public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* [PATCH] graphs.pl: Fixes graph failure when the DROP_HOSTILE directory is missing
@ 2024-02-14 10:34 Adolf Belka
  2024-02-14 12:59 ` Michael Tremer
  0 siblings, 1 reply; 3+ messages in thread
From: Adolf Belka @ 2024-02-14 10:34 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 15970 bytes --]

- If a fresh install is done then only the DROP_HOSTILE_IN & DROP_HOSTILE_OUT
   rrd directories are created.
- With the DROP_HOSTILE directory missing then when the fwhits graph is updated an error
   message is caused by the inability to open the required files.
- This patch adds an if/else loop into the fwhits graph code to deal with the two cases
   of the DROP_HOSTILE being present or not depending on the history and if a backup with
   logs has been restored from when DROP_HOSTILE was in use.
- Tested on vm testbed and created a historical line for the hostile data when it was not
   split
- There might be a simpler or better approach than this but it was the only option I
   could identify. I couldn't find anything about being able to use if loops within the
   RRD::Graph loop

Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/cfgroot/graphs.pl | 237 ++++++++++++++++++++++++++-------------
 1 file changed, 158 insertions(+), 79 deletions(-)

diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl
index a23e49c98..96c6c26ea 100644
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -13,7 +13,7 @@
 # This program is distributed in the hope that it will be useful,             #
 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
+# GNU General Public License for more details.                                #update.sh
 #                                                                             #
 # You should have received a copy of the GNU General Public License           #
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
@@ -676,84 +676,163 @@ sub updatevpnn2ngraph {
 
