diff mbox series

[2/6] zabbix_agentd: Add ARPing method for checking Internet Gateway

Message ID 20250717180805.5754-3-robin.roevens@disroot.org
State Staged
Commit 2772a5990067679bde106883f39a30aa2fe196e6
Headers
Series zabbix_agentd: More functionality + CRITICAL OpenVPN fixes |

Commit Message

Robin Roevens 17 Jul 2025, 5:52 p.m. UTC 
Since some ISP's block ICMP ping to their gateway ARPing can be an alternative.
This change adds arping alternatives for the regular (icmp) ping checks:
- ipfire.net.gateway.arping: Check if the Internet Gateway is reachable via ARPing
- ipfire.net.gateway.arpingtime: Measure the time it takes to ARPing the Internet Gateway

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/rootfiles/packages/zabbix_agentd         |  1 +
 config/zabbix_agentd/sudoers                    |  3 ++-
 config/zabbix_agentd/userparameter_gateway.conf | 12 ++++++++++++
 config/zabbix_agentd/userparameter_ipfire.conf  |  4 ----
 lfs/zabbix_agentd                               |  2 ++
 5 files changed, 17 insertions(+), 5 deletions(-)
 create mode 100644 config/zabbix_agentd/userparameter_gateway.conf
diff mbox series

Patch

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index ffa66f307..cc75a49bd 100644
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -21,6 +21,7 @@  var/ipfire/zabbix_agentd/userparameters
 var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
 var/ipfire/zabbix_agentd/scripts
 var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 78e175980..921e20c89 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -8,6 +8,7 @@ 
 # To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user
 #
 Defaults:zabbix !requiretty
-zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log
+zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
+zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_gateway.conf b/config/zabbix_agentd/userparameter_gateway.conf
new file mode 100644
index 000000000..cfae001ae
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_gateway.conf
@@ -0,0 +1,12 @@ 
+# Parameters to monitor Internet gateway connectivity
+#
+# ICMP Ping
+# Internet Gateway ping timings, can be used to measure "Internet Line Quality"
+UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2
+# Internet Gateway availability, can be used to check Internet connection
+UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $?
+# ARP Ping
+# Internet Gateway ping timings, can be used to measure "Internet Line Quality" when ICMP ping is not available
+UserParameter=ipfire.net.gateway.arpingtime,sudo /usr/sbin/arping -i red0 -c 3 gateway | awk 'match($0, /time=([0-9\.]+) (\w+)$/, arr) { n++; if (arr[2] == "usec") { arr[1]/=1000; }; sum+=arr[1] } END { print sum / n }'
+# Internet Gateway availability, can be used to check Internet connection when ICMP ping is not available
+UserParameter=ipfire.net.gateway.arping,sudo /usr/sbin/arping -q -c 3 gateway; [ ! $? == 0 ]; echo $?
diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf
index c8ead1608..e88c20298 100644
--- a/config/zabbix_agentd/userparameter_ipfire.conf
+++ b/config/zabbix_agentd/userparameter_ipfire.conf
@@ -1,9 +1,5 @@ 
 # Parameters for monitoring IPFire specific metrics
 #
-# Internet Gateway ping timings, can be used to measure "Internet Line Quality"
-UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2
-# Internet Gateway availability, can be used to check Internet connection
-UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $?
 # Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain
 UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/\* DROP_.* \*/$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{\"chain\": \"%s\", \"bytes\": \"%s\"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }'
 # Number of currently Active DHCP leases
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index c2b8533b4..ebd184628 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -112,6 +112,8 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
 	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ovpn.conf \
 		/var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
+	install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \
+		/var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
 
 	# Install IPFire-specific Zabbix Agent scripts
 	-mkdir -pv /var/ipfire/zabbix_agentd/scripts