Viewing file:  bandwidth-lib.pl (21.04 KB) -rwxr-xr-x
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
# Functions for parsing the system log for iptables entries
# XXX ipf support
# XXX ipf missing some packets? large FTP transfer?
# XXX option to specify ports considered 'server' (by ranges)
# XXX option to make ports without names not server ports
# XXX use is_server_port function
BEGIN { push(@INC, ".."); };
use WebminCore;
&init_config();
if (&foreign_installed("syslog-ng")) {
&foreign_require("syslog-ng", "syslog-ng-lib.pl");
$syslog_module = "syslog-ng";
}
elsif (&foreign_installed("syslog")) {
&foreign_require("syslog", "syslog-lib.pl");
$syslog_module = "syslog";
}
else {
$syslog_module = undef;
}
&foreign_require("cron", "cron-lib.pl");
&foreign_require("net", "net-lib.pl");
%access = &get_module_acl();
$bandwidth_log = $config{'bandwidth_log'} || "/var/log/bandwidth";
$hours_dir = $config{'bandwidth_dir'} || "$module_config_directory/hours";
$cron_cmd = "$module_config_directory/rotate.pl";
$pid_file = "$module_config_directory/rotate.pid";
# list_hours()
# Returns a list of all hours for which traffic is available
sub list_hours
{
opendir(DIR, $hours_dir);
local @rv = grep { $_ =~ /^\d+$/ } readdir(DIR);
closedir(DIR);
return @rv;
}
# get_hour(num)
sub get_hour
{
if (!defined($hour_cache{$_[0]})) {
local $file = "$hours_dir/$_[0]";
local %hour;
if (&read_file($file, \%hour)) {
$hour_cache{$_[0]} = \%hour;
}
else {
$hour_cache{$_[0]} = { 'hour' => $_[0] };
}
}
return $hour_cache{$_[0]};
}
# save_hour(hour)
sub save_hour
{
mkdir($hours_dir, 0755);
local $file = "$hours_dir/$_[0]->{'hour'}";
&write_file($file, $_[0]);
}
# find_rule(&table, chain, interface, dir)
sub find_rule
{
local ($table, $chain, $iface, $dir) = @_;
local $r;
local $dd = $dir eq "i" ? "IN" : "OUT";
foreach $r (@{$table->{'rules'}}) {
next if ($r->{'chain'} ne $chain);
local $da = $r->{$dir};
if ($iface) {
next if ($da->[1] ne $iface);
}
else {
next if (!$da);
}
next if ($r->{'j'}->[1] ne 'LOG');
next if ($r->{'args'} !~ /\-\-log\-prefix\s+BANDWIDTH_\Q$dd\E:/ &&
$r->{'args'} !~ /\-\-log\-prefix\s+"BANDWIDTH_\Q$dd\E:"/ &&
$r->{'logprefix'}->[1] ne "BANDWIDTH_$dd");
return $r;
}
return undef;
}
# find_sysconf(&conf)
# Returns the syslog entry for kernel debug messages to the log file
sub find_sysconf
{
local ($conf) = @_;
local $c;
local @ll = &get_loglevel();
foreach $c (@$conf) {
next if (!$c->{'active'});
next if ($c->{'file'} ne $bandwidth_log);
next if ($c->{'sel'}->[0] ne $ll[0]);
return $c;
}
return undef;
}
# find_sysconf_ng(&conf)
# Returns the destination, filter and log objects for kernel debug messages
sub find_sysconf_ng
{
local ($conf) = @_;
local @dests = &syslog_ng::find("destination", $conf);
local ($dest) = grep { $_->{'value'} eq "d_bandwidth" } @dests;
local @filters = &syslog_ng::find("filter", $conf);
local ($filter) = grep { $_->{'value'} eq "f_bandwidth" } @filters;
local @logs = &syslog_ng::find("log", $conf);
local $log;
if ($dest && $filter) {
foreach my $l (@logs) {
local ($ldest) = &syslog_ng::find("destination",
$l->{'members'});
local ($lfilter) = &syslog_ng::find("filter",
$l->{'members'});
if ($ldest->{'value'} eq $dest->{'value'} &&
$lfilter->{'value'} eq $filter->{'value'}) {
$log = $l;
last;
}
}
}
return ($dest, $filter, $log);
}
# find_cron_job()
# Returns the cron job used for bandwidth counting, or undef
sub find_cron_job
{
local @jobs = &cron::list_cron_jobs();
local ($job) = grep { $_->{'user'} eq 'root' &&
$_->{'command'} eq $cron_cmd &&
$_->{'active'} } @jobs;
return $job;
}
# date_input(day, month, year, prefix)
sub date_input
{
return &ui_textbox("$_[3]_day", $_[0], 2)."/".
