This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 9769e17 Expose client SSL stats via API & Lua
9769e17 is described below
commit 9769e17f2c7f6c69df49e74a9e5bff468d6d4eec
Author: Valentin Gutierrez <[email protected]>
AuthorDate: Tue Jul 16 12:06:50 2019 +0700
Expose client SSL stats via API & Lua
(cherry picked from commit cd92e255380b319e3c3473f14a2209c5487cdbce)
---
doc/admin-guide/plugins/lua.en.rst | 80 ++++++++++++++++++++++
include/ts/ts.h | 31 +++++++++
plugins/lua/ts_lua_client_request.c | 128 ++++++++++++++++++++++++++++++++++++
src/traffic_server/InkAPI.cc | 36 ++++++++++
4 files changed, 275 insertions(+)
diff --git a/doc/admin-guide/plugins/lua.en.rst
b/doc/admin-guide/plugins/lua.en.rst
index 465ee4c..5686b28 100644
--- a/doc/admin-guide/plugins/lua.en.rst
+++ b/doc/admin-guide/plugins/lua.en.rst
@@ -959,6 +959,86 @@ server request, and we should return
TS_LUA_REMAP_DID_REMAP(_STOP) in do_remap.
:ref:`TOP <admin-plugins-ts-lua>`
+ts.client_request.get_ssl_reused
+-----------------------------------------------
+**syntax:** *ts.client_request.get_ssl_reused()*
+
+**context:** do_remap/do_os_response or do_global_* or later
+
+**description**: This function can be used to know if the SSL session has been
reused (1) or not (0)
+
+Here is an example:
+
+::
+
+ function do_global_read_request()
+ ssl_reused = ts.client_request.get_ssl_reused()
+ ts.debug(ssl_reused) -- 0
+ end
+
+
+`TOP <#lua-plugin>`_
+
+ts.client_request.get_ssl_protocol
+-----------------------------------------------
+**syntax:** *ts.client_request.get_ssl_protocol()*
+
+**context:** do_remap/do_os_response or do_global_* or later
+
+**description**: This function can be used to get the SSL protocol used to
communicate with the client
+
+Here is an example:
+
+::
+
+ function do_global_read_request()
+ ssl_protocol = ts.client_request.get_ssl_protocol()
+ ts.debug(ssl_protocol) -- TLSv1.2
+ end
+
+
+`TOP <#lua-plugin>`_
+
+ts.client_request.get_ssl_cipher
+-----------------------------------------------
+**syntax:** *ts.client_request.get_ssl_cipher()*
+
+**context:** do_remap/do_os_response or do_global_* or later
+
+**description**: This function can be used to get the SSL cipher used to
communicate with the client
+
+Here is an example:
+
+::
+
+ function do_global_read_request()
+ ssl_cipher = ts.client_request.get_ssl_cipher()
+ ts.debug(ssl_cipher) -- ECDHE-ECDSA-AES256-GCM-SHA384
+ end
+
+
+`TOP <#lua-plugin>`_
+
+ts.client_request.get_ssl_curve
+-----------------------------------------------
+**syntax:** *ts.client_request.get_ssl_curve()*
+
+**context:** do_remap/do_os_response or do_global_* or later
+
+**description**: This function can be used to get the SSL Elliptic curve used
to communicate with the client
+
+Here is an example:
+
+::
+
+ function do_global_read_request()
+ ssl_curve = ts.client_request.get_ssl_curve()
+ ts.debug(ssl_curve) -- X25519
+ end
+
+
+`TOP <#lua-plugin>`_
+
ts.http.set_cache_url
---------------------
**syntax:** *ts.http.set_cache_url(KEY_URL)*
diff --git a/include/ts/ts.h b/include/ts/ts.h
index 71a663e..a59897d 100644
--- a/include/ts/ts.h
+++ b/include/ts/ts.h
@@ -2296,6 +2296,37 @@ tsapi int TSHttpTxnServerRespHdrBytesGet(TSHttpTxn txnp);
tsapi int64_t TSHttpTxnServerRespBodyBytesGet(TSHttpTxn txnp);
tsapi int TSHttpTxnClientRespHdrBytesGet(TSHttpTxn txnp);
tsapi int64_t TSHttpTxnClientRespBodyBytesGet(TSHttpTxn txnp);
+tsapi int TSVConnIsSslReused(TSVConn sslp);
+
+/**
+ Return the current (if set) SSL Cipher. This is still owned by the
+ core, and must not be free'd.
