Repository: trafficserver Updated Branches: refs/heads/master 065bf15a5 -> da0436222
TS-3683: Add a tag to log SSL Session/Ticket HIT as well as TCP connection reused Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/363a9044 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/363a9044 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/363a9044 Branch: refs/heads/master Commit: 363a9044ab6421ef97dd3b07c1dd8b7016008d51 Parents: da0bd30 Author: Francois Pesce <[email protected]> Authored: Thu Jun 11 10:02:57 2015 -0700 Committer: Francois Pesce <[email protected]> Committed: Thu Jun 11 10:02:57 2015 -0700 ---------------------------------------------------------------------- doc/admin/event-logging-formats.en.rst | 12 ++++++++++++ iocore/net/P_SSLNetVConnection.h | 11 +++++++++++ iocore/net/SSLNetVConnection.cc | 7 ++++--- iocore/net/SSLUtils.cc | 4 ++++ lib/ts/apidefs.h.in | 1 + proxy/InkAPI.cc | 8 ++++++++ proxy/api/ts/ts.h | 1 + proxy/http/HttpSM.cc | 12 ++++++++++-- proxy/http/HttpSM.h | 2 ++ proxy/logging/Log.cc | 10 ++++++++++ proxy/logging/LogAccess.cc | 18 ++++++++++++++++++ proxy/logging/LogAccess.h | 2 ++ proxy/logging/LogAccessHttp.cc | 28 ++++++++++++++++++++++++++++ proxy/logging/LogAccessHttp.h | 2 ++ 14 files changed, 113 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/doc/admin/event-logging-formats.en.rst ---------------------------------------------------------------------- diff --git a/doc/admin/event-logging-formats.en.rst b/doc/admin/event-logging-formats.en.rst index c538fc7..1b14d55 100644 --- a/doc/admin/event-logging-formats.en.rst +++ b/doc/admin/event-logging-formats.en.rst @@ -170,6 +170,18 @@ The following list describes Traffic Server custom logging fields. mm is the two-digit minutes value, and ss is the 2-digit seconds value (for example, 16:01:19). +.. _cqtr: + +``cqtr`` + The TCP reused status; indicates if this request went through an + already established connection. + +.. _cqssr: + +``cqssr`` + The SSL session/ticket reused status; indicates if this request hit + the SSL session/ticket and avoided a full SSL handshake. + .. _cqtx: ``cqtx`` http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/iocore/net/P_SSLNetVConnection.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index 2d7f5de..40c9913 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -107,6 +107,16 @@ public: { sslClientConnection = state; }; + virtual void + setSSLSessionCacheHit(bool state) + { + sslSessionCacheHit = state; + }; + virtual bool + getSSLSessionCacheHit() + { + return sslSessionCacheHit; + }; int sslServerHandShakeEvent(int &err); int sslClientHandShakeEvent(int &err); virtual void net_read_io(NetHandler *nh, EThread *lthread); @@ -214,6 +224,7 @@ private: bool sslHandShakeComplete; bool sslClientConnection; bool sslClientRenegotiationAbort; + bool sslSessionCacheHit; MIOBuffer *handShakeBuffer; IOBufferReader *handShakeHolder; IOBufferReader *handShakeReader; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/iocore/net/SSLNetVConnection.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 0d9c2a9..b0a54da 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -753,9 +753,9 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, int64_t &wattempted, i SSLNetVConnection::SSLNetVConnection() : ssl(NULL), sslHandshakeBeginTime(0), sslLastWriteTime(0), sslTotalBytesSent(0), hookOpRequested(TS_SSL_HOOK_OP_DEFAULT), - sslHandShakeComplete(false), sslClientConnection(false), sslClientRenegotiationAbort(false), handShakeBuffer(NULL), - handShakeHolder(NULL), handShakeReader(NULL), handShakeBioStored(0), sslPreAcceptHookState(SSL_HOOKS_INIT), - sslHandshakeHookState(HANDSHAKE_HOOKS_PRE), npnSet(NULL), npnEndpoint(NULL) + sslHandShakeComplete(false), sslClientConnection(false), sslClientRenegotiationAbort(false), sslSessionCacheHit(false), + handShakeBuffer(NULL), handShakeHolder(NULL), handShakeReader(NULL), handShakeBioStored(0), + sslPreAcceptHookState(SSL_HOOKS_INIT), sslHandshakeHookState(HANDSHAKE_HOOKS_PRE), npnSet(NULL), npnEndpoint(NULL) { } @@ -818,6 +818,7 @@ SSLNetVConnection::free(EThread *t) sslLastWriteTime = 0; sslTotalBytesSent = 0; sslClientRenegotiationAbort = false; + sslSessionCacheHit = false; if (SSL_HOOKS_ACTIVE == sslPreAcceptHookState) { Error("SSLNetVconnection freed with outstanding hook"); } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 2a31523..04a818d 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -201,6 +201,8 @@ ssl_get_cached_session(SSL *ssl, unsigned char *id, int len, int *copy) SSL_SESSION *session = NULL; if (session_cache->getSession(sid, &session)) { + SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl); + netvc->setSSLSessionCacheHit(true); return session; } @@ -1928,6 +1930,8 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv, if (i != 0) // The number of tickets decrypted with "older" keys. SSL_INCREMENT_DYN_STAT(ssl_total_tickets_verified_old_key_stat); + SSLNetVConnection *netvc = (SSLNetVConnection *)SSL_get_app_data(ssl); + netvc->setSSLSessionCacheHit(true); // When we decrypt with an "older" key, encrypt the ticket again with the most recent key. return (i == 0) ? 