summaryrefslogtreecommitdiff
path: root/scripts/vyatta-show-nat.pl
blob: 0ae25afa61eae25487642d642e0719e732c14929 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

#!/usr/bin/perl

use strict;
use lib "/opt/vyatta/share/perl5";
use Vyatta::Config;
use Vyatta::NatRule;

sub numerically { $a <=> $b; }

exit 1 if ($#ARGV != 0);
my $xsl_file = $ARGV[0];

if (! -e $xsl_file) {
  print "Invalid XSL file \"$xsl_file\"\n";
  exit 1;
}

my %stats = (
              source      => [ ],
              destination => [ ],
            );
open(STATS, "sudo /sbin/iptables -t nat -L -vn |") or exit 1;
my $skey = "";
my ($rule_tcp_pkts, $rule_tcp_bytes, $rule_pkts, $rule_bytes);
my $tcp_done = 0;
while (<STATS>) {
  if (m/^Chain PREROUTING/) {
    $skey = "destination";
  } elsif (m/^Chain POSTROUTING/) {
    $skey = "source";
  } elsif (m/^Chain /) {
    $skey = "";
  }

  if ($skey ne "" && (m/SNAT/ || m/DNAT/ || m/MASQUERADE/ || m/RETURN/ || m/NETMAP/)) {
    m/^\s*(\d+[KMG]?)\s+(\d+[KMG]?)\s/;
    $rule_pkts = $1;
    $rule_bytes = $2;
    if (m/tcp_udp/) { # protocol is tcp_udp, 2 rules in iptables for it
      if ($tcp_done == 0) {
        $rule_tcp_pkts = $rule_pkts;
        $rule_tcp_bytes = $rule_bytes;
        $tcp_done = 1;
        next;
      } else {
        $rule_pkts += $rule_tcp_pkts;
        $rule_bytes += $rule_tcp_bytes;
        $tcp_done = 0;
      }
    }
    push @{$stats{$skey}}, ($rule_pkts, $rule_bytes);
  }
}
close STATS;

open(RENDER, "| /opt/vyatta/sbin/render_xml $xsl_file") or exit 1;

# begin
print RENDER "<opcommand name='natrules'><format type='row'>\n";

# get rid of the stats for PRE_SNAT_HOOK
splice @{$stats{'source'}}, 0, 2;

my $config = new Vyatta::Config;
$config->setLevel("service nat rule");
my @rules_pre = $config->listOrigNodes();
my $rule;
my @rules = sort numerically @rules_pre;
for $rule (@rules) {
  my $nrule = new Vyatta::NatRule;
  $nrule->setupOrig("service nat rule $rule");
  next if defined $nrule->{_disable};
  my $ntype = $nrule->orig_type(); 
  print RENDER "  <row>\n";
  print RENDER "    <rule_num>$rule</rule_num>\n";
  my $pkts = shift @{$stats{$ntype}};
  my $bytes = shift @{$stats{$ntype}};
  print RENDER "    <pkts>$pkts</pkts>\n";
  print RENDER "    <bytes>$bytes</bytes>\n";
  $nrule->outputXml(*RENDER{IO}); 
  print RENDER "  </row>\n";
}

# end 
print RENDER "</format></opcommand>\n";

close RENDER;
exit 0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 02:26:29 +0000