oracular (7) openssl-qlog.7ssl.gz

Provided by: openssl_3.3.1-2ubuntu2_amd64 bug

NAME

       openssl-qlog - OpenSSL qlog tracing functionality

DESCRIPTION

       OpenSSL has unstable support for generating logs in the qlog logging format, which can be
       used to obtain diagnostic data for QUIC connections. The data generated includes
       information on packets sent and received and the frames contained within them, as well as
       loss detection and other events.

       The qlog output generated by OpenSSL can be used to obtain diagnostic visualisations of a
       given QUIC connection using tools such as qvis.

       WARNING: The output of OpenSSL's qlog functionality uses an unstable format based on a
       draft specification. qlog output is not subject to any format stability or compatibility
       guarantees at this time, and will change in incompatible ways in future versions of
       OpenSSL. See FORMAT STABILITY below for details.

USAGE

       When OpenSSL is built with qlog support, qlog is enabled at run time by setting the
       standard QLOGDIR environment variable to point to a directory where qlog files should be
       written. Once set, any QUIC connection established by OpenSSL will have a qlog file
       written automatically to the specified directory.

       Log files are generated in the .sqlog format based on JSON-SEQ (RFC 7464).

       The filenames of generated log files under the specified QLOGDIR use the following
       structure:

           {connection_odcid}_{vantage_point_type}.sqlog

       where {connection_odcid} is the lowercase hexadecimal encoding of a QUIC connection's
       Original Destination Connection ID, which is the Destination Connection ID used in the
       header of the first Initial packet sent as part of the connection process, and
       {vantage_point_type} is either "client" or "server", reflecting the perspective of the
       endpoint producing the qlog output.

       The qlog functionality can be disabled at OpenSSL build time using the no-unstable-qlog
       configure flag.

SUPPORTED EVENT TYPES

       The following event types are currently supported:

       connectivity:connection_started
       connectivity:connection_state_updated
       connectivity:connection_closed
       transport:parameters_set
       transport:packet_sent
       transport:packet_received
       recovery:packet_lost

FILTERS

       By default, all supported event types are logged. The OSSL_QFILTER environment variable
       can be used to configure a filter specification which determines which event types are to
       be logged. Each event type can be turned on and off individually. The filter specification
       is a space-separated list of terms listing event types to enable or disable. The terms are
       applied in order, thus the effects of later terms override the effects of earlier terms.

   Examples
       Here are some example filter specifications:

       "*" (or "+*")
           Enable all supported qlog event types.

       "-*"
           Disable all qlog event types.

       "* -transport:packet_received"
           Enable all qlog event types, but disable the transport:packet_received event type.

       "-* transport:packet_sent"
           Disable all qlog event types, except for the transport:packet_sent event type.

       "-* connectivity:* transport:parameters_set"
           Disable all qlog event types, except for transport:parameters_set and all supported
           event types in the connectivity category.

   Filter Syntax Specification
       Formally, the format of the filter specification in ABNF is as follows:

           filter              = *filter-term

           filter-term         = add-sub-term

           add-sub-term        = ["-" / "+"] specifier

           specifier           = global-specifier / qualified-specifier

           global-specifier    = wildcard

           qualified-specifier = component-specifier ":" component-specifier

           component-specifier = name / wildcard

           wildcard            = "*"

           name                = 1*(ALPHA / DIGIT / "_" / "-")

       Filter terms are interpreted as follows:

       "+*" (or "*")
           Enables all event types.

       "-*"
           Disables all event types.

       "+foo:*" (or "foo:*")
           Enables all event types in the foo category.

       "-foo:*"
           Disables all event types in the foo category.

       "+foo:bar" (or "foo:bar")
           Enables a specific event type foo:bar.

       "-foo:bar"
           Disables a specific event type foo:bar.

       Partial wildcard matches are not supported at this time.

   Default Configuration
       If the OSSL_QFILTER environment variable is not set or set to the empty string, this is
       equivalent to enabling all event types (i.e., it is equivalent to a filter of "*"). Note
       that the QLOGDIR environment variable must also be set to enable qlog.

FORMAT STABILITY

       The OpenSSL qlog functionality currently implements a draft version of the qlog
       specification. Future revisions to the qlog specification in advance of formal
       standardisation are expected to introduce incompatible and breaking changes to the qlog
       format. The OpenSSL qlog functionality will transition to producing output in this format
       in the future once standardisation is complete.

       Because of this, the qlog output of OpenSSL will change in incompatible and breaking ways
       in the future, including in non-major releases of OpenSSL. The qlog output of OpenSSL is
       considered unstable and not subject to any format stability or compatibility guarantees at
       this time.

       Users of the OpenSSL qlog functionality must be aware that the output may change
       arbitrarily between releases and that the preservation of compatibility with any given
       tool between releases is not guaranteed.

   Aims
       The OpenSSL draft qlog functionality is primarily intended for use in conjunction with the
       qvis tool <https://qvis.quictools.info/>. In terms of format compatibility, the output
       format of the OpenSSL qlog functionality is expected to track what is supported by qvis.
       As such, future changes to the output of the OpenSSL qlog functionality are expected to
       track changes in qvis as they occur, and reflect the versions of qlog currently supported
       by qvis.

       This means that prior to the finalisation of the qlog standard, in the event of a
       disparity between the current draft and what qvis supports, the OpenSSL qlog functionality
       will generally aim for qvis compatibility over compliance with the latest draft.

       As such, OpenSSL's qlog functionality currently implements qlog version 0.3 as defined in
       draft-ietf-quic-qlog-main-schema-05 and draft-ietf-quic-qlog-quic-events-04. These
       revisions are intentionally used instead of more recent revisions due to their qvis
       compatibility.

LIMITATIONS

       The OpenSSL implementation of qlog currently has the following limitations:

       •   Not all event types defined by the draft specification are implemented.

       •   Only the JSON-SEQ (.sqlog) output format is supported.

       •   Only the QLOGDIR environment variable is supported for configuring the qlog output
           directory. The standard QLOGFILE environment variable is not supported.

       •   There is no API for programmatically enabling or controlling the qlog functionality.

SEE ALSO

       openssl-quic(7), openssl-env(7)

HISTORY

       This functionality was added in OpenSSL 3.3.

       Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use this file except
       in compliance with the License.  You can obtain a copy in the file LICENSE in the source
       distribution or at <https://www.openssl.org/source/license.html>.