int init_sl_stats_child(void) { int len; len = sizeof(struct sl_stats) * get_max_procs(); *sl_stats = shm_malloc(len); if (*sl_stats == 0) { ERR("No shmem\n"); shm_free(sl_stats); return -1; } memset(*sl_stats, 0, len); return 0; }
int dbg_init_pid_list(void) { _dbg_pid_no = get_max_procs(); if(_dbg_pid_no<=0) return -1; if(_dbg_pid_list!=NULL) return -1; _dbg_pid_list = (dbg_pid_t*)shm_malloc(_dbg_pid_no*sizeof(dbg_pid_t)); if(_dbg_pid_list==NULL) return -1; memset(_dbg_pid_list, 0, _dbg_pid_no*sizeof(dbg_pid_t)); return 0; }
int pkg_proc_stats_init(void) { _pkg_proc_stats_no = get_max_procs(); if(_pkg_proc_stats_no<=0) return -1; if(_pkg_proc_stats_list!=NULL) return -1; _pkg_proc_stats_list = (pkg_proc_stats_t*)shm_malloc( _pkg_proc_stats_no*sizeof(pkg_proc_stats_t)); if(_pkg_proc_stats_list==NULL) return -1; memset(_pkg_proc_stats_list, 0, _pkg_proc_stats_no*sizeof(pkg_proc_stats_t)); return 0; }
static void rpc_stats(rpc_t* rpc, void* c) { void* st; struct sl_stats total; int p; int procs_no; memset(&total, 0, sizeof(struct sl_stats)); if (dont_fork) { add_sl_stats(&total, &(*sl_stats)[0]); } else{ procs_no=get_max_procs(); for (p=0; p < procs_no; p++) add_sl_stats(&total, &(*sl_stats)[p]); } if (rpc->add(c, "{", &st) < 0) return; rpc->struct_add(st, "ddd", "200", total.err[RT_200], "202", total.err[RT_202], "2xx", total.err[RT_2xx]); rpc->struct_add(st, "ddd", "300", total.err[RT_300], "301", total.err[RT_301], "302", total.err[RT_302], "3xx", total.err[RT_3xx]); rpc->struct_add(st, "dddddddd", "400", total.err[RT_400], "401", total.err[RT_401], "403", total.err[RT_403], "404", total.err[RT_404], "407", total.err[RT_407], "408", total.err[RT_408], "483", total.err[RT_483], "4xx", total.err[RT_4xx]); rpc->struct_add(st, "dd", "500", total.err[RT_500], "5xx", total.err[RT_5xx]); rpc->struct_add(st, "d", "6xx", total.err[RT_6xx]); rpc->struct_add(st, "d", "xxx", total.err[RT_xxx]); }
/** * @brief Configure generic SSL parameters * @param d domain * @return 0 */ static int set_ssl_options(tls_domain_t* d) { int i; int procs_no; long options; #if OPENSSL_VERSION_NUMBER >= 0x00908000L long ssl_version; STACK_OF(SSL_COMP)* comp_methods; #endif procs_no=get_max_procs(); options=SSL_OP_ALL; /* all the bug workarrounds by default */ #if OPENSSL_VERSION_NUMBER >= 0x00907000L options|=SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE; #if OPENSSL_VERSION_NUMBER >= 0x00908000L ssl_version=SSLeay(); if ((ssl_version >= 0x0090800L) && (ssl_version < 0x0090803fL)){ /* if 0.9.8 <= openssl version < 0.9.8c and compression support is * enabled disable SSL_OP_TLS_BLOCK_PADDING_BUG (set by SSL_OP_ALL), * see openssl #1204 http://rt.openssl.org/Ticket/Display.html?id=1204 */ comp_methods=SSL_COMP_get_compression_methods(); if (comp_methods && (sk_SSL_COMP_num(comp_methods) > 0)){ options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG; LOG(L_WARN, "tls: set_ssl_options: openssl " "SSL_OP_TLS_BLOCK_PADDING bug workaround enabled " "(openssl version %lx)\n", ssl_version); }else{ LOG(L_INFO, "tls: set_ssl_options: detected openssl version (%lx) " " has the SSL_OP_TLS_BLOCK_PADDING bug, but compression " " is disabled so no workaround is needed\n", ssl_version); } } # endif #endif for(i = 0; i < procs_no; i++) { SSL_CTX_set_options(d->ctx[i], options); if(sr_tls_renegotiation==0) SSL_CTX_set_info_callback(d->ctx[i], sr_ssl_ctx_info_callback); } return 0; }
