int init_sl_stats_child(void)
{
int len;
len = sizeof(struct sl_stats) * get_max_procs();
*sl_stats = shm_malloc(len);
if (*sl_stats == 0) {
ERR("No shmem\n");
shm_free(sl_stats);
return -1;
}
memset(*sl_stats, 0, len);
return 0;
}
int dbg_init_pid_list(void)
{
_dbg_pid_no = get_max_procs();
if(_dbg_pid_no<=0)
return -1;
if(_dbg_pid_list!=NULL)
return -1;
_dbg_pid_list = (dbg_pid_t*)shm_malloc(_dbg_pid_no*sizeof(dbg_pid_t));
if(_dbg_pid_list==NULL)
return -1;
memset(_dbg_pid_list, 0, _dbg_pid_no*sizeof(dbg_pid_t));
return 0;
}
int pkg_proc_stats_init(void)
{
_pkg_proc_stats_no = get_max_procs();
if(_pkg_proc_stats_no<=0)
return -1;
if(_pkg_proc_stats_list!=NULL)
return -1;
_pkg_proc_stats_list = (pkg_proc_stats_t*)shm_malloc(
_pkg_proc_stats_no*sizeof(pkg_proc_stats_t));
if(_pkg_proc_stats_list==NULL)
return -1;
memset(_pkg_proc_stats_list, 0,
_pkg_proc_stats_no*sizeof(pkg_proc_stats_t));
return 0;
}
static void rpc_stats(rpc_t* rpc, void* c)
{
void* st;
struct sl_stats total;
int p;
int procs_no;
memset(&total, 0, sizeof(struct sl_stats));
if (dont_fork) {
add_sl_stats(&total, &(*sl_stats)[0]);
} else{
procs_no=get_max_procs();
for (p=0; p < procs_no; p++)
add_sl_stats(&total, &(*sl_stats)[p]);
}
if (rpc->add(c, "{", &st) < 0) return;
rpc->struct_add(st, "ddd",
"200", total.err[RT_200],
"202", total.err[RT_202],
"2xx", total.err[RT_2xx]);
rpc->struct_add(st, "ddd",
"300", total.err[RT_300],
"301", total.err[RT_301],
"302", total.err[RT_302],
"3xx", total.err[RT_3xx]);
rpc->struct_add(st, "dddddddd",
"400", total.err[RT_400],
"401", total.err[RT_401],
"403", total.err[RT_403],
"404", total.err[RT_404],
"407", total.err[RT_407],
"408", total.err[RT_408],
"483", total.err[RT_483],
"4xx", total.err[RT_4xx]);
rpc->struct_add(st, "dd",
"500", total.err[RT_500],
"5xx", total.err[RT_5xx]);
rpc->struct_add(st, "d", "6xx", total.err[RT_6xx]);
rpc->struct_add(st, "d", "xxx", total.err[RT_xxx]);
}
/**
* @brief Configure generic SSL parameters
* @param d domain
* @return 0
*/
static int set_ssl_options(tls_domain_t* d)
{
int i;
int procs_no;
long options;
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
long ssl_version;
STACK_OF(SSL_COMP)* comp_methods;
#endif
procs_no=get_max_procs();
options=SSL_OP_ALL; /* all the bug workarrounds by default */
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
options|=SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
SSL_OP_CIPHER_SERVER_PREFERENCE;
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
ssl_version=SSLeay();
if ((ssl_version >= 0x0090800L) && (ssl_version < 0x0090803fL)){
/* if 0.9.8 <= openssl version < 0.9.8c and compression support is
* enabled disable SSL_OP_TLS_BLOCK_PADDING_BUG (set by SSL_OP_ALL),
* see openssl #1204 http://rt.openssl.org/Ticket/Display.html?id=1204
*/
comp_methods=SSL_COMP_get_compression_methods();
if (comp_methods && (sk_SSL_COMP_num(comp_methods) > 0)){
options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
LOG(L_WARN, "tls: set_ssl_options: openssl "
