From 332232c22cd6934d7941a905f271407ffa07101f Mon Sep 17 00:00:00 2001 From: Gavin Lam Date: Sun, 3 Dec 2023 11:10:59 -0500 Subject: [PATCH] Add new collector and metrics for XFRM (#2544) (#2866) Signed-off-by: Gavin Lam --- README.md | 1 + collector/fixtures/e2e-64k-page-output.txt | 85 ++++++++ collector/fixtures/e2e-output.txt | 85 ++++++++ collector/fixtures/proc/net/xfrm_stat | 28 +++ collector/xfrm.go | 228 +++++++++++++++++++++ collector/xfrm_test.go | 151 ++++++++++++++ end-to-end-test.sh | 1 + 7 files changed, 579 insertions(+) create mode 100644 collector/fixtures/proc/net/xfrm_stat create mode 100644 collector/xfrm.go create mode 100644 collector/xfrm_test.go diff --git a/README.md b/README.md index b656be47..87b4e4ba 100644 --- a/README.md +++ b/README.md @@ -205,6 +205,7 @@ sysctl | Expose sysctl values from `/proc/sys`. Use `--collector.sysctl.include( systemd | Exposes service and system status from [systemd](http://www.freedesktop.org/wiki/Software/systemd/). | Linux tcpstat | Exposes TCP connection status information from `/proc/net/tcp` and `/proc/net/tcp6`. (Warning: the current version has potential performance issues in high load situations.) | Linux wifi | Exposes WiFi device and station statistics. | Linux +xfrm | Exposes statistics from `/proc/net/xfrm_stat` | Linux zoneinfo | Exposes NUMA memory zone metrics. | Linux ### Deprecated diff --git a/collector/fixtures/e2e-64k-page-output.txt b/collector/fixtures/e2e-64k-page-output.txt index 866db45f..fb6c4b50 100644 --- a/collector/fixtures/e2e-64k-page-output.txt +++ b/collector/fixtures/e2e-64k-page-output.txt @@ -2944,6 +2944,7 @@ node_scrape_collector_success{collector="time"} 1 node_scrape_collector_success{collector="udp_queues"} 1 node_scrape_collector_success{collector="vmstat"} 1 node_scrape_collector_success{collector="wifi"} 1 +node_scrape_collector_success{collector="xfrm"} 1 node_scrape_collector_success{collector="xfs"} 1 node_scrape_collector_success{collector="zfs"} 1 node_scrape_collector_success{collector="zoneinfo"} 1 @@ -3265,6 +3266,90 @@ node_wifi_station_transmit_failed_total{device="wlan0",mac_address="aa:bb:cc:dd: # TYPE node_wifi_station_transmit_retries_total counter node_wifi_station_transmit_retries_total{device="wlan0",mac_address="01:02:03:04:05:06"} 20 node_wifi_station_transmit_retries_total{device="wlan0",mac_address="aa:bb:cc:dd:ee:ff"} 10 +# HELP node_xfrm_acquire_error_packets_total State hasn’t been fully acquired before use +# TYPE node_xfrm_acquire_error_packets_total counter +node_xfrm_acquire_error_packets_total 24532 +# HELP node_xfrm_fwd_hdr_error_packets_total Forward routing of a packet is not allowed +# TYPE node_xfrm_fwd_hdr_error_packets_total counter +node_xfrm_fwd_hdr_error_packets_total 6654 +# HELP node_xfrm_in_buffer_error_packets_total No buffer is left +# TYPE node_xfrm_in_buffer_error_packets_total counter +node_xfrm_in_buffer_error_packets_total 2 +# HELP node_xfrm_in_error_packets_total All errors not matched by other +# TYPE node_xfrm_in_error_packets_total counter +node_xfrm_in_error_packets_total 1 +# HELP node_xfrm_in_hdr_error_packets_total Header error +# TYPE node_xfrm_in_hdr_error_packets_total counter +node_xfrm_in_hdr_error_packets_total 4 +# HELP node_xfrm_in_no_pols_packets_total No policy is found for states e.g. Inbound SAs are correct but no SP is found +# TYPE node_xfrm_in_no_pols_packets_total counter +node_xfrm_in_no_pols_packets_total 65432 +# HELP node_xfrm_in_no_states_packets_total No state is found i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong +# TYPE node_xfrm_in_no_states_packets_total counter +node_xfrm_in_no_states_packets_total 3 +# HELP node_xfrm_in_pol_block_packets_total Policy discards +# TYPE node_xfrm_in_pol_block_packets_total counter +node_xfrm_in_pol_block_packets_total 100 +# HELP node_xfrm_in_pol_error_packets_total Policy error +# TYPE node_xfrm_in_pol_error_packets_total counter +node_xfrm_in_pol_error_packets_total 10000 +# HELP node_xfrm_in_state_expired_packets_total State is expired +# TYPE node_xfrm_in_state_expired_packets_total counter +node_xfrm_in_state_expired_packets_total 7 +# HELP node_xfrm_in_state_invalid_packets_total State is invalid +# TYPE node_xfrm_in_state_invalid_packets_total counter +node_xfrm_in_state_invalid_packets_total 55555 +# HELP node_xfrm_in_state_mismatch_packets_total State has mismatch option e.g. UDP encapsulation type is mismatch +# TYPE node_xfrm_in_state_mismatch_packets_total counter +node_xfrm_in_state_mismatch_packets_total 23451 +# HELP node_xfrm_in_state_mode_error_packets_total Transformation mode specific error +# TYPE node_xfrm_in_state_mode_error_packets_total counter +node_xfrm_in_state_mode_error_packets_total 100 +# HELP node_xfrm_in_state_proto_error_packets_total Transformation protocol specific error e.g. SA key is wrong +# TYPE node_xfrm_in_state_proto_error_packets_total counter +node_xfrm_in_state_proto_error_packets_total 40 +# HELP node_xfrm_in_state_seq_error_packets_total Sequence error i.e. Sequence number is out of window +# TYPE node_xfrm_in_state_seq_error_packets_total counter +node_xfrm_in_state_seq_error_packets_total 6000 +# HELP node_xfrm_in_tmpl_mismatch_packets_total No matching template for states e.g. Inbound SAs are correct but SP rule is wrong +# TYPE node_xfrm_in_tmpl_mismatch_packets_total counter +node_xfrm_in_tmpl_mismatch_packets_total 51 +# HELP node_xfrm_out_bundle_check_error_packets_total Bundle check error +# TYPE node_xfrm_out_bundle_check_error_packets_total counter +node_xfrm_out_bundle_check_error_packets_total 555 +# HELP node_xfrm_out_bundle_gen_error_packets_total Bundle generation error +# TYPE node_xfrm_out_bundle_gen_error_packets_total counter +node_xfrm_out_bundle_gen_error_packets_total 43321 +# HELP node_xfrm_out_error_packets_total All errors which is not matched others +# TYPE node_xfrm_out_error_packets_total counter +node_xfrm_out_error_packets_total 1e+06 +# HELP node_xfrm_out_no_states_packets_total No state is found +# TYPE node_xfrm_out_no_states_packets_total counter +node_xfrm_out_no_states_packets_total 869 +# HELP node_xfrm_out_pol_block_packets_total Policy discards +# TYPE node_xfrm_out_pol_block_packets_total counter +node_xfrm_out_pol_block_packets_total 43456 +# HELP node_xfrm_out_pol_dead_packets_total Policy is dead +# TYPE node_xfrm_out_pol_dead_packets_total counter +node_xfrm_out_pol_dead_packets_total 7656 +# HELP node_xfrm_out_pol_error_packets_total Policy error +# TYPE node_xfrm_out_pol_error_packets_total counter +node_xfrm_out_pol_error_packets_total 1454 +# HELP node_xfrm_out_state_expired_packets_total State is expired +# TYPE node_xfrm_out_state_expired_packets_total counter +node_xfrm_out_state_expired_packets_total 565 +# HELP node_xfrm_out_state_invalid_packets_total State is invalid, perhaps expired +# TYPE node_xfrm_out_state_invalid_packets_total counter +node_xfrm_out_state_invalid_packets_total 28765 +# HELP node_xfrm_out_state_mode_error_packets_total Transformation mode specific error +# TYPE node_xfrm_out_state_mode_error_packets_total counter +node_xfrm_out_state_mode_error_packets_total 8 +# HELP node_xfrm_out_state_proto_error_packets_total Transformation protocol specific error +# TYPE node_xfrm_out_state_proto_error_packets_total counter +node_xfrm_out_state_proto_error_packets_total 4542 +# HELP node_xfrm_out_state_seq_error_packets_total Sequence error i.e. Sequence number overflow +# TYPE node_xfrm_out_state_seq_error_packets_total counter +node_xfrm_out_state_seq_error_packets_total 543 # HELP node_xfs_allocation_btree_compares_total Number of allocation B-tree compares for a