From: Willy Tarreau <w@1wt.eu>
Date: Wed, 28 May 2014 14:47:01 +0000 (+0200)
Subject: MINOR: stats: add counters for SSL cache lookups and misses
X-Git-Tag: v1.5-dev26~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce3f913e48a68c6f079cff36b75e5d1860630b22;p=thirdparty%2Fhaproxy.git

MINOR: stats: add counters for SSL cache lookups and misses

One important aspect of SSL performance tuning is the cache size,
but there's no metric to know whether it's large enough or not. This
commit introduces two counters, one for the cache lookups and another
one for cache misses. These counters are reported on "show info" on
the stats socket. This way, it suffices to see the cache misses
counter constantly grow to know that a larger cache could possibly
help.
---

diff --git a/include/types/global.h b/include/types/global.h
index fa93cbfab5..f7942b35df 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -98,6 +98,7 @@ struct global {
 	int sps_lim, sps_max;
 	int ssl_lim, ssl_max;
 	int ssl_fe_keys_max, ssl_be_keys_max;
+	unsigned int shctx_lookups, shctx_misses;
 	int comp_rate_lim;           /* HTTP compression rate limit */
 	int maxpipes;		/* max # of pipes */
 	int maxsock;		/* max # of sockets */
diff --git a/src/dumpstats.c b/src/dumpstats.c
index 038af887ce..fcfad4a0c2 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -2471,6 +2471,8 @@ static int stats_dump_info_to_buffer(struct stream_interface *si)
 		     "SslFrontendSessionReuse_pct: %d\n"
 		     "SslBackendKeyRate: %d\n"
 		     "SslBackendMaxKeyRate: %d\n"
+		     "SslCacheLookups: %u\n"
+		     "SslCacheMisses: %u\n"
 #endif
 	             "CompressBpsIn: %u\n"
 	             "CompressBpsOut: %u\n"
@@ -2505,6 +2507,7 @@ static int stats_dump_info_to_buffer(struct stream_interface *si)
 	             ssl_key_rate, global.ssl_fe_keys_max,
 	             ssl_reuse,
 	             read_freq_ctr(&global.ssl_be_keys_per_sec), global.ssl_be_keys_max,
+		     global.shctx_lookups, global.shctx_misses,
 #endif
 	             read_freq_ctr(&global.comp_bps_in), read_freq_ctr(&global.comp_bps_out),
 	             global.comp_rate_lim,
diff --git a/src/shctx.c b/src/shctx.c
index f33b7ca8ed..a22730a48b 100644
--- a/src/shctx.c
+++ b/src/shctx.c
@@ -18,16 +18,14 @@
 #else
 #ifdef USE_SYSCALL_FUTEX
 #include <unistd.h>
-#ifndef u32
-#define u32 unsigned int
-#endif
 #include <linux/futex.h>
 #include <sys/syscall.h>
 #endif
 #endif
 #endif
 #include <arpa/inet.h>
-#include "ebmbtree.h"
+#include <ebmbtree.h>
+#include <types/global.h>
 #include "proto/shctx.h"
 
 struct shsess_packet_hdr {
@@ -440,6 +438,8 @@ SSL_SESSION *shctx_get_cb(SSL *ssl, unsigned char *key, int key_len, int *do_cop
 	int data_len;
 	SSL_SESSION *sess;
 
+	global.shctx_lookups++;
+
 	/* allow the session to be freed automatically by openssl */
 	*do_copy = 0;
 
@@ -458,6 +458,7 @@ SSL_SESSION *shctx_get_cb(SSL *ssl, unsigned char *key, int key_len, int *do_cop
 	if (!shsess) {
 		/* no session found: unlock cache and exit */
 		shared_context_unlock();
+		global.shctx_misses++;
 		return NULL;
 	}