mc/mc-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Prometheus metrics for connections, firewall, L7, and bytes transferred

Browse Source 
Instrument mc-proxy with prometheus/client_golang. New internal/metrics/
package defines counters, gauges, and histograms for connection totals,
active connections, firewall blocks by reason, backend dial latency,
bytes transferred, L7 HTTP status codes, and L7 policy blocks. Optional
[metrics] config section starts a scrape endpoint. Firewall gains
BlockedWithReason() to report block cause. L7 handler wraps
ResponseWriter to record status codes per hostname.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-25 18:05:25 -07:00
parent 42c7fffc3e
commit ffc31f7d55
16 changed files with 439 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
internal/firewall/firewall_test.go
View File

@@ -170,6 +170,47 @@ func TestRateLimitBlocklistFirst(t *testing.T) {
}
}
func TestBlockedWithReason(t *testing.T) {
fw, err := New("", []string{"10.0.0.1"}, []string{"192.168.0.0/16"}, nil, 2, time.Minute)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
defer fw.Close()
tests := []struct {
addr string
wantBlock bool
wantReason string
}{
{"10.0.0.1", true, "ip"},
{"192.168.1.1", true, "cidr"},
{"172.16.0.1", false, ""},
}
for _, tt := range tests {
addr := netip.MustParseAddr(tt.addr)
blocked, reason := fw.BlockedWithReason(addr)
if blocked != tt.wantBlock {
t.Fatalf("BlockedWithReason(%s) blocked = %v, want %v", tt.addr, blocked, tt.wantBlock)
}
if reason != tt.wantReason {
t.Fatalf("BlockedWithReason(%s) reason = %q, want %q", tt.addr, reason, tt.wantReason)
}
}
// Test rate limit reason: use a fresh IP that will exceed the limit.
rlAddr := netip.MustParseAddr("10.10.10.10")
fw.BlockedWithReason(rlAddr) // 1
fw.BlockedWithReason(rlAddr) // 2
blocked, reason := fw.BlockedWithReason(rlAddr) // 3 — should be blocked
if !blocked {
t.Fatal("expected rate limit block")
}
if reason != "rate_limit" {
t.Fatalf("reason = %q, want %q", reason, "rate_limit")
}
}
func TestRuntimeMutation(t *testing.T) {
fw, err := New("", nil, nil, nil, 0, 0)
if err != nil {