使当前的套接字服务器设计适应SSL(C ++,GSK,spawnp()) [英] Adapting current socket server design to SSL (C++, GSK, spawnp())
问题描述
这可能是一个很大的不",但是我有一个当前的三层套接字体系结构.第1层什么也没有做,只是设置了必要的步骤才能成为普通的套接字服务器,然后永远处于循环中并调用accept().当accept()成功返回时,现在打开的套接字将通过sendmsg()传递到第2层程序池,这些程序将抢占该套接字并开始读取内容并将其保存在临时文件中.然后,该第2层程序读取初始数据,并确定应调用哪个处理程序(第3层)程序来处理数据以返回套接字.目前,第2层通过spawnp()将仍然打开的套接字传递给第3层处理程序.第3层程序(大约有20个左右的程序)处理数据并在Internet上的某个位置建立对原始源的响应.我希望使用GSK使我的原始套接字系统适应SSL,因此我需要一些方法将GSK会话句柄或 something 传递给我的3层程序,但到目前为止仍未成功.该三层程序是在发送响应后最终在套接字上执行任何最终close()的程序.
This is probably a big fat 'no' but I have a current socket architecture that is 3-tiered. Tier 1 does nothing but set up the requisite steps in order to become a vanilla socket server and then sits in a loop forever calling accept(). When accept() returns successfully that now-open socket is passed via sendmsg() to a pool of tier-2 programs that grab the socket and begin reading the contents and saving the contents in a temp file. This tier-2 program then reads the initial data and determines which handler (tier-3) program it should call to process the data for a response back on the socket. Presently tier-2 pass the still-open socket to the tier-3 handler program via spawnp(). The tier-3 program (which there are approx 20 different ones or so) process the data and builds a response back to the original source somewhere on the internet. I'm looking to adapt my vanilla socket system to SSL using GSK, so I need some method to pass a GSK session handle or something to my tier-3 program but have been unsuccessful so far. This tier-3 program is the one that finally does any final close() on the socket after a response has been sent.
我可以提供某种图形来显示感兴趣的参与者,但是我是新来的,不知道是否行得通.
I can provide some kind of graphical drawing to show interested parties, but I'm new here and don't know if that will work.
无论如何,我想在SSL中使用当前代码和鞋拔.目前,我正在V7R1机器上使用GSK.在我目前的设计中,我想把套接字传递过来没什么大不了的,因为事实并非如此.但是,似乎我无法使用SSL进行此操作,因为它在常规TCP之上具有其自己的API/协议.我迷路了.如果您不使用HTTPS,那么关于SSL的信息很少,如果您使用400上的C ++,则信息甚至更少.
Anyway, I want to use my current code and shoehorn in SSL. At the moment I'm using GSK on a V7R1 machine. With my current design I'm passing the socket around likes it's no big deal, because it isn't. However, it seems like I can't do this with SSL because it has it's own API/protocol on top of regular TCP. I'm lost. There's precious little information out there for SSL if you're not doing HTTPS and of course even less if you're doing C++ on the 400.
我的基本问题是如何将一个打开的SSL套接字从一个进程传递到另一个进程?有可能吗?
My basic question is how can you pass an open SSL socket around from one process to another? Possible?
AS/400的GSK信息 http://pic.dhe. ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Fapis%2Fgsk_secure_soc_misc.htm
GSK info for the AS/400 http://pic.dhe.ibm.com/infocenter/iseries/v7r1m0/index.jsp?topic=%2Fapis%2Fgsk_secure_soc_misc.htm
推荐答案
在进程之间传递文件描述符很容易,因为内核处理管理文件描述符,并且具有内置的机制在进程之间传递文件描述符. SSL和GSKit是位于内核之上的应用程序级库,它不知道其用法,因此您必须找到某种方式将这些信息传递给您的进程.
It is easy to pass file descriptors across processes because the kernel handles managing file descriptors and has a built in mechanism to pass them between processes. SSL and GSKit are application level libraries that sit above the kernel and it has no knowledge about their use, so you'll have to find some way to pass that information to your processes.
看起来会话句柄只是指向堆中某些存储的指针.由于单层存储的设计,您可以通过共享内存(memmap,shmget/shmat等)复制它们.您只需要确保打开GSK环境的进程不会消失,否则激活组将被清除并且那些指针将变为无效.如果您将要有多个线程访问共享数据结构,则可能还需要在它们周围放置一个互斥锁或其他锁定原语.
It looks like the session handles are just pointers to some storage in heap. Due to the design of Single Level Store, you could copy them via shared memory (memmap, shmget/shmat, ...). You just have to ensure that the process that opened the GSK environment doesn't die or the activation group will get cleaned up and those pointers will become invalid. You also will probably need to put a mutex or some other locking primitive around them if you're going to have multiple threads accessing the shared data structure.
请注意,我还没有尝试过,所以这只是我的理论.
Note that I have not tried this, so this is all just theory on my part.
这篇关于使当前的套接字服务器设计适应SSL(C ++,GSK,spawnp())的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
