jablonka.czprosek.czf

hotsanic

Subversion Repositories:
[/] [branches/] [HotSaNIC-0.5.0-pre6/] [modules/] [networks/] [platform/] [linux.pm] - Blame information for rev 23

 

Line No. Rev Author Line
11simandlpackage HotSaNICmod::OSdep;
2 
3use lib "../../lib";
4 
5sub version {
6 ($VERSION = '$Revision: 1.8 $') =~ s/.*(\d+\.\d+).*/$1/;
7 return "$^O.pm $VERSION";
8 }
9 
10sub sample {
11 my %args=@_;
12 
13 my $IPTABLES=$args{IPTABLES};
14 my $VAR=$args{VARDIR};
15 
16 if ( (! -e "$VAR/acct_int.dat") || (! -e "$VAR/acct_ext.dat")) {
17 system("$IPTABLES -L acct_int -xvn > $VAR/acct_int.dat");
18 system("$IPTABLES -L acct_ext -xvn > $VAR/acct_ext.dat");
19 }
20 
21 my %acct_int_old=readfile("$VAR/acct_int.dat",$IPTABLES);
22 my %acct_ext_old=readfile("$VAR/acct_ext.dat",$IPTABLES);
23 system("$IPTABLES -L acct_int -xvn > $VAR/acct_int.dat");
24 system("$IPTABLES -L acct_ext -xvn > $VAR/acct_ext.dat");
25 my %acct_int=readfile("$VAR/acct_int.dat",$IPTABLES);
26 my %acct_ext=readfile("$VAR/acct_ext.dat",$IPTABLES);
27 
28 my $time=time;
29 
30 foreach my $nn (sort(keys(%acct_int))) {
31 $allin=$acct_int{$nn}[1]-$acct_int_old{$nn}[1];
32 $tcpin=$acct_int{$nn}[3]-$acct_int_old{$nn}[3];
33 $udpin=$acct_int{$nn}[5]-$acct_int_old{$nn}[5];
34 $icmpin=$acct_int{$nn}[7]-$acct_int_old{$nn}[7];
35 $allout=$acct_int{$nn}[2]-$acct_int_old{$nn}[2];
36 $tcpout=$acct_int{$nn}[4]-$acct_int_old{$nn}[4];
37 $udpout=$acct_int{$nn}[6]-$acct_int_old{$nn}[6];
38 $icmpout=$acct_int{$nn}[8]-$acct_int_old{$nn}[8];
39 my $name = "int$nn";
40 $name =~ s/\//_/g;
41 HotSaNICmod::do_rrd($name,"U",$time,$tcpin,$udpin,$icmpin,$tcpout,$udpout,$icmpout);
42 }
43 
44 foreach my $nn (sort(keys(%acct_ext))) {
45 $allin=$acct_ext{$nn}[1]-$acct_ext_old{$nn}[1];
46 $tcpin=$acct_ext{$nn}[3]-$acct_ext_old{$nn}[3];
47 $udpin=$acct_ext{$nn}[5]-$acct_ext_old{$nn}[5];
48 $icmpin=$acct_ext{$nn}[7]-$acct_ext_old{$nn}[7];
49 $allout=$acct_ext{$nn}[2]-$acct_ext_old{$nn}[2];
50 $tcpout=$acct_ext{$nn}[4]-$acct_ext_old{$nn}[4];
51 $udpout=$acct_ext{$nn}[6]-$acct_ext_old{$nn}[6];
52 $icmpout=$acct_ext{$nn}[8]-$acct_ext_old{$nn}[8];
53 my $name = "ext$nn";
54 $name =~ s/\//_/g;
55 HotSaNICmod::do_rrd($name,"U",$time,$tcpin,$udpin,$icmpin,$tcpout,$udpout,$icmpout);
56 }
57 }
58 
59sub init {
60 my %args=@_;
61 if (! defined $args{IPTABLES}) { HotSaNICmod::dupe_control("die",$args{MODNAME},"IPTABLES missing in module settings..."); }
62 
63 $IPTABLES=$args{IPTABLES};
64 
65 HotSaNIClog::info("clearing old accounting chains");
66 foreach $dev (split(/,/,$args{EXTIF})) {
67 if ($IPTABLES =~ /ipchains/) {
68 system("$IPTABLES -D input -i $dev -j acct_ext > /dev/null");
69 system("$IPTABLES -D output -i $dev -j acct_ext > /dev/null");
70 }
71 else {
72 system("$IPTABLES -D INPUT -i $dev -j acct_ext > /dev/null");
73 system("$IPTABLES -D OUTPUT -o $dev -j acct_ext > /dev/null");
74 system("$IPTABLES -D FORWARD -i $dev -j acct_ext > /dev/null");
75 system("$IPTABLES -D FORWARD -o $dev -j acct_ext > /dev/null");
76 }
77 }
78 system("$IPTABLES -F acct_ext > /dev/null");
79 system("$IPTABLES -X acct_ext > /dev/null");
80 
81 foreach $dev (split(/,/,$args{INTIF})) {
82 if ($IPTABLES =~ /ipchains/) {
83 system("$IPTABLES -D input -i $dev -j acct_int > /dev/null");
84 system("$IPTABLES -D output -i $dev -j acct_int > /dev/null");
85 }
86 else {
87 system("$IPTABLES -D INPUT -i $dev -j acct_int > /dev/null");
88 system("$IPTABLES -D OUTPUT -o $dev -j acct_int > /dev/null");
89 system("$IPTABLES -D FORWARD -i $dev -j acct_int > /dev/null");
90 system("$IPTABLES -D FORWARD -o $dev -j acct_int > /dev/null");
91 }
92 }
93 system("$IPTABLES -F acct_int > /dev/null");
94 system("$IPTABLES -X acct_int > /dev/null");
95 
96 HotSaNIClog::info("setting up accounting chains");
97 system("$IPTABLES -N acct_ext > /dev/null");
98 system("$IPTABLES -N acct_int > /dev/null");
99 
100 #
101 # set up Accounting for unique IPs in subnet...
102 #
103 
104 HotSaNIClog::info("accounting for local targets");
105 
106 foreach $item (@{$args{DEVINT}}) {
107 ($host,$maxin,$maxout,$descr)=split(/,/,$item);
108 HotSaNIClog::info(" $host");
109 foreach $prt ("tcp","udp","icmp","all") {
110 system("$IPTABLES -A acct_int -s $host -p $prt");
111 system("$IPTABLES -A acct_int -d $host -p $prt");
112 }
113 }
114 
115 #
116 # set up accounting for dedicated networks to loacl subnet
117 #
118 
119 HotSaNIClog::info("accounting for externel targets");
120 
121 foreach $item (@{$args{DEVEXT}}) {
122 ($host,$maxin,$maxout,$descr)=split(/,/,$item);
123 HotSaNIClog::info(" $host");
124 foreach $prt ("tcp","udp","icmp","all") {
125 system("$IPTABLES -A acct_ext -s $host -p $prt");
126 system("$IPTABLES -A acct_ext -d $host -p $prt");
127 }
128 }
129 
130 HotSaNIClog::info("linking accounting chains to INPUT/OUTPUT chain");
131 foreach $item (split(/,/,$args{EXTIF})) {
132 ($dev,$maxin,$maxout,$descr)=split(/,/,$item);
133 if ($IPTABLES =~ /ipchains/) {
134 system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null");
135 system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null");
136 }
137 else {
138 system("$IPTABLES -I INPUT -i $dev -j acct_ext > /dev/null");
139 system("$IPTABLES -I OUTPUT -o $dev -j acct_ext > /dev/null");
140 system("$IPTABLES -I FORWARD -i $dev -j acct_ext > /dev/null");
141 system("$IPTABLES -I FORWARD -o $dev -j acct_ext > /dev/null");
142 }
143 }
144 foreach $item (split(/,/,$args{INTIF})) {
145 ($dev,$maxin,$maxout,$descr)=split(/,/,$item);
146 if ($IPTABLES =~ /ipchains/) {
147 system("$IPTABLES -I input -i $dev -j acct_int > /dev/null");
148 system("$IPTABLES -I output -i $dev -j acct_int > /dev/null");
149 }
150 else {
151 system("$IPTABLES -I INPUT -i $dev -j acct_int > /dev/null");
152 system("$IPTABLES -I OUTPUT -o $dev -j acct_int > /dev/null");
153 system("$IPTABLES -I FORWARD -i $dev -j acct_int > /dev/null");
154 system("$IPTABLES -I FORWARD -o $dev -j acct_int > /dev/null");
155 }
156 }
157 HotSaNIClog::info("All done! - accounting should be running now!");
158 }
159 
160sub readfile {
161 my ($file,$IPTABLES)=@_;
162 my $ip="";
163 undef my %hash;
164 open (FILE,$file);
165 while (<FILE>) {
166 chomp;
167 if (index($IPTABLES,"ipchains") >= 0 ) { ($pkt,$bytes,$target,$proto,$opt,$tosa,$tosx,$ifname,$src,$dst)=split; }
168 else { ($pkt,$bytes,$target,$proto,$opt,$in,$out,$src,$dst)=split; }
169 if ($pkt =~ /^[0-9]*$/ ) {
170 if ($dst eq "") { ($proto,$opt,$in,$out,$src,$dst)=($target,$proto,$opt,$in,$out,$src); }
171 if ($src eq "0.0.0.0/0") { $ip=$dst;$dir=1; } elsif ($dst eq "0.0.0.0/0") { $ip=$src;$dir=0; }
172 if ($proto eq "all") { $prt=1 };
173 if ($proto eq "tcp") { $prt=3 };
174 if ($proto eq "udp") { $prt=5 };
175 if ($proto eq "icmp") { $prt=7 };
176 if ($ip ne "") {$hash{"$ip"}[$prt+$dir]=$bytes;}
177 }
178 }
179 close (FILE);
180 return %hash;
181 }
182 
1831;
184 

Powered by WebSVN 2.2.1