MINOR: stats: report SSL key computations per second

It's commonly needed to know how many SSL asymmetric keys are computed
per second on either side (frontend or backend), and to know the SSL
session reuse ratio. Now we compute these values and report them in
"show info".

include/types/global.h

@@ -90,11 +90,14 @@ struct global {
 	struct freq_ctr conn_per_sec;
 	struct freq_ctr sess_per_sec;
 	struct freq_ctr ssl_per_sec;
+	struct freq_ctr ssl_fe_keys_per_sec;
+	struct freq_ctr ssl_be_keys_per_sec;
 	struct freq_ctr comp_bps_in;	/* bytes per second, before http compression */
 	struct freq_ctr comp_bps_out;	/* bytes per second, after http compression */
 	int cps_lim, cps_max;
 	int sps_lim, sps_max;
 	int ssl_lim, ssl_max;
+	int ssl_fe_keys_max, ssl_be_keys_max;
 	int comp_rate_lim;           /* HTTP compression rate limit */
 	int maxpipes;		/* max # of pipes */
 	int maxsock;		/* max # of sockets */

src/dumpstats.c

@@ -2420,6 +2420,17 @@ static int stats_dump_info_to_buffer(struct stream_interface *si)
 {
 	unsigned int up = (now.tv_sec - start_date.tv_sec);
 
+#ifdef USE_OPENSSL
+	int ssl_sess_rate = read_freq_ctr(&global.ssl_per_sec);
+	int ssl_key_rate = read_freq_ctr(&global.ssl_fe_keys_per_sec);
+	int ssl_reuse = 0;
+
+	if (ssl_key_rate < ssl_sess_rate) {
+		/* count the ssl reuse ratio and avoid overflows in both directions */
+		ssl_reuse = 100 - (100 * ssl_key_rate + (ssl_sess_rate - 1) / 2) / ssl_sess_rate;
+	}
+#endif
+
 	chunk_printf(&trash,
 	             "Name: " PRODUCT_NAME "\n"
 	             "Version: " HAPROXY_VERSION "\n"
@@ -2455,6 +2466,11 @@ static int stats_dump_info_to_buffer(struct stream_interface *si)
 	             "SslRate: %d\n"
 	             "SslRateLimit: %d\n"
 	             "MaxSslRate: %d\n"
+		     "SslFrontendKeyRate: %d\n"
+		     "SslFrontendMaxKeyRate: %d\n"
+		     "SslFrontendSessionReuse_pct: %d\n"
+		     "SslBackendKeyRate: %d\n"
+		     "SslBackendMaxKeyRate: %d\n"
 #endif
 	             "CompressBpsIn: %u\n"
 	             "CompressBpsOut: %u\n"
@@ -2485,7 +2501,10 @@ static int stats_dump_info_to_buffer(struct stream_interface *si)
 	             read_freq_ctr(&global.conn_per_sec), global.cps_lim, global.cps_max,
 	             read_freq_ctr(&global.sess_per_sec), global.sps_lim, global.sps_max,
 #ifdef USE_OPENSSL
-	             read_freq_ctr(&global.ssl_per_sec), global.ssl_lim, global.ssl_max,
+	             ssl_sess_rate, global.ssl_lim, global.ssl_max,
+	             ssl_key_rate, global.ssl_fe_keys_max,
+	             ssl_reuse,
+	             read_freq_ctr(&global.ssl_be_keys_per_sec), global.ssl_be_keys_max,
 #endif
 	             read_freq_ctr(&global.comp_bps_in), read_freq_ctr(&global.comp_bps_out),
 	             global.comp_rate_lim,

src/ssl_sock.c

@@ -1447,14 +1447,23 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag)
 reneg_ok:
 
 	/* Handshake succeeded */
-	if (objt_server(conn->target)) {
-		if (!SSL_session_reused(conn->xprt_ctx)) {
+	if (!SSL_session_reused(conn->xprt_ctx)) {
+		if (objt_server(conn->target)) {
+			update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
+			if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
+				global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
+
 			/* check if session was reused, if not store current session on server for reuse */
 			if (objt_server(conn->target)->ssl_ctx.reused_sess)
 				SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);
 
 			objt_server(conn->target)->ssl_ctx.reused_sess = SSL_get1_session(conn->xprt_ctx);
 		}
+		else {
+			update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
+			if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
+				global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
+		}
 	}
 
 	/* The connection is now established at both layers, it's time to leave */