hotsanic

Subversion Repositories:

[/] [branches/] [HotSaNIC-0.5.0-pre6/] [modules/] [networks/] [platform/] [linux.pm] - Blame information for rev 20

Line No.	Rev	Author	Line
1	1	simandl	`package HotSaNICmod::OSdep;`
2
3			`use lib "../../lib";`
4
5			`sub version {`
6			`($VERSION = '$Revision: 1.8 $') =~ s/.(\d+\.\d+)./$1/;`
7			`return "$^O.pm $VERSION";`
8			`}`
9
10			`sub sample {`
11			`my %args=@_;`
12
13			`my $IPTABLES=$args{IPTABLES};`
14			`my $VAR=$args{VARDIR};`
15
16			`if ( (! -e "$VAR/acct_int.dat") \|\| (! -e "$VAR/acct_ext.dat")) {`
17			`system("$IPTABLES -L acct_int -xvn > $VAR/acct_int.dat");`
18			`system("$IPTABLES -L acct_ext -xvn > $VAR/acct_ext.dat");`
19			`}`
20
21			`my %acct_int_old=readfile("$VAR/acct_int.dat",$IPTABLES);`
22			`my %acct_ext_old=readfile("$VAR/acct_ext.dat",$IPTABLES);`
23			`system("$IPTABLES -L acct_int -xvn > $VAR/acct_int.dat");`
24			`system("$IPTABLES -L acct_ext -xvn > $VAR/acct_ext.dat");`
25			`my %acct_int=readfile("$VAR/acct_int.dat",$IPTABLES);`
26			`my %acct_ext=readfile("$VAR/acct_ext.dat",$IPTABLES);`
27
28			`my $time=time;`
29
30			`foreach my $nn (sort(keys(%acct_int))) {`
31			`$allin=$acct_int{$nn}[1]-$acct_int_old{$nn}[1];`
32			`$tcpin=$acct_int{$nn}[3]-$acct_int_old{$nn}[3];`
33			`$udpin=$acct_int{$nn}[5]-$acct_int_old{$nn}[5];`
34			`$icmpin=$acct_int{$nn}[7]-$acct_int_old{$nn}[7];`
35			`$allout=$acct_int{$nn}[2]-$acct_int_old{$nn}[2];`
36			`$tcpout=$acct_int{$nn}[4]-$acct_int_old{$nn}[4];`
37			`$udpout=$acct_int{$nn}[6]-$acct_int_old{$nn}[6];`
38			`$icmpout=$acct_int{$nn}[8]-$acct_int_old{$nn}[8];`
39			`my $name = "int$nn";`
40			`$name =~ s/\//_/g;`
41			`HotSaNICmod::do_rrd($name,"U",$time,$tcpin,$udpin,$icmpin,$tcpout,$udpout,$icmpout);`
42			`}`
43
44			`foreach my $nn (sort(keys(%acct_ext))) {`
45			`$allin=$acct_ext{$nn}[1]-$acct_ext_old{$nn}[1];`
46			`$tcpin=$acct_ext{$nn}[3]-$acct_ext_old{$nn}[3];`
47			`$udpin=$acct_ext{$nn}[5]-$acct_ext_old{$nn}[5];`
48			`$icmpin=$acct_ext{$nn}[7]-$acct_ext_old{$nn}[7];`
49			`$allout=$acct_ext{$nn}[2]-$acct_ext_old{$nn}[2];`
50			`$tcpout=$acct_ext{$nn}[4]-$acct_ext_old{$nn}[4];`
51			`$udpout=$acct_ext{$nn}[6]-$acct_ext_old{$nn}[6];`
52			`$icmpout=$acct_ext{$nn}[8]-$acct_ext_old{$nn}[8];`
53			`my $name = "ext$nn";`
54			`$name =~ s/\//_/g;`
55			`HotSaNICmod::do_rrd($name,"U",$time,$tcpin,$udpin,$icmpin,$tcpout,$udpout,$icmpout);`
56			`}`
57			`}`
58
59			`sub init {`
60			`my %args=@_;`
61			`if (! defined $args{IPTABLES}) { HotSaNICmod::dupe_control("die",$args{MODNAME},"IPTABLES missing in module settings..."); }`
62
63			`$IPTABLES=$args{IPTABLES};`
64
65			`HotSaNIClog::info("clearing old accounting chains");`
66			`foreach $dev (split(/,/,$args{EXTIF})) {`
67			`if ($IPTABLES =~ /ipchains/) {`
68			`system("$IPTABLES -D input -i $dev -j acct_ext > /dev/null");`
69			`system("$IPTABLES -D output -i $dev -j acct_ext > /dev/null");`
70			`}`
71			`else {`
72			`system("$IPTABLES -D INPUT -i $dev -j acct_ext > /dev/null");`
73			`system("$IPTABLES -D OUTPUT -o $dev -j acct_ext > /dev/null");`
74			`system("$IPTABLES -D FORWARD -i $dev -j acct_ext > /dev/null");`
75			`system("$IPTABLES -D FORWARD -o $dev -j acct_ext > /dev/null");`
76			`}`
77			`}`
78			`system("$IPTABLES -F acct_ext > /dev/null");`
79			`system("$IPTABLES -X acct_ext > /dev/null");`
80
81			`foreach $dev (split(/,/,$args{INTIF})) {`
82			`if ($IPTABLES =~ /ipchains/) {`
83			`system("$IPTABLES -D input -i $dev -j acct_int > /dev/null");`
84			`system("$IPTABLES -D output -i $dev -j acct_int > /dev/null");`
85			`}`
86			`else {`
87			`system("$IPTABLES -D INPUT -i $dev -j acct_int > /dev/null");`
88			`system("$IPTABLES -D OUTPUT -o $dev -j acct_int > /dev/null");`
