From: Michael Tremer <git@ipfire.org>
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 13b7e3803cfd803d42d4ef082fba37859aa1e2f7
Date: Fri, 18 Jul 2025 10:31:38 +0000 (UTC) [thread overview]
Message-ID: <4bk5gZ3hydz2xYs@people01.haj.ipfire.org> (raw)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 13b7e3803cfd803d42d4ef082fba37859aa1e2f7 (commit)
via 6349caf6fa009ea02f93c1b6d1a589859ce3031e (commit)
via ff90bed77c5fec5d9f29c6f1422cf36440b09e94 (commit)
via a2cc5c320c3bd894c0cff2f9185f13f0d527e456 (commit)
via 928f98326d7c82584754a9c4631b94e64ca15ae1 (commit)
via c297c347d96460bcab651b4f58038d5e857fd2ff (commit)
via 3f3c688181304b4676a7fbb3291270b967f09395 (commit)
via 2772a5990067679bde106883f39a30aa2fe196e6 (commit)
via 23fb1dfd86d1efc85a0f80228bd644287bfff682 (commit)
from d32ce68c3e2cc0bde4407d97e1f09d8a1efba0e7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 13b7e3803cfd803d42d4ef082fba37859aa1e2f7
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Jul 18 10:30:29 2025 +0000
core197: Migrate OpenVPN configuration changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 6349caf6fa009ea02f93c1b6d1a589859ce3031e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri Jul 18 10:11:34 2025 +0000
core197: Ship BIND
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ff90bed77c5fec5d9f29c6f1422cf36440b09e94
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Fri Jul 18 00:35:56 2025 +0200
bind: Update ot 9.20.11
For details see:
https://downloads.isc.org/isc/bind9/9.20.11/doc/arm/html/notes.html#notes-for-bind-9-20-11
"Notes for BIND 9.20.11
Security Fixes
Fix a possible assertion failure when stale-answer-client-timeout is
set to 0.
In specific circumstances the named resolver process could exit with an
assertion failure when stale answers were enabled and the
stale-answer-client-timeout configuration option was set to 0. This has
been fixed. (CVE-2025-40777) [GL #5372]
New Features
Add support for the CO flag to dig.
Add support for Compact Denial of Existence to dig. This includes
showing the CO (Compact Answers OK) flag when displaying messages and
adding an option to set the CO flag when making queries (dig +coflag).
[GL #5319]
Bug Fixes
Correct the default interface-interval from 60s to 60m.
When the interface-interval parser was changed from a uint32 parser to
a duration parser, the default value stayed at plain number 60 which
now means 60 seconds instead of 60 minutes. The documentation also
incorrectly states that the value is in minutes. That has been fixed.
[GL #5246]
Fix a purge-keys bug when using multiple views of a zone.
Previously, when a DNSSEC key was purged by one zone view, other zone
views would return an error about missing key files. This has been
fixed. [GL #5315]
Use IPv6 queries in delv +ns.
delv +ns invokes the same code to perform name resolution as named, but
it neglected to set up an IPv6 dispatch object first. Consequently, it
was behaving more like named -4. It now sets up dispatch objects for
both address families, and performs resolver queries to both IPv4 and
IPv6 addresses, except when one of the address families has been
suppressed by using delv -4 or delv -6. [GL #5352]"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit a2cc5c320c3bd894c0cff2f9185f13f0d527e456
Author: Robin Roevens <robin.roevens@disroot.org>
Date: Thu Jul 17 19:52:05 2025 +0200
zabbix_agentd: Openvpn-2.6: use the helper binary to read the status log
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 928f98326d7c82584754a9c4631b94e64ca15ae1
Author: Robin Roevens <robin.roevens@disroot.org>
Date: Thu Jul 17 19:52:04 2025 +0200
zabbix_agentd: Openvpn-2.6: fix pid name for services stats
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c297c347d96460bcab651b4f58038d5e857fd2ff
Author: Robin Roevens <robin.roevens@disroot.org>
Date: Thu Jul 17 19:52:03 2025 +0200
zabbix_agentd: Add LocationDB functionality
Adds new IPFire specific monitoring capabilities to Zabbix Agent:
- ipfire.locationdb.lookup[<ip>,<ip>,...]: Perform IPFire LocationDB lookups
from within Zabbix. Returns a JSON dict.
