Merge pull request #263 from 9seconds/tags-for-ipblocklisted

Tags for ipblocklisted

.github/workflows/ci.yaml

   test:
     name: Test
     runs-on: ubuntu-latest
-    timeout-minutes: 5
+    timeout-minutes: 10
     strategy:
       matrix:
         go_version:

README.md

 | domain_fronting_traffic     | counter | `direction`                      | Count of bytes, transmitted to/from fronting domain.                                       |
 | domain_fronting             | counter | –                                | Count of domain fronting events.                                                           |
 | concurrency_limited         | counter | –                                | Count of events, when client connection was rejected due to concurrency limit.             |
-| ip_blocklisted              | counter | –                                | Count of events when client connection was rejected because IP was found in the blacklist. |
+| ip_blocklisted              | counter | `ip_list`                        | Count of events when client connection was rejected because IP was found in the blocklist. |
 | replay_attacks              | counter | –                                | Count of detected replay attacks.                                                          |
 
 Tag meaning:

mtglib/events.go

 type EventIPBlocklisted struct {
 	eventBase
 
-	RemoteIP net.IP
+	RemoteIP    net.IP
+	IsBlockList bool
 }
 
 // EventReplayAttack is emitted when mtg detects a replay attack on a
 		eventBase: eventBase{
 			timestamp: time.Now(),
 		},
-		RemoteIP: remoteIP,
+		RemoteIP:    remoteIP,
+		IsBlockList: true,
+	}
+}
+
+// NewEventIPAllowlisted creates a NewEventIPBlocklisted event with a mark that
+// it is supposed to be for allow list.
+func NewEventIPAllowlisted(remoteIP net.IP) EventIPBlocklisted {
+	return EventIPBlocklisted{
+		eventBase: eventBase{
+			timestamp: time.Now(),
+		},
+		RemoteIP:    remoteIP,
+		IsBlockList: false,
 	}
 }
 

mtglib/events_test.go

 
 	suite.Empty(evt.StreamID())
 	suite.WithinDuration(time.Now(), evt.Timestamp(), 10*time.Millisecond)
+	suite.True(evt.IsBlockList)
+}
+
+func (suite *EventsTestSuite) TestEventIPAllowlisted() {
+	evt := mtglib.NewEventIPAllowlisted(net.ParseIP("10.0.0.10"))
+
+	suite.Empty(evt.StreamID())
+	suite.WithinDuration(time.Now(), evt.Timestamp(), 10*time.Millisecond)
+	suite.False(evt.IsBlockList)
 }
 
 func (suite *EventsTestSuite) TestEventReplayAttack() {

mtglib/proxy.go

 		if !p.allowlist.Contains(ipAddr) {
 			conn.Close()
 			logger.Info("ip was rejected by allowlist")
-			p.eventStream.Send(p.ctx, NewEventIPBlocklisted(ipAddr))
+			p.eventStream.Send(p.ctx, NewEventIPAllowlisted(ipAddr))
 
 			continue
 		}

stats/prometheus.go

 	p.factory.metricConcurrencyLimited.Inc()
 }
 
-func (p prometheusProcessor) EventIPBlocklisted(_ mtglib.EventIPBlocklisted) {
-	p.factory.metricIPBlocklisted.Inc()
+func (p prometheusProcessor) EventIPBlocklisted(evt mtglib.EventIPBlocklisted) {
+	tag := TagIPListBlock
+	if !evt.IsBlockList {
+		tag = TagIPListAllow
+	}
+
+	p.factory.metricIPBlocklisted.WithLabelValues(tag).Inc()
 }
 
 func (p prometheusProcessor) EventReplayAttack(_ mtglib.EventReplayAttack) {
 
 	metricTelegramTraffic       *prometheus.CounterVec
 	metricDomainFrontingTraffic *prometheus.CounterVec
+	metricIPBlocklisted         *prometheus.CounterVec
 
 	metricDomainFronting     prometheus.Counter
 	metricConcurrencyLimited prometheus.Counter
-	metricIPBlocklisted      prometheus.Counter
 	metricReplayAttacks      prometheus.Counter
 }
 
 			Name:      MetricDomainFrontingTraffic,
 			Help:      "Traffic which is generated talking with front domain.",
 		}, []string{TagDirection}),
+		metricIPBlocklisted: prometheus.NewCounterVec(prometheus.CounterOpts{
+			Namespace: metricPrefix,
+			Name:      MetricIPBlocklisted,
+			Help:      "A number of rejected sessions due to ip blocklisting.",
+		}, []string{TagIPList}),
 
 		metricDomainFronting: prometheus.NewCounter(prometheus.CounterOpts{
 			Namespace: metricPrefix,
 			Name:      MetricConcurrencyLimited,
 			Help:      "A number of sessions that were rejected by concurrency limiter.",
 		}),
-		metricIPBlocklisted: prometheus.NewCounter(prometheus.CounterOpts{
-			Namespace: metricPrefix,
-			Name:      MetricIPBlocklisted,
-			Help:      "A number of rejected sessions due to ip blocklisting.",
-		}),
 		metricReplayAttacks: prometheus.NewCounter(prometheus.CounterOpts{
 			Namespace: metricPrefix,
 			Name:      MetricReplayAttacks,
 
 	registry.MustRegister(factory.metricTelegramTraffic)
 	registry.MustRegister(factory.metricDomainFrontingTraffic)
+	registry.MustRegister(factory.metricIPBlocklisted)
 
 	registry.MustRegister(factory.metricDomainFronting)
 	registry.MustRegister(factory.metricConcurrencyLimited)
-	registry.MustRegister(factory.metricIPBlocklisted)
 	registry.MustRegister(factory.metricReplayAttacks)
 
 	return factory

stats/prometheus_test.go

 
 	data, err := suite.Get()
 	suite.NoError(err)
-	suite.Contains(data, `mtg_ip_blocklisted 1`)
+	suite.Contains(data, `mtg_ip_blocklisted{ip_list="blocklist"} 1`)
+}
+
+func (suite *PrometheusTestSuite) TestEventIPAllowlisted() {
+	suite.prometheus.EventIPBlocklisted(
+		mtglib.NewEventIPAllowlisted(net.ParseIP("2001:db8::68")))
+
+	time.Sleep(100 * time.Millisecond)
+
+	data, err := suite.Get()
+	suite.NoError(err)
+	suite.Contains(data, `mtg_ip_blocklisted{ip_list="allowlist"} 1`)
 }
 
 func (suite *PrometheusTestSuite) TestEventReplayAttack() {

stats/statsd.go

 	s.client.Incr(MetricConcurrencyLimited, 1)
 }
 
-func (s statsdProcessor) EventIPBlocklisted(_ mtglib.EventIPBlocklisted) {
-	s.client.Incr(MetricIPBlocklisted, 1)
+func (s statsdProcessor) EventIPBlocklisted(evt mtglib.EventIPBlocklisted) {
+	tag := TagIPListBlock
+	if !evt.IsBlockList {
+		tag = TagIPListAllow
+	}
+
+	s.client.Incr(MetricIPBlocklisted, 1, statsd.StringTag(TagIPList, tag))
 }
 
 func (s statsdProcessor) EventReplayAttack(_ mtglib.EventReplayAttack) {

stats/statsd_test.go

 		mtglib.NewEventIPBlocklisted(net.ParseIP("10.0.0.10")))
 
 	time.Sleep(statsdSleepTime)
-	suite.Equal("mtg.ip_blocklisted:1|c", suite.statsdServer.String())
+	suite.Equal("mtg.ip_blocklisted:1|c|#ip_list:blocklist", suite.statsdServer.String())
+}
+
+func (suite *StatsdTestSuite) TestEventIPAllowlisted() {
+	suite.statsd.EventIPBlocklisted(
+		mtglib.NewEventIPAllowlisted(net.ParseIP("10.0.0.10")))
+
+	time.Sleep(statsdSleepTime)
+	suite.Equal("mtg.ip_blocklisted:1|c|#ip_list:allowlist", suite.statsdServer.String())
 }
 
 func (suite *StatsdTestSuite) TestEventReplayAttack() {