Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Where did the RRD quality graphs go?

    2.0-RC Snapshot Feedback and Problems - RETIRED
    3
    4
    4.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Efonnes
      last edited by

      I had been wondering why the RRD quality graphs hadn't been working for me, but then I was looking through the scripts related to RRD graphs and found no mention of the quality graphs at all in /var/db/rrd/updaterrd.sh nor in the part of /etc/inc/rrd.inc that generates the script.  When did this get removed?  Or is there another script somewhere that is supposed to handle it?

      I am currently using pfSense-2.0-BETA1-512mb-20100122-0133-nanobsd, but I haven't seen it working in any of the builds I've tried in the past month (I hadn't tried any earlier ones, though).

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        They pull their data from apinger now. Mine are all working, I'm not running any embedded 2.0 at the moment though.

        1 Reply Last reply Reply Quote 0
        • R
          rewt
          last edited by

          This is still broken in a fresh install of the nanobsd snap, 20100305-1040.

          apinger is definitely running:

          ps aux | grep apinger
nobody  1867  0.0  0.6  3304  1360  ??  Ss    8:11PM   0:19.96 /usr/local/sbin/apinger -c /var/etc/apinger.conf

          apinger is definitely configured with a rrd file for the wan interface:

          grep -E "(^target|rrd file)" /var/etc/apinger.conf | sed -E "s/([0-9]{1,3}\.{0,1}){4}/x.x.x.x/g"
target default {
        #rrd file "/var/db/rrd/apinger-%t.rrd"
target "x.x.x.x" {
        rrd file "/var/db/rrd/wan-quality.rrd"

          apinger is definitely not creating the rrd file:

          ls -l /var/db/rrd/wan-quality.rrd
ls: /var/db/rrd/wan-quality.rrd: No such file or directory

          It appears the issue lies in the fact that apinger does a setuid/setgid nobody:nobody, and is therefore unable to create the rrd file in /var/db/rrd/ (which is root:wheel, 755 by default). If I chown nobody /var/db/rrd and restart apinger, the rrd file is created and everything works fine. Once apinger builds the rrd file initially, you can chown root /var/db/rrd, and it continues to work.

          Unfortunately, a simpler workaround of using touch to create an empty /var/db/rrd/wan-quality.rrd file and then chown'ing that to nobody does not work - apinger will not attempt to turn it into a rrd file and use it. That leaves three options for real fixes:

          1. Have apinger create the rrd file and chown nobody prior to giving up root
          2. Prior to running apinger, manually use rrdtool to create the files apinger will be using as root and chown nobody
          3. Create the user rrd, run apinger under rrd:nobody, chown rrd /var/db/rrd

          Personally, I'd rather see option #3 implemented from a security perspective. The idea of having a rrd filed owned by nobody scares me a little, since it's possible for any unprivileged process running under nobody to write to the file, leaving the chance for a process running as root (lighttpd?) to attempt to parse an intentionally corrupt file and exploit some yet-to-be-discovered flaw.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Thanks for the detailed report, rewt. Ticket opened.
            http://redmine.pfsense.org/issues/show/409

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.