source-git / net-snmp

Clone
Source Code
GIT

Blame local/ipf-mod.pl

c8 c8s master
  1.   b0726e2c25d718eaf433100972633ecfb609a60a
  2.   local
  3.   ipf-mod.pl
Blob History Raw
Packit fcad23 
#!/usr/bin/perl -s
Packit fcad23 
##
Packit fcad23 
## IP Filter UCD-SNMP pass module
Packit fcad23 
##
Packit fcad23 
## Allows read IP Filter's tables (In, Out, AccIn, AccOut),
Packit fcad23 
## fetching rules, hits and bytes (for accounting tables only).
Packit fcad23 
##
Packit fcad23 
## Author: Yaroslav Terletsky <ts@polynet.lviv.ua>
Packit fcad23 
## Date: $ Tue Dec  1 10:24:08 EET 1998 $
Packit fcad23 
## Version: 1.1a
Packit fcad23
Packit fcad23 
# Put this file in /usr/local/bin/ipf-mod.pl and then add the following
Packit fcad23 
# line to your snmpd.conf file (without the # at the front):
Packit fcad23 
#
Packit fcad23 
#   pass .1.3.6.1.4.1.2021.13.2 /usr/local/bin/ipf-mod.pl
Packit fcad23
Packit fcad23 
# enterprises.ucdavis.ucdExperimental.ipFilter	= .1.3.6.1.4.1.2021.13.2
Packit fcad23 
# ipfInTable.ipfInEntry.ipfInIndex		integer	= 1.1.1
Packit fcad23 
# ipfInTable.ipfInEntry.ipfInRule		string	= 1.1.2
Packit fcad23 
# ipfInTable.ipfInEntry.ipfInHits		counter	= 1.1.3
Packit fcad23 
# ipfOutTable.ipfOutEntry.ipfOutIndex		integer	= 1.2.1
Packit fcad23 
# ipfOutTable.ipfOutEntry.ipfOutRule		string	= 1.2.2
Packit fcad23 
# ipfOutTable.ipfOutEntry.ipfOutHits		counter	= 1.2.3
Packit fcad23 
# ipfAccInTable.ipfAccInEntry.ipfAccInIndex	integer	= 1.3.1
Packit fcad23 
# ipfAccInTable.ipfAccInEntry.ipfAccInRule	string	= 1.3.2
Packit fcad23 
# ipfAccInTable.ipfAccInEntry.ipfAccInHits	counter	= 1.3.3
Packit fcad23 
# ipfAccInTable.ipfAccInEntry.ipfAccInBytes	counter	= 1.3.4
Packit fcad23 
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutIndex	integer	= 1.4.1
Packit fcad23 
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutRule	string	= 1.4.2
Packit fcad23 
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutHits	counter	= 1.4.3
Packit fcad23 
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutBytes	counter	= 1.4.4
Packit fcad23
Packit fcad23 
# variables types
Packit fcad23 
%type = ('1.1.1', 'integer', '1.1.2', 'string', '1.1.3', 'counter',
Packit fcad23 
	 '2.1.1', 'integer', '2.1.2', 'string', '2.1.3', 'counter',
Packit fcad23 
	 '3.1.1', 'integer', '3.1.2', 'string', '3.1.3', 'counter',
Packit fcad23 
	 '3.1.4', 'counter',
Packit fcad23 
	 '4.1.1', 'integer', '4.1.2', 'string', '4.1.3', 'counter',
Packit fcad23 
	 '4.1.4', 'counter');
Packit fcad23
Packit fcad23 
# getnext sequence
Packit fcad23 
%next = ('1.1.1', '1.1.2', '1.1.2', '1.1.3', '1.1.3', '2.1.1',
Packit fcad23 
	 '2.1.1', '2.1.2', '2.1.2', '2.1.3', '2.1.3', '3.1.1',
Packit fcad23 
	 '3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4',
Packit fcad23 
	 '3.1.4', '4.1.1',
Packit fcad23 
	 '4.1.1', '4.1.2', '4.1.2', '4.1.3', '4.1.3', '4.1.4');
Packit fcad23
Packit fcad23 
# ipfilter's commands to fetch needed information
Packit fcad23 
$ipfstat_comm="/sbin/ipfstat";
Packit fcad23 
$ipf_in="$ipfstat_comm -ih 2>/dev/null";
Packit fcad23 
$ipf_out="$ipfstat_comm -oh 2>/dev/null";
Packit fcad23 
$ipf_acc_in="$ipfstat_comm -aih 2>/dev/null";
Packit fcad23 
$ipf_acc_out="$ipfstat_comm -aoh 2>/dev/null";
Packit fcad23
Packit fcad23 
$OID=$ARGV[0];
Packit fcad23 
$IPF_OID='.1.3.6.1.4.1.2021.13.2';
Packit fcad23 
$IPF_OID_NO_DOTS='\.1\.3\.6\.1\.4\.1\.2021\.13\.2';
Packit fcad23
Packit fcad23 
