mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 00:37:00 +08:00
Reset periodically the server statistics kept
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos
@@ -155,6 +155,7 @@ static struct cfg_options available_options[] = {
|
||||
{ .name = "cookie-rekey-time", .type = OPTION_NUMERIC, .mandatory = 0 },
|
||||
{ .name = "session-timeout", .type = OPTION_NUMERIC, .mandatory = 0 },
|
||||
{ .name = "stats-report-time", .type = OPTION_NUMERIC, .mandatory = 0 },
|
||||
{ .name = "server-stats-reset-time", .type = OPTION_NUMERIC, .mandatory = 0 },
|
||||
{ .name = "rekey-time", .type = OPTION_NUMERIC, .mandatory = 0 },
|
||||
{ .name = "rekey-method", .type = OPTION_STRING, .mandatory = 0 },
|
||||
{ .name = "auth-timeout", .type = OPTION_NUMERIC, .mandatory = 0 },
|
||||
@@ -754,7 +755,15 @@ size_t urlfw_size = 0;
|
||||
|
||||
PREAD_STRING(perm_config, "chroot-dir", perm_config->chroot_dir);
|
||||
|
||||
/* cannot be modified as it would require sec-mod to
|
||||
* re-read configuration too */
|
||||
READ_NUMERIC("server-stats-reset-time", perm_config->stats_reset_time);
|
||||
if (perm_config->stats_reset_time <= 0) {
|
||||
perm_config->stats_reset_time = 24*60*60*7; /* weekly */
|
||||
}
|
||||
|
||||
list_head_init(&perm_config->attic);
|
||||
|
||||
}
|
||||
|
||||
perm_config->config = talloc_zero(perm_config, struct cfg_st);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2015 Red Hat, Inc.
|
||||
* Copyright (C) 2015-2017 Red Hat, Inc.
|
||||
* Copyright (C) 2015-2017 Nikos Mavrogiannopoulos
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
@@ -63,6 +63,7 @@ static void update_auth_failures(main_server_st * s, uint64_t auth_failures)
|
||||
return;
|
||||
}
|
||||
s->stats.auth_failures += auth_failures;
|
||||
s->stats.total_auth_failures += auth_failures;
|
||||
}
|
||||
|
||||
int handle_sec_mod_commands(main_server_st * s)
|
||||
@@ -526,11 +527,29 @@ int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void reset_stats(main_server_st *s, time_t now)
|
||||
{
|
||||
s->stats.session_idle_timeouts = 0;
|
||||
s->stats.session_timeouts = 0;
|
||||
s->stats.session_errors = 0;
|
||||
s->stats.sessions_closed = 0;
|
||||
s->stats.auth_failures = 0;
|
||||
s->stats.last_reset = now;
|
||||
s->stats.kbytes_in = 0;
|
||||
s->stats.kbytes_out = 0;
|
||||
}
|
||||
|
||||
static void update_main_stats(main_server_st * s, struct proc_st *proc)
|
||||
{
|
||||
uint64_t kb_in, kb_out;
|
||||
time_t now = time(0), stime;
|
||||
|
||||
if (s->perm_config->stats_reset_time != 0 &&
|
||||
now - s->stats.last_reset > s->perm_config->stats_reset_time) {
|
||||
mslog(s, NULL, LOG_INFO, "resetting stats counters");
|
||||
reset_stats(s, now);
|
||||
}
|
||||
|
||||
if (proc->discon_reason == REASON_IDLE_TIMEOUT)
|
||||
s->stats.session_idle_timeouts++;
|
||||
else if (proc->discon_reason == REASON_SESSION_TIMEOUT)
|
||||
@@ -539,6 +558,7 @@ static void update_main_stats(main_server_st * s, struct proc_st *proc)
|
||||
s->stats.session_errors++;
|
||||
|
||||
s->stats.sessions_closed++;
|
||||
s->stats.total_sessions_closed++;
|
||||
if (s->stats.sessions_closed == 0) { /* overflow */
|
||||
goto reset;
|
||||
}
|
||||
@@ -571,12 +591,7 @@ static void update_main_stats(main_server_st * s, struct proc_st *proc)
|
||||
return;
|
||||
reset:
|
||||
mslog(s, NULL, LOG_INFO, "overflow on updating server statistics, resetting stats");
|
||||
s->stats.session_idle_timeouts = 0;
|
||||
s->stats.session_timeouts = 0;
|
||||
s->stats.session_errors = 0;
|
||||
s->stats.last_reset = now;
