proxygen
Acceptor.cpp
Go to the documentation of this file.
1 /*
2  * Copyright 2017-present Facebook, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #include <wangle/acceptor/Acceptor.h>
17 
18 #include <wangle/acceptor/ManagedConnection.h>
19 #include <wangle/ssl/SSLContextManager.h>
20 #include <wangle/acceptor/AcceptorHandshakeManager.h>
21 #include <wangle/acceptor/FizzConfigUtil.h>
22 #include <wangle/acceptor/SecurityProtocolContextManager.h>
23 #include <fizz/server/TicketTypes.h>
24 #include <folly/io/async/EventBase.h>
25 #include <folly/io/async/AsyncSSLSocket.h>
26 #include <folly/io/async/AsyncSocket.h>
27 #include <folly/portability/GFlags.h>
28 #include <folly/portability/Sockets.h>
29 #include <folly/portability/Unistd.h>
30 
31 #include <fstream>
32 
33 using folly::AsyncSocket;
34 using folly::AsyncSSLSocket;
35 using folly::AsyncSocketException;
36 using folly::AsyncServerSocket;
37 using folly::AsyncTransportWrapper;
38 using folly::EventBase;
39 using folly::SocketAddress;
40 using folly::StringPiece;
41 using std::chrono::microseconds;
42 using std::chrono::milliseconds;
43 using std::filebuf;
44 using std::ifstream;
45 using std::ios;
46 using std::shared_ptr;
47 using std::string;
48 
49 namespace wangle {
50 
51 static const std::string empty_string;
52 std::atomic<uint64_t> Acceptor::totalNumPendingSSLConns_{0};
53 
54 Acceptor::Acceptor(const ServerSocketConfig& accConfig) :
55  accConfig_(accConfig),
56  socketOptions_(accConfig.getSocketOptions()) {
57 }
58 
59 void
60 Acceptor::init(AsyncServerSocket* serverSocket,
61  EventBase* eventBase,
62  SSLStats* stats) {
63  if (accConfig_.isSSL()) {
64 
65  if (accConfig_.allowInsecureConnectionsOnSecureServer) {
66  securityProtocolCtxManager_.addPeeker(&tlsPlaintextPeekingCallback_);
67  }
68 
69  if (accConfig_.fizzConfig.enableFizz) {
70  auto fizzCtx = createFizzContext();
71  auto* peeker = getFizzPeeker();
72  peeker->setContext(std::move(fizzCtx));
73  securityProtocolCtxManager_.addPeeker(peeker);
74  setTLSTicketSecrets(
75  accConfig_.initialTicketSeeds.oldSeeds,
76  accConfig_.initialTicketSeeds.currentSeeds,
77  accConfig_.initialTicketSeeds.newSeeds);
78  } else {
79  securityProtocolCtxManager_.addPeeker(&defaultPeekingCallback_);
80  }
81 
82  if (!sslCtxManager_) {
83  sslCtxManager_ = std::make_unique<SSLContextManager>(
84  eventBase,
85  "vip_" + getName(),
86  accConfig_.strictSSL, stats);
87  }
88  try {
89  for (const auto& sslCtxConfig : accConfig_.sslContextConfigs) {
90  sslCtxManager_->addSSLContextConfig(
91  sslCtxConfig,
92  accConfig_.sslCacheOptions,
93  &accConfig_.initialTicketSeeds,
94  accConfig_.bindAddress,
95  cacheProvider_);
96  }
97 
98  CHECK(sslCtxManager_->getDefaultSSLCtx());
99  } catch (const std::runtime_error& ex) {
100  if (accConfig_.strictSSL) {
101  throw;
102  } else {
103  sslCtxManager_->clear();
104  // This is not a Not a fatal error, but useful to know.
