This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 679ac9f163b1d4b3f321c0773510fba0bb9cad78 (commit) via d72de3da144ea4edff4d1c30ff555e8cd43d8b18 (commit) via 2f36a7b43aa859500994d9bc13f98c17f992c5e4 (commit) via 775b44943135f15dc9b242ceacf708ecc9653e4a (commit) via e1297cbb7659618c526fdc1ab07e97f57f55fd78 (commit) via 6b7cbc8f335106a0d8e8860f343a51bda8e14dbb (commit) via 91c2eaec9a4528d9c94ae18bf1ac12077faa1f07 (commit) via b98757a13970bebef354849be7704d5932a28353 (commit) via 842e2132e84d68046576106356c7ed13ea19bfbd (commit) via 7ca64c9f0b702864e9c84a85c742712759b85290 (commit) from d2dabe5eba89eafbade352ad25a3742f790ac7ef (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 679ac9f163b1d4b3f321c0773510fba0bb9cad78 Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Apr 8 19:53:17 2015 +0200
vpn-statistic: change title of ovpn n2n site
additionally print errormessages to /dev/null when no rrd data is found
commit d72de3da144ea4edff4d1c30ff555e8cd43d8b18 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 9 17:18:44 2015 +0200
openvpn: Remove stat files when connections are removed
commit 2f36a7b43aa859500994d9bc13f98c17f992c5e4 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 9 17:11:16 2015 +0200
openvpn: Remove RRDs when removing all connections at once
commit 775b44943135f15dc9b242ceacf708ecc9653e4a Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Apr 9 16:44:07 2015 +0200
openvpn: Update collectd configuration when connections are started/stopped
commit e1297cbb7659618c526fdc1ab07e97f57f55fd78 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Apr 9 16:32:39 2015 +0200
openvpn: Properly remove all RRDs after a connection is removed
commit 6b7cbc8f335106a0d8e8860f343a51bda8e14dbb Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Apr 8 19:20:13 2015 +0200
vpn-statistic: move collectd.vpn to /var/ipfire/ovpn/
collectd.vpn needs to be within /var/ipfire/ovpn so that the ovpnmain.cgi is able to write the status files from the n2n connections to the file.
commit 91c2eaec9a4528d9c94ae18bf1ac12077faa1f07 Author: Alexander Marx alexander.marx@ipfire.org Date: Tue Apr 7 15:35:31 2015 +0200
vpn-statistic: create collectd wrapper to restart collectd when first vpn was created
This wrapper is only used, when the first openvpn RW is created. Then the collectd has to be restarted to get the vpn Data and create rrd Data
commit b98757a13970bebef354849be7704d5932a28353 Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Apr 8 19:50:56 2015 +0200
vpn-statistic: change title of ovpn RW statistic page
additionally print errors to /dev/null if no rrd data is found
commit 842e2132e84d68046576106356c7ed13ea19bfbd Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Apr 8 19:47:51 2015 +0200
vpn-statistic: added title for graph sites
commit 7ca64c9f0b702864e9c84a85c742712759b85290 Author: Alexander Marx alexander.marx@ipfire.org Date: Tue Apr 7 15:22:46 2015 +0200
BUG10790: create dummy ovpnserver.log in /var/run
-----------------------------------------------------------------------
Summary of changes: config/backup/include | 1 + config/rootfiles/common/collectd | 1 + config/rootfiles/common/misc-progs | 1 + config/rootfiles/core/89/filelists/files | 1 + config/rootfiles/core/89/update.sh | 9 ++++ html/cgi-bin/netovpnrw.cgi | 4 +- html/cgi-bin/netovpnsrv.cgi | 4 +- html/cgi-bin/ovpnmain.cgi | 66 +++++++++++++++++++++------- langs/de/cgi-bin/de.pl | 2 + langs/en/cgi-bin/en.pl | 2 + lfs/collectd | 3 ++ src/initscripts/sysconfig/createfiles | 3 ++ src/misc-progs/Makefile | 2 +- src/misc-progs/{torctrl.c => collectdctrl.c} | 11 +++-- src/misc-progs/openvpnctrl.c | 45 ++++++++++++++----- 15 files changed, 119 insertions(+), 36 deletions(-) copy src/misc-progs/{torctrl.c => collectdctrl.c} (58%)
Difference in files: diff --git a/config/backup/include b/config/backup/include index cc9546f..d7a1d3a 100644 --- a/config/backup/include +++ b/config/backup/include @@ -4,6 +4,7 @@ /var/ipfire/*/config /var/ipfire/*/enable /var/ipfire/*/*enable* +/var/ipfire/ovpn/collectd.vpn /etc/passwd /etc/shadow /etc/group diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd index 72b2dee..2732494 100644 --- a/config/rootfiles/common/collectd +++ b/config/rootfiles/common/collectd @@ -243,3 +243,4 @@ usr/share/collectd/types.db #usr/share/man/man5/collectd.conf.5 #usr/share/man/man5/types.db.5 #var/lib/collectd +var/ipfire/ovpn/collectd.vpn diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index 1ab4dec..f33d08c 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -2,6 +2,7 @@ usr/local/bin/addonctrl #usr/local/bin/applejuicectrl usr/local/bin/backupctrl #usr/local/bin/clamavctrl +usr/local/bin/collectdctrl usr/local/bin/dhcpctrl usr/local/bin/dnsmasqctrl usr/local/bin/extrahdctrl diff --git a/config/rootfiles/core/89/filelists/files b/config/rootfiles/core/89/filelists/files index f344208..c35b885 100644 --- a/config/rootfiles/core/89/filelists/files +++ b/config/rootfiles/core/89/filelists/files @@ -11,6 +11,7 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi +usr/local/bin/collectdctrl usr/local/bin/openvpnctrl var/ipfire/backup/bin/backup.pl var/ipfire/graphs.pl diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh index f3de863..9c6cce9 100644 --- a/config/rootfiles/core/89/update.sh +++ b/config/rootfiles/core/89/update.sh @@ -39,6 +39,15 @@ done # Extract files extract_files
+# Update /etc/sysconfig/createfiles +cat <<EOF >> /etc/sysconfig/createfiles +/var/run/ovpnserver.log file 644 nobody nobody +/var/run/openvpn dir 644 nobody nobody +EOF + +# Update /etc/collectd.conf +echo "include "/etc/collectd.vpn"" >> /etc/collectd.conf + # Generate ddns configuration file sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
diff --git a/html/cgi-bin/netovpnrw.cgi b/html/cgi-bin/netovpnrw.cgi index f775b23..e0b1148 100755 --- a/html/cgi-bin/netovpnrw.cgi +++ b/html/cgi-bin/netovpnrw.cgi @@ -47,10 +47,10 @@ if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){ &Graphs::updatevpngraph($querry[0],$querry[1]); }else{ &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'host to net vpn'}, 1, ''); + &Header::openpage($Lang::tr{'vpn statistic rw'}, 1, ''); &Header::openbigbox('100%', 'left');
- my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd|sort`; + my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd 2>/dev/null|sort`; foreach (@vpngraphs){ if($_ =~ /(.*)/openvpn-(.*)/if_octets_derive.rrd/){ push(@vpns,$2); diff --git a/html/cgi-bin/netovpnsrv.cgi b/html/cgi-bin/netovpnsrv.cgi index 0ec9c67..f843462 100755 --- a/html/cgi-bin/netovpnsrv.cgi +++ b/html/cgi-bin/netovpnsrv.cgi @@ -47,10 +47,10 @@ if ( $querry[0] ne ""){ &Graphs::updatevpnn2ngraph($querry[0],$querry[1]); }else{ &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'openvpn server'}, 1, ''); + &Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, ''); &Header::openbigbox('100%', 'left');
- my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd|sort`; + my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd 2>/dev/null|sort`; foreach (@vpngraphs){ if($_ =~ /(.*)/openvpn-(.*)/if_octets_derive-traffic.rrd/){ push(@vpns,$2); diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 1e07492..1a29be0 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -668,6 +668,29 @@ sub read_routepushfile } }
+sub writecollectdconf { + my $vpncollectd; + my %ccdhash=(); + + open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!"; + print COLLECTDVPN "Loadplugin openvpn\n"; + print COLLECTDVPN "\n"; + print COLLECTDVPN "<Plugin openvpn>\n"; + print COLLECTDVPN "Statusfile "/var/run/ovpnserver.log"\n"; + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') { + print COLLECTDVPN "Statusfile "/var/run/openvpn/$ccdhash{$key}[1]-n2n"\n"; + } + } + + print COLLECTDVPN "</Plugin>\n"; + close(COLLECTDVPN); + + # Reload collectd afterwards + system("/usr/local/bin/collectdctrl restart &>/dev/null"); +}
#hier die refresh page if ( -e "${General::swroot}/ovpn/gencanow") { @@ -1167,9 +1190,13 @@ SETTINGS_ERROR: &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
