MEDIUM: stats: add counters for failed handshake

Report on ssl stats the total number of handshakes terminated in a failure.
2025-03-06 19:38:22 +00:00 · 2020-11-13 16:05:00 +01:00 · 2020-11-13 16:05:00 +01:00 · 034c162b9b
commit 034c162b9b
parent f70b7db825
1 changed files with 36 additions and 25 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -143,28 +143,33 @@ DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_so
 enum {
 	SSL_ST_SESS,
 	SSL_ST_REUSED_SESS,
 	SSL_ST_FAILED_HANDSHAKE,
 	SSL_ST_STATS_COUNT /* must be the last member of the enum */
 };
 static struct name_desc ssl_stats[] = {
-	[SSL_ST_SESS]         = { .name = "ssl_sess",
+	[SSL_ST_SESS]             = { .name = "ssl_sess",
-	                          .desc = "Total number of ssl sessions established" },
+	                              .desc = "Total number of ssl sessions established" },
-	[SSL_ST_REUSED_SESS]  = { .name = "ssl_reused_sess",
+	[SSL_ST_REUSED_SESS]      = { .name = "ssl_reused_sess",
-	                          .desc = "Total number of ssl sessions reused" },
+	                              .desc = "Total number of ssl sessions reused" },
 	[SSL_ST_FAILED_HANDSHAKE] = { .name = "ssl_failed_handshake",
 	                              .desc = "Total number of failed handshake" },
 };
 static struct ssl_counters {
 	long long sess;
 	long long reused_sess;
 	long long failed_handshake;
 } ssl_counters;
 static void ssl_fill_stats(void *data, struct field *stats)
 {
 	struct ssl_counters *counters = data;
-	stats[SSL_ST_SESS]         = mkf_u64(FN_COUNTER, counters->sess);
+	stats[SSL_ST_SESS]             = mkf_u64(FN_COUNTER, counters->sess);
-	stats[SSL_ST_REUSED_SESS]  = mkf_u64(FN_COUNTER, counters->reused_sess);
+	stats[SSL_ST_REUSED_SESS]      = mkf_u64(FN_COUNTER, counters->reused_sess);
 	stats[SSL_ST_FAILED_HANDSHAKE] = mkf_u64(FN_COUNTER, counters->failed_handshake);
 }
 static struct stats_module ssl_stats_module = {
@ -5126,6 +5131,26 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
 	if (!conn_ctrl_ready(conn))
 		return 0;
 	/* get counters */
 	switch (obj_type(conn->target)) {
 	case OBJ_TYPE_LISTENER:
 		li = objt_listener(conn->target);
 		counters = EXTRA_COUNTERS_GET(li->extra_counters, &ssl_stats_module);
 		counters_px = EXTRA_COUNTERS_GET(li->bind_conf->frontend->extra_counters_fe,
 		                                 &ssl_stats_module);
 		break;
 	case OBJ_TYPE_SERVER:
 		srv = objt_server(conn->target);
 		counters = EXTRA_COUNTERS_GET(srv->extra_counters, &ssl_stats_module);
 		counters_px = EXTRA_COUNTERS_GET(srv->proxy->extra_counters_be,
 		                                 &ssl_stats_module);
 		break;
 	default:
 		break;
 	}
 	if (!conn->xprt_ctx)
 		goto out_error;
@ -5363,25 +5388,6 @@ reneg_ok:
 	if (global_ssl.async)
 		SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
 #endif
 	switch (obj_type(conn->target)) {
 	case OBJ_TYPE_LISTENER:
 		li = objt_listener(conn->target);
 		counters = EXTRA_COUNTERS_GET(li->extra_counters, &ssl_stats_module);
 		counters_px = EXTRA_COUNTERS_GET(li->bind_conf->frontend->extra_counters_fe,
 		                                 &ssl_stats_module);
 		break;
 	case OBJ_TYPE_SERVER:
 		srv = objt_server(conn->target);
 		counters = EXTRA_COUNTERS_GET(srv->extra_counters, &ssl_stats_module);
 		counters_px = EXTRA_COUNTERS_GET(srv->proxy->extra_counters_be,
 		                                 &ssl_stats_module);
 		break;
 	default:
 		break;
 	}
 	/* Handshake succeeded */
 	if (!SSL_session_reused(ctx->ssl)) {
 		if (objt_server(conn->target)) {
@ -5420,6 +5426,11 @@ reneg_ok:
 		__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
 	}
 	if (counters) {
 		++counters->failed_handshake;
 		++counters_px->failed_handshake;
 	}
 	/* Fail on all other handshake errors */
 	conn->flags |= CO_FL_ERROR;
 	if (!conn->err_code)