secmod sends periodically stats to main

That ensures that statistics will reach main even if no
users are logged in/logged out.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

src/defs.h

@@ -92,6 +92,7 @@ typedef enum {
 	CMD_SECM_CLI_STATS,
 	CMD_SECM_LIST_COOKIES,
 	CMD_SECM_LIST_COOKIES_REPLY,
+	CMD_SECM_STATS, /* sent periodically */
 
 	MAX_SECM_CMD,
 } cmd_request_t;

src/ipc.proto

@@ -135,11 +135,6 @@ message cli_stats_msg
 	optional string ipv4 = 6;
 	optional string ipv6 = 7;
 	optional uint32 discon_reason = 8;
-	optional uint32 secmod_client_entries = 9; /* from sec-mod to main only */
-	optional uint32 secmod_tlsdb_entries = 10; /* from sec-mod to main only */
-	optional uint64 secmod_auth_failures = 11; /* failures since last update - sec-mod to main only */
-	optional uint32 secmod_avg_auth_time = 12; /* average auth time in seconds - sec-mod to main only */
-	optional uint32 secmod_max_auth_time = 13; /* max auth time in seconds - sec-mod to main only */
 }
 
 /* UDP_FD */
@@ -272,6 +267,16 @@ message secm_session_close_msg
 	optional string ipv6 = 7;
 }
 
+/* SECM_STATS */
+message secm_stats_msg
+{
+	required uint32 secmod_client_entries = 1;
+	required uint32 secmod_tlsdb_entries = 2;
+	required uint64 secmod_auth_failures = 3; /* failures since last update */
+	required uint32 secmod_avg_auth_time = 4; /* average auth time in seconds */
+	required uint32 secmod_max_auth_time = 5; /* max auth time in seconds */
+}
+
 /* SECM_SESSION_REPLY */
 message secm_session_reply_msg
 {

src/main-sec-mod-cmd.c

@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2015 Red Hat, Inc.
+ * Copyright (C) 2015-2017 Nikos Mavrogiannopoulos
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -54,6 +55,16 @@
 # include <malloc.h>
 #endif
 
+static void update_auth_failures(main_server_st * s, uint64_t auth_failures)
+{
+	if (s->stats.auth_failures + auth_failures < s->stats.auth_failures) {
+		mslog(s, NULL, LOG_INFO, "overflow on updating authentication failures; resetting");
+		s->stats.auth_failures = 0;
+		return;
+	}
+	s->stats.auth_failures += auth_failures;
+}
+
 int handle_sec_mod_commands(main_server_st * s)
 {
 	struct iovec iov[3];
@@ -161,6 +172,25 @@ int handle_sec_mod_commands(main_server_st * s)
 			safe_memset(raw, 0, raw_len);
 		}
 
+		break;
+	case CMD_SECM_STATS:{
+			SecmStatsMsg *smsg = NULL;
+
+			smsg = secm_stats_msg__unpack(&pa, raw_len, raw);
+			if (smsg == NULL) {
+				mslog(s, NULL, LOG_ERR, "error unpacking sec-mod data");
+				ret = ERR_BAD_COMMAND;
+				goto cleanup;
+			}
+
+			s->stats.secmod_client_entries = smsg->secmod_client_entries;
+			s->stats.tlsdb_entries = smsg->secmod_tlsdb_entries;
+			s->stats.max_auth_time = smsg->secmod_max_auth_time;
+			s->stats.avg_auth_time = smsg->secmod_avg_auth_time;
+			update_auth_failures(s, smsg->secmod_auth_failures);
+
+		}
+
 		break;
 	default:
 		mslog(s, NULL, LOG_ERR, "unknown CMD from sec-mod 0x%x.", (unsigned)cmd);
@@ -402,16 +432,6 @@ void apply_default_config(main_server_st *s, proc_st *proc, GroupCfgSt *gc)
 	(*proc->config_usage_count)++;
 }
 
-static void update_auth_failures(main_server_st * s, uint64_t auth_failures)
-{
-	if (s->stats.auth_failures + auth_failures < s->stats.auth_failures) {
-		mslog(s, NULL, LOG_INFO, "overflow on updating authentication failures; resetting");
-		s->stats.auth_failures = 0;
-		return;
-	}
-	s->stats.auth_failures += auth_failures;
-}
-
 int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie, unsigned cookie_size)
 {
 	int ret, e;
@@ -506,7 +526,7 @@ int session_open(main_server_st * s, struct proc_st *proc, const uint8_t *cookie
 	return 0;
 }
 
-static void update_main_stats(main_server_st * s, struct proc_st *proc, uint64_t auth_failures, uint32_t avg_auth_time, uint32_t max_auth_time)
+static void update_main_stats(main_server_st * s, struct proc_st *proc)
 {
 	uint64_t kb_in, kb_out;
 	time_t now = time(0), stime;
@@ -532,8 +552,6 @@ static void update_main_stats(main_server_st * s, struct proc_st *proc, uint64_t
 	if (s->stats.kbytes_out + kb_out <  s->stats.kbytes_out)
 		goto reset;
 
