TS-1146: added counters to TLS ticket callback
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a65742cd Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a65742cd Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a65742cd Branch: refs/heads/master Commit: a65742cd81de5f21ed65d7bc8d7ece2046c5ff6d Parents: 5762069 Author: Alexey Ivanov <[email protected]> Authored: Fri Jul 4 21:05:01 2014 -0700 Committer: Brian Geffon <[email protected]> Committed: Thu Jul 17 10:23:51 2014 -0700 ---------------------------------------------------------------------- iocore/net/P_SSLUtils.h | 4 ++++ iocore/net/SSLUtils.cc | 19 ++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a65742cd/iocore/net/P_SSLUtils.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h index 5145cb7..b1bf01c 100644 --- a/iocore/net/P_SSLUtils.h +++ b/iocore/net/P_SSLUtils.h @@ -64,6 +64,10 @@ enum SSL_Stats ssl_user_agent_session_timeout_stat, ssl_total_handshake_time_stat, ssl_total_success_handshake_count_stat, + ssl_total_tickets_created_stat, + ssl_total_tickets_verified_stat, + ssl_total_tickets_not_found_stat, + ssl_total_tickets_renewed_stat, ssl_cipher_stats_start = 100, ssl_cipher_stats_end = 300, http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a65742cd/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 2d26adc..5ee77e2 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -644,6 +644,21 @@ SSLInitializeStatistics() RECD_INT, RECP_PERSISTENT, (int) ssl_total_success_handshake_count_stat, RecRawStatSyncCount); + // TLS tickets + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_created", + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_created_stat, + RecRawStatSyncCount); + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_verified", + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_verified_stat, + RecRawStatSyncCount); + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_not_found", + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_not_found_stat, + RecRawStatSyncCount); + // TODO: ticket renewal is not used right now. + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, "proxy.process.ssl.total_tickets_renewed", + RECD_INT, RECP_PERSISTENT, (int) ssl_total_tickets_renewed_stat, + RecRawStatSyncCount); + // Get and register the SSL cipher stats. Note that we are using the default SSL context to obtain // the cipher list. This means that the set of ciphers is fixed by the build configuration and not // filtered by proxy.config.ssl.server.cipher_suite. This keeps the set of cipher suites stable across @@ -1493,11 +1508,12 @@ ssl_callback_session_ticket( EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, ssl_ticket_key->aes_key, iv); HMAC_Init_ex(hctx, ssl_ticket_key->hmac_secret, 16, evp_md_func, NULL); Debug("ssl", "create ticket for a new session"); - + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat); return 0; } else if (enc == 0) { if (memcmp(keyname, ssl_ticket_key->key_name, 16)) { Error("keyname is not consistent."); + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_not_found_stat); return 0; } @@ -1505,6 +1521,7 @@ ssl_callback_session_ticket( HMAC_Init_ex(hctx, ssl_ticket_key->hmac_secret, 16, evp_md_func, NULL); Debug("ssl", "verify the ticket for an existing session."); + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_verified_stat); return 1; }
