From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 5 May 2021 08:40:31 +0000 (+0200)
Subject: dnsdist: Add downstream TLS session resumption metric
X-Git-Tag: dnsdist-1.7.0-alpha1~45^2~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a5cfdfb55ff15ac185b822140f772b4a35979c2;p=thirdparty%2Fpdns.git

dnsdist: Add downstream TLS session resumption metric
---

diff --git a/pdns/dnsdist-carbon.cc b/pdns/dnsdist-carbon.cc
index afbe27decd..4f3859aeea 100644
--- a/pdns/dnsdist-carbon.cc
+++ b/pdns/dnsdist-carbon.cc
@@ -107,6 +107,7 @@ void carbonDumpThread()
             str<<base<<"tcpmaxconcurrentconnections" << ' '<< state->tcpMaxConcurrentConnections.load() << " " << now << "\r\n";
             str<<base<<"tcpnewconnections" << ' '<< state->tcpNewConnections.load() << " " << now << "\r\n";
             str<<base<<"tcpreusedconnections" << ' '<< state->tcpReusedConnections.load() << " " << now << "\r\n";
+            str<<base<<"tlsresumptions" << ' '<< state->tlsResumptions.load() << " " << now << "\r\n";
             str<<base<<"tcpavgqueriesperconnection" << ' '<< state->tcpAvgQueriesPerConnection.load() << " " << now << "\r\n";
             str<<base<<"tcpavgconnectionduration" << ' '<< state->tcpAvgConnectionDuration.load() << " " << now << "\r\n";
           }
diff --git a/pdns/dnsdist-lua-inspection.cc b/pdns/dnsdist-lua-inspection.cc
index 4c9024c8bb..1853e0fc0f 100644
--- a/pdns/dnsdist-lua-inspection.cc
+++ b/pdns/dnsdist-lua-inspection.cc
@@ -610,13 +610,13 @@ void setupLuaInspection(LuaContext& luaCtx)
       ret << endl;
 
       ret << "Backends:" << endl;
-      fmt = boost::format("%-3d %-20.20s %-20.20s %-20d %-20d %-25d %-20d %-20d %-20d %-20d %-20d %-20d %-20d %-20f %-20f");
-      ret << (fmt % "#" % "Name" % "Address" % "Connections" % " Max concurrent conn" % "Died sending query" % "Died reading response" % "Gave up" % "Read timeouts" % "Write timeouts" % "Connect timeouts" % "Total connections" % "Reused connections" % "Avg queries/conn" % "Avg duration") << endl;
+      fmt = boost::format("%-3d %-20.20s %-20.20s %-20d %-20d %-25d %-20d %-20d %-20d %-20d %-20d %-20d %-20d %-20d %-20f %-20f");
+      ret << (fmt % "#" % "Name" % "Address" % "Connections" % " Max concurrent conn" % "Died sending query" % "Died reading response" % "Gave up" % "Read timeouts" % "Write timeouts" % "Connect timeouts" % "Total connections" % "Reused connections" % "TLS resumptions" % "Avg queries/conn" % "Avg duration") << endl;
 
       auto states = g_dstates.getLocal();
       counter = 0;
       for(const auto& s : *states) {
-        ret << (fmt % counter % s->getName() % s->remote.toStringWithPort() % s->tcpCurrentConnections % s->tcpMaxConcurrentConnections % s->tcpDiedSendingQuery % s->tcpDiedReadingResponse % s->tcpGaveUp % s->tcpReadTimeouts % s->tcpWriteTimeouts % s->tcpConnectTimeouts % s->tcpNewConnections % s->tcpReusedConnections % s->tcpAvgQueriesPerConnection % s->tcpAvgConnectionDuration) << endl;
+        ret << (fmt % counter % s->getName() % s->remote.toStringWithPort() % s->tcpCurrentConnections % s->tcpMaxConcurrentConnections % s->tcpDiedSendingQuery % s->tcpDiedReadingResponse % s->tcpGaveUp % s->tcpReadTimeouts % s->tcpWriteTimeouts % s->tcpConnectTimeouts % s->tcpNewConnections % s->tcpReusedConnections % s->tlsResumptions % s->tcpAvgQueriesPerConnection % s->tcpAvgConnectionDuration) << endl;
         ++counter;
       }
 
diff --git a/pdns/dnsdist-web.cc b/pdns/dnsdist-web.cc
index 547908ff4b..051df2a587 100644
--- a/pdns/dnsdist-web.cc
+++ b/pdns/dnsdist-web.cc
@@ -487,6 +487,8 @@ static void handlePrometheus(const YaHTTP::Request& req, YaHTTP::Response& resp)
   output << "# TYPE " << statesbase << "tcpavgqueriesperconn "        << "gauge"                                                             << "\n";
   output << "# HELP " << statesbase << "tcpavgconnduration "          << "The average duration of a TCP connection (ms)"                     << "\n";
   output << "# TYPE " << statesbase << "tcpavgconnduration "          << "gauge"                                                             << "\n";
+  output << "# HELP " << statesbase << "tlsresumptions "              << "The number of times a TLS session has been resumed"                << "\n";
+  output << "# TYPE " << statesbase << "tlsersumptions "              << "counter"                                                           << "\n";
 
   for (const auto& state : *states) {
     string serverName;
@@ -523,6 +525,7 @@ static void handlePrometheus(const YaHTTP::Request& req, YaHTTP::Response& resp)
     output << statesbase << "tcpreusedconnections"         << label << " " << state->tcpReusedConnections        << "\n";
     output << statesbase << "tcpavgqueriesperconn"         << label << " " << state->tcpAvgQueriesPerConnection  << "\n";
     output << statesbase << "tcpavgconnduration"           << label << " " << state->tcpAvgConnectionDuration    << "\n";
+    output << statesbase << "tlsresumptions"               << label << " " << state->tlsResumptions              << "\n";
   }
 
   const string frontsbase = "dnsdist_frontend_";
@@ -916,6 +919,7 @@ static void addServerToJSON(Json::array& servers, int id, const std::shared_ptr<
     {"tcpReusedConnections", (double)a->tcpReusedConnections},
     {"tcpAvgQueriesPerConnection", (double)a->tcpAvgQueriesPerConnection},
     {"tcpAvgConnectionDuration", (double)a->tcpAvgConnectionDuration},
+    {"tlsResumptions", (double)a->tlsResumptions},
     {"dropRate", (double)a->dropRate}
   };
 
diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh
index 8a9565c0ac..fdc083baf0 100644
--- a/pdns/dnsdist.hh
+++ b/pdns/dnsdist.hh
@@ -698,6 +698,7 @@ struct DownstreamState
   stat_t tcpMaxConcurrentConnections{0};
   stat_t tcpReusedConnections{0};
   stat_t tcpNewConnections{0};
+  stat_t tlsResumptions{0};
   pdns::stat_t_trait<double> tcpAvgQueriesPerConnection{0.0};
   /* in ms */
   pdns::stat_t_trait<double> tcpAvgConnectionDuration{0.0};
diff --git a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
index f07c6aec44..56ab9b21a2 100644
--- a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
+++ b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc
@@ -13,6 +13,9 @@ TCPConnectionToBackend::~TCPConnectionToBackend()
     gettimeofday(&now, nullptr);
 
     if (d_handler->isTLS()) {
+      if (d_handler->hasTLSSessionBeenResumed()) {
+        ++d_ds->tlsResumptions;
+      }
       cerr<<"Closing TLS connection, resumption was "<<d_handler->hasTLSSessionBeenResumed()<<endl;
       auto session = d_handler->getTLSSession();
       if (session) {
@@ -328,6 +331,9 @@ bool TCPConnectionToBackend::reconnect()
   if (d_handler) {
     DEBUGLOG("closing socket "<<d_handler->getDescriptor());
     if (d_handler->isTLS()) {
+      if (d_handler->hasTLSSessionBeenResumed()) {
+        ++d_ds->tlsResumptions;
+      }
       cerr<<"is TLS, getting a session"<<endl;
       tlsSession = d_handler->getTLSSession();
     }
diff --git a/regression-tests.dnsdist/test_API.py b/regression-tests.dnsdist/test_API.py
index ff91b18fe2..76d13f26e9 100644
--- a/regression-tests.dnsdist/test_API.py
+++ b/regression-tests.dnsdist/test_API.py
@@ -110,7 +110,7 @@ class TestAPIBasics(DNSDistTest):
                         'reuseds', 'state', 'address', 'pools', 'qps', 'queries', 'order', 'sendErrors',
                         'dropRate', 'responses', 'tcpDiedSendingQuery', 'tcpDiedReadingResponse',
                         'tcpGaveUp', 'tcpReadTimeouts', 'tcpWriteTimeouts', 'tcpCurrentConnections',
-                        'tcpNewConnections', 'tcpReusedConnections', 'tcpAvgQueriesPerConnection',
+                        'tcpNewConnections', 'tcpReusedConnections', 'tlsResumptions', 'tcpAvgQueriesPerConnection',
                         'tcpAvgConnectionDuration']:
                 self.assertIn(key, server)