feat: implement nfqueue collector

Signed-off-by: Denis Voytyuk <5462781+denisvmedia@users.noreply.github.com>

Author: denisvmedia

collector/fixtures/proc/net/netfilter/nfnetlink_queue

@@ -0,0 +1,2 @@
+    0  31621     0 2 65531     0     0       50  1
+    1  31622   100 1  1024   150    10      200  1

collector/nfqueue_linux.go

@@ -0,0 +1,132 @@
+// Copyright The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !nonfqueue
+
+package collector
+
+import (
+	"errors"
+	"fmt"
+	"log/slog"
+	"os"
+	"strconv"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/procfs"
+)
+
+type nfqueueCollector struct {
+	fs           procfs.FS
+	queueTotal   *prometheus.Desc
+	queueDropped *prometheus.Desc
+	userDropped  *prometheus.Desc
+	idSequence   *prometheus.Desc
+	info         *prometheus.Desc
+	logger       *slog.Logger
+}
+
+func init() {
+	registerCollector("nfqueue", defaultDisabled, NewNFQueueCollector)
+}
+
+// NewNFQueueCollector returns a new Collector exposing netfilter queue stats
+// from /proc/net/netfilter/nfnetlink_queue.
+func NewNFQueueCollector(logger *slog.Logger) (Collector, error) {
+	fs, err := procfs.NewFS(*procPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to open procfs: %w", err)
+	}
+
+	return &nfqueueCollector{
+		fs: fs,
+		queueTotal: prometheus.NewDesc(
+			prometheus.BuildFQName(namespace, "nfqueue", "queue_total"),
+			"Current number of packets waiting in the queue.",
+			[]string{"queue"}, nil,
+		),
+		queueDropped: prometheus.NewDesc(
+			prometheus.BuildFQName(namespace, "nfqueue", "queue_dropped_total"),
+			"Packets dropped because the queue was full.",
+			[]string{"queue"}, nil,
+		),
+		userDropped: prometheus.NewDesc(
+			prometheus.BuildFQName(namespace, "nfqueue", "user_dropped_total"),
+			"Packets dropped due to a failure to send to userspace.",
+			[]string{"queue"}, nil,
+		),
+		idSequence: prometheus.NewDesc(
+			prometheus.BuildFQName(namespace, "nfqueue", "id_sequence_total"),
+			"The current packet ID sequence number.",
+			[]string{"queue"}, nil,
+		),
+		info: prometheus.NewDesc(
+			prometheus.BuildFQName(namespace, "nfqueue", "info"),
+			"Non-numeric metadata about the queue (value is always 1).",
+			[]string{"queue", "peer_portid", "copy_mode", "copy_range"}, nil,
+		),
+		logger: logger,
+	}, nil
+}
+
+func (c *nfqueueCollector) Update(ch chan<- prometheus.Metric) error {
+	queues, err := c.fs.NFNetLinkQueue()
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			c.logger.Debug("nfqueue: file not found, NFQUEUE probably not in use")
+			return ErrNoData
+		}
+		return fmt.Errorf("failed to retrieve nfqueue stats: %w", err)
+	}
+
+	for _, q := range queues {
+		queueID := strconv.FormatUint(uint64(q.QueueID), 10)
+		ch <- prometheus.MustNewConstMetric(
+			c.queueTotal, prometheus.GaugeValue,
+			float64(q.QueueTotal), queueID,
+		)
+		ch <- prometheus.MustNewConstMetric(
+			c.queueDropped, prometheus.CounterValue,
+			float64(q.QueueDropped), queueID,
+		)
+		ch <- prometheus.MustNewConstMetric(
+			c.userDropped, prometheus.CounterValue,
+			float64(q.QueueUserDropped), queueID,
+		)
+		ch <- prometheus.MustNewConstMetric(
+			c.idSequence, prometheus.CounterValue,
+			float64(q.SequenceID), queueID,
+		)
+		ch <- prometheus.MustNewConstMetric(
+			c.info, prometheus.GaugeValue, 1,
+			queueID,
+			strconv.FormatUint(uint64(q.PeerPID), 10),
+			nfqueueCopyModeString(q.CopyMode),
+			strconv.FormatUint(uint64(q.CopyRange), 10),
+		)
+	}
+	return nil
+}
+
+func nfqueueCopyModeString(mode uint) string {
+	switch mode {
+	case 0:
+		return "none"
+	case 1:
+		return "meta"
+	case 2:
+		return "packet"
+	default:
+		return strconv.FormatUint(uint64(mode), 10)
+	}
+}

collector/nfqueue_linux_test.go

@@ -0,0 +1,76 @@
+// Copyright The Prometheus Authors
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !nonfqueue
+
+package collector
+
+import (
+	"io"
+	"log/slog"
+	"strings"
+	"testing"
+
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/testutil"
+)
+
+type testNFQueueCollector struct {
+	nc Collector
+}
+
+func (c testNFQueueCollector) Collect(ch chan<- prometheus.Metric) {
+	c.nc.Update(ch)
+}
+
+func (c testNFQueueCollector) Describe(ch chan<- *prometheus.Desc) {
+	prometheus.DescribeByCollect(c, ch)
+}
+
+func TestNFQueueStats(t *testing.T) {
+	testcase := `# HELP node_nfqueue_id_sequence_total The current packet ID sequence number.
+	# TYPE node_nfqueue_id_sequence_total counter
+	node_nfqueue_id_sequence_total{queue="0"} 50
+	node_nfqueue_id_sequence_total{queue="1"} 200
+	# HELP node_nfqueue_info Non-numeric metadata about the queue (value is always 1).
+	# TYPE node_nfqueue_info gauge
+	node_nfqueue_info{copy_mode="packet",copy_range="65531",peer_portid="31621",queue="0"} 1
+	node_nfqueue_info{copy_mode="meta",copy_range="1024",peer_portid="31622",queue="1"} 1
+	# HELP node_nfqueue_queue_dropped_total Packets dropped because the queue was full.
+	# TYPE node_nfqueue_queue_dropped_total counter
+	node_nfqueue_queue_dropped_total{queue="0"} 0
+	node_nfqueue_queue_dropped_total{queue="1"} 150
+	# HELP node_nfqueue_queue_total Current number of packets waiting in the queue.
+	# TYPE node_nfqueue_queue_total gauge
+	node_nfqueue_queue_total{queue="0"} 0
+	node_nfqueue_queue_total{queue="1"} 100
+	# HELP node_nfqueue_user_dropped_total Packets dropped due to a failure to send to userspace.
+	# TYPE node_nfqueue_user_dropped_total counter
+	node_nfqueue_user_dropped_total{queue="0"} 0
+	node_nfqueue_user_dropped_total{queue="1"} 10
+	`
+	*procPath = "fixtures/proc"
+
+	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
+	c, err := NewNFQueueCollector(logger)
+	if err != nil {
+		t.Fatal(err)
+	}
+	reg := prometheus.NewRegistry()
+	reg.MustRegister(&testNFQueueCollector{nc: c})
+
+	err = testutil.GatherAndCompare(reg, strings.NewReader(testcase))
+	if err != nil {
+		t.Fatal(err)
+	}
+}