1 : 2; } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/lib/ts/apidefs.h.in ---------------------------------------------------------------------- diff --git a/lib/ts/apidefs.h.in b/lib/ts/apidefs.h.in index bd847f2..f697018 100644 --- a/lib/ts/apidefs.h.in +++ b/lib/ts/apidefs.h.in @@ -43,6 +43,7 @@ * */ +#include <stdbool.h> #include <stdint.h> #include <sys/types.h> #include <sys/socket.h> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/InkAPI.cc ---------------------------------------------------------------------- diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc index 41176ae..3eac33c 100644 --- a/proxy/InkAPI.cc +++ b/proxy/InkAPI.cc @@ -6531,6 +6531,14 @@ TSNetVConnRemoteAddrGet(TSVConn connp) return vc->get_remote_addr(); } +void +TSNetVConnSSLSessionCachedHitSet(TSVConn connp, bool state) +{ + sdk_assert(sdk_sanity_check_iocore_structure(connp) == TS_SUCCESS); + SSLNetVConnection *vc = reinterpret_cast<SSLNetVConnection *>(connp); + vc->setSSLSessionCacheHit(state); +} + TSAction TSNetConnect(TSCont contp, sockaddr const *addr) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/api/ts/ts.h ---------------------------------------------------------------------- diff --git a/proxy/api/ts/ts.h b/proxy/api/ts/ts.h index 2ba589b..e9613a8 100644 --- a/proxy/api/ts/ts.h +++ b/proxy/api/ts/ts.h @@ -1702,6 +1702,7 @@ tsapi TSVConn TSTransformOutputVConnGet(TSVConn connp); Net VConnections */ tsapi struct sockaddr const *TSNetVConnRemoteAddrGet(TSVConn vc); +tsapi void TSNetVConnSSLCachedHitSet(TSVConn vc, bool state); /** Opens a network connection to the host specified by ip on the port http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/http/HttpSM.cc ---------------------------------------------------------------------- diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 9a8b2b3..f246382 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -276,8 +276,9 @@ HttpSM::HttpSM() client_request_hdr_bytes(0), client_request_body_bytes(0), server_request_hdr_bytes(0), server_request_body_bytes(0), server_response_hdr_bytes(0), server_response_body_bytes(0), client_response_hdr_bytes(0), client_response_body_bytes(0), cache_response_hdr_bytes(0), cache_response_body_bytes(0), pushed_response_hdr_bytes(0), pushed_response_body_bytes(0), - plugin_tag(0), plugin_id(0), hooks_set(false), cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0), - callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false), kill_this_async_done(false), parse_range_done(false) + client_tcp_reused(false), client_ssl_reused(false), plugin_tag(0), plugin_id(0), hooks_set(false), + cur_hook_id(TS_HTTP_LAST_HOOK), cur_hook(NULL), cur_hooks(0), callout_state(HTTP_API_NO_CALLOUT), terminate_sm(false), + kill_this_async_done(false), parse_range_done(false) { memset(&history, 0, sizeof(history)); memset(&vc_table, 0, sizeof(vc_table)); @@ -472,6 +473,13 @@ HttpSM::attach_client_session(HttpClientSession *client_vc, IOBufferReader *buff ink_assert(client_vc != NULL); ua_session = client_vc; + + // Collect log & stats information + client_tcp_reused = (1 < ua_session->get_transact_count()) ? true : false; + SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(ua_session->get_netvc()); + if (ssl_vc != NULL) + client_ssl_reused = ssl_vc->getSSLSessionCacheHit(); + ink_release_assert(ua_session->get_half_close_flag() == false); mutex = client_vc->mutex; if (ua_session->debug()) http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/http/HttpSM.h ---------------------------------------------------------------------- diff --git a/proxy/http/HttpSM.h b/proxy/http/HttpSM.h index 47f98eb..e8f3f94 100644 --- a/proxy/http/HttpSM.h +++ b/proxy/http/HttpSM.h @@ -493,6 +493,8 @@ public: int64_t cache_response_body_bytes; int pushed_response_hdr_bytes; int64_t pushed_response_body_bytes; + bool client_tcp_reused; + bool client_ssl_reused; TransactionMilestones milestones; ink_hrtime api_timer; // The next two enable plugins to tag the state machine for http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/Log.cc ---------------------------------------------------------------------- diff --git a/proxy/logging/Log.cc b/proxy/logging/Log.cc index cfd83d1..92878a1 100644 --- a/proxy/logging/Log.cc +++ b/proxy/logging/Log.cc @@ -444,6 +444,16 @@ Log::init_fields() global_field_list.add(field, false); ink_hash_table_insert(field_symbol_hash, "cqbl", field); + field = new LogField("client_req_tcp_reused", "cqtr", LogField::dINT, &LogAccess::marshal_client_req_tcp_reused, + &LogAccess::unmarshal_int_to_str); + global_field_list.add(field, false); + ink_hash_table_insert(field_symbol_hash, "cqtr", field); + + field = new LogField("client_req_ssl_reused", "cqssr", LogField::dINT, &LogAccess::marshal_client_req_ssl_reused, + &LogAccess::unmarshal_int_to_str); + global_field_list.add(field, false); + ink_hash_table_insert(field_symbol_hash, "cqssr", field); + Ptr<LogFieldAliasTable> finish_status_map = make_ptr(new LogFieldAliasTable); finish_status_map->init(N_LOG_FINISH_CODE_TYPES, LOG_FINISH_FIN, "FIN", LOG_FINISH_INTR, "INTR", LOG_FINISH_TIMEOUT, "TIMEOUT"); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccess.cc ---------------------------------------------------------------------- diff --git a/proxy/logging/LogAccess.cc b/proxy/logging/LogAccess.cc index ce9afa1..4c3006f 100644 --- a/proxy/logging/LogAccess.cc +++ b/proxy/logging/LogAccess.cc @@ -229,6 +229,24 @@ LogAccess::marshal_client_req_body_len(char *buf) -------------------------------------------------------------------------*/ int +LogAccess::marshal_client_req_tcp_reused(char *buf) +{ + DEFAULT_INT_FIELD; +} + +/*------------------------------------------------------------------------- + -------------------------------------------------------------------------*/ + +int +LogAccess::marshal_client_req_ssl_reused(char *buf) +{ + DEFAULT_INT_FIELD; +} + +/*------------------------------------------------------------------------- + -------------------------------------------------------------------------*/ + +int LogAccess::marshal_client_finish_status_code(char *buf) { DEFAULT_INT_FIELD; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccess.h ---------------------------------------------------------------------- diff --git a/proxy/logging/LogAccess.h b/proxy/logging/LogAccess.h index 77b5557..ae8e97f 100644 --- a/proxy/logging/LogAccess.h +++ b/proxy/logging/LogAccess.h @@ -185,6 +185,8 @@ public: inkcoreapi virtual int marshal_client_req_http_version(char *); // INT inkcoreapi virtual int marshal_client_req_header_len(char *); // INT inkcoreapi virtual int marshal_client_req_body_len(char *); // INT + inkcoreapi virtual int marshal_client_req_tcp_reused(char *); // INT + inkcoreapi virtual int marshal_client_req_ssl_reused(char *); // INT inkcoreapi virtual int marshal_client_finish_status_code(char *); // INT // http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccessHttp.cc ---------------------------------------------------------------------- diff --git a/proxy/logging/LogAccessHttp.cc b/proxy/logging/LogAccessHttp.cc index 438f48c..62d650a 100644 --- a/proxy/logging/LogAccessHttp.cc +++ b/proxy/logging/LogAccessHttp.cc @@ -563,6 +563,34 @@ LogAccessHttp::marshal_client_req_body_len(char *buf) return INK_MIN_ALIGN; } +/*------------------------------------------------------------------------- + -------------------------------------------------------------------------*/ + +int +LogAccessHttp::marshal_client_req_tcp_reused(char *buf) +{ + if (buf) { + int64_t tcp_reused; + tcp_reused = m_http_sm->client_tcp_reused; + marshal_int(buf, tcp_reused); + } + return INK_MIN_ALIGN; +} + +/*------------------------------------------------------------------------- + -------------------------------------------------------------------------*/ + +int +LogAccessHttp::marshal_client_req_ssl_reused(char *buf) +{ + if (buf) { + int64_t ssl_session_reused; + ssl_session_reused = m_http_sm->client_ssl_reused; + marshal_int(buf, ssl_session_reused); + } + return INK_MIN_ALIGN; +} + int LogAccessHttp::marshal_client_finish_status_code(char *buf) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/363a9044/proxy/logging/LogAccessHttp.h ---------------------------------------------------------------------- diff --git a/proxy/logging/LogAccessHttp.h b/proxy/logging/LogAccessHttp.h index 04fbbc9..72d6f1a 100644 --- a/proxy/logging/LogAccessHttp.h +++ b/proxy/logging/LogAccessHttp.h @@ -70,6 +70,8 @@ public: virtual int marshal_client_req_http_version(char *); // INT virtual int marshal_client_req_header_len(char *); // INT virtual int marshal_client_req_body_len(char *); // INT + virtual int marshal_client_req_tcp_reused(char *); // INT + virtual int marshal_client_req_ssl_reused(char *); // INT virtual int marshal_client_finish_status_code(char *); // INT //