/** * @brief Configure cipher list * @param d domain * @return 0 on success, -1 on error */ static int set_cipher_list(tls_domain_t* d) { int i; int procs_no; char* cipher_list; cipher_list=d->cipher_list.s; #ifdef TLS_KSSL_WORKARROUND if (openssl_kssl_malloc_bug) { /* is openssl bug #1467 present ? */ if (d->cipher_list.s==0) { /* use "DEFAULT:!KRB5" */ cipher_list="DEFAULT:!KRB5"; } else { /* append ":!KRB5" */ cipher_list=shm_malloc(d->cipher_list.len+C_NO_KRB5_SUFFIX_LEN+1); if (cipher_list) { memcpy(cipher_list, d->cipher_list.s, d->cipher_list.len); memcpy(cipher_list+d->cipher_list.len, C_NO_KRB5_SUFFIX, C_NO_KRB5_SUFFIX_LEN); cipher_list[d->cipher_list.len+C_NO_KRB5_SUFFIX_LEN]=0; shm_free(d->cipher_list.s); d->cipher_list.s=cipher_list; d->cipher_list.len+=C_NO_KRB5_SUFFIX_LEN; } } } #endif /* TLS_KSSL_WORKARROUND */ if (!cipher_list) return 0; procs_no=get_max_procs(); for(i = 0; i < procs_no; i++) { if (SSL_CTX_set_cipher_list(d->ctx[i], cipher_list) == 0 ) { ERR("%s: Failure to set SSL context cipher list \"%s\"\n", tls_domain_str(d), cipher_list); return -1; } #ifndef OPENSSL_NO_ECDH setup_ecdh(d->ctx[i]); #endif #ifndef OPENSSL_NO_DH setup_dh(d->ctx[i]); #endif } return 0; }
static void sl_stats_update(void) { int p; int procs_no; ticks_t t; t = get_ticks(); if(t==_sl_stats_tm) return; _sl_stats_tm = t; memset(&_sl_stats_total, 0, sizeof(struct sl_stats)); if (dont_fork) { add_sl_stats(&_sl_stats_total, &(*sl_stats)[0]); } else{ procs_no=get_max_procs(); for (p=0; p < procs_no; p++) add_sl_stats(&_sl_stats_total, &(*sl_stats)[p]); } }
static unsigned long stat_sum(int ivar, int breset) { unsigned long isum=0; int i1=0; for (; i1 < get_max_procs(); i1++) switch (ivar) { case 0: isum+=dst_blacklist_stats[i1].bkl_hit_cnt; if (breset) dst_blacklist_stats[i1].bkl_hit_cnt=0; break; case 1: isum+=dst_blacklist_stats[i1].bkl_lru_cnt; if (breset) dst_blacklist_stats[i1].bkl_lru_cnt=0; break; } return isum; }
/* * Free all memory used by configuration domain */ void tls_free_domain(tls_domain_t* d) { int i; int procs_no; if (!d) return; if (d->ctx) { procs_no=get_max_procs(); for(i = 0; i < procs_no; i++) { if (d->ctx[i]) SSL_CTX_free(d->ctx[i]); } shm_free(d->ctx); } if (d->cipher_list.s) shm_free(d->cipher_list.s); if (d->ca_file.s) shm_free(d->ca_file.s); if (d->crl_file.s) shm_free(d->crl_file.s); if (d->pkey_file.s) shm_free(d->pkey_file.s); if (d->cert_file.s) shm_free(d->cert_file.s); shm_free(d); }
int init_tm_stats_child(void) { int size; /* We are called from child_init, estimated_process_count has definitive * value now and thus we can safely allocate the variables */ if (tm_stats==0){ size=sizeof(*tm_stats) * get_max_procs(); tm_stats=shm_malloc(size); if (tm_stats == 0) { ERR("No mem for stats\n"); goto error; } memset(tm_stats, 0, size); } return 0; error: return -1; }
/** * @brief Configure TLS session cache parameters * @param d domain * @return 0 */ static int set_session_cache(tls_domain_t* d) { int i; int procs_no; str tls_session_id; procs_no=get_max_procs(); tls_session_id=cfg_get(tls, tls_cfg, session_id); for(i = 0; i < procs_no; i++) { /* janakj: I am not sure if session cache makes sense in ser, session * cache is stored in SSL_CTX and we have one SSL_CTX per process, * thus sessions among processes will not be reused */ SSL_CTX_set_session_cache_mode(d->ctx[i], cfg_get(tls, tls_cfg, session_cache) ? SSL_SESS_CACHE_SERVER : SSL_SESS_CACHE_OFF); /* not really needed is SSL_SESS_CACHE_OFF */ SSL_CTX_set_session_id_context(d->ctx[i], (unsigned char*)tls_session_id.s, tls_session_id.len); } return 0; }
/** * @brief Enable/disable TLS certificate verification * @param d domain * @return 0 */ static int set_verification(tls_domain_t* d) { int verify_mode, i; int procs_no; if (d->require_cert) { verify_mode = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT; LOG(L_INFO, "%s: %s MUST present valid certificate\n", tls_domain_str(d), d->type & TLS_DOMAIN_SRV ? "Client" : "Server"); } else { if (d->verify_cert) { verify_mode = SSL_VERIFY_PEER; if (d->type & TLS_DOMAIN_SRV) { LOG(L_INFO, "%s: IF client provides certificate then it" " MUST be valid\n", tls_domain_str(d)); } else { LOG(L_INFO, "%s: Server MUST present valid certificate\n", tls_domain_str(d)); } } else { verify_mode = SSL_VERIFY_NONE; if (d->type & TLS_DOMAIN_SRV) { LOG(L_INFO, "%s: No client certificate required and no checks" " performed\n", tls_domain_str(d)); } else { LOG(L_INFO, "%s: Server MAY present invalid certificate\n", tls_domain_str(d)); } } } procs_no=get_max_procs(); for(i = 0; i < procs_no; i++) { SSL_CTX_set_verify(d->ctx[i], verify_mode, 0); SSL_CTX_set_verify_depth(d->ctx[i], d->verify_depth); } return 0; }
