|
hotsanic |
Subversion Repositories: |
Compare with Previous - Blame - Download
package HotSaNICmod::OSdep;use RRDs;use lib "../../lib";sub version {($VERSION = '$Revision: 1.4 $') =~ s/.*(\d+\.\d+).*/$1/;return "$^O.pm $VERSION";}sub sample {my %args=@_;my $IPTABLES=$args{IPTABLES};if ( (! -e "acct_int.dat") || (! -e "acct_ext.dat")) {system("$IPTABLES -L acct_int_other -xvn > acct_int.dat");system("$IPTABLES -L acct_ext_other -xvn > acct_ext.dat");foreach $prt ("tcp","udp") {system("$IPTABLES -L acct_int_$prt -xvn | sed 's/all/$prt/g' >> acct_int.dat");system("$IPTABLES -L acct_ext_$prt -xvn | sed 's/all/$prt/g' >> acct_ext.dat");system("$IPTABLES -L acct_int_$prt -xvn >> acct_int.dat");system("$IPTABLES -L acct_ext_$prt -xvn >> acct_ext.dat");}}my %acct_int_old=readfile("acct_int.dat",$IPTABLES);my %acct_ext_old=readfile("acct_ext.dat",$IPTABLES);system("$IPTABLES -L acct_int_other -xvn > acct_int.dat");system("$IPTABLES -L acct_ext_other -xvn > acct_ext.dat");foreach $prt ("tcp","udp") {system("$IPTABLES -L acct_int_$prt -xvn | sed 's/all/$prt/g' >> acct_int.dat");system("$IPTABLES -L acct_ext_$prt -xvn | sed 's/all/$prt/g' >> acct_ext.dat");}my %acct_int=readfile("acct_int.dat",$IPTABLES);my %acct_ext=readfile("acct_ext.dat",$IPTABLES);my $time=time;foreach my $nn (sort(keys(%acct_int))) {$otherin=$acct_int{$nn}[1]-$acct_int_old{$nn}[1];$tcpin=$acct_int{$nn}[3]-$acct_int_old{$nn}[3];$udpin=$acct_int{$nn}[5]-$acct_int_old{$nn}[5];$otherout=$acct_int{$nn}[2]-$acct_int_old{$nn}[2];$tcpout=$acct_int{$nn}[4]-$acct_int_old{$nn}[4];$udpout=$acct_int{$nn}[6]-$acct_int_old{$nn}[6];updatedb($args{MODNAME},$time,"int$nn",$tcpin,$udpin,$otherin,$tcpout,$udpout,$otherout);}foreach my $nn (sort(keys(%acct_ext))) {$otherin=$acct_ext{$nn}[1]-$acct_ext_old{$nn}[1];$tcpin=$acct_ext{$nn}[3]-$acct_ext_old{$nn}[3];$udpin=$acct_ext{$nn}[5]-$acct_ext_old{$nn}[5];$otherout=$acct_ext{$nn}[2]-$acct_ext_old{$nn}[2];$tcpout=$acct_ext{$nn}[4]-$acct_ext_old{$nn}[4];$udpout=$acct_ext{$nn}[6]-$acct_ext_old{$nn}[6];updatedb($args{MODNAME},$time,"ext$nn",$tcpin,$udpin,$otherin,$tcpout,$udpout,$otherout);}}sub readfile {my ($file,$IPTABLES)=@_;my $ip="";undef my %hash;open (FILE,$file);while (<FILE>) {chomp;if (index($IPTABLES,"ipchains") >= 0 ) { ($pkt,$bytes,$target,$proto,$opt,$tosa,$tosx,$ifname,$src,$dst)=split; }else { ($pkt,$bytes,$target,$proto,$opt,$in,$out,$src,$dst)=split; }if ($pkt =~ /^[0-9]*$/ ) {if ($dst eq "") { ($proto,$opt,$in,$out,$src,$dst)=($target,$proto,$opt,$in,$out,$src); }if ($src eq "0.0.0.0/0") { $ip=$dst;$dir=1; } elsif ($dst eq "0.0.0.0/0") { $ip=$src;$dir=0; }if ($proto eq "all") { $prt=1 };if ($proto eq "tcp") { $prt=3 };if ($proto eq "udp") { $prt=5 };if ($ip ne "") {$hash{"$ip"}[$prt+$dir]=$bytes;}}}close (FILE);return %hash;}sub updatedb {my ($MODNAME,$time,$name,$tcpin,$udpin,$otherin,$tcpout,$udpout,$otherout)=@_;$name =~ s/\//_/g;if ( !-e "rrd/$name.rrd") { system "./makerrd $name U"; }RRDs::update "rrd/$name.rrd",$time.":".$tcpin.":".$udpin.":".$otherin.":".$tcpout.":".$udpout.":".$otherout;if ($ERROR = RRDs::error) { print time," ",$MODNAME,": unable to update `$name.rrd': $ERROR\n"; }}1;