 sub updatefwhitsgraph {
 	my $period    = $_[0];
-	RRDs::graph(
-		@GRAPH_ARGS,
-		"-",
-		"--start",
-		"-1".$period,
-		"-r",
-		"-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
-		"-v ".$Lang::tr{'bytes per second'},
-		"--color=SHADEA".$color{"color19"},
-		"--color=SHADEB".$color{"color19"},
-		"--color=BACK".$color{"color21"},
-		"DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
-		"DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
-		"DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
-		"DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
-		"DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
-		"DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
-		"DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
-		"DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
-		"DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
-
-		# This creates a new combined hostile segment.
-		# Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
-		# from the old RRD database unless those are UNKNOWN (i.e. we started collected IN/OUT). If the values are unknown,
-		# we replace them with them sum of IN + OUT.
-		"CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
-
-		"COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
-		"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
-		"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
-		"COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
-		"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
-		"AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
-		"GPRINT:output:MAX:%8.1lf %sBps",
-		"GPRINT:output:AVERAGE:%8.1lf %sBps",
-		"GPRINT:output:MIN:%8.1lf %sBps",
-		"GPRINT:output:LAST:%8.1lf %sBps\\j",
-		"STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
-		"GPRINT:forward:MAX:%8.1lf %sBps",
-		"GPRINT:forward:AVERAGE:%8.1lf %sBps",
-		"GPRINT:forward:MIN:%8.1lf %sBps",
-		"GPRINT:forward:LAST:%8.1lf %sBps\\j",
-		"STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
-		"GPRINT:input:MAX:%8.1lf %sBps",
-		"GPRINT:input:AVERAGE:%8.1lf %sBps",
-		"GPRINT:input:MIN:%8.1lf %sBps",
-		"GPRINT:input:LAST:%8.1lf %sBps\\j",
-		"STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
-		"GPRINT:newnotsyn:MAX:%8.1lf %sBps",
-		"GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
-		"GPRINT:newnotsyn:MIN:%8.1lf %sBps",
-		"GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
-		"STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
-		"GPRINT:portscan:MAX:%8.1lf %sBps",
-		"GPRINT:portscan:AVERAGE:%8.1lf %sBps",
-		"GPRINT:portscan:MIN:%8.1lf %sBps",
-		"GPRINT:portscan:LAST:%8.1lf %sBps\\j",
-		"STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
-		"GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
-		"GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
-		"GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
-		"GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
-		"STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
-		"GPRINT:hostilein:MAX:%8.1lf %sBps",
-		"GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
-		"GPRINT:hostilein:MIN:%8.1lf %sBps",
-		"GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
-		"STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
-		"GPRINT:hostileout:MAX:%8.1lf %sBps",
-		"GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
-		"GPRINT:hostileout:MIN:%8.1lf %sBps",
-		"GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
-		"LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
-		"GPRINT:hostile:MAX:%8.1lf %sBps",
-		"GPRINT:hostile:AVERAGE:%8.1lf %sBps",
-		"GPRINT:hostile:MIN:%8.1lf %sBps",
-		"GPRINT:hostile:LAST:%8.1lf %sBps\\j",
-		);
+	if ( -e "$mainsettings{'RRDLOG'}/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd" ) {
+		RRDs::graph(
+			@GRAPH_ARGS,
+			"-",
+			"--start",
+			"-1".$period,
+			"-r",
+			"-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
+			"-v ".$Lang::tr{'bytes per second'},
+			"--color=SHADEA".$color{"color19"},
+			"--color=SHADEB".$color{"color19"},
+			"--color=BACK".$color{"color21"},
+			"DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+			"DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+			"DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
+			"DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
+			"DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
+			"DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
+			"DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+			"DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+			"DEF:hostilelegacy=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+
+			# This creates a new combined hostile segment.
+			# Previously we did not split into incoming/outgoing, but we cannot go back in time. This CDEF will take the values
+			# from the old RRD database if it exists and if those values are UNKNOWN (time period after Hostile was split into In and Out),
+			# we replace them with the sum of IN + OUT.
+			"CDEF:hostile=hostilelegacy,UN,hostilein,hostileout,+,hostilelegacy,IF",
+
+			"COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
+			"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+			"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+			"COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
+			"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+			"AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
+			"GPRINT:output:MAX:%8.1lf %sBps",
+			"GPRINT:output:AVERAGE:%8.1lf %sBps",
+			"GPRINT:output:MIN:%8.1lf %sBps",
+			"GPRINT:output:LAST:%8.1lf %sBps\\j",
+			"STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
+			"GPRINT:forward:MAX:%8.1lf %sBps",
+			"GPRINT:forward:AVERAGE:%8.1lf %sBps",
+			"GPRINT:forward:MIN:%8.1lf %sBps",
+			"GPRINT:forward:LAST:%8.1lf %sBps\\j",
+			"STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
+			"GPRINT:input:MAX:%8.1lf %sBps",
+			"GPRINT:input:AVERAGE:%8.1lf %sBps",
+			"GPRINT:input:MIN:%8.1lf %sBps",
+			"GPRINT:input:LAST:%8.1lf %sBps\\j",
+			"STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
+			"GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+			"GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+			"GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+			"GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+			"STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
+			"GPRINT:portscan:MAX:%8.1lf %sBps",
+			"GPRINT:portscan:AVERAGE:%8.1lf %sBps",
+			"GPRINT:portscan:MIN:%8.1lf %sBps",
+			"GPRINT:portscan:LAST:%8.1lf %sBps\\j",
+			"STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
+			"GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
+			"GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
+			"GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
+			"GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
+			"STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
+			"GPRINT:hostilein:MAX:%8.1lf %sBps",
+			"GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
+			"GPRINT:hostilein:MIN:%8.1lf %sBps",
+			"GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
+			"STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
+			"GPRINT:hostileout:MAX:%8.1lf %sBps",
+			"GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
+			"GPRINT:hostileout:MIN:%8.1lf %sBps",
+			"GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
+			"LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
+			"GPRINT:hostile:MAX:%8.1lf %sBps",
+			"GPRINT:hostile:AVERAGE:%8.1lf %sBps",
+			"GPRINT:hostile:MIN:%8.1lf %sBps",
+			"GPRINT:hostile:LAST:%8.1lf %sBps\\j",
+			);
+	}else{
+		RRDs::graph(
+			@GRAPH_ARGS,
+			"-",
+			"--start",
+			"-1".$period,
+			"-r",
+			"-t ".$Lang::tr{'firewall hits per'}." ".$Lang::tr{$period."-graph"},
+			"-v ".$Lang::tr{'bytes per second'},
+			"--color=SHADEA".$color{"color19"},
+			"--color=SHADEB".$color{"color19"},
+			"--color=BACK".$color{"color21"},
+			"DEF:output=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYOUT/ipt_bytes-DROP_OUTPUT.rrd:value:AVERAGE",
+			"DEF:input=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYIN/ipt_bytes-DROP_INPUT.rrd:value:AVERAGE",
+			"DEF:forward=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-POLICYFWD/ipt_bytes-DROP_FORWARD.rrd:value:AVERAGE",
+			"DEF:newnotsyn=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-NEWNOTSYN/ipt_bytes-DROP_NEWNOTSYN.rrd:value:AVERAGE",
+			"DEF:portscan=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-PSCAN/ipt_bytes-DROP_PScan.rrd:value:AVERAGE",
+			"DEF:spoofedmartian=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-SPOOFED_MARTIAN/ipt_bytes-DROP_SPOOFED_MARTIAN.rrd:value:AVERAGE",
+			"DEF:hostilein=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_IN/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+			"DEF:hostileout=".$mainsettings{'RRDLOG'}."/collectd/localhost/iptables-filter-HOSTILE_DROP_OUT/ipt_bytes-DROP_HOSTILE.rrd:value:AVERAGE",
+
+			# This creates a new combined hostile segment.
+			# If we started collecting IN/OUT, ie the old single Hostile RRD database is not available then this CDEF will take the values
+			# from the sum of IN + OUT.
+			"CDEF:hostile=hostilein,hostileout,+",
+
+			"COMMENT:".sprintf("%-26s",$Lang::tr{'caption'}),
+			"COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+			"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+			"COMMENT:".sprintf("%14s",$Lang::tr{'minimal'}),
+			"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+			"AREA:output".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (OUTPUT)"),
+			"GPRINT:output:MAX:%8.1lf %sBps",
+			"GPRINT:output:AVERAGE:%8.1lf %sBps",
+			"GPRINT:output:MIN:%8.1lf %sBps",
+			"GPRINT:output:LAST:%8.1lf %sBps\\j",
+			"STACK:forward".$color{"color23"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (FORWARD)"),
+			"GPRINT:forward:MAX:%8.1lf %sBps",
+			"GPRINT:forward:AVERAGE:%8.1lf %sBps",
+			"GPRINT:forward:MIN:%8.1lf %sBps",
+			"GPRINT:forward:LAST:%8.1lf %sBps\\j",
+			"STACK:input".$color{"color24"}."A0:".sprintf("%-25s",$Lang::tr{'firewallhits'}." (INPUT)"),
+			"GPRINT:input:MAX:%8.1lf %sBps",
+			"GPRINT:input:AVERAGE:%8.1lf %sBps",
+			"GPRINT:input:MIN:%8.1lf %sBps",
+			"GPRINT:input:LAST:%8.1lf %sBps\\j",
+			"STACK:newnotsyn".$color{"color14"}."A0:".sprintf("%-25s","NewNotSYN"),
+			"GPRINT:newnotsyn:MAX:%8.1lf %sBps",
+			"GPRINT:newnotsyn:AVERAGE:%8.1lf %sBps",
+			"GPRINT:newnotsyn:MIN:%8.1lf %sBps",
+			"GPRINT:newnotsyn:LAST:%8.1lf %sBps\\j",
+			"STACK:portscan".$color{"color16"}."A0:".sprintf("%-25s",$Lang::tr{'portscans'}),
+			"GPRINT:portscan:MAX:%8.1lf %sBps",
+			"GPRINT:portscan:AVERAGE:%8.1lf %sBps",
+			"GPRINT:portscan:MIN:%8.1lf %sBps",
+			"GPRINT:portscan:LAST:%8.1lf %sBps\\j",
+			"STACK:spoofedmartian".$color{"color12"}."A0:".sprintf("%-25s",$Lang::tr{'spoofed or martians'}),
+			"GPRINT:spoofedmartian:MAX:%8.1lf %sBps",
+			"GPRINT:spoofedmartian:AVERAGE:%8.1lf %sBps",
+			"GPRINT:spoofedmartian:MIN:%8.1lf %sBps",
+			"GPRINT:spoofedmartian:LAST:%8.1lf %sBps\\j",
+			"STACK:hostilein".$color{"color13"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks in'}),
+			"GPRINT:hostilein:MAX:%8.1lf %sBps",
+			"GPRINT:hostilein:AVERAGE:%8.1lf %sBps",
+			"GPRINT:hostilein:MIN:%8.1lf %sBps",
+			"GPRINT:hostilein:LAST:%8.1lf %sBps\\j",
+			"STACK:hostileout".$color{"color25"}."A0:".sprintf("%-25s",$Lang::tr{'hostile networks out'}),
+			"GPRINT:hostileout:MAX:%8.1lf %sBps",
+			"GPRINT:hostileout:AVERAGE:%8.1lf %sBps",
+			"GPRINT:hostileout:MIN:%8.1lf %sBps",
+			"GPRINT:hostileout:LAST:%8.1lf %sBps\\j",
+			"LINE:hostile#000000A0:".sprintf("%-25s",$Lang::tr{'hostile networks total'}),
+			"GPRINT:hostile:MAX:%8.1lf %sBps",
+			"GPRINT:hostile:AVERAGE:%8.1lf %sBps",
+			"GPRINT:hostile:MIN:%8.1lf %sBps",
+			"GPRINT:hostile:LAST:%8.1lf %sBps\\j",
+			);
+	}
 		$ERROR = RRDs::error;
 		return "Error in RRD::graph for firewallhits: ".$ERROR."\n" if $ERROR;
 }
-- 
2.43.0


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-02-14 13:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-14 10:34 [PATCH] graphs.pl: Fixes graph failure when the DROP_HOSTILE directory is missing Adolf Belka
2024-02-14 12:59 ` Michael Tremer
2024-02-14 13:24   ` Adolf Belka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox