This is an automated email from the ASF dual-hosted git repository.
wkaras pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 124fd702ad Add 14 metrics for TCP connections created for tunnels.
(#9403)
124fd702ad is described below
commit 124fd702adfbd79131266e13197db432cbde78ff
Author: Walt Karas <[email protected]>
AuthorDate: Tue Oct 17 09:52:10 2023 -0400
Add 14 metrics for TCP connections created for tunnels. (#9403)
* Add 14 metrics for TCP connections created for tunnels.
Add current and total metrics for TCP connetions towards clients for blind
TCP tunnels, and TLS tunnel, forward,
and partial blind tunnel SNI-based tunnels.
Add current and total metrics for TCP connetions towards servers, for blind
TCP tunnels and TLS tunnels. Only
partial blind tunnel SNI-based tunnels are counted as TLS tunnels on the
outgoing side, because they are only
SNI-based tunnels where ATS termitates the TLS connection form the client
and originates a new one towards the
server.
* VConnection::make_tunnel_endpoint() -> mark_as_tunnel_endpoint().
* Fix error in proxy.process.http.connect_requests.
Due to change in usage of HttpTransact::State::method.
* Rebase changes for PR 9869.
* Rebase changes.
iocore/net/Net.cc
iocore/net/SSLNetVConnection.cc
iocore/net/UnixNetVConnection.cc
proxy/http/HttpTransact.cc
---
.../statistics/core/http-connection.en.rst | 25 ++++++-
.../monitoring/statistics/core/ssl.en.rst | 60 +++++++++++++++++
iocore/eventsystem/I_VConnection.h | 8 ++-
iocore/net/Net.cc | 77 ++++++++++++++--------
iocore/net/P_Net.h | 14 ++++
iocore/net/P_SSLNetVConnection.h | 3 +
iocore/net/P_UnixNetVConnection.h | 19 ++++++
iocore/net/SSLNetVConnection.cc | 64 ++++++++++++++++++
iocore/net/UnixNetVConnection.cc | 52 +++++++++++++++
proxy/ProxyTransaction.cc | 8 +++
proxy/ProxyTransaction.h | 2 +
proxy/http/HttpSM.cc | 5 ++
proxy/http/HttpTransact.h | 9 +--
tests/gold_tests/connect/connect.test.py | 37 ++++++++++-
tests/gold_tests/connect/gold/metrics.gold | 21 ++++++
tests/gold_tests/remap/gold/remap-ws-metrics.gold | 21 ++++++
tests/gold_tests/remap/remap_ws.test.py | 34 ++++++++++
.../tls/gold/tls-partial-blind-tunnel-metrics.gold | 21 ++++++
.../tls/gold/tls-tunnel-forward-metrics.gold | 21 ++++++
tests/gold_tests/tls/gold/tls-tunnel-metrics.gold | 14 ++++
.../tls/tls_partial_blind_tunnel.test.py | 32 +++++++++
tests/gold_tests/tls/tls_tunnel.test.py | 16 ++++-
tests/gold_tests/tls/tls_tunnel_forward.test.py | 32 +++++++++
23 files changed, 560 insertions(+), 35 deletions(-)
diff --git a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst
b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst
index 28de812a0b..cd9a554e0b 100644
--- a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst
+++ b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst
@@ -164,10 +164,33 @@ HTTP Connection
Counts the number of times current parent or next parent was detected
+.. ts:stat:: global proxy.process.tunnel.total_client_connections_blind_tcp
integer
+ :type: counter
+
+ Total number of non-TLS TCP connections for tunnels where the far end is
the client
+ initiated with an HTTP request (such as a CONNECT or WebSocket request).
+
+.. ts:stat:: global proxy.process.tunnel.current_client_connections_blind_tcp
integer
+ :type: counter
+
+ Current number of non-TLS TCP connections for tunnels where the far end is
the client
+ initiated with an HTTP request (such as a CONNECT or WebSocket request).
+
+.. ts:stat:: global proxy.process.tunnel.total_server_connections_blind_tcp
integer
+ :type: counter
+
+ Total number of TCP connections for tunnels where the far end is the server,
+ except for those counted by
``proxy.process.tunnel.total_server_connections_tls``
+
+.. ts:stat:: global proxy.process.tunnel.current_server_connections_blind_tcp
integer
+ :type: counter
+
+ Current number of TCP connections for tunnels where the far end is the
server,
+ except for those counted by
``proxy.process.tunnel.current_server_connections_tls``
+
HTTP/2
------
-
.. ts:stat:: global proxy.process.http2.total_client_connections integer
:type: counter
diff --git a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
index e18bae11c6..59eaa918a5 100644
--- a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
+++ b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst
@@ -238,6 +238,66 @@ SSL/TLS
A gauge of current active SNI Routing Tunnels.
+.. ts:stat:: global proxy.process.tunnel.total_client_connections_tls_tunnel
integer
+ :type: counter
+
+ Total number of TCP connections for TLS tunnels where the far end is the
client
+ created based on a ``tunnel_route`` key in a table in the :file:`sni.yaml`
file.
+
+.. ts:stat:: global proxy.process.tunnel.current_client_connections_tls_tunnel
integer
+ :type: counter
+
+ Current number of TCP connections for TLS tunnels where the far end is the
client
+ created based on a ``tunnel_route`` key in a table in the :file:`sni.yaml`
file.
+
+.. ts:stat:: global proxy.process.tunnel.total_client_connections_tls_forward
integer
+ :type: counter
+
+ Total number of TCP connections for TLS tunnels where the far end is the
client
+ created based on a ``forward_route`` key in a table in the :file:`sni.yaml`
file.
+
+.. ts:stat:: global
proxy.process.tunnel.current_client_connections_tls_forward integer
+ :type: counter
+
+ Current number of TCP connections for TLS tunnels where the far end is the
client
+ created based on a ``forward_route`` key in a table in the :file:`sni.yaml`
file.
+
+.. ts:stat:: global
proxy.process.tunnel.total_client_connections_tls_partial_blind integer
+ :type: counter
+
+ Total number of TCP connections for TLS tunnels where the far end is the
client
+ created based on a ``partial_blind_route`` key in a table in the
:file:`sni.yaml` file.
+
+.. ts:stat:: global
proxy.process.tunnel.current_client_connections_tls_partial_blind integer
+ :type: counter
+
+ Current number of TCP connections for TLS tunnels where the far end is the
client
+ created based on a ``partial_blind_route`` key in a table in the
:file:`sni.yaml` file.
+
+.. ts:stat:: global proxy.process.tunnel.total_client_connections_tls_http
integer
+ :type: counter
+
+ Total number of TLS connections for tunnels where the far end is the client
+ initiated with an HTTP request.
+
+.. ts:stat:: global proxy.process.tunnel.current_client_connections_tls_http
integer
+ :type: counter
+
+ Current number of TLS connections for tunnels where the far end is the
client
+ initiated with an HTTP request.
+
+.. ts:stat:: global proxy.process.tunnel.total_server_connections_tls integer
+ :type: counter
+
+ Total number of TCP connections for TLS tunnels where the far end is the
server
+ created based on a ``partial_blind_route`` key in a table in the
:file:`sni.yaml` file.
+
+.. ts:stat:: global proxy.process.tunnel.current_server_connections_tls integer
+ :type: counter
+
+ Current number of TCP connections for TLS tunnels where the far end is the
server
+ created based on a ``partial_blind_route`` key in a table in the
:file:`sni.yaml` file.
+
.. _pre-warming-tls-tunnel-stats:
Pre-warming TLS Tunnel
diff --git a/iocore/eventsystem/I_VConnection.h
b/iocore/eventsystem/I_VConnection.h
index e39f4dff5c..7e0ba5c767 100644
--- a/iocore/eventsystem/I_VConnection.h
+++ b/iocore/eventsystem/I_VConnection.h
@@ -360,7 +360,13 @@ public:
return false;
}
-public:
+ // This function should be called when the VConnection is a tunnel endpoint.
By default, a VConnection does not care if it
+ // is a tunnel endpoint.
+ virtual void
+ mark_as_tunnel_endpoint()
+ {
+ }
+
/**
The error code from the last error.
diff --git a/iocore/net/Net.cc b/iocore/net/Net.cc
index 05438e5dd2..b0dbf118c4 100644
--- a/iocore/net/Net.cc
+++ b/iocore/net/Net.cc
@@ -82,33 +82,56 @@ register_net_stats()
{
ts::Metrics &intm = ts::Metrics::getInstance();
- net_rsb.accepts_currently_open =
intm.newMetricPtr("proxy.process.net.accepts_currently_open");
- net_rsb.calls_to_read =
intm.newMetricPtr("proxy.process.net.calls_to_read");
- net_rsb.calls_to_read_nodata =
intm.newMetricPtr("proxy.process.net.calls_to_read_nodata");
- net_rsb.calls_to_readfromnet =
intm.newMetricPtr("proxy.process.net.calls_to_readfromnet");
- net_rsb.calls_to_write =
intm.newMetricPtr("proxy.process.net.calls_to_write");
- net_rsb.calls_to_write_nodata =
intm.newMetricPtr("proxy.process.net.calls_to_write_nodata");
- net_rsb.calls_to_writetonet =
intm.newMetricPtr("proxy.process.net.calls_to_writetonet");
- net_rsb.connections_currently_open =
intm.newMetricPtr("proxy.process.net.connections_currently_open");
- net_rsb.connections_throttled_in =
intm.newMetricPtr("proxy.process.net.connections_throttled_in");
- net_rsb.connections_throttled_out =
intm.newMetricPtr("proxy.process.net.connections_throttled_out");
- net_rsb.default_inactivity_timeout_applied =
intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_applied");
- net_rsb.default_inactivity_timeout_count =
intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_count");
- net_rsb.fastopen_attempts =
intm.newMetricPtr("proxy.process.net.fastopen_out.attempts");
- net_rsb.fastopen_successes =
intm.newMetricPtr("proxy.process.net.fastopen_out.successes");
- net_rsb.handler_run =
intm.newMetricPtr("proxy.process.net.net_handler_run");
- net_rsb.inactivity_cop_lock_acquire_failure =
intm.newMetricPtr("proxy.process.net.inactivity_cop_lock_acquire_failure");
- net_rsb.keep_alive_queue_timeout_count =
intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_count");
- net_rsb.keep_alive_queue_timeout_total =
intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_total");
- net_rsb.read_bytes =
intm.newMetricPtr("proxy.process.net.read_bytes");
- net_rsb.read_bytes_count =
intm.newMetricPtr("proxy.process.net.read_bytes_count");
- net_rsb.requests_max_throttled_in =
intm.newMetricPtr("proxy.process.net.max.requests_throttled_in");
- net_rsb.socks_connections_currently_open =
intm.newMetricPtr("proxy.process.socks.connections_currently_open");
- net_rsb.socks_connections_successful =
intm.newMetricPtr("proxy.process.socks.connections_successful");
- net_rsb.socks_connections_unsuccessful =
intm.newMetricPtr("proxy.process.socks.connections_unsuccessful");
- net_rsb.tcp_accept =
intm.newMetricPtr("proxy.process.tcp.total_accepts");
- net_rsb.write_bytes =
intm.newMetricPtr("proxy.process.net.write_bytes");
- net_rsb.write_bytes_count =
intm.newMetricPtr("proxy.process.net.write_bytes_count");
+ net_rsb.accepts_currently_open =
intm.newMetricPtr("proxy.process.net.accepts_currently_open");
+ net_rsb.calls_to_read =
intm.newMetricPtr("proxy.process.net.calls_to_read");
+ net_rsb.calls_to_read_nodata =
intm.newMetricPtr("proxy.process.net.calls_to_read_nodata");
+ net_rsb.calls_to_readfromnet =
intm.newMetricPtr("proxy.process.net.calls_to_readfromnet");
+ net_rsb.calls_to_write =
intm.newMetricPtr("proxy.process.net.calls_to_write");
+ net_rsb.calls_to_write_nodata =
intm.newMetricPtr("proxy.process.net.calls_to_write_nodata");
+ net_rsb.calls_to_writetonet =
intm.newMetricPtr("proxy.process.net.calls_to_writetonet");
+ net_rsb.connections_currently_open =
intm.newMetricPtr("proxy.process.net.connections_currently_open");
+ net_rsb.connections_throttled_in =
intm.newMetricPtr("proxy.process.net.connections_throttled_in");
+ net_rsb.connections_throttled_out =
intm.newMetricPtr("proxy.process.net.connections_throttled_out");
+ net_rsb.tunnel_total_client_connections_blind_tcp =
intm.newMetricPtr("proxy.process.tunnel.total_client_connections_blind_tcp");
+ net_rsb.tunnel_current_client_connections_blind_tcp =
+
intm.newMetricPtr("proxy.process.tunnel.current_client_connections_blind_tcp");
+ net_rsb.tunnel_total_server_connections_blind_tcp =
intm.newMetricPtr("proxy.process.tunnel.total_server_connections_blind_tcp");
+ net_rsb.tunnel_current_server_connections_blind_tcp =
+
intm.newMetricPtr("proxy.process.tunnel.current_server_connections_blind_tcp");
+ net_rsb.tunnel_total_client_connections_tls_tunnel =
+
intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_tunnel");
+ net_rsb.tunnel_current_client_connections_tls_tunnel =
+
intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_tunnel");
+ net_rsb.tunnel_total_client_connections_tls_forward =
+
intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_forward");
+ net_rsb.tunnel_current_client_connections_tls_forward =
+
intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_forward");
+ net_rsb.tunnel_total_client_connections_tls_partial_blind =
+
intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_partial_blind");
+ net_rsb.tunnel_current_client_connections_tls_partial_blind =
+
intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_partial_blind");
+ net_rsb.tunnel_total_client_connections_tls_http =
intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_http");
+ net_rsb.tunnel_current_client_connections_tls_http =
+
intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_http");
+ net_rsb.tunnel_total_server_connections_tls =
intm.newMetricPtr("proxy.process.tunnel.total_server_connections_tls");
+ net_rsb.tunnel_current_server_connections_tls =
intm.newMetricPtr("proxy.process.tunnel.current_server_connections_tls");
+ net_rsb.default_inactivity_timeout_applied =
intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_applied");
+ net_rsb.default_inactivity_timeout_count =
intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_count");
+ net_rsb.fastopen_attempts =
intm.newMetricPtr("proxy.process.net.fastopen_out.attempts");
+ net_rsb.fastopen_successes =
intm.newMetricPtr("proxy.process.net.fastopen_out.successes");
+ net_rsb.handler_run =
intm.newMetricPtr("proxy.process.net.net_handler_run");
+ net_rsb.inactivity_cop_lock_acquire_failure =
intm.newMetricPtr("proxy.process.net.inactivity_cop_lock_acquire_failure");
+ net_rsb.keep_alive_queue_timeout_count =
intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_count");
+ net_rsb.keep_alive_queue_timeout_total =
intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_total");
+ net_rsb.read_bytes =
intm.newMetricPtr("proxy.process.net.read_bytes");
+ net_rsb.read_bytes_count =
intm.newMetricPtr("proxy.process.net.read_bytes_count");
+ net_rsb.requests_max_throttled_in =
intm.newMetricPtr("proxy.process.net.max.requests_throttled_in");
+ net_rsb.socks_connections_currently_open =
intm.newMetricPtr("proxy.process.socks.connections_currently_open");
+ net_rsb.socks_connections_successful =
intm.newMetricPtr("proxy.process.socks.connections_successful");
+ net_rsb.socks_connections_unsuccessful =
intm.newMetricPtr("proxy.process.socks.connections_unsuccessful");
+ net_rsb.tcp_accept =
intm.newMetricPtr("proxy.process.tcp.total_accepts");
+ net_rsb.write_bytes =
intm.newMetricPtr("proxy.process.net.write_bytes");
+ net_rsb.write_bytes_count =
intm.newMetricPtr("proxy.process.net.write_bytes_count");
}
void
diff --git a/iocore/net/P_Net.h b/iocore/net/P_Net.h
index 0d0fa0107e..41798df868 100644
--- a/iocore/net/P_Net.h
+++ b/iocore/net/P_Net.h
@@ -58,6 +58,20 @@ struct NetStatsBlock {
Metrics::IntType *read_bytes;
Metrics::IntType *read_bytes_count;
Metrics::IntType *requests_max_throttled_in;
+ Metrics::IntType *tunnel_total_client_connections_blind_tcp;
+ Metrics::IntType *tunnel_current_client_connections_blind_tcp;
+ Metrics::IntType *tunnel_total_server_connections_blind_tcp;
+ Metrics::IntType *tunnel_current_server_connections_blind_tcp;
+ Metrics::IntType *tunnel_total_client_connections_tls_tunnel;
+ Metrics::IntType *tunnel_current_client_connections_tls_tunnel;
+ Metrics::IntType *tunnel_total_server_connections_tls;
+ Metrics::IntType *tunnel_current_server_connections_tls;
+ Metrics::IntType *tunnel_total_client_connections_tls_forward;
+ Metrics::IntType *tunnel_current_client_connections_tls_forward;
+ Metrics::IntType *tunnel_total_client_connections_tls_partial_blind;
+ Metrics::IntType *tunnel_current_client_connections_tls_partial_blind;
+ Metrics::IntType *tunnel_total_client_connections_tls_http;
+ Metrics::IntType *tunnel_current_client_connections_tls_http;
Metrics::IntType *socks_connections_currently_open;
Metrics::IntType *socks_connections_successful;
Metrics::IntType *socks_connections_unsuccessful;
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index 0b6f4281d5..8a6d797079 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -500,6 +500,9 @@ private:
ssl_error_t _ssl_write_buffer(const void *buf, int64_t nbytes, int64_t
&nwritten);
ssl_error_t _ssl_connect();
ssl_error_t _ssl_accept();
+
+ void _in_context_tunnel() override;
+ void _out_context_tunnel() override;
};
typedef int (SSLNetVConnection::*SSLNetVConnHandler)(int, void *);
diff --git a/iocore/net/P_UnixNetVConnection.h
b/iocore/net/P_UnixNetVConnection.h
index f453d01494..bf75b386e3 100644
--- a/iocore/net/P_UnixNetVConnection.h
+++ b/iocore/net/P_UnixNetVConnection.h
@@ -44,6 +44,8 @@ struct PollDescriptor;
enum tcp_congestion_control_t { CLIENT_SIDE, SERVER_SIDE };
+// WARNING: many or most of the member functions of UnixNetVConnection should
only be used when it is instantiated
+// directly. They should not be used when UnixNetVConnection is a base class.
class UnixNetVConnection : public NetVConnection, public NetEvent
{
public:
@@ -225,10 +227,27 @@ public:
friend void write_to_net_io(NetHandler *, UnixNetVConnection *, EThread *);
+ // set_context() should be called before calling this member function.
+ void mark_as_tunnel_endpoint() override;
+
+ bool
+ is_tunnel_endpoint() const
+ {
+ return _is_tunnel_endpoint;
+ }
+
private:
virtual void *_prepareForMigration();
virtual NetProcessor *_getNetProcessor();
+ bool _is_tunnel_endpoint{false};
+
+ // Called by make_tunnel_endpiont() when the far end of the TCP connection
is the active/client end.
+ virtual void _in_context_tunnel();
+
+ // Called by make_tunnel_endpiont() when the far end of the TCP connection
is the passive/server end.
+ virtual void _out_context_tunnel();
+
inline static DbgCtl _dbg_ctl_socket{"socket"};
inline static DbgCtl _dbg_ctl_socket_mptcp{"socket_mptcp"};
};
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index cee694cb51..390bf3dcc8 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1035,6 +1035,29 @@ SSLNetVConnection::free_thread(EThread *t)
}
con.close();
+ if (is_tunnel_endpoint()) {
+ ink_assert(get_context() != NET_VCONNECTION_UNSET);
+
+ Metrics::decrement(([&]() -> Metrics::IntType * {
+ if (get_context() == NET_VCONNECTION_IN) {
+ switch (get_tunnel_type()) {
+ case SNIRoutingType::BLIND:
+ return net_rsb.tunnel_current_client_connections_tls_tunnel;
+ case SNIRoutingType::FORWARD:
+ return net_rsb.tunnel_current_client_connections_tls_forward;
+ case SNIRoutingType::PARTIAL_BLIND:
+ return net_rsb.tunnel_current_client_connections_tls_partial_blind;
+ default:
+ return net_rsb.tunnel_current_client_connections_tls_http;
+ }
+ }
+ // NET_VCONNECTION_OUT - Never a tunnel type for out (to server) context.
+ ink_assert(get_tunnel_type() == SNIRoutingType::NONE);
+
+ return net_rsb.tunnel_current_server_connections_tls;
+ })());
+ }
+
#if TS_HAS_TLS_EARLY_DATA
if (_early_data_reader != nullptr) {
_early_data_reader->dealloc();
@@ -1958,6 +1981,47 @@ SSLNetVConnection::populate(Connection &con,
Continuation *c, void *arg)
return EVENT_DONE;
}
+void
+SSLNetVConnection::_in_context_tunnel()
+{
+ ink_assert(get_context() == NET_VCONNECTION_IN);
+
+ Metrics::IntType *t, *c;
+
+ switch (get_tunnel_type()) {
+ case SNIRoutingType::BLIND:
+ t = net_rsb.tunnel_total_client_connections_tls_tunnel;
+ c = net_rsb.tunnel_current_client_connections_tls_tunnel;
+ break;
+ case SNIRoutingType::FORWARD:
+ t = net_rsb.tunnel_total_client_connections_tls_forward;
+ c = net_rsb.tunnel_current_client_connections_tls_forward;
+ break;
+ case SNIRoutingType::PARTIAL_BLIND:
+ t = net_rsb.tunnel_total_client_connections_tls_partial_blind;
+ c = net_rsb.tunnel_current_client_connections_tls_partial_blind;
+ break;
+ default:
+ t = net_rsb.tunnel_total_client_connections_tls_http;
+ c = net_rsb.tunnel_current_client_connections_tls_http;
+ break;
+ }
+ Metrics::increment(t);
+ Metrics::increment(c);
+}
+
+void
+SSLNetVConnection::_out_context_tunnel()
+{
+ ink_assert(get_context() == NET_VCONNECTION_OUT);
+
+ // Never a tunnel type for out (to server) context.
+ ink_assert(get_tunnel_type() == SNIRoutingType::NONE);
+
+ Metrics::increment(net_rsb.tunnel_total_server_connections_tls);
+ Metrics::increment(net_rsb.tunnel_current_server_connections_tls);
+}
+
void
SSLNetVConnection::increment_ssl_version_metric(int version) const
{
diff --git a/iocore/net/UnixNetVConnection.cc b/iocore/net/UnixNetVConnection.cc
index c97fc70f97..a8b03640f4 100644
--- a/iocore/net/UnixNetVConnection.cc
+++ b/iocore/net/UnixNetVConnection.cc
@@ -1284,6 +1284,8 @@ UnixNetVConnection::clear()
void
UnixNetVConnection::free_thread(EThread *t)
{
+ Debug("iocore_net", "Entering UnixNetVConnection::free()");
+
ink_release_assert(t == this_ethread());
// close socket fd
@@ -1292,6 +1294,21 @@ UnixNetVConnection::free_thread(EThread *t)
}
con.close();
+ if (is_tunnel_endpoint()) {
+ Debug("iocore_net", "Freeing UnixNetVConnection that is tunnel endpoint");
+
+ Metrics::decrement(([&]() -> Metrics::IntType * {
+ switch (get_context()) {
+ case NET_VCONNECTION_IN:
+ return net_rsb.tunnel_current_client_connections_blind_tcp;
+ case NET_VCONNECTION_OUT:
+ return net_rsb.tunnel_current_server_connections_blind_tcp;
+ default:
+ ink_release_assert(false);
+ }
+ })());
+ }
+
clear();
SET_CONTINUATION_HANDLER(this, &UnixNetVConnection::startEvent);
ink_assert(con.fd == NO_FD);
@@ -1491,3 +1508,38 @@ UnixNetVConnection::set_tcp_congestion_control(int side)
return -1;
#endif
}
+
+void
+UnixNetVConnection::mark_as_tunnel_endpoint()
+{
+ Debug("iocore_net", "Entering
UnixNetVConnection::mark_as_tunnel_endpoint()");
+
+ ink_assert(!_is_tunnel_endpoint);
+
+ _is_tunnel_endpoint = true;
+
+ switch (get_context()) {
+ case NET_VCONNECTION_IN:
+ _in_context_tunnel();
+ break;
+ case NET_VCONNECTION_OUT:
+ _out_context_tunnel();
+ break;
+ default:
+ ink_release_assert(false);
+ }
+}
+
+void
+UnixNetVConnection::_in_context_tunnel()
+{
+ Metrics::increment(net_rsb.tunnel_total_client_connections_blind_tcp);
+ Metrics::increment(net_rsb.tunnel_current_client_connections_blind_tcp);
+}
+
+void
+UnixNetVConnection::_out_context_tunnel()
+{
+ Metrics::increment(net_rsb.tunnel_total_server_connections_blind_tcp);
+ Metrics::increment(net_rsb.tunnel_current_server_connections_blind_tcp);
+}
diff --git a/proxy/ProxyTransaction.cc b/proxy/ProxyTransaction.cc
index 0198cf8361..e92a648c2b 100644
--- a/proxy/ProxyTransaction.cc
+++ b/proxy/ProxyTransaction.cc
@@ -276,3 +276,11 @@ void
ProxyTransaction::set_close_connection(HTTPHdr &hdr) const
{
}
+
+void
+ProxyTransaction::mark_as_tunnel_endpoint()
+{
+ auto nvc = get_netvc();
+ ink_assert(nvc != nullptr);
+ nvc->mark_as_tunnel_endpoint();
+}
diff --git a/proxy/ProxyTransaction.h b/proxy/ProxyTransaction.h
index 3a8193b5b3..6e04ea9b89 100644
--- a/proxy/ProxyTransaction.h
+++ b/proxy/ProxyTransaction.h
@@ -136,6 +136,8 @@ public:
bool support_sni() const;
+ void mark_as_tunnel_endpoint() override;
+
/// Variables
//
HttpSessionAccept::Options upstream_outbound_options; // overwritable copy
of options
diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index 055aca6f97..6940dd6f62 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -7216,6 +7216,8 @@ HttpSM::setup_push_transfer_to_cache()
void
HttpSM::setup_blind_tunnel(bool send_response_hdr, IOBufferReader *initial)
{
+ ink_assert(server_entry->vc != nullptr);
+
HttpTunnelConsumer *c_ua;
HttpTunnelConsumer *c_os;
HttpTunnelProducer *p_ua;
@@ -7303,6 +7305,9 @@ HttpSM::setup_blind_tunnel(bool send_response_hdr,
IOBufferReader *initial)
"http server - tunnel");
}
+ _ua.get_entry()->vc->mark_as_tunnel_endpoint();
+ server_entry->vc->mark_as_tunnel_endpoint();
+
// Make the tunnel aware that the entries are bi-directional
tunnel.chain(c_os, p_os);
tunnel.chain(c_ua, p_ua);
diff --git a/proxy/http/HttpTransact.h b/proxy/http/HttpTransact.h
index f5f1b8c4b1..2575610335 100644
--- a/proxy/http/HttpTransact.h
+++ b/proxy/http/HttpTransact.h
@@ -753,10 +753,11 @@ public:
int64_t internal_msg_buffer_size = 0; // out
int64_t internal_msg_buffer_fast_allocator_size = -1;
- int scheme = -1; // out
- int next_hop_scheme = scheme; // out
- int orig_scheme = scheme; // pre-mapped scheme
- int method = 0;
+ int scheme = -1; // out
+ int next_hop_scheme = scheme; // out
+ int orig_scheme = scheme; // pre-mapped scheme
+ int method = 0;
+ bool method_metric_incremented = false;
/// The errno associated with a failed connect attempt.