&ui_select("$_[3]_month", $_[1],
[ map { [ $_, $text{"smonth_".$_} ] } (1 .. 12) ])."/".
&ui_textbox("$_[3]_year", $_[2], 4).
&date_chooser_button("$_[3]_day", "$_[3]_month", "$_[3]_year");
}
# hourmin_input(hour, min, prefix)
sub hourmin_input
{
return &ui_textbox("$_[2]_hour", $_[0], 2).":".
&ui_textbox("$_[2]_min", $_[1], 2);
}
# detect_firewall_system()
# Guesses which firewall is installed
sub detect_firewall_system
{
local $m;
foreach $m ("shorewall", "firewall", "ipfw", "ipfilter") {
return $m if (&check_firewall_system($m));
}
return undef;
}
# check_firewall_system(type)
# Returns 1 if some firewall is installed
sub check_firewall_system
{
# XXX shorewall check should look for actual rules?
return &foreign_installed($_[0], 1);
}
sub check_rules
{
local $cfunc = "check_".$config{'firewall_system'}."_rules";
return &$cfunc(@_);
}
sub setup_rules
{
local $sfunc = "setup_".$config{'firewall_system'}."_rules";
return &$sfunc(@_);
}
sub delete_rules
{
local $dfunc = "delete_".$config{'firewall_system'}."_rules";
return &$dfunc(@_);
}
sub process_line
{
local $pfunc = "process_".$config{'firewall_system'}."_line";
return &$pfunc(@_);
}
sub pre_process
{
local $pfunc = "pre_".$config{'firewall_system'}."_process";
if (defined(&$pfunc)) {
&$pfunc(@_);
}
}
sub get_loglevel
{
local $lfunc = "get_".$config{'firewall_system'}."_loglevel";
return &$lfunc(@_);
}
# is_server_port(num)
sub is_server_port
{
}
############### functions for IPtables #################
# check_firewall_rules()
# Returns 1 if the IPtables rules needed are setup, 0 if not
sub check_firewall_rules
{
&foreign_require("firewall", "firewall-lib.pl");
local @tables = &firewall::get_iptables_save();
local ($filter) = grep { $_->{'name'} eq 'filter' } @tables;
local $inrule = &find_rule($filter, "INPUT", $config{'iface'}, "i");
local $outrule = &find_rule($filter, "OUTPUT", $config{'iface'}, "o");
local $fwdinrule = &find_rule($filter, "FORWARD", $config{'iface'}, "i");
local $fwdoutrule = &find_rule($filter, "FORWARD", $config{'iface'}, "o");
return $inrule && $outrule && $fwdinrule && $fwdoutrule;
}
# setup_firewall_rules(iface)
# If any IPtables rules are missing, add them
sub setup_firewall_rules
{
&foreign_require("firewall", "firewall-lib.pl");
local @tables = &firewall::get_iptables_save();
local ($filter) = grep { $_->{'name'} eq 'filter' } @tables;
$filter ||= { 'name' => 'filter',
'defaults' => { 'INPUT' => 'ACCEPT',
'OUTPUT' => 'ACCEPT',
'FORWARD' => 'ACCEPT' },
'rules' => [ ],
};
local $inrule = &find_rule($filter, "INPUT", $config{'iface'}, "i");
local $outrule = &find_rule($filter, "OUTPUT", $config{'iface'}, "o");
local $fwdinrule = &find_rule($filter, "FORWARD", $config{'iface'}, "i");
local $fwdoutrule = &find_rule($filter, "FORWARD", $config{'iface'}, "o");
local $missingrule = !$inrule || !$outrule || !$fwdinrule || !$fwdoutrule;
