From 05ca0bbe97694a99572f75d87787a0fd85ebbd6c Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Tue, 30 May 2023 12:13:43 +0200 Subject: Add SSL bytes to connection log --- .../com/yahoo/container/logging/ConnectionLogEntry.java | 16 ++++++++++++++++ .../container/logging/JsonConnectionLogWriter.java | 7 ++++++- .../jdisc/http/server/jetty/JettyConnectionLogger.java | 17 ++++++++++++++++- 3 files changed, 38 insertions(+), 2 deletions(-) (limited to 'container-core/src/main/java/com/yahoo') diff --git a/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java b/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java index e2eeb5d3517..2f1dc1fd96f 100644 --- a/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java +++ b/container-core/src/main/java/com/yahoo/container/logging/ConnectionLogEntry.java @@ -38,6 +38,8 @@ public class ConnectionLogEntry { private final List sslSubjectAlternativeNames; private final String httpProtocol; private final String proxyProtocolVersion; + private final Long sslBytesReceived; + private final Long sslBytesSent; private ConnectionLogEntry(Builder builder) { @@ -67,6 +69,8 @@ public class ConnectionLogEntry { this.sslSubjectAlternativeNames = builder.sslSubjectAlternativeNames; this.httpProtocol = builder.httpProtocol; this.proxyProtocolVersion = builder.proxyProtocolVersion; + this.sslBytesReceived = builder.sslBytesReceived; + this.sslBytesSent = builder.sslBytesSent; } public static Builder builder(UUID id, Instant timestamp) { @@ -99,6 +103,8 @@ public class ConnectionLogEntry { public List sslSubjectAlternativeNames() { return sslSubjectAlternativeNames == null ? List.of() : sslSubjectAlternativeNames; } public Optional httpProtocol() { return Optional.ofNullable(httpProtocol); } public Optional proxyProtocolVersion() { return Optional.ofNullable(proxyProtocolVersion); } + public Optional sslBytesReceived() { return Optional.ofNullable(sslBytesReceived); } + public Optional sslBytesSent() { return Optional.ofNullable(sslBytesSent); } public static class SslHandshakeFailure { private final String type; @@ -153,6 +159,8 @@ public class ConnectionLogEntry { private List sslSubjectAlternativeNames; private String httpProtocol; private String proxyProtocolVersion; + private Long sslBytesReceived; + private Long sslBytesSent; Builder(UUID id, Instant timestamp) { @@ -257,6 +265,14 @@ public class ConnectionLogEntry { this.proxyProtocolVersion = version; return this; } + public Builder withSslBytesReceived(long bytesReceived) { + this.sslBytesReceived = bytesReceived; + return this; + } + public Builder withSslBytesSent(long bytesSent) { + this.sslBytesSent = bytesSent; + return this; + } public ConnectionLogEntry build(){ return new ConnectionLogEntry(this); diff --git a/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java b/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java index 6d98c247ca0..20a3e9753cc 100644 --- a/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java +++ b/container-core/src/main/java/com/yahoo/container/logging/JsonConnectionLogWriter.java @@ -70,12 +70,15 @@ class JsonConnectionLogWriter implements LogWriter { String sslSniServerName = unwrap(record.sslSniServerName()); String sslPeerIssuerSubject = unwrap(record.sslPeerIssuerSubject()); String sslPeerFingerprint = unwrap(record.sslPeerFingerprint()); + Long sslBytesReceived = unwrap(record.sslBytesReceived()); + Long sslBytesSent = unwrap(record.sslBytesSent()); ConnectionLogEntry.SslHandshakeFailure sslHandshakeFailure = unwrap(record.sslHandshakeFailure()); List sslSubjectAlternativeNames = record.sslSubjectAlternativeNames(); if (isAnyValuePresent( sslProtocol, sslSessionId, sslCipherSuite, sslPeerSubject, sslPeerNotBefore, sslPeerNotAfter, - sslSniServerName, sslHandshakeFailure, sslPeerIssuerSubject, sslPeerFingerprint)) { + sslSniServerName, sslHandshakeFailure, sslPeerIssuerSubject, sslPeerFingerprint, + sslBytesReceived, sslBytesSent)) { generator.writeObjectFieldStart("ssl"); writeOptionalString(generator, "protocol", sslProtocol); @@ -87,6 +90,8 @@ class JsonConnectionLogWriter implements LogWriter { writeOptionalTimestamp(generator, "peerNotAfter", sslPeerNotAfter); writeOptionalString(generator, "peerFingerprint", sslPeerFingerprint); writeOptionalString(generator, "sniServerName", sslSniServerName); + writeOptionalLong(generator, "bytesReceived", sslBytesReceived); + writeOptionalLong(generator, "bytesSent", sslBytesSent); if (sslHandshakeFailure != null) { generator.writeObjectFieldStart("handshake-failure"); diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java index 6406125dcc3..b1037d63196 100644 --- a/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java +++ b/container-core/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java @@ -42,7 +42,6 @@ import java.util.List; import java.util.UUID; import java.util.logging.Level; import java.util.logging.Logger; -import java.util.stream.Collectors; /** * Jetty integration for jdisc connection log ({@link ConnectionLog}). @@ -136,6 +135,8 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List if (info == null) return; // Closed connection already handled if (connection instanceof HttpConnection) { info.setHttpBytes(connection.getBytesIn(), connection.getBytesOut()); + } else if (connection instanceof SslConnection) { + info.setSslBytes(connection.getBytesIn(), connection.getBytesOut()); } if (!endpoint.isOpen()) { info.setClosedAt(System.currentTimeMillis()); @@ -258,6 +259,8 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List private List sslSubjectAlternativeNames; private String proxyProtocolVersion; private String httpProtocol; + private long sslBytesReceived = 0; + private long sslBytesSent = 0; private ConnectionInfo(UUID uuid, long createdAt, InetSocketAddress localAddress, InetSocketAddress peerAddress) { this.uuid = uuid; @@ -330,6 +333,12 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List synchronized ConnectionInfo setProxyProtocolVersion(String version) { this.proxyProtocolVersion = version; return this; } + synchronized ConnectionInfo setSslBytes(long received, long sent) { + this.sslBytesReceived = received; + this.sslBytesSent = sent; + return this; + } + synchronized ConnectionLogEntry toLogEntry() { ConnectionLogEntry.Builder builder = ConnectionLogEntry.builder(uuid, Instant.ofEpochMilli(createdAt)); if (closedAt > 0) { @@ -400,6 +409,12 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List if (proxyProtocolVersion != null) { builder.withProxyProtocolVersion(proxyProtocolVersion); } + if (sslBytesReceived > 0) { + builder.withSslBytesReceived(sslBytesReceived); + } + if (sslBytesSent > 0) { + builder.withSslBytesSent(sslBytesSent); + } return builder.build(); } -- cgit v1.2.3