///
diff --git a/tests/gold_tests/connect/connect.test.py
b/tests/gold_tests/connect/connect.test.py
index db3c5c5752..7c914cdd88 100644
--- a/tests/gold_tests/connect/connect.test.py
+++ b/tests/gold_tests/connect/connect.test.py
@@ -135,7 +135,7 @@ class ConnectViaPVTest:
self.ts.Disk.records_config.update({
'proxy.config.diags.debug.enabled': 1,
- 'proxy.config.diags.debug.tags': 'http',
+ 'proxy.config.diags.debug.tags': 'http|iocore_net|rec',
'proxy.config.http.server_ports': f"{self.ts.Variables.port}",
'proxy.config.http.connect_ports':
f"{self.server.Variables.http_port}",
})
@@ -160,8 +160,43 @@ class ConnectViaPVTest:
tr.StillRunningAfter = self.server
tr.StillRunningAfter = self.ts
+ def __testMetrics(self):
+ tr = Test.AddTestRun("Test metrics")
+ tr.Processes.Default.Command = (
+ f"{Test.Variables.AtsTestToolsDir}/stdout_wait" +
+ " 'traffic_ctl metric get" +
+ " proxy.process.http.total_incoming_connections" +
+ " proxy.process.http.total_client_connections" +
+ " proxy.process.http.total_client_connections_ipv4" +
+ " proxy.process.http.total_client_connections_ipv6" +
+ " proxy.process.http.total_server_connections" +
+ " proxy.process.http2.total_client_connections" +
+ " proxy.process.http.connect_requests" +
+ " proxy.process.tunnel.total_client_connections_blind_tcp" +
+ " proxy.process.tunnel.current_client_connections_blind_tcp" +
+ " proxy.process.tunnel.total_server_connections_blind_tcp" +
+ " proxy.process.tunnel.current_server_connections_blind_tcp" +
+ " proxy.process.tunnel.total_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.current_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.total_client_connections_tls_forward" +
+ " proxy.process.tunnel.current_client_connections_tls_forward" +
+ " proxy.process.tunnel.total_client_connections_tls_partial_blind"
+
+ "
proxy.process.tunnel.current_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.total_client_connections_tls_http" +
+ " proxy.process.tunnel.current_client_connections_tls_http" +
+ " proxy.process.tunnel.total_server_connections_tls" +
+ " proxy.process.tunnel.current_server_connections_tls'" +
+ f" {Test.TestDirectory}/gold/metrics.gold"
+ )
+ # Need to copy over the environment so traffic_ctl knows where to find
the unix domain socket
+ tr.Processes.Default.Env = self.ts.Env
+ tr.Processes.Default.ReturnCode = 0
+ tr.StillRunningAfter = self.server
+ tr.StillRunningAfter = self.ts
+
def run(self):
self.runTraffic()
+ self.__testMetrics()
ConnectViaPVTest().run()
diff --git a/tests/gold_tests/connect/gold/metrics.gold
b/tests/gold_tests/connect/gold/metrics.gold
new file mode 100644
index 0000000000..bdbda6443c
--- /dev/null
+++ b/tests/gold_tests/connect/gold/metrics.gold
@@ -0,0 +1,21 @@
+proxy.process.http.total_incoming_connections 1
+proxy.process.http.total_client_connections 1
+proxy.process.http.total_client_connections_ipv4 1
+proxy.process.http.total_client_connections_ipv6 0
+proxy.process.http.total_server_connections 0
+proxy.process.http2.total_client_connections 0
+proxy.process.http.connect_requests 1
+proxy.process.tunnel.total_client_connections_blind_tcp 1
+proxy.process.tunnel.current_client_connections_blind_tcp 0
+proxy.process.tunnel.total_server_connections_blind_tcp 1
+proxy.process.tunnel.current_server_connections_blind_tcp 0
+proxy.process.tunnel.total_client_connections_tls_tunnel 0
+proxy.process.tunnel.current_client_connections_tls_tunnel 0
+proxy.process.tunnel.total_client_connections_tls_forward 0
+proxy.process.tunnel.current_client_connections_tls_forward 0
+proxy.process.tunnel.total_client_connections_tls_partial_blind 0
+proxy.process.tunnel.current_client_connections_tls_partial_blind 0
+proxy.process.tunnel.total_client_connections_tls_http 0
+proxy.process.tunnel.current_client_connections_tls_http 0
+proxy.process.tunnel.total_server_connections_tls 0
+proxy.process.tunnel.current_server_connections_tls 0
diff --git a/tests/gold_tests/remap/gold/remap-ws-metrics.gold
b/tests/gold_tests/remap/gold/remap-ws-metrics.gold
new file mode 100644
index 0000000000..cf39c20a91
--- /dev/null
+++ b/tests/gold_tests/remap/gold/remap-ws-metrics.gold
@@ -0,0 +1,21 @@
+proxy.process.http.total_incoming_connections 3
+proxy.process.http.total_client_connections 3
+proxy.process.http.total_client_connections_ipv4 3
+proxy.process.http.total_client_connections_ipv6 0
+proxy.process.http.total_server_connections 2
+proxy.process.http2.total_client_connections 0
+proxy.process.http.connect_requests 0
+proxy.process.tunnel.total_client_connections_blind_tcp 1
+proxy.process.tunnel.current_client_connections_blind_tcp 0
+proxy.process.tunnel.total_server_connections_blind_tcp 2
+proxy.process.tunnel.current_server_connections_blind_tcp 0
+proxy.process.tunnel.total_client_connections_tls_tunnel 0
+proxy.process.tunnel.current_client_connections_tls_tunnel 0
+proxy.process.tunnel.total_client_connections_tls_forward 0
+proxy.process.tunnel.current_client_connections_tls_forward 0
+proxy.process.tunnel.total_client_connections_tls_partial_blind 0
+proxy.process.tunnel.current_client_connections_tls_partial_blind 0
+proxy.process.tunnel.total_client_connections_tls_http 1
+proxy.process.tunnel.current_client_connections_tls_http 0
+proxy.process.tunnel.total_server_connections_tls 0
+proxy.process.tunnel.current_server_connections_tls 0
diff --git a/tests/gold_tests/remap/remap_ws.test.py
b/tests/gold_tests/remap/remap_ws.test.py
index f87f797824..e1b96d3f78 100644
--- a/tests/gold_tests/remap/remap_ws.test.py
+++ b/tests/gold_tests/remap/remap_ws.test.py
@@ -77,3 +77,37 @@ tr.Processes.Default.ReturnCode = 0
tr.Processes.Default.Streams.stderr = "gold/remap-ws-upgrade-400.gold"
tr.StillRunningAfter = server
tr.StillRunningAfter = ts
+
+# Test metrics
+tr = Test.AddTestRun()
+tr.Processes.Default.Command = (
+ f"{Test.Variables.AtsTestToolsDir}/stdout_wait" +
+ " 'traffic_ctl metric get" +
+ " proxy.process.http.total_incoming_connections" +
+ " proxy.process.http.total_client_connections" +
+ " proxy.process.http.total_client_connections_ipv4" +
+ " proxy.process.http.total_client_connections_ipv6" +
+ " proxy.process.http.total_server_connections" +
+ " proxy.process.http2.total_client_connections" +
+ " proxy.process.http.connect_requests" +
+ " proxy.process.tunnel.total_client_connections_blind_tcp" +
+ " proxy.process.tunnel.current_client_connections_blind_tcp" +
+ " proxy.process.tunnel.total_server_connections_blind_tcp" +
+ " proxy.process.tunnel.current_server_connections_blind_tcp" +
+ " proxy.process.tunnel.total_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.current_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.total_client_connections_tls_forward" +
+ " proxy.process.tunnel.current_client_connections_tls_forward" +
+ " proxy.process.tunnel.total_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.current_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.total_client_connections_tls_http" +
+ " proxy.process.tunnel.current_client_connections_tls_http" +
+ " proxy.process.tunnel.total_server_connections_tls" +
+ " proxy.process.tunnel.current_server_connections_tls'" +
+ f" {Test.TestDirectory}/gold/remap-ws-metrics.gold"
+)
+# Need to copy over the environment so traffic_ctl knows where to find the
unix domain socket
+tr.Processes.Default.Env = ts.Env
+tr.Processes.Default.ReturnCode = 0
+tr.StillRunningAfter = server
+tr.StillRunningAfter = ts
diff --git a/tests/gold_tests/tls/gold/tls-partial-blind-tunnel-metrics.gold
b/tests/gold_tests/tls/gold/tls-partial-blind-tunnel-metrics.gold
new file mode 100644
index 0000000000..fc8da18b10
--- /dev/null
+++ b/tests/gold_tests/tls/gold/tls-partial-blind-tunnel-metrics.gold
@@ -0,0 +1,21 @@
+proxy.process.http.total_incoming_connections 1
+proxy.process.http.total_client_connections 1
+proxy.process.http.total_client_connections_ipv4 1
+proxy.process.http.total_client_connections_ipv6 0
+proxy.process.http.total_server_connections 0
+proxy.process.http2.total_client_connections 0
+proxy.process.http.connect_requests 1
+proxy.process.tunnel.total_client_connections_blind_tcp 0
+proxy.process.tunnel.current_client_connections_blind_tcp 0
+proxy.process.tunnel.total_server_connections_blind_tcp 0
+proxy.process.tunnel.current_server_connections_blind_tcp 0
+proxy.process.tunnel.total_client_connections_tls_tunnel 0
+proxy.process.tunnel.current_client_connections_tls_tunnel 0
+proxy.process.tunnel.total_client_connections_tls_forward 0
+proxy.process.tunnel.current_client_connections_tls_forward 0
+proxy.process.tunnel.total_client_connections_tls_partial_blind 1
+proxy.process.tunnel.current_client_connections_tls_partial_blind 0
+proxy.process.tunnel.total_client_connections_tls_http 0
+proxy.process.tunnel.current_client_connections_tls_http 0
+proxy.process.tunnel.total_server_connections_tls 1
+proxy.process.tunnel.current_server_connections_tls 0
diff --git a/tests/gold_tests/tls/gold/tls-tunnel-forward-metrics.gold
b/tests/gold_tests/tls/gold/tls-tunnel-forward-metrics.gold
new file mode 100644
index 0000000000..025d86c556
--- /dev/null
+++ b/tests/gold_tests/tls/gold/tls-tunnel-forward-metrics.gold
@@ -0,0 +1,21 @@
+proxy.process.http.total_incoming_connections 3
+proxy.process.http.total_client_connections 3
+proxy.process.http.total_client_connections_ipv4 3
+proxy.process.http.total_client_connections_ipv6 0
+proxy.process.http.total_server_connections 0
+proxy.process.http2.total_client_connections 0
+proxy.process.http.connect_requests 3
+proxy.process.tunnel.total_client_connections_blind_tcp 0
+proxy.process.tunnel.current_client_connections_blind_tcp 0
+proxy.process.tunnel.total_server_connections_blind_tcp 3
+proxy.process.tunnel.current_server_connections_blind_tcp 0
+proxy.process.tunnel.total_client_connections_tls_tunnel 1
+proxy.process.tunnel.current_client_connections_tls_tunnel 0
+proxy.process.tunnel.total_client_connections_tls_forward 2
+proxy.process.tunnel.current_client_connections_tls_forward 0
+proxy.process.tunnel.total_client_connections_tls_partial_blind 0
+proxy.process.tunnel.current_client_connections_tls_partial_blind 0
+proxy.process.tunnel.total_client_connections_tls_http 0
+proxy.process.tunnel.current_client_connections_tls_http 0
+proxy.process.tunnel.total_server_connections_tls 0
+proxy.process.tunnel.current_server_connections_tls 0
diff --git a/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold
b/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold
index 081b4cfad7..b75ecc1cac 100644
--- a/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold
+++ b/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold
@@ -5,3 +5,17 @@ proxy.process.http.total_client_connections_ipv6 0
proxy.process.http.total_server_connections 0
proxy.process.http2.total_client_connections 2
proxy.process.http.connect_requests 10
+proxy.process.tunnel.total_client_connections_blind_tcp 0
+proxy.process.tunnel.current_client_connections_blind_tcp 0
+proxy.process.tunnel.total_server_connections_blind_tcp 8
+proxy.process.tunnel.current_server_connections_blind_tcp 0
+proxy.process.tunnel.total_client_connections_tls_tunnel 8
+proxy.process.tunnel.current_client_connections_tls_tunnel 0
+proxy.process.tunnel.total_client_connections_tls_forward 0
+proxy.process.tunnel.current_client_connections_tls_forward 0
+proxy.process.tunnel.total_client_connections_tls_partial_blind 0
+proxy.process.tunnel.current_client_connections_tls_partial_blind 0
+proxy.process.tunnel.total_client_connections_tls_http 0
+proxy.process.tunnel.current_client_connections_tls_http 0
+proxy.process.tunnel.total_server_connections_tls 0
+proxy.process.tunnel.current_server_connections_tls 0
diff --git a/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py
b/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py
index 021eae8885..44f14fca33 100644
--- a/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py
