tls: config options for the internal queues

Added runtime config options for the internal queues used when
data has to be queued due to renegotiations or on-going
initialization of the connections:

ct_wq_max - maximum bytes queued globally for write when write has
           to wait due to TLS-level renegotiation.
con_ct_wq_max - maximum bytes queued for write per connection.
ct_wq_blk_size - internal TLS pre-write (clear-text) queue
                 minimum block size (advanced tunning or
                 debugging).

modules/tls/tls_cfg.c

@@ -57,8 +57,11 @@ struct cfg_group_tls default_tls_cfg = {
 	-1, /* ssl_freelist_max  (use the default: 32) */
 	-1, /* ssl_max_send_fragment (use the default: 16k)*/
 	1, /* ssl_read_ahead (set, use -1 for the openssl default value)*/
-	-1, /* low_mem_treshold1 */
-	-1, /* low_mem_treshold2 */
+	-1, /* low_mem_threshold1 */
+	-1, /* low_mem_threshold2 */
+	10*1024*1024, /* ct_wq_max: 10 Mb by default */
+	64*1024, /* con_ct_wq_max: 64Kb by default */
+	4096 /* ct_wq_blk_size */
 };
 
 void* tls_cfg = &default_tls_cfg;
@@ -175,6 +178,19 @@ cfg_def_t	tls_cfg_def[] = {
 	{"low_mem_threshold2", CFG_VAR_INT | CFG_ATOMIC, -1, 1<<30, 0, 0,
 		"sets the minimum amount of free memory after which no more TLS"
 		" operations will be attempted (even on existing connections)" },
+	{"ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 1<<30, 0, 0,
+		"maximum bytes queued globally for write when write has to wait due"
+		" to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
+		" connection establishment (it is different from tcp.wq_max,"
+		" which works at the TCP connection level)"},
+	{"con_ct_wq_max", CFG_VAR_INT | CFG_ATOMIC, 0, 4*1024*1024, 0, 0,
+		"maximum bytes queued for write per connection when write has to wait"
+		" due to TLS-level renegotiation (SSL_ERROR_WANT_READ) or initial TLS"
+		" connection establishment (it is different from tcp.conn_wq_max,"
+		" which works at the TCP connection level)"},
+	{"ct_wq_blk_size", CFG_VAR_INT | CFG_ATOMIC, 1, 65536, 0, 0,
+		"internal TLS pre-write (clear-text) queue minimum block size"
+		" (advanced tunning or debugging for now)"},
 	{0, 0, 0, 0, 0, 0}
 };
 

modules/tls/tls_cfg.h

@@ -87,6 +87,9 @@ struct cfg_group_tls {
 	int ssl_read_ahead;
 	int low_mem_threshold1;
 	int low_mem_threshold2;
+	int ct_wq_max; /* maximum overall tls write clear text queued bytes */
+	int con_ct_wq_max; /* maximum clear text write queued bytes per con */
+	int ct_wq_blk_size; /* minimum block size for the clear text write queue */
 };
 
 

modules/tls/tls_ct_wrq.c

@@ -29,13 +29,10 @@
 */
 
 #include "tls_ct_wrq.h"
+#include "tls_cfg.h"
 #include "../../atomic_ops.h"
 #include "../../mem/shm_mem.h"
 
-/* FIXME: change to runtime configurable variables */
-#define TLS_CT_WQ_MAX_CON_SZ  4*1024*1024 /* 4 MB  max. overall */
-#define TLS_CT_WQ_MAX			262144  /* 256 k max. per connection */
-#define TLS_CT_WQ_BLK_SZ		  4096  /* 4k max. block size */
 
 atomic_t* tls_total_ct_wq; /* total clear text bytes queued for a future
 							  SSL_write() (due to renegotiations/
@@ -135,10 +132,13 @@ int tls_ct_wq_add(tls_ct_q** ct_q, const void* data, unsigned int size)
 {
 	int ret;
 	
-	if (unlikely( (*ct_q && (((*ct_q)->queued + size) > TLS_CT_WQ_MAX_CON_SZ))
-					|| (atomic_get(tls_total_ct_wq) + size) > TLS_CT_WQ_MAX))
+	if (unlikely( (*ct_q && (((*ct_q)->queued + size) >
+						cfg_get(tls, tls_cfg, con_ct_wq_max))) ||
+				(atomic_get(tls_total_ct_wq) + size) > 
+						cfg_get(tls, tls_cfg, ct_wq_max)))
 		return -2;
-	ret = tls_ct_q_add(ct_q, data, size, TLS_CT_WQ_BLK_SZ);
+	ret = tls_ct_q_add(ct_q, data, size,
+						cfg_get(tls, tls_cfg, ct_wq_blk_size));
 	if (likely(ret > 0))
 		atomic_add(tls_total_ct_wq, ret);
 	return ret;