89			`system("$IPTABLES -D FORWARD -i $dev -j acct_int > /dev/null");`
90			`system("$IPTABLES -D FORWARD -o $dev -j acct_int > /dev/null");`
91			`}`
92			`}`
93			`system("$IPTABLES -F acct_int > /dev/null");`
94			`system("$IPTABLES -X acct_int > /dev/null");`
95
96			`HotSaNIClog::info("setting up accounting chains");`
97			`system("$IPTABLES -N acct_ext > /dev/null");`
98			`system("$IPTABLES -N acct_int > /dev/null");`
99
100			`#`
101			`# set up Accounting for unique IPs in subnet...`
102			`#`
103
104			`HotSaNIClog::info("accounting for local targets");`
105
106			`foreach $item (@{$args{DEVINT}}) {`
107			`($host,$maxin,$maxout,$descr)=split(/,/,$item);`
108			`HotSaNIClog::info(" $host");`
109			`foreach $prt ("tcp","udp","icmp","all") {`
110			`system("$IPTABLES -A acct_int -s $host -p $prt");`
111			`system("$IPTABLES -A acct_int -d $host -p $prt");`
112			`}`
113			`}`
114
115			`#`
116			`# set up accounting for dedicated networks to loacl subnet`
117			`#`
118
119			`HotSaNIClog::info("accounting for externel targets");`
120
121			`foreach $item (@{$args{DEVEXT}}) {`
122			`($host,$maxin,$maxout,$descr)=split(/,/,$item);`
123			`HotSaNIClog::info(" $host");`
124			`foreach $prt ("tcp","udp","icmp","all") {`
125			`system("$IPTABLES -A acct_ext -s $host -p $prt");`
126			`system("$IPTABLES -A acct_ext -d $host -p $prt");`
127			`}`
128			`}`
129
130			`HotSaNIClog::info("linking accounting chains to INPUT/OUTPUT chain");`
131			`foreach $item (split(/,/,$args{EXTIF})) {`
132			`($dev,$maxin,$maxout,$descr)=split(/,/,$item);`
133			`if ($IPTABLES =~ /ipchains/) {`
134			`system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");`
135			`system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");`
136			`}`
137			`else {`
138			`system("$IPTABLES -I INPUT -i $dev -j acct_ext > /dev/null");`
139			`system("$IPTABLES -I OUTPUT -o $dev -j acct_ext > /dev/null");`
140			`system("$IPTABLES -I FORWARD -i $dev -j acct_ext > /dev/null");`
141			`system("$IPTABLES -I FORWARD -o $dev -j acct_ext > /dev/null");`
142			`}`
143			`}`
144			`foreach $item (split(/,/,$args{INTIF})) {`
145			`($dev,$maxin,$maxout,$descr)=split(/,/,$item);`
146			`if ($IPTABLES =~ /ipchains/) {`
147			`system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");`
148			`system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");`
149			`}`
150			`else {`
151			`system("$IPTABLES -I INPUT -i $dev -j acct_int > /dev/null");`
152			`system("$IPTABLES -I OUTPUT -o $dev -j acct_int > /dev/null");`
153			`system("$IPTABLES -I FORWARD -i $dev -j acct_int > /dev/null");`
154			`system("$IPTABLES -I FORWARD -o $dev -j acct_int > /dev/null");`
155			`}`
156			`}`
157			`HotSaNIClog::info("All done! - accounting should be running now!");`
158			`}`
159
160			`sub readfile {`
161			`my ($file,$IPTABLES)=@_;`
162			`my $ip="";`
163			`undef my %hash;`
164			`open (FILE,$file);`
165			`while (<FILE>) {`
166			`chomp;`
167			`if (index($IPTABLES,"ipchains") >= 0 ) { ($pkt,$bytes,$target,$proto,$opt,$tosa,$tosx,$ifname,$src,$dst)=split; }`
168			`else { ($pkt,$bytes,$target,$proto,$opt,$in,$out,$src,$dst)=split; }`
169			`if ($pkt =~ /^[0-9]*$/ ) {`
170			`if ($dst eq "") { ($proto,$opt,$in,$out,$src,$dst)=($target,$proto,$opt,$in,$out,$src); }`
171			`if ($src eq "0.0.0.0/0") { $ip=$dst;$dir=1; } elsif ($dst eq "0.0.0.0/0") { $ip=$src;$dir=0; }`
172			`if ($proto eq "all") { $prt=1 };`
173			`if ($proto eq "tcp") { $prt=3 };`
174			`if ($proto eq "udp") { $prt=5 };`
175			`if ($proto eq "icmp") { $prt=7 };`
176			`if ($ip ne "") {$hash{"$ip"}[$prt+$dir]=$bytes;}`
177			`}`
178			`}`
179			`close (FILE);`
180			`return %hash;`
181			`}`
182
183			`1;`
184