105  LOG(INFO) << "Failed to configure TLS. This is not a fatal error. "
106  << ex.what();
107  }
108  }
109  }
110 
111  initDownstreamConnectionManager(eventBase);
112  if (serverSocket) {
113  serverSocket->addAcceptCallback(this, eventBase);
114 
115  for (auto& fd : serverSocket->getSockets()) {
116  if (fd < 0) {
117  continue;
118  }
119  for (const auto& opt: socketOptions_) {
120  opt.first.apply(fd, opt.second);
121  }
122  }
123  }
124 }
125 
126 void Acceptor::initDownstreamConnectionManager(EventBase* eventBase) {
127  CHECK(nullptr == this->base_ || eventBase == this->base_);
128  base_ = eventBase;
129  state_ = State::kRunning;
130  downstreamConnectionManager_ = ConnectionManager::makeUnique(
131  eventBase, accConfig_.connectionIdleTimeout, this);
132 }
133 
134 
135 std::shared_ptr<fizz::server::FizzServerContext> Acceptor::createFizzContext() {
136  return FizzConfigUtil::createFizzContext(accConfig_);
137 }
138 
139 std::shared_ptr<fizz::server::TicketCipher>
140 Acceptor::createFizzTicketCipher(folly::Optional<std::string> pskContext) {
141  return FizzConfigUtil::createTicketCipher<fizz::server::AES128TicketCipher>(
142  currentSecrets_.oldSeeds,
143  currentSecrets_.currentSeeds,
144  currentSecrets_.newSeeds,
145  accConfig_.sslCacheOptions.sslCacheTimeout,
146  std::move(pskContext));
147 }
148 
149 void Acceptor::updateFizzContext(fizz::server::FizzServerContext* ctx) {
150  if (ctx) {
151  std::string pskContext;
152  if (!accConfig_.sslContextConfigs.empty()) {
153  pskContext = accConfig_.sslContextConfigs.front().sessionContext.value_or(
154  "");
155  }
156  auto cipher = createFizzTicketCipher(
157  folly::Optional<std::string>(std::move(pskContext)));
158  ctx->setTicketCipher(std::move(cipher));
159  }
160 }
161 
162 void Acceptor::resetSSLContextConfigs() {
163  if (accConfig_.fizzConfig.enableFizz) {
164  auto ctx = createFizzContext();
165  if (ctx) {
166  updateFizzContext(ctx.get());
167  getFizzPeeker()->setContext(std::move(ctx));
168  }
169  }
170  try {
171  sslCtxManager_->resetSSLContextConfigs(accConfig_.sslContextConfigs,
172  accConfig_.sslCacheOptions,
173  nullptr,
174  accConfig_.bindAddress,
175  cacheProvider_);
176  } catch (const std::runtime_error& ex) {
177  LOG(ERROR) << "Failed to re-configure TLS: "
178  << ex.what()
179  << "will keep old config";
180  }
181 
182 }
183 
184 Acceptor::~Acceptor(void) {
185 }
186 
187 void Acceptor::addSSLContextConfig(const SSLContextConfig& sslCtxConfig) {
188  sslCtxManager_->addSSLContextConfig(sslCtxConfig,
189  accConfig_.sslCacheOptions,
190  &accConfig_.initialTicketSeeds,
191  accConfig_.bindAddress,
192  cacheProvider_);
193 }
194 
195 void Acceptor::setTLSTicketSecrets(
196  const std::vector<std::string>& oldSecrets,
197  const std::vector<std::string>& currentSecrets,
198  const std::vector<std::string>& newSecrets) {
199  currentSecrets_.oldSeeds = oldSecrets;
200  currentSecrets_.currentSeeds = currentSecrets;
201  currentSecrets_.newSeeds = newSecrets;
202 
203  if (accConfig_.fizzConfig.enableFizz) {
204  updateFizzContext(getFizzPeeker()->getContext().get());
205  }
206 
207  if (sslCtxManager_) {
208  sslCtxManager_->reloadTLSTicketKeys(
209  oldSecrets, currentSecrets, newSecrets);
210  }
211 }
212 
213 void
214 Acceptor::drainAllConnections() {
215  if (downstreamConnectionManager_) {
216  downstreamConnectionManager_->initiateGracefulShutdown(
217  gracefulShutdownTimeout_);
218  }
219 }
220 
221 void Acceptor::setLoadShedConfig(
222  std::shared_ptr<const LoadShedConfiguration> loadShedConfig,
223  const IConnectionCounter* counter) {
224  loadShedConfig_ = loadShedConfig;
225  connectionCounter_ = counter;
226 }
227 
228 bool Acceptor::canAccept(const SocketAddress& address) {
229  if (!connectionCounter_) {
230  return true;
231  }
232 
233  const auto totalConnLimit =
234  loadShedConfig_ ? loadShedConfig_->getMaxConnections() : 0;
235  if (totalConnLimit == 0) {
236  return true;
237  }
238 
239  uint64_t currentConnections = connectionCounter_->getNumConnections();
240  uint64_t maxConnections = getWorkerMaxConnections();
241  if (currentConnections < maxConnections) {
242  return true;
243  }
244 
245  if (loadShedConfig_ && loadShedConfig_->isWhitelisted(address)) {
246  return true;
247  }
248 
249  // Take care of the connection counts across all acceptors.
250  // Expensive since a lock must be taken to get the counter.
251 
252  // getConnectionCountForLoadShedding() call can be very expensive,
253  // don't call it if you are not going to use the results.
254  const auto totalConnExceeded =
255  totalConnLimit > 0 && getConnectionCountForLoadShedding() >= totalConnLimit;
256 
257  const auto activeConnLimit =
258  loadShedConfig_ ? loadShedConfig_->getMaxActiveConnections() : 0;
259  // getActiveConnectionCountForLoadShedding() call can be very expensive,
260  // don't call it if you are not going to use the results.
261  const auto activeConnExceeded =
262  !totalConnExceeded &&
263  activeConnLimit > 0 &&
264  getActiveConnectionCountForLoadShedding() >= activeConnLimit;
265 
266  if (!activeConnExceeded && !totalConnExceeded) {
267  return true;
268  }
269  LOG_EVERY_N(ERROR, 1000) << "shedding connection because activeConnExceeded="
270  << activeConnExceeded << "totalConnExceeded="
271  << totalConnExceeded;
272  VLOG(4) << address.describe() << " not whitelisted";
273  return false;
274 }
275 
276 void
277 Acceptor::connectionAccepted(
278  int fd, const SocketAddress& clientAddr) noexcept {
279  namespace fsp = folly::portability::sockets;
280  if (!canAccept(clientAddr)) {
281  // Send a RST to free kernel memory faster
282  struct linger optLinger = {1, 0};
283  fsp::setsockopt(fd, SOL_SOCKET, SO_LINGER, &optLinger, sizeof(optLinger));
284  close(fd);
285  return;
286  }
287  auto acceptTime = std::chrono::steady_clock::now();
288  for (const auto& opt: socketOptions_) {
289  opt.first.apply(fd, opt.second);
290  }
291 
292  onDoneAcceptingConnection(fd, clientAddr, acceptTime);
293 }
294 
295 void Acceptor::onDoneAcceptingConnection(
296  int fd,
297  const SocketAddress& clientAddr,
298  std::chrono::steady_clock::time_point acceptTime) noexcept {
299  TransportInfo tinfo;
300  processEstablishedConnection(fd, clientAddr, acceptTime, tinfo);
301 }
302 
303 void
304 Acceptor::processEstablishedConnection(
305  int fd,
306  const SocketAddress& clientAddr,
307  std::chrono::steady_clock::time_point acceptTime,
308  TransportInfo& tinfo) noexcept {
309  bool shouldDoSSL = false;
310  if (accConfig_.isSSL()) {
311  CHECK(sslCtxManager_);
312  shouldDoSSL = sslCtxManager_->getDefaultSSLCtx() != nullptr;
313  }
314  if (shouldDoSSL) {
315  AsyncSSLSocket::UniquePtr sslSock(
316  makeNewAsyncSSLSocket(
317  sslCtxManager_->getDefaultSSLCtx(), base_, fd));
318  ++numPendingSSLConns_;
319  ++totalNumPendingSSLConns_;
320  if (numPendingSSLConns_ > accConfig_.maxConcurrentSSLHandshakes) {
321  VLOG(2) << "dropped SSL handshake on " << accConfig_.name <<
322  " too many handshakes in progress";
323  auto error = SSLErrorEnum::DROPPED;
324  auto latency = std::chrono::milliseconds(0);
325  updateSSLStats(sslSock.get(), latency, error);
326  auto ex = folly::make_exception_wrapper<SSLException>(
327  error, latency, sslSock->getRawBytesReceived());
328  sslConnectionError(ex);
329  return;
330  }
331 
332  tinfo.tfoSucceded = sslSock->getTFOSucceded();
333  startHandshakeManager(
334  std::move(sslSock),
335  this,
336  clientAddr,
337  acceptTime,
338  tinfo);
339  } else {
340  tinfo.secure = false;
341  tinfo.acceptTime = acceptTime;
342  AsyncSocket::UniquePtr sock(makeNewAsyncSocket(base_, fd));
343  tinfo.tfoSucceded = sock->getTFOSucceded();
344  plaintextConnectionReady(
345  std::move(sock),
346  clientAddr,
347  empty_string,
348  SecureTransportType::NONE,
349  tinfo);
350  }
351 }
352 
353 void Acceptor::startHandshakeManager(
354  AsyncSSLSocket::UniquePtr sslSock,
355  Acceptor*,
356  const SocketAddress& clientAddr,
357  std::chrono::steady_clock::time_point acceptTime,
358  TransportInfo& tinfo) noexcept {
359  auto manager = securityProtocolCtxManager_.getHandshakeManager(
360  this, clientAddr, acceptTime, tinfo);
361  manager->start(std::move(sslSock));
362 }
363 
364 void
365 Acceptor::connectionReady(
366  AsyncTransportWrapper::UniquePtr sock,
367  const SocketAddress& clientAddr,
368  const string& nextProtocolName,
369  SecureTransportType secureTransportType,
370  TransportInfo& tinfo) {
371  // Limit the number of reads from the socket per poll loop iteration,
372  // both to keep memory usage under control and to prevent one fast-
373  // writing client from starving other connections.
374  auto asyncSocket = sock->getUnderlyingTransport<AsyncSocket>();
375  asyncSocket->setMaxReadsPerEvent(16);
376  tinfo.initWithSocket(asyncSocket);
377  tinfo.appProtocol = std::make_shared<std::string>(nextProtocolName);
378  if (state_ < State::kDraining) {
379  onNewConnection(
380  std::move(sock),
381  &clientAddr,
382  nextProtocolName,
383  secureTransportType,
384  tinfo);
385  }
386 }
387 
388 void Acceptor::plaintextConnectionReady(
389  AsyncTransportWrapper::UniquePtr sock,
390  const SocketAddress& clientAddr,
391  const string& nextProtocolName,
392  SecureTransportType secureTransportType,
393  TransportInfo& tinfo) {
394  connectionReady(
395  std::move(sock),
396  clientAddr,
397  nextProtocolName,
398  secureTransportType,
399  tinfo);
400 }
401 
402 void
403 Acceptor::sslConnectionReady(AsyncTransportWrapper::UniquePtr sock,
404  const SocketAddress& clientAddr,
405  const string& nextProtocol,
406  SecureTransportType secureTransportType,
407  TransportInfo& tinfo) {
408  CHECK(numPendingSSLConns_ > 0);
409  --numPendingSSLConns_;
410  --totalNumPendingSSLConns_;
411  connectionReady(
412  std::move(sock),
413  clientAddr,
414  nextProtocol,
415  secureTransportType,
416  tinfo);
417  if (state_ == State::kDraining) {
418  checkDrained();
419  }
420 }
421 
422 void Acceptor::sslConnectionError(const folly::exception_wrapper&) {
423  CHECK(numPendingSSLConns_ > 0);
424  --numPendingSSLConns_;
425  --totalNumPendingSSLConns_;
426  if (state_ == State::kDraining) {
427  checkDrained();
428  }
429 }
430 
431 void
432 Acceptor::acceptError(const std::exception& ex) noexcept {
433  // An error occurred.
434  // The most likely error is out of FDs. AsyncServerSocket will back off
435  // briefly if we are out of FDs, then continue accepting later.
436  // Just log a message here.
437  LOG(ERROR) << "error accepting on acceptor socket: " << ex.what();
438 }
439 
440 void
441 Acceptor::acceptStopped() noexcept {
442  VLOG(3) << "Acceptor " << this << " acceptStopped()";
443  // Drain the open client connections
444  drainAllConnections();
445 
446  // If we haven't yet finished draining, begin doing so by marking ourselves
447  // as in the draining state. We must be sure to hit checkDrained() here, as
448  // if we're completely idle, we can should consider ourself drained
449  // immediately (as there is no outstanding work to complete to cause us to
450  // re-evaluate this).
451  if (state_ != State::kDone) {
452  state_ = State::kDraining;
453  checkDrained();
454  }
455 }
456 
457 void
458 Acceptor::onEmpty(const ConnectionManager&) {
459  VLOG(3) << "Acceptor=" << this << " onEmpty()";
460  if (state_ == State::kDraining) {
461  checkDrained();
462  }
463 }
464 
465 void
466 Acceptor::checkDrained() {
467  CHECK(state_ == State::kDraining);
468  if (forceShutdownInProgress_ ||
469  (downstreamConnectionManager_->getNumConnections() != 0) ||
470  (numPendingSSLConns_ != 0)) {
471  return;
472  }
473 
474  VLOG(2) << "All connections drained from Acceptor=" << this << " in thread "
475  << base_;
476 
477  downstreamConnectionManager_.reset();
478 
479  state_ = State::kDone;
480 
481  onConnectionsDrained();
482 }
483 
484 void
485 Acceptor::drainConnections(double pctToDrain) {
486  if (downstreamConnectionManager_) {
487  LOG(INFO) << "Draining " << pctToDrain * 100 << "% of "
488  << getNumConnections() << " connections from Acceptor=" << this
489  << " in thread " << base_;
490  assert(base_->isInEventBaseThread());
491  downstreamConnectionManager_->
492  drainConnections(pctToDrain, gracefulShutdownTimeout_);
493  }
494 }
495 
496 milliseconds
497 Acceptor::getConnTimeout() const {
498  return accConfig_.connectionIdleTimeout;
499 }
500 
501 void Acceptor::addConnection(ManagedConnection* conn) {
502  // Add the socket to the timeout manager so that it can be cleaned
503  // up after being left idle for a long time.
504  downstreamConnectionManager_->addConnection(conn, true);
505 }
506 
507 void
508 Acceptor::forceStop() {
509  base_->runInEventBaseThread([&] { dropAllConnections(); });
510 }
511 
512 void
513 Acceptor::dropAllConnections() {
514  if (downstreamConnectionManager_) {
515  LOG(INFO) << "Dropping all connections from Acceptor=" << this
516  << " in thread " << base_;
517  assert(base_->isInEventBaseThread());
518  forceShutdownInProgress_ = true;
519  downstreamConnectionManager_->dropAllConnections();
520  CHECK(downstreamConnectionManager_->getNumConnections() == 0);
521  downstreamConnectionManager_.reset();
522  }
523  CHECK(numPendingSSLConns_ == 0);
524 
525  state_ = State::kDone;
526  onConnectionsDrained();
527 }
528 
529 void
530 Acceptor::dropConnections(double pctToDrop) {
531  base_->runInEventBaseThread([&, pctToDrop] {
532  if (downstreamConnectionManager_) {
533  LOG(INFO) << "Dropping " << pctToDrop * 100 << "% of "
534  << getNumConnections() << " connections from Acceptor=" << this
535  << " in thread " << base_;
536  assert(base_->isInEventBaseThread());
537  forceShutdownInProgress_ = true;
538  downstreamConnectionManager_->dropConnections(pctToDrop);
539  }
540  });
541 }
542 
543 } // namespace wangle
wangle::Acceptor::getConnTimeout
std::chrono::milliseconds getConnTimeout() const
Definition: Acceptor.cpp:497
wangle::Acceptor::onEmpty
void onEmpty(const wangle::ConnectionManager &cm) override
Definition: Acceptor.cpp:458
wangle::TLSTicketKeySeeds::newSeeds
std::vector< std::string > newSeeds
Definition: TLSTicketKeySeeds.h:27
wangle::AcceptorHandshakeManager::start
virtual void start(folly::AsyncSSLSocket::UniquePtr sock) noexcept
Definition: AcceptorHandshakeManager.cpp:22
wangle::TLSTicketKeySeeds::currentSeeds
std::vector< std::string > currentSeeds
Definition: TLSTicketKeySeeds.h:26
wangle::empty_string
static const std::string empty_string
Definition: Acceptor.cpp:51
wangle::Acceptor::getWorkerMaxConnections
virtual uint64_t getWorkerMaxConnections() const
Definition: Acceptor.h:323
wangle::Acceptor::makeNewAsyncSocket
virtual folly::AsyncSocket::UniquePtr makeNewAsyncSocket(folly::EventBase *base, int fd)
Definition: Acceptor.h:365
wangle::Acceptor::connectionReady
void connectionReady(folly::AsyncTransportWrapper::UniquePtr sock, const folly::SocketAddress &clientAddr, const std::string &nextProtocolName, SecureTransportType secureTransportType, TransportInfo &tinfo)
Definition: Acceptor.cpp:365
wangle::Acceptor::setLoadShedConfig
void setLoadShedConfig(std::shared_ptr< const LoadShedConfiguration > loadShedConfig, const IConnectionCounter *counter)
Definition: Acceptor.cpp:221
wangle::Acceptor::getNumConnections
uint32_t getNumConnections() const
Definition: Acceptor.h:119
wangle::Acceptor::addSSLContextConfig
void addSSLContextConfig(const SSLContextConfig &sslCtxConfig)
Definition: Acceptor.cpp:187
wangle::Acceptor::~Acceptor
~Acceptor() override
Definition: Acceptor.cpp:184
folly::AsyncServerSocket::getSockets
std::vector< int > getSockets() const
Definition: AsyncServerSocket.h:301
wangle::Acceptor::setTLSTicketSecrets
virtual void setTLSTicketSecrets(const std::vector< std::string > &oldSecrets, const std::vector< std::string > &currentSecrets, const std::vector< std::string > &newSecrets)
Definition: Acceptor.cpp:195
folly::netops::setsockopt
int setsockopt(NetworkSocket s, int level, int optname, const void *optval, socklen_t optlen)
Definition: NetOps.cpp:384
wangle::ServerSocketConfig::connectionIdleTimeout
