2023-08-14, 08:21:28 -0700, Jakub Kicinski wrote:
> On Mon, 14 Aug 2023 17:06:10 +0200 Sabrina Dubroca wrote:
> > 2023-08-11, 18:43:47 -0700, Jakub Kicinski wrote:
> > > On Wed, 9 Aug 2023 14:58:52 +0200 Sabrina Dubroca wrote:
> > > > TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW);
> > > > TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
> > > > conf = TLS_SW;
> > >
> > > Should we add a statistic for rekeying?
> >
> > Hmpf, at least I shouldn't be incrementing the existing stats on every
> > update, especially not TLSCURR* :/
> >
> > I don't see much benefit in tracking succesful rekeys. Failed rekeys
> > seem more interesting to me. What would we get from counting succesful
> > rekeys?
>
> No huge benefit from counting rekeys, the main (only?) one I see is
> that when user reports issues we can see whether rekeys were involved
> (given that they are fairly rare). It could help narrow down triage.
Ok. So unless you objcet I'll add 4 more counters: {RX,TX}REKEY{OK,ERROR}.
And it probably shouldn't be "rekey" in case we decide to implement
full 1.2 renegotiation (with cipher change) and use the same
counter. Or 1.2 renegotiation without cipher change gets to use the
rekey counters, and cipher change would get a new set of counters.
I could also just call them *UPDATE* but that might be a bit too
vague.
--
Sabrina