"SSL_OP_TLS_BLOCK_PADDING bug workaround enabled "
"(openssl version %lx)\n", ssl_version);
}else{
LOG(L_INFO, "tls: set_ssl_options: detected openssl version (%lx) "
" has the SSL_OP_TLS_BLOCK_PADDING bug, but compression "
" is disabled so no workaround is needed\n", ssl_version);
}
}
# endif
#endif
for(i = 0; i < procs_no; i++) {
SSL_CTX_set_options(d->ctx[i], options);
if(sr_tls_renegotiation==0)
SSL_CTX_set_info_callback(d->ctx[i], sr_ssl_ctx_info_callback);
}
return 0;
}
/**
* @brief Configure cipher list
* @param d domain
* @return 0 on success, -1 on error
*/
static int set_cipher_list(tls_domain_t* d)
{
int i;
int procs_no;
char* cipher_list;
cipher_list=d->cipher_list.s;
#ifdef TLS_KSSL_WORKARROUND
if (openssl_kssl_malloc_bug) { /* is openssl bug #1467 present ? */
if (d->cipher_list.s==0) {
/* use "DEFAULT:!KRB5" */
cipher_list="DEFAULT:!KRB5";
} else {
/* append ":!KRB5" */
cipher_list=shm_malloc(d->cipher_list.len+C_NO_KRB5_SUFFIX_LEN+1);
if (cipher_list) {
memcpy(cipher_list, d->cipher_list.s, d->cipher_list.len);
memcpy(cipher_list+d->cipher_list.len, C_NO_KRB5_SUFFIX,
C_NO_KRB5_SUFFIX_LEN);
cipher_list[d->cipher_list.len+C_NO_KRB5_SUFFIX_LEN]=0;
shm_free(d->cipher_list.s);
d->cipher_list.s=cipher_list;
d->cipher_list.len+=C_NO_KRB5_SUFFIX_LEN;
}
}
}
#endif /* TLS_KSSL_WORKARROUND */
if (!cipher_list) return 0;
procs_no=get_max_procs();
for(i = 0; i < procs_no; i++) {
if (SSL_CTX_set_cipher_list(d->ctx[i], cipher_list) == 0 ) {
ERR("%s: Failure to set SSL context cipher list \"%s\"\n",
tls_domain_str(d), cipher_list);
return -1;
}
#ifndef OPENSSL_NO_ECDH
setup_ecdh(d->ctx[i]);
#endif
#ifndef OPENSSL_NO_DH
setup_dh(d->ctx[i]);
#endif
}
return 0;
}
static void sl_stats_update(void)
{
int p;
int procs_no;
ticks_t t;
t = get_ticks();
if(t==_sl_stats_tm)
return;
_sl_stats_tm = t;
memset(&_sl_stats_total, 0, sizeof(struct sl_stats));
if (dont_fork) {
add_sl_stats(&_sl_stats_total, &(*sl_stats)[0]);
} else{
procs_no=get_max_procs();
for (p=0; p < procs_no; p++)
add_sl_stats(&_sl_stats_total, &(*sl_stats)[p]);
}
}
static unsigned long stat_sum(int ivar, int breset) {
unsigned long isum=0;
int i1=0;
for (; i1 < get_max_procs(); i1++)
switch (ivar) {
case 0:
isum+=dst_blacklist_stats[i1].bkl_hit_cnt;
if (breset)
dst_blacklist_stats[i1].bkl_hit_cnt=0;
break;
case 1:
isum+=dst_blacklist_stats[i1].bkl_lru_cnt;
if (breset)
dst_blacklist_stats[i1].bkl_lru_cnt=0;
break;
}
return isum;
}
/*
* Free all memory used by configuration domain
*/
void tls_free_domain(tls_domain_t* d)
{
int i;
int procs_no;
if (!d) return;
if (d->ctx) {
procs_no=get_max_procs();
for(i = 0; i < procs_no; i++) {
if (d->ctx[i]) SSL_CTX_free(d->ctx[i]);
}
shm_free(d->ctx);
}
if (d->cipher_list.s) shm_free(d->cipher_list.s);
if (d->ca_file.s) shm_free(d->ca_file.s);
if (d->crl_file.s) shm_free(d->crl_file.s);
if (d->pkey_file.s) shm_free(d->pkey_file.s);
if (d->cert_file.s) shm_free(d->cert_file.s);
shm_free(d);
}
int init_tm_stats_child(void)
{
int size;
