Merge pull request #161 from chadwill/master

Nginx : directive proxy_kernel_network_stack
This commit is contained in:
logwang 2018-02-24 18:03:29 +08:00 committed by GitHub
commit 7b05e9bf4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 144 additions and 15 deletions

View File

@ -58,6 +58,7 @@ fi
if [ $USE_FSTACK = YES ]; then if [ $USE_FSTACK = YES ]; then
have=NGX_HAVE_FSTACK . auto/have have=NGX_HAVE_FSTACK . auto/have
have=NGX_HAVE_FSTACK . auto/have_headers have=NGX_HAVE_FSTACK . auto/have_headers
have=SOCK_FSTACK value=0x1000 . auto/define
CORE_SRCS="$CORE_SRCS $KQUEUE_SRCS" CORE_SRCS="$CORE_SRCS $KQUEUE_SRCS"
EVENT_MODULES="$EVENT_MODULES $KQUEUE_MODULE" EVENT_MODULES="$EVENT_MODULES $KQUEUE_MODULE"
fi fi

View File

@ -15,7 +15,7 @@ extern int fstack_territory(int domain, int type, int protocol);
extern int is_fstack_fd(int sockfd); extern int is_fstack_fd(int sockfd);
static ngx_inline int static ngx_inline int
ngx_ff_skip_listening_socket(ngx_cycle_t *cycle, const ngx_listening_t *ls) ngx_ff_skip_listening_socket(ngx_cycle_t *cycle, ngx_listening_t *ls)
{ {
if (ngx_process <= NGX_PROCESS_MASTER) { if (ngx_process <= NGX_PROCESS_MASTER) {
@ -36,6 +36,8 @@ ngx_ff_skip_listening_socket(ngx_cycle_t *cycle, const ngx_listening_t *ls)
if (!fstack_territory(ls->sockaddr->sa_family, ls->type, 0)) { if (!fstack_territory(ls->sockaddr->sa_family, ls->type, 0)) {
return 1; return 1;
} }
ls->type |= SOCK_FSTACK;
} else { } else {
ngx_log_error(NGX_LOG_ALERT, cycle->log, 0, ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
"unexpected process type: %d, ignored", "unexpected process type: %d, ignored",

View File

@ -72,6 +72,7 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <sys/time.h> #include <sys/time.h>
#include <ngx_auto_config.h>
#include "ff_api.h" #include "ff_api.h"
#define _GNU_SOURCE #define _GNU_SOURCE
@ -208,11 +209,16 @@ ff_mod_init(const char *conf, int proc_id, int proc_type) {
int int
fstack_territory(int domain, int type, int protocol) fstack_territory(int domain, int type, int protocol)
{ {
if ((AF_INET != domain) || (SOCK_STREAM != type && SOCK_DGRAM != type)) { /* Remove creation flags */
return 0; type &= ~SOCK_CLOEXEC;
} type &= ~SOCK_NONBLOCK;
type &= ~SOCK_FSTACK;
return 1; if ((AF_INET != domain) || (SOCK_STREAM != type && SOCK_DGRAM != type)) {
return 0;
}
return 1;
} }
int int
@ -223,10 +229,15 @@ socket(int domain, int type, int protocol)
return SYSCALL(socket)(domain, type, protocol); return SYSCALL(socket)(domain, type, protocol);
} }
if ((AF_INET != domain) || (SOCK_STREAM != type && SOCK_DGRAM != type)) { if (unlikely(fstack_territory(domain, type, protocol) == 0)) {
return SYSCALL(socket)(domain, type, protocol); return SYSCALL(socket)(domain, type, protocol);
} }
if (unlikely((type & SOCK_FSTACK) == 0)) {
return SYSCALL(socket)(domain, type, protocol);
}
type &= ~SOCK_FSTACK;
sock = ff_socket(domain, type, protocol); sock = ff_socket(domain, type, protocol);
if (sock != -1) { if (sock != -1) {
@ -276,7 +287,7 @@ sendto(int sockfd, const void *buf, size_t len, int flags,
if(is_fstack_fd(sockfd)){ if(is_fstack_fd(sockfd)){
sockfd = restore_fstack_fd(sockfd); sockfd = restore_fstack_fd(sockfd);
return ff_sendto(sockfd, buf, len, flags, return ff_sendto(sockfd, buf, len, flags,
(struct linux_sockaddr *)dest_addr, addrlen); (struct linux_sockaddr *)dest_addr, addrlen);
} }
return SYSCALL(sendto)(sockfd, buf, len, flags, dest_addr, addrlen); return SYSCALL(sendto)(sockfd, buf, len, flags, dest_addr, addrlen);

