You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by James Peach <jp...@apache.org> on 2014/07/17 19:38:58 UTC
Re: [2/3] git commit: TS-1146: added counters to TLS ticket callback
On Jul 17, 2014, at 10:24 AM, briang@apache.org wrote:
> TS-1146: added counters to TLS ticket callback
This is a new feature, so it should have had a new Jira ticket.
>
>
> Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
> Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a65742cd
> Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a65742cd
> Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a65742cd
>
> Branch: refs/heads/master
> Commit: a65742cd81de5f21ed65d7bc8d7ece2046c5ff6d
> Parents: 5762069
> Author: Alexey Ivanov <ai...@linkedin.com>
> Authored: Fri Jul 4 21:05:01 2014 -0700
> Committer: Brian Geffon <br...@apache.org>
> Committed: Thu Jul 17 10:23:51 2014 -0700
>
> ----------------------------------------------------------------------
> iocore/net/P_SSLUtils.h | 4 ++++
> iocore/net/SSLUtils.cc | 19 ++++++++++++++++++-
> 2 files changed, 22 insertions(+), 1 deletion(-)
> ----------------------------------------------------------------------
>
>
> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a65742cd/iocore/net/P_SSLUtils.h
> ----------------------------------------------------------------------
> diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h
> index 5145cb7..b1bf01c 100644
> --- a/iocore/net/P_SSLUtils.h
> +++ b/iocore/net/P_SSLUtils.h
> @@ -64,6 +64,10 @@ enum SSL_Stats
> ssl_user_agent_session_timeout_stat,
> ssl_total_handshake_time_stat,
> ssl_total_success_handshake_count_stat,
> + ssl_total_tickets_created_stat,
> + ssl_total_tickets_verified_stat,
> + ssl_total_tickets_not_found_stat,
> + ssl_total_tickets_renewed_stat,
>
> ssl_cipher_stats_start = 100,
> ssl_cipher_stats_end = 300,
>
> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a65742cd/iocore/net/SSLUtils.cc
> ----------------------------------------------------------------------
> diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
> index 2d26adc..5ee77e2 100644
> --- a/iocore/net/SSLUtils.cc
> +++ b/iocore/net/SSLUtils.cc
> @@ -644,6 +644,21 @@ SSLInitializeStatistics()
> RECD_INT, RECP_PERSISTENT, (int) ssl_total_success_handshake_count_stat,
> RecRawStatSyncCount);
>
> + // TLS tickets
> + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_created",
> + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_created_stat,
> + RecRawStatSyncCount);
> + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_verified",
> + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_verified_stat,
> + RecRawStatSyncCount);
> + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_not_found",
> + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_not_found_stat,
> + RecRawStatSyncCount);
> + // TODO: ticket renewal is not used right now.
> + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_renewed",
> + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_renewed_stat,
> + RecRawStatSyncCount);
I think that better stat names would be:
proxy.process.ssl.session_tickets.created
proxy.process.ssl.session_tickets.verified
proxy.process.ssl.session_tickets.not_found
proxy.process.ssl.session_tickets.renewed
This namespacing makes it easier to collect the group in metrics systems, ie. proxy.process.ssl.session_tickets.*
> +
> // Get and register the SSL cipher stats. Note that we are using the default SSL context to obtain
> // the cipher list. This means that the set of ciphers is fixed by the build configuration and not
> // filtered by proxy.config.ssl.server.cipher_suite. This keeps the set of cipher suites stable across
> @@ -1493,11 +1508,12 @@ ssl_callback_session_ticket(
> EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, ssl_ticket_key->aes_key, iv);
> HMAC_Init_ex(hctx, ssl_ticket_key->hmac_secret, 16, evp_md_func, NULL);
> Debug("ssl", "create ticket for a new session");
> -
> + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat);
> return 0;
> } else if (enc == 0) {
> if (memcmp(keyname, ssl_ticket_key->key_name, 16)) {
> Error("keyname is not consistent.");
> + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_not_found_stat);
> return 0;
> }
>
> @@ -1505,6 +1521,7 @@ ssl_callback_session_ticket(
> HMAC_Init_ex(hctx, ssl_ticket_key->hmac_secret, 16, evp_md_func, NULL);
>
> Debug("ssl", "verify the ticket for an existing session.");
> + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_verified_stat);
> return 1;
> }
>
>