2026-02-10 08:46:58 +08:00 · 2017-03-12 09:43:14 +01:00
parent d6ff620487
commit 99b2fdcd06
7 changed files with 58 additions and 9 deletions
						
						
							
						
						
						
@@ -155,6 +155,7 @@ static struct cfg_options available_options[] = {
	{ .name = "cookie-rekey-time", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "cookie-rekey-time", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "session-timeout", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "session-timeout", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "stats-report-time", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "stats-report-time", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "server-stats-reset-time", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "rekey-time", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "rekey-time", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "rekey-method", .type = OPTION_STRING, .mandatory = 0 },
	{ .name = "rekey-method", .type = OPTION_STRING, .mandatory = 0 },
	{ .name = "auth-timeout", .type = OPTION_NUMERIC, .mandatory = 0 },
	{ .name = "auth-timeout", .type = OPTION_NUMERIC, .mandatory = 0 },
						
							
						
						
							
						
						
						
@@ -754,7 +755,15 @@ size_t urlfw_size = 0;
		PREAD_STRING(perm_config, "chroot-dir", perm_config->chroot_dir);
		PREAD_STRING(perm_config, "chroot-dir", perm_config->chroot_dir);
		/* cannot be modified as it would require sec-mod to
		 * re-read configuration too */
		READ_NUMERIC("server-stats-reset-time", perm_config->stats_reset_time);
		if (perm_config->stats_reset_time <= 0) {
			perm_config->stats_reset_time = 24*60*60*7; /* weekly */
		}
		list_head_init(&perm_config->attic);
		list_head_init(&perm_config->attic);
	}
	}
	perm_config->config = talloc_zero(perm_config, struct cfg_st);
	perm_config->config = talloc_zero(perm_config, struct cfg_st);
						
							
						
						
						
						
 
						
						
						
						
@@ -1,5 +1,5 @@
/*
/*
 * Copyright (C) 2015 Red Hat, Inc.
 * Copyright (C) 2015-2017 Red Hat, Inc.
 * Copyright (C) 2015-2017 Nikos Mavrogiannopoulos
 * Copyright (C) 2015-2017 Nikos Mavrogiannopoulos
 *
 *
 * This program is free software; you can redistribute it and/or modify
 * This program is free software; you can redistribute it and/or modify
						
							
						
						
							
						
						
						
@@ -63,6 +63,7 @@ static void update_auth_failures(main_server_st * s, uint64_t auth_failures)
		return;
		return;
	}
	}
	s->stats.auth_failures += auth_failures;
	s->stats.auth_failures += auth_failures;
	s->stats.total_auth_failures += auth_failures;
}
}
int handle_sec_mod_commands(main_server_st * s)
int handle_sec_mod_commands(main_server_st * s)
						
							
						
						
							
						
						
						
@@ -526,11 +527,29 @@ int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie
	return 0;
	return 0;
}
}
static void reset_stats(main_server_st *s, time_t now)
{
	s->stats.session_idle_timeouts = 0;
	s->stats.session_timeouts = 0;
	s->stats.session_errors = 0;
	s->stats.sessions_closed = 0;
	s->stats.auth_failures = 0;
	s->stats.last_reset = now;
	s->stats.kbytes_in = 0;
	s->stats.kbytes_out = 0;
}
static void update_main_stats(main_server_st * s, struct proc_st *proc)
static void update_main_stats(main_server_st * s, struct proc_st *proc)
{
{
	uint64_t kb_in, kb_out;
	uint64_t kb_in, kb_out;
	time_t now = time(0), stime;
	time_t now = time(0), stime;
	if (s->perm_config->stats_reset_time != 0 &&
	    now - s->stats.last_reset > s->perm_config->stats_reset_time) {
		mslog(s, NULL, LOG_INFO, "resetting stats counters");
		reset_stats(s, now);
	}
	if (proc->discon_reason == REASON_IDLE_TIMEOUT)
	if (proc->discon_reason == REASON_IDLE_TIMEOUT)
		s->stats.session_idle_timeouts++;
		s->stats.session_idle_timeouts++;
	else if (proc->discon_reason == REASON_SESSION_TIMEOUT)
	else if (proc->discon_reason == REASON_SESSION_TIMEOUT)
						
						
						
							
						
						
@@ -539,6 +558,7 @@ static void update_main_stats(main_server_st * s, struct proc_st *proc)
		s->stats.session_errors++;
		s->stats.session_errors++;
	s->stats.sessions_closed++;
	s->stats.sessions_closed++;
	s->stats.total_sessions_closed++;
	if (s->stats.sessions_closed == 0) { /* overflow */
	if (s->stats.sessions_closed == 0) { /* overflow */
		goto reset;
		goto reset;
	}
	}
						
							
						
						
							
						
						
