local/ipf-mod.pl - vendor/opensource/netsnmp - Git at Google

 #!/usr/bin/perl -s
 ##
 ## IP Filter UCD-SNMP pass module
 ##
 ## Allows read IP Filter's tables (In, Out, AccIn, AccOut),
 ## fetching rules, hits and bytes (for accounting tables only).
 ##
 ## Author: Yaroslav Terletsky <ts@polynet.lviv.ua>
 ## Date: $ Tue Dec  1 10:24:08 EET 1998 $
 ## Version: 1.1a

 # Put this file in /usr/local/bin/ipf-mod.pl and then add the following
 # line to your snmpd.conf file (without the # at the front):
 #
 #   pass .1.3.6.1.4.1.2021.13.2 /usr/local/bin/ipf-mod.pl

 # enterprises.ucdavis.ucdExperimental.ipFilter	= .1.3.6.1.4.1.2021.13.2
 # ipfInTable.ipfInEntry.ipfInIndex		integer	= 1.1.1
 # ipfInTable.ipfInEntry.ipfInRule		string	= 1.1.2
 # ipfInTable.ipfInEntry.ipfInHits		counter	= 1.1.3
 # ipfOutTable.ipfOutEntry.ipfOutIndex		integer	= 1.2.1
 # ipfOutTable.ipfOutEntry.ipfOutRule		string	= 1.2.2
 # ipfOutTable.ipfOutEntry.ipfOutHits		counter	= 1.2.3
 # ipfAccInTable.ipfAccInEntry.ipfAccInIndex	integer	= 1.3.1
 # ipfAccInTable.ipfAccInEntry.ipfAccInRule	string	= 1.3.2
 # ipfAccInTable.ipfAccInEntry.ipfAccInHits	counter	= 1.3.3
 # ipfAccInTable.ipfAccInEntry.ipfAccInBytes	counter	= 1.3.4
 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutIndex	integer	= 1.4.1
 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutRule	string	= 1.4.2
 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutHits	counter	= 1.4.3
 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutBytes	counter	= 1.4.4

 # variables types
 %type = ('1.1.1', 'integer', '1.1.2', 'string', '1.1.3', 'counter',
 	 '2.1.1', 'integer', '2.1.2', 'string', '2.1.3', 'counter',
 	 '3.1.1', 'integer', '3.1.2', 'string', '3.1.3', 'counter',
 	 '3.1.4', 'counter',
 	 '4.1.1', 'integer', '4.1.2', 'string', '4.1.3', 'counter',
 	 '4.1.4', 'counter');

 # getnext sequence
 %next = ('1.1.1', '1.1.2', '1.1.2', '1.1.3', '1.1.3', '2.1.1',
 	 '2.1.1', '2.1.2', '2.1.2', '2.1.3', '2.1.3', '3.1.1',
 	 '3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4',
 	 '3.1.4', '4.1.1',
 	 '4.1.1', '4.1.2', '4.1.2', '4.1.3', '4.1.3', '4.1.4');

 # ipfilter's commands to fetch needed information
 $ipfstat_comm="/sbin/ipfstat";
 $ipf_in="$ipfstat_comm -ih 2>/dev/null";
 $ipf_out="$ipfstat_comm -oh 2>/dev/null";
 $ipf_acc_in="$ipfstat_comm -aih 2>/dev/null";
 $ipf_acc_out="$ipfstat_comm -aoh 2>/dev/null";

 $OID=$ARGV[0];
 $IPF_OID='.1.3.6.1.4.1.2021.13.2';
 $IPF_OID_NO_DOTS='\.1\.3\.6\.1\.4\.1\.2021\.13\.2';

 # exit if OID is not one of IPF-MIB's
 exit if $OID !~ /^$IPF_OID_NO_DOTS(\D|$)/;

 # get table, entry, column and row numbers
 $tecr = $OID;
 $tecr =~ s/^$IPF_OID_NO_DOTS(\D|$)//;
 ($table, $entry, $col, $row, $rest) = split(/\./, $tecr);

 # parse 'get' request
 if($g) {
 	# exit if OID is wrong specified
 	if(!defined $table or !defined $entry or !defined $col or !defined $row or defined $rest) {
 		print "[1] NO-SUCH NAME\n" if $d;
 		exit;
 	}

 	# get the OID's value
 	$value = &get_value($table, $entry, $col, $row);
 	print "value=$value\n" if $d;

 	# exit if OID does not exist
 	print "[2] NO-SUCH NAME\n" if $d and !defined $value;
 	exit if !defined $value;

 	# set ObjectID and reply with response
 	$tec = "$table.$entry.$col";
 	$ObjectID = "${IPF_OID}.${tec}.${row}";
 	&response;
 }

 # parse 'get-next' request
 if($n) {
 	# set values if 0 or unspecified
 	$table = 1, $a = 1 if !$table or !defined $table;
 	$entry = 1, $a = 1 if !$entry or !defined $entry;
 	$col = 1, $a = 1 if !$col or !defined $col;
 	$row = 1, $a = 1 if !$row or !defined $row;

 	if($a) {
 		# get the OID's value
 		$value = &get_value($table, $entry, $col, $row);
 		print "value=$value\n" if $d;

 		# set ObjectID and reply with response
 		$tec = "$table.$entry.$col";
 		$ObjectID = "${IPF_OID}.${tec}.${row}";
 		&response;
 	}

 	# get next OID's value
 	$row++;
 	$value = &get_value($table, $entry, $col, $row);

 	# choose new table/column if rows exceeded
 	if(!defined $value) {
 		$tec = "$table.$entry.$col";
 		$tec = $next{$tec} if !$a;
 		$table = $tec;
 		$entry = $tec;
 		$col = $tec;
 		$table =~ s/\.\d\.\d$//;
 		$entry =~ s/^\d\.(\d)\.\d$/$1/;
 		$col =~ s/^\d\.\d\.//;
 		$row = 1;

 		# get the OID's value
 		$value = &get_value($table, $entry, $col, $row);
 		print "value=$value\n" if $d;
 	}

 	# set ObjectID and reply with response
 	$tec = "$table.$entry.$col";
 	$ObjectID = "${IPF_OID}.${tec}.${row}";
 	&response;
 }

 ##############################################################################

 # fetch values from 'ipfInTable' and 'ipfOutTable' tables
 sub fetch_hits_n_rules {
 	local($row, $col, $ipf_output) = @_;
 	local($asdf, $i, @ipf_lines, $length);

 	# create an entry if no rule exists
 	$ipf_output = "0 empty list for ipfilter" if !$ipf_output;

 	@ipf_lines = split("\n", $ipf_output);
 	$length = $#ipf_lines + 1;

 	for($i = 1; $i < $length + 1; $i++) {
 		$hits{$i} = $ipf_lines[$i-1];
 		$hits{$i} =~ s/^(\d+).*$/$1/;
 		$rule{$i} = $ipf_lines[$i-1];
 		$rule{$i} =~ s/^\d+ //;
 		if($i == $row) {
 			return $i if $col == 1;
 			return $rule{$i} if $col == 2;
 			return $hits{$i} if $col == 3;
 		}
 	}
 	# return undefined value
 	undef $asdf;
 	return $asdf;
 }

 # fetch values from 'ipfAccInTable' and 'ipfAccOutTable' tables
 sub fetch_hits_bytes_n_rules {
 	local($row, $col, $ipf_output) = @_;
 	local($asdf, $i, @ipf_lines, $length);

 	# create an entry if no rule exists
 	$ipf_output = "0 0 empty list for ipacct" if !$ipf_output;

 	@ipf_lines = split("\n", $ipf_output);
 	$length = $#ipf_lines + 1;

 	for($i = 1; $i < $length + 1; $i++) {
 		$hits{$i} = $ipf_lines[$i-1];
 		$hits{$i} =~ s/^(\d+) .*$/$1/;
 		$bytes{$i} = $ipf_lines[$i-1];
 		$bytes{$i} =~ s/^\d+ (\d+) .*/$1/;
 		$rule{$i} = $ipf_lines[$i-1];
 		$rule{$i} =~ s/^\d+ \d+ //;
 		if($i == $row) {
 			return $i if $col == 1;
 			return $rule{$i} if $col == 2;
 			return $hits{$i} if $col == 3;
 			return $bytes{$i} if $col == 4;
 		}
 	}
 	# return undefined value
 	undef $asdf;
 	return $asdf;
 }

 # get the values from ipfilter's tables
 sub get_value {
 	local($table, $entry, $col, $row) = @_;

 	if($table == 1) {
 		# fetch ipfInTable data
 		$ipf_output = `$ipf_in`;
 		$value = &fetch_hits_n_rules($row, $col, $ipf_output);
 	} elsif($table == 2) {
 		# fetch ipfOutTable data
 		$ipf_output = `$ipf_out`;
 		$value = &fetch_hits_n_rules($row, $col, $ipf_output);
 	} elsif($table == 3) {
 		# fetch ipfAccInTable data
 		$ipf_output = `$ipf_acc_in`;
 		$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
 	} elsif($table == 4) {
 		# fetch ipfAccOutTable data
 		$ipf_output = `$ipf_acc_out`;
 		$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
 	}
 	return $value;
 }

 # generate response to 'get' or 'get-next' request
 sub response {
 	# print ObjectID, its type and the value
 	if(defined $ObjectID and defined $type{$tec} and defined $value) {
 		print "$ObjectID\n";
 		print "$type{$tec}\n";
 		print "$value\n";
 	}
 	exit;
 }
	#!/usr/bin/perl -s
	##
	## IP Filter UCD-SNMP pass module
	##
	## Allows read IP Filter's tables (In, Out, AccIn, AccOut),
	## fetching rules, hits and bytes (for accounting tables only).
	##
	## Author: Yaroslav Terletsky <ts@polynet.lviv.ua>
	## Date: $ Tue Dec 1 10:24:08 EET 1998 $
	## Version: 1.1a

	# Put this file in /usr/local/bin/ipf-mod.pl and then add the following
	# line to your snmpd.conf file (without the # at the front):
	#
	# pass .1.3.6.1.4.1.2021.13.2 /usr/local/bin/ipf-mod.pl

	# enterprises.ucdavis.ucdExperimental.ipFilter = .1.3.6.1.4.1.2021.13.2
	# ipfInTable.ipfInEntry.ipfInIndex integer = 1.1.1
	# ipfInTable.ipfInEntry.ipfInRule string = 1.1.2
	# ipfInTable.ipfInEntry.ipfInHits counter = 1.1.3
	# ipfOutTable.ipfOutEntry.ipfOutIndex integer = 1.2.1
	# ipfOutTable.ipfOutEntry.ipfOutRule string = 1.2.2
	# ipfOutTable.ipfOutEntry.ipfOutHits counter = 1.2.3
	# ipfAccInTable.ipfAccInEntry.ipfAccInIndex integer = 1.3.1
	# ipfAccInTable.ipfAccInEntry.ipfAccInRule string = 1.3.2
	# ipfAccInTable.ipfAccInEntry.ipfAccInHits counter = 1.3.3
	# ipfAccInTable.ipfAccInEntry.ipfAccInBytes counter = 1.3.4
	# ipfAccOutTable.ipfAccOutEntry.ipfAccOutIndex integer = 1.4.1
	# ipfAccOutTable.ipfAccOutEntry.ipfAccOutRule string = 1.4.2
	# ipfAccOutTable.ipfAccOutEntry.ipfAccOutHits counter = 1.4.3
	# ipfAccOutTable.ipfAccOutEntry.ipfAccOutBytes counter = 1.4.4

	# variables types
	%type = ('1.1.1', 'integer', '1.1.2', 'string', '1.1.3', 'counter',
	'2.1.1', 'integer', '2.1.2', 'string', '2.1.3', 'counter',
	'3.1.1', 'integer', '3.1.2', 'string', '3.1.3', 'counter',
	'3.1.4', 'counter',
	'4.1.1', 'integer', '4.1.2', 'string', '4.1.3', 'counter',
	'4.1.4', 'counter');

	# getnext sequence
	%next = ('1.1.1', '1.1.2', '1.1.2', '1.1.3', '1.1.3', '2.1.1',
	'2.1.1', '2.1.2', '2.1.2', '2.1.3', '2.1.3', '3.1.1',
	'3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4',
	'3.1.4', '4.1.1',
	'4.1.1', '4.1.2', '4.1.2', '4.1.3', '4.1.3', '4.1.4');

	# ipfilter's commands to fetch needed information
	$ipfstat_comm="/sbin/ipfstat";
	$ipf_in="$ipfstat_comm -ih 2>/dev/null";
	$ipf_out="$ipfstat_comm -oh 2>/dev/null";
	$ipf_acc_in="$ipfstat_comm -aih 2>/dev/null";
	$ipf_acc_out="$ipfstat_comm -aoh 2>/dev/null";

	$OID=$ARGV[0];
	$IPF_OID='.1.3.6.1.4.1.2021.13.2';
	$IPF_OID_NO_DOTS='\.1\.3\.6\.1\.4\.1\.2021\.13\.2';

	# exit if OID is not one of IPF-MIB's
	exit if $OID !~ /^$IPF_OID_NO_DOTS(\D\|$)/;

	# get table, entry, column and row numbers
	$tecr = $OID;
	$tecr =~ s/^$IPF_OID_NO_DOTS(\D\|$)//;
	($table, $entry, $col, $row, $rest) = split(/\./, $tecr);

	# parse 'get' request
	if($g) {
	# exit if OID is wrong specified
	if(!defined $table or !defined $entry or !defined $col or !defined $row or defined $rest) {
	print "[1] NO-SUCH NAME\n" if $d;
	exit;
	}

	# get the OID's value
	$value = &get_value($table, $entry, $col, $row);
	print "value=$value\n" if $d;

	# exit if OID does not exist
	print "[2] NO-SUCH NAME\n" if $d and !defined $value;
	exit if !defined $value;

	# set ObjectID and reply with response
	$tec = "$table.$entry.$col";
	$ObjectID = "${IPF_OID}.${tec}.${row}";
	&response;
	}

	# parse 'get-next' request
	if($n) {
	# set values if 0 or unspecified
	$table = 1, $a = 1 if !$table or !defined $table;
	$entry = 1, $a = 1 if !$entry or !defined $entry;
	$col = 1, $a = 1 if !$col or !defined $col;
	$row = 1, $a = 1 if !$row or !defined $row;

	if($a) {
	# get the OID's value
	$value = &get_value($table, $entry, $col, $row);
	print "value=$value\n" if $d;

	# set ObjectID and reply with response
	$tec = "$table.$entry.$col";
	$ObjectID = "${IPF_OID}.${tec}.${row}";
	&response;
	}

	# get next OID's value
	$row++;
	$value = &get_value($table, $entry, $col, $row);

	# choose new table/column if rows exceeded
	if(!defined $value) {
	$tec = "$table.$entry.$col";
	$tec = $next{$tec} if !$a;
	$table = $tec;
	$entry = $tec;
	$col = $tec;
	$table =~ s/\.\d\.\d$//;
	$entry =~ s/^\d\.(\d)\.\d$/$1/;
	$col =~ s/^\d\.\d\.//;
	$row = 1;

	# get the OID's value
	$value = &get_value($table, $entry, $col, $row);
	print "value=$value\n" if $d;
	}

	# set ObjectID and reply with response
	$tec = "$table.$entry.$col";
	$ObjectID = "${IPF_OID}.${tec}.${row}";
	&response;
	}

	##############################################################################

	# fetch values from 'ipfInTable' and 'ipfOutTable' tables
	sub fetch_hits_n_rules {
	local($row, $col, $ipf_output) = @_;
	local($asdf, $i, @ipf_lines, $length);

	# create an entry if no rule exists
	$ipf_output = "0 empty list for ipfilter" if !$ipf_output;

	@ipf_lines = split("\n", $ipf_output);
	$length = $#ipf_lines + 1;

	for($i = 1; $i < $length + 1; $i++) {
	$hits{$i} = $ipf_lines[$i-1];
	$hits{$i} =~ s/^(\d+).*$/$1/;
	$rule{$i} = $ipf_lines[$i-1];
	$rule{$i} =~ s/^\d+ //;
	if($i == $row) {
	return $i if $col == 1;
	return $rule{$i} if $col == 2;
	return $hits{$i} if $col == 3;
	}
	}
	# return undefined value
	undef $asdf;
	return $asdf;
	}

	# fetch values from 'ipfAccInTable' and 'ipfAccOutTable' tables
	sub fetch_hits_bytes_n_rules {
	local($row, $col, $ipf_output) = @_;
	local($asdf, $i, @ipf_lines, $length);

	# create an entry if no rule exists
	$ipf_output = "0 0 empty list for ipacct" if !$ipf_output;

	@ipf_lines = split("\n", $ipf_output);
	$length = $#ipf_lines + 1;

	for($i = 1; $i < $length + 1; $i++) {
	$hits{$i} = $ipf_lines[$i-1];
	$hits{$i} =~ s/^(\d+) .*$/$1/;
	$bytes{$i} = $ipf_lines[$i-1];
	$bytes{$i} =~ s/^\d+ (\d+) .*/$1/;
	$rule{$i} = $ipf_lines[$i-1];
	$rule{$i} =~ s/^\d+ \d+ //;
	if($i == $row) {
	return $i if $col == 1;
	return $rule{$i} if $col == 2;
	return $hits{$i} if $col == 3;
	return $bytes{$i} if $col == 4;
	}
	}
	# return undefined value
	undef $asdf;
	return $asdf;
	}

	# get the values from ipfilter's tables
	sub get_value {
	local($table, $entry, $col, $row) = @_;

	if($table == 1) {
	# fetch ipfInTable data
	$ipf_output = `$ipf_in`;
	$value = &fetch_hits_n_rules($row, $col, $ipf_output);
	} elsif($table == 2) {
	# fetch ipfOutTable data
	$ipf_output = `$ipf_out`;
	$value = &fetch_hits_n_rules($row, $col, $ipf_output);
	} elsif($table == 3) {
	# fetch ipfAccInTable data
	$ipf_output = `$ipf_acc_in`;
	$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
	} elsif($table == 4) {
	# fetch ipfAccOutTable data
	$ipf_output = `$ipf_acc_out`;
	$value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output);
	}
	return $value;
	}

	# generate response to 'get' or 'get-next' request
	sub response {
	# print ObjectID, its type and the value
	if(defined $ObjectID and defined $type{$tec} and defined $value) {
	print "$ObjectID\n";
	print "$type{$tec}\n";
	print "$value\n";
	}
	exit;
	}