You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2015/07/08 14:25:35 UTC
[1/8] trafficserver git commit: TS-3683: Add a tag to log SSL
Session/Ticket HIT as well as TCP connection reused
Repository: trafficserver
Updated Branches:
refs/heads/master 065bf15a5 -> da0436222
TS-3683: Add a tag to log SSL Session/Ticket HIT as well as TCP connection reused
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/363a9044
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/363a9044
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/363a9044
Branch: refs/heads/master
Commit: 363a9044ab6421ef97dd3b07c1dd8b7016008d51
Parents: da0bd30
Author: Francois Pesce <fp...@yahoo-inc.com>
Authored: Thu Jun 11 10:02:57 2015 -0700
Committer: Francois Pesce <fp...@yahoo-inc.com>
Committed: Thu Jun 11 10:02:57 2015 -0700
----------------------------------------------------------------------
doc/admin/event-logging-formats.en.rst | 12 ++++++++++++
iocore/net/P_SSLNetVConnection.h | 11 +++++++++++
iocore/net/SSLNetVConnection.cc | 7 ++++---
iocore/net/SSLUtils.cc | 4 ++++
lib/ts/apidefs.h.in | 1 +
proxy/InkAPI.cc | 8 ++++++++
proxy/api/ts/ts.h | 1 +
proxy/http/HttpSM.cc | 12 ++++++++++--
proxy/http/HttpSM.h | 2 ++
proxy/logging/Log.cc | 10 ++++++++++
proxy/logging/LogAccess.cc | 18 ++++++++++++++++++
proxy/logging/LogAccess.h | 2 ++
proxy/logging/LogAccessHttp.cc | 28 ++++++++++++++++++++++++++++
proxy/logging/LogAccessHttp.h | 2 ++
14 files changed, 113 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/doc/admin/event-logging-formats.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/event-logging-formats.en.rst b/doc/admin/event-logging-formats.en.rst
index c538fc7..1b14d55 100644
--- a/doc/admin/event-logging-formats.en.rst
+++ b/doc/admin/event-logging-formats.en.rst
@@ -170,6 +170,18 @@ The following list describes Traffic Server custom logging fields.
mm is the two-digit minutes value, and ss is the 2-digit seconds
value (for example, 16:01:19).
+.. _cqtr:
+
+``cqtr``
+ The TCP reused status; indicates if this request went through an
+ already established connection.
+
+.. _cqssr:
+
+``cqssr``
+ The SSL session/ticket reused status; indicates if this request hit
+ the SSL session/ticket and avoided a full SSL handshake.
+
.. _cqtx:
``cqtx``
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/iocore/net/P_SSLNetVConnection.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index 2d7f5de..40c9913 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -107,6 +107,16 @@ public:
{
sslClientConnection = state;
};
+ virtual void
+ setSSLSessionCacheHit(bool state)
+ {
+ sslSessionCacheHit = state;
+ };
+ virtual bool
+ getSSLSessionCacheHit()
+ {
+ return sslSessionCacheHit;
+ };
int sslServerHandShakeEvent(int &err);
int sslClientHandShakeEvent(int &err);
virtual void net_read_io(NetHandler *nh, EThread *lthread);
@@ -214,6 +224,7 @@ private:
bool sslHandShakeComplete;
bool sslClientConnection;
bool sslClientRenegotiationAbort;
+ bool sslSessionCacheHit;
MIOBuffer *handShakeBuffer;
IOBufferReader *handShakeHolder;
IOBufferReader *handShakeReader;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 0d9c2a9..b0a54da 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -753,9 +753,9 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, int64_t &wattempted, i
SSLNetVConnection::SSLNetVConnection()
: ssl(NULL), sslHandshakeBeginTime(0), sslLastWriteTime(0), sslTotalBytesSent(0), hookOpRequested(TS_SSL_HOOK_OP_DEFAULT),
- sslHandShakeComplete(false), sslClientConnection(false), sslClientRenegotiationAbort(false), handShakeBuffer(NULL),
- handShakeHolder(NULL), handShakeReader(NULL), handShakeBioStored(0), sslPreAcceptHookState(SSL_HOOKS_INIT),
- sslHandshakeHookState(HANDSHAKE_HOOKS_PRE), npnSet(NULL), npnEndpoint(NULL)
+ sslHandShakeComplete(false), sslClientConnection(false), sslClientRenegotiationAbort(false), sslSessionCacheHit(false),
+ handShakeBuffer(NULL), handShakeHolder(NULL), handShakeReader(NULL), handShakeBioStored(0),
+ sslPreAcceptHookState(SSL_HOOKS_INIT), sslHandshakeHookState(HANDSHAKE_HOOKS_PRE), npnSet(NULL), npnEndpoint(NULL)
{
}
@@ -818,6 +818,7 @@ SSLNetVConnection::free(EThread *t)
sslLastWriteTime = 0;
sslTotalBytesSent = 0;
sslClientRenegotiationAbort = false;
+ sslSessionCacheHit = false;
if (SSL_HOOKS_ACTIVE == sslPreAcceptHookState) {
Error("SSLNetVconnection freed with outstanding hook");
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 2a31523..04a818d 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -201,6 +201,8 @@ ssl_get_cached_session(SSL *ssl, unsigned char *id, int len, int *copy)
SSL_SESSION *session = NULL;
if (session_cache->getSession(sid, &session)) {
+ SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
+ netvc->setSSLSessionCacheHit(true);
return session;
}
@@ -1928,6 +1930,8 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv,
if (i != 0) // The number of tickets decrypted with "older" keys.
SSL_INCREMENT_DYN_STAT(ssl_total_tickets_verified_old_key_stat);
+ SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
+ netvc->setSSLSessionCacheHit(true);
// When we decrypt with an "older" key, encrypt the ticket again with the most recent key.
return (i == 0) ? 1 : 2;
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/lib/ts/apidefs.h.in
----------------------------------------------------------------------
diff --git a/lib/ts/apidefs.h.in b/lib/ts/apidefs.h.in
index bd847f2..f697018 100644
--- a/lib/ts/apidefs.h.in
+++ b/lib/ts/apidefs.h.in
@@ -43,6 +43,7 @@
*
*/
+#include <stdbool.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index 41176ae..3eac33c 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -6531,6 +6531,14 @@ TSNetVConnRemoteAddrGet(TSVConn connp)
return vc->get_remote_addr();
}
+void
+TSNetVConnSSLSessionCachedHitSet(TSVConn connp, bool state)
+{
+ sdk_assert(sdk_sanity_check_iocore_structure(connp) == TS_SUCCESS);
+ SSLNetVConnection *vc = reinterpret_cast<SSLNetVConnection *>(connp);
+ vc->setSSLSessionCacheHit(state);
+}
+
TSAction
TSNetConnect(TSCont contp, sockaddr const *addr)
{
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/api/ts/ts.h
----------------------------------------------------------------------
diff --git a/proxy/api/ts/ts.h b/proxy/api/ts/ts.h
index 2ba589b..e9613a8 100644
--- a/proxy/api/ts/ts.h
+++ b/proxy/api/ts/ts.h
@@ -1702,6 +1702,7 @@ tsapi TSVConn TSTransformOutputVConnGet(TSVConn connp);
Net VConnections */
tsapi struct sockaddr const *TSNetVConnRemoteAddrGet(TSVConn vc);
+tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state);
/**
Opens a network connection to the host specified by ip on the port
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 9a8b2b3..f246382 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -276,8 +276,9 @@ HttpSM::HttpSM()
client_request_hdr_bytes(0), client_request_body_bytes(0), server_request_hdr_bytes(0), server_request_body_bytes(0),
server_response_hdr_bytes(0), server_response_body_bytes(0), client_response_hdr_bytes(0), client_response_body_bytes(0),
cache_response_hdr_bytes(0), cache_response_body_bytes(0), pushed_response_hdr_bytes(0), pushed_response_body_bytes(0),
- plugin_tag(0), plugin_id(0), hooks_set(false), cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0),
- callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false), kill_this_async_done(false), parse_range_done(false)
+ client_tcp_reused(false), client_ssl_reused(false), plugin_tag(0), plugin_id(0), hooks_set(false),
+ cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0), callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false),
+ kill_this_async_done(false), parse_range_done(false)
{
memset(&history, 0, sizeof(history));
memset(&vc_table, 0, sizeof(vc_table));
@@ -472,6 +473,13 @@ HttpSM::attach_client_session(HttpClientSession *client_vc, IOBufferReader *buff
ink_assert(client_vc != NULL);
ua_session = client_vc;
+
+ // Collect log & stats information
+ client_tcp_reused = (1 < ua_session->get_transact_count()) ? true : false;
+ SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(ua_session->get_netvc());
+ if (ssl_vc != NULL)
+ client_ssl_reused = ssl_vc->getSSLSessionCacheHit();
+
ink_release_assert(ua_session->get_half_close_flag() == false);
mutex = client_vc->mutex;
if (ua_session->debug())
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/http/HttpSM.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index 47f98eb..e8f3f94 100644
--- a/proxy/http/HttpSM.h
+++ b/proxy/http/HttpSM.h
@@ -493,6 +493,8 @@ public:
int64_t cache_response_body_bytes;
int pushed_response_hdr_bytes;
int64_t pushed_response_body_bytes;
+ bool client_tcp_reused;
+ bool client_ssl_reused;
TransactionMilestones milestones;
ink_hrtime api_timer;
// The next two enable plugins to tag the state machine for
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/Log.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc
index cfd83d1..92878a1 100644
--- a/proxy/logging/Log.cc
+++ b/proxy/logging/Log.cc
@@ -444,6 +444,16 @@ Log::init_fields()
global_field_list.add(field, false);
ink_hash_table_insert(field_symbol_hash, "cqbl", field);
+ field = new LogField("client_req_tcp_reused", "cqtr", LogField::dINT, &LogAccess::marshal_client_req_tcp_reused,
+ &LogAccess::unmarshal_int_to_str);
+ global_field_list.add(field, false);
+ ink_hash_table_insert(field_symbol_hash, "cqtr", field);
+
+ field = new LogField("client_req_ssl_reused", "cqssr", LogField::dINT, &LogAccess::marshal_client_req_ssl_reused,
+ &LogAccess::unmarshal_int_to_str);
+ global_field_list.add(field, false);
+ ink_hash_table_insert(field_symbol_hash, "cqssr", field);
+
Ptr<LogFieldAliasTable> finish_status_map = make_ptr(new LogFieldAliasTable);
finish_status_map->init(N_LOG_FINISH_CODE_TYPES, LOG_FINISH_FIN, "FIN", LOG_FINISH_INTR, "INTR", LOG_FINISH_TIMEOUT, "TIMEOUT");
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccess.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.cc b/proxy/logging/LogAccess.cc
index ce9afa1..4c3006f 100644
--- a/proxy/logging/LogAccess.cc
+++ b/proxy/logging/LogAccess.cc
@@ -229,6 +229,24 @@ LogAccess::marshal_client_req_body_len(char *buf)
-------------------------------------------------------------------------*/
int
+LogAccess::marshal_client_req_tcp_reused(char *buf)
+{
+ DEFAULT_INT_FIELD;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
+LogAccess::marshal_client_req_ssl_reused(char *buf)
+{
+ DEFAULT_INT_FIELD;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
LogAccess::marshal_client_finish_status_code(char *buf)
{
DEFAULT_INT_FIELD;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccess.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.h b/proxy/logging/LogAccess.h
index 77b5557..ae8e97f 100644
--- a/proxy/logging/LogAccess.h
+++ b/proxy/logging/LogAccess.h
@@ -185,6 +185,8 @@ public:
inkcoreapi virtual int marshal_client_req_http_version(char *); // INT
inkcoreapi virtual int marshal_client_req_header_len(char *); // INT
inkcoreapi virtual int marshal_client_req_body_len(char *); // INT
+ inkcoreapi virtual int marshal_client_req_tcp_reused(char *); // INT
+ inkcoreapi virtual int marshal_client_req_ssl_reused(char *); // INT
inkcoreapi virtual int marshal_client_finish_status_code(char *); // INT
//
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccessHttp.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.cc b/proxy/logging/LogAccessHttp.cc
index 438f48c..62d650a 100644
--- a/proxy/logging/LogAccessHttp.cc
+++ b/proxy/logging/LogAccessHttp.cc
@@ -563,6 +563,34 @@ LogAccessHttp::marshal_client_req_body_len(char *buf)
return INK_MIN_ALIGN;
}
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
+LogAccessHttp::marshal_client_req_tcp_reused(char *buf)
+{
+ if (buf) {
+ int64_t tcp_reused;
+ tcp_reused = m_http_sm->client_tcp_reused;
+ marshal_int(buf, tcp_reused);
+ }
+ return INK_MIN_ALIGN;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
+LogAccessHttp::marshal_client_req_ssl_reused(char *buf)
+{
+ if (buf) {
+ int64_t ssl_session_reused;
+ ssl_session_reused = m_http_sm->client_ssl_reused;
+ marshal_int(buf, ssl_session_reused);
+ }
+ return INK_MIN_ALIGN;
+}
+
int
LogAccessHttp::marshal_client_finish_status_code(char *buf)
{
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccessHttp.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.h b/proxy/logging/LogAccessHttp.h
index 04fbbc9..72d6f1a 100644
--- a/proxy/logging/LogAccessHttp.h
+++ b/proxy/logging/LogAccessHttp.h
@@ -70,6 +70,8 @@ public:
virtual int marshal_client_req_http_version(char *); // INT
virtual int marshal_client_req_header_len(char *); // INT
virtual int marshal_client_req_body_len(char *); // INT
+ virtual int marshal_client_req_tcp_reused(char *); // INT
+ virtual int marshal_client_req_ssl_reused(char *); // INT
virtual int marshal_client_finish_status_code(char *); // INT
//
[3/8] trafficserver git commit: Fix documentation,
add request-is-ssl (cqssl) log tag
Posted by sh...@apache.org.
