PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`#!/usr/bin/perl -s ## ## IP Filter UCD-SNMP pass module ## ## Allows read IP Filter's tables (In, Out, AccIn, AccOut), ## fetching rules, hits and bytes (for accounting tables only). ## ## Author: Yaroslav Terletsky ## Date: $ Tue Dec 1 10:24:08 EET 1998 $ ## Version: 1.1a # Put this file in /usr/local/bin/ipf-mod.pl and then add the following # line to your snmpd.conf file (without the # at the front): # # pass .1.3.6.1.4.1.2021.13.2 /usr/local/bin/ipf-mod.pl # enterprises.ucdavis.ucdExperimental.ipFilter = .1.3.6.1.4.1.2021.13.2 # ipfInTable.ipfInEntry.ipfInIndex integer = 1.1.1 # ipfInTable.ipfInEntry.ipfInRule string = 1.1.2 # ipfInTable.ipfInEntry.ipfInHits counter = 1.1.3 # ipfOutTable.ipfOutEntry.ipfOutIndex integer = 1.2.1 # ipfOutTable.ipfOutEntry.ipfOutRule string = 1.2.2 # ipfOutTable.ipfOutEntry.ipfOutHits counter = 1.2.3 # ipfAccInTable.ipfAccInEntry.ipfAccInIndex integer = 1.3.1 # ipfAccInTable.ipfAccInEntry.ipfAccInRule string = 1.3.2 # ipfAccInTable.ipfAccInEntry.ipfAccInHits counter = 1.3.3 # ipfAccInTable.ipfAccInEntry.ipfAccInBytes counter = 1.3.4 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutIndex integer = 1.4.1 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutRule string = 1.4.2 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutHits counter = 1.4.3 # ipfAccOutTable.ipfAccOutEntry.ipfAccOutBytes counter = 1.4.4 # variables types %type = ('1.1.1', 'integer', '1.1.2', 'string', '1.1.3', 'counter', '2.1.1', 'integer', '2.1.2', 'string', '2.1.3', 'counter', '3.1.1', 'integer', '3.1.2', 'string', '3.1.3', 'counter', '3.1.4', 'counter', '4.1.1', 'integer', '4.1.2', 'string', '4.1.3', 'counter', '4.1.4', 'counter'); # getnext sequence %next = ('1.1.1', '1.1.2', '1.1.2', '1.1.3', '1.1.3', '2.1.1', '2.1.1', '2.1.2', '2.1.2', '2.1.3', '2.1.3', '3.1.1', '3.1.1', '3.1.2', '3.1.2', '3.1.3', '3.1.3', '3.1.4', '3.1.4', '4.1.1', '4.1.1', '4.1.2', '4.1.2', '4.1.3', '4.1.3', '4.1.4'); # ipfilter's commands to fetch needed information $ipfstat_comm="/sbin/ipfstat"; $ipf_in="$ipfstat_comm -ih 2>/dev/null"; $ipf_out="$ipfstat_comm -oh 2>/dev/null"; $ipf_acc_in="$ipfstat_comm -aih 2>/dev/null"; $ipf_acc_out="$ipfstat_comm -aoh 2>/dev/null"; $OID=$ARGV[0]; $IPF_OID='.1.3.6.1.4.1.2021.13.2'; $IPF_OID_NO_DOTS='\.1\.3\.6\.1\.4\.1\.2021\.13\.2'; # exit if OID is not one of IPF-MIB's exit if $OID !~ /^$IPF_OID_NO_DOTS(\D|$)/; # get table, entry, column and row numbers $tecr = $OID; $tecr =~ s/^$IPF_OID_NO_DOTS(\D|$)//; ($table, $entry, $col, $row, $rest) = split(/\./, $tecr); # parse 'get' request if($g) { # exit if OID is wrong specified if(!defined $table or !defined $entry or !defined $col or !defined $row or defined $rest) { print "[1] NO-SUCH NAME\n" if $d; exit; } # get the OID's value $value = &get_value($table, $entry, $col, $row); print "value=$value\n" if $d; # exit if OID does not exist print "[2] NO-SUCH NAME\n" if $d and !defined $value; exit if !defined $value; # set ObjectID and reply with response $tec = "$table.$entry.$col"; $ObjectID = "${IPF_OID}.${tec}.${row}"; &response; } # parse 'get-next' request if($n) { # set values if 0 or unspecified $table = 1, $a = 1 if !$table or !defined $table; $entry = 1, $a = 1 if !