package HotSaNICmod::OSdep; use lib "../../lib"; sub version { ($VERSION = '$Revision: 1.8 $') =~ s/.*(\d+\.\d+).*/$1/; return "$^O.pm $VERSION"; } sub sample { my %args=@_; my $IPTABLES=$args{IPTABLES}; my $VAR=$args{VARDIR}; if ( (! -e "$VAR/acct_int.dat") || (! -e "$VAR/acct_ext.dat")) { system("$IPTABLES -L acct_int -xvn > $VAR/acct_int.dat"); system("$IPTABLES -L acct_ext -xvn > $VAR/acct_ext.dat"); } my %acct_int_old=readfile("$VAR/acct_int.dat",$IPTABLES); my %acct_ext_old=readfile("$VAR/acct_ext.dat",$IPTABLES); system("$IPTABLES -L acct_int -xvn > $VAR/acct_int.dat"); system("$IPTABLES -L acct_ext -xvn > $VAR/acct_ext.dat"); my %acct_int=readfile("$VAR/acct_int.dat",$IPTABLES); my %acct_ext=readfile("$VAR/acct_ext.dat",$IPTABLES); my $time=time; foreach my $nn (sort(keys(%acct_int))) { $allin=$acct_int{$nn}[1]-$acct_int_old{$nn}[1]; $tcpin=$acct_int{$nn}[3]-$acct_int_old{$nn}[3]; $udpin=$acct_int{$nn}[5]-$acct_int_old{$nn}[5]; $icmpin=$acct_int{$nn}[7]-$acct_int_old{$nn}[7]; $allout=$acct_int{$nn}[2]-$acct_int_old{$nn}[2]; $tcpout=$acct_int{$nn}[4]-$acct_int_old{$nn}[4]; $udpout=$acct_int{$nn}[6]-$acct_int_old{$nn}[6]; $icmpout=$acct_int{$nn}[8]-$acct_int_old{$nn}[8]; my $name = "int$nn"; $name =~ s/\//_/g; HotSaNICmod::do_rrd($name,"U",$time,$tcpin,$udpin,$icmpin,$tcpout,$udpout,$icmpout); } foreach my $nn (sort(keys(%acct_ext))) { $allin=$acct_ext{$nn}[1]-$acct_ext_old{$nn}[1]; $tcpin=$acct_ext{$nn}[3]-$acct_ext_old{$nn}[3]; $udpin=$acct_ext{$nn}[5]-$acct_ext_old{$nn}[5]; $icmpin=$acct_ext{$nn}[7]-$acct_ext_old{$nn}[7]; $allout=$acct_ext{$nn}[2]-$acct_ext_old{$nn}[2]; $tcpout=$acct_ext{$nn}[4]-$acct_ext_old{$nn}[4]; $udpout=$acct_ext{$nn}[6]-$acct_ext_old{$nn}[6]; $icmpout=$acct_ext{$nn}[8]-$acct_ext_old{$nn}[8]; my $name = "ext$nn"; $name =~ s/\//_/g; HotSaNICmod::do_rrd($name,"U",$time,$tcpin,$udpin,$icmpin,$tcpout,$udpout,$icmpout); } } sub init { my %args=@_; if (! defined $args{IPTABLES}) { HotSaNICmod::dupe_control("die",$args{MODNAME},"IPTABLES missing in module settings..."); } $IPTABLES=$args{IPTABLES}; HotSaNIClog::info("clearing old accounting chains"); foreach $dev (split(/,/,$args{EXTIF})) { if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -D input -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -D output -i $dev -j acct_ext > /dev/null"); } else { system("$IPTABLES -D INPUT -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -D OUTPUT -o $dev -j acct_ext > /dev/null"); system("$IPTABLES -D FORWARD -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -D FORWARD -o $dev -j acct_ext > /dev/null"); } } system("$IPTABLES -F acct_ext > /dev/null"); system("$IPTABLES -X acct_ext > /dev/null"); foreach $dev (split(/,/,$args{INTIF})) { if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -D input -i $dev -j acct_int > /dev/null"); system("$IPTABLES -D output -i $dev -j acct_int > /dev/null"); } else { system("$IPTABLES -D INPUT -i $dev -j acct_int > /dev/null"); system("$IPTABLES -D OUTPUT -o $dev -j acct_int > /dev/null"); system("$IPTABLES -D FORWARD -i $dev -j acct_int > /dev/null"); system("$IPTABLES -D FORWARD -o $dev -j acct_int > /dev/null"); } } system("$IPTABLES -F acct_int > /dev/null"); system("$IPTABLES -X acct_int > /dev/null"); HotSaNIClog::info("setting up accounting chains"); system("$IPTABLES -N acct_ext > /dev/null"); system("$IPTABLES -N acct_int > /dev/null"); # # set up Accounting for unique IPs in subnet... # HotSaNIClog::info("accounting for local targets"); foreach $item (@{$args{DEVINT}}) { ($host,$maxin,$maxout,$descr)=split(/,/,$item); HotSaNIClog::info(" $host"); foreach $prt ("tcp","udp","icmp","all") { system("$IPTABLES -A acct_int -s $host -p $prt"); system("$IPTABLES -A acct_int -d $host -p $prt"); } } # # set up accounting for dedicated networks to loacl subnet # HotSaNIClog::info("accounting for externel targets"); foreach $item (@{$args{DEVEXT}}) { ($host,$maxin,$maxout,$descr)=split(/,/,$item); HotSaNIClog::info(" $host"); foreach $prt ("tcp","udp","icmp","all") { system("$IPTABLES -A acct_ext -s $host -p $prt"); system("$IPTABLES -A acct_ext -d $host -p $prt"); } } HotSaNIClog::info("linking accounting chains to INPUT/OUTPUT chain"); foreach $item (split(/,/,$args{EXTIF})) { ($dev,$maxin,$maxout,$descr)=split(/,/,$item); if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -I input -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_ext > /dev/null"); } else { system("$IPTABLES -I INPUT -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -j acct_ext > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -j acct_ext > /dev/null"); system("$IPTABLES -I FORWARD -o $dev -j acct_ext > /dev/null"); } } foreach $item (split(/,/,$args{INTIF})) { ($dev,$maxin,$maxout,$descr)=split(/,/,$item); if ($IPTABLES =~ /ipchains/) { system("$IPTABLES -I input -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I output -i $dev -j acct_int > /dev/null"); } else { system("$IPTABLES -I INPUT -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I OUTPUT -o $dev -j acct_int > /dev/null"); system("$IPTABLES -I FORWARD -i $dev -j acct_int > /dev/null"); system("$IPTABLES -I FORWARD -o $dev -j acct_int > /dev/null"); } } HotSaNIClog::info("All done! - accounting should be running now!"); } sub readfile { my ($file,$IPTABLES)=@_; my $ip=""; undef my %hash; open (FILE,$file); while () { chomp; if (index($IPTABLES,"ipchains") >= 0 ) { ($pkt,$bytes,$target,$proto,$opt,$tosa,$tosx,$ifname,$src,$dst)=split; } else { ($pkt,$bytes,$target,$proto,$opt,$in,$out,$src,$dst)=split; } if ($pkt =~ /^[0-9]*$/ ) { if ($dst eq "") { ($proto,$opt,$in,$out,$src,$dst)=($target,$proto,$opt,$in,$out,$src); } if ($src eq "0.0.0.0/0") { $ip=$dst;$dir=1; } elsif ($dst eq "0.0.0.0/0") { $ip=$src;$dir=0; } if ($proto eq "all") { $prt=1 }; if ($proto eq "tcp") { $prt=3 }; if ($proto eq "udp") { $prt=5 }; if ($proto eq "icmp") { $prt=7 }; if ($ip ne "") {$hash{"$ip"}[$prt+$dir]=$bytes;} } } close (FILE); return %hash; } 1; WebSVN - hotsanic - Blame - Rev 29 - /branches/HotSaNIC-0.5.0-pre6/modules/networks/platform/linux.pm
  jablonka.czprosek.czf

hotsanic

 Subversion Repositories:
[/] [branches/] [HotSaNIC-0.5.0-pre6/] [modules/] [networks/] [platform/] [linux.pm] - Blame information for rev 29

 

Line No. Rev Author Line

Powered by WebSVN 2.2.1