Added new vflow attribute VFLOW_ATTRIBUTE_ACTIVE_TLS_ORDINAL and used it in control connectors and listeners

ganeshmurthy · ganeshmurthy · commit d6c5594f6b13 · 2025-06-09T09:36:36.000-04:00
diff --git a/include/qpid/dispatch/vanflow.h b/include/qpid/dispatch/vanflow.h
@@ -143,6 +143,7 @@ typedef enum vflow_attribute {
 
     VFLOW_ATTRIBUTE_ERROR_LISTENER_SIDE  = 64,  // String
     VFLOW_ATTRIBUTE_ERROR_CONNECTOR_SIDE = 65,  // String
+    VFLOW_ATTRIBUTE_ACTIVE_TLS_ORDINAL   = 66   // uint The SSL Profile ordinal field that is currently in operation
 } vflow_attribute_t;
 // clang-format on
 
diff --git a/src/adaptors/amqp/qd_connector.c b/src/adaptors/amqp/qd_connector.c
@@ -486,6 +486,10 @@ void qd_connector_add_connection(qd_connector_t *connector, qd_connection_t *ctx
 void qd_connector_add_link(qd_connector_t *connector)
 {
     if (!connector->is_data_connector) {
+        if (connector->vflow_record && connector->ctor_config->tls_config) {
+            // connector->ctor_config->tls_ordinal is set in the handle_connector_ssl_profile_mgmt_update() callback
+            vflow_set_uint64(connector->vflow_record, VFLOW_ATTRIBUTE_ACTIVE_TLS_ORDINAL, connector->ctor_config->tls_ordinal);
+        }
         vflow_set_string(connector->vflow_record, VFLOW_ATTRIBUTE_OPER_STATUS, "up");
         vflow_set_timestamp_now(connector->vflow_record, VFLOW_ATTRIBUTE_UP_TIMESTAMP);
         connector->oper_status_down = false;
@@ -611,7 +615,6 @@ static void handle_connector_ssl_profile_mgmt_update(const qd_tls_config_t *conf
         }
 
         // Create a new set of connectors (and their associated connections) that will use the updated TLS credentials.
-
         ctor_config->tls_ordinal = new_ordinal;
 
         if (qd_connector_config_create_connectors(ctor_config) != QD_ERROR_NONE) {
diff --git a/src/adaptors/amqp/qd_listener.c b/src/adaptors/amqp/qd_listener.c
@@ -302,6 +302,9 @@ void qd_listener_add_link(qd_listener_t *li)
     if (!!li->vflow_record) {
         uint32_t count = sys_atomic_inc(&li->connection_count) + 1;
         vflow_set_uint64(li->vflow_record, VFLOW_ATTRIBUTE_LINK_COUNT, count);
+        if (li->tls_config && li->vflow_record) {
+            vflow_set_uint64(li->vflow_record, VFLOW_ATTRIBUTE_ACTIVE_TLS_ORDINAL, li->tls_ordinal);
+        }
     }
 }
 
@@ -369,11 +372,12 @@ static void expired_ordinal_connection_scrubber(qd_connection_t *qd_conn, void *
 //
 static void handle_listener_ssl_profile_mgmt_update(const qd_tls_config_t *config, void *context)
 {
+    uint64_t new_ordinal = qd_tls_config_get_ordinal(config);
     uint64_t new_oldest_ordinal = qd_tls_config_get_oldest_valid_ordinal(config);
     qd_listener_t *li           = (qd_listener_t *) context;
+    li->tls_ordinal = new_ordinal;
 
     // destroy all connections whose connectors use an expired TLS ordinal:
-
     if (new_oldest_ordinal > li->tls_oldest_valid_ordinal) {
 
         qd_log(LOG_SERVER, QD_LOG_DEBUG,
diff --git a/src/vanflow.c b/src/vanflow.c
@@ -224,7 +224,7 @@ static uint8_t valid_attribute_types[] = {
     ATTR_UCOUNT, ATTR_STRING, ATTR_STRING, ATTR_UINT,
     ATTR_UINT,   ATTR_UCOUNT, ATTR_UCOUNT, ATTR_UINT,
     ATTR_REF,    ATTR_UINT,   ATTR_STRING, ATTR_STRING,
-    ATTR_STRING, ATTR_STRING,
+    ATTR_STRING, ATTR_STRING, ATTR_UINT
 };
 
 /**
@@ -1042,6 +1042,7 @@ static const char *_vflow_attribute_name(const vflow_attribute_data_t *data)
     case VFLOW_ATTRIBUTE_PROXY_PORT           : return "proxyPort";
     case VFLOW_ATTRIBUTE_ERROR_LISTENER_SIDE  : return "errorListenerSide";
     case VFLOW_ATTRIBUTE_ERROR_CONNECTOR_SIDE : return "errorConnectorSide";
+    case VFLOW_ATTRIBUTE_ACTIVE_TLS_ORDINAL   : return "activeTlsOrdinal";
     }
     return "UNKNOWN";
 }