|
||||
s->stats.kbytes_in = 0;
|
||||
s->stats.kbytes_out = 0;
|
||||
reset_stats(s, now);
|
||||
}
|
||||
|
||||
int session_close(main_server_st * s, struct proc_st *proc)
|
||||
|
||||
@@ -175,7 +175,7 @@ struct main_stats_st {
|
||||
uint64_t session_timeouts; /* sessions with timeout */
|
||||
uint64_t session_idle_timeouts; /* sessions with idle timeout */
|
||||
uint64_t session_errors; /* sessions closed with error */
|
||||
uint64_t sessions_closed; /* sessions closed */
|
||||
uint64_t sessions_closed; /* sessions closed since last reset */
|
||||
uint64_t kbytes_in;
|
||||
uint64_t kbytes_out;
|
||||
unsigned min_mtu;
|
||||
@@ -189,12 +189,15 @@ struct main_stats_st {
|
||||
time_t start_time;
|
||||
time_t last_reset;
|
||||
|
||||
uint64_t auth_failures; /* authentication failures */
|
||||
uint32_t avg_auth_time; /* in seconds */
|
||||
uint32_t max_auth_time; /* in seconds */
|
||||
uint32_t avg_session_mins; /* in minutes */
|
||||
uint32_t max_session_mins;
|
||||
uint64_t auth_failures; /* authentication failures */
|
||||
|
||||
/* These are counted since start time */
|
||||
uint64_t total_auth_failures; /* authentication failures since start_time */
|
||||
uint64_t total_sessions_closed; /* sessions closed since start_time */
|
||||
};
|
||||
|
||||
typedef struct main_server_st {
|
||||
|
||||
@@ -291,6 +291,12 @@ max-same-clients = 2
|
||||
# radius is in use.
|
||||
#stats-report-time = 360
|
||||
|
||||
# Stats reset time. The period of time statistics kept by main/sec-mod
|
||||
# processes will be reset. These are the statistics shown by cmd
|
||||
# 'occtl show stats'. For daily: 86400, weekly: 604800
|
||||
# This is unrelated to stats-report-time.
|
||||
server-stats-reset-time = 604800
|
||||
|
||||
# Keepalive in seconds
|
||||
keepalive = 32400
|
||||
|
||||
|
||||
@@ -502,15 +502,29 @@ static void handle_sigterm(int signo)
|
||||
static void send_stats_to_main(sec_mod_st *sec)
|
||||
{
|
||||
int ret;
|
||||
time_t now = time(0);
|
||||
SecmStatsMsg msg = SECM_STATS_MSG__INIT;
|
||||
|
||||
if (sec->perm_config->stats_reset_time != 0 &&
|
||||
now - sec->last_stats_reset > sec->perm_config->stats_reset_time) {
|
||||
sec->auth_failures = 0;
|
||||
sec->avg_auth_time = 0;
|
||||
sec->max_auth_time = 0;
|
||||
sec->last_stats_reset = now;
|
||||
}
|
||||
|
||||
msg.secmod_client_entries = sec_mod_client_db_elems(sec);
|
||||
msg.secmod_tlsdb_entries = sec->tls_db.entries;
|
||||
msg.secmod_auth_failures = sec->auth_failures;
|
||||
msg.secmod_avg_auth_time = sec->avg_auth_time;
|
||||
msg.secmod_max_auth_time = sec->max_auth_time;
|
||||
/* we only report the number of failures since last call */
|
||||
sec->auth_failures = 0;
|
||||
|
||||
/* the following two are not resettable */
|
||||
msg.secmod_client_entries = sec_mod_client_db_elems(sec);
|
||||
msg.secmod_tlsdb_entries = sec->tls_db.entries;
|
||||
|
||||
ret = send_msg(sec, sec->cmd_fd, CMD_SECM_STATS, &msg,
|
||||
(pack_size_func) secm_stats_msg__get_packed_size,
|
||||
(pack_func) secm_stats_msg__pack);
|
||||
|
||||
@@ -44,6 +44,7 @@ typedef struct sec_mod_st {
|
||||
uint32_t max_auth_time; /* the maximum time spent in (sucessful) authentication */
|
||||
uint32_t avg_auth_time; /* the average time spent in (sucessful) authentication */
|
||||
uint32_t total_authentications; /* successful authentications: to calculate the average above */
|
||||
time_t last_stats_reset;
|
||||
|
||||
struct config_mod_st *config_module;
|
||||
} sec_mod_st;
|
||||
|
||||
Reference in New Issue
Block a user