filesystem. # TYPE node_xfs_allocation_btree_compares_total counter node_xfs_allocation_btree_compares_total{device="sda1"} 0 diff --git a/collector/fixtures/e2e-output.txt b/collector/fixtures/e2e-output.txt index 0c5356d4..8add1b8f 100644 --- a/collector/fixtures/e2e-output.txt +++ b/collector/fixtures/e2e-output.txt @@ -2966,6 +2966,7 @@ node_scrape_collector_success{collector="time"} 1 node_scrape_collector_success{collector="udp_queues"} 1 node_scrape_collector_success{collector="vmstat"} 1 node_scrape_collector_success{collector="wifi"} 1 +node_scrape_collector_success{collector="xfrm"} 1 node_scrape_collector_success{collector="xfs"} 1 node_scrape_collector_success{collector="zfs"} 1 node_scrape_collector_success{collector="zoneinfo"} 1 @@ -3287,6 +3288,90 @@ node_wifi_station_transmit_failed_total{device="wlan0",mac_address="aa:bb:cc:dd: # TYPE node_wifi_station_transmit_retries_total counter node_wifi_station_transmit_retries_total{device="wlan0",mac_address="01:02:03:04:05:06"} 20 node_wifi_station_transmit_retries_total{device="wlan0",mac_address="aa:bb:cc:dd:ee:ff"} 10 +# HELP node_xfrm_acquire_error_packets_total State hasn’t been fully acquired before use +# TYPE node_xfrm_acquire_error_packets_total counter +node_xfrm_acquire_error_packets_total 24532 +# HELP node_xfrm_fwd_hdr_error_packets_total Forward routing of a packet is not allowed +# TYPE node_xfrm_fwd_hdr_error_packets_total counter +node_xfrm_fwd_hdr_error_packets_total 6654 +# HELP node_xfrm_in_buffer_error_packets_total No buffer is left +# TYPE node_xfrm_in_buffer_error_packets_total counter +node_xfrm_in_buffer_error_packets_total 2 +# HELP node_xfrm_in_error_packets_total All errors not matched by other +# TYPE node_xfrm_in_error_packets_total counter +node_xfrm_in_error_packets_total 1 +# HELP node_xfrm_in_hdr_error_packets_total Header error +# TYPE node_xfrm_in_hdr_error_packets_total counter +node_xfrm_in_hdr_error_packets_total 4 +# HELP node_xfrm_in_no_pols_packets_total No policy is found for states e.g. Inbound SAs are correct but no SP is found +# TYPE node_xfrm_in_no_pols_packets_total counter +node_xfrm_in_no_pols_packets_total 65432 +# HELP node_xfrm_in_no_states_packets_total No state is found i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong +# TYPE node_xfrm_in_no_states_packets_total counter +node_xfrm_in_no_states_packets_total 3 +# HELP node_xfrm_in_pol_block_packets_total Policy discards +# TYPE node_xfrm_in_pol_block_packets_total counter +node_xfrm_in_pol_block_packets_total 100 +# HELP node_xfrm_in_pol_error_packets_total Policy error +# TYPE node_xfrm_in_pol_error_packets_total counter +node_xfrm_in_pol_error_packets_total 10000 +# HELP node_xfrm_in_state_expired_packets_total State is expired +# TYPE node_xfrm_in_state_expired_packets_total counter +node_xfrm_in_state_expired_packets_total 7 +# HELP node_xfrm_in_state_invalid_packets_total State is invalid +# TYPE node_xfrm_in_state_invalid_packets_total counter +node_xfrm_in_state_invalid_packets_total 55555 +# HELP node_xfrm_in_state_mismatch_packets_total State has mismatch option e.g. UDP encapsulation type is mismatch +# TYPE node_xfrm_in_state_mismatch_packets_total counter +node_xfrm_in_state_mismatch_packets_total 23451 +# HELP node_xfrm_in_state_mode_error_packets_total Transformation mode specific error +# TYPE node_xfrm_in_state_mode_error_packets_total counter +node_xfrm_in_state_mode_error_packets_total 100 +# HELP node_xfrm_in_state_proto_error_packets_total Transformation protocol specific error e.g. SA key is wrong +# TYPE node_xfrm_in_state_proto_error_packets_total counter +node_xfrm_in_state_proto_error_packets_total 40 +# HELP node_xfrm_in_state_seq_error_packets_total Sequence error i.e. Sequence number is out of window +# TYPE node_xfrm_in_state_seq_error_packets_total counter +node_xfrm_in_state_seq_error_packets_total 6000 +# HELP node_xfrm_in_tmpl_mismatch_packets_total No matching template for states e.g. Inbound SAs are correct but SP rule is wrong +# TYPE node_xfrm_in_tmpl_mismatch_packets_total counter +node_xfrm_in_tmpl_mismatch_packets_total 51 +# HELP node_xfrm_out_bundle_check_error_packets_total Bundle check error +# TYPE node_xfrm_out_bundle_check_error_packets_total counter +node_xfrm_out_bundle_check_error_packets_total 555 +# HELP node_xfrm_out_bundle_gen_error_packets_total Bundle generation error +# TYPE node_xfrm_out_bundle_gen_error_packets_total counter +node_xfrm_out_bundle_gen_error_packets_total 43321 +# HELP node_xfrm_out_error_packets_total All errors which is not matched others +# TYPE node_xfrm_out_error_packets_total counter +node_xfrm_out_error_packets_total 1e+06 +# HELP node_xfrm_out_no_states_packets_total No state is found +# TYPE node_xfrm_out_no_states_packets_total counter +node_xfrm_out_no_states_packets_total 869 +# HELP node_xfrm_out_pol_block_packets_total Policy discards +# TYPE node_xfrm_out_pol_block_packets_total counter +node_xfrm_out_pol_block_packets_total 43456 +# HELP node_xfrm_out_pol_dead_packets_total Policy is dead +# TYPE node_xfrm_out_pol_dead_packets_total counter +node_xfrm_out_pol_dead_packets_total 7656 +# HELP node_xfrm_out_pol_error_packets_total Policy error +# TYPE node_xfrm_out_pol_error_packets_total counter +node_xfrm_out_pol_error_packets_total 1454 +# HELP node_xfrm_out_state_expired_packets_total State is expired +# TYPE node_xfrm_out_state_expired_packets_total counter +node_xfrm_out_state_expired_packets_total 565 +# HELP node_xfrm_out_state_invalid_packets_total State is invalid, perhaps expired +# TYPE node_xfrm_out_state_invalid_packets_total counter +node_xfrm_out_state_invalid_packets_total 28765 +# HELP node_xfrm_out_state_mode_error_packets_total Transformation mode specific error +# TYPE node_xfrm_out_state_mode_error_packets_total counter +node_xfrm_out_state_mode_error_packets_total 8 +# HELP node_xfrm_out_state_proto_error_packets_total Transformation protocol specific error +# TYPE node_xfrm_out_state_proto_error_packets_total counter +node_xfrm_out_state_proto_error_packets_total 4542 +# HELP node_xfrm_out_state_seq_error_packets_total Sequence error i.e. Sequence number overflow +# TYPE node_xfrm_out_state_seq_error_packets_total counter +node_xfrm_out_state_seq_error_packets_total 543 # HELP node_xfs_allocation_btree_compares_total Number of allocation B-tree compares for a filesystem. # TYPE node_xfs_allocation_btree_compares_total counter node_xfs_allocation_btree_compares_total{device="sda1"} 0 diff --git a/collector/fixtures/proc/net/xfrm_stat b/collector/fixtures/proc/net/xfrm_stat new file mode 100644 index 00000000..970c3e4d --- /dev/null +++ b/collector/fixtures/proc/net/xfrm_stat @@ -0,0 +1,28 @@ +XfrmInError 1 +XfrmInBufferError 2 +XfrmInHdrError 4 +XfrmInNoStates 3 +XfrmInStateProtoError 40 +XfrmInStateModeError 100 +XfrmInStateSeqError 6000 +XfrmInStateExpired 7 +XfrmInStateMismatch 23451 +XfrmInStateInvalid 55555 +XfrmInTmplMismatch 51 +XfrmInNoPols 65432 +XfrmInPolBlock 100 +XfrmInPolError 10000 +XfrmOutError 1000000 +XfrmOutBundleGenError 43321 +XfrmOutBundleCheckError 555 +XfrmOutNoStates 869 +XfrmOutStateProtoError 4542 +XfrmOutStateModeError 8 +XfrmOutStateSeqError 543 +XfrmOutStateExpired 565 +XfrmOutPolBlock 43456 +XfrmOutPolDead 7656 +XfrmOutPolError 1454 +XfrmFwdHdrError 6654 +XfrmOutStateInvalid 28765 +XfrmAcquireError 24532 \ No newline at end of file diff --git a/collector/xfrm.go b/collector/xfrm.go new file mode 100644 index 00000000..cbdcc97f --- /dev/null +++ b/collector/xfrm.go @@ -0,0 +1,228 @@ +// Copyright 2023 The Prometheus Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build !noxfrm +// +build !noxfrm + +package collector + +import ( + "fmt" + + "github.com/go-kit/log" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/procfs" +) + +type xfrmCollector struct { + fs procfs.FS + logger log.Logger +} + +func init() { + registerCollector("xfrm", defaultDisabled, NewXfrmCollector) +} + +// NewXfrmCollector returns a new Collector exposing XFRM stats. +func NewXfrmCollector(logger log.Logger) (Collector, error) { + fs, err := procfs.NewFS(*procPath) + if err != nil { + return nil, fmt.Errorf("failed to open procfs: %w", err) + } + + return &xfrmCollector{ + fs: fs, + logger: logger, + }, nil +} + +var ( + xfrmInErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_error_packets_total"), + "All errors not matched by other", + nil, nil, + ) + xfrmInBufferErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_buffer_error_packets_total"), + "No buffer is left", + nil, nil, + ) + xfrmInHdrErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_hdr_error_packets_total"), + "Header error", + nil, nil, + ) + xfrmInNoStatesDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_no_states_packets_total"), + "No state is found i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong", + nil, nil, + ) + xfrmInStateProtoErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_state_proto_error_packets_total"), + "Transformation protocol specific error e.g. SA key is wrong", + nil, nil, + ) + xfrmInStateModeErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_state_mode_error_packets_total"), + "Transformation mode specific error", + nil, nil, + ) + xfrmInStateSeqErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_state_seq_error_packets_total"), + "Sequence error i.e. Sequence number is out of window", + nil, nil, + ) + xfrmInStateExpiredDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_state_expired_packets_total"), + "State is expired", + nil, nil, + ) + xfrmInStateMismatchDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_state_mismatch_packets_total"), + "State has mismatch option e.g. UDP encapsulation type is mismatch", + nil, nil, + ) + xfrmInStateInvalidDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_state_invalid_packets_total"), + "State is invalid", + nil, nil, + ) + xfrmInTmplMismatchDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_tmpl_mismatch_packets_total"), + "No matching template for states e.g. Inbound SAs are correct but SP rule is wrong", + nil, nil, + ) + xfrmInNoPolsDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_no_pols_packets_total"), + "No policy is found for states e.g. Inbound SAs are correct but no SP is found", + nil, nil, + ) + xfrmInPolBlockDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_pol_block_packets_total"), + "Policy discards", + nil, nil, + ) + xfrmInPolErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "in_pol_error_packets_total"), + "Policy error", + nil, nil, + ) + xfrmOutErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_error_packets_total"), + "All errors which is not matched others", + nil, nil, + ) + xfrmOutBundleGenErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_bundle_gen_error_packets_total"), + "Bundle generation error", + nil, nil, + ) + xfrmOutBundleCheckErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_bundle_check_error_packets_total"), + "Bundle check error", + nil, nil, + ) + xfrmOutNoStatesDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_no_states_packets_total"), + "No state is found", + nil, nil, + ) + xfrmOutStateProtoErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_state_proto_error_packets_total"), + "Transformation protocol specific error", + nil, nil, + ) + xfrmOutStateModeErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_state_mode_error_packets_total"), + "Transformation mode specific error", + nil, nil, + ) + xfrmOutStateSeqErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_state_seq_error_packets_total"), + "Sequence error i.e. Sequence number overflow", + nil, nil, + ) + xfrmOutStateExpiredDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_state_expired_packets_total"), + "State is expired", + nil, nil, + ) + xfrmOutPolBlockDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_pol_block_packets_total"), + "Policy discards", + nil, nil, + ) + xfrmOutPolDeadDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_pol_dead_packets_total"), + "Policy is dead", + nil, nil, + ) + xfrmOutPolErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_pol_error_packets_total"), + "Policy error", + nil, nil, + ) + xfrmFwdHdrErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "fwd_hdr_error_packets_total"), + "Forward routing of a packet is not allowed", + nil, nil, + ) + xfrmOutStateInvalidDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "out_state_invalid_packets_total"), + "State is invalid, perhaps expired", + nil, nil, + ) + xfrmAcquireErrorDesc = prometheus.NewDesc( + prometheus.BuildFQName(namespace, "xfrm", "acquire_error_packets_total"), + "State hasn’t been fully acquired before use", + nil, nil, + ) +) + +func (c *xfrmCollector) Update(ch chan<- prometheus.Metric) error { + stat, err := c.fs.NewXfrmStat() + if err != nil { + return err + } + + ch <- prometheus.MustNewConstMetric(xfrmInErrorDesc, prometheus.CounterValue, float64(stat.XfrmInError)) + ch <- prometheus.MustNewConstMetric(xfrmInBufferErrorDesc, prometheus.CounterValue, float64(stat.XfrmInBufferError)) + ch <- prometheus.MustNewConstMetric(xfrmInHdrErrorDesc, prometheus.CounterValue, float64(stat.XfrmInHdrError)) + ch <- prometheus.MustNewConstMetric(xfrmInNoStatesDesc, prometheus.CounterValue, float64(stat.XfrmInNoStates)) + ch <- prometheus.MustNewConstMetric(xfrmInStateProtoErrorDesc, prometheus.CounterValue, float64(stat.XfrmInStateProtoError)) + ch <- prometheus.MustNewConstMetric(xfrmInStateModeErrorDesc, prometheus.CounterValue, float64(stat.XfrmInStateModeError)) + ch <- prometheus.MustNewConstMetric(xfrmInStateSeqErrorDesc, prometheus.CounterValue, float64(stat.XfrmInStateSeqError)) + ch <- prometheus.MustNewConstMetric(xfrmInStateExpiredDesc, prometheus.CounterValue, float64(stat.XfrmInStateExpired)) + ch <- prometheus.MustNewConstMetric(xfrmInStateMismatchDesc, prometheus.CounterValue, float64(stat.XfrmInStateMismatch)) + ch <- prometheus.MustNewConstMetric(xfrmInStateInvalidDesc, prometheus.CounterValue, float64(stat.XfrmInStateInvalid)) + ch <- prometheus.MustNewConstMetric(xfrmInTmplMismatchDesc, prometheus.CounterValue, float64(stat.XfrmInTmplMismatch)) + ch <- prometheus.MustNewConstMetric(xfrmInNoPolsDesc, prometheus.CounterValue, float64(stat.XfrmInNoPols)) + ch <- prometheus.MustNewConstMetric(xfrmInPolBlockDesc, prometheus.CounterValue, float64(stat.XfrmInPolBlock)) + ch <- prometheus.MustNewConstMetric(xfrmInPolErrorDesc, prometheus.CounterValue, float64(stat.XfrmInPolError)) + ch <- prometheus.MustNewConstMetric(xfrmOutErrorDesc, prometheus.CounterValue, float64(stat.XfrmOutError)) + ch <- prometheus.MustNewConstMetric(xfrmOutBundleGenErrorDesc, prometheus.CounterValue, float64(stat.XfrmOutBundleGenError)) + ch <- prometheus.MustNewConstMetric(xfrmOutBundleCheckErrorDesc, prometheus.CounterValue, float64(stat.XfrmOutBundleCheckError)) + ch <- prometheus.MustNewConstMetric(xfrmOutNoStatesDesc, prometheus.CounterValue, float64(stat.XfrmOutNoStates)) + ch <- prometheus.MustNewConstMetric(xfrmOutStateProtoErrorDesc, prometheus.CounterValue, float64(stat.XfrmOutStateProtoError)) + ch <- prometheus.MustNewConstMetric(xfrmOutStateModeErrorDesc, prometheus.CounterValue, float64(stat.XfrmOutStateModeError)) + ch <- prometheus.MustNewConstMetric(xfrmOutStateSeqErrorDesc, prometheus.CounterValue, float64(stat.XfrmOutStateSeqError)) + ch <- prometheus.MustNewConstMetric(xfrmOutStateExpiredDesc, prometheus.CounterValue, float64(stat.XfrmOutStateExpired)) + ch <- prometheus.MustNewConstMetric(xfrmOutPolBlockDesc, prometheus.CounterValue, float64(stat.XfrmOutPolBlock)) + ch <- prometheus.MustNewConstMetric(xfrmOutPolDeadDesc, prometheus.CounterValue, float64(stat.XfrmOutPolDead)) + ch <- prometheus.MustNewConstMetric(xfrmOutPolErrorDesc, prometheus.CounterValue, float64(stat.XfrmOutPolError)) + ch <- prometheus.MustNewConstMetric(xfrmFwdHdrErrorDesc, prometheus.CounterValue, float64(stat.XfrmFwdHdrError)) + ch <- prometheus.MustNewConstMetric(xfrmOutStateInvalidDesc, prometheus.CounterValue, float64(stat.XfrmOutStateInvalid)) + ch <- prometheus.MustNewConstMetric(xfrmAcquireErrorDesc, prometheus.CounterValue, float64(stat.XfrmAcquireError)) + + return err +} diff --git a/collector/xfrm_test.go b/collector/xfrm_test.go new file mode 100644 index 00000000..2e1ac028 --- /dev/null +++ b/collector/xfrm_test.go @@ -0,0 +1,151 @@ +// Copyright 2023 The Prometheus Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +//go:build !noxfrm +// +build !noxfrm + +package collector + +import ( + "fmt" + "os" + "strings" + "testing" + + "github.com/go-kit/log" + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/testutil" +) + +type testXfrmCollector struct { + xc Collector +} + +func (c testXfrmCollector) Collect(ch chan<- prometheus.Metric) { + c.xc.Update(ch) +} + +func (c testXfrmCollector) Describe(ch chan<- *prometheus.Desc) { + prometheus.DescribeByCollect(c, ch) +} + +func TestXfrmStats(t *testing.T) { + testcase := `# HELP node_xfrm_acquire_error_packets_total State hasn’t been fully acquired before use + # TYPE node_xfrm_acquire_error_packets_total counter + node_xfrm_acquire_error_packets_total 24532 + # HELP node_xfrm_fwd_hdr_error_packets_total Forward routing of a packet is not allowed + # TYPE node_xfrm_fwd_hdr_error_packets_total counter + node_xfrm_fwd_hdr_error_packets_total 6654 + # HELP node_xfrm_in_buffer_error_packets_total No buffer is left + # TYPE node_xfrm_in_buffer_error_packets_total counter + node_xfrm_in_buffer_error_packets_total 2 + # HELP node_xfrm_in_error_packets_total All errors not matched by other + # TYPE node_xfrm_in_error_packets_total counter + node_xfrm_in_error_packets_total 1 + # HELP node_xfrm_in_hdr_error_packets_total Header error + # TYPE node_xfrm_in_hdr_error_packets_total counter + node_xfrm_in_hdr_error_packets_total 4 + # HELP node_xfrm_in_no_pols_packets_total No policy is found for states e.g. Inbound SAs are correct but no SP is found + # TYPE node_xfrm_in_no_pols_packets_total counter + node_xfrm_in_no_pols_packets_total 65432 + # HELP node_xfrm_in_no_states_packets_total No state is found i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong + # TYPE node_xfrm_in_no_states_packets_total counter + node_xfrm_in_no_states_packets_total 3 + # HELP node_xfrm_in_pol_block_packets_total Policy discards + # TYPE node_xfrm_in_pol_block_packets_total counter + node_xfrm_in_pol_block_packets_total 100 + # HELP node_xfrm_in_pol_error_packets_total Policy error + # TYPE node_xfrm_in_pol_error_packets_total counter + node_xfrm_in_pol_error_packets_total 10000 + # HELP node_xfrm_in_state_expired_packets_total State is expired + # TYPE node_xfrm_in_state_expired_packets_total counter + node_xfrm_in_state_expired_packets_total 7 + # HELP node_xfrm_in_state_invalid_packets_total State is invalid + # TYPE node_xfrm_in_state_invalid_packets_total counter + node_xfrm_in_state_invalid_packets_total 55555 + # HELP node_xfrm_in_state_mismatch_packets_total State has mismatch option e.g. UDP encapsulation type is mismatch + # TYPE node_xfrm_in_state_mismatch_packets_total counter + node_xfrm_in_state_mismatch_packets_total 23451 + # HELP node_xfrm_in_state_mode_error_packets_total Transformation mode specific error + # TYPE node_xfrm_in_state_mode_error_packets_total counter + node_xfrm_in_state_mode_error_packets_total 100 + # HELP node_xfrm_in_state_proto_error_packets_total Transformation protocol specific error e.g. SA key is wrong + # TYPE node_xfrm_in_state_proto_error_packets_total counter + node_xfrm_in_state_proto_error_packets_total 40 + # HELP node_xfrm_in_state_seq_error_packets_total Sequence error i.e. Sequence number is out of window + # TYPE node_xfrm_in_state_seq_error_packets_total counter + node_xfrm_in_state_seq_error_packets_total 6000 + # HELP node_xfrm_in_tmpl_mismatch_packets_total No matching template for states e.g. Inbound SAs are correct but SP rule is wrong + # TYPE node_xfrm_in_tmpl_mismatch_packets_total counter + node_xfrm_in_tmpl_mismatch_packets_total 51 + # HELP node_xfrm_out_bundle_check_error_packets_total Bundle check error + # TYPE node_xfrm_out_bundle_check_error_packets_total counter + node_xfrm_out_bundle_check_error_packets_total 555 + # HELP node_xfrm_out_bundle_gen_error_packets_total Bundle generation error + # TYPE node_xfrm_out_bundle_gen_error_packets_total counter + node_xfrm_out_bundle_gen_error_packets_total 43321 + # HELP node_xfrm_out_error_packets_total All errors which is not matched others + # TYPE node_xfrm_out_error_packets_total counter + node_xfrm_out_error_packets_total 1e+06 + # HELP node_xfrm_out_no_states_packets_total No state is found + # TYPE node_xfrm_out_no_states_packets_total counter + node_xfrm_out_no_states_packets_total 869 + # HELP node_xfrm_out_pol_block_packets_total Policy discards + # TYPE node_xfrm_out_pol_block_packets_total counter + node_xfrm_out_pol_block_packets_total 43456 + # HELP node_xfrm_out_pol_dead_packets_total Policy is dead + # TYPE node_xfrm_out_pol_dead_packets_total counter + node_xfrm_out_pol_dead_packets_total 7656 + # HELP node_xfrm_out_pol_error_packets_total Policy error + # TYPE node_xfrm_out_pol_error_packets_total counter + node_xfrm_out_pol_error_packets_total 1454 + # HELP node_xfrm_out_state_expired_packets_total State is expired + # TYPE node_xfrm_out_state_expired_packets_total counter + node_xfrm_out_state_expired_packets_total 565 + # HELP node_xfrm_out_state_invalid_packets_total State is invalid, perhaps expired + # TYPE node_xfrm_out_state_invalid_packets_total counter + node_xfrm_out_state_invalid_packets_total 28765 + # HELP node_xfrm_out_state_mode_error_packets_total Transformation mode specific error + # TYPE node_xfrm_out_state_mode_error_packets_total counter + node_xfrm_out_state_mode_error_packets_total 8 + # HELP node_xfrm_out_state_proto_error_packets_total Transformation protocol specific error + # TYPE node_xfrm_out_state_proto_error_packets_total counter + node_xfrm_out_state_proto_error_packets_total 4542 + # HELP node_xfrm_out_state_seq_error_packets_total Sequence error i.e. Sequence number overflow + # TYPE node_xfrm_out_state_seq_error_packets_total counter + node_xfrm_out_state_seq_error_packets_total 543 + ` + *procPath = "fixtures/proc" + + logger := log.NewLogfmtLogger(os.Stderr) + c, err := NewXfrmCollector(logger) + if err != nil { + t.Fatal(err) + } + reg := prometheus.NewRegistry() + reg.MustRegister(&testXfrmCollector{xc: c}) + + sink := make(chan prometheus.Metric) + go func() { + err = c.Update(sink) + if err != nil { + panic(fmt.Errorf("failed to update collector: %s", err)) + } + close(sink) + }() + + err = testutil.GatherAndCompare(reg, strings.NewReader(testcase)) + if err != nil { + t.Fatal(err) + } +} diff --git a/end-to-end-test.sh b/end-to-end-test.sh index c0b9d67a..46d52603 100755 --- a/end-to-end-test.sh +++ b/end-to-end-test.sh @@ -51,6 +51,7 @@ enabled_collectors=$(cat << COLLECTORS udp_queues vmstat wifi + xfrm xfs zfs zoneinfo