You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by François <fr...@gmail.com> on 2015/06/11 23:06:13 UTC

API change for TS-3683: provide a SSL setter for Session/Ticket Cache Hit

- JIRA ticket: TS-3683 ( https://issues.apache.org/jira/browse/TS-3683 )

- While metrics/statistics provide an aggregated result, we want to improve
our
  analysis on a per-request basis, possibly running map reduce tasks to
precisely
  correlates this cache hit/reuse to other numbers.  In our usage,
  SSL Session/Ticket Cache is implemented in a plugin, and while we
  provide the patch to allow core to implement that cache/hit internally, we
  need the API change for our version to work.

- An additional function would be added to ts.h:
  tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state);

  it will also require to #include <stdbool.h> in lib/ts/apidefs.h.in


- TSVConn vc: represents the SSLNetVConnection we want to access.

- bool state: true to indicate that SSL connection was retrieved from
session
              cache or a SSL ticket was positively verified.

API change is included into the following pull request:
https://github.com/apache/trafficserver/pull/218/files

Thanks,

- Francois

Re: API change for TS-3683: provide a SSL setter for Session/Ticket Cache Hit

Posted by James Peach <jp...@apache.org>.

> On Jun 11, 2015, at 2:06 PM, François <fr...@gmail.com> wrote:
> 
> - JIRA ticket: TS-3683 ( https://issues.apache.org/jira/browse/TS-3683 )
> 
> - While metrics/statistics provide an aggregated result, we want to improve
> our
>  analysis on a per-request basis, possibly running map reduce tasks to
> precisely
>  correlates this cache hit/reuse to other numbers.  In our usage,
>  SSL Session/Ticket Cache is implemented in a plugin, and while we
>  provide the patch to allow core to implement that cache/hit internally, we
>  need the API change for our version to work.
> 
> - An additional function would be added to ts.h:
>  tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state);
> 
>  it will also require to #include <stdbool.h> in lib/ts/apidefs.h.in

I don't have a strong opinion on whether this API is needed, though I'm slightly inclined to think that a more general approach to logs tags might be warranted. The alternative of having APIs to set each piece of data that might be logged seems undesirable. There seems to be a cross-cutting issue with Susan's session cache proposal ... maybe there's a better solution that serves both needs?

C99 is not required for TSAPI clients, so this needs to use "int" in place of "bool". 

> - TSVConn vc: represents the SSLNetVConnection we want to access.
> 
> - bool state: true to indicate that SSL connection was retrieved from
> session
>              cache or a SSL ticket was positively verified.
> 
> API change is included into the following pull request:
> https://github.com/apache/trafficserver/pull/218/files
> 
> Thanks,
> 
> - Francois