-	update_auth_failures(s, auth_failures);
-
 	s->stats.kbytes_in += kb_in;
 	s->stats.kbytes_out += kb_out;
 
@@ -550,9 +568,6 @@ static void update_main_stats(main_server_st * s, struct proc_st *proc, uint64_t
 			s->stats.max_session_mins = stime;
 	}
 
-	s->stats.avg_auth_time = avg_auth_time;
-	s->stats.max_auth_time = max_auth_time;
-
 	return;
  reset:
 	mslog(s, NULL, LOG_INFO, "overflow on updating server statistics, resetting stats");
@@ -601,15 +616,11 @@ int session_close(main_server_st * s, struct proc_st *proc)
 
 	proc->bytes_in = msg->bytes_in;
 	proc->bytes_out = msg->bytes_out;
-	if (msg->has_secmod_client_entries)
-		s->stats.secmod_client_entries = msg->secmod_client_entries;
-	if (msg->has_secmod_tlsdb_entries)
-		s->stats.tlsdb_entries = msg->secmod_tlsdb_entries;
 	if (msg->has_discon_reason) {
 		proc->discon_reason = msg->discon_reason;
 	}
 
-	update_main_stats(s, proc, msg->secmod_auth_failures, msg->secmod_avg_auth_time, msg->secmod_max_auth_time);
+	update_main_stats(s, proc);
 
 	cli_stats_msg__free_unpacked(msg, &pa);
 

src/sec-mod-auth.c

@@ -117,6 +117,7 @@ static void update_auth_time_stats(sec_mod_st * sec, time_t secs)
 	sec->total_authentications++;
 	if (sec->total_authentications == 0) { /* reset stats */
 		sec->avg_auth_time = 0;
+		sec->max_auth_time = 0;
 		return;
 	}
 
@@ -567,21 +568,8 @@ int handle_secm_session_close_cmd(sec_mod_st *sec, int fd, const SecmSessionClos
 	/* send reply */
 	rep.bytes_in = e->stats.bytes_in;
 	rep.bytes_out = e->stats.bytes_out;
-	rep.has_secmod_client_entries = 1;
 	rep.has_discon_reason = 1;
 	rep.discon_reason = e->discon_reason;
-	rep.secmod_client_entries = sec_mod_client_db_elems(sec);
-
-	rep.secmod_tlsdb_entries = sec->tls_db.entries;
-	rep.has_secmod_tlsdb_entries = 1;
-
-	rep.secmod_auth_failures = sec->auth_failures;
-	rep.has_secmod_auth_failures = 1;
-	sec->auth_failures = 0;
-	rep.secmod_avg_auth_time = sec->avg_auth_time;
-	rep.secmod_max_auth_time = sec->max_auth_time;
-	rep.has_secmod_avg_auth_time = 1;
-	rep.has_secmod_max_auth_time = 1;
 
 	ret = send_msg(e, fd, CMD_SECM_CLI_STATS, &rep,
 			(pack_size_func) cli_stats_msg__get_packed_size,

src/sec-mod.c

@@ -499,6 +499,29 @@ static void handle_sigterm(int signo)
 	need_exit = 1;
 }
 
+static void send_stats_to_main(sec_mod_st *sec)
+{
+	int ret;
+	SecmStatsMsg msg = SECM_STATS_MSG__INIT;
+
+	msg.secmod_client_entries = sec_mod_client_db_elems(sec);
+	msg.secmod_tlsdb_entries = sec->tls_db.entries;
+	msg.secmod_auth_failures = sec->auth_failures;
+	msg.secmod_avg_auth_time = sec->avg_auth_time;
+	msg.secmod_max_auth_time = sec->max_auth_time;
+	sec->auth_failures = 0;
+
+	ret = send_msg(sec, sec->cmd_fd, CMD_SECM_STATS, &msg,
+			(pack_size_func) secm_stats_msg__get_packed_size,
+			(pack_func) secm_stats_msg__pack);
+	if (ret < 0) {
+		seclog(sec, LOG_ERR, "error in sending statistics to main");
+		return;
+	}
+
+	return;
+}
+
 static void check_other_work(sec_mod_st *sec)
 {
 	if (need_exit) {
@@ -526,6 +549,7 @@ static void check_other_work(sec_mod_st *sec)
 		seclog(sec, LOG_DEBUG, "performing maintenance");
 		cleanup_client_entries(sec);
 		expire_tls_sessions(sec);
+		send_stats_to_main(sec);
 		seclog(sec, LOG_DEBUG, "active sessions %d", 
 			sec_mod_client_db_elems(sec));
 		alarm(MAINTAINANCE_TIME);