root / plugins / network / tor-bandwidth-usage @ 0e1d54f2
Historique | Voir | Annoter | Télécharger (4,39 ko)
| 1 |
#!/usr/bin/perl -w |
|---|---|
| 2 |
# |
| 3 |
# tor-bandwidth-usage - munin plugin to monitor Tor traffic |
| 4 |
# |
| 5 |
# To use this plugin you need the following: |
| 6 |
# o Enable accounting on torrc configuration file (even if you dont want to limit bandwidth usage, |
| 7 |
# just put a huge value for on AccountingMax) |
| 8 |
# example: |
| 9 |
# AccountingStart day 12:00 |
| 10 |
# AccountingMax 100 GB |
| 11 |
# o Enable CookieAuthentication (CookieAuthentication 1 in torrc) or define a HashedControlPassword |
| 12 |
# o Add something like the following to /etc/munin/plugin-conf.d/munin-node: |
| 13 |
# [tor-bandwidth-usage] |
| 14 |
# user debian-tor |
| 15 |
# env.cookiefile /var/run/tor/control.authcookie |
| 16 |
# |
| 17 |
# |
| 18 |
# tested with Tor releases: 0.2.1.28, 0.2.1.29, 0.2.2.35 |
| 19 |
# |
| 20 |
# Author: tazoi <dev AT tazoi DOT it>, based on a plugin by Ævar Arnfjörð Bjarmason <avarab@gmail.com> |
| 21 |
# |
| 22 |
# Parameters understood (defined in file /etc/munin/plugin-conf.d/munin-node or in environment) |
| 23 |
# host - Change which host to graph (default localhost) |
| 24 |
# port - Change which port to connect to (default 9051) |
| 25 |
# password - Plain-text control channel password (see torrc |
| 26 |
# HashedControlPassword parameter) |
| 27 |
# cookiefile - Name of the file containing the control channel cookie |
| 28 |
# (see torrc CookieAuthentication parameter) |
| 29 |
# |
| 30 |
# Using HashedControlPassword authentication has the problem that you |
| 31 |
# must include the plain-text password in the munin config file. To |
| 32 |
# have any effect, that file shouldn't be world-readable. |
| 33 |
# |
| 34 |
# If you're using CookieAuthentication, you should run this plugin as |
| 35 |
# a user which has read access to the tor datafiles. Also note that |
| 36 |
# bugs in versions upto and including 0.1.1.20 prevent |
| 37 |
# CookieAuthentication from working. |
| 38 |
# |
| 39 |
# Usage: place in /etc/munin/plugins (or link it there using ln -s) |
| 40 |
# |
| 41 |
#%# family=contrib |
| 42 |
#%# capabilities=autoconf |
| 43 |
|
| 44 |
use strict; |
| 45 |
use feature ':5.10'; |
| 46 |
use IO::Socket::INET; |
| 47 |
use Munin::Plugin; |
| 48 |
|
| 49 |
# Config |
| 50 |
my $address = $ENV{host} || "localhost";
|
| 51 |
my $port = $ENV{port} || 9051;
|
| 52 |
|
| 53 |
# Don't edit below this line |
| 54 |
|
| 55 |
sub Authenticate |
| 56 |
{
|
| 57 |
my ($socket) = @_; |
| 58 |
my $authline = "AUTHENTICATE"; |
| 59 |
if (defined($ENV{cookiefile})) {
|
| 60 |
if (open(COOKIE, "<$ENV{cookiefile}")) {
|
| 61 |
my $cookie; |
| 62 |
binmode COOKIE; |
| 63 |
$authline .= " "; |
| 64 |
while (read(COOKIE, $cookie, 32)) {
|
| 65 |
foreach my $byte (unpack "C*", $cookie) {
|
| 66 |
$authline .= sprintf "%02x", $byte; |
| 67 |
} |
| 68 |
} |
| 69 |
close COOKIE; |
| 70 |
} |
| 71 |
} elsif (defined($ENV{password})) {
|
| 72 |
$authline .= ' "' . $ENV{password} . '"';
|
| 73 |
} |
| 74 |
say $socket "$authline"; |
| 75 |
my $replyline = <$socket>; |
| 76 |
if (substr($replyline, 0, 1) != '2') {
|
| 77 |
$replyline =~ s/\s*$//; |
| 78 |
return "Failed to authenticate: $replyline"; |
| 79 |
} |
| 80 |
|
| 81 |
return; |
| 82 |
} |
| 83 |
|
| 84 |
if ($ARGV[0] and $ARGV[0] eq "autoconf") {
|
| 85 |
# Try to connect to the daemon |
| 86 |
my $socket = IO::Socket::INET->new("$address:$port") or my $failed = 1;
|
| 87 |
|
| 88 |
if ($failed) {
|
| 89 |
say "no (failed to connect to $address port $port)"; |
| 90 |
exit 1; |
| 91 |
} |
| 92 |
|
| 93 |
my $msg = Authenticate($socket); |
| 94 |
if (defined($msg)) {
|
| 95 |
say $socket "QUIT"; |
| 96 |
close($socket); |
| 97 |
say "no ($msg)"; |
| 98 |
exit 1; |
| 99 |
} |
| 100 |
|
| 101 |
say $socket "QUIT"; |
| 102 |
close($socket); |
| 103 |
say "yes"; |
| 104 |
exit 0; |
| 105 |
} |
| 106 |
|
| 107 |
if ($ARGV[0] and $ARGV[0] eq "config") {
|
| 108 |
say "graph_order down up"; |
| 109 |
say "graph_title Tor traffic"; |
| 110 |
say "graph_args --base 1000"; |
| 111 |
say "graph_vlabel bits in (-) / out (+) per \${graph_period}";
|
| 112 |
say "graph_category network"; |
| 113 |
say "graph_info This graph shows the traffic through this Tor node."; |
| 114 |
say "down.label received"; |
| 115 |
say "down.type DERIVE"; |
| 116 |
say 'down.graph no'; |
| 117 |
say "down.cdef down,8,*"; |
| 118 |
say "down.min 0"; |
| 119 |
say "up.label b/s"; |
| 120 |
say "up.type DERIVE"; |
| 121 |
say "up.negative down"; |
| 122 |
say "up.cdef up,8,*"; |
| 123 |
say "up.min 0"; |
| 124 |
|
| 125 |
exit 0; |
| 126 |
} |
| 127 |
|
| 128 |
my $socket = IO::Socket::INET->new("$address:$port")
|
| 129 |
or die("Couldn't connect to $address port $port: $!");
|
| 130 |
|
| 131 |
my $msg = Authenticate($socket); |
| 132 |
if (defined($msg)) {
|
| 133 |
say $socket "QUIT"; |
| 134 |
close($socket); |
| 135 |
die "$msg\n"; |
| 136 |
} |
| 137 |
|
| 138 |
say $socket "GETINFO accounting/bytes"; |
| 139 |
my $down = 0; |
| 140 |
my $up = 0; |
| 141 |
my $replyline = <$socket>; |
| 142 |
chomp($replyline); |
| 143 |
if ($replyline =~ /^250-accounting\/bytes=(\d+)\s(\d+)/) {
|
| 144 |
$down = $1; |
| 145 |
$up = $2; |
| 146 |
} else {
|
| 147 |
die "Failed to get accounting info: $replyline\n"; |
| 148 |
} |
| 149 |
|
| 150 |
say $socket "QUIT"; |
| 151 |
close($socket); |
| 152 |
|
| 153 |
say "down.value $down"; |
| 154 |
say "up.value $up"; |
| 155 |
|
| 156 |
exit 0; |