vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-01 10:09:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
safing-portmaster/network/metrics.go

172 lines
3.6 KiB
Go
Raw Blame History

package network
import (
"github.com/safing/portbase/api"
"github.com/safing/portbase/config"
"github.com/safing/portbase/metrics"
"github.com/safing/portmaster/process"
)
var (
packetHandlingHistogram *metrics.Histogram
blockedOutConnCounter *metrics.Counter
encryptedAndTunneledOutConnCounter *metrics.Counter
encryptedOutConnCounter *metrics.Counter
tunneledOutConnCounter *metrics.Counter
outConnCounter *metrics.Counter
)
func registerMetrics() (err error) {
// This needed to be moved here, because every packet is now handled by the
// connection handler worker.
packetHandlingHistogram, err = metrics.NewHistogram(
"firewall/handling/duration/seconds",
nil,
&metrics.Options{
Permission: api.PermitUser,
ExpertiseLevel: config.ExpertiseLevelExpert,
})
if err != nil {
return err
}
_, err = metrics.NewGauge(
"network/connections/active/total",
nil,
func() float64 {
return float64(conns.active())
},
&metrics.Options{
InternalID: "active_connections",
Permission: api.PermitUser,
ExpertiseLevel: config.ExpertiseLevelUser,
})
if err != nil {
return err
}
connCounterID := "network/connections/total"
connCounterOpts := &metrics.Options{
Name: "Connections",
Permission: api.PermitUser,
ExpertiseLevel: config.ExpertiseLevelUser,
Persist: true,
}
blockedOutConnCounter, err = metrics.NewCounter(
connCounterID,
map[string]string{
"direction": "out",
"blocked": "true",
},
&metrics.Options{
Name: "Connections",
InternalID: "blocked_outgoing_connections",
Permission: api.PermitUser,
ExpertiseLevel: config.ExpertiseLevelUser,
Persist: true,
},
)
if err != nil {
return err
}
encryptedAndTunneledOutConnCounter, err = metrics.NewCounter(
connCounterID,
map[string]string{
"direction": "out",
"encrypted": "true",
"tunneled": "true",
},
connCounterOpts,
)
if err != nil {
return err
}
encryptedOutConnCounter, err = metrics.NewCounter(
connCounterID,
map[string]string{
"direction": "out",
"encrypted": "true",
},
connCounterOpts,
)
if err != nil {
return err
}
tunneledOutConnCounter, err = metrics.NewCounter(
connCounterID,
map[string]string{
"direction": "out",
"tunneled": "true",
},
connCounterOpts,
)
if err != nil {
return err
}
outConnCounter, err = metrics.NewCounter(
connCounterID,
map[string]string{
"direction": "out",
},
connCounterOpts,
)
if err != nil {
return err
}
return nil
}
func (conn *Connection) addToMetrics() {
if conn.addedToMetrics {
return
}
// Don't count requests serviced to the network,
// as we have an incomplete view here.
if conn.Process() != nil &&
conn.Process().Pid == process.NetworkHostProcessID {
return
}
// Only count outgoing connections for now.
if conn.Inbound {
return
}
// Check the verdict.
switch conn.Verdict.Firewall { //nolint:exhaustive // Not critical.
case VerdictBlock, VerdictDrop:
blockedOutConnCounter.Inc()
conn.addedToMetrics = true
return
case VerdictAccept, VerdictRerouteToTunnel:
// Continue to next section.
default:
// Connection is not counted.
return
}
// Only count successful connections, not DNS requests.
if conn.Type == DNSRequest {
return
}
// Select counter based on attributes.
switch {
case conn.Encrypted && conn.Tunneled:
encryptedAndTunneledOutConnCounter.Inc()
case conn.Encrypted:
encryptedOutConnCounter.Inc()
case conn.Tunneled:
tunneledOutConnCounter.Inc()
default:
outConnCounter.Inc()
}
conn.addedToMetrics = true
}
Reference in a new issue View git blame Copy permalink