This is an automated email from the ASF dual-hosted git repository. wkaras pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new 124fd702ad Add 14 metrics for TCP connections created for tunnels. (#9403) 124fd702ad is described below commit 124fd702adfbd79131266e13197db432cbde78ff Author: Walt Karas <wka...@yahooinc.com> AuthorDate: Tue Oct 17 09:52:10 2023 -0400 Add 14 metrics for TCP connections created for tunnels. (#9403) * Add 14 metrics for TCP connections created for tunnels. Add current and total metrics for TCP connetions towards clients for blind TCP tunnels, and TLS tunnel, forward, and partial blind tunnel SNI-based tunnels. Add current and total metrics for TCP connetions towards servers, for blind TCP tunnels and TLS tunnels. Only partial blind tunnel SNI-based tunnels are counted as TLS tunnels on the outgoing side, because they are only SNI-based tunnels where ATS termitates the TLS connection form the client and originates a new one towards the server. * VConnection::make_tunnel_endpoint() -> mark_as_tunnel_endpoint(). * Fix error in proxy.process.http.connect_requests. Due to change in usage of HttpTransact::State::method. * Rebase changes for PR 9869. * Rebase changes. iocore/net/Net.cc iocore/net/SSLNetVConnection.cc iocore/net/UnixNetVConnection.cc proxy/http/HttpTransact.cc --- .../statistics/core/http-connection.en.rst | 25 ++++++- .../monitoring/statistics/core/ssl.en.rst | 60 +++++++++++++++++ iocore/eventsystem/I_VConnection.h | 8 ++- iocore/net/Net.cc | 77 ++++++++++++++-------- iocore/net/P_Net.h | 14 ++++ iocore/net/P_SSLNetVConnection.h | 3 + iocore/net/P_UnixNetVConnection.h | 19 ++++++ iocore/net/SSLNetVConnection.cc | 64 ++++++++++++++++++ iocore/net/UnixNetVConnection.cc | 52 +++++++++++++++ proxy/ProxyTransaction.cc | 8 +++ proxy/ProxyTransaction.h | 2 + proxy/http/HttpSM.cc | 5 ++ proxy/http/HttpTransact.h | 9 +-- tests/gold_tests/connect/connect.test.py | 37 ++++++++++- tests/gold_tests/connect/gold/metrics.gold | 21 ++++++ tests/gold_tests/remap/gold/remap-ws-metrics.gold | 21 ++++++ tests/gold_tests/remap/remap_ws.test.py | 34 ++++++++++ .../tls/gold/tls-partial-blind-tunnel-metrics.gold | 21 ++++++ .../tls/gold/tls-tunnel-forward-metrics.gold | 21 ++++++ tests/gold_tests/tls/gold/tls-tunnel-metrics.gold | 14 ++++ .../tls/tls_partial_blind_tunnel.test.py | 32 +++++++++ tests/gold_tests/tls/tls_tunnel.test.py | 16 ++++- tests/gold_tests/tls/tls_tunnel_forward.test.py | 32 +++++++++ 23 files changed, 560 insertions(+), 35 deletions(-) diff --git a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst index 28de812a0b..cd9a554e0b 100644 --- a/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst +++ b/doc/admin-guide/monitoring/statistics/core/http-connection.en.rst @@ -164,10 +164,33 @@ HTTP Connection Counts the number of times current parent or next parent was detected +.. ts:stat:: global proxy.process.tunnel.total_client_connections_blind_tcp integer + :type: counter + + Total number of non-TLS TCP connections for tunnels where the far end is the client + initiated with an HTTP request (such as a CONNECT or WebSocket request). + +.. ts:stat:: global proxy.process.tunnel.current_client_connections_blind_tcp integer + :type: counter + + Current number of non-TLS TCP connections for tunnels where the far end is the client + initiated with an HTTP request (such as a CONNECT or WebSocket request). + +.. ts:stat:: global proxy.process.tunnel.total_server_connections_blind_tcp integer + :type: counter + + Total number of TCP connections for tunnels where the far end is the server, + except for those counted by ``proxy.process.tunnel.total_server_connections_tls`` + +.. ts:stat:: global proxy.process.tunnel.current_server_connections_blind_tcp integer + :type: counter + + Current number of TCP connections for tunnels where the far end is the server, + except for those counted by ``proxy.process.tunnel.current_server_connections_tls`` + HTTP/2 ------ - .. ts:stat:: global proxy.process.http2.total_client_connections integer :type: counter diff --git a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst index e18bae11c6..59eaa918a5 100644 --- a/doc/admin-guide/monitoring/statistics/core/ssl.en.rst +++ b/doc/admin-guide/monitoring/statistics/core/ssl.en.rst @@ -238,6 +238,66 @@ SSL/TLS A gauge of current active SNI Routing Tunnels. +.. ts:stat:: global proxy.process.tunnel.total_client_connections_tls_tunnel integer + :type: counter + + Total number of TCP connections for TLS tunnels where the far end is the client + created based on a ``tunnel_route`` key in a table in the :file:`sni.yaml` file. + +.. ts:stat:: global proxy.process.tunnel.current_client_connections_tls_tunnel integer + :type: counter + + Current number of TCP connections for TLS tunnels where the far end is the client + created based on a ``tunnel_route`` key in a table in the :file:`sni.yaml` file. + +.. ts:stat:: global proxy.process.tunnel.total_client_connections_tls_forward integer + :type: counter + + Total number of TCP connections for TLS tunnels where the far end is the client + created based on a ``forward_route`` key in a table in the :file:`sni.yaml` file. + +.. ts:stat:: global proxy.process.tunnel.current_client_connections_tls_forward integer + :type: counter + + Current number of TCP connections for TLS tunnels where the far end is the client + created based on a ``forward_route`` key in a table in the :file:`sni.yaml` file. + +.. ts:stat:: global proxy.process.tunnel.total_client_connections_tls_partial_blind integer + :type: counter + + Total number of TCP connections for TLS tunnels where the far end is the client + created based on a ``partial_blind_route`` key in a table in the :file:`sni.yaml` file. + +.. ts:stat:: global proxy.process.tunnel.current_client_connections_tls_partial_blind integer + :type: counter + + Current number of TCP connections for TLS tunnels where the far end is the client + created based on a ``partial_blind_route`` key in a table in the :file:`sni.yaml` file. + +.. ts:stat:: global proxy.process.tunnel.total_client_connections_tls_http integer + :type: counter + + Total number of TLS connections for tunnels where the far end is the client + initiated with an HTTP request. + +.. ts:stat:: global proxy.process.tunnel.current_client_connections_tls_http integer + :type: counter + + Current number of TLS connections for tunnels where the far end is the client + initiated with an HTTP request. + +.. ts:stat:: global proxy.process.tunnel.total_server_connections_tls integer + :type: counter + + Total number of TCP connections for TLS tunnels where the far end is the server + created based on a ``partial_blind_route`` key in a table in the :file:`sni.yaml` file. + +.. ts:stat:: global proxy.process.tunnel.current_server_connections_tls integer + :type: counter + + Current number of TCP connections for TLS tunnels where the far end is the server + created based on a ``partial_blind_route`` key in a table in the :file:`sni.yaml` file. + .. _pre-warming-tls-tunnel-stats: Pre-warming TLS Tunnel diff --git a/iocore/eventsystem/I_VConnection.h b/iocore/eventsystem/I_VConnection.h index e39f4dff5c..7e0ba5c767 100644 --- a/iocore/eventsystem/I_VConnection.h +++ b/iocore/eventsystem/I_VConnection.h @@ -360,7 +360,13 @@ public: return false; } -public: + // This function should be called when the VConnection is a tunnel endpoint. By default, a VConnection does not care if it + // is a tunnel endpoint. + virtual void + mark_as_tunnel_endpoint() + { + } + /** The error code from the last error. diff --git a/iocore/net/Net.cc b/iocore/net/Net.cc index 05438e5dd2..b0dbf118c4 100644 --- a/iocore/net/Net.cc +++ b/iocore/net/Net.cc @@ -82,33 +82,56 @@ register_net_stats() { ts::Metrics &intm = ts::Metrics::getInstance(); - net_rsb.accepts_currently_open = intm.newMetricPtr("proxy.process.net.accepts_currently_open"); - net_rsb.calls_to_read = intm.newMetricPtr("proxy.process.net.calls_to_read"); - net_rsb.calls_to_read_nodata = intm.newMetricPtr("proxy.process.net.calls_to_read_nodata"); - net_rsb.calls_to_readfromnet = intm.newMetricPtr("proxy.process.net.calls_to_readfromnet"); - net_rsb.calls_to_write = intm.newMetricPtr("proxy.process.net.calls_to_write"); - net_rsb.calls_to_write_nodata = intm.newMetricPtr("proxy.process.net.calls_to_write_nodata"); - net_rsb.calls_to_writetonet = intm.newMetricPtr("proxy.process.net.calls_to_writetonet"); - net_rsb.connections_currently_open = intm.newMetricPtr("proxy.process.net.connections_currently_open"); - net_rsb.connections_throttled_in = intm.newMetricPtr("proxy.process.net.connections_throttled_in"); - net_rsb.connections_throttled_out = intm.newMetricPtr("proxy.process.net.connections_throttled_out"); - net_rsb.default_inactivity_timeout_applied = intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_applied"); - net_rsb.default_inactivity_timeout_count = intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_count"); - net_rsb.fastopen_attempts = intm.newMetricPtr("proxy.process.net.fastopen_out.attempts"); - net_rsb.fastopen_successes = intm.newMetricPtr("proxy.process.net.fastopen_out.successes"); - net_rsb.handler_run = intm.newMetricPtr("proxy.process.net.net_handler_run"); - net_rsb.inactivity_cop_lock_acquire_failure = intm.newMetricPtr("proxy.process.net.inactivity_cop_lock_acquire_failure"); - net_rsb.keep_alive_queue_timeout_count = intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_count"); - net_rsb.keep_alive_queue_timeout_total = intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_total"); - net_rsb.read_bytes = intm.newMetricPtr("proxy.process.net.read_bytes"); - net_rsb.read_bytes_count = intm.newMetricPtr("proxy.process.net.read_bytes_count"); - net_rsb.requests_max_throttled_in = intm.newMetricPtr("proxy.process.net.max.requests_throttled_in"); - net_rsb.socks_connections_currently_open = intm.newMetricPtr("proxy.process.socks.connections_currently_open"); - net_rsb.socks_connections_successful = intm.newMetricPtr("proxy.process.socks.connections_successful"); - net_rsb.socks_connections_unsuccessful = intm.newMetricPtr("proxy.process.socks.connections_unsuccessful"); - net_rsb.tcp_accept = intm.newMetricPtr("proxy.process.tcp.total_accepts"); - net_rsb.write_bytes = intm.newMetricPtr("proxy.process.net.write_bytes"); - net_rsb.write_bytes_count = intm.newMetricPtr("proxy.process.net.write_bytes_count"); + net_rsb.accepts_currently_open = intm.newMetricPtr("proxy.process.net.accepts_currently_open"); + net_rsb.calls_to_read = intm.newMetricPtr("proxy.process.net.calls_to_read"); + net_rsb.calls_to_read_nodata = intm.newMetricPtr("proxy.process.net.calls_to_read_nodata"); + net_rsb.calls_to_readfromnet = intm.newMetricPtr("proxy.process.net.calls_to_readfromnet"); + net_rsb.calls_to_write = intm.newMetricPtr("proxy.process.net.calls_to_write"); + net_rsb.calls_to_write_nodata = intm.newMetricPtr("proxy.process.net.calls_to_write_nodata"); + net_rsb.calls_to_writetonet = intm.newMetricPtr("proxy.process.net.calls_to_writetonet"); + net_rsb.connections_currently_open = intm.newMetricPtr("proxy.process.net.connections_currently_open"); + net_rsb.connections_throttled_in = intm.newMetricPtr("proxy.process.net.connections_throttled_in"); + net_rsb.connections_throttled_out = intm.newMetricPtr("proxy.process.net.connections_throttled_out"); + net_rsb.tunnel_total_client_connections_blind_tcp = intm.newMetricPtr("proxy.process.tunnel.total_client_connections_blind_tcp"); + net_rsb.tunnel_current_client_connections_blind_tcp = + intm.newMetricPtr("proxy.process.tunnel.current_client_connections_blind_tcp"); + net_rsb.tunnel_total_server_connections_blind_tcp = intm.newMetricPtr("proxy.process.tunnel.total_server_connections_blind_tcp"); + net_rsb.tunnel_current_server_connections_blind_tcp = + intm.newMetricPtr("proxy.process.tunnel.current_server_connections_blind_tcp"); + net_rsb.tunnel_total_client_connections_tls_tunnel = + intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_tunnel"); + net_rsb.tunnel_current_client_connections_tls_tunnel = + intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_tunnel"); + net_rsb.tunnel_total_client_connections_tls_forward = + intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_forward"); + net_rsb.tunnel_current_client_connections_tls_forward = + intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_forward"); + net_rsb.tunnel_total_client_connections_tls_partial_blind = + intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_partial_blind"); + net_rsb.tunnel_current_client_connections_tls_partial_blind = + intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_partial_blind"); + net_rsb.tunnel_total_client_connections_tls_http = intm.newMetricPtr("proxy.process.tunnel.total_client_connections_tls_http"); + net_rsb.tunnel_current_client_connections_tls_http = + intm.newMetricPtr("proxy.process.tunnel.current_client_connections_tls_http"); + net_rsb.tunnel_total_server_connections_tls = intm.newMetricPtr("proxy.process.tunnel.total_server_connections_tls"); + net_rsb.tunnel_current_server_connections_tls = intm.newMetricPtr("proxy.process.tunnel.current_server_connections_tls"); + net_rsb.default_inactivity_timeout_applied = intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_applied"); + net_rsb.default_inactivity_timeout_count = intm.newMetricPtr("proxy.process.net.default_inactivity_timeout_count"); + net_rsb.fastopen_attempts = intm.newMetricPtr("proxy.process.net.fastopen_out.attempts"); + net_rsb.fastopen_successes = intm.newMetricPtr("proxy.process.net.fastopen_out.successes"); + net_rsb.handler_run = intm.newMetricPtr("proxy.process.net.net_handler_run"); + net_rsb.inactivity_cop_lock_acquire_failure = intm.newMetricPtr("proxy.process.net.inactivity_cop_lock_acquire_failure"); + net_rsb.keep_alive_queue_timeout_count = intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_count"); + net_rsb.keep_alive_queue_timeout_total = intm.newMetricPtr("proxy.process.net.dynamic_keep_alive_timeout_in_total"); + net_rsb.read_bytes = intm.newMetricPtr("proxy.process.net.read_bytes"); + net_rsb.read_bytes_count = intm.newMetricPtr("proxy.process.net.read_bytes_count"); + net_rsb.requests_max_throttled_in = intm.newMetricPtr("proxy.process.net.max.requests_throttled_in"); + net_rsb.socks_connections_currently_open = intm.newMetricPtr("proxy.process.socks.connections_currently_open"); + net_rsb.socks_connections_successful = intm.newMetricPtr("proxy.process.socks.connections_successful"); + net_rsb.socks_connections_unsuccessful = intm.newMetricPtr("proxy.process.socks.connections_unsuccessful"); + net_rsb.tcp_accept = intm.newMetricPtr("proxy.process.tcp.total_accepts"); + net_rsb.write_bytes = intm.newMetricPtr("proxy.process.net.write_bytes"); + net_rsb.write_bytes_count = intm.newMetricPtr("proxy.process.net.write_bytes_count"); } void diff --git a/iocore/net/P_Net.h b/iocore/net/P_Net.h index 0d0fa0107e..41798df868 100644 --- a/iocore/net/P_Net.h +++ b/iocore/net/P_Net.h @@ -58,6 +58,20 @@ struct NetStatsBlock { Metrics::IntType *read_bytes; Metrics::IntType *read_bytes_count; Metrics::IntType *requests_max_throttled_in; + Metrics::IntType *tunnel_total_client_connections_blind_tcp; + Metrics::IntType *tunnel_current_client_connections_blind_tcp; + Metrics::IntType *tunnel_total_server_connections_blind_tcp; + Metrics::IntType *tunnel_current_server_connections_blind_tcp; + Metrics::IntType *tunnel_total_client_connections_tls_tunnel; + Metrics::IntType *tunnel_current_client_connections_tls_tunnel; + Metrics::IntType *tunnel_total_server_connections_tls; + Metrics::IntType *tunnel_current_server_connections_tls; + Metrics::IntType *tunnel_total_client_connections_tls_forward; + Metrics::IntType *tunnel_current_client_connections_tls_forward; + Metrics::IntType *tunnel_total_client_connections_tls_partial_blind; + Metrics::IntType *tunnel_current_client_connections_tls_partial_blind; + Metrics::IntType *tunnel_total_client_connections_tls_http; + Metrics::IntType *tunnel_current_client_connections_tls_http; Metrics::IntType *socks_connections_currently_open; Metrics::IntType *socks_connections_successful; Metrics::IntType *socks_connections_unsuccessful; diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index 0b6f4281d5..8a6d797079 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -500,6 +500,9 @@ private: ssl_error_t _ssl_write_buffer(const void *buf, int64_t nbytes, int64_t &nwritten); ssl_error_t _ssl_connect(); ssl_error_t _ssl_accept(); + + void _in_context_tunnel() override; + void _out_context_tunnel() override; }; typedef int (SSLNetVConnection::*SSLNetVConnHandler)(int, void *); diff --git a/iocore/net/P_UnixNetVConnection.h b/iocore/net/P_UnixNetVConnection.h index f453d01494..bf75b386e3 100644 --- a/iocore/net/P_UnixNetVConnection.h +++ b/iocore/net/P_UnixNetVConnection.h @@ -44,6 +44,8 @@ struct PollDescriptor; enum tcp_congestion_control_t { CLIENT_SIDE, SERVER_SIDE }; +// WARNING: many or most of the member functions of UnixNetVConnection should only be used when it is instantiated +// directly. They should not be used when UnixNetVConnection is a base class. class UnixNetVConnection : public NetVConnection, public NetEvent { public: @@ -225,10 +227,27 @@ public: friend void write_to_net_io(NetHandler *, UnixNetVConnection *, EThread *); + // set_context() should be called before calling this member function. + void mark_as_tunnel_endpoint() override; + + bool + is_tunnel_endpoint() const + { + return _is_tunnel_endpoint; + } + private: virtual void *_prepareForMigration(); virtual NetProcessor *_getNetProcessor(); + bool _is_tunnel_endpoint{false}; + + // Called by make_tunnel_endpiont() when the far end of the TCP connection is the active/client end. + virtual void _in_context_tunnel(); + + // Called by make_tunnel_endpiont() when the far end of the TCP connection is the passive/server end. + virtual void _out_context_tunnel(); + inline static DbgCtl _dbg_ctl_socket{"socket"}; inline static DbgCtl _dbg_ctl_socket_mptcp{"socket_mptcp"}; }; diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index cee694cb51..390bf3dcc8 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -1035,6 +1035,29 @@ SSLNetVConnection::free_thread(EThread *t) } con.close(); + if (is_tunnel_endpoint()) { + ink_assert(get_context() != NET_VCONNECTION_UNSET); + + Metrics::decrement(([&]() -> Metrics::IntType * { + if (get_context() == NET_VCONNECTION_IN) { + switch (get_tunnel_type()) { + case SNIRoutingType::BLIND: + return net_rsb.tunnel_current_client_connections_tls_tunnel; + case SNIRoutingType::FORWARD: + return net_rsb.tunnel_current_client_connections_tls_forward; + case SNIRoutingType::PARTIAL_BLIND: + return net_rsb.tunnel_current_client_connections_tls_partial_blind; + default: + return net_rsb.tunnel_current_client_connections_tls_http; + } + } + // NET_VCONNECTION_OUT - Never a tunnel type for out (to server) context. + ink_assert(get_tunnel_type() == SNIRoutingType::NONE); + + return net_rsb.tunnel_current_server_connections_tls; + })()); + } + #if TS_HAS_TLS_EARLY_DATA if (_early_data_reader != nullptr) { _early_data_reader->dealloc(); @@ -1958,6 +1981,47 @@ SSLNetVConnection::populate(Connection &con, Continuation *c, void *arg) return EVENT_DONE; } +void +SSLNetVConnection::_in_context_tunnel() +{ + ink_assert(get_context() == NET_VCONNECTION_IN); + + Metrics::IntType *t, *c; + + switch (get_tunnel_type()) { + case SNIRoutingType::BLIND: + t = net_rsb.tunnel_total_client_connections_tls_tunnel; + c = net_rsb.tunnel_current_client_connections_tls_tunnel; + break; + case SNIRoutingType::FORWARD: + t = net_rsb.tunnel_total_client_connections_tls_forward; + c = net_rsb.tunnel_current_client_connections_tls_forward; + break; + case SNIRoutingType::PARTIAL_BLIND: + t = net_rsb.tunnel_total_client_connections_tls_partial_blind; + c = net_rsb.tunnel_current_client_connections_tls_partial_blind; + break; + default: + t = net_rsb.tunnel_total_client_connections_tls_http; + c = net_rsb.tunnel_current_client_connections_tls_http; + break; + } + Metrics::increment(t); + Metrics::increment(c); +} + +void +SSLNetVConnection::_out_context_tunnel() +{ + ink_assert(get_context() == NET_VCONNECTION_OUT); + + // Never a tunnel type for out (to server) context. + ink_assert(get_tunnel_type() == SNIRoutingType::NONE); + + Metrics::increment(net_rsb.tunnel_total_server_connections_tls); + Metrics::increment(net_rsb.tunnel_current_server_connections_tls); +} + void SSLNetVConnection::increment_ssl_version_metric(int version) const { diff --git a/iocore/net/UnixNetVConnection.cc b/iocore/net/UnixNetVConnection.cc index c97fc70f97..a8b03640f4 100644 --- a/iocore/net/UnixNetVConnection.cc +++ b/iocore/net/UnixNetVConnection.cc @@ -1284,6 +1284,8 @@ UnixNetVConnection::clear() void UnixNetVConnection::free_thread(EThread *t) { + Debug("iocore_net", "Entering UnixNetVConnection::free()"); + ink_release_assert(t == this_ethread()); // close socket fd @@ -1292,6 +1294,21 @@ UnixNetVConnection::free_thread(EThread *t) } con.close(); + if (is_tunnel_endpoint()) { + Debug("iocore_net", "Freeing UnixNetVConnection that is tunnel endpoint"); + + Metrics::decrement(([&]() -> Metrics::IntType * { + switch (get_context()) { + case NET_VCONNECTION_IN: + return net_rsb.tunnel_current_client_connections_blind_tcp; + case NET_VCONNECTION_OUT: + return net_rsb.tunnel_current_server_connections_blind_tcp; + default: + ink_release_assert(false); + } + })()); + } + clear(); SET_CONTINUATION_HANDLER(this, &UnixNetVConnection::startEvent); ink_assert(con.fd == NO_FD); @@ -1491,3 +1508,38 @@ UnixNetVConnection::set_tcp_congestion_control(int side) return -1; #endif } + +void +UnixNetVConnection::mark_as_tunnel_endpoint() +{ + Debug("iocore_net", "Entering UnixNetVConnection::mark_as_tunnel_endpoint()"); + + ink_assert(!_is_tunnel_endpoint); + + _is_tunnel_endpoint = true; + + switch (get_context()) { + case NET_VCONNECTION_IN: + _in_context_tunnel(); + break; + case NET_VCONNECTION_OUT: + _out_context_tunnel(); + break; + default: + ink_release_assert(false); + } +} + +void +UnixNetVConnection::_in_context_tunnel() +{ + Metrics::increment(net_rsb.tunnel_total_client_connections_blind_tcp); + Metrics::increment(net_rsb.tunnel_current_client_connections_blind_tcp); +} + +void +UnixNetVConnection::_out_context_tunnel() +{ + Metrics::increment(net_rsb.tunnel_total_server_connections_blind_tcp); + Metrics::increment(net_rsb.tunnel_current_server_connections_blind_tcp); +} diff --git a/proxy/ProxyTransaction.cc b/proxy/ProxyTransaction.cc index 0198cf8361..e92a648c2b 100644 --- a/proxy/ProxyTransaction.cc +++ b/proxy/ProxyTransaction.cc @@ -276,3 +276,11 @@ void ProxyTransaction::set_close_connection(HTTPHdr &hdr) const { } + +void +ProxyTransaction::mark_as_tunnel_endpoint() +{ + auto nvc = get_netvc(); + ink_assert(nvc != nullptr); + nvc->mark_as_tunnel_endpoint(); +} diff --git a/proxy/ProxyTransaction.h b/proxy/ProxyTransaction.h index 3a8193b5b3..6e04ea9b89 100644 --- a/proxy/ProxyTransaction.h +++ b/proxy/ProxyTransaction.h @@ -136,6 +136,8 @@ public: bool support_sni() const; + void mark_as_tunnel_endpoint() override; + /// Variables // HttpSessionAccept::Options upstream_outbound_options; // overwritable copy of options diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 055aca6f97..6940dd6f62 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -7216,6 +7216,8 @@ HttpSM::setup_push_transfer_to_cache() void HttpSM::setup_blind_tunnel(bool send_response_hdr, IOBufferReader *initial) { + ink_assert(server_entry->vc != nullptr); + HttpTunnelConsumer *c_ua; HttpTunnelConsumer *c_os; HttpTunnelProducer *p_ua; @@ -7303,6 +7305,9 @@ HttpSM::setup_blind_tunnel(bool send_response_hdr, IOBufferReader *initial) "http server - tunnel"); } + _ua.get_entry()->vc->mark_as_tunnel_endpoint(); + server_entry->vc->mark_as_tunnel_endpoint(); + // Make the tunnel aware that the entries are bi-directional tunnel.chain(c_os, p_os); tunnel.chain(c_ua, p_ua); diff --git a/proxy/http/HttpTransact.h b/proxy/http/HttpTransact.h index f5f1b8c4b1..2575610335 100644 --- a/proxy/http/HttpTransact.h +++ b/proxy/http/HttpTransact.h @@ -753,10 +753,11 @@ public: int64_t internal_msg_buffer_size = 0; // out int64_t internal_msg_buffer_fast_allocator_size = -1; - int scheme = -1; // out - int next_hop_scheme = scheme; // out - int orig_scheme = scheme; // pre-mapped scheme - int method = 0; + int scheme = -1; // out + int next_hop_scheme = scheme; // out + int orig_scheme = scheme; // pre-mapped scheme + int method = 0; + bool method_metric_incremented = false; /// The errno associated with a failed connect attempt. /// diff --git a/tests/gold_tests/connect/connect.test.py b/tests/gold_tests/connect/connect.test.py index db3c5c5752..7c914cdd88 100644 --- a/tests/gold_tests/connect/connect.test.py +++ b/tests/gold_tests/connect/connect.test.py @@ -135,7 +135,7 @@ class ConnectViaPVTest: self.ts.Disk.records_config.update({ 'proxy.config.diags.debug.enabled': 1, - 'proxy.config.diags.debug.tags': 'http', + 'proxy.config.diags.debug.tags': 'http|iocore_net|rec', 'proxy.config.http.server_ports': f"{self.ts.Variables.port}", 'proxy.config.http.connect_ports': f"{self.server.Variables.http_port}", }) @@ -160,8 +160,43 @@ class ConnectViaPVTest: tr.StillRunningAfter = self.server tr.StillRunningAfter = self.ts + def __testMetrics(self): + tr = Test.AddTestRun("Test metrics") + tr.Processes.Default.Command = ( + f"{Test.Variables.AtsTestToolsDir}/stdout_wait" + + " 'traffic_ctl metric get" + + " proxy.process.http.total_incoming_connections" + + " proxy.process.http.total_client_connections" + + " proxy.process.http.total_client_connections_ipv4" + + " proxy.process.http.total_client_connections_ipv6" + + " proxy.process.http.total_server_connections" + + " proxy.process.http2.total_client_connections" + + " proxy.process.http.connect_requests" + + " proxy.process.tunnel.total_client_connections_blind_tcp" + + " proxy.process.tunnel.current_client_connections_blind_tcp" + + " proxy.process.tunnel.total_server_connections_blind_tcp" + + " proxy.process.tunnel.current_server_connections_blind_tcp" + + " proxy.process.tunnel.total_client_connections_tls_tunnel" + + " proxy.process.tunnel.current_client_connections_tls_tunnel" + + " proxy.process.tunnel.total_client_connections_tls_forward" + + " proxy.process.tunnel.current_client_connections_tls_forward" + + " proxy.process.tunnel.total_client_connections_tls_partial_blind" + + " proxy.process.tunnel.current_client_connections_tls_partial_blind" + + " proxy.process.tunnel.total_client_connections_tls_http" + + " proxy.process.tunnel.current_client_connections_tls_http" + + " proxy.process.tunnel.total_server_connections_tls" + + " proxy.process.tunnel.current_server_connections_tls'" + + f" {Test.TestDirectory}/gold/metrics.gold" + ) + # Need to copy over the environment so traffic_ctl knows where to find the unix domain socket + tr.Processes.Default.Env = self.ts.Env + tr.Processes.Default.ReturnCode = 0 + tr.StillRunningAfter = self.server + tr.StillRunningAfter = self.ts + def run(self): self.runTraffic() + self.__testMetrics() ConnectViaPVTest().run() diff --git a/tests/gold_tests/connect/gold/metrics.gold b/tests/gold_tests/connect/gold/metrics.gold new file mode 100644 index 0000000000..bdbda6443c --- /dev/null +++ b/tests/gold_tests/connect/gold/metrics.gold @@ -0,0 +1,21 @@ +proxy.process.http.total_incoming_connections 1 +proxy.process.http.total_client_connections 1 +proxy.process.http.total_client_connections_ipv4 1 +proxy.process.http.total_client_connections_ipv6 0 +proxy.process.http.total_server_connections 0 +proxy.process.http2.total_client_connections 0 +proxy.process.http.connect_requests 1 +proxy.process.tunnel.total_client_connections_blind_tcp 1 +proxy.process.tunnel.current_client_connections_blind_tcp 0 +proxy.process.tunnel.total_server_connections_blind_tcp 1 +proxy.process.tunnel.current_server_connections_blind_tcp 0 +proxy.process.tunnel.total_client_connections_tls_tunnel 0 +proxy.process.tunnel.current_client_connections_tls_tunnel 0 +proxy.process.tunnel.total_client_connections_tls_forward 0 +proxy.process.tunnel.current_client_connections_tls_forward 0 +proxy.process.tunnel.total_client_connections_tls_partial_blind 0 +proxy.process.tunnel.current_client_connections_tls_partial_blind 0 +proxy.process.tunnel.total_client_connections_tls_http 0 +proxy.process.tunnel.current_client_connections_tls_http 0 +proxy.process.tunnel.total_server_connections_tls 0 +proxy.process.tunnel.current_server_connections_tls 0 diff --git a/tests/gold_tests/remap/gold/remap-ws-metrics.gold b/tests/gold_tests/remap/gold/remap-ws-metrics.gold new file mode 100644 index 0000000000..cf39c20a91 --- /dev/null +++ b/tests/gold_tests/remap/gold/remap-ws-metrics.gold @@ -0,0 +1,21 @@ +proxy.process.http.total_incoming_connections 3 +proxy.process.http.total_client_connections 3 +proxy.process.http.total_client_connections_ipv4 3 +proxy.process.http.total_client_connections_ipv6 0 +proxy.process.http.total_server_connections 2 +proxy.process.http2.total_client_connections 0 +proxy.process.http.connect_requests 0 +proxy.process.tunnel.total_client_connections_blind_tcp 1 +proxy.process.tunnel.current_client_connections_blind_tcp 0 +proxy.process.tunnel.total_server_connections_blind_tcp 2 +proxy.process.tunnel.current_server_connections_blind_tcp 0 +proxy.process.tunnel.total_client_connections_tls_tunnel 0 +proxy.process.tunnel.current_client_connections_tls_tunnel 0 +proxy.process.tunnel.total_client_connections_tls_forward 0 +proxy.process.tunnel.current_client_connections_tls_forward 0 +proxy.process.tunnel.total_client_connections_tls_partial_blind 0 +proxy.process.tunnel.current_client_connections_tls_partial_blind 0 +proxy.process.tunnel.total_client_connections_tls_http 1 +proxy.process.tunnel.current_client_connections_tls_http 0 +proxy.process.tunnel.total_server_connections_tls 0 +proxy.process.tunnel.current_server_connections_tls 0 diff --git a/tests/gold_tests/remap/remap_ws.test.py b/tests/gold_tests/remap/remap_ws.test.py index f87f797824..e1b96d3f78 100644 --- a/tests/gold_tests/remap/remap_ws.test.py +++ b/tests/gold_tests/remap/remap_ws.test.py @@ -77,3 +77,37 @@ tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.stderr = "gold/remap-ws-upgrade-400.gold" tr.StillRunningAfter = server tr.StillRunningAfter = ts + +# Test metrics +tr = Test.AddTestRun() +tr.Processes.Default.Command = ( + f"{Test.Variables.AtsTestToolsDir}/stdout_wait" + + " 'traffic_ctl metric get" + + " proxy.process.http.total_incoming_connections" + + " proxy.process.http.total_client_connections" + + " proxy.process.http.total_client_connections_ipv4" + + " proxy.process.http.total_client_connections_ipv6" + + " proxy.process.http.total_server_connections" + + " proxy.process.http2.total_client_connections" + + " proxy.process.http.connect_requests" + + " proxy.process.tunnel.total_client_connections_blind_tcp" + + " proxy.process.tunnel.current_client_connections_blind_tcp" + + " proxy.process.tunnel.total_server_connections_blind_tcp" + + " proxy.process.tunnel.current_server_connections_blind_tcp" + + " proxy.process.tunnel.total_client_connections_tls_tunnel" + + " proxy.process.tunnel.current_client_connections_tls_tunnel" + + " proxy.process.tunnel.total_client_connections_tls_forward" + + " proxy.process.tunnel.current_client_connections_tls_forward" + + " proxy.process.tunnel.total_client_connections_tls_partial_blind" + + " proxy.process.tunnel.current_client_connections_tls_partial_blind" + + " proxy.process.tunnel.total_client_connections_tls_http" + + " proxy.process.tunnel.current_client_connections_tls_http" + + " proxy.process.tunnel.total_server_connections_tls" + + " proxy.process.tunnel.current_server_connections_tls'" + + f" {Test.TestDirectory}/gold/remap-ws-metrics.gold" +) +# Need to copy over the environment so traffic_ctl knows where to find the unix domain socket +tr.Processes.Default.Env = ts.Env +tr.Processes.Default.ReturnCode = 0 +tr.StillRunningAfter = server +tr.StillRunningAfter = ts diff --git a/tests/gold_tests/tls/gold/tls-partial-blind-tunnel-metrics.gold b/tests/gold_tests/tls/gold/tls-partial-blind-tunnel-metrics.gold new file mode 100644 index 0000000000..fc8da18b10 --- /dev/null +++ b/tests/gold_tests/tls/gold/tls-partial-blind-tunnel-metrics.gold @@ -0,0 +1,21 @@ +proxy.process.http.total_incoming_connections 1 +proxy.process.http.total_client_connections 1 +proxy.process.http.total_client_connections_ipv4 1 +proxy.process.http.total_client_connections_ipv6 0 +proxy.process.http.total_server_connections 0 +proxy.process.http2.total_client_connections 0 +proxy.process.http.connect_requests 1 +proxy.process.tunnel.total_client_connections_blind_tcp 0 +proxy.process.tunnel.current_client_connections_blind_tcp 0 +proxy.process.tunnel.total_server_connections_blind_tcp 0 +proxy.process.tunnel.current_server_connections_blind_tcp 0 +proxy.process.tunnel.total_client_connections_tls_tunnel 0 +proxy.process.tunnel.current_client_connections_tls_tunnel 0 +proxy.process.tunnel.total_client_connections_tls_forward 0 +proxy.process.tunnel.current_client_connections_tls_forward 0 +proxy.process.tunnel.total_client_connections_tls_partial_blind 1 +proxy.process.tunnel.current_client_connections_tls_partial_blind 0 +proxy.process.tunnel.total_client_connections_tls_http 0 +proxy.process.tunnel.current_client_connections_tls_http 0 +proxy.process.tunnel.total_server_connections_tls 1 +proxy.process.tunnel.current_server_connections_tls 0 diff --git a/tests/gold_tests/tls/gold/tls-tunnel-forward-metrics.gold b/tests/gold_tests/tls/gold/tls-tunnel-forward-metrics.gold new file mode 100644 index 0000000000..025d86c556 --- /dev/null +++ b/tests/gold_tests/tls/gold/tls-tunnel-forward-metrics.gold @@ -0,0 +1,21 @@ +proxy.process.http.total_incoming_connections 3 +proxy.process.http.total_client_connections 3 +proxy.process.http.total_client_connections_ipv4 3 +proxy.process.http.total_client_connections_ipv6 0 +proxy.process.http.total_server_connections 0 +proxy.process.http2.total_client_connections 0 +proxy.process.http.connect_requests 3 +proxy.process.tunnel.total_client_connections_blind_tcp 0 +proxy.process.tunnel.current_client_connections_blind_tcp 0 +proxy.process.tunnel.total_server_connections_blind_tcp 3 +proxy.process.tunnel.current_server_connections_blind_tcp 0 +proxy.process.tunnel.total_client_connections_tls_tunnel 1 +proxy.process.tunnel.current_client_connections_tls_tunnel 0 +proxy.process.tunnel.total_client_connections_tls_forward 2 +proxy.process.tunnel.current_client_connections_tls_forward 0 +proxy.process.tunnel.total_client_connections_tls_partial_blind 0 +proxy.process.tunnel.current_client_connections_tls_partial_blind 0 +proxy.process.tunnel.total_client_connections_tls_http 0 +proxy.process.tunnel.current_client_connections_tls_http 0 +proxy.process.tunnel.total_server_connections_tls 0 +proxy.process.tunnel.current_server_connections_tls 0 diff --git a/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold b/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold index 081b4cfad7..b75ecc1cac 100644 --- a/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold +++ b/tests/gold_tests/tls/gold/tls-tunnel-metrics.gold @@ -5,3 +5,17 @@ proxy.process.http.total_client_connections_ipv6 0 proxy.process.http.total_server_connections 0 proxy.process.http2.total_client_connections 2 proxy.process.http.connect_requests 10 +proxy.process.tunnel.total_client_connections_blind_tcp 0 +proxy.process.tunnel.current_client_connections_blind_tcp 0 +proxy.process.tunnel.total_server_connections_blind_tcp 8 +proxy.process.tunnel.current_server_connections_blind_tcp 0 +proxy.process.tunnel.total_client_connections_tls_tunnel 8 +proxy.process.tunnel.current_client_connections_tls_tunnel 0 +proxy.process.tunnel.total_client_connections_tls_forward 0 +proxy.process.tunnel.current_client_connections_tls_forward 0 +proxy.process.tunnel.total_client_connections_tls_partial_blind 0 +proxy.process.tunnel.current_client_connections_tls_partial_blind 0 +proxy.process.tunnel.total_client_connections_tls_http 0 +proxy.process.tunnel.current_client_connections_tls_http 0 +proxy.process.tunnel.total_server_connections_tls 0 +proxy.process.tunnel.current_server_connections_tls 0 diff --git a/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py b/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py index 021eae8885..44f14fca33 100644 --- a/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py +++ b/tests/gold_tests/tls/tls_partial_blind_tunnel.test.py @@ -74,3 +74,35 @@ tr.Processes.Default.Streams.All += Testers.ExcludesExpression("Not Found on Acc "Should not try to remap on Traffic Server") tr.Processes.Default.Streams.All += Testers.ContainsExpression("HTTP/1.1 200 OK", "Should get a successful response") tr.Processes.Default.Streams.All += Testers.ContainsExpression("ok bar", "Body is expected") + +tr = Test.AddTestRun("Test Metrics") +tr.Processes.Default.Command = ( + f"{Test.Variables.AtsTestToolsDir}/stdout_wait" + + " 'traffic_ctl metric get" + + " proxy.process.http.total_incoming_connections" + + " proxy.process.http.total_client_connections" + + " proxy.process.http.total_client_connections_ipv4" + + " proxy.process.http.total_client_connections_ipv6" + + " proxy.process.http.total_server_connections" + + " proxy.process.http2.total_client_connections" + + " proxy.process.http.connect_requests" + + " proxy.process.tunnel.total_client_connections_blind_tcp" + + " proxy.process.tunnel.current_client_connections_blind_tcp" + + " proxy.process.tunnel.total_server_connections_blind_tcp" + + " proxy.process.tunnel.current_server_connections_blind_tcp" + + " proxy.process.tunnel.total_client_connections_tls_tunnel" + + " proxy.process.tunnel.current_client_connections_tls_tunnel" + + " proxy.process.tunnel.total_client_connections_tls_forward" + + " proxy.process.tunnel.current_client_connections_tls_forward" + + " proxy.process.tunnel.total_client_connections_tls_partial_blind" + + " proxy.process.tunnel.current_client_connections_tls_partial_blind" + + " proxy.process.tunnel.total_client_connections_tls_http" + + " proxy.process.tunnel.current_client_connections_tls_http" + + " proxy.process.tunnel.total_server_connections_tls" + + " proxy.process.tunnel.current_server_connections_tls'" + + f" {Test.TestDirectory}/gold/tls-partial-blind-tunnel-metrics.gold" +) +# Need to copy over the environment so traffic_ctl knows where to find the unix domain socket +tr.Processes.Default.Env = ts.Env +tr.Processes.Default.ReturnCode = 0 +tr.StillRunningAfter = ts diff --git a/tests/gold_tests/tls/tls_tunnel.test.py b/tests/gold_tests/tls/tls_tunnel.test.py index 938ee27b74..a76dcf8c20 100644 --- a/tests/gold_tests/tls/tls_tunnel.test.py +++ b/tests/gold_tests/tls/tls_tunnel.test.py @@ -337,7 +337,21 @@ tr.Processes.Default.Command = ( " proxy.process.http.total_client_connections_ipv6" + " proxy.process.http.total_server_connections" + " proxy.process.http2.total_client_connections" + - " proxy.process.http.connect_requests'" + + " proxy.process.http.connect_requests" + + " proxy.process.tunnel.total_client_connections_blind_tcp" + + " proxy.process.tunnel.current_client_connections_blind_tcp" + + " proxy.process.tunnel.total_server_connections_blind_tcp" + + " proxy.process.tunnel.current_server_connections_blind_tcp" + + " proxy.process.tunnel.total_client_connections_tls_tunnel" + + " proxy.process.tunnel.current_client_connections_tls_tunnel" + + " proxy.process.tunnel.total_client_connections_tls_forward" + + " proxy.process.tunnel.current_client_connections_tls_forward" + + " proxy.process.tunnel.total_client_connections_tls_partial_blind" + + " proxy.process.tunnel.current_client_connections_tls_partial_blind" + + " proxy.process.tunnel.total_client_connections_tls_http" + + " proxy.process.tunnel.current_client_connections_tls_http" + + " proxy.process.tunnel.total_server_connections_tls" + + " proxy.process.tunnel.current_server_connections_tls'" + f" {Test.TestDirectory}/gold/tls-tunnel-metrics.gold" ) # Need to copy over the environment so traffic_ctl knows where to find the unix domain socket diff --git a/tests/gold_tests/tls/tls_tunnel_forward.test.py b/tests/gold_tests/tls/tls_tunnel_forward.test.py index d82b92a07b..bd2417eaf8 100644 --- a/tests/gold_tests/tls/tls_tunnel_forward.test.py +++ b/tests/gold_tests/tls/tls_tunnel_forward.test.py @@ -122,3 +122,35 @@ tr3.Processes.Default.Streams.All += Testers.ExcludesExpression( tr3.Processes.Default.Streams.All += Testers.ContainsExpression("CN=foo.com", "Should TLS terminate on Traffic Server") tr3.Processes.Default.Streams.All += Testers.ContainsExpression("HTTP/1.1 200 OK", "Should get a successful response") tr3.Processes.Default.Streams.All += Testers.ContainsExpression("ok random", "Body is expected") + +tr = Test.AddTestRun("Test Metrics") +tr.Processes.Default.Command = ( + f"{Test.Variables.AtsTestToolsDir}/stdout_wait" + + " 'traffic_ctl metric get" + + " proxy.process.http.total_incoming_connections" + + " proxy.process.http.total_client_connections" + + " proxy.process.http.total_client_connections_ipv4" + + " proxy.process.http.total_client_connections_ipv6" + + " proxy.process.http.total_server_connections" + + " proxy.process.http2.total_client_connections" + + " proxy.process.http.connect_requests" + + " proxy.process.tunnel.total_client_connections_blind_tcp" + + " proxy.process.tunnel.current_client_connections_blind_tcp" + + " proxy.process.tunnel.total_server_connections_blind_tcp" + + " proxy.process.tunnel.current_server_connections_blind_tcp" + + " proxy.process.tunnel.total_client_connections_tls_tunnel" + + " proxy.process.tunnel.current_client_connections_tls_tunnel" + + " proxy.process.tunnel.total_client_connections_tls_forward" + + " proxy.process.tunnel.current_client_connections_tls_forward" + + " proxy.process.tunnel.total_client_connections_tls_partial_blind" + + " proxy.process.tunnel.current_client_connections_tls_partial_blind" + + " proxy.process.tunnel.total_client_connections_tls_http" + + " proxy.process.tunnel.current_client_connections_tls_http" + + " proxy.process.tunnel.total_server_connections_tls" + + " proxy.process.tunnel.current_server_connections_tls'" + + f" {Test.TestDirectory}/gold/tls-tunnel-forward-metrics.gold" +) +# Need to copy over the environment so traffic_ctl knows where to find the unix domain socket +tr.Processes.Default.Env = ts.Env +tr.Processes.Default.ReturnCode = 0 +tr.StillRunningAfter = ts