From c8c110cc6da6488c214070a412af83792a3e3b5d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 29 Oct 2025 18:39:24 +0000
Subject: [PATCH] graphs: Add a legacy suricata graph

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 Makefile.am                         |   2 +
 src/daemon/graphs.c                 |   6 ++
 src/daemon/graphs/legacy-suricata.c | 112 ++++++++++++++++++++++++++++
 src/daemon/graphs/legacy-suricata.h |  28 +++++++
 4 files changed, 148 insertions(+)
 create mode 100644 src/daemon/graphs/legacy-suricata.c
 create mode 100644 src/daemon/graphs/legacy-suricata.h

diff --git a/Makefile.am b/Makefile.am
index 2c74008..8ed0355 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -126,6 +126,8 @@ dist_telemetryd_SOURCES = \
 	src/daemon/graphs/hostapd-station-rate-info.h \
 	src/daemon/graphs/hostapd-station-signal.c \
 	src/daemon/graphs/hostapd-station-signal.h \
+	src/daemon/graphs/legacy-suricata.c \
+	src/daemon/graphs/legacy-suricata.h \
 	src/daemon/graphs/loadavg.c \
 	src/daemon/graphs/loadavg.h \
 	src/daemon/graphs/memory.c \
diff --git a/src/daemon/graphs.c b/src/daemon/graphs.c
index 6c8df9a..cee8f56 100644
--- a/src/daemon/graphs.c
+++ b/src/daemon/graphs.c
@@ -40,6 +40,9 @@
 #include "graphs/processor.h"
 #include "graphs/uptime.h"
 
+// Legacy graphs
+#include "graphs/legacy-suricata.h"
+
 // Register all graphs
 static const td_graph_impl* graph_impls[] = {
 	&conntrack_graph,
@@ -58,6 +61,9 @@ static const td_graph_impl* graph_impls[] = {
 	&pressure_io_graph,
 	&pressure_memory_graph,
 
+	// Legacy
+	&legacy_suricata_graph,
+
 	NULL,
 };
 
diff --git a/src/daemon/graphs/legacy-suricata.c b/src/daemon/graphs/legacy-suricata.c
new file mode 100644
index 0000000..a9cf4dc
--- /dev/null
+++ b/src/daemon/graphs/legacy-suricata.c
@@ -0,0 +1,112 @@
+/*#############################################################################
+#                                                                             #
+# telemetryd - The IPFire Telemetry Collection Service                        #
+# Copyright (C) 2025 IPFire Development Team                                  #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+#############################################################################*/
+
+#include <limits.h>
+
+#include "graph.h"
+#include "legacy-suricata.h"
+
+#define COLOR_WHITELISTED GREEN
+#define COLOR_BYPASSED    ORANGE
+#define COLOR_SCANNED     RED
+
+static int legacy_suricata_title(td_ctx* ctx, td_graph* graph,
+		const char* object, char* title, size_t length) {
+	return __td_string_set(title, length, _("Suricata Throughput"));
+}
+
+static int legacy_suricata_vlabel(td_ctx* ctx, td_graph* graph,
+		const char* object, char* vlabel, size_t length) {
+	return __td_string_set(vlabel, length, _("bps"));
+}
+
+static int legacy_suricata_render(td_ctx* ctx,
+		td_graph* graph, td_args* args, const char* object) {
+	int r;
+
+	const char* chains[] = {
+		"SCANNED",
+		"BYPASSED",
+		"WHITELISTED",
+		NULL,
+	};
+
+	// Load all sources
+	r = td_graph_require_sources(graph, args, "iptables", chains);
+	if (r < 0)
+		return r;
+
+	// Convert everything into bps
+	COMPUTE_BITS(args, "bps", "WHITELISTED", "bytes");
+	COMPUTE_BITS(args, "bps", "BYPASSED", "bytes");
+	COMPUTE_BITS(args, "bps", "SCANNED", "bytes");
+
+	// Add up all packets
+	COMPUTE_CDEF(args,
+		"total=" FIELD "," FIELD ",ADDNAN," FIELD ",ADDNAN",
+		FIELD_AND_OBJECT("bps", "WHITELISTED"),
+		FIELD_AND_OBJECT("bps", "BYPASSED"),
+		FIELD_AND_OBJECT("bps", "SCANNED")
+	);
+	VALUE_ALL(args, "total", NULL);
+
+	// Draw the stacked background first
+	DRAW_AREA_BACKGROUND(args, "bps", "WHITELISTED", COLOR_WHITELISTED, 0);
+	DRAW_AREA_BACKGROUND(args, "bps", "BYPASSED", COLOR_BYPASSED, STACKED);
+	DRAW_AREA_BACKGROUND(args, "bps", "SCANNED", COLOR_SCANNED, STACKED);
+
+	// Draw the area outlines afterwards
+	DRAW_AREA_OUTLINE_WITH_LABEL(args, "bps", "WHITELISTED", COLOR_WHITELISTED,
+		0, _("Whitelisted"));
+	PRINT_CAMM(args, "bps", "WHITELISTED", BPS);
+
+	DRAW_AREA_OUTLINE_WITH_LABEL(args, "bps", "BYPASSED", COLOR_BYPASSED,
+		0, _("Offloaded"));
+	PRINT_CAMM(args, "bps", "BYPASSED", BPS);
+
+	DRAW_AREA_OUTLINE_WITH_LABEL(args, "bps", "SCANNED", COLOR_SCANNED,
+		0, _("Scanned"));
+	PRINT_CAMM(args, "bps", "SCANNED", BPS);
+
+	PRINT_EMPTY_LINE(args);
+
+	// Show the total throughput
+	PRINT_LABEL(args, _("Total"));
+	PRINT_CAMM(args, "total", NULL, BPS);
+
+	// Header
+	PRINT_HEADER4(args, _("Current"), _("Average"), _("Minimum"), _("Maximum"));
+
+	return 0;
+}
+
+const td_graph_impl legacy_suricata_graph = {
+	.name    = "LegacySuricata",
+	.render  = legacy_suricata_render,
+	.title   = legacy_suricata_title,
+	.vlabel  = legacy_suricata_vlabel,
+
+	// Flags
+	.flags   = TELEMETRY_GRAPH_REVERSE,
+
+	// Limits
+	.lower_limit = 0,
+	.upper_limit = LONG_MAX,
+};
diff --git a/src/daemon/graphs/legacy-suricata.h b/src/daemon/graphs/legacy-suricata.h
new file mode 100644
index 0000000..6e5f184
--- /dev/null
+++ b/src/daemon/graphs/legacy-suricata.h
@@ -0,0 +1,28 @@
+/*#############################################################################
+#                                                                             #
+# telemetryd - The IPFire Telemetry Collection Service                        #
+# Copyright (C) 2025 IPFire Development Team                                  #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+#############################################################################*/
+
+#ifndef TELEMETRY_GRAPH_LEGACY_SURICATA_H
+#define TELEMETRY_GRAPH_LEGACY_SURICATA_H
+
+#include "../graph.h"
+
+extern const td_graph_impl legacy_suricata_graph;
+
+#endif /* TELEMETRY_GRAPH_LEGACY_SURICATA_H */
-- 
2.47.3