						
@@ -571,12 +591,7 @@ static void update_main_stats(main_server_st * s, struct proc_st *proc)
	return;
	return;
 reset:
 reset:
	mslog(s, NULL, LOG_INFO, "overflow on updating server statistics, resetting stats");
	mslog(s, NULL, LOG_INFO, "overflow on updating server statistics, resetting stats");
	s->stats.session_idle_timeouts = 0;
	reset_stats(s, now);
	s->stats.session_timeouts = 0;
	s->stats.session_errors = 0;
	s->stats.last_reset = now;
	s->stats.kbytes_in = 0;
	s->stats.kbytes_out = 0;
}
}
int session_close(main_server_st * s, struct proc_st *proc)
int session_close(main_server_st * s, struct proc_st *proc)
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -175,7 +175,7 @@ struct main_stats_st {
	uint64_t session_timeouts; /* sessions with timeout */
	uint64_t session_timeouts; /* sessions with timeout */
	uint64_t session_idle_timeouts; /* sessions with idle timeout */
	uint64_t session_idle_timeouts; /* sessions with idle timeout */
	uint64_t session_errors; /* sessions closed with error */
	uint64_t session_errors; /* sessions closed with error */
	uint64_t sessions_closed; /* sessions closed */
	uint64_t sessions_closed; /* sessions closed since last reset */
	uint64_t kbytes_in;
	uint64_t kbytes_in;
	uint64_t kbytes_out;
	uint64_t kbytes_out;
	unsigned min_mtu;
	unsigned min_mtu;
						
						
						
							
						
						
@@ -189,12 +189,15 @@ struct main_stats_st {
	time_t start_time;
	time_t start_time;
	time_t last_reset;
	time_t last_reset;
	uint64_t auth_failures; /* authentication failures */
	uint32_t avg_auth_time; /* in seconds */
	uint32_t avg_auth_time; /* in seconds */
	uint32_t max_auth_time; /* in seconds */
	uint32_t max_auth_time; /* in seconds */
	uint32_t avg_session_mins; /* in minutes */
	uint32_t avg_session_mins; /* in minutes */
	uint32_t max_session_mins;
	uint32_t max_session_mins;
	uint64_t auth_failures; /* authentication failures */
	/* These are counted since start time */
	uint64_t total_auth_failures; /* authentication failures since start_time */
	uint64_t total_sessions_closed; /* sessions closed since start_time */
};
};
typedef struct main_server_st {
typedef struct main_server_st {
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -291,6 +291,12 @@ max-same-clients = 2
# radius is in use.
# radius is in use.
#stats-report-time = 360
#stats-report-time = 360
# Stats reset time. The period of time statistics kept by main/sec-mod
# processes will be reset. These are the statistics shown by cmd
# 'occtl show stats'. For daily: 86400, weekly: 604800
# This is unrelated to stats-report-time.
server-stats-reset-time = 604800
# Keepalive in seconds
# Keepalive in seconds
keepalive = 32400
keepalive = 32400
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -502,15 +502,29 @@ static void handle_sigterm(int signo)
static void send_stats_to_main(sec_mod_st *sec)
static void send_stats_to_main(sec_mod_st *sec)
{
{
	int ret;
	int ret;
	time_t now = time(0);
	SecmStatsMsg msg = SECM_STATS_MSG__INIT;
	SecmStatsMsg msg = SECM_STATS_MSG__INIT;
	if (sec->perm_config->stats_reset_time != 0 &&
	    now - sec->last_stats_reset > sec->perm_config->stats_reset_time) {
		sec->auth_failures = 0;
		sec->avg_auth_time = 0;
		sec->max_auth_time = 0;
		sec->last_stats_reset = now;
	}
	msg.secmod_client_entries = sec_mod_client_db_elems(sec);
	msg.secmod_client_entries = sec_mod_client_db_elems(sec);
	msg.secmod_tlsdb_entries = sec->tls_db.entries;
	msg.secmod_tlsdb_entries = sec->tls_db.entries;
	msg.secmod_auth_failures = sec->auth_failures;
	msg.secmod_auth_failures = sec->auth_failures;
	msg.secmod_avg_auth_time = sec->avg_auth_time;
	msg.secmod_avg_auth_time = sec->avg_auth_time;
	msg.secmod_max_auth_time = sec->max_auth_time;
	msg.secmod_max_auth_time = sec->max_auth_time;
	/* we only report the number of failures since last call */
	sec->auth_failures = 0;
	sec->auth_failures = 0;
	/* the following two are not resettable */
	msg.secmod_client_entries = sec_mod_client_db_elems(sec);
	msg.secmod_tlsdb_entries = sec->tls_db.entries;
	ret = send_msg(sec, sec->cmd_fd, CMD_SECM_STATS, &msg,
	ret = send_msg(sec, sec->cmd_fd, CMD_SECM_STATS, &msg,
			(pack_size_func) secm_stats_msg__get_packed_size,
			(pack_size_func) secm_stats_msg__get_packed_size,
			(pack_func) secm_stats_msg__pack);
			(pack_func) secm_stats_msg__pack);
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -44,6 +44,7 @@ typedef struct sec_mod_st {
	uint32_t max_auth_time; /* the maximum time spent in (sucessful) authentication */
	uint32_t max_auth_time; /* the maximum time spent in (sucessful) authentication */
	uint32_t avg_auth_time; /* the average time spent in (sucessful) authentication */
	uint32_t avg_auth_time; /* the average time spent in (sucessful) authentication */
	uint32_t total_authentications; /* successful authentications: to calculate the average above */
	uint32_t total_authentications; /* successful authentications: to calculate the average above */
	time_t last_stats_reset;
	struct config_mod_st *config_module;
	struct config_mod_st *config_module;
} sec_mod_st;
} sec_mod_st;
						
							
						
						
						
						
 
						
						
							
						
						
						
@@ -372,6 +372,7 @@ struct perm_cfg_st {
	char *cert_hash;
	char *cert_hash;
#endif
#endif
	unsigned int stats_reset_time;
	unsigned foreground;
	unsigned foreground;
	unsigned debug;
	unsigned debug;