// Copyright 2023 Prometheus Team
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package procfs

import (
	"bufio"
	"fmt"
	"os"
	"strconv"
	"strings"
)

// TLSStat struct represents data in /proc/net/tls_stat.
// See https://docs.kernel.org/networking/tls.html#statistics
type TLSStat struct {
	// number of TX sessions currently installed where host handles cryptography
	TLSCurrTxSw int
	// number of RX sessions currently installed where host handles cryptography
	TLSCurrRxSw int
	// number of TX sessions currently installed where NIC handles cryptography
	TLSCurrTxDevice int
	// number of RX sessions currently installed where NIC handles cryptography
	TLSCurrRxDevice int
	//number of TX sessions opened with host cryptography
	TLSTxSw int
	//number of RX sessions opened with host cryptography
	TLSRxSw int
	// number of TX sessions opened with NIC cryptography
	TLSTxDevice int
	// number of RX sessions opened with NIC cryptography
	TLSRxDevice int
	// record decryption failed (e.g. due to incorrect authentication tag)
	TLSDecryptError int
	//  number of RX resyncs sent to NICs handling cryptography
	TLSRxDeviceResync int
	// number of RX records which had to be re-decrypted due to TLS_RX_EXPECT_NO_PAD mis-prediction. Note that this counter will also increment for non-data records.
	TLSDecryptRetry int
	// number of data RX records which had to be re-decrypted due to TLS_RX_EXPECT_NO_PAD mis-prediction.
	TLSRxNoPadViolation int
}

// NewTLSStat reads the tls_stat statistics.
func NewTLSStat() (TLSStat, error) {
	fs, err := NewFS(DefaultMountPoint)
	if err != nil {
		return TLSStat{}, err
	}

	return fs.NewTLSStat()
}

// NewTLSStat reads the tls_stat statistics.
func (fs FS) NewTLSStat() (TLSStat, error) {
	file, err := os.Open(fs.proc.Path("net/tls_stat"))
	if err != nil {
		return TLSStat{}, err
	}
	defer file.Close()

	var (
		tlsstat = TLSStat{}
		s       = bufio.NewScanner(file)
	)

	for s.Scan() {
		fields := strings.Fields(s.Text())

		if len(fields) != 2 {
			return TLSStat{}, fmt.Errorf("%w: %q line %q", ErrFileParse, file.Name(), s.Text())
		}

		name := fields[0]
		value, err := strconv.Atoi(fields[1])
		if err != nil {
			return TLSStat{}, err
		}

		switch name {
		case "TlsCurrTxSw":
			tlsstat.TLSCurrTxSw = value
		case "TlsCurrRxSw":
			tlsstat.TLSCurrRxSw = value
		case "TlsCurrTxDevice":
			tlsstat.TLSCurrTxDevice = value
		case "TlsCurrRxDevice":
			tlsstat.TLSCurrRxDevice = value
		case "TlsTxSw":
			tlsstat.TLSTxSw = value
		case "TlsRxSw":
			tlsstat.TLSRxSw = value
		case "TlsTxDevice":
			tlsstat.TLSTxDevice = value
		case "TlsRxDevice":
			tlsstat.TLSRxDevice = value
		case "TlsDecryptError":
			tlsstat.TLSDecryptError = value
		case "TlsRxDeviceResync":
			tlsstat.TLSRxDeviceResync = value
		case "TlsDecryptRetry":
			tlsstat.TLSDecryptRetry = value
		case "TlsRxNoPadViolation":
			tlsstat.TLSRxNoPadViolation = value
		}

	}

	return tlsstat, s.Err()
}