3 files changed, 38 insertions, 2 deletions

diff --git a/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java b/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java
index e2eeb5d3517..2f1dc1fd96f 100644
--- a/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java
+++ b/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java
@@ -38,6 +38,8 @@ public class ConnectionLogEntry {
     private final List<String> sslSubjectAlternativeNames;
     private final String httpProtocol;
     private final String proxyProtocolVersion;
+    private final Long sslBytesReceived;
+    private final Long sslBytesSent;
 
 
     private ConnectionLogEntry(Builder builder) {
@@ -67,6 +69,8 @@ public class ConnectionLogEntry {
         this.sslSubjectAlternativeNames = builder.sslSubjectAlternativeNames;
         this.httpProtocol = builder.httpProtocol;
         this.proxyProtocolVersion = builder.proxyProtocolVersion;
+        this.sslBytesReceived = builder.sslBytesReceived;
+        this.sslBytesSent = builder.sslBytesSent;
     }
 
     public static Builder builder(UUID id, Instant timestamp) {
@@ -99,6 +103,8 @@ public class ConnectionLogEntry {
     public List<String> sslSubjectAlternativeNames() { return sslSubjectAlternativeNames == null ? List.of() : sslSubjectAlternativeNames; }
     public Optional<String> httpProtocol() { return Optional.ofNullable(httpProtocol); }
     public Optional<String> proxyProtocolVersion() { return Optional.ofNullable(proxyProtocolVersion); }
+    public Optional<Long> sslBytesReceived() { return Optional.ofNullable(sslBytesReceived); }
+    public Optional<Long> sslBytesSent() { return Optional.ofNullable(sslBytesSent); }
 
     public static class SslHandshakeFailure {
         private final String type;
@@ -153,6 +159,8 @@ public class ConnectionLogEntry {
         private List<String> sslSubjectAlternativeNames;
         private String httpProtocol;
         private String proxyProtocolVersion;
+        private Long sslBytesReceived;
+        private Long sslBytesSent;
 
 
         Builder(UUID id, Instant timestamp) {
@@ -257,6 +265,14 @@ public class ConnectionLogEntry {
             this.proxyProtocolVersion = version;
             return this;
         }
+        public Builder withSslBytesReceived(long bytesReceived) {
+            this.sslBytesReceived = bytesReceived;
+            return this;
+        }
+        public Builder withSslBytesSent(long bytesSent) {
+            this.sslBytesSent = bytesSent;
+            return this;
+        }
 
         public ConnectionLogEntry build(){
             return new ConnectionLogEntry(this);
diff --git a/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java b/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java
index 6d98c247ca0..20a3e9753cc 100644
--- a/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java
+++ b/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java
@@ -70,12 +70,15 @@ class JsonConnectionLogWriter implements LogWriter<ConnectionLogEntry> {
             String sslSniServerName = unwrap(record.sslSniServerName());
             String sslPeerIssuerSubject = unwrap(record.sslPeerIssuerSubject());
             String sslPeerFingerprint = unwrap(record.sslPeerFingerprint());
+            Long sslBytesReceived = unwrap(record.sslBytesReceived());
+            Long sslBytesSent = unwrap(record.sslBytesSent());
             ConnectionLogEntry.SslHandshakeFailure sslHandshakeFailure = unwrap(record.sslHandshakeFailure());
             List<String> sslSubjectAlternativeNames = record.sslSubjectAlternativeNames();
 
             if (isAnyValuePresent(
                     sslProtocol, sslSessionId, sslCipherSuite, sslPeerSubject, sslPeerNotBefore, sslPeerNotAfter,
-                    sslSniServerName, sslHandshakeFailure, sslPeerIssuerSubject, sslPeerFingerprint)) {
+                    sslSniServerName, sslHandshakeFailure, sslPeerIssuerSubject, sslPeerFingerprint,
+                    sslBytesReceived, sslBytesSent)) {
                 generator.writeObjectFieldStart("ssl");
 
                 writeOptionalString(generator, "protocol", sslProtocol);
@@ -87,6 +90,8 @@ class JsonConnectionLogWriter implements LogWriter<ConnectionLogEntry> {
                 writeOptionalTimestamp(generator, "peerNotAfter", sslPeerNotAfter);
                 writeOptionalString(generator, "peerFingerprint", sslPeerFingerprint);
                 writeOptionalString(generator, "sniServerName", sslSniServerName);
+                writeOptionalLong(generator, "bytesReceived", sslBytesReceived);
+                writeOptionalLong(generator, "bytesSent", sslBytesSent);
 
                 if (sslHandshakeFailure != null) {
                     generator.writeObjectFieldStart("handshake-failure");
diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java
index 6406125dcc3..b1037d63196 100644
--- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java
@@ -42,7 +42,6 @@ import java.util.List;
 import java.util.UUID;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.util.stream.Collectors;
 
 /**
  * Jetty integration for jdisc connection log ({@link ConnectionLog}).
@@ -136,6 +135,8 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List
             if (info == null) return; // Closed connection already handled
             if (connection instanceof HttpConnection) {
                 info.setHttpBytes(connection.getBytesIn(), connection.getBytesOut());
+            } else if (connection instanceof SslConnection) {
+                info.setSslBytes(connection.getBytesIn(), connection.getBytesOut());
             }
             if (!endpoint.isOpen()) {
                 info.setClosedAt(System.currentTimeMillis());
@@ -258,6 +259,8 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List
         private List<String> sslSubjectAlternativeNames;
         private String proxyProtocolVersion;
         private String httpProtocol;
+        private long sslBytesReceived = 0;
+        private long sslBytesSent = 0;
 
         private ConnectionInfo(UUID uuid, long createdAt, InetSocketAddress localAddress, InetSocketAddress peerAddress) {
             this.uuid = uuid;
@@ -330,6 +333,12 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List
 
         synchronized ConnectionInfo setProxyProtocolVersion(String version) { this.proxyProtocolVersion = version; return this; }
 
+        synchronized ConnectionInfo setSslBytes(long received, long sent) {
+            this.sslBytesReceived = received;
+            this.sslBytesSent = sent;
+            return this;
+        }
+
         synchronized ConnectionLogEntry toLogEntry() {
             ConnectionLogEntry.Builder builder = ConnectionLogEntry.builder(uuid, Instant.ofEpochMilli(createdAt));
             if (closedAt > 0) {
@@ -400,6 +409,12 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List
             if (proxyProtocolVersion != null) {
                 builder.withProxyProtocolVersion(proxyProtocolVersion);
             }
+            if (sslBytesReceived > 0) {
+                builder.withSslBytesReceived(sslBytesReceived);
+            }
+            if (sslBytesSent > 0) {
+                builder.withSslBytesSent(sslBytesSent);
+            }
             return builder.build();
         }