if (!$inrule) {
splice(@{$filter->{'rules'}}, 0, 0,
{ 'chain' => 'INPUT',
'j' => [ undef, 'LOG' ],
'i' => [ undef, $_[0] ],
'args' => "--log-level 7 --log-prefix BANDWIDTH_IN:" });
}
if (!$outrule) {
splice(@{$filter->{'rules'}}, 0, 0,
{ 'chain' => 'OUTPUT',
'j' => [ undef, 'LOG' ],
'o' => [ undef, $_[0] ],
'args' => "--log-level 7 --log-prefix BANDWIDTH_OUT:" });
}
if (!$fwdinrule) {
splice(@{$filter->{'rules'}}, 0, 0,
{ 'chain' => 'FORWARD',
'j' => [ undef, 'LOG' ],
'i' => [ undef, $_[0] ],
'args' => "--log-level 7 --log-prefix BANDWIDTH_IN:" });
}
if (!$fwdoutrule) {
splice(@{$filter->{'rules'}}, 0, 0,
{ 'chain' => 'FORWARD',
'j' => [ undef, 'LOG' ],
'o' => [ undef, $_[0] ],
'args' => "--log-level 7 --log-prefix BANDWIDTH_OUT:" });
}
if ($missingrule) {
# Save and apply
&lock_file($firewall::iptables_save_file);
&firewall::run_before_command();
&firewall::save_table($filter);
&firewall::run_after_command();
&unlock_file($firewall::iptables_save_file);
return &firewall::apply_configuration();
}
return undef;
}
# delete_firewall_rules()
# Delete firewall rules for bandwidth logging
sub delete_firewall_rules
{
&foreign_require("firewall", "firewall-lib.pl");
local @tables = &firewall::get_iptables_save();
local ($filter) = grep { $_->{'name'} eq 'filter' } @tables;
local $inrule = &find_rule($filter, "INPUT", $config{'iface'}, "i");
local $outrule = &find_rule($filter, "OUTPUT", $config{'iface'}, "o");
local $fwdinrule = &find_rule($filter, "FORWARD", $config{'iface'}, "i");
local $fwdoutrule = &find_rule($filter, "FORWARD", $config{'iface'}, "o");
local $anyrule = $inrule || $outrule || $fwdinrule || $fwdoutrule;
if ($anyrule) {
@{$filter->{'rules'}} = grep { $_ ne $inrule &&
$_ ne $outrule &&
$_ ne $fwdinrule &&
$_ ne $fwdoutrule }@{$filter->{'rules'}};
# Save and apply firewall
&lock_file($firewall::iptables_save_file);
&firewall::run_before_command();
&firewall::save_table($filter);
&firewall::run_after_command();
&unlock_file($firewall::iptables_save_file);
return &firewall::apply_configuration();
}
return undef;
}
# process_firewall_line(line, &hours, time-now)
# Process an IPtables firewall line, and returns 1 if successful
sub process_firewall_line
{
local ($line, $hours, $time_now) = @_;
if ($line =~ /^(\S+)\s+(\d+)\s+(\d+):(\d+):(\d+).*BANDWIDTH_(IN|OUT):(IN=.*)/) {
# Found a valid line
local ($mon, $day, $hr, $min, $sec) = ($1, $2, $3, $4, $5);
local $dir = lc($6);
local %line;
local $w;
foreach $w (split(/\s+/, $7)) {
($n, $v) = split(/=/, $w);
if ($n) {
$line{lc($n)} = $v;
}
}
# Work out the real time
local $tm = timelocal($sec, $min, $hr, $day,
&month_to_number($mon), $time_now[5]);
if ($tm > $time_now + 24*60*60) {
# Was really last year
$tm = timelocal($sec, $min, $hr, $day,
&month_to_number($mon), $time_now[5]-1);
}
local $htm = int($tm/(60*60));
# Update the appropriate counters
local $hour = &get_hour($htm);
if (&indexof($hour, @$hours) < 0) {
push(@$hours, $hour);
}
local $port;
if ($line{'proto'} eq 'TCP' || $line{'proto'} eq 'UDP') {
if ($dir eq "in") {
$port = '_'.$line{'dpt'}.'_'.$line{'spt'};
}
else {
$port = '_'.$line{'spt'}.'_'.$line{'dpt'};
}
}
local $host = $dir eq "in" ? $line{'dst'} : $line{'src'};
local $key = $host.'_'.$line{'proto'}.$port;
local ($in, $out) = split(/ /, $hour->{$key});
if ($dir eq "in") {
$in += $line{'len'};
}
else {
$out += $line{'len'};
}
$hour->{$key} = int($in)." ".int($out);
return 1;
}
else {
return 0;
}
}
# get_firewall_loglevel()
sub get_firewall_loglevel
{
return ( "kern.=debug" );
}
############### functions for ipfw #################
sub check_ipfw_rules
{
&foreign_require("ipfw", "ipfw-lib.pl");
local $rules = &ipfw::get_config();
local $rule = &find_ipfw_rule($rules, $config{'iface'});
return $rule ? 1 : 0;
}
# setup_ipfw_rules(iface)
# Add the logging rule used for ipfw
sub setup_ipfw_rules
{
&foreign_require("ipfw", "ipfw-lib.pl");
local $rules = &ipfw::get_config();
local $rule = &find_ipfw_rule($rules, $config{'iface'});
if (!$rule) {
# Add the rule
local $num = 100;
if (@$rules && $rules->[0]->{'num'} < 100) {
$num = int($rules->[0]->{'num'} / 2);
}
$rule = { 'action' => 'count',
'log' => 1,
'proto' => 'all',
'from' => 'any',
'to' => 'any',
'num' => $num,
'via' => $_[0] };
splice(@$rules, 0, 0, $rule);
&ipfw::save_config($rules);
# Apply config
return &ipfw::apply_rules($rules);
}
return undef;
}
# delete_ipfw_rules()
# Delete the logging rule used for ipfw
sub delete_ipfw_rules
{
&foreign_require("ipfw", "ipfw-lib.pl");
local $rules = &ipfw::get_config();
local $rule = &find_ipfw_rule($rules, $config{'iface'});
if ($rule) {
@$rules = grep { $_ ne $rule } @$rules;
&ipfw::save_config($rules);
return &ipfw::apply_rules();
}
return undef;
}
# find_ipfw_rule(&rules, iface)
sub find_ipfw_rule
{
local ($rule) = grep { ($_->{'action'} eq 'allow' ||
$_->{'action'} eq 'count') &&
$_->{'log'} &&
($_->{'proto'} eq 'all' || $_->{'proto'} eq 'ip') &&
$_->{'from'} eq 'any' &&
$_->{'to'} eq 'any' &&
$_->{'via'} eq $_[1] } @{$_[0]};
return $rule;
}
# pre_ipfw_process()
# Called before processing of the logs, to get the average packet size
sub pre_ipfw_process
{
&foreign_require("ipfw", "ipfw-lib.pl");
local $active = &ipfw::get_config("$ipfw::config{'ipfw'} show |", \$out);
local $rule = &find_ipfw_rule($active, $config{'iface'});
if ($rule && $rule->{'count1'}) {
$average_packet_size = $rule->{'count2'} / $rule->{'count1'};
system("$ipfw::config{'ipfw'} zero $rule->{'num'} >/dev/null 2>&1");
}
else {
$average_packet_size = 1;
}
}
# process_ipfw_line(line, &hours, time-now)
# Process a BSD IPFW firewall line, and returns 1 if successful
sub process_ipfw_line
{
local ($line, $hours, $time_now) = @_;
if ($line =~ /^(\S+)\s+(\d+)\s+(\d+):(\d+):(\d+).*ipfw:\s+\S+\s+(Accept|Count)\s+(\S+)\s+(\S+)\s+(\S+)\s+(in|out)\s+via\s+(\S+)/) {
# Found a valid line
local ($mon, $day, $hr, $min, $sec) = ($1, $2, $3, $4, $5);
local ($proto, $src, $dest, $dir, $iface) = ($7, $8, $9, $10, $11);
local ($srchost, $srcport) = split(/:/, $src);
local ($desthost, $destport) = split(/:/, $dest);
$proto =~ s/:.*//;
return undef if ($iface ne $config{'iface'});
# Work out the real time
local $tm = timelocal($sec, $min, $hr, $day,
&month_to_number($mon), $time_now[5]);
if ($tm > $time_now + 24*60*60) {
# Was really last year
$tm = timelocal($sec, $min, $hr, $day,
&month_to_number($mon), $time_now[5]-1);
}
local $htm = int($tm/(60*60));
# Update the appropriate counters
local $hour = &get_hour($htm);
if (&indexof($hour, @$hours) < 0) {
push(@$hours, $hour);
}
local $port;
if ($proto eq 'TCP' || $proto eq 'UDP') {
if ($dir eq "in") {
$port = '_'.$destport.'_'.$srcport;
}
else {
$port = '_'.$srcport.'_'.$destport;
}
}
local $host = $dir eq "in" ? $desthost : $srchost;
local $key = $host.'_'.$proto.$port;
local ($in, $out) = split(/ /, $hour->{$key});
if ($dir eq "in") {
$in += $average_packet_size;
}
else {
$out += $average_packet_size;
}
$hour->{$key} = int($in)." ".int($out);
return 1;
}
else {
return 0;
}
}
# get_ipfw_loglevel()
sub get_ipfw_loglevel
{
return ( "security.*", "kern.debug" );
}
############### functions for Shorewall #################
sub check_shorewall_rules
{
&foreign_require("shorewall", "shorewall-lib.pl");
local $lref = &read_file_lines("$shorewall::config{'config_dir'}/start");
local $rule1 = &find_shorewall_rule($lref, "INPUT", "-i", $config{'iface'});
local $rule2 = &find_shorewall_rule($lref, "FORWARD", "-i", $config{'iface'});
local $rule3 = &find_shorewall_rule($lref, "FORWARD", "-o", $config{'iface'});
local $rule4 = &find_shorewall_rule($lref, "OUTPUT", "-o", $config{'iface'});
return defined($rule1) && defined($rule2) && defined($rule3) && defined($rule4);
}
# setup_shorewall_rules(iface)
# Add lines to the Shorewall start script to add logging IPtables rules
sub setup_shorewall_rules
{
&foreign_require("shorewall", "shorewall-lib.pl");
local $lref = &read_file_lines("$shorewall::config{'config_dir'}/start");
local $rule1 = &find_shorewall_rule($lref, "INPUT", "-i", $_[0]);
local $rule2 = &find_shorewall_rule($lref, "FORWARD", "-i", $_[0]);
local $rule3 = &find_shorewall_rule($lref, "FORWARD", "-o", $_[0]);
local $rule4 = &find_shorewall_rule($lref, "OUTPUT", "-o", $_[0]);
local $gotall = defined($rule1) && defined($rule2) &&
defined($rule3) && defined($rule4);
if (!defined($rule1)) {
push(@$lref, "run_iptables -I INPUT -i $_[0] -j LOG --log-prefix BANDWIDTH_IN: --log-level debug");
}
if (!defined($rule2)) {
push(@$lref, "run_iptables -I FORWARD -i $_[0] -j LOG --log-prefix BANDWIDTH_IN: --log-level debug");
}
if (!defined($rule3)) {
push(@$lref, "run_iptables -I FORWARD -o $_[0] -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug");
}
if (!defined($rule4)) {
push(@$lref, "run_iptables -I OUTPUT -o $_[0] -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug");
}
&flush_file_lines();
if (!$gotall) {
# Apply config with a shorewall restart
&shorewall::run_before_apply_command();
local $out = &backquote_logged("$shorewall::config{'shorewall'} restart 2>&1");
return "<pre>$out</pre>" if ($?);
&shorewall::run_after_apply_command();
}
return undef;
}
sub delete_shorewall_rules
{
&foreign_require("shorewall", "shorewall-lib.pl");
local $lref = &read_file_lines("$shorewall::config{'config_dir'}/start");
local $rule1 = &find_shorewall_rule($lref, "INPUT", "-i", $config{'iface'});
splice(@$lref, $rule1, 1) if (defined($rule1));
local $rule2 = &find_shorewall_rule($lref, "FORWARD", "-i", $config{'iface'});
splice(@$lref, $rule2, 1) if (defined($rule2));
local $rule3 = &find_shorewall_rule($lref, "FORWARD", "-o", $config{'iface'});
splice(@$lref, $rule3, 1) if (defined($rule3));
local $rule4 = &find_shorewall_rule($lref, "OUTPUT", "-o", $config{'iface'});
splice(@$lref, $rule4, 1) if (defined($rule4));
&flush_file_lines();
if (defined($rule1) || defined($rule2) || defined($rule3) || defined($rule4)) {
# Apply config with a shorewall restart
&shorewall::run_before_apply_command();
local $out = &backquote_logged("$shorewall::config{'shorewall'} restart 2>&1");
return "<pre>$out</pre>" if ($?);
&shorewall::run_after_apply_command();
}
return undef;
}
# find_shorewall_rule(&lref, chain, dir, iface)
# Returns the line indexes of the shorewall start script entries that add
# the extra logging IPtables rules
sub find_shorewall_rule
{
local ($lref, $chain, $dir, $iface) = @_;
local $io = $dir eq "-i" ? "BANDWIDTH_IN:" : "BANDWIDTH_OUT:";
local (@rv, $i);
for($i=0; $i<@$lref; $i++) {
if ($lref->[$i] =~ /^run_iptables\s+-I\s+$chain\s+$dir\s+$iface\s+-j\s+LOG\s+--log-prefix\s+$io\s+--log-level\s+debug/) {
return $i;
}
}
return undef;
}
# get_shorewall_loglevel()
sub get_shorewall_loglevel
{
return ( "kern.=debug" );
}
sub process_shorewall_line
{
return &process_firewall_line(@_);
}
############### functions for ipfilter #################
sub check_ipfilter_rules
{
&foreign_require("ipfilter", "ipfilter-lib.pl");
local $rules = &ipfilter::get_config();
local $rule1 = &find_ipfilter_rule($rules, $config{'iface'}, "in");
local $rule2 = &find_ipfilter_rule($rules, $config{'iface'}, "out");
return $rule1 && $rule2;
}
# setup_ipfilter_rules(iface)
# Add the logging rule used for ipfilter
sub setup_ipfilter_rules
{
&foreign_require("ipfilter", "ipfilter-lib.pl");
local $rules = &ipfilter::get_config();
local $rule1 = &find_ipfilter_rule($rules, $_[0], "in");
local $rule2 = &find_ipfilter_rule($rules, $_[0], "out");
local $gotall = $rule1 && $rule2;
if (!$rule1) {
$rule1 = { 'action' => 'log',
'on' => $_[0],
'log-level' => 'local7.debug',
'dir' => 'in',
'all' => 1,
'active' => 1 };
if (@$rules) {
&ipfilter::insert_rule($rule1, $rules->[0]);
}
else {
&ipfilter::create_rule($rule1);
}
}
if (!$rule2) {
$rule2 = { 'action' => 'log',
'on' => $_[0],
'log-level' => 'local7.debug',
'dir' => 'out',
'all' => 1,
'active' => 1 };
if (@$rules) {
&ipfilter::insert_rule($rule2, $rules->[0]);
}
else {
&ipfilter::create_rule($rule2);
}
}
if (!$gotall) {
# Apply config
return &ipfilter::apply_configuration();
}
return undef;
}
# delete_ipfilter_rules()
# Delete the logging rules used for ipfilter
sub delete_ipfilter_rules
{
&foreign_require("ipfilter", "ipfilter-lib.pl");
local $rules = &ipfilter::get_config();
local $rule1 = &find_ipfilter_rule($rules, $config{'iface'}, "in");
local $rule2 = &find_ipfilter_rule($rules, $config{'iface'}, "out");
&ipfilter::delete_rule($rule1) if ($rule1);
&ipfilter::delete_rule($rule2) if ($rule2);
if ($rule1 || $rule2) {
return &ipfilter::apply_configuration();
}
return undef;
}
# find_ipfilter_rule(&rules, iface, dir)
sub find_ipfilter_rule
{
local ($rule) = grep { $_->{'action'} eq 'log' &&
$_->{'on'} eq $_[1] &&
$_->{'all'} &&
$_->{'active'} &&
$_->{'log-level'} eq "local7.debug" &&
$_->{'dir'} eq $_[2] } @{$_[0]};
return $rule;
}
# process_ipfilter_line(line, &hours, time-now)
# Process a IPFilter firewall line, and returns 1 if successful
sub process_ipfilter_line
{
local ($line, $hours, $time_now) = @_;
if ($line =~ /^(\S+)\s+(\d+)\s+(\d+):(\d+):(\d+).*ipmon\S*:.*\s$config{'iface'}\s+\S+\s+\S+\s+(\S+)\s+->\s+(\S+)\s+\S+\s+(\S+)\s+len\s+(\d+)\s+\(?(\d+)\)?.*(IN|OUT)/) {
# Found a valid line
local ($mon, $day, $hr, $min, $sec) = ($1, $2, $3, $4, $5);
local ($src, $dest, $proto, $len, $dir) = ($6, $7, uc($8), $10, lc($11));
local ($srchost, $srcport) = split(/,/, $src);
local ($desthost, $destport) = split(/,/, $dest);
$proto =~ s/:.*//;
local $len = 1024;
# Work out the real time
local $tm = timelocal($sec, $min, $hr, $day,
&month_to_number($mon), $time_now[5]);
if ($tm > $time_now + 24*60*60) {
# Was really last year
$tm = timelocal($sec, $min, $hr, $day,
&month_to_number($mon), $time_now[5]-1);
}
local $htm = int($tm/(60*60));
# Update the appropriate counters
local $hour = &get_hour($htm);
if (&indexof($hour, @$hours) < 0) {
push(@$hours, $hour);
}
local $port;
if ($proto eq 'TCP' || $proto eq 'UDP') {
if ($dir eq "in") {
$port = '_'.$destport.'_'.$srcport;
}
else {
$port = '_'.$srcport.'_'.$destport;
}
}
local $host = $dir eq "in" ? $dest : $src;
local $key = $host.'_'.$proto.$port;
local ($in, $out) = split(/ /, $hour->{$key});
if ($dir eq "in") {
$in += $len;
}
else {
$out += $len;
}
$hour->{$key} = int($in)." ".int($out);
return 1;
}
else {
return 0;
}
}
# get_ipfilter_loglevel()
sub get_ipfilter_loglevel
{
return ( "local7.debug" );
}
1;
|