This file is indexed.

/usr/share/munin/plugins/ip_ is in munin-node 1.4.6-3ubuntu3.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#!/bin/bash
# -*- sh -*-

: << =cut

=head1 NAME

ip_ - Wildcard-plugin to monitor IP addresses through iptables

=head1 CONFIGURATION

This plugin needs to be run as root for iptables to work.

Additionally you can change the graph title from the ip address to a
hostname by setting hostname in the configuration.

Example configuration follows.  Only the first stanza is needed:

  [ip_*]
    user root

  [ip_192.168.0.1]
    env.hostname host.example.com


=head2 ENVIRONMENT VARIABLES

This plugin does not use environment variables

=head2 WILDCARD PLUGIN

This is a wildcard plugin.  To monitor traffic to or from an IP
address, link ip_<ipaddress> to this file.

E.g.

  ln -s /usr/share/node/node/plugins-auto/ip_ \
        /etc/munin/node.d/ip_192.0.2.1

...will monitor the IP 192.0.2.1 (you may be using other directories
in your setup).

=head2 IPTABLES

You will need to set up iptables rules to create packet counters for
incoming and outgoing traffic.  The examples here covers how to create
the rules.  Given the multitude of methods used to configure iptables
firewalls, they do not show how to make them survive a reboot.

Please also note that we do not intend to make this script compatible
with anything but these rules made explicitly for the plugin.  If you
use a firewall tool to create iptables rules you may find that that
will not work.  Please add the appropriate lines by hand (or by
hand-made script) if so.

=head3 IPv4

For the IP address "192.0.2.0", you will need the rules:

  iptables -I INPUT -d 192.0.2.1
  iptables -I OUTPUT -s 192.0.2.1

These rules will insert, at the top of the iptables chains INPUT and
OUTPUT one rule which will act as a packet counter.

Since the rule does not include a "-j" argument, it will not
explicitly allow or block anything.

=head3 IPv6

If the IP number in the link contains a ":", it is assumed to be a ip6
IP number and ip6tables are used instead of iptables to read the
counters.  

To create counters you will need to use "ip6tables" instead of
"iptables".

Example for the IPv6 address "2001:db8::1":

 ip6tables -I INPUT -d 2001:db8::1
 ip6tables -I OUTPUT -s 2001:db8::1

=head1 BUGS

None known.

=head1 NOTES

This plugin is based on the if_ plugin.

=head1 MAGIC MARKERS

 #%# family=auto
 #%# capabilities=autoconf suggest

=head1 AUTHOR

Unknown.  Suspected to be some Linpro employee.

=head1 LICENSE

Unknown.

=cut

. $MUNIN_LIBDIR/plugins/plugin.sh

IP=${0##*/ip_}
INPUT=${input:-INPUT}
OUTPUT=${output:-OUTPUT}

case $IP in
    *:*) # I know this! This is IPv6!
	# This is a fun hack to make the plugin ip6 compatible.
	# Suggested in ticket #439 by "jodal".
	eval 'function iptables() {
	    /sbin/ip6tables "$@"
	}'
	;;
esac

if [ "$1" = "autoconf" ]; then
	if [ -r /proc/net/dev ]; then
		iptables -L ${INPUT} -v -n -x >/dev/null 2>/dev/null
		if [ $? -gt 0 ]; then
			echo "no (could not run iptables as user `whoami`)"
			exit 0
		else
			echo yes
			exit 0
		fi
	else
		echo "no (/proc/net/dev not found)"
		exit 0
	fi
fi

if [ "$1" = "suggest" ]; then
    iptables -L ${INPUT} -v -n -x 2>/dev/null | awk --posix '$8 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}$/ { if (done[$8]!=1) {print $8; done[$8]=1;}}'
    if [ -x /sbin/ip6tables ]; then
 	ip6tables -L ${INPUT} -v -n -x 2>/dev/null | awk --posix '$7 ~ /\/128$/ { if (done[$7]!=1) {a=$7;gsub(/\/128$/, "", a); print a; done[$7]=1;}}'
    fi
    exit 0
fi

if [ "$1" = "config" ]; then

        echo "graph_order out in"
	title=$IP
	if [ -n "$hostname" ]; then
		title="$hostname"
	fi
        echo "graph_title $title traffic"
        echo 'graph_args --base 1000'
        echo 'graph_vlabel bits per ${graph_period}'
	echo 'graph_category network'
        echo 'out.label sent'
        echo 'out.type DERIVE'
        echo 'out.min 0'
        echo 'out.cdef out,8,*'
        echo 'in.label received'
        echo 'in.type DERIVE'
        echo 'in.min 0'
        echo 'in.cdef in,8,*' 
	print_warning out
	print_critical out
	print_warning in
	print_critical in
        exit 0
fi;


# Escape .'s so they don't match _everything_?
IP="$( echo $IP | sed 's~\.~\\.~g' )"

iptables -L ${INPUT} -v -n -x   | awk "/$IP"'[ /]/ { print "in.value " $2; exit 0; }'

iptables -L ${OUTPUT} -v -n -x  | awk "/$IP"'[ /]/ { print "out.value " $2; exit 0; }'