On Jul 17, 2014, at 10:24 AM, [email protected] wrote: > TS-1146: added counters to TLS ticket callback
This is a new feature, so it should have had a new Jira ticket. > > > Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo > Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a65742cd > Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a65742cd > Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a65742cd > > Branch: refs/heads/master > Commit: a65742cd81de5f21ed65d7bc8d7ece2046c5ff6d > Parents: 5762069 > Author: Alexey Ivanov <[email protected]> > Authored: Fri Jul 4 21:05:01 2014 -0700 > Committer: Brian Geffon <[email protected]> > Committed: Thu Jul 17 10:23:51 2014 -0700 > > ---------------------------------------------------------------------- > iocore/net/P_SSLUtils.h | 4 ++++ > iocore/net/SSLUtils.cc | 19 ++++++++++++++++++- > 2 files changed, 22 insertions(+), 1 deletion(-) > ---------------------------------------------------------------------- > > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a65742cd/iocore/net/P_SSLUtils.h > ---------------------------------------------------------------------- > diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h > index 5145cb7..b1bf01c 100644 > --- a/iocore/net/P_SSLUtils.h > +++ b/iocore/net/P_SSLUtils.h > @@ -64,6 +64,10 @@ enum SSL_Stats > ssl_user_agent_session_timeout_stat, > ssl_total_handshake_time_stat, > ssl_total_success_handshake_count_stat, > + ssl_total_tickets_created_stat, > + ssl_total_tickets_verified_stat, > + ssl_total_tickets_not_found_stat, > + ssl_total_tickets_renewed_stat, > > ssl_cipher_stats_start = 100, > ssl_cipher_stats_end = 300, > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a65742cd/iocore/net/SSLUtils.cc > ---------------------------------------------------------------------- > diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc > index 2d26adc..5ee77e2 100644 > --- a/iocore/net/SSLUtils.cc > +++ b/iocore/net/SSLUtils.cc > @@ -644,6 +644,21 @@ SSLInitializeStatistics() > RECD_INT, RECP_PERSISTENT, (int) > ssl_total_success_handshake_count_stat, > RecRawStatSyncCount); > > + // TLS tickets > + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, > "proxy.process.ssl.total_tickets_created", > + RECD_INT, RECP_PERSISTENT, (int) > ssl_total_tickets_created_stat, > + RecRawStatSyncCount); > + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, > "proxy.process.ssl.total_tickets_verified", > + RECD_INT, RECP_PERSISTENT, (int) > ssl_total_tickets_verified_stat, > + RecRawStatSyncCount); > + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, > "proxy.process.ssl.total_tickets_not_found", > + RECD_INT, RECP_PERSISTENT, (int) > ssl_total_tickets_not_found_stat, > + RecRawStatSyncCount); > + // TODO: ticket renewal is not used right now. > + RecRegisterRawStat(ssl_rsb, RECT_PROCESS, > "proxy.process.ssl.total_tickets_renewed", > + RECD_INT, RECP_PERSISTENT, (int) > ssl_total_tickets_renewed_stat, > + RecRawStatSyncCount); I think that better stat names would be: proxy.process.ssl.session_tickets.created proxy.process.ssl.session_tickets.verified proxy.process.ssl.session_tickets.not_found proxy.process.ssl.session_tickets.renewed This namespacing makes it easier to collect the group in metrics systems, ie. proxy.process.ssl.session_tickets.* > + > // Get and register the SSL cipher stats. Note that we are using the > default SSL context to obtain > // the cipher list. This means that the set of ciphers is fixed by the > build configuration and not > // filtered by proxy.config.ssl.server.cipher_suite. This keeps the set of > cipher suites stable across > @@ -1493,11 +1508,12 @@ ssl_callback_session_ticket( > EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL, > ssl_ticket_key->aes_key, iv); > HMAC_Init_ex(hctx, ssl_ticket_key->hmac_secret, 16, evp_md_func, NULL); > Debug("ssl", "create ticket for a new session"); > - > + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_created_stat); > return 0; > } else if (enc == 0) { > if (memcmp(keyname, ssl_ticket_key->key_name, 16)) { > Error("keyname is not consistent."); > + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_not_found_stat); > return 0; > } > > @@ -1505,6 +1521,7 @@ ssl_callback_session_ticket( > HMAC_Init_ex(hctx, ssl_ticket_key->hmac_secret, 16, evp_md_func, NULL); > > Debug("ssl", "verify the ticket for an existing session."); > + SSL_INCREMENT_DYN_STAT(ssl_total_tickets_verified_stat); > return 1; > } > >
