#!/usr/bin/ksh
#
# Nagios Plugin for checking ip_conntrack_count.
#
# Description: Nagios Plugin for checking ip_conntrack_count.
#
# Author     : Thomas Ebeling
# Version    : 1.1
# Date       : 2014-10-22 (copied from epages server and bump version)
# 
#

LANG=C
export LANG

REVISION='$Revision: 1.3 $ '

# where we are started
WHERE=`dirname $0`

# setting default exit values
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
STATE_DEPENDENT=4

# import exit values from utils.sh if we found one
if   [ -f ${WHERE}/utils.sh ] ; then
    . ${WHERE}/utils.sh
elif [ -f ${WHERE}/../utils.sh ] ; then
    . ${WHERE}/../utils.sh
fi

usage() {
    echo "Usage: $0 [-w <number of entries>] [-c <number of entries>]"
    echo "Revision: $REVISION"
    echo 
    echo "Determines the number of conntrack entries."
    echo 
    echo "Warning and critical thresholds are optional."
    exit $STATE_UNKNOWN
}

warning=''
critical=''
check_dir=`pwd`

while [ "$1" != "" ]; do
	case $1 in
	-w)
		shift
		warning=`echo $1 | tr -dc '[:digit:]'`
		;;
	-c)
		shift
		critical=`echo $1 | tr -dc '[:digit:]'`
		;;
	-*)
		usage
		;;
	*)
		check_dir=$1
	esac
	shift
done

if [[ $critical != "" && $critical -le 0 ]] ; then
	echo "Critical must be a positive integer."
	exit $STATE_UNKNOWN
fi

if [[ $warning != "" && $warning -le 0 ]] ; then
	echo "Critical must be a positive integer."
	exit $STATE_UNKNOWN
fi

if [[ $critical != "" && "$warning" != "" && $critical -le $warning ]]; then
	echo "Warning must be less than critical value."
	exit $STATE_UNKNOWN
fi

OUTPUT=""
count=0

if [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_count ]; then 
	OUTPUT=`cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count 2>&1`
	if [ "$?" -ne "0" ]; then
		echo "WARNING - $OUTPUT"
		exit $STATE_WARNING
	fi
	count=`echo $OUTPUT | awk '{ print $1; }'`
elif [ -f /proc/sys/net/netfilter/nf_conntrack_count ]; then 
	OUTPUT=`cat /proc/sys/net/netfilter/nf_conntrack_count 2>&1`
	if [ "$?" -ne "0" ]; then
		echo "WARNING - $OUTPUT"
		exit $STATE_WARNING
	fi
	count=`echo $OUTPUT | awk '{ print $1; }'`
elif [ -f /proc/net/ip_conntrack ]; then
	OUTPUT=`wc -l /proc/net/ip_conntrack 2>&1`
	if [ "$?" -ne "0" ]; then
		echo "WARNING - $OUTPUT"
		exit $STATE_WARNING
	fi
	count=`echo $OUTPUT | awk '{ print $1; }'`
else 
	echo "WARNING - No conntrack information found."
	exit $STATE_WARNING
fi
rc=$STATE_OK

if [[ $critical != "" && $count -ge $critical ]]; then
	printf "CRITICAL - "
	rc=$STATE_CRITICAL
elif [[ $warning != "" && $count -ge $warning ]]; then
	printf "WARNING - "
	rc=$STATE_WARNING
else
	printf  "OK - "
fi
echo "$count entries.|count=$count"
exit $rc

