This repository has been archived by the owner on Jan 16, 2021. It is now read-only.
/
okconst.C
428 lines (359 loc) · 13.1 KB
/
okconst.C
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
/* $Id$ */
/*
*
* Copyright (C) 2002-2004 Maxwell Krohn (max@okcupid.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
*/
#include <limits.h>
#include "okconst.h"
#include "sfsmisc.h"
#include "rxx.h"
//
// zstr.C constants
//
gzip_mode_t ok_gzip_mode = GZIP_SMART; // default gzip
int ok_gzip_compress_level = 2; // fast compression
u_int ok_gzip_smallstr = 512; // combine small strings
u_int ok_gzip_cache_minstr = 0x0; // smallest to cache
u_int ok_gzip_cache_maxstr = 0x10000; // largest to cache
u_int ok_gzip_cache_storelimit = 0x1000000; // 16 M
u_int ok_gzip_mem_level = 9; // zlib max
//
// chunking tuning
//
bool ok_gzip_chunking = true; // prefer chunked w/ gzip
bool ok_gzip_chunking_old_safaris = false; // some safaris are broken
bool ok_gzip_error_pages = false; // save space on 404s?
//
// user/group constants
//
const char *ok_okd_uname = "oku"; // unprivileged service user
const char *ok_okd_gname = "oku"; // unprivileged service group
const char *ok_pubd_uname = "www"; // default runas user for pubd
const char *ok_pubd_gname = "www"; // default runas group for pubd
const char *ok_logd_uname = "oklog"; // logging role, user
const char *ok_logd_gname = "oklog"; // logging role, group
const char *ok_ssl_uname = "okssl"; // SSL key management role, user
const char *ok_ssl_gname = "okssl"; // SSL key management role, group
//
// pub constants
//
const char *ok_pubobjname = "pub";
//
// port constants
//
u_int ok_mgr_port = 11277;
u_int ok_pubd_port = 11278;
//
// configuration file constants
//
const char *ok_pub_config = "pub_config";
const char *ok_etc_dir0 = OKWS_CONFIG_DIR;
const char *ok_etc_dir1 = "/usr/local/etc/okws";
const char *ok_etc_dir2 = "/usr/local/okws/conf";
const char *ok_etc_dir3 = "/etc/okws";
const char *ok_okws_config = "okws_config";
const char *ok_okd_config = "okd_config";
const char *okd_mgr_socket = "/var/run/okd.sock";
int okd_mgr_socket_mode = 0600;
//
// Whether okd turns on TCP_NODELAY on incoming connections. It used
// to do so by default, but now we're not turning on TCP_NODELAY
// by default, meaning, Nagle algorithm still in operation.
//
bool okd_tcp_nodelay = false;
//
// FDFD default command line arg
//
const char *ok_fdfd_command_line_flag = "-s";
//
// default packet size for all axprts
//
size_t ok_axprt_ps = 0x1000000; // 16MB -- big for now
//
// http constants
//
const char *ok_http_urlencoded = "application/x-www-form-urlencoded";
const char *ok_http_multipart = "multipart/form-data";
//
// timeouts
//
u_int ok_connect_wait = 4; // seconds
u_int ok_shutdown_timeout = 10; // seconds
u_int ok_shutdown_timeout_fast = 3; // seconds
u_int ok_shutdown_retries = 3; // n retries before giving up
u_int ok_db_retries_max = 100;
u_int ok_db_retries_delay = 3;
u_int ok_demux_timeout = 30; // clients have 30 secs to make a REQ
u_int ok_ka_timeout = 10; // clients have 10 secs to use a ka conn
//
// okd constants
//
u_int ok_con_queue_max = 40; // number of req's to queue up
u_int ok_listen_queue_max = 2048; // arguement to listen (fd, X)
u_int ok_crashes_max = 30; // number of allowed crashes
u_int ok_csi = 50; // crash sampling interval
const char *ok_version = VERSION;
const char *ok_dname = "okd"; // okd name == okd, usually
const char *ok_wsname = "okws"; // okws name == okws, usually
u_int ok_dport = 80; // okd port listen to
u_int ok_resurrect_delay = 3;
u_int ok_resurrect_delay_ms = 500;
u_int ok_chld_startup_time = 10; // startup time in seconds....
u_int ok_filter_cgi = XSSFILT_ALL; // filter XSS metacharacters
u_int okd_fds_high_wat = 500; // turn off accept above this
u_int okd_fds_low_wat = 450; // below low wat, turn accept back on.
u_int ok_svc_fds_high_wat = 1000; // a little bit less thatn 1024 for now.
u_int ok_svc_fds_low_wat = 950; // below low wat, turn accept back on.
u_int ok_svc_fd_quota = 100; // quota for SVC fds.
bool okd_accept_msgs = true; // display messages about accept()
bool ok_svc_accept_msgs = true; // display messages about accept()
u_int ok_ssdi = 0; // syscall stat dump interval
bool ok_send_sin = true; // send sin's over FD chan?
bool okd_child_sel_disable = false; // disable read sel on child
u_int okd_debug_msg_freq = 0; // disable okd debug messages
int64_t okws_debug_flags = 0; // no debug on at first
bool ok_dangerous_zbufs = false; // only for experts if true.
int ok_svc_life_reqs = 0; // Upper limit on # of Reqs per Lifetime
int ok_svc_life_time = 0; // Upper limit on service lifetime
u_int okd_accept_delay = 0; // delay before enabling accept
time_t okd_emergency_kill_wait_time = 5; // 5s of inactivity -> kill
int okd_emergency_kill_signal = SIGABRT; // signal to send for kill
time_t okd_sendcon_time_budget = 10; // >10s, something is F'ed
//
// okld constants
//
u_int okld_startup_batch_size = 25; // number in each batch
u_int okld_startup_batch_wait = 3; // n secs to wait between batch
//
// okssl constants
//
const char *ok_ssl_certfile = "okws.crt"; // name of the OKWS certfile
const char *ok_ssl_keyfile = "okws.key"; // private Key
u_int ok_ssl_timeout = 100; // long timeout for SSL con
u_int ok_ssl_port = 443; // default SSL port
// location of the memory-mapped clock daemon
const char *ok_mmcd = "/usr/local/lib/sfslite/mmcd";
// location of mmcd's memory mapped file
const char *ok_mmc_file = "/var/run/mmcd.mmf";
// what OKWS reports it is in HTTP responses
const char *okws_server_label = "OKWS/" VERSION;
//
// helper processes constants
//
u_int hlpr_max_calls = 1000; // max outstanding calls
u_int hlpr_max_retries = UINT_MAX; // ... before giving up
u_int hlpr_retry_delay = 4; // delay between retries.
u_int hlpr_max_qlen = 1000; // maximum # to q
//
// path constants -- we should maybe make these relative to a
// central okd directory
//
const char *ok_jaildir_top = "/var/okws";
const char *ok_topdir = "/usr/local/sbin";
const char *ok_coredumpdir = "/var/coredumps";
const char *ok_sockdir = "/var/run";
const char *ok_jaildir_run = "var/run";
const char *ok_service_bin = "";
const char *ok_logd_pidfile = "oklogd.pid";
const char *ok_coredump_user = ok_root;
const char *ok_coredump_group = ok_wheel;
int ok_coredump_mode = 0400;
size_t ok_max_brother_procs = 20;
//
// log constants for timing
//
time_t ok_log_tick = 250; // in milliseconds
size_t ok_log_period = 4; // log flushed every 4 ticks
size_t ok_log_hiwat = 256; // max # of entries to buffer
str ok_syslog_priority = "local3.debug";
str ok_syslog_tag = "okws";
str ok_syslog_domain = "local3";
str ok_access_log_fmt = "ivt1sbz";
//
// service/client constants
//
u_int ok_clnt_timeout = 60; // in seconds
size_t ok_hdrsize_limit = 0x2000; // 8K
size_t ok_reqsize_limit = 0x200000; // 2MB
size_t ok_cgibuf_limit = 0x80000; // 512KB
//
// Specify which select policy to use; by default, SELECT_NONE
// is don't use any select policy.
//
sfs_core::select_policy_t ok_sys_sel_policy = sfs_core::SELECT_NONE;
//
// libamt
//
u_int ok_amt_lasi = 20; // load avg sampling interval in secs
u_int ok_ldavg_rpc_timeout = 10; // load avg RPC timeout in secs
u_int ok_ldavg_ping_interval = 2; // load avg ping interval in secs
u_int ok_lblnc_launch_timeout = 15; // wait before timeout in secs
u_int ok_amt_report_q_freq = 0; // disable reporting by default
u_int ok_amt_q_timeout = 60; // timeout RPCs longer than 1 minute
u_int ok_amt_stat_freq = 60; // statistics frequency
bool ok_amt_rpc_stats = true; // whether to turn on RPC stats
u_int ok_amt_rpc_stats_interval = 300; // interval to printf (5min)
bool ok_kthread_safe = false; // by default assume PTH / no kthreads
//
// ahttpcon debug, etc
//
bool ok_ahttpcon_zombie_warn = false;
time_t ok_ahttpcon_zombie_timeout = 120; // 2m timeout for ahttpcons
//
// OK Service UID limits
//
int ok_svc_uid_low = 51000;
int ok_svc_uid_high = 52000;
int ok_svc_mode = 0410;
int ok_interpreter_mode = 0550;
int ok_script_mode = 0440;
int okwc_def_contlen = 0x20000; // 128K
size_t okwc_scratch_sz = 0x1000;
//
// for freebsd this works, but no on planetlab, etc..
//
const char *ok_root = "root";
const char *ok_wheel = "wheel";
//
// pub2 constants
//
int ok_pub3_wss = 0;
int ok_pub3_refresh_max = 60; // maximum time to wait between refreshes
int ok_pub3_refresh_min = 5; // minimum time to wait
int ok_pub3_refresh_incr = 2; // value to increment by if inactivity
int ok_pub3_caching = 1; // turn caching on by default
int ok_pub3_viserr = 1; // pub errors visible by default
// check treestat sentinel every two seconds
int ok_pub3_treestat_interval = 2;
// In evaluating lambdas, how deep we're permitted to go.
size_t ok_pub_max_stack = 256;
// timeout entries in the negative filename lookup cache
int ok_pub3_neg_cache_timeout = 360;
int ok_pub3_svc_neg_cache_timeout = 5;
// clean the cache out every 10 seconds
int ok_pub3_clean_cache_interval = 10;
// how long a getfile object lives in the cache (1 hour)
int ok_pub3_getfile_object_lifetime = 3600;
// amount of time a client has to gather all chunks (2 minutes)
int ok_pub3_chunk_lease_time = 120;
// largest possible file/chunk size (should be less than ok_axprt_ps)
size_t ok_pub3_max_datasz = 0x1000;
// the number of oustanding chunk requests to pubd
size_t ok_pub3_chunk_window_size = 5;
// compatibility mode
bool ok_pub2_compatibility_mode = false;
// yy buffer to use when parsing pub files
size_t ok_pub3_yy_buffer_size = 0x100000;
const char *ok_pub3_treestat_sentinel = ".treestat_sentinel";
const char *ok_pub3_treestat_heartbeat = ".treestat_heartbeat";
const char *ok_pub3_err_obj_key = "pub3_error";
time_t ok_pub3_profiler_interval_msec = 10;
size_t ok_pub3_profiler_buf_minsize = 0x100000; // 1MB
size_t ok_pub3_profiler_buf_maxsize = 0x8000000; // 128 MB
//
// pub3 constants
//
bool ok_pub3_json_strict_escaping = true;
int ok_pub3_json_int_bitmax = 52;
size_t ok_pub3_recycle_limit_int = 1000;
size_t ok_pub3_recycle_limit_bindtab = 1000;
size_t ok_pub3_recycle_limit_dict = 1000;
size_t ok_pub3_recycle_limit_slot = 1000;
//
// Turn off SUIO recyling by default. This is a trick to save time in
// malloc, but for production OKWS, we need memory more than CPU time;
// of course, we can turn this on via okws_config.
//
u_int ok_recycle_suio_limit = 0;
size_t ok_http_inhdr_buflen_big = 0x4000;
size_t ok_http_inhdr_buflen_sml = 0x1000;
size_t ok_dflt_cgibuf_sz = 0x10000;
bool ok_http_parse_query_string = true;
bool ok_http_parse_cookies = true;
const char *ok_double_fmt_int_default = "%.16g";
const char *ok_double_fmt_ext_default = "%.10g";
cidr_filter_t ok_allowed_proxy;
static void
vec2vec (vec<const char *> *out, const vec<str> &in)
{
for (size_t i = 0; i < in.size (); i++) {
out->push_back (in[i].cstr());
}
out->push_back (NULL);
}
static void
get_cfg_path (vec<str> *v, const char *env_var, const char *cfg_path[])
{
//
// various paths to look through, in order
//
static rxx x (":");
str d;
if (env_var && (d = getenv (env_var))) {
split (v, x, d);
}
for (const char **cp = cfg_path; *cp; cp++) {
v->push_back (*cp);
}
}
const char *ok_cfg_path[] = { ok_etc_dir1, ok_etc_dir2,
etc1dir, etc2dir, etc3dir,
NULL };
str
okws_etcfile (const char *f, const char *env_var,
const char **cfg_path)
{
vec<str> v1;
vec<const char *> v2;
if (cfg_path == NULL)
cfg_path = ok_cfg_path;
get_cfg_path (&v1, env_var, cfg_path);
vec2vec (&v2, v1);
return sfsconst_etcfile (f, v2.base ());
}
str
okws_etcfile_required (const char *f, const char *env_var, bool d,
const char **cfg_path)
{
vec<str> v1;
vec<const char *> v2;
if (cfg_path == NULL)
cfg_path = ok_cfg_path;
get_cfg_path (&v1, env_var, cfg_path);
vec2vec (&v2, v1);
return sfsconst_etcfile_required (f, v2.base (), d);
}
gzip_mode_t
ok_gzip_str_to_mode (const str &s, bool *okp)
{
gzip_mode_t m = GZIP_NONE;
bool ok = true;
if (!s) {
/* nothing */
} else if (s == "1" || s == "on" || s == "smart" || s == "naive") {
// Naive is deprecated
m = GZIP_SMART;
} else if (s == "0" || s == "off") {
m = GZIP_NONE;
} else {
ok = false;
}
if (okp) *okp = ok;
return m;
}