From: Petr Lapukhov Date: Wed, 25 Jan 2017 05:23:20 +0000 (-0800) Subject: Add disableTransparentTls call X-Git-Tag: v2017.03.06.00~83 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a73e2ed615c0207b66a251025c36146c98b222b8;p=folly.git Add disableTransparentTls call Summary: Similar to AsyncSocket, allow setting reserved sockopt after bind(). This will be recognized by intercepted accept4() call and forked sockets will properly have the TLS flag disabled. Reviewed By: djwatson Differential Revision: D4458831 fbshipit-source-id: fa753b9d849bd661563364d36229113f7abb0ee0 --- diff --git a/folly/io/async/AsyncServerSocket.cpp b/folly/io/async/AsyncServerSocket.cpp index 6b2b9466..dc6b4b6c 100644 --- a/folly/io/async/AsyncServerSocket.cpp +++ b/folly/io/async/AsyncServerSocket.cpp @@ -281,6 +281,13 @@ void AsyncServerSocket::useExistingSockets(const std::vector& fds) { SocketAddress address; address.setFromLocalAddress(fd); +#if __linux__ + if (noTransparentTls_) { + // Ignore return value, errors are ok + setsockopt(fd, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0); + } +#endif + setupSocket(fd, address.getFamily()); sockets_.emplace_back(eventBase_, fd, this, address.getFamily()); sockets_.back().changeHandlerFD(fd); @@ -298,6 +305,7 @@ void AsyncServerSocket::bindSocket( sockaddr_storage addrStorage; address.getAddress(&addrStorage); sockaddr* saddr = reinterpret_cast(&addrStorage); + if (fsp::bind(fd, saddr, address.getActualSize()) != 0) { if (!isExistingSocket) { closeNoInt(fd); @@ -307,6 +315,13 @@ void AsyncServerSocket::bindSocket( address.describe()); } +#if __linux__ + if (noTransparentTls_) { + // Ignore return value, errors are ok + setsockopt(fd, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0); + } +#endif + // If we just created this socket, update the EventHandler and set socket_ if (!isExistingSocket) { sockets_.emplace_back(eventBase_, fd, this, address.getFamily()); @@ -413,6 +428,13 @@ void AsyncServerSocket::bind(uint16_t port) { SocketAddress::getFamilyNameFrom(res->ai_addr, "")); } +#if __linux__ + if (noTransparentTls_) { + // Ignore return value, errors are ok + setsockopt(s, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0); + } +#endif + SocketAddress address; address.setFromLocalAddress(s); diff --git a/folly/io/async/AsyncServerSocket.h b/folly/io/async/AsyncServerSocket.h index a6b4de6d..f509cbc6 100644 --- a/folly/io/async/AsyncServerSocket.h +++ b/folly/io/async/AsyncServerSocket.h @@ -38,6 +38,10 @@ #define SO_REUSEPORT 15 #endif +#if defined __linux__ && !defined SO_NO_TRANSPARENT_TLS +#define SO_NO_TRANSPARENT_TLS 200 +#endif + namespace folly { /** @@ -678,6 +682,13 @@ class AsyncServerSocket : public DelayedDestruction tfoMaxQueueSize_ = maxTFOQueueSize; } + /** + * Do not attempt the transparent TLS handshake + */ + void disableTransparentTls() { + noTransparentTls_ = true; + } + /** * Get whether or not the socket is accepting new connections */ @@ -857,6 +868,7 @@ class AsyncServerSocket : public DelayedDestruction bool reusePortEnabled_{false}; bool closeOnExec_; bool tfo_{false}; + bool noTransparentTls_{false}; uint32_t tfoMaxQueueSize_{0}; ShutdownSocketSet* shutdownSocketSet_; ConnectionEventCallback* connectionEventCallback_{nullptr};