src/collectors/charts.d.plugin/libreswan/libreswan.chart.sh
# shellcheck shell=bash disable=SC1117
# no need for shebang - this file is loaded from charts.d.plugin
# SPDX-License-Identifier: GPL-3.0-or-later
# netdata
# real-time performance and health monitoring, done right!
# (C) 2018 Costa Tsaousis <costa@tsaousis.gr>
#
# _update_every is a special variable - it holds the number of seconds
# between the calls of the _update() function
libreswan_update_every=1
# the priority is used to sort the charts on the dashboard
# 1 = the first chart
libreswan_priority=90000
# set to 1, to run ipsec with sudo
libreswan_sudo=1
# global variables to store our collected data
# [TUNNELID] = TUNNELNAME
# here we track the *latest* established tunnels
# as detected by: ipsec whack --status
declare -A libreswan_connected_tunnels=()
# [TUNNELID] = VALUE
# here we track values of all established tunnels (not only the latest)
# as detected by: ipsec whack --trafficstatus
declare -A libreswan_traffic_in=()
declare -A libreswan_traffic_out=()
declare -A libreswan_established_add_time=()
# [TUNNELNAME] = CHARTID
# here we remember CHARTIDs of all tunnels
# we need this to avoid converting tunnel names to chart IDs on every iteration
declare -A libreswan_tunnel_charts=()
is_able_sudo_ipsec() {
if ! sudo -n -l "${IPSEC_CMD}" whack --status > /dev/null 2>&1; then
return 1
fi
if ! sudo -n -l "${IPSEC_CMD}" whack --trafficstatus > /dev/null 2>&1; then
return 1
fi
return 0
}
# run the ipsec command
libreswan_ipsec() {
if [ ${libreswan_sudo} -ne 0 ]; then
sudo -n "${IPSEC_CMD}" "${@}"
return $?
else
"${IPSEC_CMD}" "${@}"
return $?
fi
}
# fetch latest values - fill the arrays
libreswan_get() {
# do all the work to collect / calculate the values
# for each dimension
# empty the variables
libreswan_traffic_in=()
libreswan_traffic_out=()
libreswan_established_add_time=()
libreswan_connected_tunnels=()
# convert the ipsec command output to a shell script
# and source it to get the values
# shellcheck disable=SC1090
source <(
{
libreswan_ipsec whack --status
libreswan_ipsec whack --trafficstatus
} | sed -n \
-e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \
-e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",\{0,1\}.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p"
) || return 1
# check we got some data
[ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1
return 0
}
# _check is called once, to find out if this chart should be enabled or not
libreswan_check() {
# this should return:
# - 0 to enable the chart
# - 1 to disable the chart
require_cmd ipsec || return 1
# make sure it is libreswan
# shellcheck disable=SC2143
if [ -z "$(ipsec --version | grep -i libreswan)" ]; then
error "ipsec command is not Libreswan. Disabling Libreswan plugin."
return 1
fi
if [ ${libreswan_sudo} -ne 0 ] && ! is_able_sudo_ipsec; then
error "not enough permissions to execute ipsec with sudo. Disabling Libreswan plugin."
return 1
fi
# check that we can collect data
libreswan_get || return 1
return 0
}
# create the charts for an ipsec tunnel
libreswan_create_one() {
local n="${1}" name
name="${libreswan_connected_tunnels[${n}]}"
[ -n "${libreswan_tunnel_charts[${name}]}" ] && return 0
libreswan_tunnel_charts[${name}]="$(fixid "${name}")"
cat << EOF
CHART libreswan.${libreswan_tunnel_charts[${name}]}_net '${name}_net' "LibreSWAN Tunnel ${name} Traffic" "kilobits/s" "${name}" libreswan.net area $((libreswan_priority)) $libreswan_update_every '' '' 'libreswan'
DIMENSION in '' incremental 8 1000
DIMENSION out '' incremental -8 1000
CHART libreswan.${libreswan_tunnel_charts[${name}]}_uptime '${name}_uptime' "LibreSWAN Tunnel ${name} Uptime" "seconds" "${name}" libreswan.uptime line $((libreswan_priority + 1)) $libreswan_update_every '' '' 'libreswan'
DIMENSION uptime '' absolute 1 1
EOF
return 0
}
# _create is called once, to create the charts
libreswan_create() {
local n
for n in "${!libreswan_connected_tunnels[@]}"; do
libreswan_create_one "${n}"
done
return 0
}
libreswan_now=$(date +%s)
# send the values to netdata for an ipsec tunnel
libreswan_update_one() {
local n="${1}" microseconds="${2}" name id uptime
name="${libreswan_connected_tunnels[${n}]}"
id="${libreswan_tunnel_charts[${name}]}"
[ -z "${id}" ] && libreswan_create_one "${name}"
uptime=$((libreswan_now - libreswan_established_add_time[${n}]))
[ ${uptime} -lt 0 ] && uptime=0
# write the result of the work.
cat << VALUESEOF
BEGIN libreswan.${id}_net ${microseconds}
SET in = ${libreswan_traffic_in[${n}]}
SET out = ${libreswan_traffic_out[${n}]}
END
BEGIN libreswan.${id}_uptime ${microseconds}
SET uptime = ${uptime}
END
VALUESEOF
}
# _update is called continuously, to collect the values
libreswan_update() {
# the first argument to this function is the microseconds since last update
# pass this parameter to the BEGIN statement (see below).
libreswan_get || return 1
libreswan_now=$(date +%s)
local n
for n in "${!libreswan_connected_tunnels[@]}"; do
libreswan_update_one "${n}" "${@}"
done
return 0
}