I'm running a SAAS service running via NGINX and have been running tcpdump to look at the incoming packets for HTTP queries. Many of the HTTP queries are bigger than the MTU of 1,500 bytes and therefore arrive as 2, 3, or 4 packets. I noticed that for some customers there are significant delays between packets. The average size of these delays acts as a kind of fingerprint for each customers. The inter packet delay various from a few milliseconds to 100ms plus! Some customers have no delay. There are all shades of grey.
When processing a SAAS query I log how long the processing time took etc. So it would be useful to log how long NGINX took to read the HTTP query packets too. Using tcpdump and a script to analyze the packet dump is not very handy. So I'm wondering if there is a mechanism in NGINX to report somehow the total time necessary to read all the packets of a particular HTTP query? I was thinking that if available, I could add it to the HTTP query in the form of an HTTP header? If not, how easy would it be to implement such a mechanism?