node_exporter icon indicating copy to clipboard operation
node_exporter copied to clipboard
verified publisher icon prometheus

Feature request: tls metrics from /proc/net/tls_stat

Open totallyunknown opened this issue 3 years ago • 2 comments

Linux kernel with loaded tls module exposes the following per-namespace statistics (/proc/net/tls_stat):

  • TlsCurrTxSw, TlsCurrRxSw - number of TX and RX sessions currently installed where host handles cryptography
  • TlsCurrTxDevice, TlsCurrRxDevice - number of TX and RX sessions currently installed where NIC handles cryptography
  • TlsTxSw, TlsRxSw - number of TX and RX sessions opened with host cryptography
  • TlsTxDevice, TlsRxDevice - number of TX and RX sessions opened with NIC cryptography
  • TlsDecryptError - record decryption failed (e.g. due to incorrect authentication tag)
  • TlsDeviceRxResync - number of RX resyncs sent to NICs handling cryptography

https://www.kernel.org/doc/html/latest/networking/tls.html#statistics

If this gets accepted, I can provide a PR for this.

totallyunknown avatar Feb 13 '22 20:02 totallyunknown

Seems like a good feature to me. To start, we would want to add parsing of this file to the Prometheus procfs library.

https://github.com/prometheus/procfs

SuperQ avatar Feb 13 '22 21:02 SuperQ

Update: The procfs side of this appears to have landed in master: https://github.com/prometheus/procfs/commit/6d8714c62d4165d2352f73816b44cb325eaf4296

mossblaser avatar Mar 06 '24 14:03 mossblaser