|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Log: iptables,v $
|
|
Packit |
57988d |
# Revision 1.9 2009/06/05 14:06:07 mike
|
|
Packit |
57988d |
# Added IPF patch from Don Wilder/Mark Dalton -mgt
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.8 2008/03/24 23:31:26 kirk
|
|
Packit |
57988d |
# added copyright/license notice to each script
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.7 2007/02/16 03:27:05 bjorn
|
|
Packit |
57988d |
# Remove explicit invocation of perl executable, by Ivana Varekova.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.6 2007/01/29 18:40:29 bjorn
|
|
Packit |
57988d |
# Handle timestamp generated in Ubuntu, suggested by MrC.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.5 2006/08/23 22:47:29 bjorn
|
|
Packit |
57988d |
# Corrected icmp type reporting, by Allen Kistler.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.4 2006/07/11 15:59:56 bjorn
|
|
Packit |
57988d |
# Allow sorting by either source or target, by Michel Messerschmidt.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.3 2006/01/16 18:40:31 kirk
|
|
Packit |
57988d |
# fixed name to Logwatch (how I like it now)
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.2 2005/12/06 02:35:43 bjorn
|
|
Packit |
57988d |
# Report icmp type properly, by Allen Kistler.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Revision 1.1 2005/07/25 22:17:31 bjorn
|
|
Packit |
57988d |
# Moved iptables (and ipchains, ipfwadm) code to its own service (iptables).
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# iptables, ipchains, and ipfwadm script for Logwatch.
|
|
Packit |
57988d |
# Ipfwadm and ipchains are deprecated, but is included
|
|
Packit |
57988d |
# here for backwards compatibility.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# This script was extracted from the kernel script,
|
|
Packit |
57988d |
# which processed netfilter (iptables, ipchains, and
|
|
Packit |
57988d |
# ipfwadm) statements until kernel script Revision 1.29.
|
|
Packit |
57988d |
#
|
|
Packit |
57988d |
# Visit the Logwatch website at
|
|
Packit |
57988d |
# http://www.logwatch.org
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#####################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Kirk Bauer
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use Logwatch ':ip';
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
|
|
Packit |
57988d |
$MinFilter = $ENV{'iptables_host_min_count'} || 0;
|
|
Packit |
57988d |
$DoLookup = $ENV{'iptables_ip_lookup'}; $DoLookup = $DoLookup; # keep -w happy
|
|
Packit |
57988d |
$ListByHost = $ENV{'iptables_list_by_host'} || 0;
|
|
Packit |
57988d |
$ListByService = $ENV{'iptables_list_by_service'} || 0;
|
|
Packit |
57988d |
# Keep old behaviour if nothing is configured
|
|
Packit |
57988d |
$ListByHost = 1 unless ($ListByService);
|
|
Packit |
57988d |
$MaxFlood = 10;
|
|
Packit |
57988d |
$MaxNum =0;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
sub lookupService {
|
|
Packit |
57988d |
my ($port, $proto, $service);
|
|
Packit |
57988d |
($port, $proto) = ($_[0], $_[1]);
|
|
Packit |
57988d |
if ($service = getservbyport ($port, $proto)) {
|
|
Packit |
57988d |
return($service);
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
return($port);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
sub lookupProtocol {
|
|
Packit |
57988d |
my ($proto, $name);
|
|
Packit |
57988d |
$proto = $_[0];
|
|
Packit |
57988d |
if ($name = getprotobynumber ($proto)) {
|
|
Packit |
57988d |
return($name);
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
return($proto);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
sub lookupAction {
|
|
Packit |
57988d |
my ($chain, $actionType);
|
|
Packit |
57988d |
$chain = $_[0];
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# choose an action type
|
|
Packit |
57988d |
if ( $chain =~ /reject/i ) {
|
|
Packit |
57988d |
