One important aspect of SSL performance tuning is the cache size,
but there's no metric to know whether it's large enough or not. This
commit introduces two counters, one for the cache lookups and another
one for cache misses. These counters are reported on "show info" on
the stats socket. This way, it suffices to see the cache misses
counter constantly grow to know that a larger cache could possibly
help.
int sps_lim, sps_max;
int ssl_lim, ssl_max;
int ssl_fe_keys_max, ssl_be_keys_max;
+ unsigned int shctx_lookups, shctx_misses;
int comp_rate_lim; /* HTTP compression rate limit */
int maxpipes; /* max # of pipes */
int maxsock; /* max # of sockets */
"SslFrontendSessionReuse_pct: %d\n"
"SslBackendKeyRate: %d\n"
"SslBackendMaxKeyRate: %d\n"
+ "SslCacheLookups: %u\n"
+ "SslCacheMisses: %u\n"
#endif
"CompressBpsIn: %u\n"
"CompressBpsOut: %u\n"
ssl_key_rate, global.ssl_fe_keys_max,
ssl_reuse,
read_freq_ctr(&global.ssl_be_keys_per_sec), global.ssl_be_keys_max,
+ global.shctx_lookups, global.shctx_misses,
#endif
read_freq_ctr(&global.comp_bps_in), read_freq_ctr(&global.comp_bps_out),
global.comp_rate_lim,
#else
#ifdef USE_SYSCALL_FUTEX
#include <unistd.h>
-#ifndef u32
-#define u32 unsigned int
-#endif
#include <linux/futex.h>
#include <sys/syscall.h>
#endif
#endif
#endif
#include <arpa/inet.h>
-#include "ebmbtree.h"
+#include <ebmbtree.h>
+#include <types/global.h>
#include "proto/shctx.h"
struct shsess_packet_hdr {
int data_len;
SSL_SESSION *sess;
+ global.shctx_lookups++;
+
/* allow the session to be freed automatically by openssl */
*do_copy = 0;
if (!shsess) {
/* no session found: unlock cache and exit */
shared_context_unlock();
+ global.shctx_misses++;
return NULL;
}
projects / thirdparty / haproxy.git / commitdiff
