Add detailed error logging for nft command failures

- Log exit status code when nft command fails - Log stderr output to diagnose issues - Distinguish between command execution failure and non-zero exit - Update version to v0.1.253
Change nftables logging from debug to info
2025-12-04 15:53:12 +01:00 · 2025-12-04 15:48:34 +01:00 · 2025-12-04 15:36:34 +01:00 · 2025-12-04 15:33:43 +01:00 · 2025-12-04 15:26:20 +01:00 · 2025-12-04 13:40:31 +01:00
5 changed files with 36 additions and 31 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -279,7 +279,7 @@ checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d"
 [[package]]
 name = "cm-dashboard"
-version = "0.1.247"
+version = "0.1.252"
 dependencies = [
 "anyhow",
 "chrono",
@@ -301,7 +301,7 @@ dependencies = [
 [[package]]
 name = "cm-dashboard-agent"
-version = "0.1.247"
+version = "0.1.252"
 dependencies = [
 "anyhow",
 "async-trait",
@@ -325,7 +325,7 @@ dependencies = [
 [[package]]
 name = "cm-dashboard-shared"
-version = "0.1.247"
+version = "0.1.252"
 dependencies = [
 "chrono",
 "serde",
--- a/agent/Cargo.toml
+++ b/agent/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard-agent"
-version = "0.1.247"
+version = "0.1.253"
 edition = "2021"
 [dependencies]
--- a/agent/src/collectors/systemd.rs
+++ b/agent/src/collectors/systemd.rs
@@ -4,7 +4,7 @@ use cm_dashboard_shared::{AgentData, ServiceData, SubServiceData, SubServiceMetr
 use std::process::Command;
 use std::sync::RwLock;
 use std::time::Instant;
-use tracing::debug;
+use tracing::{debug, info};
 use super::{Collector, CollectorError};
 use crate::config::SystemdConfig;
@@ -154,7 +154,8 @@ impl SystemdCollector {
                        }
                    }
-                    if service_name == "openvpn-vpn-connection" && status_info.active_state == "active" {
+                    if service_name == "openvpn-vpn-download" && status_info.active_state == "active" {
                        // Add VPN route
                        if let Some(external_ip) = self.get_vpn_external_ip() {
                            let metrics = Vec::new();
@@ -165,9 +166,8 @@ impl SystemdCollector {
                                service_type: "vpn_route".to_string(),
                            });
                        }
                    }
-                    if service_name == "openvpn-vpn-download" && status_info.active_state == "active" {
+                        // Add torrent stats
                        if let Some((active_count, download_mbps, upload_mbps)) = self.get_qbittorrent_stats() {
                            let metrics = Vec::new();
@@ -915,17 +915,28 @@ impl SystemdCollector {
    /// Returns: (tcp_ports_string, udp_ports_string)
    fn get_nftables_open_ports(&self) -> (String, String) {
        let output = Command::new("timeout")
-            .args(&["3", "nft", "list", "ruleset"])
+            .args(&["3", "sudo", "nft", "list", "ruleset"])
            .output();
        let output = match output {
            Ok(out) if out.status.success() => out,
-            _ => return (String::new(), String::new()),
+            Ok(out) => {
                info!("nft command failed with status: {:?}, stderr: {}",
                    out.status, String::from_utf8_lossy(&out.stderr));
                return (String::new(), String::new());
            }
            Err(e) => {
                info!("Failed to execute nft command: {}", e);
                return (String::new(), String::new());
            }
        };
        let output_str = match String::from_utf8(output.stdout) {
            Ok(s) => s,
-            Err(_) => return (String::new(), String::new()),
+            Err(_) => {
                info!("Failed to parse nft output as UTF-8");
                return (String::new(), String::new());
            }
        };
        let mut tcp_ports = std::collections::HashSet::new();
@@ -933,26 +944,26 @@ impl SystemdCollector {
        // Parse nftables output for WAN incoming accept rules with dport
        // Looking for patterns like: tcp dport 22 accept or tcp dport { 22, 80, 443 } accept
-        // Only include rules in input chain without private network source restrictions
+        // Only include rules in input_wan chain
-        let mut in_input_chain = false;
+        let mut in_wan_chain = false;
        for line in output_str.lines() {
            let line = line.trim();
-            // Track if we're in the input chain
+            // Track if we're in the input_wan chain
-            if line.contains("chain input") || line.contains("chain INPUT") {