Fix documentation, add request-is-ssl (cqssl) log tag
I'm usualy not fan of amending a branch to introduce new feature, but this one
worth it, as it relies directly on the code path (dynamic_cast) introduced to
fix TS-3683. Additionnaly it is related to improve measurements and related to
SSL as well.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0413469c
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0413469c
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0413469c
Branch: refs/heads/master
Commit: 0413469cfa982308779807ed7ba72f69348c3d93
Parents: e7c0cab
Author: Francois Pesce <fp...@yahoo-inc.com>
Authored: Fri Jun 26 06:12:50 2015 -0700
Committer: Francois Pesce <fp...@yahoo-inc.com>
Committed: Fri Jun 26 06:12:50 2015 -0700
----------------------------------------------------------------------
doc/admin/event-logging-formats.en.rst | 6 ++++++
doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst | 2 +-
proxy/http/HttpSM.cc | 10 ++++++----
proxy/http/HttpSM.h | 1 +
proxy/logging/Log.cc | 5 +++++
proxy/logging/LogAccess.cc | 9 +++++++++
proxy/logging/LogAccess.h | 1 +
proxy/logging/LogAccessHttp.cc | 14 ++++++++++++++
proxy/logging/LogAccessHttp.h | 1 +
9 files changed, 44 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/doc/admin/event-logging-formats.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/event-logging-formats.en.rst b/doc/admin/event-logging-formats.en.rst
index 1b14d55..5529638 100644
--- a/doc/admin/event-logging-formats.en.rst
+++ b/doc/admin/event-logging-formats.en.rst
@@ -176,6 +176,12 @@ The following list describes Traffic Server custom logging fields.
The TCP reused status; indicates if this request went through an
already established connection.
+.. _cqssl:
+
+``cqssl``
+ The SSL client request status indicates if this client connection
+ is over SSL.
+
.. _cqssr:
``cqssr``
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst b/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
index 64ad686..e98c550 100644
--- a/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
+++ b/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
@@ -15,7 +15,7 @@
permissions and limitations under the License.
-TSVConnIsSsl
+TSNetVConnSSLCachedHitSet
============
Synopsis
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index f246382..6df8d30 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -276,9 +276,9 @@ HttpSM::HttpSM()
client_request_hdr_bytes(0), client_request_body_bytes(0), server_request_hdr_bytes(0), server_request_body_bytes(0),
server_response_hdr_bytes(0), server_response_body_bytes(0), client_response_hdr_bytes(0), client_response_body_bytes(0),
cache_response_hdr_bytes(0), cache_response_body_bytes(0), pushed_response_hdr_bytes(0), pushed_response_body_bytes(0),
- client_tcp_reused(false), client_ssl_reused(false), plugin_tag(0), plugin_id(0), hooks_set(false),
- cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0), callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false),
- kill_this_async_done(false), parse_range_done(false)
+ client_tcp_reused(false), client_ssl_reused(false), client_connection_is_ssl(false), plugin_tag(0), plugin_id(0),
+ hooks_set(false), cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0), callout_state(HTTP_API_NO_CALLOUT),
+ terminate_sm(false), kill_this_async_done(false), parse_range_done(false)
{
memset(&history, 0, sizeof(history));
memset(&vc_table, 0, sizeof(vc_table));
@@ -477,8 +477,10 @@ HttpSM::attach_client_session(HttpClientSession *client_vc, IOBufferReader *buff
// Collect log & stats information
client_tcp_reused = (1 < ua_session->get_transact_count()) ? true : false;
SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(ua_session->get_netvc());
- if (ssl_vc != NULL)
+ if (ssl_vc != NULL) {
+ client_connection_is_ssl = true;
client_ssl_reused = ssl_vc->getSSLSessionCacheHit();
+ }
ink_release_assert(ua_session->get_half_close_flag() == false);
mutex = client_vc->mutex;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/proxy/http/HttpSM.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index e8f3f94..9508bbc 100644
--- a/proxy/http/HttpSM.h
+++ b/proxy/http/HttpSM.h
@@ -495,6 +495,7 @@ public:
int64_t pushed_response_body_bytes;
bool client_tcp_reused;
bool client_ssl_reused;
+ bool client_connection_is_ssl;
TransactionMilestones milestones;
ink_hrtime api_timer;
// The next two enable plugins to tag the state machine for
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/proxy/logging/Log.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc
index 92878a1..1e758bd 100644
--- a/proxy/logging/Log.cc
+++ b/proxy/logging/Log.cc
@@ -449,6 +449,11 @@ Log::init_fields()
global_field_list.add(field, false);
ink_hash_table_insert(field_symbol_hash, "cqtr", field);
+ field = new LogField("client_req_ssl_reused", "cqssl", LogField::dINT, &LogAccess::marshal_client_req_is_ssl,
+ &LogAccess::unmarshal_int_to_str);
+ global_field_list.add(field, false);
+ ink_hash_table_insert(field_symbol_hash, "cqssl", field);
+
field = new LogField("client_req_ssl_reused", "cqssr", LogField::dINT, &LogAccess::marshal_client_req_ssl_reused,
&LogAccess::unmarshal_int_to_str);
global_field_list.add(field, false);
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/proxy/logging/LogAccess.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.cc b/proxy/logging/LogAccess.cc
index 4c3006f..a90a017 100644
--- a/proxy/logging/LogAccess.cc
+++ b/proxy/logging/LogAccess.cc
@@ -238,6 +238,15 @@ LogAccess::marshal_client_req_tcp_reused(char *buf)
-------------------------------------------------------------------------*/
int
+LogAccess::marshal_client_req_is_ssl(char *buf)
+{
+ DEFAULT_INT_FIELD;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
LogAccess::marshal_client_req_ssl_reused(char *buf)
{
DEFAULT_INT_FIELD;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/proxy/logging/LogAccess.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.h b/proxy/logging/LogAccess.h
index ae8e97f..ca7d77a 100644
--- a/proxy/logging/LogAccess.h
+++ b/proxy/logging/LogAccess.h
@@ -186,6 +186,7 @@ public:
inkcoreapi virtual int marshal_client_req_header_len(char *); // INT
inkcoreapi virtual int marshal_client_req_body_len(char *); // INT
inkcoreapi virtual int marshal_client_req_tcp_reused(char *); // INT
+ inkcoreapi virtual int marshal_client_req_is_ssl(char *); // INT
inkcoreapi virtual int marshal_client_req_ssl_reused(char *); // INT
inkcoreapi virtual int marshal_client_finish_status_code(char *); // INT
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/proxy/logging/LogAccessHttp.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.cc b/proxy/logging/LogAccessHttp.cc
index 62d650a..fb1b5a9 100644
--- a/proxy/logging/LogAccessHttp.cc
+++ b/proxy/logging/LogAccessHttp.cc
@@ -581,6 +581,20 @@ LogAccessHttp::marshal_client_req_tcp_reused(char *buf)
-------------------------------------------------------------------------*/
int
+LogAccessHttp::marshal_client_req_is_ssl(char *buf)
+{
+ if (buf) {
+ int64_t is_ssl;
+ is_ssl = m_http_sm->client_connection_is_ssl;
+ marshal_int(buf, is_ssl);
+ }
+ return INK_MIN_ALIGN;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
LogAccessHttp::marshal_client_req_ssl_reused(char *buf)
{
if (buf) {
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0413469c/proxy/logging/LogAccessHttp.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.h b/proxy/logging/LogAccessHttp.h
index 72d6f1a..e97eaa8 100644
--- a/proxy/logging/LogAccessHttp.h
+++ b/proxy/logging/LogAccessHttp.h
@@ -71,6 +71,7 @@ public:
virtual int marshal_client_req_header_len(char *); // INT
virtual int marshal_client_req_body_len(char *); // INT
virtual int marshal_client_req_tcp_reused(char *); // INT
+ virtual int marshal_client_req_is_ssl(char *); // INT
virtual int marshal_client_req_ssl_reused(char *); // INT
virtual int marshal_client_finish_status_code(char *); // INT
[7/8] trafficserver git commit: Merge commit
'0413469cfa982308779807ed7ba72f69348c3d93' into ts-3683
Posted by sh...@apache.org.
Merge commit '0413469cfa982308779807ed7ba72f69348c3d93' into ts-3683
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/f3e13664
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/f3e13664
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/f3e13664
Branch: refs/heads/master
Commit: f3e13664ab20f60cb4bd2ffef1eb7d6a374a1698
Parents: 5a4350e 0413469
Author: shinrich <sh...@yahoo-inc.com>
Authored: Wed Jul 8 07:05:55 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Wed Jul 8 07:05:55 2015 -0500
----------------------------------------------------------------------
doc/admin/event-logging-formats.en.rst | 6 ++++++
doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst | 2 +-
proxy/http/HttpSM.cc | 10 ++++++----
proxy/http/HttpSM.h | 1 +
proxy/logging/Log.cc | 5 +++++
proxy/logging/LogAccess.cc | 9 +++++++++
proxy/logging/LogAccess.h | 1 +
proxy/logging/LogAccessHttp.cc | 14 ++++++++++++++
proxy/logging/LogAccessHttp.h | 1 +
9 files changed, 44 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f3e13664/doc/admin/event-logging-formats.en.rst
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f3e13664/proxy/http/HttpSM.cc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f3e13664/proxy/logging/Log.cc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f3e13664/proxy/logging/LogAccess.cc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f3e13664/proxy/logging/LogAccess.h
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f3e13664/proxy/logging/LogAccessHttp.cc
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f3e13664/proxy/logging/LogAccessHttp.h
----------------------------------------------------------------------
[4/8] trafficserver git commit: Address @SolidWallOfCode comment,
remove API
Posted by sh...@apache.org.
Address @SolidWallOfCode comment, remove API
+ correct comment about client request.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/aca56694
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/aca56694
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/aca56694
Branch: refs/heads/master
Commit: aca56694ec162b9c4914c466545eedd9d8b645f5
Parents: 0413469
Author: Francois Pesce <fp...@yahoo-inc.com>
Authored: Mon Jun 29 14:38:03 2015 -0700
Committer: Francois Pesce <fp...@yahoo-inc.com>
Committed: Mon Jun 29 14:38:03 2015 -0700
----------------------------------------------------------------------
doc/admin/event-logging-formats.en.rst | 4 +--
.../api/TSNetVConnSSLCachedHitSet.en.rst | 32 --------------------
proxy/InkAPI.cc | 8 -----
proxy/api/ts/ts.h | 1 -
4 files changed, 2 insertions(+), 43 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/aca56694/doc/admin/event-logging-formats.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/event-logging-formats.en.rst b/doc/admin/event-logging-formats.en.rst
index 5529638..1c7a5db 100644
--- a/doc/admin/event-logging-formats.en.rst
+++ b/doc/admin/event-logging-formats.en.rst
@@ -173,8 +173,8 @@ The following list describes Traffic Server custom logging fields.
.. _cqtr:
``cqtr``
- The TCP reused status; indicates if this request went through an
- already established connection.
+ The TCP reused status; indicates if this client request went through
+ an already established connection.
.. _cqssl:
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/aca56694/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst b/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
deleted file mode 100644
index e98c550..0000000
--- a/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
+++ /dev/null
@@ -1,32 +0,0 @@
-.. Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed
- with this work for additional information regarding copyright
- ownership. The ASF licenses this file to you under the Apache
- License, Version 2.0 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied. See the License for the specific language governing
- permissions and limitations under the License.
-
-
-TSNetVConnSSLCachedHitSet
-============
-
-Synopsis
---------
-
-`#include <ts/ts.h>`
-
-.. c:function:: void TSNetVConnSSLCachedHitSet(TSVConn vc, int state)
-
-Description
------------
-
- Mark an SSL Connection as reused, which means that an SSL Session Cache or an SSL Ticket have been used to prevent a full handshake for this SSL Connection.
-
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/aca56694/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index 22828d6..41176ae 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -6531,14 +6531,6 @@ TSNetVConnRemoteAddrGet(TSVConn connp)
return vc->get_remote_addr();
}
-void
-TSNetVConnSSLSessionCachedHitSet(TSVConn connp, int state)
-{
- sdk_assert(sdk_sanity_check_iocore_structure(connp) == TS_SUCCESS);
- SSLNetVConnection *vc = reinterpret_cast<SSLNetVConnection *>(connp);
- vc->setSSLSessionCacheHit((0 != state) ? true : false);
-}
-
TSAction
TSNetConnect(TSCont contp, sockaddr const *addr)
{
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/aca56694/proxy/api/ts/ts.h
----------------------------------------------------------------------
diff --git a/proxy/api/ts/ts.h b/proxy/api/ts/ts.h
index 6583273..2ba589b 100644
--- a/proxy/api/ts/ts.h
+++ b/proxy/api/ts/ts.h
@@ -1702,7 +1702,6 @@ tsapi TSVConn TSTransformOutputVConnGet(TSVConn connp);
Net VConnections */
tsapi struct sockaddr const *TSNetVConnRemoteAddrGet(TSVConn vc);
-tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, int state);
/**
Opens a network connection to the host specified by ip on the port
[6/8] trafficserver git commit: Merge commit
'e7c0cab16038f057a79d91f532c0c130f5ed3314' into ts-3683
Posted by sh...@apache.org.
Merge commit 'e7c0cab16038f057a79d91f532c0c130f5ed3314' into ts-3683
Conflicts:
iocore/net/SSLNetVConnection.cc
iocore/net/SSLUtils.cc
proxy/InkAPI.cc
proxy/api/ts/ts.h
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/5a4350e6
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/5a4350e6
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/5a4350e6
Branch: refs/heads/master
Commit: 5a4350e6067ac868e54538467ec83a9413853143
Parents: 71752c7 e7c0cab
Author: shinrich <sh...@yahoo-inc.com>
Authored: Wed Jul 8 07:03:57 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Wed Jul 8 07:03:57 2015 -0500
----------------------------------------------------------------------
.../api/TSNetVConnSSLCachedHitSet.en.rst | 32 ++++++++++++++++++++
iocore/net/SSLUtils.cc | 1 +
proxy/InkAPI.cc | 8 -----
proxy/api/ts/ts.h | 1 -
4 files changed, 33 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5a4350e6/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --cc iocore/net/SSLUtils.cc
index bd250d1,04a818d..06dee1d
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@@ -209,17 -201,12 +209,18 @@@ ssl_get_cached_session(SSL *ssl, unsign
SSL_SESSION *session = NULL;
if (session_cache->getSession(sid, &session)) {
- SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
- netvc->setSSLSessionCacheHit(true);
- return session;
+ // Double check the timeout
+ if (session && ssl_session_timed_out(session)) {
+ // Due to bug in openssl, the timeout is checked, but only removed
+ // from the openssl built-in hash table. The external remove cb is not called
+ ssl_rm_cached_session(SSL_get_SSL_CTX(ssl), session);
+ session = NULL;
+ } else if (session) {
+ SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
++ netvc->setSSLSessionCacheHit(true);
+ }
}
-
- return NULL;
+ return session;
}
static int
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5a4350e6/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --cc proxy/InkAPI.cc
index 13aa19c,22828d6..16973b1
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@@ -6475,14 -6531,14 +6475,6 @@@ TSNetVConnRemoteAddrGet(TSVConn connp
return vc->get_remote_addr();
}
--void
- TSNetVConnSSLSessionCachedHitSet(TSVConn connp, bool state)
-TSNetVConnSSLSessionCachedHitSet(TSVConn connp, int state)
--{
-- sdk_assert(sdk_sanity_check_iocore_structure(connp) == TS_SUCCESS);
-- SSLNetVConnection *vc = reinterpret_cast<SSLNetVConnection *>(connp);
- vc->setSSLSessionCacheHit(state);
- vc->setSSLSessionCacheHit((0 != state) ? true : false);
--}
--
TSAction
TSNetConnect(TSCont contp, sockaddr const *addr)
{
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/5a4350e6/proxy/api/ts/ts.h
----------------------------------------------------------------------
diff --cc proxy/api/ts/ts.h
index 9ba2551,6583273..882d10d
--- a/proxy/api/ts/ts.h
+++ b/proxy/api/ts/ts.h
@@@ -1704,7 -1702,7 +1704,6 @@@ tsapi TSVConn TSTransformOutputVConnGet
Net VConnections */
tsapi struct sockaddr const *TSNetVConnRemoteAddrGet(TSVConn vc);
- tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state);
-tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, int state);
/**
Opens a network connection to the host specified by ip on the port
[8/8] trafficserver git commit: Merge commit
'aca56694ec162b9c4914c466545eedd9d8b645f5' into ts-3683
Posted by sh...@apache.org.
Merge commit 'aca56694ec162b9c4914c466545eedd9d8b645f5' into ts-3683
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/da043622
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/da043622
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/da043622
Branch: refs/heads/master
Commit: da04362227ef91b27aa7d02e9238f1ceae68689d
Parents: f3e1366 aca5669
Author: shinrich <sh...@yahoo-inc.com>
Authored: Wed Jul 8 07:06:25 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Wed Jul 8 07:06:25 2015 -0500
----------------------------------------------------------------------
doc/admin/event-logging-formats.en.rst | 4 +--
.../api/TSNetVConnSSLCachedHitSet.en.rst | 32 --------------------
2 files changed, 2 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/da043622/doc/admin/event-logging-formats.en.rst
----------------------------------------------------------------------
[2/8] trafficserver git commit: Address James Peach mail comment
about bool in API. Add documentation / manpage for API change.
Posted by sh...@apache.org.
Address James Peach mail comment about bool in API.
Add documentation / manpage for API change.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/e7c0cab1
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/e7c0cab1
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/e7c0cab1
Branch: refs/heads/master
Commit: e7c0cab16038f057a79d91f532c0c130f5ed3314
Parents: 363a904
Author: Francois Pesce <fp...@yahoo-inc.com>
Authored: Wed Jun 17 16:24:37 2015 -0700
Committer: Francois Pesce <fp...@yahoo-inc.com>
Committed: Wed Jun 17 16:24:37 2015 -0700
----------------------------------------------------------------------
.../api/TSNetVConnSSLCachedHitSet.en.rst | 32 ++++++++++++++++++++
lib/ts/apidefs.h.in | 1 -
proxy/InkAPI.cc | 4 +--
proxy/api/ts/ts.h | 2 +-
4 files changed, 35 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e7c0cab1/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst b/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
new file mode 100644
index 0000000..64ad686
--- /dev/null
+++ b/doc/reference/api/TSNetVConnSSLCachedHitSet.en.rst
@@ -0,0 +1,32 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed
+ with this work for additional information regarding copyright
+ ownership. The ASF licenses this file to you under the Apache
+ License, Version 2.0 (the "License"); you may not use this file
+ except in compliance with the License. You may obtain a copy of
+ the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied. See the License for the specific language governing
+ permissions and limitations under the License.
+
+
+TSVConnIsSsl
+============
+
+Synopsis
+--------
+
+`#include <ts/ts.h>`
+
+.. c:function:: void TSNetVConnSSLCachedHitSet(TSVConn vc, int state)
+
+Description
+-----------
+
+ Mark an SSL Connection as reused, which means that an SSL Session Cache or an SSL Ticket have been used to prevent a full handshake for this SSL Connection.
+
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e7c0cab1/lib/ts/apidefs.h.in
----------------------------------------------------------------------
diff --git a/lib/ts/apidefs.h.in b/lib/ts/apidefs.h.in
index f697018..bd847f2 100644
--- a/lib/ts/apidefs.h.in
+++ b/lib/ts/apidefs.h.in
@@ -43,7 +43,6 @@
*
*/
-#include <stdbool.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e7c0cab1/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index 3eac33c..22828d6 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -6532,11 +6532,11 @@ TSNetVConnRemoteAddrGet(TSVConn connp)
}
void
-TSNetVConnSSLSessionCachedHitSet(TSVConn connp, bool state)
+TSNetVConnSSLSessionCachedHitSet(TSVConn connp, int state)
{
sdk_assert(sdk_sanity_check_iocore_structure(connp) == TS_SUCCESS);
SSLNetVConnection *vc = reinterpret_cast<SSLNetVConnection *>(connp);
- vc->setSSLSessionCacheHit(state);
+ vc->setSSLSessionCacheHit((0 != state) ? true : false);
}
TSAction
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/e7c0cab1/proxy/api/ts/ts.h
----------------------------------------------------------------------
diff --git a/proxy/api/ts/ts.h b/proxy/api/ts/ts.h
index e9613a8..6583273 100644
--- a/proxy/api/ts/ts.h
+++ b/proxy/api/ts/ts.h
@@ -1702,7 +1702,7 @@ tsapi TSVConn TSTransformOutputVConnGet(TSVConn connp);
Net VConnections */
tsapi struct sockaddr const *TSNetVConnRemoteAddrGet(TSVConn vc);
-tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state);
+tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, int state);
/**
Opens a network connection to the host specified by ip on the port
[5/8] trafficserver git commit: Checkpoint commit
363a9044ab6421ef97dd3b07c1dd8b7016008d51
Posted by sh...@apache.org.
Checkpoint commit 363a9044ab6421ef97dd3b07c1dd8b7016008d51
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/71752c74
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/71752c74
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/71752c74
Branch: refs/heads/master
Commit: 71752c741ac8b49d432dd4b13f5ea2a7f176b37e
Parents: 065bf15
Author: shinrich <sh...@yahoo-inc.com>
Authored: Wed Jul 8 07:01:16 2015 -0500
Committer: shinrich <sh...@yahoo-inc.com>
Committed: Wed Jul 8 07:01:16 2015 -0500
----------------------------------------------------------------------
doc/admin/event-logging-formats.en.rst | 12 ++++++++++++
iocore/net/P_SSLNetVConnection.h | 11 +++++++++++
iocore/net/SSLNetVConnection.cc | 3 ++-
iocore/net/SSLUtils.cc | 4 ++++
lib/ts/apidefs.h.in | 1 +
proxy/InkAPI.cc | 8 ++++++++
proxy/api/ts/ts.h | 1 +
proxy/http/HttpSM.cc | 12 ++++++++++--
proxy/http/HttpSM.h | 2 ++
proxy/logging/Log.cc | 10 ++++++++++
proxy/logging/LogAccess.cc | 18 ++++++++++++++++++
proxy/logging/LogAccess.h | 2 ++
proxy/logging/LogAccessHttp.cc | 28 ++++++++++++++++++++++++++++
proxy/logging/LogAccessHttp.h | 2 ++
14 files changed, 111 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/doc/admin/event-logging-formats.en.rst
----------------------------------------------------------------------
diff --git a/doc/admin/event-logging-formats.en.rst b/doc/admin/event-logging-formats.en.rst
index 2687bc1..178a8a9 100644
--- a/doc/admin/event-logging-formats.en.rst
+++ b/doc/admin/event-logging-formats.en.rst
@@ -170,6 +170,18 @@ The following list describes Traffic Server custom logging fields.
mm is the two-digit minutes value, and ss is the 2-digit seconds
value (for example, 16:01:19).
+.. _cqtr:
+
+``cqtr``
+ The TCP reused status; indicates if this request went through an
+ already established connection.
+
+.. _cqssr:
+
+``cqssr``
+ The SSL session/ticket reused status; indicates if this request hit
+ the SSL session/ticket and avoided a full SSL handshake.
+
.. _cqtx:
``cqtx``
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/iocore/net/P_SSLNetVConnection.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index e71d76e..6a583f5 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -107,6 +107,16 @@ public:
{
sslClientConnection = state;
};
+ virtual void
+ setSSLSessionCacheHit(bool state)
+ {
+ sslSessionCacheHit = state;
+ };
+ virtual bool
+ getSSLSessionCacheHit()
+ {
+ return sslSessionCacheHit;
+ };
int sslServerHandShakeEvent(int &err);
int sslClientHandShakeEvent(int &err);
virtual void net_read_io(NetHandler *nh, EThread *lthread);
@@ -250,6 +260,7 @@ private:
bool sslHandShakeComplete;
bool sslClientConnection;
bool sslClientRenegotiationAbort;
+ bool sslSessionCacheHit;
MIOBuffer *handShakeBuffer;
IOBufferReader *handShakeHolder;
IOBufferReader *handShakeReader;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 2524bbb..b50f058 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -790,7 +790,7 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, int64_t &wattempted, i
SSLNetVConnection::SSLNetVConnection()
: ssl(NULL), sslHandshakeBeginTime(0), sslLastWriteTime(0), sslTotalBytesSent(0), hookOpRequested(TS_SSL_HOOK_OP_DEFAULT),
- sslHandShakeComplete(false), sslClientConnection(false), sslClientRenegotiationAbort(false), handShakeBuffer(NULL),
+ sslHandShakeComplete(false), sslClientConnection(false), sslClientRenegotiationAbort(false), sslSessionCacheHit(false), handShakeBuffer(NULL),
handShakeHolder(NULL), handShakeReader(NULL), handShakeBioStored(0), sslPreAcceptHookState(SSL_HOOKS_INIT),
sslHandshakeHookState(HANDSHAKE_HOOKS_PRE), npnSet(NULL), npnEndpoint(NULL), sessionAcceptPtr(NULL), iobuf(NULL), reader(NULL),
eosRcvd(false)
@@ -870,6 +870,7 @@ SSLNetVConnection::free(EThread *t)
sslLastWriteTime = 0;
sslTotalBytesSent = 0;
sslClientRenegotiationAbort = false;
+ sslSessionCacheHit = false;
if (SSL_HOOKS_ACTIVE == sslPreAcceptHookState) {
Error("SSLNetVconnection freed with outstanding hook");
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 6f64330..bd250d1 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -215,6 +215,8 @@ ssl_get_cached_session(SSL *ssl, unsigned char *id, int len, int *copy)
// from the openssl built-in hash table. The external remove cb is not called
ssl_rm_cached_session(SSL_get_SSL_CTX(ssl), session);
session = NULL;
+ } else if (session) {
+ SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
}
}
return session;
@@ -1950,6 +1952,8 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv,
if (i != 0) // The number of tickets decrypted with "older" keys.
SSL_INCREMENT_DYN_STAT(ssl_total_tickets_verified_old_key_stat);
+ SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl);
+ netvc->setSSLSessionCacheHit(true);
// When we decrypt with an "older" key, encrypt the ticket again with the most recent key.
return (i == 0) ? 1 : 2;
}
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/lib/ts/apidefs.h.in
----------------------------------------------------------------------
diff --git a/lib/ts/apidefs.h.in b/lib/ts/apidefs.h.in
index aa510ff..dca1ff5 100644
--- a/lib/ts/apidefs.h.in
+++ b/lib/ts/apidefs.h.in
@@ -43,6 +43,7 @@
*
*/
+#include <stdbool.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/socket.h>
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/InkAPI.cc
----------------------------------------------------------------------
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index 16973b1..13aa19c 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -6475,6 +6475,14 @@ TSNetVConnRemoteAddrGet(TSVConn connp)
return vc->get_remote_addr();
}
+void
+TSNetVConnSSLSessionCachedHitSet(TSVConn connp, bool state)
+{
+ sdk_assert(sdk_sanity_check_iocore_structure(connp) == TS_SUCCESS);
+ SSLNetVConnection *vc = reinterpret_cast<SSLNetVConnection *>(connp);
+ vc->setSSLSessionCacheHit(state);
+}
+
TSAction
TSNetConnect(TSCont contp, sockaddr const *addr)
{
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/api/ts/ts.h
----------------------------------------------------------------------
diff --git a/proxy/api/ts/ts.h b/proxy/api/ts/ts.h
index 882d10d..9ba2551 100644
--- a/proxy/api/ts/ts.h
+++ b/proxy/api/ts/ts.h
@@ -1704,6 +1704,7 @@ tsapi TSVConn TSTransformOutputVConnGet(TSVConn connp);
Net VConnections */
tsapi struct sockaddr const *TSNetVConnRemoteAddrGet(TSVConn vc);
+tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state);
/**
Opens a network connection to the host specified by ip on the port
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/http/HttpSM.cc
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 37caa6e..cfd5f9c 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -276,8 +276,9 @@ HttpSM::HttpSM()
client_request_hdr_bytes(0), client_request_body_bytes(0), server_request_hdr_bytes(0), server_request_body_bytes(0),
server_response_hdr_bytes(0), server_response_body_bytes(0), client_response_hdr_bytes(0), client_response_body_bytes(0),
cache_response_hdr_bytes(0), cache_response_body_bytes(0), pushed_response_hdr_bytes(0), pushed_response_body_bytes(0),
- plugin_tag(0), plugin_id(0), hooks_set(false), cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0),
- callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false), kill_this_async_done(false), parse_range_done(false)
+ client_tcp_reused(false), client_ssl_reused(false), plugin_tag(0), plugin_id(0), hooks_set(false),
+ cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0), callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false),
+ kill_this_async_done(false), parse_range_done(false)
{
memset(&history, 0, sizeof(history));
memset(&vc_table, 0, sizeof(vc_table));
@@ -472,6 +473,13 @@ HttpSM::attach_client_session(HttpClientSession *client_vc, IOBufferReader *buff
ink_assert(client_vc != NULL);
ua_session = client_vc;
+
+ // Collect log & stats information
+ client_tcp_reused = (1 < ua_session->get_transact_count()) ? true : false;
+ SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(ua_session->get_netvc());
+ if (ssl_vc != NULL)
+ client_ssl_reused = ssl_vc->getSSLSessionCacheHit();
+
ink_release_assert(ua_session->get_half_close_flag() == false);
mutex = client_vc->mutex;
if (ua_session->debug())
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/http/HttpSM.h
----------------------------------------------------------------------
diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h
index 47f98eb..e8f3f94 100644
--- a/proxy/http/HttpSM.h
+++ b/proxy/http/HttpSM.h
@@ -493,6 +493,8 @@ public:
int64_t cache_response_body_bytes;
int pushed_response_hdr_bytes;
int64_t pushed_response_body_bytes;
+ bool client_tcp_reused;
+ bool client_ssl_reused;
TransactionMilestones milestones;
ink_hrtime api_timer;
// The next two enable plugins to tag the state machine for
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/logging/Log.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc
index eee7892..6cb712e 100644
--- a/proxy/logging/Log.cc
+++ b/proxy/logging/Log.cc
@@ -454,6 +454,16 @@ Log::init_fields()
global_field_list.add(field, false);
ink_hash_table_insert(field_symbol_hash, "cqbl", field);
+ field = new LogField("client_req_tcp_reused", "cqtr", LogField::dINT, &LogAccess::marshal_client_req_tcp_reused,
+ &LogAccess::unmarshal_int_to_str);
+ global_field_list.add(field, false);
+ ink_hash_table_insert(field_symbol_hash, "cqtr", field);
+
+ field = new LogField("client_req_ssl_reused", "cqssr", LogField::dINT, &LogAccess::marshal_client_req_ssl_reused,
+ &LogAccess::unmarshal_int_to_str);
+ global_field_list.add(field, false);
+ ink_hash_table_insert(field_symbol_hash, "cqssr", field);
+
Ptr<LogFieldAliasTable> finish_status_map = make_ptr(new LogFieldAliasTable);
finish_status_map->init(N_LOG_FINISH_CODE_TYPES, LOG_FINISH_FIN, "FIN", LOG_FINISH_INTR, "INTR", LOG_FINISH_TIMEOUT, "TIMEOUT");
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/logging/LogAccess.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.cc b/proxy/logging/LogAccess.cc
index f43e71c..abe9886 100644
--- a/proxy/logging/LogAccess.cc
+++ b/proxy/logging/LogAccess.cc
@@ -236,6 +236,24 @@ LogAccess::marshal_client_req_body_len(char *buf)
-------------------------------------------------------------------------*/
int
+LogAccess::marshal_client_req_tcp_reused(char *buf)
+{
+ DEFAULT_INT_FIELD;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
+LogAccess::marshal_client_req_ssl_reused(char *buf)
+{
+ DEFAULT_INT_FIELD;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
LogAccess::marshal_client_finish_status_code(char *buf)
{
DEFAULT_INT_FIELD;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/logging/LogAccess.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccess.h b/proxy/logging/LogAccess.h
index 83121fd..67eff71 100644
--- a/proxy/logging/LogAccess.h
+++ b/proxy/logging/LogAccess.h
@@ -185,6 +185,8 @@ public:
inkcoreapi virtual int marshal_client_req_http_version(char *); // INT
inkcoreapi virtual int marshal_client_req_header_len(char *); // INT
inkcoreapi virtual int marshal_client_req_body_len(char *); // INT
+ inkcoreapi virtual int marshal_client_req_tcp_reused(char *); // INT
+ inkcoreapi virtual int marshal_client_req_ssl_reused(char *); // INT
inkcoreapi virtual int marshal_client_finish_status_code(char *); // INT
//
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/logging/LogAccessHttp.cc
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.cc b/proxy/logging/LogAccessHttp.cc
index 4b46475..c224a2e 100644
--- a/proxy/logging/LogAccessHttp.cc
+++ b/proxy/logging/LogAccessHttp.cc
@@ -601,6 +601,34 @@ LogAccessHttp::marshal_client_req_body_len(char *buf)
return INK_MIN_ALIGN;
}
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
+LogAccessHttp::marshal_client_req_tcp_reused(char *buf)
+{
+ if (buf) {
+ int64_t tcp_reused;
+ tcp_reused = m_http_sm->client_tcp_reused;
+ marshal_int(buf, tcp_reused);
+ }
+ return INK_MIN_ALIGN;
+}
+
+/*-------------------------------------------------------------------------
+ -------------------------------------------------------------------------*/
+
+int
+LogAccessHttp::marshal_client_req_ssl_reused(char *buf)
+{
+ if (buf) {
+ int64_t ssl_session_reused;
+ ssl_session_reused = m_http_sm->client_ssl_reused;
+ marshal_int(buf, ssl_session_reused);
+ }
+ return INK_MIN_ALIGN;
+}
+
int
LogAccessHttp::marshal_client_finish_status_code(char *buf)
{
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/71752c74/proxy/logging/LogAccessHttp.h
----------------------------------------------------------------------
diff --git a/proxy/logging/LogAccessHttp.h b/proxy/logging/LogAccessHttp.h
index 587a248..87c5b81 100644
--- a/proxy/logging/LogAccessHttp.h
+++ b/proxy/logging/LogAccessHttp.h
@@ -70,6 +70,8 @@ public:
virtual int marshal_client_req_http_version(char *); // INT
virtual int marshal_client_req_header_len(char *); // INT
virtual int marshal_client_req_body_len(char *); // INT
+ virtual int marshal_client_req_tcp_reused(char *); // INT
+ virtual int marshal_client_req_ssl_reused(char *); // INT
virtual int marshal_client_finish_status_code(char *); // INT
//