add nf_conntrack statistics to net_linux to query iptables/netfilter conntrack limits

.gitignore

@@ -1,4 +1,5 @@
 *~
 #*
 _obj
-*.tmp
+*.tmp
+.idea

net/net.go

@@ -64,6 +64,11 @@ type NetInterfaceStat struct {
 	Addrs        []NetInterfaceAddr `json:"addrs"`
 }
 
+type NetFilterStat struct {
+	ConnTrackCount	int32	`json:"conntrackcount"`
+	ConnTrackMax	int32	`json:"conntrackmax"`
+}
+
 var constMap = map[string]int{
 	"TCP":  syscall.SOCK_STREAM,
 	"UDP":  syscall.SOCK_DGRAM,

net/net_linux.go

@@ -160,3 +160,33 @@ func NetProtoCounters(protocols []string) ([]NetProtoCountersStat, error) {
 	}
 	return stats, nil
 }
+
+// NetFilterCounters returns iptables conntrack statistics
+// the currently in use conntrack count and the max.
+// If the file does not exist or is invalid it will return nil.
+func NetFilterCounters() (NetFilterStat, error) {
+	countfile := "/proc/sys/net/netfilter/nf_conntrack_count"
+	count, err := common.ReadLines(count)
+	if err != nil {
+		return nil, err
+	}
+
+	maxfile := "/proc/sys/net/netfilter/nf_conntrack_max"
+	max, err := common.ReadLines(maxfile)
+	if err != nil {
+		return nil, err
+	}
+	if len(count) != 1 {
+		// format of file has changed
+		return nil, err
+	}
+	if len(max) != 1 {
+		// format of file has changed
+		return nil, err
+	}
+	stats := NetFilterStat{
+		ConnTrackCount: count,
+		ConnTrackMax:   max,
+	}
+	return stats, nil
+}

net/net_test.go

@@ -196,3 +196,23 @@ func TestNetConnections(t *testing.T) {
 	}
 
 }
+
+func TestNetFilterCounters(t *testing.T) {
+	if ci := os.Getenv("CI"); ci != "" { // skip if test on drone.io
+		return
+	}
+
+	v, err := NetFilterCounters()
+	if err != nil {
+		t.Errorf("could not get NetConnections: %v", err)
+	}
+	if len(v) == 0 {
+		t.Errorf("could not get NetConnections: %v", v)
+	}
+	for _, vv := range v {
+		if vv.ConnTrackMax == 0 {
+			t.Errorf("nf_conntrack_max needs to be greater than zero: %v", vv)
+		}
+	}
+
+}