+            if line.contains("chain input_wan") {
-                in_input_chain = true;
+                in_wan_chain = true;
                continue;
            }
-            // Reset when entering other chains
+            // Reset when exiting chain (closing brace) or entering other chains
-            if line.starts_with("chain ") && !line.contains("input") && !line.contains("INPUT") {
+            if line == "}" || (line.starts_with("chain ") && !line.contains("input_wan")) {
-                in_input_chain = false;
+                in_wan_chain = false;
                continue;
            }
-            // Only process rules in input chain
+            // Only process rules in input_wan chain
-            if !in_input_chain {
+            if !in_wan_chain {
                continue;
            }
@@ -961,14 +972,6 @@ impl SystemdCollector {
                continue;
            }
            // Skip internal network traffic (LAN/private networks)
            if line.contains("ip saddr 192.168.") ||
               line.contains("ip saddr 10.") ||
               line.contains("ip saddr 172.16.") ||
               line.contains("iifname \"lo\"") {
                continue;
            }
            // Parse TCP ports
            if line.contains("tcp dport") {
                for port in self.extract_ports_from_nft_rule(line) {
@@ -993,6 +996,8 @@ impl SystemdCollector {
        let tcp_str = tcp_vec.iter().map(|p| p.to_string()).collect::<Vec<_>>().join(", ");
        let udp_str = udp_vec.iter().map(|p| p.to_string()).collect::<Vec<_>>().join(", ");
        info!("nftables WAN ports - TCP: '{}', UDP: '{}'", tcp_str, udp_str);
        (tcp_str, udp_str)
    }
--- a/dashboard/Cargo.toml
+++ b/dashboard/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard"
-version = "0.1.247"
+version = "0.1.253"
 edition = "2021"
 [dependencies]
--- a/shared/Cargo.toml
+++ b/shared/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cm-dashboard-shared"
-version = "0.1.247"
+version = "0.1.253"
 edition = "2021"
 [dependencies]
Author	SHA1	Message	Date
Christoffer Martinsson	b886fb2045	Add detailed error logging for nft command failures All checks were successful Build and Release / build-and-release (push) Successful in 1m28s Details - Log exit status code when nft command fails - Log stderr output to diagnose issues - Distinguish between command execution failure and non-zero exit - Update version to v0.1.253	2025-12-04 15:53:12 +01:00
Christoffer Martinsson	cfb02e1763	Change nftables logging from debug to info All checks were successful Build and Release / build-and-release (push) Successful in 1m21s Details - Add info to tracing imports - Change debug!() calls to info!() for visibility in logs - Update version to v0.1.252	2025-12-04 15:48:34 +01:00
Christoffer Martinsson	5b53ca3d52	Move VPN route display from vpn-connection to vpn-download All checks were successful Build and Release / build-and-release (push) Successful in 1m46s Details Consolidate VPN-related information under openvpn-vpn-download service. Now shows both VPN route and torrent statistics as sub-services. - Remove route from openvpn-vpn-connection - Add route to openvpn-vpn-download (displayed first) - Torrent stats displayed second - Update version to v0.1.251	2025-12-04 15:36:34 +01:00
Christoffer Martinsson	92a30913b4	Add debug logging and fix chain end detection for nftables All checks were successful Build and Release / build-and-release (push) Successful in 1m28s Details - Detect chain end with closing brace - Add debug logging to trace nft command execution and port collection - Update version to v0.1.250	2025-12-04 15:33:43 +01:00
Christoffer Martinsson	a288a8ef9a	Fix nftables parser to use input_wan chain All checks were successful Build and Release / build-and-release (push) Successful in 1m27s Details Change nftables port parser to specifically look for 'chain input_wan' instead of any chain with 'input' in the name. This ensures we only collect WAN/external ports, not LAN or other internal chains. - Look for 'chain input_wan' specifically - Remove internal network filters (no longer needed) - Update version to v0.1.249	2025-12-04 15:26:20 +01:00
Christoffer Martinsson	c65d596099	Add sudo for nftables query command All checks were successful Build and Release / build-and-release (push) Successful in 1m26s Details Update nftables port collector to use sudo when querying ruleset. Requires corresponding sudoers configuration in NixOS. - Change nft command to use sudo - Update version to v0.1.248	2025-12-04 13:40:31 +01:00