thridx]->load--;
|
|
pthread_mutex_unlock(&ctx->mutex);
|
|
}
|
|
|
|
/* vim: set noet ft=c: */
|