From: Willy Tarreau Date: Wed, 20 Jan 2021 13:41:29 +0000 (+0100) Subject: MINOR: ssl: provide a "show fd" helper to report important SSL information X-Git-Tag: v2.4-dev6~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=de5675a38c50a5c5d79c261f303c52ff9df241b3;p=thirdparty%2Fhaproxy.git MINOR: ssl: provide a "show fd" helper to report important SSL information The SSL context contains a lot of important details that are currently missing from debug outputs. Now that we detect ssl_sock, we can perform some sanity checks, print the next xprt, the subscriber callback's context, handler and number of calls. The process function is also resolved. This now gives for example on an H2 connection: 1029 : st=0x21(R:rA W:Ra) ev=0x01(heopI) [lc] tmask=0x2 umask=0x2 owner=0x7fc714881700 iocb=0x65b528(sock_conn_iocb) back=0 cflg=0x00001300 fe=recv mux=H2 ctx=0x7fc734545e50 h2c.st0=FRH .err=0 .maxid=217 .lastid=-1 .flg=0x0000 .nbst=0 .nbcs=0 .fctl_cnt=0 .send_cnt=0 .tree_cnt=0 .orph_cnt=0 .sub=1 .dsi=217 .dbuf=0@(nil)+0/0 .msi=-1 .mbuf=[1..1|32],h=[0@(nil)+0/0],t=[0@(nil)+0/0] xprt=SSL xprt_ctx=0x7fc73478f230 xctx.st=0 .xprt=RAW .wait.ev=1 .subs=0x7fc734546350(ev=1 tl=0x7fc7346702e0 tl.calls=278 tl.ctx=0x7fc734545e50 tl.fct=main-0x144efa) .sent_early=0 .early_in=0 --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 5ac81d36ac..f866bfd08f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6350,6 +6350,40 @@ static int ssl_check_async_engine_count(void) { } #endif +/* "show fd" helper to dump ssl internals. Warning: the output buffer is often + * the common trash! + */ +static void ssl_sock_show_fd(struct buffer *buf, const struct connection *conn, const void *ctx) +{ + const struct ssl_sock_ctx *sctx = ctx; + + if (!sctx) + return; + + if (sctx->conn != conn) + chunk_appendf(&trash, " xctx.conn=%p(BOGUS!)", sctx->conn); + chunk_appendf(&trash, " xctx.st=%d", sctx->xprt_st); + + if (sctx->xprt) { + chunk_appendf(&trash, " .xprt=%s", sctx->xprt->name); + if (sctx->xprt_ctx) + chunk_appendf(&trash, " .xctx=%p", sctx->xprt_ctx); + } + + chunk_appendf(&trash, " .wait.ev=%d", sctx->wait_event.events); + chunk_appendf(&trash, " .subs=%p", sctx->subs); + if (sctx->subs) { + chunk_appendf(&trash, "(ev=%d tl=%p", sctx->subs->events, sctx->subs->tasklet); + chunk_appendf(&trash, " tl.calls=%d tl.ctx=%p tl.fct=", + sctx->subs->tasklet->calls, + sctx->subs->tasklet->context); + resolve_sym_name(&trash, NULL, sctx->subs->tasklet->process); + chunk_appendf(&trash, ")"); + } + chunk_appendf(&trash, " .sent_early=%d", sctx->sent_early_data); + chunk_appendf(&trash, " .early_in=%d", (int)sctx->early_buf.data); +} + #if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0) /* This function is used with TLS ticket keys management. It permits to browse * each reference. The variable must point to the current node's list @@ -6633,6 +6667,7 @@ struct xprt_ops ssl_sock = { .get_alpn = ssl_sock_get_alpn, .takeover = ssl_takeover, .name = "SSL", + .show_fd = ssl_sock_show_fd, }; enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,