Mutualize TLS version and cipher code

This commit is contained in:
Romain 2021-01-20 04:08:03 +01:00 committed by GitHub
parent b05a5c818d
commit 4b370930b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 41 deletions

View file

@ -210,8 +210,8 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
core[RequestScheme] = "http" core[RequestScheme] = "http"
if req.TLS != nil { if req.TLS != nil {
core[RequestScheme] = "https" core[RequestScheme] = "https"
core[TLSVersion] = getRequestTLSVersion(req) core[TLSVersion] = traefiktls.GetVersion(req.TLS)
core[TLSCipher] = getRequestTLSCipher(req) core[TLSCipher] = traefiktls.GetCipherName(req.TLS)
} }
core[ClientAddr] = req.RemoteAddr core[ClientAddr] = req.RemoteAddr
@ -385,19 +385,3 @@ var requestCounter uint64 // Request ID
func nextRequestCount() uint64 { func nextRequestCount() uint64 {
return atomic.AddUint64(&requestCounter, 1) return atomic.AddUint64(&requestCounter, 1)
} }
func getRequestTLSVersion(req *http.Request) string {
if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok {
return version
}
return "unknown"
}
func getRequestTLSCipher(req *http.Request) string {
if cypher, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
return cypher
}
return "unknown"
}

View file

@ -89,7 +89,7 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
if req.TLS != nil { if req.TLS != nil {
var tlsLabels []string var tlsLabels []string
tlsLabels = append(tlsLabels, m.baseLabels...) tlsLabels = append(tlsLabels, m.baseLabels...)
tlsLabels = append(tlsLabels, "tls_version", getRequestTLSVersion(req), "tls_cipher", getRequestTLSCipher(req)) tlsLabels = append(tlsLabels, "tls_version", traefiktls.GetVersion(req.TLS), "tls_cipher", traefiktls.GetCipherName(req.TLS))
m.reqsTLSCounter.With(tlsLabels...).Add(1) m.reqsTLSCounter.With(tlsLabels...).Add(1)
} }
@ -146,22 +146,6 @@ func getMethod(r *http.Request) string {
return r.Method return r.Method
} }
func getRequestTLSVersion(req *http.Request) string {
if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok {
return version
}
return "unknown"
}
func getRequestTLSCipher(req *http.Request) string {
if version, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
return version
}
return "unknown"
}
type retryMetrics interface { type retryMetrics interface {
ServiceRetriesCounter() gokitmetrics.Counter ServiceRetriesCounter() gokitmetrics.Counter
} }

View file

@ -69,3 +69,13 @@ var (
tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`, tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`,
} }
) )
// GetCipherName returns the Cipher suite name.
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
func GetCipherName(connState *tls.ConnectionState) string {
if cipher, ok := CipherSuitesReversed[connState.CipherSuite]; ok {
return cipher
}
return "unknown"
}

View file

@ -2,11 +2,19 @@ package tls
import "crypto/tls" import "crypto/tls"
// VersionsReversed Map of TLS versions from crypto/tls // GetVersion returns the normalized TLS version.
// Available TLS versions defined at https://golang.org/pkg/crypto/tls/#pkg-constants // Available TLS versions defined at https://golang.org/pkg/crypto/tls/#pkg-constants
var VersionsReversed = map[uint16]string{ func GetVersion(connState *tls.ConnectionState) string {
tls.VersionTLS10: "1.0", switch connState.Version {
tls.VersionTLS11: "1.1", case tls.VersionTLS10:
tls.VersionTLS12: "1.2", return "1.0"
tls.VersionTLS13: "1.3", case tls.VersionTLS11:
return "1.1"
case tls.VersionTLS12:
return "1.2"
case tls.VersionTLS13:
return "1.3"
}
return "unknown"
} }