From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup 08/12] tokio 1.0: update to new tokio-openssl interface
Date: Tue, 12 Jan 2021 14:58:22 +0100 [thread overview]
Message-ID: <20210112135830.2798301-13-f.gruenbichler@proxmox.com> (raw)
In-Reply-To: <20210112135830.2798301-1-f.gruenbichler@proxmox.com>
connect/accept are now happening on pinned SslStreams
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Notes:
there might be further potential to improve error handling now?
src/bin/proxmox-backup-proxy.rs | 27 ++++++++++++++++++++++-----
src/server/rest.rs | 4 ++--
src/tools/async_io.rs | 2 +-
src/tools/http.rs | 11 +++++------
4 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index 16450244..c8eb237c 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -167,7 +167,7 @@ fn accept_connections(
mut listener: tokio::net::TcpListener,
acceptor: Arc<openssl::ssl::SslAcceptor>,
debug: bool,
-) -> tokio::sync::mpsc::Receiver<Result<tokio_openssl::SslStream<tokio::net::TcpStream>, Error>> {
+) -> tokio::sync::mpsc::Receiver<Result<std::pin::Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>, Error>> {
const MAX_PENDING_ACCEPTS: usize = 1024;
@@ -185,7 +185,24 @@ fn accept_connections(
sock.set_nodelay(true).unwrap();
let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
let acceptor = Arc::clone(&acceptor);
- let mut sender = sender.clone();
+
+ let ssl = match openssl::ssl::Ssl::new(acceptor.context()) {
+ Ok(ssl) => ssl,
+ Err(err) => {
+ eprintln!("failed to create Ssl object from Acceptor context - {}", err);
+ continue;
+ },
+ };
+ let stream = match tokio_openssl::SslStream::new(ssl, sock) {
+ Ok(stream) => stream,
+ Err(err) => {
+ eprintln!("failed to create SslStream using ssl and connection socket - {}", err);
+ continue;
+ },
+ };
+
+ let mut stream = Box::pin(stream);
+ let sender = sender.clone();
if Arc::strong_count(&accept_counter) > MAX_PENDING_ACCEPTS {
eprintln!("connection rejected - to many open connections");
@@ -195,13 +212,13 @@ fn accept_connections(
let accept_counter = accept_counter.clone();
tokio::spawn(async move {
let accept_future = tokio::time::timeout(
- Duration::new(10, 0), tokio_openssl::accept(&acceptor, sock));
+ Duration::new(10, 0), stream.as_mut().accept());
let result = accept_future.await;
match result {
- Ok(Ok(connection)) => {
- if let Err(_) = sender.send(Ok(connection)).await {
+ Ok(Ok(())) => {
+ if let Err(_) = sender.send(Ok(stream)).await {
if debug {
eprintln!("detect closed connection channel");
}
diff --git a/src/server/rest.rs b/src/server/rest.rs
index 04bdc5f9..c30d1c92 100644
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@@ -65,7 +65,7 @@ impl RestServer {
}
}
-impl tower_service::Service<&tokio_openssl::SslStream<tokio::net::TcpStream>> for RestServer {
+impl tower_service::Service<&Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>> for RestServer {
type Response = ApiService;
type Error = Error;
type Future = Pin<Box<dyn Future<Output = Result<ApiService, Error>> + Send>>;
@@ -74,7 +74,7 @@ impl tower_service::Service<&tokio_openssl::SslStream<tokio::net::TcpStream>> fo
Poll::Ready(Ok(()))
}
- fn call(&mut self, ctx: &tokio_openssl::SslStream<tokio::net::TcpStream>) -> Self::Future {
+ fn call(&mut self, ctx: &Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>) -> Self::Future {
match ctx.get_ref().peer_addr() {
Err(err) => {
future::err(format_err!("unable to get peer address - {}", err)).boxed()
diff --git a/src/tools/async_io.rs b/src/tools/async_io.rs
index 3a5a6c9a..997c02fa 100644
--- a/src/tools/async_io.rs
+++ b/src/tools/async_io.rs
@@ -74,7 +74,7 @@ impl<L: AsyncWrite + Unpin, R: AsyncWrite + Unpin> AsyncWrite for EitherStream<L
// we need this for crate::client::http_client:
impl Connection for EitherStream<
tokio::net::TcpStream,
- tokio_openssl::SslStream<tokio::net::TcpStream>,
+ Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>,
> {
fn connected(&self) -> hyper::client::connect::Connected {
match self {
diff --git a/src/tools/http.rs b/src/tools/http.rs
index 130aa381..47d6e1f6 100644
--- a/src/tools/http.rs
+++ b/src/tools/http.rs
@@ -3,6 +3,7 @@ use lazy_static::lazy_static;
use std::task::{Context, Poll};
use std::os::unix::io::AsRawFd;
use std::collections::HashMap;
+use std::pin::Pin;
use hyper::{Uri, Body};
use hyper::client::{Client, HttpConnector};
@@ -101,7 +102,7 @@ impl HttpsConnector {
type MaybeTlsStream = EitherStream<
tokio::net::TcpStream,
- tokio_openssl::SslStream<tokio::net::TcpStream>,
+ Pin<Box<tokio_openssl::SslStream<tokio::net::TcpStream>>>,
>;
impl hyper::service::Service<Uri> for HttpsConnector {
@@ -123,10 +124,6 @@ impl hyper::service::Service<Uri> for HttpsConnector {
.scheme()
.ok_or_else(|| format_err!("missing URL scheme"))?
== "https";
- let host = dst
- .host()
- .ok_or_else(|| format_err!("missing hostname in destination url?"))?
- .to_string();
let config = this.ssl_connector.configure();
let dst_str = dst.to_string(); // for error messages
@@ -139,7 +136,9 @@ impl hyper::service::Service<Uri> for HttpsConnector {
let _ = set_tcp_keepalive(conn.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
if is_https {
- let conn = tokio_openssl::connect(config?, &host, conn).await?;
+ let conn: tokio_openssl::SslStream<tokio::net::TcpStream> = tokio_openssl::SslStream::new(config?.into_ssl(&dst_str)?, conn)?;
+ let mut conn = Box::pin(conn);
+ conn.as_mut().connect().await?;
Ok(MaybeTlsStream::Right(conn))
} else {
Ok(MaybeTlsStream::Left(conn))
--
2.20.1
next prev parent reply other threads:[~2021-01-12 13:59 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-12 13:58 [pbs-devel] [PATCH-SERIES 0/20] update to tokio 1.0 and friends Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox 1/4] Cargo.toml: update to tokio 1.0 Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox 2/4] update to rustyline 7 Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox 3/4] update to tokio 1.0 Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox 4/4] tokio 1.0: drop TimeoutFutureExt Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 01/12] update to tokio 1.0 Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 02/12] tokio 1.0: delay -> sleep Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 03/12] proxmox XXX: use tokio::time::timeout directly Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 04/12] tokio 1.0: AsyncRead/Seek with ReadBuf Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 05/12] tokio: adapt to 1.0 runtime changes Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 06/12] tokio: adapt to 1.0 process:Child changes Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 07/12] tokio 1.0: use ReceiverStream from tokio-stream Fabian Grünbichler
2021-01-12 13:58 ` Fabian Grünbichler [this message]
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 09/12] tokio 1.0: update to new Signal interface Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 10/12] hyper: use new hyper::upgrade Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 11/12] examples: unify h2 examples Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-backup 12/12] cleanup: remove unnecessary 'mut' and '.clone()' Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH proxmox-fuse] update to tokio 1.0 Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [PATCH pxar 1/3] " Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [RFC pxar 2/3] clippy: use matches! instead of match Fabian Grünbichler
2021-01-12 13:58 ` [pbs-devel] [RFC pxar 3/3] remove futures-io feature Fabian Grünbichler
2021-01-12 14:42 ` Wolfgang Bumiller
2021-01-12 14:52 ` [pbs-devel] [PATCH-SERIES 0/20] update to tokio 1.0 and friends Wolfgang Bumiller
2021-01-14 13:39 ` [pbs-devel] [PATCH proxmox 1/3] fix u2f example Fabian Grünbichler
2021-01-14 13:39 ` [pbs-devel] [PATCH proxmox-backup] proxmox XXX: adapt to moved ParameterSchema Fabian Grünbichler
2021-01-14 13:39 ` [pbs-devel] [PATCH proxmox 2/3] move ParameterSchema from router to schema Fabian Grünbichler
2021-01-14 13:39 ` [pbs-devel] [PATCH proxmox 3/3] build: add autopkgtest target Fabian Grünbichler
2021-01-14 13:41 ` [pbs-devel] [PATCH pxar 1/2] fix example Fabian Grünbichler
2021-01-14 13:41 ` [pbs-devel] [PATCH pxar 2/2] build: fix --no-default-features Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210112135830.2798301-13-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.