/* We are called from child_init, estimated_process_count has definitive
* value now and thus we can safely allocate the variables
*/
if (tm_stats==0){
size=sizeof(*tm_stats) * get_max_procs();
tm_stats=shm_malloc(size);
if (tm_stats == 0) {
ERR("No mem for stats\n");
goto error;
}
memset(tm_stats, 0, size);
}
return 0;
error:
return -1;
}
/**
* @brief Configure TLS session cache parameters
* @param d domain
* @return 0
*/
static int set_session_cache(tls_domain_t* d)
{
int i;
int procs_no;
str tls_session_id;
procs_no=get_max_procs();
tls_session_id=cfg_get(tls, tls_cfg, session_id);
for(i = 0; i < procs_no; i++) {
/* janakj: I am not sure if session cache makes sense in ser, session
* cache is stored in SSL_CTX and we have one SSL_CTX per process,
* thus sessions among processes will not be reused
*/
SSL_CTX_set_session_cache_mode(d->ctx[i],
cfg_get(tls, tls_cfg, session_cache) ? SSL_SESS_CACHE_SERVER :
SSL_SESS_CACHE_OFF);
/* not really needed is SSL_SESS_CACHE_OFF */
SSL_CTX_set_session_id_context(d->ctx[i],
(unsigned char*)tls_session_id.s, tls_session_id.len);
}
return 0;
}
/**
* @brief Enable/disable TLS certificate verification
* @param d domain
* @return 0
*/
static int set_verification(tls_domain_t* d)
{
int verify_mode, i;
int procs_no;
if (d->require_cert) {
verify_mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
LOG(L_INFO, "%s: %s MUST present valid certificate\n",
tls_domain_str(d), d->type & TLS_DOMAIN_SRV ? "Client" : "Server");
} else {
if (d->verify_cert) {
verify_mode = SSL_VERIFY_PEER;
if (d->type & TLS_DOMAIN_SRV) {
LOG(L_INFO, "%s: IF client provides certificate then it"
" MUST be valid\n", tls_domain_str(d));
} else {
LOG(L_INFO, "%s: Server MUST present valid certificate\n",
tls_domain_str(d));
}
} else {
verify_mode = SSL_VERIFY_NONE;
if (d->type & TLS_DOMAIN_SRV) {
LOG(L_INFO, "%s: No client certificate required and no checks"
" performed\n", tls_domain_str(d));
} else {
LOG(L_INFO, "%s: Server MAY present invalid certificate\n",
tls_domain_str(d));
}
}
}
procs_no=get_max_procs();
for(i = 0; i < procs_no; i++) {
SSL_CTX_set_verify(d->ctx[i], verify_mode, 0);
SSL_CTX_set_verify_depth(d->ctx[i], d->verify_depth);
}
return 0;
}
/**
* @brief Load certificate from file
* @param d domain
* @return 0 if not configured or on success, -1 on error
*/
static int load_cert(tls_domain_t* d)
{
int i;
int procs_no;
if (!d->cert_file.s || !d->cert_file.len) {
DBG("%s: No certificate configured\n", tls_domain_str(d));
return 0;
}
if (fix_shm_pathname(&d->cert_file) < 0)
return -1;
procs_no=get_max_procs();
for(i = 0; i < procs_no; i++) {
if (!SSL_CTX_use_certificate_chain_file(d->ctx[i], d->cert_file.s)) {
ERR("%s: Unable to load certificate file '%s'\n",
tls_domain_str(d), d->cert_file.s);
TLS_ERR("load_cert:");
return -1;
}
}
return 0;
}
/* ADIOI_cb_config_list_parse() - parse the cb_config_list and build the
* ranklist
*
* Parameters:
* (pretty self explanatory)
*
* Returns number of ranks allocated in parsing, -1 on error.
