Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b886fb2045 | |||
| cfb02e1763 | |||
| 5b53ca3d52 | |||
| 92a30913b4 | |||
| a288a8ef9a | |||
| c65d596099 | |||
| 98ed17947d |
6
Cargo.lock
generated
6
Cargo.lock
generated
@@ -279,7 +279,7 @@ checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d"
|
||||
|
||||
[[package]]
|
||||
name = "cm-dashboard"
|
||||
version = "0.1.245"
|
||||
version = "0.1.252"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"chrono",
|
||||
@@ -301,7 +301,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "cm-dashboard-agent"
|
||||
version = "0.1.245"
|
||||
version = "0.1.252"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"async-trait",
|
||||
@@ -325,7 +325,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "cm-dashboard-shared"
|
||||
version = "0.1.245"
|
||||
version = "0.1.252"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"serde",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "cm-dashboard-agent"
|
||||
version = "0.1.246"
|
||||
version = "0.1.253"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
|
||||
@@ -4,7 +4,7 @@ use cm_dashboard_shared::{AgentData, ServiceData, SubServiceData, SubServiceMetr
|
||||
use std::process::Command;
|
||||
use std::sync::RwLock;
|
||||
use std::time::Instant;
|
||||
use tracing::debug;
|
||||
use tracing::{debug, info};
|
||||
|
||||
use super::{Collector, CollectorError};
|
||||
use crate::config::SystemdConfig;
|
||||
@@ -154,7 +154,8 @@ impl SystemdCollector {
|
||||
}
|
||||
}
|
||||
|
||||
if service_name == "openvpn-vpn-connection" && status_info.active_state == "active" {
|
||||
if service_name == "openvpn-vpn-download" && status_info.active_state == "active" {
|
||||
// Add VPN route
|
||||
if let Some(external_ip) = self.get_vpn_external_ip() {
|
||||
let metrics = Vec::new();
|
||||
|
||||
@@ -165,9 +166,8 @@ impl SystemdCollector {
|
||||
service_type: "vpn_route".to_string(),
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if service_name == "openvpn-vpn-download" && status_info.active_state == "active" {
|
||||
// Add torrent stats
|
||||
if let Some((active_count, download_mbps, upload_mbps)) = self.get_qbittorrent_stats() {
|
||||
let metrics = Vec::new();
|
||||
|
||||
@@ -180,6 +180,30 @@ impl SystemdCollector {
|
||||
}
|
||||
}
|
||||
|
||||
if service_name == "nftables" && status_info.active_state == "active" {
|
||||
let (tcp_ports, udp_ports) = self.get_nftables_open_ports();
|
||||
|
||||
if !tcp_ports.is_empty() {
|
||||
let metrics = Vec::new();
|
||||
sub_services.push(SubServiceData {
|
||||
name: format!("TCP: {}", tcp_ports),
|
||||
service_status: Status::Info,
|
||||
metrics,
|
||||
service_type: "firewall_port".to_string(),
|
||||
});
|
||||
}
|
||||
|
||||
if !udp_ports.is_empty() {
|
||||
let metrics = Vec::new();
|
||||
sub_services.push(SubServiceData {
|
||||
name: format!("UDP: {}", udp_ports),
|
||||
service_status: Status::Info,
|
||||
metrics,
|
||||
service_type: "firewall_port".to_string(),
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Create complete service data
|
||||
let service_data = ServiceData {
|
||||
name: service_name.clone(),
|
||||
@@ -887,6 +911,129 @@ impl SystemdCollector {
|
||||
None
|
||||
}
|
||||
|
||||
/// Get nftables open ports grouped by protocol
|
||||
/// Returns: (tcp_ports_string, udp_ports_string)
|
||||
fn get_nftables_open_ports(&self) -> (String, String) {
|
||||
let output = Command::new("timeout")
|
||||
.args(&["3", "sudo", "nft", "list", "ruleset"])
|
||||
.output();
|
||||
|
||||
let output = match output {
|
||||
Ok(out) if out.status.success() => out,
|
||||
Ok(out) => {
|
||||
info!("nft command failed with status: {:?}, stderr: {}",
|
||||
out.status, String::from_utf8_lossy(&out.stderr));
|
||||
return (String::new(), String::new());
|
||||
}
|
||||
Err(e) => {
|
||||
info!("Failed to execute nft command: {}", e);
|
||||