+++ b/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py
@@ -74,3 +74,35 @@ tr.Processes.Default.Streams.All +=
Testers.ExcludesExpression("Not Found on Acc
"Should not try
to remap on Traffic Server")
tr.Processes.Default.Streams.All += Testers.ContainsExpression("HTTP/1.1 200
OK", "Should get a successful response")
tr.Processes.Default.Streams.All += Testers.ContainsExpression("ok bar", "Body
is expected")
+
+tr = Test.AddTestRun("Test Metrics")
+tr.Processes.Default.Command = (
+ f"{Test.Variables.AtsTestToolsDir}/stdout_wait" +
+ " 'traffic_ctl metric get" +
+ " proxy.process.http.total_incoming_connections" +
+ " proxy.process.http.total_client_connections" +
+ " proxy.process.http.total_client_connections_ipv4" +
+ " proxy.process.http.total_client_connections_ipv6" +
+ " proxy.process.http.total_server_connections" +
+ " proxy.process.http2.total_client_connections" +
+ " proxy.process.http.connect_requests" +
+ " proxy.process.tunnel.total_client_connections_blind_tcp" +
+ " proxy.process.tunnel.current_client_connections_blind_tcp" +
+ " proxy.process.tunnel.total_server_connections_blind_tcp" +
+ " proxy.process.tunnel.current_server_connections_blind_tcp" +
+ " proxy.process.tunnel.total_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.current_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.total_client_connections_tls_forward" +
+ " proxy.process.tunnel.current_client_connections_tls_forward" +
+ " proxy.process.tunnel.total_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.current_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.total_client_connections_tls_http" +
+ " proxy.process.tunnel.current_client_connections_tls_http" +
+ " proxy.process.tunnel.total_server_connections_tls" +
+ " proxy.process.tunnel.current_server_connections_tls'" +
+ f" {Test.TestDirectory}/gold/tls-partial-blind-tunnel-metrics.gold"
+)
+# Need to copy over the environment so traffic_ctl knows where to find the
unix domain socket
+tr.Processes.Default.Env = ts.Env
+tr.Processes.Default.ReturnCode = 0
+tr.StillRunningAfter = ts
diff --git a/tests/gold_tests/tls/tls_tunnel.test.py
b/tests/gold_tests/tls/tls_tunnel.test.py
index 938ee27b74..a76dcf8c20 100644
--- a/tests/gold_tests/tls/tls_tunnel.test.py
+++ b/tests/gold_tests/tls/tls_tunnel.test.py
@@ -337,7 +337,21 @@ tr.Processes.Default.Command = (
" proxy.process.http.total_client_connections_ipv6" +
" proxy.process.http.total_server_connections" +
" proxy.process.http2.total_client_connections" +
- " proxy.process.http.connect_requests'" +
+ " proxy.process.http.connect_requests" +
+ " proxy.process.tunnel.total_client_connections_blind_tcp" +
+ " proxy.process.tunnel.current_client_connections_blind_tcp" +
+ " proxy.process.tunnel.total_server_connections_blind_tcp" +
+ " proxy.process.tunnel.current_server_connections_blind_tcp" +
+ " proxy.process.tunnel.total_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.current_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.total_client_connections_tls_forward" +
+ " proxy.process.tunnel.current_client_connections_tls_forward" +
+ " proxy.process.tunnel.total_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.current_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.total_client_connections_tls_http" +
+ " proxy.process.tunnel.current_client_connections_tls_http" +
+ " proxy.process.tunnel.total_server_connections_tls" +
+ " proxy.process.tunnel.current_server_connections_tls'" +
f" {Test.TestDirectory}/gold/tls-tunnel-metrics.gold"
)
# Need to copy over the environment so traffic_ctl knows where to find the
unix domain socket
diff --git a/tests/gold_tests/tls/tls_tunnel_forward.test.py
b/tests/gold_tests/tls/tls_tunnel_forward.test.py
index d82b92a07b..bd2417eaf8 100644
--- a/tests/gold_tests/tls/tls_tunnel_forward.test.py
+++ b/tests/gold_tests/tls/tls_tunnel_forward.test.py
@@ -122,3 +122,35 @@ tr3.Processes.Default.Streams.All +=
Testers.ExcludesExpression(
tr3.Processes.Default.Streams.All += Testers.ContainsExpression("CN=foo.com",
"Should TLS terminate on Traffic Server")
tr3.Processes.Default.Streams.All += Testers.ContainsExpression("HTTP/1.1 200
OK", "Should get a successful response")
tr3.Processes.Default.Streams.All += Testers.ContainsExpression("ok random",
"Body is expected")
+
+tr = Test.AddTestRun("Test Metrics")
+tr.Processes.Default.Command = (
+ f"{Test.Variables.AtsTestToolsDir}/stdout_wait" +
+ " 'traffic_ctl metric get" +
+ " proxy.process.http.total_incoming_connections" +
+ " proxy.process.http.total_client_connections" +
+ " proxy.process.http.total_client_connections_ipv4" +
+ " proxy.process.http.total_client_connections_ipv6" +
+ " proxy.process.http.total_server_connections" +
+ " proxy.process.http2.total_client_connections" +
+ " proxy.process.http.connect_requests" +
+ " proxy.process.tunnel.total_client_connections_blind_tcp" +
+ " proxy.process.tunnel.current_client_connections_blind_tcp" +
+ " proxy.process.tunnel.total_server_connections_blind_tcp" +
+ " proxy.process.tunnel.current_server_connections_blind_tcp" +
+ " proxy.process.tunnel.total_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.current_client_connections_tls_tunnel" +
+ " proxy.process.tunnel.total_client_connections_tls_forward" +
+ " proxy.process.tunnel.current_client_connections_tls_forward" +
+ " proxy.process.tunnel.total_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.current_client_connections_tls_partial_blind" +
+ " proxy.process.tunnel.total_client_connections_tls_http" +
+ " proxy.process.tunnel.current_client_connections_tls_http" +
+ " proxy.process.tunnel.total_server_connections_tls" +
+ " proxy.process.tunnel.current_server_connections_tls'" +
+ f" {Test.TestDirectory}/gold/tls-tunnel-forward-metrics.gold"
+)
+# Need to copy over the environment so traffic_ctl knows where to find the
unix domain socket
+tr.Processes.Default.Env = ts.Env
+tr.Processes.Default.ReturnCode = 0
+tr.StillRunningAfter = ts
