From a73e2ed615c0207b66a251025c36146c98b222b8 Mon Sep 17 00:00:00 2001 From: Petr Lapukhov Date: Tue, 24 Jan 2017 21:23:20 -0800 Subject: [PATCH] Add disableTransparentTls call Summary: Similar to AsyncSocket, allow setting reserved sockopt after bind(). This will be recognized by intercepted accept4() call and forked sockets will properly have the TLS flag disabled. Reviewed By: djwatson Differential Revision: D4458831 fbshipit-source-id: fa753b9d849bd661563364d36229113f7abb0ee0 --- folly/io/async/AsyncServerSocket.cpp | 22 ++++++++++++++++++++++ folly/io/async/AsyncServerSocket.h | 12 ++++++++++++ 2 files changed, 34 insertions(+) diff --git a/folly/io/async/AsyncServerSocket.cpp b/folly/io/async/AsyncServerSocket.cpp index 6b2b9466..dc6b4b6c 100644 --- a/folly/io/async/AsyncServerSocket.cpp +++ b/folly/io/async/AsyncServerSocket.cpp @@ -281,6 +281,13 @@ void AsyncServerSocket::useExistingSockets(const std::vector& fds) { SocketAddress address; address.setFromLocalAddress(fd); +#if __linux__ + if (noTransparentTls_) { + // Ignore return value, errors are ok + setsockopt(fd, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0); + } +#endif + setupSocket(fd, address.getFamily()); sockets_.emplace_back(eventBase_, fd, this, address.getFamily()); sockets_.back().changeHandlerFD(fd); @@ -298,6 +305,7 @@ void AsyncServerSocket::bindSocket( sockaddr_storage addrStorage; address.getAddress(&addrStorage); sockaddr* saddr = reinterpret_cast(&addrStorage); + if (fsp::bind(fd, saddr, address.getActualSize()) != 0) { if (!isExistingSocket) { closeNoInt(fd); @@ -307,6 +315,13 @@ void AsyncServerSocket::bindSocket( address.describe()); } +#if __linux__ + if (noTransparentTls_) { + // Ignore return value, errors are ok + setsockopt(fd, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0); + } +#endif + // If we just created this socket, update the EventHandler and set socket_ if (!isExistingSocket) { sockets_.emplace_back(eventBase_, fd, this, address.getFamily()); @@ -413,6 +428,13 @@ void AsyncServerSocket::bind(uint16_t port) { SocketAddress::getFamilyNameFrom(res->ai_addr, "")); } +#if __linux__ + if (noTransparentTls_) { + // Ignore return value, errors are ok + setsockopt(s, SOL_SOCKET, SO_NO_TRANSPARENT_TLS, nullptr, 0); + } +#endif + SocketAddress address; address.setFromLocalAddress(s); diff --git a/folly/io/async/AsyncServerSocket.h b/folly/io/async/AsyncServerSocket.h index a6b4de6d..f509cbc6 100644 --- a/folly/io/async/AsyncServerSocket.h +++ b/folly/io/async/AsyncServerSocket.h @@ -38,6 +38,10 @@ #define SO_REUSEPORT 15 #endif +#if defined __linux__ && !defined SO_NO_TRANSPARENT_TLS +#define SO_NO_TRANSPARENT_TLS 200 +#endif + namespace folly { /** @@ -678,6 +682,13 @@ class AsyncServerSocket : public DelayedDestruction tfoMaxQueueSize_ = maxTFOQueueSize; } + /** + * Do not attempt the transparent TLS handshake + */ + void disableTransparentTls() { + noTransparentTls_ = true; + } + /** * Get whether or not the socket is accepting new connections */ @@ -857,6 +868,7 @@ class AsyncServerSocket : public DelayedDestruction bool reusePortEnabled_{false}; bool closeOnExec_; bool tfo_{false}; + bool noTransparentTls_{false}; uint32_t tfoMaxQueueSize_{0}; ShutdownSocketSet* shutdownSocketSet_; ConnectionEventCallback* connectionEventCallback_{nullptr}; -- 2.34.1