FW: lug-bg: sledene na traffic , slagane na ogranichenie i etc ..
- Subject: FW: lug-bg: sledene na traffic , slagane na ogranichenie i etc ..
- From: bkrosnov@xxxxxxxx (Boyan Krosnov)
- Date: Wed, 27 Mar 2002 12:05:58 +0200
poradi nqkakwa prichina towa ne mina pyrwiq pyt
-----Original Message-----
From: Boyan Krosnov
Sent: Wednesday, March 27, 2002 11:28 AM
To: 'lug-bg@xxxxxxxxxxxxxxxxxx'
Subject: RE: lug-bg: sledene na traffic , slagane na ogranichenie i etc
..
parcheta ot raboteshta sistema....
==================
boyan:/localstuff/minute# cat minute
#!/bin/bash
cd /localstuff/minute
./collect
# cp data/bytes data/bytes-safe
./startstop >/dev/null 2>/dev/null
========================
boyan:/localstuff/minute# cat collect
#!/usr/bin/perl
use Fcntl ':flock'; # import LOCK_* constants
$BASEDIR="/localstuff/minute/";
%bytesin= ();
%bytesout= ();
ub warning($) {
my ($text)=@_;
open(FWARN,">".$BASEDIR."WARNING");
print FWARN $text,"\n";
print FWARN @acopy;
close(FWARN);
}
@b=`ipchains -L -vnx`;
system("ipchains -Z"); # za syjalenie sus segashnata wersiq na ipchains
ne se clearvat counterite s ipchains -L -Z
@acopy=@b;
foreach (@b) {
s/^\s+|\s+$//g;
next if ($_ eq "");
@a=split(/\s+/);
next if ($a[0] eq "pkts") ;
if ($a[0] eq "Chain") {
$currchain=$a[1];
next;
}
# noshtno namalenie
($sec,$min,$hour) = localtime(time);
if ($hour >=1 and $hour <=7) {
$a[1]/=4;
}
if ($currchain eq "u_a_in") {
$bytesout{$a[8]} += $a[1];
} elsif ($currchain eq "u_a_out") {
$bytesin{$a[9]} += $a[1];
} elsif ($currchain eq "i_a_in") {
$bytesin{"I"} += $a[1];
} elsif ($currchain eq "i_a_out") {
$bytesout{"I"} += $a[1];
}
}
open(F, "+< ".$BASEDIR."data/bytes" );
flock(F,LOCK_EX);
while (<F>) {
s/^\s+|\s+$//g;
@a=split(/\s+/);
$bytesin{$a[0]} += $a[1];
$bytesout{$a[0]} += $a[2];
}
truncate(F,0);
seek(F,0,0);
foreach $a (sort keys %bytesin) {
print F $a." ".$bytesin{$a}." ".$bytesout{$a}."\n";
}
flock(F,LOCK_UN);
close(F);
====================
startstop
#!/usr/bin/perl
use Fcntl ':flock'; # import LOCK_* constants
$basedir="/localstuff/minute/";
$filename=$basedir."data/userips";
die ("can\'t open $filename\n") unless open(F,$filename);
while (<F>) {
s/^\s+|\s+$//g;
$ip=$_;
$ips{$ip}=1;
}
close(F);
$filename=$basedir."data/limits";
die ("can\'t open $filename\n") unless open(F,$filename);
while (<F>) {
s/^\s+|\s+$//g;
($ip,$limit)=split(/\s+/);
$limit{$ip}=$limit*1024*1024;
}
close(F);
$filename="ipchains -L u_a_in -vnx |";
open(F,$filename);
$dummy=<F>; $dummy=<F>;
while (<F>) {
s/^\s+|\s+$//g;
@a=split(/\s+/);
$online{$a[8]}=1;
}
close(F);
$filename=$basedir."data/bytes";
die ("can\'t open $filename\n") unless open(F,$filename);
flock(F,LOCK_SH);
while (<F>) {
s/^\s+|\s+$//g;
($ip,$bytesin,$bytesout)=split(/\s+/);
$bytesin{$ip}=$bytesin;
$bytesout{$ip}=$bytesout;
}
flock(F,LOCK_UN);
close(F);
$filename=$basedir."data/stopped";
die ("can\'t open $filename\n") unless open(F,$filename);
while (<F>) {
s/^\s+|\s+$//g;
$stopped{$_}="1";
}
close(F);
$filename=$basedir."log";
die ("can\'t open $filename\n") unless open(F,">>".$filename);
foreach $ip (keys %ips) {
if ($bytesin{$ip}+$bytesout{$ip}>=$limit{$ip} || $stopped{$ip}) { #
twa trqbwa da e >= zadyljitelno
#over limit ili se e sprql
if (exists $online{$ip}) {
system("ipchains -D u_access -s $ip -j RETURN");
system("ipchains -D u_a_in -s $ip");
system("ipchains -D u_a_out -d $ip");
print F (scalar(localtime()),": ip $ip stopped i/o/l
:$bytesin{$ip}/$bytesout{$ip}/$limit{$ip}\n");
}
} else {
#under limit
unless (exists $online{$ip}) {
system("ipchains -I u_access -s $ip -j RETURN");
system("ipchains -I u_a_in -s $ip");
system("ipchains -I u_a_out -d $ip");
print F (scalar(localtime()),": ip $ip started i/o/l
:$bytesin{$ip}/$bytesout{$ip}/$limit{$ip}\n");
}
}
}
close(F);
==================================
u_access e chain kojto RETURN-wa ako usera ot kojto idwa paketa mu e
pozwoleno
u_a_in sybira statistiki za trafik kym usera
u_a_out sybira statistiki za trafik ot usera
==================================
#########################
######## BRG0 #########
#########################
echo brg0_in
# BROADCAST
$ipchains -A brg0_in -p udp -d $local_broadcast -j ACCEPT ; #
wsqkakwi UDP lokalni broadcasti (DHCP i windowski bozi)
$ipchains -A brg0_in -d $brg0bcast -j ACCEPT ; #
directed broadcast
#LOCAL SERVICES
$ipchains -A brg0_in -p tcp -d $brg0 1080 -j u_access ; # za da
polzwa socks trqbwa da ima pusnat internet
$ipchains -A brg0_in -p tcp -d $brg0 53 -j u_a_in ; #
accountwame lokalnite servici
$ipchains -A brg0_in -p udp -d $brg0 53 -j u_a_in
$ipchains -A brg0_in -p tcp -d $brg0 1080 -j u_a_in
$ipchains -A brg0_in -d $brg0 -j ACCEPT ; # i go
acceptwame
# STUD NET
$ipchains -A brg0_in -j local_ok
# INTERNET
$ipchains -A brg0_in -j u_access ; # prowerqwame
dali usera ima internet
$ipchains -A brg0_in -j u_a_in ; # ako ima
accountwame
$ipchains -A brg0_in -j ACCEPT ; # i go
puskame
echo brg0_out
# LOCAL
$ipchains -A brg0_out -p tcp -s $brg0 53 -j u_a_out ; #
accountwame lokalnite service-i
$ipchains -A brg0_out -p udp -s $brg0 53 -j u_a_out
$ipchains -A brg0_out -p tcp -s $brg0 1080 -j u_a_out
$ipchains -A brg0_out -s $brg0 -j ACCEPT
# STUD NET
$ipchains -A brg0_out -j local_ok
# INTERNET
$ipchains -A brg0_out -j u_a_out
$ipchains -A brg0_out -j ACCEPT
=================
wse parcheta to syshtata raboteshta sistema.
minute se startira na wsqka minuta i puska collect, posle startstop
collect sybira ot u_a_in i u_a_out traficite i gi nabutwa wyw filecheto
bytes
startstop srawnqwa chislata w bytes s tezi w limits i ako e naprawil
poweche trafik go maha ot u_access, u_a_in i u_a_out chainowete, ako li
pyk e pod gi dobawq w chainowete.
sytemata e pisana predi blizo dwe godini i leko upgradewana prez
wremeto.
moite dwa euro-centa.
BR,
Boyan
P.S. towa e pyrwiq pyt w kojto publikuwam izobshto neshto ot twa
softwareche taka che e redno da otbeleja - code-a po-gore ne e
public-domain, a GPL, s drugi dumi ako prawite neshto bazirano na nego
ste zadyljeni (moralno i legalno) da predostawite i washiq software pod
GPL licenza.
> -----Original Message-----
> From: Atanas Vlasakiev [mailto:sup3r@xxxxxxx]
> Sent: Tuesday, March 26, 2002 10:37 PM
> To: lug-bg@xxxxxxxxxxxxxxxxxx
> Subject: lug-bg: sledene na traffic , slagane na ogranichenie i etc ..
>
>
>
> Zdraveite grupa !
> Znachi v edna localna mreja puskam internet. Kato edno pc ot
> mrejata igrae rolqta na router4e. Izpolzvam slack 8 kernel
> 2.2.19 s ipchains
> maskiram tezi koito shte imat internet.V momenta merq
> traffica na vseki
> sas edna programka "ipac" no kak da si napravq primerno na
> daden user da
> ima 500mb ili 600mb ili kolkoto iskam i sled kato si izcherpi tozi
> traffic vednaga internet-a da my spre, no da moje da otvarq
> edin site
> kym koito e free i ne se ot4ita traffic.
> Molq nqkoi koito polzva podobno neshto da mi prati shte sym my mnogo
> zadyljen..Sas sigornost ima v grupata hora koito imat podobni neshta
> koito sa si gi pravili ..no da vidim dali shte gi dadyt:))
> -=Atanas Vlasakiev=-
> -=Sup3R=-
> icq# 25942226
> __________________________________
> 12MB-POP3-WAP-SMS---TOBA-E-mail.bG
> ----------------------------------
>
> " Ako uckame u Bue agpec B mail.bg
> ugeme myk: http://www.mail.bg/new/ "
>
> ==============================================================
> =============
> A mail-list of Linux Users Group - Bulgaria (bulgarian
> linuxers) http://www.linux-bulgaria.org/ Hosted by Internet
> Group Ltd. - Stara Zagora
>
>
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|