]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: bc8e1f1 288c8ef)
Fast SNI peek
authorChristos Tsantilas <chtsanti@users.sourceforge.net>
Wed, 18 May 2016 17:22:44 +0000 (20:22 +0300)
committerChristos Tsantilas <chtsanti@users.sourceforge.net>
Wed, 18 May 2016 17:22:44 +0000 (20:22 +0300)
commitbea1ea3533abec08dee56cddf204a6da62052c48
tree0e2a2409d0728f1d4009236a524a0e45e2fe9e78tree
parentbc8e1f18411a4c304997ac9667ba72f10c17f46dcommit | diff
parent288c8ef092d9ce2a74a8e5a5aa8709a778392c14commit | diff
Fast SNI peek

Currently, bumping peek mode at step2 and splice at step2, after the SNI is
received is slow.
The most of the performance overhead comes from openSSL. However Squid does not
need openSSL to peek at SNI. It needs only to get client TLS Hello message
analyze it to retrieve SNI and then splice at step2.

This patch:
  - Postpone creation of the OpenSSL connection (i.e. SSL) object for the
    accepted TCP connection until after we peek at SNI (after step2).
  - Implements the Parser::BinaryTokenizer parser for extracting byte-oriented
    fields from raw input
  - Reimplement a new SSL/TLS handshake messages parser using the
    BinaryTokenizer, and remove old buggy parsing code from ssl/bio.cc
  - Adjust ConnStateData, Ssl::Bio, Ssl::PeerConnector classes to use the
    new parsers and parsing results.

This is a Measurement Factory project
src/security/Handshake.cc | diff2 | blob | history
src/security/Handshake.h | diff2 | blob | history
src/ssl/bio.h diff1 | diff2 | blob | history
Mirror of https://github.com/squid-cache/squid.git