$entry or !defined $entry; $col = 1, $a = 1 if !$col or !defined $col; $row = 1, $a = 1 if !$row or !defined $row; if($a) { # get the OID's value $value = &get_value($table, $entry, $col, $row); print "value=$value\n" if $d; # set ObjectID and reply with response $tec = "$table.$entry.$col"; $ObjectID = "${IPF_OID}.${tec}.${row}"; &response; } # get next OID's value $row++; $value = &get_value($table, $entry, $col, $row); # choose new table/column if rows exceeded if(!defined $value) { $tec = "$table.$entry.$col"; $tec = $next{$tec} if !$a; $table = $tec; $entry = $tec; $col = $tec; $table =~ s/\.\d\.\d$//; $entry =~ s/^\d\.(\d)\.\d$/$1/; $col =~ s/^\d\.\d\.//; $row = 1; # get the OID's value $value = &get_value($table, $entry, $col, $row); print "value=$value\n" if $d; } # set ObjectID and reply with response $tec = "$table.$entry.$col"; $ObjectID = "${IPF_OID}.${tec}.${row}"; &response; } ############################################################################## # fetch values from 'ipfInTable' and 'ipfOutTable' tables sub fetch_hits_n_rules { local($row, $col, $ipf_output) = @_; local($asdf, $i, @ipf_lines, $length); # create an entry if no rule exists $ipf_output = "0 empty list for ipfilter" if !$ipf_output; @ipf_lines = split("\n", $ipf_output); $length = $#ipf_lines + 1; for($i = 1; $i < $length + 1; $i++) { $hits{$i} = $ipf_lines[$i-1]; $hits{$i} =~ s/^(\d+).*$/$1/; $rule{$i} = $ipf_lines[$i-1]; $rule{$i} =~ s/^\d+ //; if($i == $row) { return $i if $col == 1; return $rule{$i} if $col == 2; return $hits{$i} if $col == 3; } } # return undefined value undef $asdf; return $asdf; } # fetch values from 'ipfAccInTable' and 'ipfAccOutTable' tables sub fetch_hits_bytes_n_rules { local($row, $col, $ipf_output) = @_; local($asdf, $i, @ipf_lines, $length); # create an entry if no rule exists $ipf_output = "0 0 empty list for ipacct" if !$ipf_output; @ipf_lines = split("\n", $ipf_output); $length = $#ipf_lines + 1; for($i = 1; $i < $length + 1; $i++) { $hits{$i} = $ipf_lines[$i-1]; $hits{$i} =~ s/^(\d+) .*$/$1/; $bytes{$i} = $ipf_lines[$i-1]; $bytes{$i} =~ s/^\d+ (\d+) .*/$1/; $rule{$i} = $ipf_lines[$i-1]; $rule{$i} =~ s/^\d+ \d+ //; if($i == $row) { return $i if $col == 1; return $rule{$i} if $col == 2; return $hits{$i} if $col == 3; return $bytes{$i} if $col == 4; } } # return undefined value undef $asdf; return $asdf; } # get the values from ipfilter's tables sub get_value { local($table, $entry, $col, $row) = @_; if($table == 1) { # fetch ipfInTable data $ipf_output = `$ipf_in`; $value = &fetch_hits_n_rules($row, $col, $ipf_output); } elsif($table == 2) { # fetch ipfOutTable data $ipf_output = `$ipf_out`; $value = &fetch_hits_n_rules($row, $col, $ipf_output); } elsif($table == 3) { # fetch ipfAccInTable data $ipf_output = `$ipf_acc_in`; $value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output); } elsif($table == 4) { # fetch ipfAccOutTable data $ipf_output = `$ipf_acc_out`; $value = &fetch_hits_bytes_n_rules($row, $col, $ipf_output); } return $value; } # generate response to 'get' or 'get-next' request sub response { # print ObjectID, its type and the value if(defined $ObjectID and defined $type{$tec} and defined $value) { print "$ObjectID\n"; print "$type{$tec}\n"; print "$value\n"; } exit; }