- ipfire.locationdb.version: Get LocationDB version timestamp in unixtime.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 3f3c688181304b4676a7fbb3291270b967f09395
Author: Robin Roevens <robin.roevens@disroot.org>
Date: Thu Jul 17 19:52:02 2025 +0200
zabbix_agentd: Add WireGuard specific monitoring items
Adds new IPFire specific monitoring capabilities to Zabbix Agent:
- ipfire.wireguard.peers.discovery: Discovery of configured WireGuard
clients. Returns a JSON array.
- ipfire.wireguard.statusreport.get: Parses and returns output of
`wireguardctrl dump` as a JSON array.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 2772a5990067679bde106883f39a30aa2fe196e6
Author: Robin Roevens <robin.roevens@disroot.org>
Date: Thu Jul 17 19:52:01 2025 +0200
zabbix_agentd: Add ARPing method for checking Internet Gateway
Since some ISP's block ICMP ping to their gateway ARPing can be an alternative.
This change adds arping alternatives for the regular (icmp) ping checks:
- ipfire.net.gateway.arping: Check if the Internet Gateway is reachable via ARPing
- ipfire.net.gateway.arpingtime: Measure the time it takes to ARPing the Internet Gateway
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 23fb1dfd86d1efc85a0f80228bd644287bfff682
Author: Robin Roevens <robin.roevens@disroot.org>
Date: Thu Jul 17 19:52:00 2025 +0200
zabbix_agentd: Update to 7.0.16 (LTS)
- Update from version 7.0.11 to 7.0.16
- Update of rootfile not required
Bugs fixed:
ZBX-26080 Fixed old file descriptors being held when external log rotation is used
ZBX-26121 Added default flags to net.dns.get arguments when none are specified
ZBX-26055 Fixed failure to refresh active checks when next refresh was faster than 60 seconds
Full changelogs since 7.0.11:
- https://www.zabbix.com/rn/rn7.0.12
- https://www.zabbix.com/rn/rn7.0.13
- https://www.zabbix.com/rn/rn7.0.14
- https://www.zabbix.com/rn/rn7.0.15
- https://www.zabbix.com/rn/rn7.0.16
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/backup/backup.pl | 26 +++++++++++++++++++++
config/rootfiles/common/bind | 10 ++++----
.../{oldcore/100 => core/197}/filelists/bind | 0
config/rootfiles/core/197/filelists/files | 1 +
config/rootfiles/core/197/update.sh | 27 ++++++++++++++++++++++
config/rootfiles/packages/zabbix_agentd | 3 +++
config/zabbix_agentd/ipfire_services.pl | 2 +-
config/zabbix_agentd/sudoers | 3 ++-
config/zabbix_agentd/userparameter_gateway.conf | 12 ++++++++++
config/zabbix_agentd/userparameter_ipfire.conf | 4 ----
config/zabbix_agentd/userparameter_locationdb.conf | 6 +++++
config/zabbix_agentd/userparameter_ovpn.conf | 2 +-
config/zabbix_agentd/userparameter_wireguard.conf | 6 +++++
lfs/bind | 4 ++--
lfs/zabbix_agentd | 12 +++++++---
15 files changed, 101 insertions(+), 17 deletions(-)
copy config/rootfiles/{oldcore/100 => core/197}/filelists/bind (100%)
create mode 100644 config/zabbix_agentd/userparameter_gateway.conf
create mode 100644 config/zabbix_agentd/userparameter_locationdb.conf
create mode 100644 config/zabbix_agentd/userparameter_wireguard.conf
Difference in files:
diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index fe62213e8..f49073b1e 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -349,6 +349,32 @@ restore_backup() {
rm /var/log/pakfire.log
fi
+ # Update the OpenVPN configuration
+ sed -r \
+ -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
+ -e "/ncp-disable/d" \
+ -e "s/^cipher (.*)/data-ciphers-fallback \1/" \
+ -i /var/ipfire/ovpn/server.conf
+
+ # Change to the subnet topology
+ if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
+ echo "topology subnet" >> /var/ipfire/ovpn/server.conf
+ fi
+
+ # Migrate away from compression
+ if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
+ echo "compress migrate" >> /var/ipfire/ovpn/server.conf
+ fi
+
+ # Enable the legacy provider (just in case)
+ if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
+ echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
+ fi
+
+ # Enable explicit exit notification
+ if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
+ echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
+ fi
return 0
}
diff --git a/config/rootfiles/common/bind b/config/rootfiles/common/bind
index f387a31a7..fb6220c47 100644
--- a/config/rootfiles/common/bind
+++ b/config/rootfiles/common/bind
@@ -240,18 +240,18 @@ usr/bin/nsupdate
#usr/include/ns/types.h
#usr/include/ns/update.h
#usr/include/ns/xfrout.h
-usr/lib/libdns-9.20.10.so
+usr/lib/libdns-9.20.11.so
#usr/lib/libdns.la
#usr/lib/libdns.so
-usr/lib/libisc-9.20.10.so
+usr/lib/libisc-9.20.11.so
#usr/lib/libisc.la
#usr/lib/libisc.so
-usr/lib/libisccc-9.20.10.so
+usr/lib/libisccc-9.20.11.so
#usr/lib/libisccc.la
#usr/lib/libisccc.so
-usr/lib/libisccfg-9.20.10.so
+usr/lib/libisccfg-9.20.11.so
#usr/lib/libisccfg.la
#usr/lib/libisccfg.so
-usr/lib/libns-9.20.10.so
+usr/lib/libns-9.20.11.so
#usr/lib/libns.la
#usr/lib/libns.so
diff --git a/config/rootfiles/core/197/filelists/bind b/config/rootfiles/core/197/filelists/bind
new file mode 120000
index 000000000..48a0ebaef
--- /dev/null
+++ b/config/rootfiles/core/197/filelists/bind
@@ -0,0 +1 @@
+../../../common/bind
\ No newline at end of file
diff --git a/config/rootfiles/core/197/filelists/files b/config/rootfiles/core/197/filelists/files
index b197f3f2a..3d3aaa46a 100644
--- a/config/rootfiles/core/197/filelists/files
+++ b/config/rootfiles/core/197/filelists/files
@@ -14,6 +14,7 @@ srv/web/ipfire/cgi-bin/services.cgi
srv/web/ipfire/cgi-bin/vulnerabilities.cgi
srv/web/ipfire/html/themes/ipfire/include/css/style.css
usr/local/bin/openvpnctrl
+var/ipfire/backup/bin/backup.pl
var/ipfire/general-functions.pl
var/ipfire/header.pl
var/ipfire/langs/list
diff --git a/config/rootfiles/core/197/update.sh b/config/rootfiles/core/197/update.sh
index b72797e24..5ed9385cc 100644
--- a/config/rootfiles/core/197/update.sh
+++ b/config/rootfiles/core/197/update.sh
@@ -54,6 +54,33 @@ ldconfig
# Filesytem cleanup
/usr/local/bin/filesystem-cleanup
+# Update the OpenVPN configuration
+sed -r \
+ -e "s/^writepid .*/writepid \/var\/run\/openvpn-rw.pid/" \
+ -e "/ncp-disable/d" \
+ -e "s/^cipher (.*)/data-ciphers-fallback \1/" \
+ -i /var/ipfire/ovpn/server.conf
+
+# Change to the subnet topology
+if ! grep -q "topology subnet" /var/ipfire/ovpn/server.conf; then
+ echo "topology subnet" >> /var/ipfire/ovpn/server.conf
+fi
+
+# Migrate away from compression
+if ! grep -q "compress migrate" /var/ipfire/ovpn/server.conf; then
+ echo "compress migrate" >> /var/ipfire/ovpn/server.conf
+fi
+
+# Enable the legacy provider (just in case)
+if ! grep -q "providers legacy default" /var/ipfire/ovpn/server.conf; then
+ echo "providers legacy default" >> /var/ipfire/ovpn/server.conf
+fi
+
+# Enable explicit exit notification
+if ! grep -q "explicit-exit-notify" /var/ipfire/ovpn/server.conf; then
+ echo "explicit-exit-notify" >> /var/ipfire/ovpn/server.conf
+fi
+
# Apply SSH configuration
/usr/local/bin/sshctrl
diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index ffa66f307..7f1f39b64 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -21,6 +21,9 @@ var/ipfire/zabbix_agentd/userparameters
var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_locationdb.conf
var/ipfire/zabbix_agentd/scripts
var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/ipfire_services.pl b/config/zabbix_agentd/ipfire_services.pl
index 653b606ee..d3f9855ba 100755
--- a/config/zabbix_agentd/ipfire_services.pl
+++ b/config/zabbix_agentd/ipfire_services.pl
@@ -100,7 +100,7 @@ my %services = (
# OpenVPN Roadwarrior
'OpenVPN Roadwarrior Server' => {
"process" => "openvpn",
- "pidfile" => "/var/run/openvpn.pid",
+ "pidfile" => "/var/run/openvpn-rw.pid",
}
);
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 78e175980..50a9e69de 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -8,6 +8,7 @@
# To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user
#
Defaults:zabbix !requiretty
-zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log
+zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
+zabbix ALL=(ALL) NOPASSWD: /usr/local/bin/openvpnctrl rw log, /usr/local/bin/wireguardctrl dump
zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_gateway.conf b/config/zabbix_agentd/userparameter_gateway.conf
new file mode 100644
index 000000000..cfae001ae
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_gateway.conf
@@ -0,0 +1,12 @@
+# Parameters to monitor Internet gateway connectivity
+#
+# ICMP Ping
+# Internet Gateway ping timings, can be used to measure "Internet Line Quality"
+UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2
+# Internet Gateway availability, can be used to check Internet connection
+UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $?
+# ARP Ping
+# Internet Gateway ping timings, can be used to measure "Internet Line Quality" when ICMP ping is not available
+UserParameter=ipfire.net.gateway.arpingtime,sudo /usr/sbin/arping -i red0 -c 3 gateway | awk 'match($0, /time=([0-9\.]+) (\w+)$/, arr) { n++; if (arr[2] == "usec") { arr[1]/=1000; }; sum+=arr[1] } END { print sum / n }'
+# Internet Gateway availability, can be used to check Internet connection when ICMP ping is not available
+UserParameter=ipfire.net.gateway.arping,sudo /usr/sbin/arping -q -c 3 gateway; [ ! $? == 0 ]; echo $?
diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf
index c8ead1608..e88c20298 100644
--- a/config/zabbix_agentd/userparameter_ipfire.conf
+++ b/config/zabbix_agentd/userparameter_ipfire.conf
@@ -1,9 +1,5 @@
# Parameters for monitoring IPFire specific metrics
#
-# Internet Gateway ping timings, can be used to measure "Internet Line Quality"
-UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2
-# Internet Gateway availability, can be used to check Internet connection
-UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $?
# Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain
UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/\* DROP_.* \*/$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{\"chain\": \"%s\", \"bytes\": \"%s\"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }'
# Number of currently Active DHCP leases
diff --git a/config/zabbix_agentd/userparameter_locationdb.conf b/config/zabbix_agentd/userparameter_locationdb.conf
new file mode 100644
index 000000000..4aa540762
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_locationdb.conf
@@ -0,0 +1,6 @@
+# Parameters for querying IPFire Location DB
+#
+# Returns Location DB lookup for one or more IP addresses
+UserParameter=ipfire.locationdb.lookup[*],/usr/bin/location lookup $1 $2 $3 $4 $5 $6 $7 $8 $9 2>&1 | awk -F"[[:space:]]*:[[:space:]]*" 'BEGIN { printf "{" } /[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+:/ { printf "%s\"%s\":{",separator,$$1; separator = "," } /^[[:space:]]*Network/ { printf "\"network\":\"" $$2 "\"" } /^[[:space:]]*Country/ { printf ",\"country\":\"" $$2 "\"" } /^[[:space:]]*Autonomous System/ { printf ",\"as\":\"" $$2 "\"}" } /Errno [[:digit:]]+/ { printf "\"error\":\"%s\"",$$0 } END { printf "}" }'
+# Returns the Unix timestamp of the IPFire Location DB version
+UserParameter=ipfire.locationdb.version,date -d"$(/usr/bin/location version)" +%s
diff --git a/config/zabbix_agentd/userparameter_ovpn.conf b/config/zabbix_agentd/userparameter_ovpn.conf
index a7a6d8535..d2ce10bb3 100644
--- a/config/zabbix_agentd/userparameter_ovpn.conf
+++ b/config/zabbix_agentd/userparameter_ovpn.conf
@@ -3,7 +3,7 @@
# Discovery of configured ovpn clients
UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }'
# Get OpenVPN status report
-UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
+UserParameter=ipfire.ovpn.statusreport.get,sudo /usr/local/bin/openvpnctrl rw log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
# Get OpenVPN client certificate details
UserParameter=ipfire.ovpn.clientcert[*],sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem
UserParameter=ipfire.ovpn.cacert,sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem
diff --git a/config/zabbix_agentd/userparameter_wireguard.conf b/config/zabbix_agentd/userparameter_wireguard.conf
new file mode 100644
index 000000000..b7925288a
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_wireguard.conf
@@ -0,0 +1,6 @@
+# Parameters for monitoring IPFire WireGuard specific metrics
+#
+# Discovery of configured WireGuard peers
+UserParameter=ipfire.wireguard.peers.discovery,cat /var/ipfire/wireguard/peers 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#ID}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK_B64}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $4, $5, $2, $11, $3; separator = ","; } END { print "]" }'
+# Get Wireguard status report
+UserParameter=ipfire.wireguard.statusreport.get,sudo /usr/local/bin/wireguardctrl dump | awk 'BEGIN { ORS = ""; print "[" } NR>1 { printf "%s{\"id\":\"%s\",\"endpoint\":\"%s\",\"allowed_ip\":\"%s\",\"handshake_timestamp\":%s,\"bytes_in\":%s,\"bytes_out\":%s}", separator, $1, $3, $4, $5, $6, $7; separator = ","; } END { print "]" }'
diff --git a/lfs/bind b/lfs/bind
index cdba7c307..fa4d73d04 100644
--- a/lfs/bind
+++ b/lfs/bind
@@ -25,7 +25,7 @@
include Config
-VER = 9.20.10
+VER = 9.20.11
THISAPP = bind-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = e5a7824ff5b901be447a2f4f067aa8b3345eb8187ed86f3bf6bc623e2b6c812722667eefd1f915026dab078846011e222336a30c4da640c4e54aa828398b180d
+$(DL_FILE)_BLAKE2 = 582e6de2699713e870dfc853f461c78b2d2b505bed0b571f853c94a731be9006783f45a4f897692289c1a9411725eac0b4de3818f1641221e62754316f410081
install : $(TARGET)
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index dbe2088fb..db43bd611 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -26,7 +26,7 @@ include Config
SUMMARY = Zabbix Agent
-VER = 7.0.11
+VER = 7.0.16
THISAPP = zabbix-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = zabbix_agentd
-PAK_VER = 17
+PAK_VER = 18
DEPS = fping
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 0c6544c64febc51e6fc153863b46e333d9d5564c83f40b71362a15c0533d48e50e5c340b35b2ca0dd1d776d0452f4aae42dc44d4e0e4b2c5949df02efbc7fc06
+$(DL_FILE)_BLAKE2 = 5b5ae98fd9ff819b0a202ad566fc4e9523991f67a13a0967986299cafe962e54c7769dffe821b59c55bd2b6e437ea913a6f7074bf9275cdb1bf433eeeb193117
install : $(TARGET)
@@ -112,6 +112,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ovpn.conf \
/var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+ install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \
+ /var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+ install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \
+ /var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
+ install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_locationdb.conf \
+ /var/ipfire/zabbix_agentd/userparameters/userparameter_locationdb.conf
# Install IPFire-specific Zabbix Agent scripts
-mkdir -pv /var/ipfire/zabbix_agentd/scripts
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2025-07-18 10:31 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4bk5gZ3hydz2xYs@people01.haj.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox