Opened 14 years ago
Closed 10 years ago
#15 closed Patch submission (wontfix)
[PATCH] Enabling Accounting/Stats for plugins
Reported by: | Emmanuel Bretelle | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | plug-ins / plug-in API | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Patch Queue: Awaiting updated patch | Keywords: | |
Cc: |
Description
A while back this thread ( http://comments.gmane.org/gmane.network.openvpn.devel/990 and mainly http://permalink.gmane.org/gmane.network.openvpn.devel/1048 ) mentioned the possible integration of accounting into the plugin system.
This patch will add such feature in the following manner:
- use default accounting frequency (default to 60s). Default can be overridden from config file, command line and ccd file.
- if one uses openvpn_plugin_func_v2 along with OPENVPN_PLUGIN_CLIENT_CONNECT_V2, this value can be overridden for each client via openvpn_plugin_string_list.
- Then again, each time OPENVPN_PLUGIN_ACCOUNTING is called, this value can be updated with the returned openvpn_plugin_string_list
To test the plugin, one needs to use --enable-accounting when compiling openvpn.
Accounting can be disabled by setting a value of 0.
Attachments (4)
Change History (9)
Changed 14 years ago by
Attachment: | openvpn_accounting.patch added |
---|
comment:1 Changed 14 years ago by
As agreed on IRC, I cooked up a demo implementation of this new plugin hook.
Basically the idea is to be able to implement AAA (through radius for instance) with an openvpn plugin.
The benefit is that it is then possible to get network usage per client from within a plugin without starting a new process that will handle that in the background by parsing regurlarly openvpn-status.log or initiating a connection to the management console.
The plugin is taking advantage of the return_list parameter available in openvpn_plugin_func_v2 to update the interval at which is wants to receive update for a specific client.
A default value of 60 second is hardcoded within the options, but it can be changed at startup through --accounting-freq n command switch
A value of 0 will disable accounting information to be sent.
For compiling instructions and how to run the testing environmen, please check the comments in testplugin.c
The scenario would be as follow:
- plugin in invoke with type OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY plugin sends credentials to authentication server and returns success/error to main loop
- on success, plugin is called with OPENVPN_PLUGIN_CLIENT_CONNECT_V2
- plugin send a message to accounting server informing it that the session starts
- plugin receive an update interval value (let call it acct_interval) at which it should send updated information to accounting server. this acct_interval is passed to accounting server through return_list
- time passes, traffic goes through
- when acct_interval time is passed, the plugin is invoked with OPENVPN_PLUGIN_ACCOUNTING. bytes_sent/bytes_received being passed through envp
- plugin contact accounting server and give it those value
- accounting server might reply with a new acct_interval that plugin can pass back to openvpn server through return_list
- 3) and 4) repeat
- Client is disconnected, openvpn main loop will invoke plugin with OPENVPN_PLUGIN_CLIENT_DISCONNECT, plugin informs accounting server that session is stopped and that bytes_sent/bytes_received was used over time_duration
Here is the output of a session realised with the attached test plugin,.
Mind that after 1minute or so i disconnected the client, hence no packet were going through so the eventtimeout was not triggered at the exact second. In a normal scenario, update would not happen every so often, here low random values were given to illustrate the usage.
Any things that are unclear, le me know.
Tks
Thu Jun 10 16:19:30 2010 192.168.51.1:40289 [ssss] Peer Connection Initiated with 192.168.51.1:40289 ACCT Thu Jun 10 16:19:30 2010 Sending start time to accounting server 1276179570 ACCT Thu Jun 10 16:19:30 2010 Plugin requested accounting update in 11 seconds -- Thu Jun 10 16:19:41 2010 DEBUG: ACCOUNTING triggerred after 11s for ssss ACCT Thu Jun 10 16:19:41 2010 Sending accounting information to server 5724tx/3663rx ACCT Thu Jun 10 16:19:41 2010 Acounting server requesting new update in 5 seconds -- Thu Jun 10 16:19:46 2010 DEBUG: ACCOUNTING triggerred after 5s for ssss ACCT Thu Jun 10 16:19:46 2010 Sending accounting information to server 6349tx/4288rx ACCT Thu Jun 10 16:19:46 2010 Acounting server requesting new update in 9 seconds -- Thu Jun 10 16:19:55 2010 DEBUG: ACCOUNTING triggerred after 9s for ssss ACCT Thu Jun 10 16:19:55 2010 Sending accounting information to server 7474tx/5413rx ACCT Thu Jun 10 16:19:55 2010 Acounting server requesting new update in 19 seconds -- Thu Jun 10 16:20:14 2010 DEBUG: ACCOUNTING triggerred after 19s for ssss ACCT Thu Jun 10 16:20:14 2010 Sending accounting information to server 9849tx/7788rx ACCT Thu Jun 10 16:20:14 2010 Acounting server requesting new update in 16 seconds -- Thu Jun 10 16:20:30 2010 DEBUG: ACCOUNTING triggerred after 16s for ssss ACCT Thu Jun 10 16:20:30 2010 Sending accounting information to server 11849tx/9788rx ACCT Thu Jun 10 16:20:30 2010 Acounting server requesting new update in 10 seconds -- Thu Jun 10 16:20:42 2010 DEBUG: ACCOUNTING triggerred after 10s for ssss ACCT Thu Jun 10 16:20:42 2010 Sending accounting information to server 12099tx/10038rx ACCT Thu Jun 10 16:20:42 2010 Acounting server requesting new update in 11 seconds -- Thu Jun 10 16:21:00 2010 DEBUG: ACCOUNTING triggerred after 11s for ssss ACCT Thu Jun 10 16:21:00 2010 Sending accounting information to server 12205tx/10038rx ACCT Thu Jun 10 16:21:00 2010 Acounting server requesting new update in 12 seconds -- Thu Jun 10 16:21:12 2010 DEBUG: ACCOUNTING triggerred after 12s for ssss ACCT Thu Jun 10 16:21:12 2010 Sending accounting information to server 12258tx/10038rx ACCT Thu Jun 10 16:21:12 2010 Acounting server requesting new update in 1 seconds -- Thu Jun 10 16:21:15 2010 DEBUG: ACCOUNTING triggerred after 1s for ssss ACCT Thu Jun 10 16:21:15 2010 Sending accounting information to server 12311tx/10038rx ACCT Thu Jun 10 16:21:15 2010 Acounting server requesting new update in 8 seconds -- Thu Jun 10 16:21:30 2010 DEBUG: ACCOUNTING triggerred after 8s for ssss ACCT Thu Jun 10 16:21:30 2010 Sending accounting information to server 12364tx/10038rx ACCT Thu Jun 10 16:21:30 2010 Acounting server requesting new update in 16 seconds -- Thu Jun 10 16:21:53 2010 DEBUG: ACCOUNTING triggerred after 16s for ssss ACCT Thu Jun 10 16:21:53 2010 Sending accounting information to server 12470tx/10038rx ACCT Thu Jun 10 16:21:53 2010 Acounting server requesting new update in 8 seconds -- Thu Jun 10 16:22:03 2010 DEBUG: ACCOUNTING triggerred after 8s for ssss ACCT Thu Jun 10 16:22:03 2010 Sending accounting information to server 12523tx/10038rx ACCT Thu Jun 10 16:22:03 2010 Acounting server requesting new update in 6 seconds -- Thu Jun 10 16:22:13 2010 DEBUG: ACCOUNTING triggerred after 6s for ssss ACCT Thu Jun 10 16:22:13 2010 Sending accounting information to server 12576tx/10038rx ACCT Thu Jun 10 16:22:13 2010 Acounting server requesting new update in 3 seconds -- Thu Jun 10 16:22:23 2010 DEBUG: ACCOUNTING triggerred after 3s for ssss ACCT Thu Jun 10 16:22:23 2010 Sending accounting information to server 12629tx/10038rx ACCT Thu Jun 10 16:22:23 2010 Acounting server requesting new update in 4 seconds -- Thu Jun 10 16:22:30 2010 DEBUG: ACCOUNTING triggerred after 4s for ssss ACCT Thu Jun 10 16:22:30 2010 Sending accounting information to server 12682tx/10038rx ACCT Thu Jun 10 16:22:30 2010 Acounting server requesting new update in 6 seconds -- Thu Jun 10 16:22:43 2010 DEBUG: ACCOUNTING triggerred after 6s for ssss ACCT Thu Jun 10 16:22:43 2010 Sending accounting information to server 12735tx/10038rx ACCT Thu Jun 10 16:22:43 2010 Acounting server requesting new update in 14 seconds -- Thu Jun 10 16:23:00 2010 DEBUG: ACCOUNTING triggerred after 14s for ssss ACCT Thu Jun 10 16:23:00 2010 Sending accounting information to server 12841tx/10038rx ACCT Thu Jun 10 16:23:00 2010 Acounting server requesting new update in 12 seconds -- Thu Jun 10 16:23:13 2010 DEBUG: ACCOUNTING triggerred after 12s for ssss ACCT Thu Jun 10 16:23:13 2010 Sending accounting information to server 12894tx/10038rx ACCT Thu Jun 10 16:23:13 2010 Acounting server requesting new update in 9 seconds -- Thu Jun 10 16:23:24 2010 DEBUG: ACCOUNTING triggerred after 9s for ssss ACCT Thu Jun 10 16:23:24 2010 Sending accounting information to server 12947tx/10038rx ACCT Thu Jun 10 16:23:24 2010 Acounting server requesting new update in 16 seconds -- Thu Jun 10 16:23:44 2010 DEBUG: ACCOUNTING triggerred after 16s for ssss ACCT Thu Jun 10 16:23:44 2010 Sending accounting information to server 13053tx/10038rx ACCT Thu Jun 10 16:23:44 2010 Acounting server requesting new update in 17 seconds -- Thu Jun 10 16:24:04 2010 DEBUG: ACCOUNTING triggerred after 17s for ssss ACCT Thu Jun 10 16:24:04 2010 Sending accounting information to server 13159tx/10038rx ACCT Thu Jun 10 16:24:04 2010 Acounting server requesting new update in 4 seconds -- Thu Jun 10 16:24:14 2010 DEBUG: ACCOUNTING triggerred after 4s for ssss ACCT Thu Jun 10 16:24:14 2010 Sending accounting information to server 13212tx/10038rx ACCT Thu Jun 10 16:24:14 2010 Acounting server requesting new update in 11 seconds -- Thu Jun 10 16:24:25 2010 DEBUG: ACCOUNTING triggerred after 11s for ssss ACCT Thu Jun 10 16:24:25 2010 Sending accounting information to server 13265tx/10038rx ACCT Thu Jun 10 16:24:25 2010 Acounting server requesting new update in 8 seconds -- Thu Jun 10 16:24:31 2010 ssss/192.168.51.1:40289 SIGUSR1[soft,ping-restart] received, client-instance restarting ACCT Thu Jun 10 16:24:31 2010 Sending accounting information to server 13318tx/10038rx, session started at 1276179570 and last 301
Changed 14 years ago by
Attachment: | testplugin.c added |
---|
a plugin showing a use case of OPENVPN_PLUGIN_ACCOUNTING hook
comment:2 Changed 13 years ago by
Severity: | unset → Patch Queue: New / awaiting ACK |
---|
comment:3 Changed 13 years ago by
Severity: | Patch Queue: New / awaiting ACK → Patch Queue: Awaiting updated patch |
---|
Thank you for your patch! I've been looking at it, and as we discussed on IRC, making this new plug-in hook support the same feature set as the other plug-in hooks is needed. This plug-in API needs to allow plug-ins to put the task to a separate thread to avoid blocking other operations in OpenVPN (OPENVPN_PLUGIN_FUNC_DEFERRED).
Further the new plug-in hook is not described as other hooks in openvpn-plugin.h
comment:5 Changed 10 years ago by
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Wow ... We asked for an updated patch 4 years ago, so I don't think this is a feature many is waiting for. Let's close it. Anyhow, if a new patch appears, we'll re-open it and consider it. But then this plug-in should support at least the v3 plug-in API as well, in addition to the requirements in comment 3.
OpenVPN accounting patch