From 82531f67304e0368fc8ede3131e142884401290c Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Wed, 6 Oct 2021 12:15:18 +0200
Subject: [PATCH] REORG: ssl-sock: move the sslconns/totalsslconns counters to
 global

These two counters were the only ones not in the global struct, while
the SSL freq counters or the req counts are already in it, this forces
stats.c to include ssl_sock just to know about them. Let's move them
over there with their friends. This reduces from 408 to 384 the number
of includes of opensslconf.h.
---
 include/haproxy/global-t.h |    1 +
 include/haproxy/ssl_sock.h |    2 --
 src/ssl_sock.c             |   16 +++++++---------
 src/stats.c                |    5 ++---
 4 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/include/haproxy/global-t.h b/include/haproxy/global-t.h
index d7c9481..554d1d9 100644
--- a/include/haproxy/global-t.h
+++ b/include/haproxy/global-t.h
@@ -179,6 +179,7 @@ struct global {
 	struct freq_ctr comp_bps_in;	/* bytes per second, before http compression */
 	struct freq_ctr comp_bps_out;	/* bytes per second, after http compression */
 	struct freq_ctr out_32bps;      /* #of 32-byte blocks emitted per second */
+	uint sslconns, totalsslconns;   /* active, total # of SSL conns */
 	unsigned long long out_bytes;   /* total #of bytes emitted */
 	unsigned long long spliced_out_bytes; /* total #of bytes emitted though a kernel pipe */
 	int cps_lim, cps_max;
diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 2fdf8e2..3d0eee9 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -32,8 +32,6 @@
 #include <haproxy/thread.h>
 
 extern struct list tlskeys_reference;
-extern int sslconns;
-extern int totalsslconns;
 extern struct eb_root ckchs_tree;
 extern struct eb_root crtlists_tree;
 extern struct eb_root cafile_tree;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ae28bca..8b81ef8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -92,8 +92,6 @@
  * to conditionally define it in openssl-compat.h than using lots of ifdefs.
  */
 
-int sslconns = 0;
-int totalsslconns = 0;
 int nb_engines = 0;
 
 static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
@@ -708,7 +706,7 @@ void ssl_async_fd_free(int fd)
 
 	/* Now we can safely call SSL_free, no more pending job in engines */
 	SSL_free(ssl);
-	_HA_ATOMIC_DEC(&sslconns);
+	_HA_ATOMIC_DEC(&global.sslconns);
 	_HA_ATOMIC_DEC(&jobs);
 }
 /*
@@ -5438,7 +5436,7 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 			goto err;
 	}
 
-	if (global.maxsslconn && sslconns >= global.maxsslconn) {
+	if (global.maxsslconn && global.sslconns >= global.maxsslconn) {
 		conn->err_code = CO_ER_SSL_TOO_MANY;
 		goto err;
 	}
@@ -5467,8 +5465,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 		/* leave init state and start handshake */
 		conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
 
-		_HA_ATOMIC_INC(&sslconns);
-		_HA_ATOMIC_INC(&totalsslconns);
+		_HA_ATOMIC_INC(&global.sslconns);
+		_HA_ATOMIC_INC(&global.totalsslconns);
 		*xprt_ctx = ctx;
 		return 0;
 	}
@@ -5500,8 +5498,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 			conn->flags |= CO_FL_EARLY_SSL_HS;
 #endif
 
-		_HA_ATOMIC_INC(&sslconns);
-		_HA_ATOMIC_INC(&totalsslconns);
+		_HA_ATOMIC_INC(&global.sslconns);
+		_HA_ATOMIC_INC(&global.totalsslconns);
 		*xprt_ctx = ctx;
 		return 0;
 	}
@@ -6440,7 +6438,7 @@ void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
 		b_free(&ctx->early_buf);
 		tasklet_free(ctx->wait_event.tasklet);
 		pool_free(ssl_sock_ctx_pool, ctx);
-		_HA_ATOMIC_DEC(&sslconns);
+		_HA_ATOMIC_DEC(&global.sslconns);
 	}
 }
 
diff --git a/src/stats.c b/src/stats.c
index 2b5c0e5..4c8ea0c 100644
--- a/src/stats.c
+++ b/src/stats.c
@@ -55,7 +55,6 @@
 #include <haproxy/resolvers.h>
 #include <haproxy/server.h>
 #include <haproxy/session.h>
-#include <haproxy/ssl_sock.h>
 #include <haproxy/stats.h>
 #include <haproxy/stream.h>
 #include <haproxy/stream_interface.h>
@@ -4447,8 +4446,8 @@ int stats_fill_info(struct field *info, int len, uint flags)
 	info[INF_CUM_REQ]                        = mkf_u32(FN_COUNTER, global.req_count);
 #ifdef USE_OPENSSL
 	info[INF_MAX_SSL_CONNS]                  = mkf_u32(FN_MAX, global.maxsslconn);
-	info[INF_CURR_SSL_CONNS]                 = mkf_u32(0, sslconns);
-	info[INF_CUM_SSL_CONNS]                  = mkf_u32(FN_COUNTER, totalsslconns);
+	info[INF_CURR_SSL_CONNS]                 = mkf_u32(0, global.sslconns);
+	info[INF_CUM_SSL_CONNS]                  = mkf_u32(FN_COUNTER, global.totalsslconns);
 #endif
 	info[INF_MAXPIPES]                       = mkf_u32(FO_CONFIG|FN_LIMIT, global.maxpipes);
 	info[INF_PIPES_USED]                     = mkf_u32(0, pipes_used);
-- 
1.7.10.4