/** * @brief Load certificate from file * @param d domain * @return 0 if not configured or on success, -1 on error */ static int load_cert(tls_domain_t* d) { int i; int procs_no; if (!d->cert_file.s || !d->cert_file.len) { DBG("%s: No certificate configured\n", tls_domain_str(d)); return 0; } if (fix_shm_pathname(&d->cert_file) < 0) return -1; procs_no=get_max_procs(); for(i = 0; i < procs_no; i++) { if (!SSL_CTX_use_certificate_chain_file(d->ctx[i], d->cert_file.s)) { ERR("%s: Unable to load certificate file '%s'\n", tls_domain_str(d), d->cert_file.s); TLS_ERR("load_cert:"); return -1; } } return 0; }
/* ADIOI_cb_config_list_parse() - parse the cb_config_list and build the * ranklist * * Parameters: * (pretty self explanatory) * * Returns number of ranks allocated in parsing, -1 on error. */ int ADIOI_cb_config_list_parse(char *config_list, ADIO_cb_name_array array, int ranklist[], int cb_nodes) { int token, max_procs, cur_rank = 0, nr_procnames; char *cur_procname, *cur_procname_p, **procnames; char *used_procnames; nr_procnames = array->namect; procnames = array->names; /* nothing big goes on the stack */ /* we use info val here and for yylval because we know the string * cannot be any bigger than this. */ cur_procname = ADIOI_Malloc((MPI_MAX_INFO_VAL+1) * sizeof(char)); if (cur_procname == NULL) { return -1; } yylval = ADIOI_Malloc((MPI_MAX_INFO_VAL+1) * sizeof(char)); if (yylval == NULL) { ADIOI_Free(cur_procname); return -1; } token_ptr = config_list; /* right away let's make sure cb_nodes isn't too big */ if (cb_nodes > nr_procnames) cb_nodes = nr_procnames; /* used_procnames is used as a mask so that we don't have to destroy * our procnames array */ used_procnames = ADIOI_Malloc(array->namect * sizeof(char)); if (used_procnames == NULL) { ADIOI_Free(cur_procname); ADIOI_Free(yylval); yylval = NULL; return -1; } memset(used_procnames, 0, array->namect); /* optimization for "*:*"; arguably this could be done before we * build the list of processor names...but that would make things * messy. */ if (strcmp(config_list, "*:*") == 0) { for (cur_rank = 0; cur_rank < cb_nodes; cur_rank++) { ranklist[cur_rank] = cur_rank; } ADIOI_Free(cur_procname); ADIOI_Free(yylval); yylval = NULL; ADIOI_Free(used_procnames); return cb_nodes; } while (cur_rank < cb_nodes) { token = cb_config_list_lex(); if (token == AGG_EOS) { ADIOI_Free(cur_procname); ADIOI_Free(yylval); yylval = NULL; ADIOI_Free(used_procnames); return cur_rank; } if (token != AGG_WILDCARD && token != AGG_STRING) { /* maybe ignore and try to keep going? */ FPRINTF(stderr, "error parsing config list\n"); ADIOI_Free(cur_procname); ADIOI_Free(yylval); yylval = NULL; ADIOI_Free(used_procnames); return cur_rank; } if (token == AGG_WILDCARD) { cur_procname_p = NULL; } else { /* AGG_STRING is the only remaining case */ /* save procname (for now) */ ADIOI_Strncpy(cur_procname, yylval, MPI_MAX_INFO_VAL+1); cur_procname_p = cur_procname; } /* after we have saved the current procname, we can grab max_procs */ max_procs = get_max_procs(cb_nodes); #ifdef CB_CONFIG_LIST_DEBUG if (token == AGG_WILDCARD) { FPRINTF(stderr, "looking for *:%d\n", max_procs); } else { FPRINTF(stderr, "looking for %s:%d\n", cur_procname, max_procs); } #endif /* do the matching for this piece of the cb_config_list */ match_procs(cur_procname_p, max_procs, procnames, used_procnames, nr_procnames, ranklist, cb_nodes, &cur_rank); } ADIOI_Free(cur_procname); ADIOI_Free(yylval); yylval = NULL; ADIOI_Free(used_procnames); return cur_rank; }