std::chrono::milliseconds connectionIdleTimeout
Definition: ServerSocketConfig.h:102
wangle::Acceptor::currentSecrets_
wangle::TLSTicketKeySeeds currentSecrets_
Definition: Acceptor.h:441
wangle::Acceptor::numPendingSSLConns_
uint64_t numPendingSSLConns_
Definition: Acceptor.h:452
wangle::Acceptor::processEstablishedConnection
void processEstablishedConnection(int fd, const folly::SocketAddress &clientAddr, std::chrono::steady_clock::time_point acceptTime, TransportInfo &tinfo) noexcept
Definition: Acceptor.cpp:304
now
std::chrono::steady_clock::time_point now()
Definition: TimekeeperTest.cpp:31
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
wangle::Acceptor::connectionCounter_
const IConnectionCounter * connectionCounter_
Definition: Acceptor.h:458
wangle::Acceptor::cacheProvider_
std::shared_ptr< SSLCacheProvider > cacheProvider_
Definition: Acceptor.h:440
wangle::FizzConfigUtil::createFizzContext
static std::shared_ptr< fizz::server::FizzServerContext > createFizzContext(const wangle::ServerSocketConfig &config, std::unique_ptr< fizz::server::CertManager > certMgr=nullptr)
Definition: FizzConfigUtil.cpp:67
wangle::Acceptor::checkDrained
void checkDrained()
Definition: Acceptor.cpp:466
wangle::Acceptor::initDownstreamConnectionManager
virtual void initDownstreamConnectionManager(folly::EventBase *eventBase)
Definition: Acceptor.cpp:126
wangle::Acceptor::downstreamConnectionManager_
wangle::ConnectionManager::UniquePtr downstreamConnectionManager_
Definition: Acceptor.h:438
wangle::Acceptor::forceShutdownInProgress_
bool forceShutdownInProgress_
Definition: Acceptor.h:456
wangle::SecurityProtocolContextManager::addPeeker
void addPeeker(PeekingCallbackPtr peekingCallback)
Definition: SecurityProtocolContextManager.h:32
wangle::Acceptor::loadShedConfig_
std::shared_ptr< const LoadShedConfiguration > loadShedConfig_
Definition: Acceptor.h:457
wangle::Acceptor::onDoneAcceptingConnection
virtual void onDoneAcceptingConnection(int fd, const folly::SocketAddress &clientAddr, std::chrono::steady_clock::time_point acceptTime) noexcept
Definition: Acceptor.cpp:295
folly::SocketAddress::describe
std::string describe() const
Definition: SocketAddress.cpp:482
wangle::Acceptor::dropConnections
virtual void dropConnections(double pctToDrop)
Definition: Acceptor.cpp:530
folly::pushmi::__adl::noexcept
requires E e noexcept(noexcept(s.error(std::move(e))))
Definition: extension_points.h:40
wangle::Acceptor::totalNumPendingSSLConns_
static std::atomic< uint64_t > totalNumPendingSSLConns_
Definition: Acceptor.h:454
wangle::Acceptor::drainConnections
virtual void drainConnections(double pctToDrain)
Definition: Acceptor.cpp:485
wangle::Acceptor::updateSSLStats
virtual void updateSSLStats(const folly::AsyncTransportWrapper *, std::chrono::milliseconds, SSLErrorEnum) noexcept
Definition: Acceptor.h:305
folly::pushmi::operators::error
requires And< SemiMovable< VN >... > &&SemiMovable< E > auto error(E e)
Definition: error.h:48
wangle::Acceptor::createFizzTicketCipher
virtual std::shared_ptr< fizz::server::TicketCipher > createFizzTicketCipher(folly::Optional< std::string >=folly::none)
Definition: Acceptor.cpp:140
wangle::Acceptor::acceptStopped
void acceptStopped() noexceptoverride
Definition: Acceptor.cpp:441
cipher
CipherSuite cipher
Definition: ClientProtocol.cpp:1006
wangle::Acceptor::startHandshakeManager
virtual void startHandshakeManager(folly::AsyncSSLSocket::UniquePtr sslSock, Acceptor *acceptor, const folly::SocketAddress &clientAddr, std::chrono::steady_clock::time_point acceptTime, TransportInfo &tinfo) noexcept
Definition: Acceptor.cpp:353
wangle::Acceptor::acceptError
void acceptError(const std::exception &ex) noexceptoverride
Definition: Acceptor.cpp:432
wangle::Acceptor::socketOptions_
folly::AsyncSocket::OptionMap socketOptions_
Definition: Acceptor.h:425
wangle::Acceptor::getName
const std::string & getName() const
Definition: Acceptor.h:162
folly::AsyncSSLSocket::UniquePtr
std::unique_ptr< AsyncSSLSocket, Destructor > UniquePtr
Definition: AsyncSSLSocket.h:72
folly::AsyncSocket::setMaxReadsPerEvent
void setMaxReadsPerEvent(uint16_t maxReads)
Definition: AsyncSocket.h:451
wangle::TransportInfo::initWithSocket
bool initWithSocket(const folly::AsyncSocket *sock)
Definition: TransportInfo.cpp:28
folly::EventBase::isInEventBaseThread
bool isInEventBaseThread() const
Definition: EventBase.h:504
wangle::ServerSocketConfig::bindAddress
folly::SocketAddress bindAddress
Definition: ServerSocketConfig.h:112
folly::AsyncTransportWrapper::UniquePtr
std::unique_ptr< AsyncTransportWrapper, Destructor > UniquePtr
Definition: AsyncTransport.h:701
wangle::Acceptor::onConnectionsDrained
virtual void onConnectionsDrained()
Definition: Acceptor.h:392
wangle::ConnectionManager::makeUnique
static UniquePtr makeUnique(Args &&...args)
Definition: ConnectionManager.h:71
wangle::Acceptor::updateFizzContext
void updateFizzContext(fizz::server::FizzServerContext *)
Definition: Acceptor.cpp:149
wangle::Acceptor::Acceptor
Acceptor(const ServerSocketConfig &accConfig)
Definition: Acceptor.cpp:54
wangle::Acceptor::forceStop
virtual void forceStop()
Definition: Acceptor.cpp:508
folly::EventBase::runInEventBaseThread
bool runInEventBaseThread(void(*fn)(T *), T *arg)
Definition: EventBase.h:794
fizz::server::FizzServerContext::setTicketCipher
void setTicketCipher(std::shared_ptr< TicketCipher > ticketCipher)
Definition: FizzServerContext.h:150
wangle::Acceptor::getFizzPeeker
virtual DefaultToFizzPeekingCallback * getFizzPeeker()
Definition: Acceptor.h:414
wangle::Acceptor::accConfig_
const ServerSocketConfig accConfig_
Definition: Acceptor.h:407
wangle::Acceptor::addConnection
void addConnection(wangle::ManagedConnection *connection)
Definition: Acceptor.cpp:501
wangle::Acceptor::getActiveConnectionCountForLoadShedding
virtual uint64_t getActiveConnectionCountForLoadShedding() const
Definition: Acceptor.h:322
wangle::Acceptor::plaintextConnectionReady
virtual void plaintextConnectionReady(folly::AsyncTransportWrapper::UniquePtr sock, const folly::SocketAddress &clientAddr, const std::string &nextProtocolName, SecureTransportType secureTransportType, TransportInfo &tinfo)
Definition: Acceptor.cpp:388
wangle::Acceptor::getConnectionCountForLoadShedding
virtual uint64_t getConnectionCountForLoadShedding(void) const
Definition: Acceptor.h:321
wangle::DefaultToFizzPeekingCallback::setContext
void setContext(std::shared_ptr< fizz::server::FizzServerContext > context)
Definition: FizzAcceptorHandshakeHelper.h:125
wangle::Acceptor::defaultPeekingCallback_
DefaultToSSLPeekingCallback defaultPeekingCallback_
Definition: Acceptor.h:435
wangle::Acceptor::securityProtocolCtxManager_
SecurityProtocolContextManager securityProtocolCtxManager_
Definition: Acceptor.h:432
wangle::Acceptor::sslConnectionReady
virtual void sslConnectionReady(folly::AsyncTransportWrapper::UniquePtr sock, const folly::SocketAddress &clientAddr, const std::string &nextProtocol, SecureTransportType secureTransportType, TransportInfo &tinfo)
Definition: Acceptor.cpp:403
wangle::SSLCacheOptions::sslCacheTimeout
std::chrono::seconds sslCacheTimeout
Definition: SSLCacheOptions.h:24
wangle::SecurityProtocolContextManager::getHandshakeManager
AcceptorHandshakeManager * getHandshakeManager(Acceptor *acceptor, const folly::SocketAddress &clientAddr, std::chrono::steady_clock::time_point acceptTime, TransportInfo &tinfo) noexcept
Definition: SecurityProtocolContextManager.h:39
wangle::Acceptor::createFizzContext
virtual std::shared_ptr< fizz::server::FizzServerContext > createFizzContext()
Definition: Acceptor.cpp:135
counter
std::atomic< int > counter
Definition: PushmiBenchmarks.cpp:544
wangle::ServerSocketConfig::initialTicketSeeds
TLSTicketKeySeeds initialTicketSeeds
Definition: ServerSocketConfig.h:129
string
const char * string
Definition: Conv.cpp:212
wangle::Acceptor::gracefulShutdownTimeout_
std::chrono::milliseconds gracefulShutdownTimeout_
Definition: Acceptor.h:459
wangle::IConnectionCounter::getNumConnections
virtual uint64_t getNumConnections() const =0
folly::exception_wrapper
Definition: ExceptionWrapper.h:162
wangle::Acceptor::canAccept
virtual bool canAccept(const folly::SocketAddress &)
Definition: Acceptor.cpp:228
wangle::Acceptor::sslConnectionError
virtual void sslConnectionError(const folly::exception_wrapper &ex)
Definition: Acceptor.cpp:422
wangle::TransportInfo::appProtocol
std::shared_ptr< std::string > appProtocol
Definition: TransportInfo.h:199
wangle::TLSTicketKeySeeds::oldSeeds
std::vector< std::string > oldSeeds
Definition: TLSTicketKeySeeds.h:25
wangle::Acceptor::connectionAccepted
void connectionAccepted(int fd, const folly::SocketAddress &clientAddr) noexceptoverride
Definition: Acceptor.cpp:277
folly::StringPiece
Range< const char * > StringPiece
Definition: ScopedEventBaseThread.h:29
wangle::Acceptor::tlsPlaintextPeekingCallback_
TLSPlaintextPeekingCallback tlsPlaintextPeekingCallback_
Definition: Acceptor.h:434
folly::netops::close
int close(NetworkSocket s)
Definition: NetOps.cpp:90
wangle::Acceptor::resetSSLContextConfigs
virtual void resetSSLContextConfigs()
Definition: Acceptor.cpp:162
wangle::ServerSocketConfig::sslContextConfigs
std::vector< SSLContextConfig > sslContextConfigs
Definition: ServerSocketConfig.h:134
folly::AsyncSocket::UniquePtr
std::unique_ptr< AsyncSocket, Destructor > UniquePtr
Definition: AsyncSocket.h:83
wangle::Acceptor::sslCtxManager_
std::unique_ptr< SSLContextManager > sslCtxManager_
Definition: Acceptor.h:427
wangle::Acceptor::makeNewAsyncSSLSocket
virtual folly::AsyncSSLSocket::UniquePtr makeNewAsyncSSLSocket(const std::shared_ptr< folly::SSLContext > &ctx, folly::EventBase *base, int fd)
Definition: Acceptor.h:372
wangle::Acceptor::base_
folly::EventBase * base_
Definition: Acceptor.h:319
wangle::Acceptor::init
virtual void init(folly::AsyncServerSocket *serverSocket, folly::EventBase *eventBase, SSLStats *stats=nullptr)
Definition: Acceptor.cpp:60
wangle::Acceptor::onNewConnection
virtual void onNewConnection(folly::AsyncTransportWrapper::UniquePtr, const folly::SocketAddress *, const std::string &, SecureTransportType, const TransportInfo &)
Definition: Acceptor.h:350
wangle::Acceptor::drainAllConnections
void drainAllConnections()
Definition: Acceptor.cpp:214
wangle::Acceptor::dropAllConnections
void dropAllConnections()
Definition: Acceptor.cpp:513
folly::AsyncServerSocket::addAcceptCallback
virtual void addAcceptCallback(AcceptCallback *callback, EventBase *eventBase, uint32_t maxAtOnce=kDefaultCallbackAcceptAtOnce)
Definition: AsyncServerSocket.cpp:586