1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
#!/usr/bin/perl
use strict;
use Getopt::Long;
use lib "/opt/vyatta/share/perl5";
use Vyatta::Config;
use Vyatta::NatRuleCommon;
use Vyatta::SrcNatRule;
use Vyatta::DstNatRule;
sub numerically { $a <=> $b; }
my $format = "%-5s %-6s %-6s %-12s";
my $iptables = "sudo /sbin/iptables";
my $src_level = "nat source rule";
my $dst_level = "nat destination rule";
my $level = undef;
my $src_chain = "POSTROUTING";
my $dst_chain = "PREROUTING";
my $chain = undef;
my $type = undef;
my @stats = ();
GetOptions(
"type=s" => \$type
);
die("Must specify NAT type!") if !defined($type);
if ($type eq 'source') {
$level = $src_level;
$chain = $src_chain;
} elsif ($type eq 'destination') {
$level = $dst_level;
$chain = $dst_chain;
} else {
die("Unknown NAT type $type!");
}
open(STATS, "$iptables -t nat -L $chain -vn |") or exit 1;
my ($rule_tcp_pkts, $rule_tcp_bytes, $rule_pkts, $rule_bytes);
my $tcp_done = 0;
while (<STATS>) {
if ( (m/ SNAT/ || m/ DNAT/ || m/MASQUERADE/ || m/RETURN/ || m/NETMAP/)) {
m/^\s*(\d+[KMG]?)\s+(\d+[KMG]?)\s/;
$rule_pkts = $1;
$rule_bytes = $2;
if (m/tcp_udp/) { # protocol is tcp_udp, 2 rules in iptables for it
if ($tcp_done == 0) {
$rule_tcp_pkts = $rule_pkts;
$rule_tcp_bytes = $rule_bytes;
$tcp_done = 1;
next;
} else {
$rule_pkts += $rule_tcp_pkts;
$rule_bytes += $rule_tcp_bytes;
$tcp_done = 0;
}
}
push @stats, ($rule_pkts, $rule_bytes);
}
}
close STATS;
printf($format, "rule", "pkts", "bytes", "interface");
print "\n";
printf($format, "----", "----", "-----", "---------");
print "\n";
my $config = new Vyatta::Config;
$config->setLevel("$level");
my @rules_pre = $config->listOrigNodes();
my $rule;
my @rules = sort numerically @rules_pre;
for $rule (@rules) {
my $nrule = undef;
$nrule = new Vyatta::SrcNatRule if $type eq 'source';
$nrule = new Vyatta::DstNatRule if $type eq 'destination';
$nrule->setupOrig("$level $rule");
next if defined $nrule->{_disable};
my $pkts = shift @stats;
my $bytes = shift @stats;
my $intf = undef;
$intf = $nrule->{_outbound_if} if $type eq 'source';
$intf = $nrule->{_inbound_if} if $type eq 'destination';
printf($format, $rule, $pkts, $bytes, $intf);
print "\n";
}
exit 0;
|
