source-git / net-snmp

Clone
Source Code
GIT

Files

  1.   b0726e2c25d718eaf433100972633ecfb609a60a
  2.   local
  3.   ipf-mod.pl
Blob Blame History Raw 
#!/usr/bin/perl -s
##
## IP Filter UCD-SNMP pass module
##
## Allows read IP Filter's tables (In, Out, AccIn, AccOut),
## fetching rules, hits and bytes (for accounting tables only).
##
## Author: Yaroslav Terletsky <ts@polynet.lviv.ua>
## Date: $ Tue Dec  1 10:24:08 EET 1998 $
## Version: 1.1a

# Put this file in /usr/local/bin/ipf-mod.pl and then add the following 
# line to your snmpd.conf file (without the # at the front):
#
#   pass .1.3.6.1.4.1.2021.13.2 /usr/local/bin/ipf-mod.pl

# enterprises.ucdavis.ucdExperimental.ipFilter	= .1.3.6.1.4.1.2021.13.2
# ipfInTable.ipfInEntry.ipfInIndex		integer	= 1.1.1
# ipfInTable.ipfInEntry.ipfInRule		string	= 1.1.2
# ipfInTable.ipfInEntry.ipfInHits		counter	= 1.1.3
# ipfOutTable.ipfOutEntry.ipfOutIndex		integer	= 1.2.1
# ipfOutTable.ipfOutEntry.ipfOutRule		string	= 1.2.2
# ipfOutTable.ipfOutEntry.ipfOutHits		counter	= 1.2.3
# ipfAccInTable.ipfAccInEntry.ipfAccInIndex	integer	= 1.3.1
# ipfAccInTable.ipfAccInEntry.ipfAccInRule	string	= 1.3.2
# ipfAccInTable.ipfAccInEntry.ipfAccInHits	counter	= 1.3.3
# ipfAccInTable.ipfAccInEntry.ipfAccInBytes	counter	= 1.3.4
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutIndex	integer	= 1.4.1
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutRule	string	= 1.4.2
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutHits	counter	= 1.4.3
# ipfAccOutTable.ipfAccOutEntry.ipfAccOutBytes	counter	= 1.4.4

# variables types
%type = ('1.1.1', 'integer', '1.1.2', 'string', '1.1.3', 'counter',
	 '2.1.1', 'integer', '2.1.2', 'string', '2.1.3', 'counter',
	 '3.1.1', 'integer', '3.1.2', 'string', '3.1.3', 'counter',
	 '3.1.4', 'counter',
	 '4.1.1', 'integer', '4.1.2', 'string', '4.1.3', 'counter',
	 '4.1.4', 'counter');

# getnext sequence
%next = ('1.1.1', '1.1.2', '1.1.2', '1.1.3', '1.1.3', '2.1.1',
	 '2.1.1', '2.1.2', '2.1.2', '2.1.3', '2.1.3', '3.1.1',
	 '3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4',
	 '3.1.4', '4.1.1',
	 '4.1.1', '4.1.2', '4.1.2', '4.1.3', '4.1.3', '4.1.4');

# ipfilter's commands to fetch needed information
$ipfstat_comm="/sbin/ipfstat";
$ipf_in="$ipfstat_comm -ih 2>/dev/null";
$ipf_out="$ipfstat_comm -oh 2>/dev/null";
$ipf_acc_in="$ipfstat_comm -aih 2>/dev/null";
$ipf_acc_out="$ipfstat_comm -aoh 2>/dev/null";

$OID=$ARGV[0];
$IPF_OID='.1.3.6.1.4.1.2021.13.2';
$IPF_OID_NO_DOTS='\.1\.3\.6\.1\.4\.1\.2021\.13\.2';

# exit if OID is not one of IPF-MIB's
exit if $OID !~ /^$IPF_OID_NO_DOTS(\D|$)/;

# get table, entry, column and row numbers
$tecr = $OID;
$tecr =~ s/^$IPF_OID_NO_DOTS(\D|$)//;
($table, $entry, $col, $row, $rest) = split(/\./, $tecr);

# parse 'get' request
if($g) {
	# exit if OID is wrong specified
	if(!defined $table or !defined $entry or !defined $col or !defined $row or defined $rest) {
		print "[1] NO-SUCH NAME\n" if $d;
		exit;
	}

	# get the OID's value
	$value = &get_value($table, $entry, $col, $row);
	print "value=$value\n" if $d;

	# exit if OID does not exist
	print "[2] NO-SUCH NAME\n" if $d and !defined $value;
	exit if !defined $value;

	# set ObjectID and reply with response
	$tec = "$table.$entry.$col";
	$ObjectID = "${IPF_OID}.${tec}.${row}";
	&response;
}

# parse 'get-next' request
if($n) {
	# set values if 0 or unspecified
	$table = 1, $a = 1 if !$table or !defined $table;
	$entry = 1, $a = 1 if !$entry or !defined $entry;
	$col = 1, $a = 1 if !$col or !defined $col;
	$row = 1, $a = 1 if !$row or !defined $row;

	if($a) {
		# get the OID's value
		$value = &get_value($table, $entry, $col, $row);
		print "value=$value\n" if $d;

		# set ObjectID and reply with response
		$tec = "$table.$entry.$col";
		$ObjectID = "${IPF_OID}.${tec}.${row}";
		&response;
	}

	# get next OID's value
	$row++;
	$value = &get_value($table, $entry, $col, $row);

	# choose new table/column if rows exceeded
	if(!defined $value) {
		$tec = "$table.$entry.$col";
		$tec = $next{$tec} if !$a;
		$table = $tec;
		$entry = $tec;
		$col = $tec;
		$table =~ s/\.\d\.\d$//;
		$entry =~ s/^\d\.(\d)\.\d$/$1/;
		$col =~ s/^\d\.\d\.//;
		$row = 1;

		# get the OID's value
		$value = &get_value($table, $entry, $col, $row);
		print "value=$value\n" if $d;
	}

	# set ObjectID and reply with response
	$tec = "$table.$entry.$col";
	$ObjectID = "${IPF_OID}.${tec}.${row}";
	&response;
}

##############################################################################

# fetch values from 'ipfInTable' and 'ipfOutTable' tables
sub fetch_hits_n_rules {
	local($row, $col, $ipf_output) = @_;
	local($asdf, $i, @ipf_lines, $length);

	# create an entry if no rule exists
	$ipf_output = "0 empty list for ipfilter" if !$ipf_output;

	@ipf_lines = split("\n", $ipf_output);
	$length = $#ipf_lines + 1;

	for($i = 1; $i < $length + 1; $i++) {
		$hits{$i} = $ipf_lines[$i-1];
		$hits{$i} =~ s/^(\d+).*$/$1/;
		$rule{$i} = $ipf_lines[$i-1];
		$rule{$i} =~ s/^\d+ //;
		if($i == $row) {
			return $i if $col == 1;
			return $rule{$i} if $col == 2;
			return $hits{$i} if $col == 3;
		}
	}
	# return undefined value
	undef $asdf;
	return $asdf;
}

# fetch values from 'ipfAccInTable' and 'ipfAccOutTable' tables
sub fetch_hits_bytes_n_rules {
	local($row, $col, $ipf_output) = @_;
	local($asdf, $i, @ipf_lines, $length);

	# create an entry if no rule exists
	$ipf_output = "0 0 empty list for ipacct" if !$ipf_output;

	@ipf_lines = split("\n", $ipf_output);
	$length = $#ipf_lines + 1;

	for($i = 1; $i < $length + 1; $i++) {
		$hits{$i} = $ipf_lines[$i-1];
		$hits{$i} =~ s/^(\d+) .*$/$1/;
		$bytes{$i} = $ipf_lines[$i-1];
		$bytes{$i} =~ s/^\d+ (\d+) .*/$1/;
		$rule{$i} = $ipf_lines[$i-1];
		$rule{$i} =~ s/^\d+ \d+ //;
		if($i == $row) {
			return $i if $col == 1;
			return $rule{$i} if $col == 2;
			return $hits{$i} if $col == 3;
			return $bytes{$i} if $col == 4;
		}
	}
	# return undefined value
	undef $asdf;
	return $asdf;
}

# get the values from ipfilter's tables
sub get_value {
	local($table, $entry, $col, $row) = @_;

	if($table == 1) {
		# fetch ipfInTable data
		$ipf_output = `$ipf_in`;
		$value = &fetch_hits_n_rules($row, $col, $ipf_output);
	} elsif($table == 2) {
		# fetch ipfOutTable data
		$ipf_output = `$ipf_out`;
		$value = &fetch_hits_n_rules($row, $col, $ipf_output);
	} elsif($table == 3) {
		# fetch ipfAccInTable data
		$ipf_output = `$ipf_acc_in`;
		$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
	} elsif($table == 4) {
		# fetch ipfAccOutTable data
		$ipf_output = `$ipf_acc_out`;
		$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
	}
	return $value;
}

# generate response to 'get' or 'get-next' request
sub response {
	# print ObjectID, its type and the value
	if(defined $ObjectID and defined $type{$tec} and defined $value) {
		print "$ObjectID\n";
		print "$type{$tec}\n";
		print "$value\n";
	}
	exit;
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation