REORG: ssl-sock: move the sslconns/totalsslconns counters to global

These two counters were the only ones not in the global struct, while
the SSL freq counters or the req counts are already in it, this forces
stats.c to include ssl_sock just to know about them. Let's move them
over there with their friends. This reduces from 408 to 384 the number
of includes of opensslconf.h.

diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h
index d7c94813239c92fae8729d186463908a05ca1dee..554d1d9369e68d61e4f5e972e089fafa332354dc 100644 (file)
--- a/include/haproxy/global-t.h
+++ b/include/haproxy/global-t.h
@@ -179,6 +179,7 @@ struct global {
        struct freq_ctr comp_bps_in;    /* bytes per second, before http compression */
        struct freq_ctr comp_bps_out;   /* bytes per second, after http compression */
        struct freq_ctr out_32bps;      /* #of 32-byte blocks emitted per second */
+       uint sslconns, totalsslconns;   /* active, total # of SSL conns */
        unsigned long long out_bytes;   /* total #of bytes emitted */
        unsigned long long spliced_out_bytes; /* total #of bytes emitted though a kernel pipe */
        int cps_lim, cps_max;

diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 2fdf8e2268a4edc609aff7adaefd0abd58b0de16..3d0eee9b1a6c5257c5dc7fd941d4f24550f7e642 100644 (file)
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -32,8 +32,6 @@
 #include <haproxy/thread.h>
 
 extern struct list tlskeys_reference;
-extern int sslconns;
-extern int totalsslconns;
 extern struct eb_root ckchs_tree;
 extern struct eb_root crtlists_tree;
 extern struct eb_root cafile_tree;

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ae28bca0d210105d45c4486a70bfed217b094522..8b81ef8a464f4908ec4c0e9c667aa8e9d4cef82d 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -92,8 +92,6 @@
  * to conditionally define it in openssl-compat.h than using lots of ifdefs.
  */
 
-int sslconns = 0;
-int totalsslconns = 0;
 int nb_engines = 0;
 
 static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
@@ -708,7 +706,7 @@ void ssl_async_fd_free(int fd)
 
        /* Now we can safely call SSL_free, no more pending job in engines */
        SSL_free(ssl);
-       _HA_ATOMIC_DEC(&sslconns);
+       _HA_ATOMIC_DEC(&global.sslconns);
        _HA_ATOMIC_DEC(&jobs);
 }
 /*
@@ -5438,7 +5436,7 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
                        goto err;
        }
 
-       if (global.maxsslconn && sslconns >= global.maxsslconn) {
+       if (global.maxsslconn && global.sslconns >= global.maxsslconn) {
                conn->err_code = CO_ER_SSL_TOO_MANY;
                goto err;
        }
@@ -5467,8 +5465,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
                /* leave init state and start handshake */
                conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 
-               _HA_ATOMIC_INC(&sslconns);
-               _HA_ATOMIC_INC(&totalsslconns);
+               _HA_ATOMIC_INC(&global.sslconns);
+               _HA_ATOMIC_INC(&global.totalsslconns);
                *xprt_ctx = ctx;
                return 0;
        }
@@ -5500,8 +5498,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
                        conn->flags |= CO_FL_EARLY_SSL_HS;
 #endif
 
-               _HA_ATOMIC_INC(&sslconns);
-               _HA_ATOMIC_INC(&totalsslconns);
+               _HA_ATOMIC_INC(&global.sslconns);
+               _HA_ATOMIC_INC(&global.totalsslconns);
                *xprt_ctx = ctx;
                return 0;
        }
@@ -6440,7 +6438,7 @@ void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
                b_free(&ctx->early_buf);
                tasklet_free(ctx->wait_event.tasklet);
                pool_free(ssl_sock_ctx_pool, ctx);
-               _HA_ATOMIC_DEC(&sslconns);
+               _HA_ATOMIC_DEC(&global.sslconns);
        }
 }
 

diff --git a/src/stats.c b/src/stats.c
index 2b5c0e50812151dc1958b041936eec3886b46838..4c8ea0c8d5dc84afa55a63f5729d0dbaaa0015ed 100644 (file)
--- a/src/stats.c
+++ b/src/stats.c
@@ -55,7 +55,6 @@
 #include <haproxy/resolvers.h>
 #include <haproxy/server.h>
 #include <haproxy/session.h>
-#include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <haproxy/stream.h>
 #include <haproxy/stream_interface.h>
@@ -4447,8 +4446,8 @@ int stats_fill_info(struct field *info, int len, uint flags)
        info[INF_CUM_REQ]                        = mkf_u32(FN_COUNTER, global.req_count);
 #ifdef USE_OPENSSL
        info[INF_MAX_SSL_CONNS]                  = mkf_u32(FN_MAX, global.maxsslconn);
-       info[INF_CURR_SSL_CONNS]                 = mkf_u32(0, sslconns);
-       info[INF_CUM_SSL_CONNS]                  = mkf_u32(FN_COUNTER, totalsslconns);
+       info[INF_CURR_SSL_CONNS]                 = mkf_u32(0, global.sslconns);
+       info[INF_CUM_SSL_CONNS]                  = mkf_u32(FN_COUNTER, global.totalsslconns);
 #endif
        info[INF_MAXPIPES]                       = mkf_u32(FO_CONFIG|FN_LIMIT, global.maxpipes);
        info[INF_PIPES_USED]                     = mkf_u32(0, pipes_used);