$actionType = "Rejected";
|
|
Packit |
57988d |
} elsif ( $chain =~ /drop/i ) {
|
|
Packit |
57988d |
$actionType = "Dropped";
|
|
Packit |
57988d |
} elsif ( $chain =~ /deny/i ) {
|
|
Packit |
57988d |
$actionType = "Denied";
|
|
Packit |
57988d |
} elsif ( $chain =~ /denied/i ) {
|
|
Packit |
57988d |
$actionType = "Denied";
|
|
Packit |
57988d |
} elsif ( $chain =~ /accept/i ) {
|
|
Packit |
57988d |
$actionType = "Accepted";
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$actionType = "Logged";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
return $actionType;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# SORT COMPARISONS
|
|
Packit |
57988d |
sub compStr {
|
|
Packit |
57988d |
return $a cmp $b;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
sub compNum {
|
|
Packit |
57988d |
return $a <=> $b;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while (defined($ThisLine = <STDIN>)) {
|
|
Packit |
57988d |
chomp($ThisLine);
|
|
Packit |
57988d |
next if ($ThisLine eq '');
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# the format for ulogd/ulogd.syslogmenu and messages differ in that
|
|
Packit |
57988d |
# the earlier has no service name after the date. So RemoveHeaders
|
|
Packit |
57988d |
# doesn't work. Therefore, we extract it here:
|
|
Packit |
57988d |
$ThisLine =~ s/^... .. ..:..:.. ([^ ]*) (kernel: )?(\[\s*\d+\.\d+\] )?//;
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# IPCHAINS
|
|
Packit |
57988d |
if( ($TU,$from,$port,$on) = ( $ThisLine =~ /IP fw-in deny \w+ (\w+) ([^:]+):\d+ ([^:]+):(\d+) / ) ){
|
|
Packit |
57988d |
if($MaxNum < ++$TCPscan{$TU}{$from}) {
|
|
Packit |
57988d |
$MaxNum = $TCPscan{$TU}{$from}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$port=0;
|
|
Packit |
57988d |
} elsif ( ($chain,$action,$if,$proto,$fromip,$toip,$toport) = ( $ThisLine =~ /^Packet log: ([^ ]+) (\w+) (\w+) PROTO=(\d+) ([\d|\.]+):\d+ ([\d|\.]+):(\d+)/ ) ) {
|
|
Packit |
57988d |
$actionType = lookupAction($action);
|
|
Packit |
57988d |
$ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$chain,$if"}++;
|
|
Packit |
57988d |
$ipt2{$actionType}{$if}{$toport}{$proto}{$fromip}{$toip}{"$chain,$if"}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
# IPTABLES
|
|
Packit |
57988d |
elsif (($chain,$ifin,$ifout,$fromip,$toip,$proto,$rest) = ($ThisLine =~ /^(.*?)\s*IN=([\w\.\-]*).*?OUT=([\w\.\-]*).*?SRC=([\w\.:]+).*?DST=([\w\.:]+).*?PROTO=(\w+)(.*)/ )) {
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# get a destination port number (or icmp type) if there is one
|
|
Packit |
57988d |
if (! ( ($toport) = ( $rest =~ /TYPE=(\w+)/ ) ) ) {
|
|
Packit |
57988d |
if (! ( ($toport) = ( $rest =~ /DPT=(\w+)/ ) ) ) {
|
|
Packit |
57988d |
$toport = 0;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# get the action type
|
|
Packit |
57988d |
$actionType = lookupAction($chain);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# determine the dominant interface
|
|
Packit |
57988d |
if ($ifin =~ /\w+/ && $ifout =~ /\w+/) {
|
|
Packit |
57988d |
$interface = $ifin;
|
|
Packit |
57988d |
} elsif ($ifin =~ /\w+/) {
|
|
Packit |
57988d |
$interface = $ifin;
|
|
Packit |
57988d |
$ifout = "none";
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$interface = $ifout;
|
|
Packit |
57988d |
$ifin = "none";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ($chain eq "") {
|
|
Packit |
57988d |
$chain_info = "";
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$chain_info = "(" . $chain . ") ";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# add the packet
|
|
Packit |
57988d |
# $ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{"$chain,$ifin,$ifout"}++;
|
|
Packit |
57988d |
$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{$chain_info}++;
|
|
Packit |
57988d |
$ipt2{$actionType}{$interface}{$toport}{$proto}{$fromip}{$toip}{$chain_info}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
# IPF
|
|
Packit |
57988d |
elsif (($repcnt,$if,$chain,$fromip,$fromport,$toip,$toport,$proto,$rest,$inout) = ($ThisLine =~ /^.*\d{2,2}:\d{2,2}:\d{2,2}\.\d{6,6}\s*(?:(\d{1,})x)*\s*(\w*)\s*@[-]*\d{1,}:[-]*\d{1,}\s*(\w*)\s*([\w\.:]+\w),*(\d*)\s*->\s*([\w\.:]+\w),*(\d*)\s*PR\s*(\w*)\s*(.*((IN|OUT)).*)/)) {
|
|
Packit |
57988d |
if ($chain eq 'b') {
|
|
Packit |
57988d |
$actionType = "drop";
|
|
Packit |
57988d |
} elsif ($chain eq 'p') {
|
|
Packit |
57988d |
$actionType = "accept";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ($repcnt eq '') {
|
|
Packit |
57988d |
$repcnt = 1;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
while ($repcnt >= 1) {
|
|
Packit |
57988d |
$ipt{$actionType}{$if}{$fromip}{$toip}{$toport}{$proto}{"$actionType,$if"}++;
|
|
Packit |
57988d |
$ipt2{$actionType}{$if}{$toport}{$proto}{$fromip}{$toip}{"$actionType,$if"}++;
|
|
Packit |
57988d |
$repcnt = $repcnt - 1;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# IPCHAINS
|
|
Packit |
57988d |
if (keys %TCPscan and $MaxNum>$MaxFlood) {
|
|
Packit |
57988d |
print "\nWarning: ipfwadm scan detected on:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort compStr keys %TCPscan) {
|
|
Packit |
57988d |
print " " . $ThisOne . " from:\n";
|
|
Packit |
57988d |
foreach $Next (sort compStr keys %{$TCPscan{$ThisOne}}) {
|
|
Packit |
57988d |
$TCPscan{$ThisOne}{$Next}>$MaxFlood &&
|
|
Packit |
57988d |
print " " . LookupIP($Next). ": $TCPscan{$ThisOne}{$Next} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ((keys %ipt2) and $ListByService) {
|
|
Packit |
57988d |
foreach my $actionType (sort compStr keys %ipt2) {
|
|
Packit |
57988d |
foreach my $interface (sort compStr keys %{$ipt2{$actionType}}) {
|
|
Packit |
57988d |
my $outputMain = '';
|
|
Packit |
57988d |
my $interfaceCount = 0;
|
|
Packit |
57988d |
foreach my $toport (sort compNum keys %{$ipt2{$actionType}{$interface}}) {
|
|
Packit |
57988d |
foreach my $proto (sort compStr keys %{$ipt2{$actionType}{$interface}{$toport}}) {
|
|
Packit |
57988d |
my $outputSection = '';
|
|
Packit |
57988d |
my $portCount = 0;
|
|
Packit |
57988d |
my $hostCount = 0;
|
|
Packit |
57988d |
undef %hostList;
|
|
Packit |
57988d |
my %host_list = ();
|
|
Packit |
57988d |
my $protocol;
|
|
Packit |
57988d |
# determine the protocol
|
|
Packit |
57988d |
if ( $proto =~ /^\d+$/ ) {
|
|
Packit |
57988d |
$protocol = lookupProtocol($proto);
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$protocol = lc($proto);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# determine the name of the service
|
|
Packit |
57988d |
my $service = lookupService($toport,$protocol);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
foreach my $fromip (sort SortIP keys %{$ipt2{$actionType}{$interface}{$toport}{$proto}}) {
|
|
Packit |
57988d |
my $fromHostCount = 0;
|
|
Packit |
57988d |
my $from = LookupIP($fromip);
|
|
Packit |
57988d |
my $outputDetails = "";
|
|
Packit |
57988d |
foreach my $toip (sort SortIP keys %{$ipt2{$actionType}{$interface}{$toport}{$proto}{$fromip}}) {
|
|
Packit |
57988d |
my $toHostCount = 0;
|
|
Packit |
57988d |
my $to = LookupIP($toip);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
foreach my $details (sort keys %{$ipt2{$actionType}{$interface}{$toport}{$proto}{$fromip}{$toip}}) {
|
|
Packit |
57988d |
my $packetCount = $ipt2{$actionType}{$interface}{$toport}{$proto}{$fromip}{$toip}{$details};
|
|
Packit |
57988d |
$toHostCount += $packetCount;
|
|
Packit |
57988d |
if ( $Detail > 9 and ( $outputDetails !~ /\Q$details\E/ ) ) {
|
|
Packit |
57988d |
$outputDetails .= $details . ", ";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$fromHostCount += $toHostCount;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
if ( $Detail > 9 ) {
|
|
Packit |
57988d |
chop $outputDetails;
|
|
Packit |
57988d |
chop $outputDetails;
|
|
Packit |
57988d |
push @{$hostList{"$fromHostCount"}}, $from .
|
|
Packit |
57988d |
" " . $outputDetails;
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
push @{$hostList{"$fromHostCount"}}, $from;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$portCount += $fromHostCount;
|
|
Packit |
57988d |
$hostCount++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
$interfaceCount += $portCount;
|
|
Packit |
57988d |
if ($Detail > 5 ) {
|
|
Packit |
57988d |
$outputMain .= sprintf(" To port %d/%s (%s) - ".
|
|
Packit |
57988d |
"%d packet%s from %d host%s\n",
|
|
Packit |
57988d |
$toport, $protocol,
|
|
Packit |
57988d |
( $service =~ /^\d+$/ ) ? "?" : $service,
|
|
Packit |
57988d |
$portCount, ( $portCount > 1 ) ? "s" : " ",
|
|
Packit |
57988d |
$hostCount, ( $hostCount > 1 ) ? "s" : " "
|
|
Packit |
57988d |
);
|
|
Packit |
57988d |
foreach my $hc (sort { $b <=> $a } keys %hostList) {
|
|
Packit |
57988d |
foreach my $h (@{$hostList{"$hc"}}) {
|
|
Packit |
57988d |
$outputMain .= sprintf(" %6d packet%s from %s\n",
|
|
Packit |
57988d |
$hc, ( $hc > 1 ) ? "s" : " ", $h);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
} elsif ($Detail > 3 ) {
|
|
Packit |
57988d |
my $topHostCount;
|
|
Packit |
57988d |
($topHostCount, undef) = sort { $b <=> $a } keys %hostList;
|
|
Packit |
57988d |
my $topHost = ${$hostList{"$topHostCount"}}[0];
|
|
Packit |
57988d |
$outputMain .= sprintf( " To port %5d/%s - %5d packet%s ".
|
|
Packit |
57988d |
"from %4d host%s (%d from %s)\n",
|
|
Packit |
57988d |
$toport, $protocol, $portCount,
|
|
Packit |
57988d |
( $portCount > 1 ) ? "s" : " ", $hostCount,
|
|
Packit |
57988d |
( $hostCount > 1 ) ? "s" : " ",
|
|
Packit |
57988d |
$topHostCount, $topHost
|
|
Packit |
57988d |
);
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$outputMain .= sprintf(" To port %5d/%s - %5d packet%s ".
|
|
Packit |
57988d |
"from %4d host%s\n",
|
|
Packit |
57988d |
$toport, $protocol, $portCount,
|
|
Packit |
57988d |
( $portCount > 1 ) ? "s" : " ", $hostCount,
|
|
Packit |
57988d |
( $hostCount > 1 ) ? "s" : " "
|
|
Packit |
57988d |
);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print "Listed by target ports:";
|
|
Packit |
57988d |
print "\n$actionType $interfaceCount " .
|
|
Packit |
57988d |
( ( $interfaceCount > 1 ) ? "packets" : "packet" ) .
|
|
Packit |
57988d |
" on interface $interface\n";
|
|
Packit |
57988d |
print $outputMain;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# IPCHAINS / IPTABLES
|
|
Packit |
57988d |
if ((keys %ipt) and $ListByHost) {
|
|
Packit |
57988d |
foreach $actionType (sort compStr keys %ipt) {
|
|
Packit |
57988d |
foreach $interface (sort compStr keys %{$ipt{$actionType}}) {
|
|
Packit |
57988d |
$outputMain = '';
|
|
Packit |
57988d |
$interfaceCount = 0;
|
|
Packit |
57988d |
foreach $fromip (sort SortIP keys %{$ipt{$actionType}{$interface}}) {
|
|
Packit |
57988d |
$outputSection = '';
|
|
Packit |
57988d |
$fromHostCount = 0;
|
|
Packit |
57988d |
$from = LookupIP($fromip);
|
|
Packit |
57988d |
undef %port_list;
|
|
Packit |
57988d |
foreach $toip (sort SortIP keys %{$ipt{$actionType}{$interface}{$fromip}}) {
|
|
Packit |
57988d |
$toHostCount = 0;
|
|
Packit |
57988d |
$to = LookupIP($toip);
|
|
Packit |
57988d |
$outputServices = '';
|
|
Packit |
57988d |
foreach $toport (sort compNum keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}}) {
|
|
Packit |
57988d |
foreach $proto (sort compStr keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}}) {
|
|
Packit |
57988d |
# determine the protocol
|
|
Packit |
57988d |
if ( $proto =~ /^\d+$/ ) {
|
|
Packit |
57988d |
$protocol = lookupProtocol($proto);
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$protocol = lc($proto);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# determine the name of the service
|
|
Packit |
57988d |
$service = lookupService($toport,$protocol);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
foreach $details (sort keys %{$ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}}) {
|
|
Packit |
57988d |
$packetCount = $ipt{$actionType}{$interface}{$fromip}{$toip}{$toport}{$proto}{$details};
|
|
Packit |
57988d |
$toHostCount += $packetCount;
|
|
Packit |
57988d |
if ( $Detail > 0 ) {
|
|
Packit |
57988d |
$outputServices .= " Service: $service ($protocol/$toport) $details- $packetCount " . ( ( $packetCount > 1 ) ? "packets\n" : "packet\n" );
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
${ $port_list{ $protocol } }{$toport}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$fromHostCount += $toHostCount;
|
|
Packit |
57988d |
if ( $Detail > 0 ) { $outputSection .= " To $to - $toHostCount " . ( ( $toHostCount > 1 ) ? "packets\n" : "packet\n" ); }
|
|
Packit |
57988d |
$outputSection .= $outputServices;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$interfaceCount += $fromHostCount;
|
|
Packit |
57988d |
if ($fromHostCount >= $MinFilter) {
|
|
Packit |
57988d |
if ($Detail > 0 ) {
|
|
Packit |
57988d |
$outputMain .= " From $from - $fromHostCount " . ( ( $fromHostCount > 1 ) ? "packets\n" : "packet\n" );
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$outputMain .= " From $from - $fromHostCount " . ( ($fromHostCount > 1) ? "packets" : "packet" ) . " to " ;
|
|
Packit |
57988d |
foreach $protocol ( keys %port_list ) {
|
|
Packit |
57988d |
if ( $#{ keys %{$port_list { $protocol } } } > 10 ) {
|
|
Packit |
57988d |
$outputMain .= $#{ $port_list{ $protocol } } ." $protocol ports";
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
$outputMain .= "$protocol(" . join(",", sort compNum keys %{ $port_list{ $protocol } } ) . ") " ;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$outputMain .="\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
$outputMain .= $outputSection;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
print "\nListed by source hosts:";
|
|
Packit |
57988d |
print "\n$actionType $interfaceCount " . ( ( $interfaceCount > 1 ) ? "packets" : "packet" ) . " on interface $interface\n";
|
|
Packit |
57988d |
print $outputMain;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|