1#!/usr/local/bin/perl
2#
3# $view{view_name} = \( descr, pre_filter, %class, %counters )
4# .[0] ��������
5# .[1] ��������� ���������� � view
6# .[2] ��������� ������������� �������
7# .[3] ���� ���������� �������;
8# .[4] ��������� ������ �������
9# .[5] ��������� ������� �������
10#
11# $counters{c_time}= \%data	# ������������� ������ $data{'classname'}= value;
12#
13# %data{class_name} = value;	# ��������������� �����
14#
15use Cflow qw(:flowvars :tcpflags :icmptypes :icmpcodes 1.041);
16#
17@hosts_files =	   ("/etc/hosts");
18@protocols_files = ("/etc/protocols");
19@services_files =  ("/etc/services");
20@asns_files =	   ("/usr/local/share/flow-tools/asn");
21#----------------------------------------------------------------
22# views filters
23#----------------------------------------------------------------
24sub all_out_filter {
25    #  direction - outside ( outif=3 FastEthernet0/1)
26    if ( $Cflow::exporterip eq "1.2.3.1"  &&
27         $Cflow::output_if == 3 ) { return 1; }
28    #  direction - outside (  outif=14 Serial0.1 )
29    #  direction - outside (  outif=15 Serial0.2 )
30    if ( $Cflow::exporterip eq "1.2.3.2" &&
31         ( $Cflow::output_if == 9 || $Cflow::output_if == 16 || $Cflow::output_if == 15 ) ) { return 1; }
32    #  direction - outside ( outif=2, Serial0/0 )
33    if ( $Cflow::exporterip eq "1.2.3.3" &&
34         $Cflow::output_if == 2 || $Cflow::output_if == 4 ) { return 1; }
35    return 0;
36}
37sub all_in_filter {
38    #  direction - outside ( outif=3 FastEthernet0/1)
39    if ( $Cflow::exporterip eq "1.2.3.1"  &&
40         $Cflow::input_if == 3 ) { return 1; }
41    #  direction - outside (  outif=14 Serial0.1 )
42    #  direction - outside (  outif=15 Serial0.2 )
43    if ( $Cflow::exporterip eq "1.2.3.2" &&
44         ( $Cflow::input_if == 9 || $Cflow::input_if == 16 || $Cflow::input_if == 15 ) ) { return 1; }
45    #  direction - outside ( outif=2, Serial0/0 )
46    if ( $Cflow::exporterip eq "1.2.3.3" &&
47         $Cflow::input_if == 2 || $Cflow::input_if == 4 ) { return 1; }
48    return 0;
49}
50#----------------------------------------------------------------
51# classes filters
52#----------------------------------------------------------------
53sub FormatFlow {
54    $p=$Cflow::protocol;
55    $snm=$Cflow::srcip;
56    if ( defined $hosts{$snm}) { $snm=$hosts{$snm}; }
57    $dnm=$Cflow::dstip;
58    if ( defined $hosts{$dnm}) { $dnm=$hosts{$dnm}; }
59
60    if ( $p==6 || $p==17 ) {
61	$sp=$Cflow::srcport;
62	$dp=$Cflow::dstport;
63         if ($p==6 ) {
64	    $p= "tcp";
65	    if ( defined $tcp_services{$sp}) { $sp=$tcp_services{$sp}; }
66	    if ( defined $tcp_services{$dp}) { $dp=$tcp_services{$dp}; }
67	 } else {
68	    $p="udp";
69	    if ( defined $udp_services{$sp}) { $sp=$udp_services{$sp}; }
70	    if ( defined $udp_services{$dp}) { $dp=$udp_services{$dp}; }
71	 };
72	return "$p $snm:$sp $dnm:$dp";
73    } elsif  ( $p==1 ) {
74	$icp = get_icmp_typecode($Cflow::dstport);
75    	return "icmp $snm $dnm..$icp";
76    }
77    if (defined $protocols{$p}) { $p=$protocols{$p}; }
78    return "$p $snm $dnm";
79};
80#
81undef %view;
82#
83sub no_filter { return 1;}
84sub classify_by_srcip { return $Cflow::srcip;  }
85sub classify_by_dstip { return $Cflow::dstip;  }
86sub classify_by_srcas { return $Cflow::src_as; }
87sub classify_by_dstas { return $Cflow::dst_as; }
88sub classify_by_flow  { return &FormatFlow;    }
89#
90sub myPrintFlow {
91    $f = &FormatFlow;
92     return "$Cflow::dst_as $f $Cflow::bytes $Cflow::pkts\r\n";
93} # �������� AS ����������, �����, ���-�� ���� � ������� � ������.
94#
95@{$view{total_output_by_as}} = ( "OutPut traffic by dst AS ",  # �������� view ( ���� ������ )
96    \&all_out_filter,		  # ��������� - ������ ��� view
97    \&classify_by_dstas,      # view classifier
98    11,                           # ����� top �������
99    \&myPrintFlow,		  # ��������� ������ �������
100    "dst_AS protocol src_addr:src_port dst_addr:dst_port bytes packets"
101);
102#
103
104