+
+ @param sslp The connection pointer
+
+ @return the SSL Cipher
+*/
+tsapi const char *TSVConnSslCipherGet(TSVConn sslp);
+
+/**
+ Return the current (if set) SSL Protocol. This is still owned by the
+ core, and must not be free'd.
+
+ @param sslp The connection pointer
+
+ @return the SSL Protocol
+*/
+tsapi const char *TSVConnSslProtocolGet(TSVConn sslp);
+
+/**
+ Return the current (if set) SSL Curve. This is still owned by the
+ core, and must not be free'd.
+
+ @param txnp the transaction pointer
+
+ @return the SSL Curve
+*/
+tsapi const char *TSVConnSslCurveGet(TSVConn sslp);
/* NetVC timeout APIs. */
tsapi void TSVConnInactivityTimeoutSet(TSVConn connp, TSHRTime timeout);
diff --git a/plugins/lua/ts_lua_client_request.c
b/plugins/lua/ts_lua_client_request.c
index b851eb1..e5c8c62 100644
--- a/plugins/lua/ts_lua_client_request.c
+++ b/plugins/lua/ts_lua_client_request.c
@@ -66,6 +66,15 @@ static int
ts_lua_client_request_client_addr_get_port(lua_State *L);
static int ts_lua_client_request_client_addr_get_addr(lua_State *L);
static int ts_lua_client_request_client_addr_get_incoming_port(lua_State *L);
+static void ts_lua_inject_client_request_ssl_reused_api(lua_State *L);
+static int ts_lua_client_request_get_ssl_reused(lua_State *L);
+static void ts_lua_inject_client_request_ssl_cipher_api(lua_State *L);
+static int ts_lua_client_request_get_ssl_cipher(lua_State *L);
+static void ts_lua_inject_client_request_ssl_protocol_api(lua_State *L);
+static int ts_lua_client_request_get_ssl_protocol(lua_State *L);
+static void ts_lua_inject_client_request_ssl_curve_api(lua_State *L);
+static int ts_lua_client_request_get_ssl_curve(lua_State *L);
+
void
ts_lua_inject_client_request_api(lua_State *L)
{
@@ -82,6 +91,10 @@ ts_lua_inject_client_request_api(lua_State *L)
ts_lua_inject_client_request_version_api(L);
ts_lua_inject_client_request_body_size_api(L);
ts_lua_inject_client_request_header_size_api(L);
+ ts_lua_inject_client_request_ssl_reused_api(L);
+ ts_lua_inject_client_request_ssl_cipher_api(L);
+ ts_lua_inject_client_request_ssl_protocol_api(L);
+ ts_lua_inject_client_request_ssl_curve_api(L);
lua_setfield(L, -2, "client_request");
}
@@ -924,3 +937,118 @@ ts_lua_client_request_get_header_size(lua_State *L)
return 1;
}
+
+static void
+ts_lua_inject_client_request_ssl_reused_api(lua_State *L)
+{
+ lua_pushcfunction(L, ts_lua_client_request_get_ssl_reused);
+ lua_setfield(L, -2, "get_ssl_reused");
+}
+
+static int
+ts_lua_client_request_get_ssl_reused(lua_State *L)
+{
+ int ssl_reused = 0;
+ ts_lua_http_ctx *http_ctx;
+ TSHttpSsn ssnp;
+ TSVConn client_conn;
+
+ GET_HTTP_CONTEXT(http_ctx, L);
+ ssnp = TSHttpTxnSsnGet(http_ctx->txnp);
+ client_conn = TSHttpSsnClientVConnGet(ssnp);
+
+ if (TSVConnIsSsl(client_conn)) {
+ ssl_reused = TSVConnIsSslReused(client_conn);
+ }
+
+ lua_pushnumber(L, ssl_reused);
+
+ return 1;
+}
+
+static void
+ts_lua_inject_client_request_ssl_cipher_api(lua_State *L)
+{
+ lua_pushcfunction(L, ts_lua_client_request_get_ssl_cipher);
+ lua_setfield(L, -2, "get_ssl_cipher");
+}
+
+static int
+ts_lua_client_request_get_ssl_cipher(lua_State *L)
+{
+ const char *ssl_cipher = "-";
+ ts_lua_http_ctx *http_ctx;
+ TSHttpSsn ssnp;
+ TSVConn client_conn;
+
+ GET_HTTP_CONTEXT(http_ctx, L);
+
+ ssnp = TSHttpTxnSsnGet(http_ctx->txnp);
+ client_conn = TSHttpSsnClientVConnGet(ssnp);
+
+ if (TSVConnIsSsl(client_conn)) {
+ ssl_cipher = TSVConnSslCipherGet(client_conn);
+ }
+
+ lua_pushstring(L, ssl_cipher);
+
+ return 1;
+}
+
+static void
+ts_lua_inject_client_request_ssl_protocol_api(lua_State *L)
+{
+ lua_pushcfunction(L, ts_lua_client_request_get_ssl_protocol);
+ lua_setfield(L, -2, "get_ssl_protocol");
+}
+
+static int
+ts_lua_client_request_get_ssl_protocol(lua_State *L)
+{
+ const char *ssl_protocol = "-";
+ ts_lua_http_ctx *http_ctx;
+ TSHttpSsn ssnp;
+ TSVConn client_conn;
+
+ GET_HTTP_CONTEXT(http_ctx, L);
+
+ ssnp = TSHttpTxnSsnGet(http_ctx->txnp);
+ client_conn = TSHttpSsnClientVConnGet(ssnp);
+
+ if (TSVConnIsSsl(client_conn)) {
+ ssl_protocol = TSVConnSslProtocolGet(client_conn);
+ }
+
+ lua_pushstring(L, ssl_protocol);
+
+ return 1;
+}
+
+static void
+ts_lua_inject_client_request_ssl_curve_api(lua_State *L)
+{
+ lua_pushcfunction(L, ts_lua_client_request_get_ssl_curve);
+ lua_setfield(L, -2, "get_ssl_curve");
+}
+
+static int
+ts_lua_client_request_get_ssl_curve(lua_State *L)
+{
+ const char *ssl_curve = "-";
+ ts_lua_http_ctx *http_ctx;
+ TSHttpSsn ssnp;
+ TSVConn client_conn;
+
+ GET_HTTP_CONTEXT(http_ctx, L);
+
+ ssnp = TSHttpTxnSsnGet(http_ctx->txnp);
+ client_conn = TSHttpSsnClientVConnGet(ssnp);
+
+ if (TSVConnIsSsl(client_conn)) {
+ ssl_curve = TSVConnSslCurveGet(client_conn);
+ }
+
+ lua_pushstring(L, ssl_curve);
+
+ return 1;
+}
diff --git a/src/traffic_server/InkAPI.cc b/src/traffic_server/InkAPI.cc
index 7fa63d0..cd4059e 100644
--- a/src/traffic_server/InkAPI.cc
+++ b/src/traffic_server/InkAPI.cc
@@ -6488,6 +6488,42 @@ TSHttpTxnClientRespBodyBytesGet(TSHttpTxn txnp)
}
int
+TSVConnIsSslReused(TSVConn sslp)
+{
+ NetVConnection *vc = reinterpret_cast<NetVConnection *>(sslp);
+ SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(vc);
+
+ return ssl_vc ? ssl_vc->getSSLSessionCacheHit() : 0;
+}
+
+const char *
+TSVConnSslCipherGet(TSVConn sslp)
+{
+ NetVConnection *vc = reinterpret_cast<NetVConnection *>(sslp);
+ SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(vc);
+
+ return ssl_vc ? ssl_vc->getSSLCipherSuite() : nullptr;
+}
+
+const char *
+TSVConnSslProtocolGet(TSVConn sslp)
+{
+ NetVConnection *vc = reinterpret_cast<NetVConnection *>(sslp);
+ SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(vc);
+
+ return ssl_vc ? ssl_vc->getSSLProtocol() : nullptr;
+}
+
+const char *
+TSVConnSslCurveGet(TSVConn sslp)
+{
+ NetVConnection *vc = reinterpret_cast<NetVConnection *>(sslp);
+ SSLNetVConnection *ssl_vc = dynamic_cast<SSLNetVConnection *>(vc);
+
+ return ssl_vc ? ssl_vc->getSSLCurve() : nullptr;
+}
+
+int
TSHttpTxnPushedRespHdrBytesGet(TSHttpTxn txnp)
{
sdk_assert(sdk_sanity_check_txn(txnp) == TS_SUCCESS);