*/
int ADIOI_cb_config_list_parse(char *config_list,
ADIO_cb_name_array array,
int ranklist[],
int cb_nodes)
{
int token, max_procs, cur_rank = 0, nr_procnames;
char *cur_procname, *cur_procname_p, **procnames;
char *used_procnames;
nr_procnames = array->namect;
procnames = array->names;
/* nothing big goes on the stack */
/* we use info val here and for yylval because we know the string
* cannot be any bigger than this.
*/
cur_procname = ADIOI_Malloc((MPI_MAX_INFO_VAL+1) * sizeof(char));
if (cur_procname == NULL) {
return -1;
}
yylval = ADIOI_Malloc((MPI_MAX_INFO_VAL+1) * sizeof(char));
if (yylval == NULL) {
ADIOI_Free(cur_procname);
return -1;
}
token_ptr = config_list;
/* right away let's make sure cb_nodes isn't too big */
if (cb_nodes > nr_procnames) cb_nodes = nr_procnames;
/* used_procnames is used as a mask so that we don't have to destroy
* our procnames array
*/
used_procnames = ADIOI_Malloc(array->namect * sizeof(char));
if (used_procnames == NULL) {
ADIOI_Free(cur_procname);
ADIOI_Free(yylval);
yylval = NULL;
return -1;
}
memset(used_procnames, 0, array->namect);
/* optimization for "*:*"; arguably this could be done before we
* build the list of processor names...but that would make things
* messy.
*/
if (strcmp(config_list, "*:*") == 0) {
for (cur_rank = 0; cur_rank < cb_nodes; cur_rank++) {
ranklist[cur_rank] = cur_rank;
}
ADIOI_Free(cur_procname);
ADIOI_Free(yylval);
yylval = NULL;
ADIOI_Free(used_procnames);
return cb_nodes;
}
while (cur_rank < cb_nodes) {
token = cb_config_list_lex();
if (token == AGG_EOS) {
ADIOI_Free(cur_procname);
ADIOI_Free(yylval);
yylval = NULL;
ADIOI_Free(used_procnames);
return cur_rank;
}
if (token != AGG_WILDCARD && token != AGG_STRING) {
/* maybe ignore and try to keep going? */
FPRINTF(stderr, "error parsing config list\n");
ADIOI_Free(cur_procname);
ADIOI_Free(yylval);
yylval = NULL;
ADIOI_Free(used_procnames);
return cur_rank;
}
if (token == AGG_WILDCARD) {
cur_procname_p = NULL;
}
else {
/* AGG_STRING is the only remaining case */
/* save procname (for now) */
ADIOI_Strncpy(cur_procname, yylval, MPI_MAX_INFO_VAL+1);
cur_procname_p = cur_procname;
}
/* after we have saved the current procname, we can grab max_procs */
max_procs = get_max_procs(cb_nodes);
#ifdef CB_CONFIG_LIST_DEBUG
if (token == AGG_WILDCARD) {
FPRINTF(stderr, "looking for *:%d\n", max_procs);
}
else {
FPRINTF(stderr, "looking for %s:%d\n", cur_procname, max_procs);
}
#endif
/* do the matching for this piece of the cb_config_list */
match_procs(cur_procname_p, max_procs, procnames, used_procnames,
nr_procnames, ranklist, cb_nodes, &cur_rank);
}
ADIOI_Free(cur_procname);
ADIOI_Free(yylval);
yylval = NULL;
ADIOI_Free(used_procnames);
return cur_rank;
}
