1 | 1 | simandl | package HotSaNICmod::OSdep; |
2 | | | |
3 | | | use RRDs; |
4 | | | use lib "../../lib"; |
5 | | | |
6 | | | sub version { |
7 | | | ($VERSION = '$Revision: 1.4 $') =~ s/.*(\d+\.\d+).*/$1/; |
8 | | | return "$^O.pm $VERSION"; |
9 | | | } |
10 | | | |
11 | | | sub sample { |
12 | | | my %args=@_; |
13 | | | |
14 | | | my $IPTABLES=$args{IPTABLES}; |
15 | | | |
16 | | | if ( (! -e "acct_int.dat") || (! -e "acct_ext.dat")) { |
17 | 6 | simandl | system("$IPTABLES -L acct_int_other -xvn > acct_int.dat"); |
18 | | | system("$IPTABLES -L acct_ext_other -xvn > acct_ext.dat"); |
19 | | | foreach $prt ("tcp","udp") { |
20 | | | system("$IPTABLES -L acct_int_$prt -xvn | sed 's/all/$prt/g' >> acct_int.dat"); |
21 | | | system("$IPTABLES -L acct_ext_$prt -xvn | sed 's/all/$prt/g' >> acct_ext.dat"); |
22 | 5 | simandl | system("$IPTABLES -L acct_int_$prt -xvn >> acct_int.dat"); |
23 | | | system("$IPTABLES -L acct_ext_$prt -xvn >> acct_ext.dat"); |
24 | | | } |
25 | 1 | simandl | } |
26 | | | |
27 | | | my %acct_int_old=readfile("acct_int.dat",$IPTABLES); |
28 | | | my %acct_ext_old=readfile("acct_ext.dat",$IPTABLES); |
29 | 6 | simandl | system("$IPTABLES -L acct_int_other -xvn > acct_int.dat"); |
30 | | | system("$IPTABLES -L acct_ext_other -xvn > acct_ext.dat"); |
31 | | | foreach $prt ("tcp","udp") { |
32 | 5 | simandl | system("$IPTABLES -L acct_int_$prt -xvn | sed 's/all/$prt/g' >> acct_int.dat"); |
33 | | | system("$IPTABLES -L acct_ext_$prt -xvn | sed 's/all/$prt/g' >> acct_ext.dat"); |
34 | | | } |
35 | 1 | simandl | my %acct_int=readfile("acct_int.dat",$IPTABLES); |
36 | | | my %acct_ext=readfile("acct_ext.dat",$IPTABLES); |
37 | | | |
38 | | | my $time=time; |
39 | | | |
40 | | | foreach my $nn (sort(keys(%acct_int))) { |
41 | 6 | simandl | $otherin=$acct_int{$nn}[1]-$acct_int_old{$nn}[1]; |
42 | 1 | simandl | $tcpin=$acct_int{$nn}[3]-$acct_int_old{$nn}[3]; |
43 | | | $udpin=$acct_int{$nn}[5]-$acct_int_old{$nn}[5]; |
44 | | | $icmpin=$acct_int{$nn}[7]-$acct_int_old{$nn}[7]; |
45 | 6 | simandl | $otherout=$acct_int{$nn}[2]-$acct_int_old{$nn}[2]; |
46 | 1 | simandl | $tcpout=$acct_int{$nn}[4]-$acct_int_old{$nn}[4]; |
47 | | | $udpout=$acct_int{$nn}[6]-$acct_int_old{$nn}[6]; |
48 | | | $icmpout=$acct_int{$nn}[8]-$acct_int_old{$nn}[8]; |
49 | 6 | simandl | updatedb($args{MODNAME},$time,"int$nn",$tcpin,$udpin,$otherin,$tcpout,$udpout,$otherout); |
50 | 1 | simandl | } |
51 | | | |
52 | | | foreach my $nn (sort(keys(%acct_ext))) { |
53 | 6 | simandl | $otherin=$acct_ext{$nn}[1]-$acct_ext_old{$nn}[1]; |
54 | 1 | simandl | $tcpin=$acct_ext{$nn}[3]-$acct_ext_old{$nn}[3]; |
55 | | | $udpin=$acct_ext{$nn}[5]-$acct_ext_old{$nn}[5]; |
56 | | | $icmpin=$acct_ext{$nn}[7]-$acct_ext_old{$nn}[7]; |
57 | 6 | simandl | $otherout=$acct_ext{$nn}[2]-$acct_ext_old{$nn}[2]; |
58 | 1 | simandl | $tcpout=$acct_ext{$nn}[4]-$acct_ext_old{$nn}[4]; |
59 | | | $udpout=$acct_ext{$nn}[6]-$acct_ext_old{$nn}[6]; |
60 | | | $icmpout=$acct_ext{$nn}[8]-$acct_ext_old{$nn}[8]; |
61 | 6 | simandl | updatedb($args{MODNAME},$time,"ext$nn",$tcpin,$udpin,$otherin,$tcpout,$udpout,$otherout); |
62 | 1 | simandl | } |
63 | | | } |
64 | | | |
65 | | | sub readfile { |
66 | | | my ($file,$IPTABLES)=@_; |
67 | | | my $ip=""; |
68 | | | undef my %hash; |
69 | | | open (FILE,$file); |
70 | | | while (<FILE>) { |
71 | | | chomp; |
72 | | | if (index($IPTABLES,"ipchains") >= 0 ) { ($pkt,$bytes,$target,$proto,$opt,$tosa,$tosx,$ifname,$src,$dst)=split; } |
73 | | | else { ($pkt,$bytes,$target,$proto,$opt,$in,$out,$src,$dst)=split; } |
74 | | | if ($pkt =~ /^[0-9]*$/ ) { |
75 | | | if ($dst eq "") { ($proto,$opt,$in,$out,$src,$dst)=($target,$proto,$opt,$in,$out,$src); } |
76 | | | if ($src eq "0.0.0.0/0") { $ip=$dst;$dir=1; } elsif ($dst eq "0.0.0.0/0") { $ip=$src;$dir=0; } |
77 | | | if ($proto eq "all") { $prt=1 }; |
78 | | | if ($proto eq "tcp") { $prt=3 }; |
79 | | | if ($proto eq "udp") { $prt=5 }; |
80 | | | if ($proto eq "icmp") { $prt=7 }; |
81 | | | if ($ip ne "") {$hash{"$ip"}[$prt+$dir]=$bytes;} |
82 | | | } |
83 | | | } |
84 | | | close (FILE); |
85 | | | return %hash; |
86 | | | } |
87 | | | |
88 | | | sub updatedb { |
89 | | | my ($MODNAME,$time,$name,$tcpin,$udpin,$icmpin,$tcpout,$udpout,$icmpout)=@_; |
90 | | | $name =~ s/\//_/g; |
91 | | | if ( !-e "rrd/$name.rrd") { system "./makerrd $name U"; } |
92 | | | RRDs::update "rrd/$name.rrd",$time.":".$tcpin.":".$udpin.":".$icmpin.":".$tcpout.":".$udpout.":".$icmpout; |
93 | | | if ($ERROR = RRDs::error) { print time," ",$MODNAME,": unable to update `$name.rrd': $ERROR\n"; } |
94 | | | } |
95 | | | |
96 | | | |
97 | | | 1; |
98 | | | |