return (String::new(), String::new());
|
||||
}
|
||||
};
|
||||
|
||||
let output_str = match String::from_utf8(output.stdout) {
|
||||
Ok(s) => s,
|
||||
Err(_) => {
|
||||
info!("Failed to parse nft output as UTF-8");
|
||||
return (String::new(), String::new());
|
||||
}
|
||||
};
|
||||
|
||||
let mut tcp_ports = std::collections::HashSet::new();
|
||||
let mut udp_ports = std::collections::HashSet::new();
|
||||
|
||||
// Parse nftables output for WAN incoming accept rules with dport
|
||||
// Looking for patterns like: tcp dport 22 accept or tcp dport { 22, 80, 443 } accept
|
||||
// Only include rules in input_wan chain
|
||||
let mut in_wan_chain = false;
|
||||
|
||||
for line in output_str.lines() {
|
||||
let line = line.trim();
|
||||
|
||||
// Track if we're in the input_wan chain
|
||||
if line.contains("chain input_wan") {
|
||||
in_wan_chain = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
// Reset when exiting chain (closing brace) or entering other chains
|
||||
if line == "}" || (line.starts_with("chain ") && !line.contains("input_wan")) {
|
||||
in_wan_chain = false;
|
||||
continue;
|
||||
}
|
||||
|
||||
// Only process rules in input_wan chain
|
||||
if !in_wan_chain {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Skip if not an accept rule
|
||||
if !line.contains("accept") {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Parse TCP ports
|
||||
if line.contains("tcp dport") {
|
||||
for port in self.extract_ports_from_nft_rule(line) {
|
||||
tcp_ports.insert(port);
|
||||
}
|
||||
}
|
||||
|
||||
// Parse UDP ports
|
||||
if line.contains("udp dport") {
|
||||
for port in self.extract_ports_from_nft_rule(line) {
|
||||
udp_ports.insert(port);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Sort and format
|
||||
let mut tcp_vec: Vec<u16> = tcp_ports.into_iter().collect();
|
||||
let mut udp_vec: Vec<u16> = udp_ports.into_iter().collect();
|
||||
tcp_vec.sort();
|
||||
udp_vec.sort();
|
||||
|
||||
let tcp_str = tcp_vec.iter().map(|p| p.to_string()).collect::<Vec<_>>().join(", ");
|
||||
let udp_str = udp_vec.iter().map(|p| p.to_string()).collect::<Vec<_>>().join(", ");
|
||||
|
||||
info!("nftables WAN ports - TCP: '{}', UDP: '{}'", tcp_str, udp_str);
|
||||
|
||||
(tcp_str, udp_str)
|
||||
}
|
||||
|
||||
/// Extract port numbers from nftables rule line
|
||||
/// Returns vector of ports (handles both single ports and sets)
|
||||
fn extract_ports_from_nft_rule(&self, line: &str) -> Vec<u16> {
|
||||
let mut ports = Vec::new();
|
||||
|
||||
// Pattern: "tcp dport 22 accept" or "tcp dport { 22, 80, 443 } accept"
|
||||
if let Some(dport_pos) = line.find("dport") {
|
||||
let after_dport = &line[dport_pos + 5..].trim();
|
||||
|
||||
// Handle port sets like { 22, 80, 443 }
|
||||
if after_dport.starts_with('{') {
|
||||
if let Some(end_brace) = after_dport.find('}') {
|
||||
let ports_str = &after_dport[1..end_brace];
|
||||
// Parse each port in the set
|
||||
for port_str in ports_str.split(',') {
|
||||
if let Ok(port) = port_str.trim().parse::<u16>() {
|
||||
ports.push(port);
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Single port
|
||||
if let Some(port_str) = after_dport.split_whitespace().next() {
|
||||
if let Ok(port) = port_str.parse::<u16>() {
|
||||
ports.push(port);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ports
|
||||
}
|
||||
|
||||
/// Get aggregate qBittorrent torrent statistics
|
||||
/// Returns: (active_count, download_mbps, upload_mbps)
|
||||
fn get_qbittorrent_stats(&self) -> Option<(u32, f32, f32)> {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "cm-dashboard"
|
||||
version = "0.1.246"
|
||||
version = "0.1.253"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "cm-dashboard-shared"
|
||||
version = "0.1.246"
|
||||
version = "0.1.253"
|
||||
edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
|
||||
Reference in New Issue
Block a user