Mutualize TLS version and cipher code
This commit is contained in:
parent
b05a5c818d
commit
4b370930b5
4 changed files with 27 additions and 41 deletions
|
@ -210,8 +210,8 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
|
||||||
core[RequestScheme] = "http"
|
core[RequestScheme] = "http"
|
||||||
if req.TLS != nil {
|
if req.TLS != nil {
|
||||||
core[RequestScheme] = "https"
|
core[RequestScheme] = "https"
|
||||||
core[TLSVersion] = getRequestTLSVersion(req)
|
core[TLSVersion] = traefiktls.GetVersion(req.TLS)
|
||||||
core[TLSCipher] = getRequestTLSCipher(req)
|
core[TLSCipher] = traefiktls.GetCipherName(req.TLS)
|
||||||
}
|
}
|
||||||
|
|
||||||
core[ClientAddr] = req.RemoteAddr
|
core[ClientAddr] = req.RemoteAddr
|
||||||
|
@ -385,19 +385,3 @@ var requestCounter uint64 // Request ID
|
||||||
func nextRequestCount() uint64 {
|
func nextRequestCount() uint64 {
|
||||||
return atomic.AddUint64(&requestCounter, 1)
|
return atomic.AddUint64(&requestCounter, 1)
|
||||||
}
|
}
|
||||||
|
|
||||||
func getRequestTLSVersion(req *http.Request) string {
|
|
||||||
if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok {
|
|
||||||
return version
|
|
||||||
}
|
|
||||||
|
|
||||||
return "unknown"
|
|
||||||
}
|
|
||||||
|
|
||||||
func getRequestTLSCipher(req *http.Request) string {
|
|
||||||
if cypher, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
|
|
||||||
return cypher
|
|
||||||
}
|
|
||||||
|
|
||||||
return "unknown"
|
|
||||||
}
|
|
||||||
|
|
|
@ -89,7 +89,7 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
|
||||||
if req.TLS != nil {
|
if req.TLS != nil {
|
||||||
var tlsLabels []string
|
var tlsLabels []string
|
||||||
tlsLabels = append(tlsLabels, m.baseLabels...)
|
tlsLabels = append(tlsLabels, m.baseLabels...)
|
||||||
tlsLabels = append(tlsLabels, "tls_version", getRequestTLSVersion(req), "tls_cipher", getRequestTLSCipher(req))
|
tlsLabels = append(tlsLabels, "tls_version", traefiktls.GetVersion(req.TLS), "tls_cipher", traefiktls.GetCipherName(req.TLS))
|
||||||
|
|
||||||
m.reqsTLSCounter.With(tlsLabels...).Add(1)
|
m.reqsTLSCounter.With(tlsLabels...).Add(1)
|
||||||
}
|
}
|
||||||
|
@ -146,22 +146,6 @@ func getMethod(r *http.Request) string {
|
||||||
return r.Method
|
return r.Method
|
||||||
}
|
}
|
||||||
|
|
||||||
func getRequestTLSVersion(req *http.Request) string {
|
|
||||||
if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok {
|
|
||||||
return version
|
|
||||||
}
|
|
||||||
|
|
||||||
return "unknown"
|
|
||||||
}
|
|
||||||
|
|
||||||
func getRequestTLSCipher(req *http.Request) string {
|
|
||||||
if version, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
|
|
||||||
return version
|
|
||||||
}
|
|
||||||
|
|
||||||
return "unknown"
|
|
||||||
}
|
|
||||||
|
|
||||||
type retryMetrics interface {
|
type retryMetrics interface {
|
||||||
ServiceRetriesCounter() gokitmetrics.Counter
|
ServiceRetriesCounter() gokitmetrics.Counter
|
||||||
}
|
}
|
||||||
|
|
|
@ -69,3 +69,13 @@ var (
|
||||||
tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`,
|
tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// GetCipherName returns the Cipher suite name.
|
||||||
|
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||||
|
func GetCipherName(connState *tls.ConnectionState) string {
|
||||||
|
if cipher, ok := CipherSuitesReversed[connState.CipherSuite]; ok {
|
||||||
|
return cipher
|
||||||
|
}
|
||||||
|
|
||||||
|
return "unknown"
|
||||||
|
}
|
||||||
|
|
|
@ -2,11 +2,19 @@ package tls
|
||||||
|
|
||||||
import "crypto/tls"
|
import "crypto/tls"
|
||||||
|
|
||||||
// VersionsReversed Map of TLS versions from crypto/tls
|
// GetVersion returns the normalized TLS version.
|
||||||
// Available TLS versions defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
// Available TLS versions defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||||
var VersionsReversed = map[uint16]string{
|
func GetVersion(connState *tls.ConnectionState) string {
|
||||||
tls.VersionTLS10: "1.0",
|
switch connState.Version {
|
||||||
tls.VersionTLS11: "1.1",
|
case tls.VersionTLS10:
|
||||||
tls.VersionTLS12: "1.2",
|
return "1.0"
|
||||||
tls.VersionTLS13: "1.3",
|
case tls.VersionTLS11:
|
||||||
|
return "1.1"
|
||||||
|
case tls.VersionTLS12:
|
||||||
|
return "1.2"
|
||||||
|
case tls.VersionTLS13:
|
||||||
|
return "1.3"
|
||||||
|
}
|
||||||
|
|
||||||
|
return "unknown"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue