RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-11 03:31:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: add counters for ssl sessions

Browse Source 
Add counters for newly established and resumed sessions.
This commit is contained in:
Amaury Denoyelle 2020-11-03 17:10:02 +01:00 committed by Willy Tarreau
parent fbc3377cd4
commit d0447a7c3e
1 changed files with 40 additions and 0 deletions

40
src/ssl_sock.c
View File

@ -142,6 +142,8 @@ DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_so
/* ssl stats module */ /* ssl stats module */
enum { enum {
SSL_ST_CLIENT_HELLO, SSL_ST_CLIENT_HELLO,
SSL_ST_SESS,
SSL_ST_REUSED_SESS,
SSL_ST_STATS_COUNT /* must be the last member of the enum */ SSL_ST_STATS_COUNT /* must be the last member of the enum */
}; };
@ -149,10 +151,17 @@ enum {
static struct name_desc ssl_stats[] = { static struct name_desc ssl_stats[] = {
[SSL_ST_CLIENT_HELLO] = { .name = "ssl_client_hello", [SSL_ST_CLIENT_HELLO] = { .name = "ssl_client_hello",
.desc = "Total number of ssl client hello received" }, .desc = "Total number of ssl client hello received" },
[SSL_ST_SESS] = { .name = "ssl_sess",
.desc = "Total number of ssl sessions established" },
[SSL_ST_REUSED_SESS] = { .name = "ssl_reused_sess",
.desc = "Total number of ssl sessions reused" },
}; };
static struct ssl_counters { static struct ssl_counters {
long long client_hello; long long client_hello;
long long sess;
long long reused_sess;
} ssl_counters; } ssl_counters;
static void ssl_fill_stats(void *data, struct field *stats) static void ssl_fill_stats(void *data, struct field *stats)
@ -160,6 +169,8 @@ static void ssl_fill_stats(void *data, struct field *stats)
struct ssl_counters *counters = data; struct ssl_counters *counters = data;
stats[SSL_ST_CLIENT_HELLO] = mkf_u64(FN_COUNTER, counters->client_hello); stats[SSL_ST_CLIENT_HELLO] = mkf_u64(FN_COUNTER, counters->client_hello);
stats[SSL_ST_SESS] = mkf_u64(FN_COUNTER, counters->sess);
stats[SSL_ST_REUSED_SESS] = mkf_u64(FN_COUNTER, counters->reused_sess);
} }
static struct stats_module ssl_stats_module = { static struct stats_module ssl_stats_module = {
@ -5118,6 +5129,9 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
{ {
struct ssl_sock_ctx *ctx = conn->xprt_ctx; struct ssl_sock_ctx *ctx = conn->xprt_ctx;
int ret; int ret;
struct ssl_counters *counters, *counters_px;
struct listener *li;
struct server *srv;
if (!conn_ctrl_ready(conn)) if (!conn_ctrl_ready(conn))
return 0; return 0;
@ -5359,6 +5373,25 @@ reneg_ok:
if (global_ssl.async) if (global_ssl.async)
SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC); SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
#endif #endif
switch (obj_type(conn->target)) {
case OBJ_TYPE_LISTENER:
li = objt_listener(conn->target);
counters = EXTRA_COUNTERS_GET(li->extra_counters, &ssl_stats_module);
counters_px = EXTRA_COUNTERS_GET(li->bind_conf->frontend->extra_counters_fe,
&ssl_stats_module);
break;
case OBJ_TYPE_SERVER:
srv = objt_server(conn->target);
counters = EXTRA_COUNTERS_GET(srv->extra_counters, &ssl_stats_module);
counters_px = EXTRA_COUNTERS_GET(srv->proxy->extra_counters_be,
&ssl_stats_module);
break;
default:
break;
}
/* Handshake succeeded */ /* Handshake succeeded */
if (!SSL_session_reused(ctx->ssl)) { if (!SSL_session_reused(ctx->ssl)) {
if (objt_server(conn->target)) { if (objt_server(conn->target)) {
@ -5371,6 +5404,13 @@ reneg_ok:
if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max) if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr; global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
} }
++counters->sess;
++counters_px->sess;
}
else {
++counters->reused_sess;
++counters_px->reused_sess;
} }
/* The connection is now established at both layers, it's time to leave */ /* The connection is now established at both layers, it's time to leave */