Bug#373716: munin-node: Please use ip_ plugin instead of if_
Package: munin-node Version: 1.2.3-1 Severity: normal It seems that the if_ plugin is deprecated, because it doesn't fit well with 100Mbits and 1Gbs interfaces, where the counter can grow too fast, and overflow. So, as suggested in the interface when using if_, please use ip_ instead. To allow this, the following will be needed: 1) add the following lines to /etc/munin/plugin-conf.d/munin-node [ip_*] user root 2) the initscript should ensure that the iptables rules are loaded, and load them if necessary. 3) the installation script which creates the symlinks in /etc/munin/plugins should be updated to detect the IP addresses of the current machine and create ip_IPADDRESS links instead of if_INTERFACE. If you need some help to do this, just ask. Thanks -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages munin-node depends on: ii libnet-server-perl 0.87-3An extensible, general perl server ii perl 5.8.4-8sarge4 Larry Wall's Practical Extraction ii procps 1:3.2.1-2 The /proc file system utilities -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#373716: munin-node: Please use ip_ plugin instead of if_
close 373716 quit * Jerome Warnier 2) the initscript should ensure that the iptables rules are loaded, and load them if necessary. I feel I cannot do this. Munin has no authority over the iptables ruleset, so I cannot just change them arbitrarily - that might cause breakage. I know I'd be furious if a package did that to my ruleset. Besides, ip_ and if_ are orthogonal - ip_ graphs traffic to/from a specific IP address, while if_ considers network interface traffic, which might not be IP at all. I'm therefore closing your bug report. Thanks -- Tore Anderson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#373716: munin-node: Please use ip_ plugin instead of if_
Le jeudi 15 juin 2006 à 12:52 +0200, Tore Anderson a écrit : close 373716 quit * Jerome Warnier 2) the initscript should ensure that the iptables rules are loaded, and load them if necessary. I feel I cannot do this. Munin has no authority over the iptables ruleset, so I cannot just change them arbitrarily - that might cause breakage. I know I'd be furious if a package did that to my ruleset. I can understand, I thought about this but I felt like the rules needed are not intrusive at all: iptables -A INPUT -d 192.168.0.1 iptables -A OUTPUT -s 192.168.0.1 Maybe the script should just verify if such accounting rules are present in chains INPUT and OUTPUT first. Then it could work. Or maybe a switch in /etc/default/munin-node? Another option: base ip_ on something else than iptables (maybe /proc or/sys?). Besides, ip_ and if_ are orthogonal - ip_ graphs traffic to/from a specific IP address, while if_ considers network interface traffic, which might not be IP at all. I thought about this too, but then, I think you should: - provide a patch for Debian not to advertise a concerning warning message when using if_ (because here, my bug was actually the error message) and/or: - talk about this issue with upstream (forward upstream). I'm therefore closing your bug report. I don't think it's fair, but I won't reopen it myself, and let you judge by yourself. I attach the initscript modified by a quick hack from me to make ip_ work for me, but would probably never be useful for anyone else. Thanks Thanks anyway for your time. -- Jérôme Warnier [EMAIL PROTECTED] BeezNest munin-node.init Description: application/shellscript
Bug#373716: munin-node: Please use ip_ plugin instead of if_
reopen 373716 clone 373716 -1 retitle 373716 if_ shouldn't claim ip_ is a direct alternative severity 373716 minor tags 373716 upstream retitle -1 ip_ needs to be run as root to work properly quit * Jérôme Warnier I can understand, I thought about this but I felt like the rules needed are not intrusive at all: iptables -A INPUT -d 192.168.0.1 iptables -A OUTPUT -s 192.168.0.1 So if you're DROP-ing traffic above those rules (which is very likely, especially in the INPUT chain), the rules won't hit, and the graph will be wrong. If you've used -I INPUT 1 instead you'd shuffle around all other rules in the chain, which is even more undesireable. Also, the second the administrator reloads his ruleset the rules will be lost and the graphs stop working. Maybe the script should just verify if such accounting rules are present in chains INPUT and OUTPUT first. Then it could work. It does, but because it isn't run as root by default it doesn't work correctly. I've made a new bug about this. Another option: base ip_ on something else than iptables (maybe /proc or/sys?). I don't think the information is available anywhere else, at least not where it's practical to access it. I'll be happy to be proven wrong, though. - provide a patch for Debian not to advertise a concerning warning message when using if_ (because here, my bug was actually the error message) and/or: - talk about this issue with upstream (forward upstream). I agree, and I'll probably commit a fix to the upstream repository myself when I get around to it. I've reopened the bug, and clarified what it's about. Thanks -- Tore Anderson
Bug#373716: munin-node: Please use ip_ plugin instead of if_
Le jeudi 15 juin 2006 à 15:11 +0200, Tore Anderson a écrit : [..] * Jérôme Warnier I can understand, I thought about this but I felt like the rules needed are not intrusive at all: iptables -A INPUT -d 192.168.0.1 iptables -A OUTPUT -s 192.168.0.1 So if you're DROP-ing traffic above those rules (which is very likely, especially in the INPUT chain), the rules won't hit, and the graph will be wrong. If you've used -I INPUT 1 instead you'd shuffle around all other rules in the chain, which is even more undesireable. Also, the second the administrator reloads his ruleset the rules will be lost and the graphs stop working. Maybe the script should just verify if such accounting rules are present in chains INPUT and OUTPUT first. Then it could work. It does, but because it isn't run as root by default it doesn't work correctly. I've made a new bug about this. Another option: base ip_ on something else than iptables (maybe /proc or/sys?). I don't think the information is available anywhere else, at least not where it's practical to access it. I'll be happy to be proven wrong, though. - provide a patch for Debian not to advertise a concerning warning message when using if_ (because here, my bug was actually the error message) and/or: - talk about this issue with upstream (forward upstream). I agree, and I'll probably commit a fix to the upstream repository myself when I get around to it. I've reopened the bug, and clarified what it's about. Many thanks, it was a pleasure to bug you about this ;-) Thanks -- Jérôme Warnier [EMAIL PROTECTED] BeezNest