/** * collectd - src/openvpn.c * Copyright (C) 2008 Doug MacEachern * Copyright (C) 2009,2010 Florian octo Forster * Copyright (C) 2009 Marco Chiappero * Copyright (C) 2009 Fabian Schuh * Copyright (C) 2017-2020 Pavel Rochnyak * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; only version 2 of the License is applicable. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * * Authors: * Doug MacEachern * Florian octo Forster * Marco Chiappero * Fabian Schuh * Pavel Rochnyak **/ #include "collectd.h" #include "plugin.h" #include "utils/common/common.h" /** * There is two main kinds of OpenVPN status file: * - for 'single' mode (point-to-point or client mode) * - for 'multi' mode (server with multiple clients) * * For 'multi' there is 3 versions of status file format: * - version 1 - First version of status file: without line type tokens, * comma delimited for easy machine parsing. Currently used by default. * Added in openvpn-2.0-beta3. * - version 2 - with line type tokens, with 'HEADER' line type, uses comma * as a delimiter. * Added in openvpn-2.0-beta15. * - version 3 - The only difference from version 2 is delimiter: in version 3 * tabs are used instead of commas. Set of fields is the same. * Added in openvpn-2.1_rc14. * * For versions 2/3 there may be different sets of fields in different * OpenVPN versions. * * Versions 2.0, 2.1, 2.2: * Common Name,Real Address,Virtual Address, * Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t) * * Version 2.3: * Common Name,Real Address,Virtual Address, * Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username * * Version 2.4: * Common Name,Real Address,Virtual Address,Virtual IPv6 Address, * Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username, * Client ID,Peer ID * * Current Collectd code tries to handle changes in this field set, * if they are backward-compatible. **/ #define TITLE_SINGLE "OpenVPN STATISTICS\n" #define TITLE_V1 "OpenVPN CLIENT LIST\n" #define TITLE_V2 "TITLE," #define TITLE_V3 "TITLE\t" #define V1HEADER \ "Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since\n" struct vpn_status_s { char *file; char *name; }; typedef struct vpn_status_s vpn_status_t; static bool new_naming_schema; static bool collect_compression = true; static bool collect_user_count; static bool collect_individual_users = true; static const char *config_keys[] = { "StatusFile", "Compression", /* old, deprecated name */ "ImprovedNamingSchema", "CollectCompression", "CollectUserCount", "CollectIndividualUsers"}; static int config_keys_num = STATIC_ARRAY_SIZE(config_keys); /* Helper function * copy-n-pasted from common.c - changed delim to ",\t" */ static int openvpn_strsplit(char *string, char **fields, size_t size) { size_t i = 0; char *ptr = string; char *saveptr = NULL; while ((fields[i] = strtok_r(ptr, ",\t", &saveptr)) != NULL) { ptr = NULL; i++; if (i >= size) break; } return i; } /* int openvpn_strsplit */ static void openvpn_free(void *arg) { vpn_status_t *st = arg; sfree(st->file); sfree(st); } /* void openvpn_free */ /* dispatches number of users */ static void numusers_submit(const char *pinst, const char *tinst, gauge_t value) { value_list_t vl = VALUE_LIST_INIT; vl.values = &(value_t){.gauge = value}; vl.values_len = 1; sstrncpy(vl.plugin, "openvpn", sizeof(vl.plugin)); sstrncpy(vl.type, "users", sizeof(vl.type)); if (pinst != NULL) sstrncpy(vl.plugin_instance, pinst, sizeof(vl.plugin_instance)); if (tinst != NULL) sstrncpy(vl.type_instance, tinst, sizeof(vl.type_instance)); plugin_dispatch_values(&vl); } /* void numusers_submit */ /* dispatches stats about traffic (TCP or UDP) generated by the tunnel * per single endpoint */ static void iostats_submit(const char *pinst, const char *tinst, derive_t rx, derive_t tx) { value_list_t vl = VALUE_LIST_INIT; value_t values[] = { {.derive = rx}, {.derive = tx}, }; /* NOTE ON THE NEW NAMING SCHEMA: * using plugin_instance to identify each vpn config (and * status) file; using type_instance to identify the endpoint * host when in multimode, traffic or overhead when in single. */ vl.values = values; vl.values_len = STATIC_ARRAY_SIZE(values); sstrncpy(vl.plugin, "openvpn", sizeof(vl.plugin)); if (pinst != NULL) sstrncpy(vl.plugin_instance, pinst, sizeof(vl.plugin_instance)); sstrncpy(vl.type, "if_octets", sizeof(vl.type)); if (tinst != NULL) sstrncpy(vl.type_instance, tinst, sizeof(vl.type_instance)); plugin_dispatch_values(&vl); } /* void traffic_submit */ /* dispatches stats about data compression shown when in single mode */ static void compression_submit(const char *pinst, const char *tinst, derive_t uncompressed, derive_t compressed) { value_list_t vl = VALUE_LIST_INIT; value_t values[] = { {.derive = uncompressed}, {.derive = compressed}, }; vl.values = values; vl.values_len = STATIC_ARRAY_SIZE(values); sstrncpy(vl.plugin, "openvpn", sizeof(vl.plugin)); if (pinst != NULL) sstrncpy(vl.plugin_instance, pinst, sizeof(vl.plugin_instance)); sstrncpy(vl.type, "compression", sizeof(vl.type)); if (tinst != NULL) sstrncpy(vl.type_instance, tinst, sizeof(vl.type_instance)); plugin_dispatch_values(&vl); } /* void compression_submit */ static int single_read(const char *name, FILE *fh) { char buffer[1024]; char *fields[4]; const int max_fields = STATIC_ARRAY_SIZE(fields); derive_t link_rx = 0, link_tx = 0; derive_t tun_rx = 0, tun_tx = 0; derive_t pre_compress = 0, post_compress = 0; derive_t pre_decompress = 0, post_decompress = 0; while (fgets(buffer, sizeof(buffer), fh) != NULL) { int fields_num = openvpn_strsplit(buffer, fields, max_fields); /* status file is generated by openvpn/sig.c:print_status() * http://svn.openvpn.net/projects/openvpn/trunk/openvpn/sig.c * * The line we're expecting has 2 fields. We ignore all lines * with more or less fields. */ if (fields_num != 2) { continue; } if (strcmp(fields[0], "TUN/TAP read bytes") == 0) { /* read from the system and sent over the tunnel */ tun_tx = atoll(fields[1]); } else if (strcmp(fields[0], "TUN/TAP write bytes") == 0) { /* read from the tunnel and written in the system */ tun_rx = atoll(fields[1]); } else if (strcmp(fields[0], "TCP/UDP read bytes") == 0) { link_rx = atoll(fields[1]); } else if (strcmp(fields[0], "TCP/UDP write bytes") == 0) { link_tx = atoll(fields[1]); } else if (strcmp(fields[0], "pre-compress bytes") == 0) { pre_compress = atoll(fields[1]); } else if (strcmp(fields[0], "post-compress bytes") == 0) { post_compress = atoll(fields[1]); } else if (strcmp(fields[0], "pre-decompress bytes") == 0) { pre_decompress = atoll(fields[1]); } else if (strcmp(fields[0], "post-decompress bytes") == 0) { post_decompress = atoll(fields[1]); } } iostats_submit(name, "traffic", link_rx, link_tx); /* we need to force this order to avoid negative values with these unsigned */ derive_t overhead_rx = (((link_rx - pre_decompress) + post_decompress) - tun_rx); derive_t overhead_tx = (((link_tx - post_compress) + pre_compress) - tun_tx); iostats_submit(name, "overhead", overhead_rx, overhead_tx); if (collect_compression) { compression_submit(name, "data_in", post_decompress, pre_decompress); compression_submit(name, "data_out", pre_compress, post_compress); } return 0; } /* int single_read */ /* for reading status version 1 */ static int multi1_read(const char *name, FILE *fh) { char buffer[1024]; char *fields[10]; const int max_fields = STATIC_ARRAY_SIZE(fields); long long sum_users = 0; bool found_header = false; /* read the file until the "ROUTING TABLE" line is found (no more info after) */ while (fgets(buffer, sizeof(buffer), fh) != NULL) { if (strcmp(buffer, "ROUTING TABLE\n") == 0) break; if (strcmp(buffer, V1HEADER) == 0) { found_header = true; continue; } /* skip the first lines until the client list section is found */ if (found_header == false) /* we can't start reading data until this string is found */ continue; int fields_num = openvpn_strsplit(buffer, fields, max_fields); if (fields_num < 4) continue; if (collect_user_count) /* If so, sum all users, ignore the individuals*/ { sum_users += 1; } if (collect_individual_users) { if (new_naming_schema) { iostats_submit(name, /* vpn instance */ fields[0], /* "Common Name" */ atoll(fields[2]), /* "Bytes Received" */ atoll(fields[3])); /* "Bytes Sent" */ } else { iostats_submit(fields[0], /* "Common Name" */ NULL, /* unused when in multimode */ atoll(fields[2]), /* "Bytes Received" */ atoll(fields[3])); /* "Bytes Sent" */ } } } if (ferror(fh)) return -1; if (found_header == false) { NOTICE("openvpn plugin: Unknown file format in instance %s, please " "report this as bug. Make sure to include " "your status file, so the plugin can " "be adapted.", name); return -1; } if (collect_user_count) numusers_submit(name, name, sum_users); return 0; } /* int multi1_read */ /* for reading status version 2 / version 3 * status file is generated by openvpn/multi.c:multi_print_status() * http://svn.openvpn.net/projects/openvpn/trunk/openvpn/multi.c */ static int multi2_read(const char *name, FILE *fh, const char *delim) { char buffer[1024]; /* OpenVPN-2.4 has 11 fields of data + 2 fields for "HEADER" and "CLIENT_LIST" * So, set array size to 20 elements, to support future extensions. */ char *fields[20]; const int max_fields = STATIC_ARRAY_SIZE(fields); long long sum_users = 0; bool found_header = false; int idx_cname = 0; int idx_bytes_recv = 0; int idx_bytes_sent = 0; int columns = 0; while (fgets(buffer, sizeof(buffer), fh) != NULL) { int fields_num = 0; char *field = fields[fields_num++] = buffer; while ((field = strstr(field, delim)) != NULL) { *field = '\0'; fields[fields_num++] = ++field; if (fields_num >= max_fields) break; } /* Try to find section header */ if (found_header == false) { if (fields_num < 2) continue; if (strcmp(fields[0], "HEADER") != 0) continue; if (strcmp(fields[1], "CLIENT_LIST") != 0) continue; for (int i = 2; i < fields_num; i++) { if (strcmp(fields[i], "Common Name") == 0) { idx_cname = i - 1; } else if (strcmp(fields[i], "Bytes Received") == 0) { idx_bytes_recv = i - 1; } else if (strcmp(fields[i], "Bytes Sent") == 0) { idx_bytes_sent = i - 1; } } DEBUG("openvpn plugin: found MULTI v2/v3 HEADER. " "Column idx: cname: %d, bytes_recv: %d, bytes_sent: %d", idx_cname, idx_bytes_recv, idx_bytes_sent); if (idx_cname == 0 || idx_bytes_recv == 0 || idx_bytes_sent == 0) break; /* Data row has 1 field ("HEADER") less than header row */ columns = fields_num - 1; found_header = true; continue; } /* Header already found. Check if the line is the section data. * If no match, then section was finished and there is no more data. * Empty section is OK too. */ if (fields_num == 0 || strcmp(fields[0], "CLIENT_LIST") != 0) break; /* Check if the data line fields count matches header line. */ if (fields_num != columns) { ERROR("openvpn plugin: File format error in instance %s: Fields count " "mismatch.", name); return -1; } DEBUG("openvpn plugin: found MULTI v2/v3 CLIENT_LIST. " "Columns: cname: %s, bytes_recv: %s, bytes_sent: %s", fields[idx_cname], fields[idx_bytes_recv], fields[idx_bytes_sent]); if (collect_user_count) sum_users += 1; if (collect_individual_users) { if (new_naming_schema) { /* plugin inst = file name, type inst = fields[1] */ iostats_submit(name, /* vpn instance */ fields[idx_cname], /* "Common Name" */ atoll(fields[idx_bytes_recv]), /* "Bytes Received" */ atoll(fields[idx_bytes_sent])); /* "Bytes Sent" */ } else { /* plugin inst = fields[idx_cname], type inst = "" */ iostats_submit(fields[idx_cname], /* "Common Name" */ NULL, /* unused when in multimode */ atoll(fields[idx_bytes_recv]), /* "Bytes Received" */ atoll(fields[idx_bytes_sent])); /* "Bytes Sent" */ } } } if (ferror(fh)) return -1; if (found_header == false) { NOTICE("openvpn plugin: Unknown file format in instance %s, please " "report this as bug. Make sure to include " "your status file, so the plugin can " "be adapted.", name); return -1; } if (collect_user_count) { numusers_submit(name, name, sum_users); } return 0; } /* int multi2_read */ /* read callback */ static int openvpn_read(user_data_t *user_data) { char buffer[1024]; int read = 0; vpn_status_t *st = user_data->data; FILE *fh = fopen(st->file, "r"); if (fh == NULL) { WARNING("openvpn plugin: fopen(%s) failed: %s", st->file, STRERRNO); return -1; } // Try to detect file format by its first line if ((fgets(buffer, sizeof(buffer), fh)) == NULL) { WARNING("openvpn plugin: failed to get data from: %s", st->file); fclose(fh); return -1; } if (strcmp(buffer, TITLE_SINGLE) == 0) { // OpenVPN STATISTICS DEBUG("openvpn plugin: found status file SINGLE"); read = single_read(st->name, fh); } else if (strcmp(buffer, TITLE_V1) == 0) { // OpenVPN CLIENT LIST DEBUG("openvpn plugin: found status file MULTI version 1"); read = multi1_read(st->name, fh); } else if (strncmp(buffer, TITLE_V2, strlen(TITLE_V2)) == 0) { // TITLE, DEBUG("openvpn plugin: found status file MULTI version 2"); read = multi2_read(st->name, fh, ","); } else if (strncmp(buffer, TITLE_V3, strlen(TITLE_V3)) == 0) { // TITLE\t DEBUG("openvpn plugin: found status file MULTI version 3"); read = multi2_read(st->name, fh, "\t"); } else { NOTICE("openvpn plugin: %s: Unknown file format, please " "report this as bug. Make sure to include " "your status file, so the plugin can " "be adapted.", st->file); read = -1; } fclose(fh); return read; } /* int openvpn_read */ static int openvpn_config(const char *key, const char *value) { if (strcasecmp("StatusFile", key) == 0) { char callback_name[3 * DATA_MAX_NAME_LEN]; char *status_name; char *status_file = strdup(value); if (status_file == NULL) { ERROR("openvpn plugin: strdup failed: %s", STRERRNO); return 1; } /* it determines the file name as string starting at location filename + 1 */ char *filename = strrchr(status_file, (int)'/'); if (filename == NULL) { /* status_file is already the file name only */ status_name = status_file; } else { /* doesn't waste memory, uses status_file starting at filename + 1 */ status_name = filename + 1; } /* create a new vpn element */ vpn_status_t *instance = calloc(1, sizeof(*instance)); if (instance == NULL) { ERROR("openvpn plugin: malloc failed: %s", STRERRNO); sfree(status_file); return 1; } instance->file = status_file; instance->name = status_name; snprintf(callback_name, sizeof(callback_name), "openvpn/%s", status_name); int status = plugin_register_complex_read( /* group = */ "openvpn", /* name = */ callback_name, /* callback = */ openvpn_read, /* interval = */ 0, &(user_data_t){ .data = instance, .free_func = openvpn_free, }); if (status == EINVAL) { ERROR("openvpn plugin: status filename \"%s\" " "already used, please choose a " "different one.", status_name); return -1; } DEBUG("openvpn plugin: status file \"%s\" added", instance->file); } /* if (strcasecmp ("StatusFile", key) == 0) */ else if ((strcasecmp("CollectCompression", key) == 0) || (strcasecmp("Compression", key) == 0)) /* old, deprecated name */ { if (IS_FALSE(value)) collect_compression = false; else collect_compression = true; } /* if (strcasecmp ("CollectCompression", key) == 0) */ else if (strcasecmp("ImprovedNamingSchema", key) == 0) { if (IS_TRUE(value)) { DEBUG("openvpn plugin: using the new naming schema"); new_naming_schema = true; } else { new_naming_schema = false; } } /* if (strcasecmp ("ImprovedNamingSchema", key) == 0) */ else if (strcasecmp("CollectUserCount", key) == 0) { if (IS_TRUE(value)) collect_user_count = true; else collect_user_count = false; } /* if (strcasecmp("CollectUserCount", key) == 0) */ else if (strcasecmp("CollectIndividualUsers", key) == 0) { if (IS_FALSE(value)) collect_individual_users = false; else collect_individual_users = true; } /* if (strcasecmp("CollectIndividualUsers", key) == 0) */ else { return -1; } return 0; } /* int openvpn_config */ static int openvpn_init(void) { if (!collect_individual_users && !collect_compression && !collect_user_count) { WARNING("OpenVPN plugin: Neither `CollectIndividualUsers', " "`CollectCompression', nor `CollectUserCount' is true. There's no " "data left to collect."); return -1; } return 0; } /* int openvpn_init */ void module_register(void) { plugin_register_config("openvpn", openvpn_config, config_keys, config_keys_num); plugin_register_init("openvpn", openvpn_init); } /* void module_register */