View File

@ -38,8 +38,19 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
type = (pc->type ? pc->type : SOCK_STREAM); type = (pc->type ? pc->type : SOCK_STREAM);
#if (NGX_HAVE_FSTACK)
/*
We use a creation flags created by fstack's adaptable layer to
to explicitly call the needed socket() function.
*/
if (!pc->belong_to_host) {
type |= SOCK_FSTACK;
}
#endif
s = ngx_socket(pc->sockaddr->sa_family, type, 0); s = ngx_socket(pc->sockaddr->sa_family, type, 0);
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d", ngx_log_debug2(NGX_LOG_DEBUG_EVENT, pc->log, 0, "%s socket %d",
(type == SOCK_STREAM) ? "stream" : "dgram", s); (type == SOCK_STREAM) ? "stream" : "dgram", s);

View File

@ -66,6 +66,10 @@ struct ngx_peer_connection_s {
/* ngx_connection_log_error_e */ /* ngx_connection_log_error_e */
unsigned log_error:2; unsigned log_error:2;
#if (NGX_HAVE_FSTACK)
unsigned belong_to_host:1;
#endif
NGX_COMPAT_BEGIN(2) NGX_COMPAT_BEGIN(2)
NGX_COMPAT_END NGX_COMPAT_END
}; };

View File

@ -101,6 +101,10 @@ typedef struct {
ngx_str_t ssl_certificate_key; ngx_str_t ssl_certificate_key;
ngx_array_t *ssl_passwords; ngx_array_t *ssl_passwords;
#endif #endif
#if (NGX_HAVE_FSTACK)
ngx_flag_t kernel_network_stack;
#endif
} ngx_http_proxy_loc_conf_t; } ngx_http_proxy_loc_conf_t;
@ -713,6 +717,17 @@ static ngx_command_t ngx_http_proxy_commands[] = {
0, 0,
NULL }, NULL },
#endif
#if (NGX_HAVE_FSTACK)
{ ngx_string("proxy_kernel_network_stack"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_proxy_loc_conf_t, kernel_network_stack),
NULL },
#endif #endif
ngx_null_command ngx_null_command
@ -917,6 +932,10 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
u->accel = 1; u->accel = 1;
#if (NGX_HAVE_FSTACK)
u->peer.belong_to_host = plcf->kernel_network_stack;
#endif
if (!plcf->upstream.request_buffering if (!plcf->upstream.request_buffering
&& plcf->body_values == NULL && plcf->upstream.pass_request_body && plcf->body_values == NULL && plcf->upstream.pass_request_body
&& (!r->headers_in.chunked && (!r->headers_in.chunked
@ -2902,6 +2921,10 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
ngx_str_set(&conf->upstream.module, "proxy"); ngx_str_set(&conf->upstream.module, "proxy");
#if (NGX_HAVE_FSTACK)
conf->kernel_network_stack = NGX_CONF_UNSET;
#endif
return conf; return conf;
} }
@ -3396,6 +3419,12 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#endif #endif
} }
#if (NGX_HAVE_FSTACK)
/* By default, we set up a proxy on fstack */
ngx_conf_merge_value(conf->kernel_network_stack,
prev->kernel_network_stack, 0);
#endif
return NGX_CONF_OK; return NGX_CONF_OK;
} }

View File

@ -3455,7 +3455,9 @@ ngx_http_core_create_srv_conf(ngx_conf_t *cf)
cscf->ignore_invalid_headers = NGX_CONF_UNSET; cscf->ignore_invalid_headers = NGX_CONF_UNSET;
cscf->merge_slashes = NGX_CONF_UNSET; cscf->merge_slashes = NGX_CONF_UNSET;
cscf->underscores_in_headers = NGX_CONF_UNSET; cscf->underscores_in_headers = NGX_CONF_UNSET;
#if (NGX_HAVE_FSTACK)
cscf->kernel_network_stack = NGX_CONF_UNSET; cscf->kernel_network_stack = NGX_CONF_UNSET;
#endif
return cscf; return cscf;
} }

View File

@ -67,10 +67,10 @@ static ngx_command_t ngx_mail_core_commands[] = {
#if (NGX_HAVE_FSTACK) #if (NGX_HAVE_FSTACK)
{ ngx_string("kernel_network_stack"), { ngx_string("kernel_network_stack"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot, ngx_conf_set_flag_slot,
NGX_HTTP_SRV_CONF_OFFSET, NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_http_core_srv_conf_t, kernel_network_stack), offsetof(ngx_mail_core_srv_conf_t, kernel_network_stack),
NULL }, NULL },
#endif #endif

View File

@ -18,6 +18,10 @@ typedef struct {
ngx_flag_t xclient; ngx_flag_t xclient;
size_t buffer_size; size_t buffer_size;
ngx_msec_t timeout; ngx_msec_t timeout;
#if (NGX_HAVE_FSTACK)
ngx_flag_t kernel_network_stack;
#endif
} ngx_mail_proxy_conf_t; } ngx_mail_proxy_conf_t;
@ -74,6 +78,15 @@ static ngx_command_t ngx_mail_proxy_commands[] = {
offsetof(ngx_mail_proxy_conf_t, xclient), offsetof(ngx_mail_proxy_conf_t, xclient),
NULL }, NULL },
#if (NGX_HAVE_FSTACK)
{ ngx_string("proxy_kernel_network_stack"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_proxy_conf_t, kernel_network_stack),
NULL },
#endif
ngx_null_command ngx_null_command
}; };
@ -135,6 +148,10 @@ ngx_mail_proxy_init(ngx_mail_session_t *s, ngx_addr_t *peer)
p->upstream.log = s->connection->log; p->upstream.log = s->connection->log;
p->upstream.log_error = NGX_ERROR_ERR; p->upstream.log_error = NGX_ERROR_ERR;
#if (NGX_HAVE_FSTACK)
p->upstream.belong_to_host = pcf->kernel_network_stack;
#endif
rc = ngx_event_connect_peer(&p->upstream); rc = ngx_event_connect_peer(&p->upstream);
if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) { if (rc == NGX_ERROR || rc == NGX_BUSY || rc == NGX_DECLINED) {
@ -1102,6 +1119,10 @@ ngx_mail_proxy_create_conf(ngx_conf_t *cf)
pcf->buffer_size = NGX_CONF_UNSET_SIZE; pcf->buffer_size = NGX_CONF_UNSET_SIZE;
pcf->timeout = NGX_CONF_UNSET_MSEC; pcf->timeout = NGX_CONF_UNSET_MSEC;
#if (NGX_HAVE_FSTACK)
pcf->kernel_network_stack = NGX_CONF_UNSET;
#endif
return pcf; return pcf;
} }
@ -1119,5 +1140,10 @@ ngx_mail_proxy_merge_conf(ngx_conf_t *cf, void *parent, void *child)
(size_t) ngx_pagesize); (size_t) ngx_pagesize);
ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 24 * 60 * 60000); ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 24 * 60 * 60000);
#if (NGX_HAVE_FSTACK)
ngx_conf_merge_value(conf->kernel_network_stack,
prev->kernel_network_stack, 0);
#endif
return NGX_CONF_OK; return NGX_CONF_OK;
} }

View File

@ -51,6 +51,10 @@ typedef struct {
ngx_ssl_t *ssl; ngx_ssl_t *ssl;
#endif #endif
#if (NGX_HAVE_FSTACK)
ngx_flag_t kernel_network_stack;
#endif
ngx_stream_upstream_srv_conf_t *upstream; ngx_stream_upstream_srv_conf_t *upstream;
ngx_stream_complex_value_t *upstream_value; ngx_stream_complex_value_t *upstream_value;
} ngx_stream_proxy_srv_conf_t; } ngx_stream_proxy_srv_conf_t;
@ -313,6 +317,15 @@ static ngx_command_t ngx_stream_proxy_commands[] = {
#endif #endif
#if (NGX_HAVE_FSTACK)
{ ngx_string("proxy_kernel_network_stack"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_flag_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_stream_proxy_srv_conf_t, kernel_network_stack),
NULL },
#endif
ngx_null_command ngx_null_command
}; };
@ -387,6 +400,10 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s)
u->peer.type = c->type; u->peer.type = c->type;
u->start_sec = ngx_time(); u->start_sec = ngx_time();
#if (NGX_HAVE_FSTACK)
u->peer.belong_to_host = pscf->kernel_network_stack;
#endif
c->write->handler = ngx_stream_proxy_downstream_handler; c->write->handler = ngx_stream_proxy_downstream_handler;
c->read->handler = ngx_stream_proxy_downstream_handler; c->read->handler = ngx_stream_proxy_downstream_handler;
@ -1860,6 +1877,10 @@ ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf)
conf->ssl_passwords = NGX_CONF_UNSET_PTR; conf->ssl_passwords = NGX_CONF_UNSET_PTR;
#endif #endif
#if (NGX_HAVE_FSTACK)
conf->kernel_network_stack = NGX_CONF_UNSET;
#endif
return conf; return conf;
} }
@ -1943,6 +1964,12 @@ ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
#endif #endif
#if (NGX_HAVE_FSTACK)
/* By default, we set up a proxy on fstack */
ngx_conf_merge_value(conf->kernel_network_stack,
prev->kernel_network_stack, 0);
#endif
return NGX_CONF_OK; return NGX_CONF_OK;
} }

View File

@ -42,21 +42,37 @@ first one to start | | | | |
- a major addition to the worker process is fstack-handlingff_init();ff_run(worker_process_cycle); worker_process_cycle(handle channel/host/fstack event). - a major addition to the worker process is fstack-handlingff_init();ff_run(worker_process_cycle); worker_process_cycle(handle channel/host/fstack event).
- a new directive `kernel_network_stack` : ## What's Different?
### New directives:
All the directives below are available only when ```NGX_HAVE_FSTACK``` is defined.
``` ```
Syntax: kernel_network_stack on | off; Syntax: kernel_network_stack on | off;
Default: kernel_network_stack off; Default: kernel_network_stack off;
Context: http, server Context: http, server
This directive is available only when ```NGX_HAVE_FSTACK``` is defined.
Determines whether server should run on kernel network stack or fstack. Determines whether server should run on kernel network stack or fstack.
``` ```
Note that: ```
Syntax: proxy_kernel_network_stack on | off;
Default: kernel_network_stack off;
Context: http, stream, mail, server
- the `reload` is not graceful, service will still be unavailable during the process of reloading. Determines whether proxy should go through kernel network stack or fstack.
```
- necessary modifies in nginx.conf: ```
Syntax: schedule_timeout time;
Default: schedule_timeout 30ms;
Context: http, server
Sets a time interval for polling kernel_network_stack. The default value is 30 msec.
```
### Command-line `reload`
the `reload` is not graceful, service will still be unavailable during the process of reloading.
### Necessary modifies in nginx.conf:
``` ```
user root; # root account is necessary. user root; # root account is necessary.
fstack_conf f-stack.conf; # path of f-stack configuration file, default: $NGX_PREFIX/conf/f-stack.conf. fstack_conf f-stack.conf; # path of f-stack configuration file, default: $NGX_PREFIX/conf/f-stack.conf.