# exit if OID is not one of IPF-MIB's
Packit fcad23 
exit if $OID !~ /^$IPF_OID_NO_DOTS(\D|$)/;
Packit fcad23
Packit fcad23 
# get table, entry, column and row numbers
Packit fcad23 
$tecr = $OID;
Packit fcad23 
$tecr =~ s/^$IPF_OID_NO_DOTS(\D|$)//;
Packit fcad23 
($table, $entry, $col, $row, $rest) = split(/\./, $tecr);
Packit fcad23
Packit fcad23 
# parse 'get' request
Packit fcad23 
if($g) {
Packit fcad23 
	# exit if OID is wrong specified
Packit fcad23 
	if(!defined $table or !defined $entry or !defined $col or !defined $row or defined $rest) {
Packit fcad23 
		print "[1] NO-SUCH NAME\n" if $d;
Packit fcad23 
		exit;
Packit fcad23 
	}
Packit fcad23
Packit fcad23 
	# get the OID's value
Packit fcad23 
	$value = &get_value($table, $entry, $col, $row);
Packit fcad23 
	print "value=$value\n" if $d;
Packit fcad23
Packit fcad23 
	# exit if OID does not exist
Packit fcad23 
	print "[2] NO-SUCH NAME\n" if $d and !defined $value;
Packit fcad23 
	exit if !defined $value;
Packit fcad23
Packit fcad23 
	# set ObjectID and reply with response
Packit fcad23 
	$tec = "$table.$entry.$col";
Packit fcad23 
	$ObjectID = "${IPF_OID}.${tec}.${row}";
Packit fcad23 
	&response;
Packit fcad23 
}
Packit fcad23
Packit fcad23 
# parse 'get-next' request
Packit fcad23 
if($n) {
Packit fcad23 
	# set values if 0 or unspecified
Packit fcad23 
	$table = 1, $a = 1 if !$table or !defined $table;
Packit fcad23 
	$entry = 1, $a = 1 if !$entry or !defined $entry;
Packit fcad23 
	$col = 1, $a = 1 if !$col or !defined $col;
Packit fcad23 
	$row = 1, $a = 1 if !$row or !defined $row;
Packit fcad23
Packit fcad23 
	if($a) {
Packit fcad23 
		# get the OID's value
Packit fcad23 
		$value = &get_value($table, $entry, $col, $row);
Packit fcad23 
		print "value=$value\n" if $d;
Packit fcad23
Packit fcad23 
		# set ObjectID and reply with response
Packit fcad23 
		$tec = "$table.$entry.$col";
Packit fcad23 
		$ObjectID = "${IPF_OID}.${tec}.${row}";
Packit fcad23 
		&response;
Packit fcad23 
	}
Packit fcad23
Packit fcad23 
	# get next OID's value
Packit fcad23 
	$row++;
Packit fcad23 
	$value = &get_value($table, $entry, $col, $row);
Packit fcad23
Packit fcad23 
	# choose new table/column if rows exceeded
Packit fcad23 
	if(!defined $value) {
Packit fcad23 
		$tec = "$table.$entry.$col";
Packit fcad23 
		$tec = $next{$tec} if !$a;
Packit fcad23 
		$table = $tec;
Packit fcad23 
		$entry = $tec;
Packit fcad23 
		$col = $tec;
Packit fcad23 
		$table =~ s/\.\d\.\d$//;
Packit fcad23 
		$entry =~ s/^\d\.(\d)\.\d$/$1/;
Packit fcad23 
		$col =~ s/^\d\.\d\.//;
Packit fcad23 
		$row = 1;
Packit fcad23
Packit fcad23 
		# get the OID's value
Packit fcad23 
		$value = &get_value($table, $entry, $col, $row);
Packit fcad23 
		print "value=$value\n" if $d;
Packit fcad23 
	}
Packit fcad23
Packit fcad23 
	# set ObjectID and reply with response
Packit fcad23 
	$tec = "$table.$entry.$col";
Packit fcad23 
	$ObjectID = "${IPF_OID}.${tec}.${row}";
Packit fcad23 
	&response;
Packit fcad23 
}
Packit fcad23
Packit fcad23 
##############################################################################
Packit fcad23
Packit fcad23 
# fetch values from 'ipfInTable' and 'ipfOutTable' tables
Packit fcad23 
sub fetch_hits_n_rules {
Packit fcad23 
	local($row, $col, $ipf_output) = @_;
Packit fcad23 
	local($asdf, $i, @ipf_lines, $length);
Packit fcad23
Packit fcad23 
	# create an entry if no rule exists
Packit fcad23 
	$ipf_output = "0 empty list for ipfilter" if !$ipf_output;
Packit fcad23
Packit fcad23 
	@ipf_lines = split("\n", $ipf_output);
Packit fcad23 
	$length = $#ipf_lines + 1;
Packit fcad23
Packit fcad23 
	for($i = 1; $i < $length + 1; $i++) {
Packit fcad23 
		$hits{$i} = $ipf_lines[$i-1];
Packit fcad23 
		$hits{$i} =~ s/^(\d+).*$/$1/;
Packit fcad23 
		$rule{$i} = $ipf_lines[$i-1];
Packit fcad23 
		$rule{$i} =~ s/^\d+ //;
Packit fcad23 
		if($i == $row) {
Packit fcad23 
			return $i if $col == 1;
Packit fcad23 
			return $rule{$i} if $col == 2;
Packit fcad23 
			return $hits{$i} if $col == 3;
Packit fcad23 
		}
Packit fcad23 
	}
Packit fcad23 
	# return undefined value
Packit fcad23 
	undef $asdf;
Packit fcad23 
	return $asdf;
Packit fcad23 
}
Packit fcad23
Packit fcad23 
# fetch values from 'ipfAccInTable' and 'ipfAccOutTable' tables
Packit fcad23 
sub fetch_hits_bytes_n_rules {
Packit fcad23 
	local($row, $col, $ipf_output) = @_;
Packit fcad23 
	local($asdf, $i, @ipf_lines, $length);
Packit fcad23
Packit fcad23 
	# create an entry if no rule exists
Packit fcad23 
	$ipf_output = "0 0 empty list for ipacct" if !$ipf_output;
Packit fcad23
Packit fcad23 
	@ipf_lines = split("\n", $ipf_output);
Packit fcad23 
	$length = $#ipf_lines + 1;
Packit fcad23
Packit fcad23 
	for($i = 1; $i < $length + 1; $i++) {
Packit fcad23 
		$hits{$i} = $ipf_lines[$i-1];
Packit fcad23 
		$hits{$i} =~ s/^(\d+) .*$/$1/;
Packit fcad23 
		$bytes{$i} = $ipf_lines[$i-1];
Packit fcad23 
		$bytes{$i} =~ s/^\d+ (\d+) .*/$1/;
Packit fcad23 
		$rule{$i} = $ipf_lines[$i-1];
Packit fcad23 
		$rule{$i} =~ s/^\d+ \d+ //;
Packit fcad23 
		if($i == $row) {
Packit fcad23 
			return $i if $col == 1;
Packit fcad23 
			return $rule{$i} if $col == 2;
Packit fcad23 
			return $hits{$i} if $col == 3;
Packit fcad23 
			return $bytes{$i} if $col == 4;
Packit fcad23 
		}
Packit fcad23 
	}
Packit fcad23 
	# return undefined value
Packit fcad23 
	undef $asdf;
Packit fcad23 
	return $asdf;
Packit fcad23 
}
Packit fcad23
Packit fcad23 
# get the values from ipfilter's tables
Packit fcad23 
sub get_value {
Packit fcad23 
	local($table, $entry, $col, $row) = @_;
Packit fcad23
Packit fcad23 
	if($table == 1) {
Packit fcad23 
		# fetch ipfInTable data
Packit fcad23 
		$ipf_output = `$ipf_in`;
Packit fcad23 
		$value = &fetch_hits_n_rules($row, $col, $ipf_output);
Packit fcad23 
	} elsif($table == 2) {
Packit fcad23 
		# fetch ipfOutTable data
Packit fcad23 
		$ipf_output = `$ipf_out`;
Packit fcad23 
		$value = &fetch_hits_n_rules($row, $col, $ipf_output);
Packit fcad23 
	} elsif($table == 3) {
Packit fcad23 
		# fetch ipfAccInTable data
Packit fcad23 
		$ipf_output = `$ipf_acc_in`;
Packit fcad23 
		$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
Packit fcad23 
	} elsif($table == 4) {
Packit fcad23 
		# fetch ipfAccOutTable data
Packit fcad23 
		$ipf_output = `$ipf_acc_out`;
Packit fcad23 
		$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
Packit fcad23 
	}
Packit fcad23 
	return $value;
Packit fcad23 
}
Packit fcad23
Packit fcad23 
# generate response to 'get' or 'get-next' request
Packit fcad23 
sub response {
Packit fcad23 
	# print ObjectID, its type and the value
Packit fcad23 
	if(defined $ObjectID and defined $type{$tec} and defined $value) {
Packit fcad23 
		print "$ObjectID\n";
Packit fcad23 
		print "$type{$tec}\n";
Packit fcad23 
		print "$value\n";
Packit fcad23 
	}
Packit fcad23 
	exit;
Packit fcad23 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation