From b120d3123ddaa8743f00b554dc8f50de80c3f971 Mon Sep 17 00:00:00 2001 From: Peter Popovec Date: Mon, 27 Oct 2008 14:12:00 +0100 Subject: [PATCH] import debian version fwcnt-6.1 --- FWcnt2rrd | 43 ++++++++++++++++++++++++----------------- README | 50 ++++++++++++++++++++++++++++++++++++------------ debian/changelog | 6 ++++++ debian/control | 2 +- install_FWcnt | 30 ++++++++++++++++++----------- ipfm_FWcnt | 47 ++++++++++++++++++--------------------------- 6 files changed, 108 insertions(+), 70 deletions(-) diff --git a/FWcnt2rrd b/FWcnt2rrd index 3b1d3f6..88ea534 100755 --- a/FWcnt2rrd +++ b/FWcnt2rrd @@ -1,7 +1,8 @@ #!/bin/bash #from stdin get output from iptables-save -c, update rrd files -awk ' +#mawk is faster, do not use gawk +mawk ' BEGIN{ I[2]=32-1 I[4]=32-2 @@ -14,27 +15,33 @@ I[0]=32-8 I[256]=32-8 } { -if($2!="-A")next -if($3 !~ "^FWcntIN" && $3 !~ "^FWcntOUT")next -split(substr($1,2,length($1)-2),Nx,":") +#only rules for FWcnt (FWcntIN and FWcntOUT) +if("FWcnt" != substr($3,1,5))next +#ignore master chain +if($3 == "FWcnt")next + +#get counter data +Na=index($1,":") +Nx1=substr($1,2,Na-2) +Nx2=substr($1,Na+1,length($1)-Na-1) -#printf("%s %s",Nx[1],Nx[2]) if(NF==7){ - mask="" if(2==split($(NF-2),N,"/")){ split(N[2],M,".") - mask=sprintf("/%d",I[256-M[4]]) - } + mask="/"I[256-M[4]] + }else + mask="" split(N[1],IP,".") C[IP[1]"."IP[2]"."IP[3]]=1 if($(NF-3)=="-d") { - IPbi[N[1]""mask]=Nx[2] - IPpi[N[1]""mask]=Nx[1] + IPbi[N[1]""mask]=Nx2 + IPpi[N[1]""mask]=Nx1 }else{ - IPbo[N[1]""mask]=Nx[2] - IPpo[N[1]""mask]=Nx[1] + IPbo[N[1]""mask]=Nx2 + IPpo[N[1]""mask]=Nx1 } + next } if(NF==5){ split($NF,N,"/") @@ -43,13 +50,13 @@ if(NF==5){ split(N[1],IP,".") C[IP[1]"."IP[2]"."IP[3]]=1 if($(NF-1)=="-d"){ - IPbi[N[1]"/"mask]=Nx[2] - IPpi[N[1]"/"mask]=Nx[1] + IPbi[N[1]"/"mask]=Nx2 + IPpi[N[1]"/"mask]=Nx1 }else{ - IPbo[N[1]"/"mask]=Nx[2] - IPpo[N[1]"/"mask]=Nx[1] + IPbo[N[1]"/"mask]=Nx2 + IPpo[N[1]"/"mask]=Nx1 } - + next } }END{ CCMD="test -f /var/lib/FWcnt/FW_rrd_database/upgrade_needed" @@ -141,4 +148,4 @@ awk 'BEGIN{ }' /var/lib/FWcnt/etc/config #update ipfm like log -/usr/lib/FWcnt/ipfm_FWcnt +grep -q NOIPFM /var/lib/FWcnt/etc/config || /usr/lib/FWcnt/ipfm_FWcnt diff --git a/README b/README index fb8f54f..d196de5 100644 --- a/README +++ b/README @@ -69,37 +69,63 @@ cntNET 192.168.0.0 2. run /usr/lib/FWcnt/install_FWcnt -3. insert FWcnt chain in FORWARD chain (and if needed INPUT and OUTPUT - chains) - iptables -I FORWARD -j FWcnt +3. check http://YOUR_WEB/cgi-bin/mrtg-rrd.wrapper.cgi -4. check http://YOUR_WEB/cgi-bin/mrtg-rrd.wrapper.cgi +Configuration file directives +----------------------------- -"fast" config manual (config file directives): ----------------------------------------------- +Counter directives: -One line per interface for "counting" interface statistics like this: +cntLINK +------- +Definition for network interface counter, example for counting eth0 and eth3: cntLINK eth0 +cntLINK eth3 -one line per "C-class" net for counting all IP in this IP range: + +cntNET +------ +Definition for counting 256 IP (one C range) example: cntNET 192.168.0.0 (last number not needed .. etc cntNET 192.168.0 works fine) -one line per sub "C-class" range for personalized view: +inetLINK +-------- +Defines interface to internet. All "cntNET" counters counts only trafic +from/to internet. + +Graph view directive: + +mrtgNET +------- + +Default view of first "mrtg" page consist of LINK (interfcaes) graphs and +next summary of 256 IP (C range) "NET" graphs. Below "NET" graph exists +page with 16 graphs for summary of 16 IPs. Next, below graph for summary of +16 IP subpage exists with 16 graphs - one per IP. This is default view. +mrtgNET dorective change numbers of graphs in first subpage. Example: -mrtgNET 192.168.42.128 25 +mrtgNET 192.168.42.0 25 +mrtgNET 192.168.42.128 26 +mrtgNET 192.168.42.192 26 + +Below graph for 192.168.42.0/24 one graph for 192.168.42.0/25 exists and two +graphs for 192.168.42.128/26 and 192.168.42.192/26. Below graph 192.168.42.0/25 +is page with 128 graphs, one per IP exists. Next, below 192.168.42.128/26 +64 graphs subpage exists, for all IPs inside this range. -create one page with 128 IPs from 192.168.42.128 to 192.168.42.255 -default is 16 sub "C-class" NOIPFM +------ if present in config file, no ipfm like log is generated + + INTERNALS --------- diff --git a/debian/changelog b/debian/changelog index 65440b8..0028e94 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +fwcnt (0.6.1) unstable; urgency=low + + * ipfm log generated by rrdgraph + + -- Peter Popovec Thu, 13 Dec 2007 10:07:37 +0100 + fwcnt (0.6) unstable; urgency=low * one rrd file per C range diff --git a/debian/control b/debian/control index c588db4..61e86f9 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Standards-Version: 3.7.2 Package: fwcnt Architecture: all Pre-Depends: mrtg-rrd, patch -Depends: gawk, iptables, cron, rrdtool +Depends: gawk, mawk, iptables, cron, rrdtool Description: Firewall counter Detailed measuring system for wide range of IPs based on firewall rules (counters) and mrtg with rrd backend database. diff --git a/install_FWcnt b/install_FWcnt index ab71f5b..5fd4920 100755 --- a/install_FWcnt +++ b/install_FWcnt @@ -72,7 +72,6 @@ BEGIN{ if(C>128 || C<8)C=16 N[4]=and(N[4],xor(255,(C-1))) NL[N[1]"."N[2]"."N[3]"."N[4]]=C -# print("Net "N[1]"."N[2]"."N[3]"."N[4]" "C) } if($1 ~ "^cntLINK"){ match($2,"(.*)([[:digit:]]+)$",a) @@ -101,7 +100,6 @@ netC=IPn[1]"."IPn[2]"."IPn[3] j=16 if(netC"."i in NL) j=NL[netC"."i] jx=32-int(log(j)*1.5) -# print "j="j" jx="jx IP=netC"."i"/"jx TARGET=IP NAME=IP @@ -125,15 +123,25 @@ netC=IPn[1]"."IPn[2]"."IPn[3] }' MAINT=$MAINT #create and flush initial firewall chains, create initial "goto" -iptables-restore -n <0){ + print "-A FWcnt -j FWcntOUT -o "dev + print "-A FWcnt -j FWcntIN -i "dev +}else{ + print "-A FWcnt -j FWcntOUT" + print "-A FWcnt -j FWcntIN" +} +print "COMMIT" +}' < /var/lib/FWcnt/etc/config | iptables-restore -n + #install all C ranges /usr/lib/FWcnt/init_FWcnt diff --git a/ipfm_FWcnt b/ipfm_FWcnt index 31cac2d..a850531 100755 --- a/ipfm_FWcnt +++ b/ipfm_FWcnt @@ -1,34 +1,25 @@ #!/bin/bash -awk 'BEGIN{ -printf ("# fwcnt 0.6 %s (local time) -- dump every 0d00:05:00 -- generated from iptables counters\n", - strftime("%Y/%m/%d %H:%M:00")); - -printf ("# %-33s%15s%15s%15s\n", "Host", "In (bytes)", "Out (bytes)", "Total (bytes)"); -}' >/var/log/fwcnt/fwcnt-global.tmp while read tag value; do if [ $tag == "cntNET" ]; then -rrdtool fetch /var/lib/FWcnt/FW_rrd_database/${value}.rrd AVERAGE --start `date +%s -d '0:0'`| -awk -v net=$value '{ -if(NR<3)next -i=NF-256*4+1 -j=0 -while(i<=NF){ - bi[j]+=300*strtonum($i) - bo[j]+=300*strtonum($(i+1)) - i+=4 - j++ -} -} -END{ -j=0; -while(j<256){ - if(bi[j]+bo[j]>0){ - printf ("%-35s%15d%15d%15d\n",net"."j,bi[j],bo[j],bi[j]+bo[j]) - } - j++ -} -}' + +rrdtool graph $value.png --start 0:0 --end now $(for i in `seq 0 255`;do +echo -n "DEF:bo$i=/var/lib/FWcnt/FW_rrd_database/${value}.rrd:IPbo$i:AVERAGE " +echo -n "DEF:bi$i=/var/lib/FWcnt/FW_rrd_database/${value}.rrd:IPbi$i:AVERAGE " +echo -n "VDEF:i$i=bi$i,TOTAL " +echo -n "VDEF:o$i=bo$i,TOTAL " +echo -n "PRINT:i$i:\:${value}.$i\:%lf\: " +echo -n "PRINT:o$i:%lf; " +done +echo "") + fi -done >/var/log/fwcnt/fwcnt-global.tmp + +done 0 && ($4+$3) > 0) + printf "%-35s%15d%15d%15d\n",$2,strtonum($3),strtonum($4),$4+$3 +}' >/var/log/fwcnt/fwcnt-global.tmp mv /var/log/fwcnt/fwcnt-global.tmp /var/log/fwcnt/ipfm-global-`date +%Y-%m-%d`.log -- 2.47.3