emit banned IPs metrics when in ipset mode (#350)

* emit banned IPs metrics when in ipset mode * fix nil checks metrics.go * oops --------- Co-authored-by: mmetc <[email protected]>
crowdsecurity · Mar 11, 2024 · 3212204 · 3212204
1 parent f50c248
commit 3212204
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -218,9 +218,13 @@ func Execute() error {
 	})
 
 	if config.PrometheusConfig.Enabled {
-		if config.Mode == cfg.IptablesMode || config.Mode == cfg.NftablesMode || config.Mode == cfg.PfMode {
+		if config.Mode == cfg.IptablesMode || config.Mode == cfg.NftablesMode || config.Mode == cfg.IpsetMode || config.Mode == cfg.PfMode {
 			go backend.CollectMetrics()
-			prometheus.MustRegister(metrics.TotalDroppedBytes, metrics.TotalDroppedPackets, metrics.TotalActiveBannedIPs)
+			if config.Mode == cfg.IpsetMode {
+				prometheus.MustRegister(metrics.TotalActiveBannedIPs)
+			} else {
+				prometheus.MustRegister(metrics.TotalDroppedBytes, metrics.TotalDroppedPackets, metrics.TotalActiveBannedIPs)
+			}
 		}
 
 		prometheus.MustRegister(csbouncer.TotalLAPICalls, csbouncer.TotalLAPIError)

diff --git a/pkg/iptables/metrics.go b/pkg/iptables/metrics.go
@@ -65,14 +65,18 @@ func (ipt *iptables) CollectMetrics() {
 
 	t := time.NewTicker(metrics.MetricCollectionInterval)
 	for range t.C {
-		ip4DroppedPackets, ip4DroppedBytes = collectDroppedPackets(ipt.v4.iptablesBin, ipt.v4.Chains, ipt.v4.SetName)
+		if ipt.v4 != nil && !ipt.v4.ipsetContentOnly {
+			ip4DroppedPackets, ip4DroppedBytes = collectDroppedPackets(ipt.v4.iptablesBin, ipt.v4.Chains, ipt.v4.SetName)
+		}
 
-		if ipt.v6 != nil {
+		if ipt.v6 != nil && !ipt.v6.ipsetContentOnly {
 			ip6DroppedPackets, ip6DroppedBytes = collectDroppedPackets(ipt.v6.iptablesBin, ipt.v6.Chains, ipt.v6.SetName)
 		}
 
-		metrics.TotalDroppedPackets.Set(ip4DroppedPackets + ip6DroppedPackets)
-		metrics.TotalDroppedBytes.Set(ip6DroppedBytes + ip4DroppedBytes)
+		if (ipt.v4 != nil && !ipt.v4.ipsetContentOnly) || (ipt.v6 != nil && !ipt.v6.ipsetContentOnly) {
+			metrics.TotalDroppedPackets.Set(ip4DroppedPackets + ip6DroppedPackets)
+			metrics.TotalDroppedBytes.Set(ip6DroppedBytes + ip4DroppedBytes)
+		}
 
 		out, err := exec.Command(ipt.v4.ipsetBin, "list", "-o", "xml").CombinedOutput()
 		if err != nil {