foreach my $key (keys %confighash) { + my $name = $confighash{$cgiparams{'$key'}}[1]; + if ($confighash{$key}[4] eq 'cert') { delete $confighash{$cgiparams{'$key'}}; } + + system ("/usr/local/bin/openvpnctrl -drrd $name"); } while ($file = glob("${General::swroot}/ovpn/ca/*")) { unlink $file; @@ -1196,11 +1223,6 @@ SETTINGS_ERROR: while ($file = glob("${General::swroot}/ovpn/ccd/*")) { unlink $file } -# Delete all RRD files for Roadwarrior connections - chdir('/var/ipfire/ovpn/ccd'); - while ($file = glob("*")) { - system ("/usr/local/bin/openvpnctrl -drrd $file"); - } while ($file = glob("${General::swroot}/ovpn/ccd/*")) { unlink $file } @@ -1215,6 +1237,12 @@ SETTINGS_ERROR: while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { system ("rm -rf $file"); } + while ($file = glob("/var/run/openvpn/*-n2n")) { + unlink $file; + } + + # Remove everything from the collectd configuration + &writecollectdconf();
#&writeserverconf(); ### @@ -2041,7 +2069,8 @@ END &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ - system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + &writecollectdconf(); } } else {
@@ -2049,14 +2078,15 @@ END &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ - if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); - } + if ($n2nactive ne '') { + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + &writecollectdconf(); + }
} else { - $errormessage = $Lang::tr{'invalid key'}; + $errormessage = $Lang::tr{'invalid key'}; } - } + } }
### @@ -2337,6 +2367,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") { rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; } + + unlink("/var/run/openvpn/$confighash{$cgiparams{'KEY'}}[1]-n2n"); }
unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); @@ -2370,15 +2402,13 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { # CCD end
-### -### Delete all RRD's for client -### - system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- #&writeserverconf(); + # Update collectd configuration and delete all RRD files of the removed connection + &writecollectdconf(); + system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); } else { $errormessage = $Lang::tr{'invalid key'}; } @@ -3068,6 +3098,10 @@ END unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); delete $confighash{$cgiparams{'KEY'}}; + + # Delete RRD's for collectd + system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]", "&>/dev/null"); + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); #&writeserverconf(); } else { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index eb29b5f..859c8d3 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2574,6 +2574,8 @@ 'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>', 'vpn remote id' => 'Remote ID', 'vpn subjectaltname' => 'Subjekt Alternativer Name', +'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik', +'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik', 'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)', 'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).', 'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8c049ff..6a9a983 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2615,6 +2615,8 @@ 'vpn payload compression' => 'Negotiate payload compression', 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>', 'vpn remote id' => 'Remote ID', +'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics', +'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics', 'vpn subjectaltname' => 'Subject Alt Name', 'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)', 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).', diff --git a/lfs/collectd b/lfs/collectd index f01c92a..6f9c0e5 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -112,6 +112,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --with-librrd=/usr/share/rrdtool-1.2.30 cd $(DIR_APP) && make install cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/ + mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn + chown nobody.nobody /var/ipfire/ovpn/collectd.vpn + ln -f -s ../var/ipfire/ovpn/collectd.vpn /etc/collectd.vpn ln -f -s ../init.d/collectd /etc/rc.d/rc0.d/K50collectd ln -f -s ../init.d/collectd /etc/rc.d/rc3.d/S29collectd ln -f -s ../init.d/collectd /etc/rc.d/rc6.d/K50collectd diff --git a/src/initscripts/sysconfig/createfiles b/src/initscripts/sysconfig/createfiles index 8d1f89d..cf7d6e1 100644 --- a/src/initscripts/sysconfig/createfiles +++ b/src/initscripts/sysconfig/createfiles @@ -25,4 +25,7 @@ # <major> and <minor> are the major and minor numbers used for the device. ########################################################################
+/var/run/ovpnserver.log file 644 nobody nobody +/var/run/openvpn dir 644 nobody nobody + # End /etc/sysconfig/createfiles diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index f5802d2..43e6a90 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -25,7 +25,7 @@ LIBS = -lsmooth -lnewt PROGS = iowrap SUID_PROGS = squidctrl sshctrl ipfirereboot \ ipsecctrl timectrl dhcpctrl snortctrl \ - applejuicectrl rebuildhosts backupctrl \ + applejuicectrl rebuildhosts backupctrl collectdctrl \ logwatch openvpnctrl firewallctrl \ wirelessctrl getipstat qosctrl launch-ether-wake \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ diff --git a/src/misc-progs/collectdctrl.c b/src/misc-progs/collectdctrl.c new file mode 100644 index 0000000..86e4b2a --- /dev/null +++ b/src/misc-progs/collectdctrl.c @@ -0,0 +1,39 @@ +/* This file is part of the IPFire Firewall. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + */ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include "setuid.h" + +int main(int argc, char *argv[]) { + if (!(initsetuid())) + exit(1); + + if (argc < 2) { + fprintf(stderr, "\nNo argument given.\n\ncollectdctrl (start|stop|restart)\n\n"); + exit(1); + } + + if (strcmp(argv[1], "restart") == 0) { + safe_system("/etc/rc.d/init.d/collectd restart"); + + } else if (strcmp(argv[1], "stop") == 0) { + safe_system("/etc/rc.d/init.d/collectd stop"); + + } else if (strcmp(argv[1], "start") == 0) { + safe_system("/etc/rc.d/init.d/collectd start"); + + } else { + fprintf(stderr, "\nBad argument given.\n\ncollectdctrl (start|stop|restart)\n\n"); + exit(1); + } + + return 0; +} diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index d20cced..5d3f8af 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -1,3 +1,4 @@ +#define _XOPEN_SOURCE 500 #include <signal.h> #include <stdio.h> #include <string.h> @@ -7,6 +8,7 @@ #include <arpa/inet.h> #include <netinet/in.h> #include <fcntl.h> +#include <ftw.h> #include "setuid.h" #include "netutil.h" #include "libsmooth.h" @@ -572,23 +574,44 @@ int killNet2Net(char *name) { return 0; }
-int deleterrd(char *name) { - connection *conn = getConnections();
- char rrd_file[STRING_SIZE]; - snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name); +static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) { + int rv = remove(fpath); + if (rv) + perror(fpath); + + return rv; +} + +static int recursive_remove(const char* path) { + return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS); +}
+int deleterrd(char *name) { char rrd_dir[STRING_SIZE]; - snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+ connection *conn = getConnections(); while(conn) { - /* Find only RW-Connections with the given name. */ - if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) { - remove(rrd_file); - remove(rrd_dir); - return 0; + if (strcmp(conn->name, name) != 0) { + conn = conn->next; + continue; } - conn = conn->next; + + // Handle RW connections + if (strcmp(conn->type, "host") == 0) { + snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name); + + // Handle N2N connections + } else if (strcmp(conn->type, "net") == 0) { + snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name); + + // Unhandled connection type + } else { + conn = conn->next; + continue; + } + + return recursive_remove(rrd_dir); }
return 1;
hooks/post-receive -- IPFire 2.x development tree