Commit dfff8af4 authored by James Lamb's avatar James Lamb

add nf_conntrack statistics to net_linux to query iptables/netfilter conntrack limits

parent 759e96eb
*~
#*
_obj
*.tmp
\ No newline at end of file
*.tmp
.idea
......@@ -64,6 +64,11 @@ type NetInterfaceStat struct {
Addrs []NetInterfaceAddr `json:"addrs"`
}
type NetFilterStat struct {
ConnTrackCount int32 `json:"conntrackcount"`
ConnTrackMax int32 `json:"conntrackmax"`
}
var constMap = map[string]int{
"TCP": syscall.SOCK_STREAM,
"UDP": syscall.SOCK_DGRAM,
......
......@@ -160,3 +160,33 @@ func NetProtoCounters(protocols []string) ([]NetProtoCountersStat, error) {
}
return stats, nil
}
// NetFilterCounters returns iptables conntrack statistics
// the currently in use conntrack count and the max.
// If the file does not exist or is invalid it will return nil.
func NetFilterCounters() (NetFilterStat, error) {
countfile := "/proc/sys/net/netfilter/nf_conntrack_count"
count, err := common.ReadLines(count)
if err != nil {
return nil, err
}
maxfile := "/proc/sys/net/netfilter/nf_conntrack_max"
max, err := common.ReadLines(maxfile)
if err != nil {
return nil, err
}
if len(count) != 1 {
// format of file has changed
return nil, err
}
if len(max) != 1 {
// format of file has changed
return nil, err
}
stats := NetFilterStat{
ConnTrackCount: count,
ConnTrackMax: max,
}
return stats, nil
}
......@@ -196,3 +196,23 @@ func TestNetConnections(t *testing.T) {
}
}
func TestNetFilterCounters(t *testing.T) {
if ci := os.Getenv("CI"); ci != "" { // skip if test on drone.io
return
}
v, err := NetFilterCounters()
if err != nil {
t.Errorf("could not get NetConnections: %v", err)
}
if len(v) == 0 {
t.Errorf("could not get NetConnections: %v", v)
}
for _, vv := range v {
if vv.ConnTrackMax == 0 {
t.Errorf("nf_conntrack_max needs to be greater than zero: %v", vv)
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment