Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nft_counters plugin #1316

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Add nft_counters plugin #1316

wants to merge 12 commits into from

Conversation

penguinpee
Copy link

Plugin monitors nftables counters and can be configured to show
a subset of counters. Limiting output by type of counter (bytes
or packets) is also possible.

Plugin requires python3-nftables, which makes use of libnftables
and is part of Netfilter's nftables, but may need to be installed
separately. Plugin will bail out if the nftables module cannot be
loaded.

Plugin is built upon PyMunin, adapted for Python3. The version
listed in PIP is still using Python 2 syntax. Release of a Python 3
compatible version is pending.

I'm reaching out to the owner/maintainer of PyMunin for getting
the Python 3 changes implemented and having PyMunin updated in pip.
So far, there has been no response. If it remains quiet, I intent
to fork and publish the new version as PyMunin3. Advice on this
topic is welcome.

For now, to test the plugin, use the PR branch
in my fork of PyMunin. To install it to the user install directory
use pip install --user -e . from the repository root directory.
For system wide installation use sudo pip install --prefix /usr/local/ ..

@penguinpee
Add nft_counters plugin
dbc8e51 
Plugin monitors nftables counters and can be configured to show
a subset of counters. Limiting output by type of counter (bytes
or packets) is also possible.

Plugin requires python3-nftables, which makes use of libnftables
and is part of Netfilter's nftables, but may need to be installed
separately. Plugin will bail out if the nftables module cannot be
loaded.

Plugin is built upon PyMunin, adapted for Python3. The version
listed in PIP is still using Python 2 syntax. Release of a Python 3
compatible version is pending.
@penguinpee
Do proper error/exception handling
9b4b5cd 
* Ensure plugin exits with non-zero status
* Fix formatting of informative output
@penguinpee
Use retrieveVals(self) method
fe43112 
This separates graph creation and value retrieval. In case values
need to be computed or retrieved externally, value retrieval will
only happen when needed (e.g. calling the plugin without any
arguments), saving time, I/O and cpu cycles.
@penguinpee
Simplify autoconf method
682917e 
It's quite bogus, since any exceptions will be thrown during
initialization.
@penguinpee
Turn off debugging for __init__
24e6888
@penguinpee
Raise ValueError in getCounters()
dedc968 
Only there are we able to determine if counters are present.
nft_cmd() only checks if there is any output at all.
@penguinpee
Make graph_title more descriptive
208c41b
@penguinpee
min *not* max value of fields needs to be 0
08b889d 
Ensure graph is not showing negative values when counters are
reset.
@penguinpee
Make plugin behave nicely when running autoconf
99dfc5d 
Re-raising exceptions will allow PyMunin to decide how to handle
them depending on debug setting.
When in 'autoconf' simply return from __init__ to allow correct
answer to be printed.
@penguinpee
Copy link
Author

penguinpee commented Jun 17, 2022
edited
Loading

There is now a Python 3 compatible test release of PyMunin on TestPyPI, if someone wants to give this plugin a testdrive. Install with:

pip install --user --index-url https://test.pypi.org/simple/ PyMunin

Or, if you want to make it available system wide:

pip install --prefix /usr/local --index-url https://test.pypi.org/simple/ PyMunin

I'm still hoping for an official release in the coming weeks.

@penguinpee
Copy link
Author

Dependency is now available on PyPI. In order to use the plugin install the dependency, first, using:

pip install PyMunin3

To ensure there are some counters in nftables, store the following script in accounting.nft:

# Little trick to ensure we start with an empty table
table inet accounting
flush table inet accounting

table inet accounting {

    counter dns {
        comment "DNS traffic"
    }

    counter ntp {
        comment "NTP traffic"
    }

    chain input {
        type filter hook prerouting priority raw; policy accept;

        udp dport 53  counter name dns
        udp dport 123 counter name ntp
    }

    chain output {
        type filter hook postrouting priority raw; policy accept;

        udp dport 53  counter name dns
        udp dport 123 counter name ntp
    }

}

Then run it with sudo nft -f accounting.nft.

To reset the counters run sudo nft reset counters table inet accounting and to remove the accounting table all together run sudo nft delete table inet accounting.

@penguinpee
Copy link
Author

With PyMunin3 >= 3.0.1 plugin supports dirtyconfig.

@penguinpee
Copy link
Author

Ping

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@penguinpee