#!/usr/bin/perl # # $view{view_name} = \( descr, pre_filter, %class, %counters ) # .[0] описание # .[1] процедура совпадения с view # .[2] процедура классификации потоков # .[3] макс количество классов; # .[4] процедура печати потоков # .[5] заголовок таблицы потоков # # $counters{c_time}= \%data # ассоциативный массив $data{'classname'}= value; # # %data{class_name} = value; # подразумеваются байты # use Cflow qw(:flowvars :tcpflags :icmptypes :icmpcodes 1.041); # @hosts_files = ("/etc/hosts"); @protocols_files = ("/etc/protocols"); @services_files = ("/etc/services"); @asns_files = ("/usr/local/share/flow-tools/asn"); #---------------------------------------------------------------- # views filters #---------------------------------------------------------------- sub all_out_filter { # direction - outside ( outif=3 FastEthernet0/1) if ( $Cflow::exporterip eq "1.2.3.1" && $Cflow::output_if == 3 ) { return 1; } # direction - outside ( outif=14 Serial0.1 ) # direction - outside ( outif=15 Serial0.2 ) if ( $Cflow::exporterip eq "1.2.3.2" && ( $Cflow::output_if == 9 || $Cflow::output_if == 16 || $Cflow::output_if == 15 ) ) { return 1; } # direction - outside ( outif=2, Serial0/0 ) if ( $Cflow::exporterip eq "1.2.3.3" && $Cflow::output_if == 2 || $Cflow::output_if == 4 ) { return 1; } return 0; } sub all_in_filter { # direction - outside ( outif=3 FastEthernet0/1) if ( $Cflow::exporterip eq "1.2.3.1" && $Cflow::input_if == 3 ) { return 1; } # direction - outside ( outif=14 Serial0.1 ) # direction - outside ( outif=15 Serial0.2 ) if ( $Cflow::exporterip eq "1.2.3.2" && ( $Cflow::input_if == 9 || $Cflow::input_if == 16 || $Cflow::input_if == 15 ) ) { return 1; } # direction - outside ( outif=2, Serial0/0 ) if ( $Cflow::exporterip eq "1.2.3.3" && $Cflow::input_if == 2 || $Cflow::input_if == 4 ) { return 1; } return 0; } #---------------------------------------------------------------- # classes filters #---------------------------------------------------------------- sub FormatFlow { $p=$Cflow::protocol; $snm=$Cflow::srcip; if ( defined $hosts{$snm}) { $snm=$hosts{$snm}; } $dnm=$Cflow::dstip; if ( defined $hosts{$dnm}) { $dnm=$hosts{$dnm}; } if ( $p==6 || $p==17 ) { $sp=$Cflow::srcport; $dp=$Cflow::dstport; if ($p==6 ) { $p= "tcp"; if ( defined $tcp_services{$sp}) { $sp=$tcp_services{$sp}; } if ( defined $tcp_services{$dp}) { $dp=$tcp_services{$dp}; } } else { $p="udp"; if ( defined $udp_services{$sp}) { $sp=$udp_services{$sp}; } if ( defined $udp_services{$dp}) { $dp=$udp_services{$dp}; } }; return "$p $snm:$sp $dnm:$dp"; } elsif ( $p==1 ) { $icp = get_icmp_typecode($Cflow::dstport); return "icmp $snm $dnm..$icp"; } if (defined $protocols{$p}) { $p=$protocols{$p}; } return "$p $snm $dnm"; }; # undef %view; # sub no_filter { return 1;} sub classify_by_srcip { return $Cflow::srcip; } sub classify_by_dstip { return $Cflow::dstip; } sub classify_by_srcas { return $Cflow::src_as; } sub classify_by_dstas { return $Cflow::dst_as; } sub classify_by_flow { return &FormatFlow; } # sub myPrintFlow { $f = &FormatFlow; return "$Cflow::dst_as $f $Cflow::bytes $Cflow::pkts\r\n"; } # печатать AS назначения, поток, кол-во байт и пакетов в потоке. # @{$view{total_output_by_as}} = ( "OutPut traffic by dst AS ", # описание view ( одна строка ) \&all_out_filter, # процедура - фильтр для view \&classify_by_dstas, # view classifier 11, # число top классов \&myPrintFlow, # процедура печати потоков "dst_AS protocol src_addr:src_port dst_addr:dst_port bytes packets" ); #