summaryrefslogtreecommitdiff
path: root/src/op_mode/flow_accounting_op.py
blob: a39eaf871cf69520f8c728f0102df491b01fa972 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
#!/usr/bin/env python3
#
# Copyright (C) 2018 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

import sys
import argparse
import re
import ipaddress
import subprocess
import os.path
from tabulate import tabulate

# some default values
uacctd_pidfile = '/var/run/uacctd.pid'
uacctd_pipefile = '/tmp/uacctd.pipe'


# check if ports argument have correct format
def _is_ports(ports):
    # define regex for checking
    regex_filter = re.compile('^(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])$|^(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])-(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])$|^((\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]),)+(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])$')
    if not regex_filter.search(ports):
        raise argparse.ArgumentTypeError("Invalid ports: {}".format(ports))

    # check which type nitation is used: single port, ports list, ports range
    # single port
    regex_filter = re.compile('^(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])$')
    if regex_filter.search(ports):
        filter_ports = { 'type': 'single', 'value': int(ports) }

    # ports list
    regex_filter = re.compile('^((\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5]),)+(\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])')
    if regex_filter.search(ports):
        filter_ports = { 'type': 'list', 'value': list(map(int, ports.split(','))) }

    # ports range
    regex_filter = re.compile('^(?P<first>\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])-(?P<second>\d|[1-9]\d{1,3}|[1-5]\d{4}|6[0-4]\d{3}|65[0-4]\d{2}|655[0-2]\d|6553[0-5])$')
    if regex_filter.search(ports):
        # check if second number is greater than the first
        if int(regex_filter.search(ports).group('first')) >= int(regex_filter.search(ports).group('second')):
            raise argparse.ArgumentTypeError("Invalid ports: {}".format(ports))
        filter_ports = { 'type': 'range', 'value': range(int(regex_filter.search(ports).group('first')), int(regex_filter.search(ports).group('second'))) }

    # if all above failed
    if not filter_ports:
        raise argparse.ArgumentTypeError("Failed to parse: {}".format(ports))
    else:
        return filter_ports

# check if host argument have correct format
def _is_host(host):
    # define regex for checking
    if not ipaddress.ip_address(host):
        raise argparse.ArgumentTypeError("Invalid host: {}".format(host))
    return host

# check if flow-accounting running
def _uacctd_running():
    command = "/usr/bin/sudo /bin/systemctl status uacctd > /dev/null"
    return_code = subprocess.call(command, shell=True)
    if not return_code == 0:
        return False

    # return True if all checks were passed
    return True

# get list of interfaces
def _get_ifaces_dict():
    # run command to get ifaces list
    command = "/bin/ip link show"
    process = subprocess.Popen(command.split(' '), stdout=subprocess.PIPE, universal_newlines=True)
    stdout, stderr = process.communicate()
    if not process.returncode == 0:
        print("Failed to get interfaces list: command \"{}\" returned exit code: {}".format(command, process.returncode))
        sys.exit(1)

    # read output
    ifaces_out = stdout.splitlines()

    # make a dictionary with interfaces and indexes
    ifaces_dict = {}
    regex_filter = re.compile('^(?P<iface_index>\d+):\ (?P<iface_name>[\w\d\.]+)[:@].*$')
    for iface_line in ifaces_out:
        if regex_filter.search(iface_line):
            ifaces_dict[int(regex_filter.search(iface_line).group('iface_index'))] = regex_filter.search(iface_line).group('iface_name')

    # return dictioanry
    return ifaces_dict

# get list of flows
def _get_flows_list():
    # run command to get flows list
    command = "/usr/bin/pmacct -s -O json -T flows -p {}".format(uacctd_pipefile)
    process = subprocess.Popen(command.split(' '), stdout=subprocess.PIPE, universal_newlines=True)
    stdout, stderr = process.communicate()
    if not process.returncode == 0:
        print("Failed to get flows list: command \"{}\" returned exit code: {}\nError: {}".format(command, process.returncode, stderr))
        sys.exit(1)

    # read output
    flows_out = stdout.splitlines()

    # make a list with flows
    flows_list = []
    for flow_line in flows_out:
        flows_list.append(eval(flow_line))

    # return list of flows
    return flows_list

# filter and format flows
def _flows_filter(flows, ifaces):
    # predefine filtered flows list
    flows_filtered = []

    # add interface names to flows
    for flow in flows:
        if flow['iface_in'] in ifaces:
            flow['iface_in_name'] = ifaces[flow['iface_in']]
        else:
            flow['iface_in_name'] = 'unknown'

    # iterate through flows list
    for flow in flows:
        # filter by interface
        if cmd_args.interface:
            if flow['iface_in_name'] != cmd_args.interface:
                continue
        # filter by host
        if cmd_args.host:
            if flow['ip_src'] != cmd_args.host and flow['ip_dst'] != cmd_args.host:
                continue
        # filter by ports
        if cmd_args.ports:
            if cmd_args.ports['type'] == 'single':
                if flow['port_src'] != cmd_args.ports['value'] and flow['port_dst'] != cmd_args.ports['value']:
                    continue
            else:
                if flow['port_src'] not in cmd_args.ports['value'] and flow['port_dst'] not in cmd_args.ports['value']:
                    continue
        # add filtered flows to new list
        flows_filtered.append(flow)

        # stop adding if we already reached top count
        if cmd_args.top:
            if len(flows_filtered) == cmd_args.top:
                break

    # return filtered flows
    return flows_filtered

# print flow table
def _flows_table_print(flows):
    #define headers and body
    table_headers = [ 'IN_IFACE', 'SRC_MAC', 'DST_MAC', 'SRC_IP', 'DST_IP', 'SRC_PORT', 'DST_PORT', 'PROTOCOL', 'TOS', 'PACKETS', 'FLOWS', 'BYTES' ]
    table_body = []
    # convert flows to list
    for flow in flows:
        table_body.append([flow['iface_in_name'], flow['mac_src'], flow['mac_dst'], flow['ip_src'], flow['ip_dst'], flow['port_src'], flow['port_dst'], flow['ip_proto'], flow['tos'], flow['packets'], flow['flows'], flow['bytes'] ])
    # configure and fill table
    table = tabulate(table_body, table_headers, tablefmt="simple")

    # print formatted table
    try:
        print(table)
    except IOError:
        sys.exit(0)
    except KeyboardInterrupt:
        sys.exit(0)

# check if in-memory table is active
def _check_imt():
    if not os.path.exists(uacctd_pipefile):
        print("In-memory table is not available")
        sys.exit(1)

# define program arguments
cmd_args_parser = argparse.ArgumentParser(description='show flow-accounting')
cmd_args_parser.add_argument('--action', choices=['show', 'clear', 'restart'], required=True, help='command to flow-accounting daemon')
cmd_args_parser.add_argument('--filter', choices=['interface', 'host', 'ports', 'top'], required=False,  nargs='*', help='filter flows to display')
cmd_args_parser.add_argument('--interface', required=False, help='interface name for output filtration')
cmd_args_parser.add_argument('--host', type=_is_host, required=False, help='host address for output filtration')
cmd_args_parser.add_argument('--ports', type=_is_ports, required=False, help='ports number for output filtration')
cmd_args_parser.add_argument('--top', type=int, required=False, help='top records for output filtration')
# parse arguments
cmd_args = cmd_args_parser.parse_args()


# main logic
# do nothing if uacctd daemon is not running
if not _uacctd_running():
    print("flow-accounting is not active")
    sys.exit(1)

# restart pmacct daemon
if cmd_args.action == 'restart':
    # run command to restart flow-accounting
    command = '/usr/bin/sudo /bin/systemctl restart uacctd'
    return_code = subprocess.call(command.split(' '))
    if not return_code == 0:
        print("Failed to restart flow-accounting: command \"{}\" returned exit code: {}".format(command, return_code))
        sys.exit(1)

# clear in-memory collected flows
if cmd_args.action == 'clear':
    _check_imt()
    # run command to clear flows
    command = "/usr/bin/pmacct -e -p {}".format(uacctd_pipefile)
    return_code = subprocess.call(command.split(' '))
    if not return_code == 0:
        print("Failed to clear flows: command \"{}\" returned exit code: {}".format(command, return_code))
        sys.exit(1)

# show table with flows
if cmd_args.action == 'show':
    _check_imt()
    # get interfaces index and names
    ifaces_dict = _get_ifaces_dict()
    # get flows
    flows_list = _get_flows_list()

    # filter and format flows
    tabledata = _flows_filter(flows_list, ifaces_dict)

    # print flows
    _flows_table_print(tabledata)

sys.exit(0)