nnrpd rate limits and ssl

Mon Jun 4 17:16:37 UTC 2001

On 4 Jun 2001, Russ Allbery wrote:

> In other words, if you or anyone else wants to make the rate limiting
> apply to SSL connections too, that would be great.

And done.  That wasn't bad at all.


-- 
Jeffrey M. Vinocur
jeff at litech.org


-- Attached file included as plaintext by Listar --
-- File: nnrpd-ratelimitssl

diff -ur inn-CURRENT-20010529/doc/man/readers.conf.5 inn-CURRENT-20010529-modified/doc/man/readers.conf.5

--- inn-CURRENT-20010529/doc/man/readers.conf.5	Tue May 29 05:00:25 2001
+++ inn-CURRENT-20010529-modified/doc/man/readers.conf.5	Mon Jun  4 13:11:36 2001
@@ -467,8 +467,8 @@
 .IX Item "max_rate:"
 If this parameter is present (and nonzero) it is used for nnrpd's 
 rate-limiting code.  The client will only be able to download at this 
-speed (in bytes/second).  Note that at present these limits are 
-ignored if compiled with \s-1SSL\s0 support.
+speed (in bytes/second).  Note that if \s-1SSL\s0 is being used, limiting
+is applied to the pre-encryption datastream.
 .Ip "\fBlocaltime:\fR" 4
 .IX Item "localtime:"
 If a Date: header is not included in a posted article, \fInnrpd\fR\|(8) normally
diff -ur inn-CURRENT-20010529/nnrpd/article.c inn-CURRENT-20010529-modified/nnrpd/article.c
--- inn-CURRENT-20010529/nnrpd/article.c	Tue May 29 05:01:15 2001
+++ inn-CURRENT-20010529-modified/nnrpd/article.c	Mon Jun  4 13:07:57 2001
@@ -63,6 +63,19 @@
 static struct iovec	iov[IOV_MAX];
 static int		queued_iov = 0;
 
+bool PushIOvHelper(struct iovec* vec, int* countp) {
+    int result;
+#ifdef HAVE_SSL
+    result = tls_conn
+	     ? SSL_writev(tls_conn, vec, *countp)
+	     : writev(STDOUT_FILENO, vec, *countp);
+#else
+    result = writev(STDOUT_FILENO, vec, *countp);
+#endif
+    *countp = 0;
+    return (result <= 0 ? FALSE : TRUE);
+}
+
 bool PushIOvRateLimited(void) {
     struct timeval      start, end;
     struct iovec        newiov[IOV_MAX];
@@ -92,10 +105,8 @@
 	    }
 	}
 	gettimeofday(&start, NULL);
-	if (writev(STDOUT_FILENO, newiov, newiov_len) <= 0) {
-	    queued_iov = 0;
+	if (PushIOvHelper(newiov, &newiov_len) == FALSE)
 	    return FALSE;
-	}
 	gettimeofday(&end, NULL);
 	/* Normalize it so we can just do straight subtraction */
 	if (end.tv_usec < start.tv_usec) {
@@ -126,28 +137,9 @@
 
 bool PushIOv(void) {
     fflush(stdout);
-#ifdef HAVE_SSL
-    if (tls_conn) {
-      if (SSL_writev(tls_conn, iov, queued_iov) <= 0) {
-        queued_iov = 0;
-	return FALSE;
-      }
-    } else {
-      if (writev(STDOUT_FILENO, iov, queued_iov) <= 0) {
-        queued_iov = 0;
-	return FALSE;
-      }
-    }
-#else
     if (MaxBytesPerSecond != 0)
 	return PushIOvRateLimited();
-    if (writev(STDOUT_FILENO, iov, queued_iov) <= 0) {
-      queued_iov = 0;
-      return FALSE;
-    }
-#endif
-    queued_iov = 0;
-    return TRUE;
+    return PushIOvHelper(iov, &queued_iov);
 }
 
 bool SendIOv(char *p, int len) {

