ipf-mod.pl
上传用户:wxp200602
上传日期:2007-10-30
资源大小:4028k
文件大小:7k
- #!/usr/bin/perl -s
- ##
- ## IP Filter UCD-SNMP pass module
- ##
- ## Allows read IP Filter's tables (In, Out, AccIn, AccOut),
- ## fetching rules, hits and bytes (for accounting tables only).
- ##
- ## Author: Yaroslav Terletsky <ts@polynet.lviv.ua>
- ## Date: $ Tue Dec 1 10:24:08 EET 1998 $
- ## Version: 1.1a
- # Put this file in /usr/local/bin/ipf-mod.pl and then add the following
- # line to your snmpd.conf file (without the # at the front):
- #
- # pass .1.3.6.1.4.1.2021.13.2 /usr/local/bin/ipf-mod.pl
- # enterprises.ucdavis.ucdExperimental.ipFilter = .1.3.6.1.4.1.2021.13.2
- # ipfInTable.ipfInEntry.ipfInIndex integer = 1.1.1
- # ipfInTable.ipfInEntry.ipfInRule string = 1.1.2
- # ipfInTable.ipfInEntry.ipfInHits counter = 1.1.3
- # ipfOutTable.ipfOutEntry.ipfOutIndex integer = 1.2.1
- # ipfOutTable.ipfOutEntry.ipfOutRule string = 1.2.2
- # ipfOutTable.ipfOutEntry.ipfOutHits counter = 1.2.3
- # ipfAccInTable.ipfAccInEntry.ipfAccInIndex integer = 1.3.1
- # ipfAccInTable.ipfAccInEntry.ipfAccInRule string = 1.3.2
- # ipfAccInTable.ipfAccInEntry.ipfAccInHits counter = 1.3.3
- # ipfAccInTable.ipfAccInEntry.ipfAccInBytes counter = 1.3.4
- # ipfAccOutTable.ipfAccOutEntry.ipfAccOutIndex integer = 1.4.1
- # ipfAccOutTable.ipfAccOutEntry.ipfAccOutRule string = 1.4.2
- # ipfAccOutTable.ipfAccOutEntry.ipfAccOutHits counter = 1.4.3
- # ipfAccOutTable.ipfAccOutEntry.ipfAccOutBytes counter = 1.4.4
- # variables types
- %type = ('1.1.1', 'integer', '1.1.2', 'string', '1.1.3', 'counter',
- '2.1.1', 'integer', '2.1.2', 'string', '2.1.3', 'counter',
- '3.1.1', 'integer', '3.1.2', 'string', '3.1.3', 'counter',
- '3.1.4', 'counter',
- '4.1.1', 'integer', '4.1.2', 'string', '4.1.3', 'counter',
- '4.1.4', 'counter');
- # getnext sequence
- %next = ('1.1.1', '1.1.2', '1.1.2', '1.1.3', '1.1.3', '2.1.1',
- '2.1.1', '2.1.2', '2.1.2', '2.1.3', '2.1.3', '3.1.1',
- '3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4',
- '3.1.4', '4.1.1',
- '4.1.1', '4.1.2', '4.1.2', '4.1.3', '4.1.3', '4.1.4');
- # ipfilter's commands to fetch needed information
- $ipfstat_comm="/sbin/ipfstat";
- $ipf_in="$ipfstat_comm -ih 2>/dev/null";
- $ipf_out="$ipfstat_comm -oh 2>/dev/null";
- $ipf_acc_in="$ipfstat_comm -aih 2>/dev/null";
- $ipf_acc_out="$ipfstat_comm -aoh 2>/dev/null";
- $OID=$ARGV[0];
- $IPF_OID='.1.3.6.1.4.1.2021.13.2';
- $IPF_OID_NO_DOTS='.1.3.6.1.4.1.2021.13.2';
- # exit if OID is not one of IPF-MIB's
- exit if $OID !~ /^$IPF_OID_NO_DOTS(D|$)/;
- # get table, entry, column and row numbers
- $tecr = $OID;
- $tecr =~ s/^$IPF_OID_NO_DOTS(D|$)//;
- ($table, $entry, $col, $row, $rest) = split(/./, $tecr);
- # parse 'get' request
- if($g) {
- # exit if OID is wrong specified
- if(!defined $table or !defined $entry or !defined $col or !defined $row or defined $rest) {
- print "[1] NO-SUCH NAMEn" if $d;
- exit;
- }
- # get the OID's value
- $value = &get_value($table, $entry, $col, $row);
- print "value=$valuen" if $d;
- # exit if OID does not exist
- print "[2] NO-SUCH NAMEn" if $d and !defined $value;
- exit if !defined $value;
- # set ObjectID and reply with response
- $tec = "$table.$entry.$col";
- $ObjectID = "${IPF_OID}.${tec}.${row}";
- &response;
- }
- # parse 'get-next' request
- if($n) {
- # set values if 0 or unspecified
- $table = 1, $a = 1 if !$table or !defined $table;
- $entry = 1, $a = 1 if !$entry or !defined $entry;
- $col = 1, $a = 1 if !$col or !defined $col;
- $row = 1, $a = 1 if !$row or !defined $row;
- if($a) {
- # get the OID's value
- $value = &get_value($table, $entry, $col, $row);
- print "value=$valuen" if $d;
- # set ObjectID and reply with response
- $tec = "$table.$entry.$col";
- $ObjectID = "${IPF_OID}.${tec}.${row}";
- &response;
- }
- # get next OID's value
- $row++;
- $value = &get_value($table, $entry, $col, $row);
- # choose new table/column if rows exceeded
- if(!defined $value) {
- $tec = "$table.$entry.$col";
- $tec = $next{$tec} if !$a;
- $table = $tec;
- $entry = $tec;
- $col = $tec;
- $table =~ s/.d.d$//;
- $entry =~ s/^d.(d).d$/$1/;
- $col =~ s/^d.d.//;
- $row = 1;
- # get the OID's value
- $value = &get_value($table, $entry, $col, $row);
- print "value=$valuen" if $d;
- }
- # set ObjectID and reply with response
- $tec = "$table.$entry.$col";
- $ObjectID = "${IPF_OID}.${tec}.${row}";
- &response;
- }
- ##############################################################################
- # fetch values from 'ipfInTable' and 'ipfOutTable' tables
- sub fetch_hits_n_rules {
- local($row, $col, $ipf_output) = @_;
- local($asdf, $i, @ipf_lines, $length);
- # create an entry if no rule exists
- $ipf_output = "0 empty list for ipfilter" if !$ipf_output;
- @ipf_lines = split("n", $ipf_output);
- $length = $#ipf_lines + 1;
- for($i = 1; $i < $length + 1; $i++) {
- $hits{$i} = $ipf_lines[$i-1];
- $hits{$i} =~ s/^(d+).*$/$1/;
- $rule{$i} = $ipf_lines[$i-1];
- $rule{$i} =~ s/^d+ //;
- if($i == $row) {
- return $i if $col == 1;
- return $rule{$i} if $col == 2;
- return $hits{$i} if $col == 3;
- }
- }
- # return undefined value
- undef $asdf;
- return $asdf;
- }
- # fetch values from 'ipfAccInTable' and 'ipfAccOutTable' tables
- sub fetch_hits_bytes_n_rules {
- local($row, $col, $ipf_output) = @_;
- local($asdf, $i, @ipf_lines, $length);
- # create an entry if no rule exists
- $ipf_output = "0 0 empty list for ipacct" if !$ipf_output;
- @ipf_lines = split("n", $ipf_output);
- $length = $#ipf_lines + 1;
- for($i = 1; $i < $length + 1; $i++) {
- $hits{$i} = $ipf_lines[$i-1];
- $hits{$i} =~ s/^(d+) .*$/$1/;
- $bytes{$i} = $ipf_lines[$i-1];
- $bytes{$i} =~ s/^d+ (d+) .*/$1/;
- $rule{$i} = $ipf_lines[$i-1];
- $rule{$i} =~ s/^d+ d+ //;
- if($i == $row) {
- return $i if $col == 1;
- return $rule{$i} if $col == 2;
- return $hits{$i} if $col == 3;
- return $bytes{$i} if $col == 4;
- }
- }
- # return undefined value
- undef $asdf;
- return $asdf;
- }
- # get the values from ipfilter's tables
- sub get_value {
- local($table, $entry, $col, $row) = @_;
- if($table == 1) {
- # fetch ipfInTable data
- $ipf_output = `$ipf_in`;
- $value = &fetch_hits_n_rules($row, $col, $ipf_output);
- } elsif($table == 2) {
- # fetch ipfOutTable data
- $ipf_output = `$ipf_out`;
- $value = &fetch_hits_n_rules($row, $col, $ipf_output);
- } elsif($table == 3) {
- # fetch ipfAccInTable data
- $ipf_output = `$ipf_acc_in`;
- $value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
- } elsif($table == 4) {
- # fetch ipfAccOutTable data
- $ipf_output = `$ipf_acc_out`;
- $value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
- }
- return $value;
- }
- # generate response to 'get' or 'get-next' request
- sub response {
- # print ObjectID, its type and the value
- if(defined $ObjectID and defined $type{$tec} and defined $value) {
- print "$ObjectIDn";
- print "$type{$tec}n";
- print "$valuen";
- }
- exit;
- }