################################################## # Formatting functions for efficiency report ################################################## _LABELW=34 OUTFORM="%-34s : %8d %8d %8d %'15d\n" TOTFORM="%34s » %8d %8d %8d %'15d\n" DETFORM="%34s . %8d %8d %8d %'15d\n" COLFORM="%34s | %8s %8s %8s %15s\n" # Draw a section headline # $1 headline text # $2 character for line headline() { local funtag="[${FUNCNAME[0]}]" local total=60 awk -v text="$1" -v tot_width=$total -v char="$2" ' BEGIN { prefixlen=5 for (i=1; i<=prefixlen; i++) { prefix = prefix char } strlen = length(text); suffixlen = tot_width - length(prefix) - strlen - 1; # "- 2" für die Leerzeichen if (suffixlen < 0) suffixlen = 0; suffix = sprintf("%*s", suffixlen, ""); # Generiere leerzeichen-basiertes Padding gsub(" ", char, suffix); # Ersetze Leerzeichen mit "-" print "" print prefix " " text " " suffix; }' } # Draw a simple separation line # $1 character for line sepline() { local funtag="[${FUNCNAME[0]}]" local total=79 awk -v tot_width=$total -v char="$1" ' BEGIN { for (i=1; i<=tot_width; i++) { line = line char } print line; }' } # Print a section headline sec_headline() { # $1 Section name # $2 character to use local funtag="[${FUNCNAME[0]}]" local total=53 awk -v text="$1" -v tot_width=$total -v char="$2" ' BEGIN { prefixlen=5 for (i=1; i<=prefixlen; i++) { prefix = prefix char } strlen = length(text); suffixlen = tot_width - length(prefix) - strlen - 1; # "- 2" für die Leerzeichen if (suffixlen < 0) suffixlen = 0; suffix = sprintf("%*s", suffixlen, ""); # Generiere leerzeichen-basiertes Padding gsub(" ", char, suffix); # Ersetze Leerzeichen mit "-" print "" print prefix " " text " " suffix; }' } ################################################################################ # Caculation helpers ################################################################################ # # Cummulate packets from legal access taken from the WATCGCNT chain cummulate_passed_connections() { local funtag="[${FUNCNAME[0]}]" local report awk ' BEGIN { sum=0 } /(tcp dpt:)/ { sum += $1 } END { print sum } ' <<< $(iptables -vnL WATCHCNT) } cummulate_passthru_connections() { local funtag="[${FUNCNAME[0]}]" local report awk ' BEGIN { packets=0 } /^[1-9]/ { # Extract packet count ... match($0, /packets ([0-9]+)/, tmp) packets += tmp[1] } END { print packets } ' <<< $(ipset l passthru) } # Get a unique jump target (DROP, ACCEPT, ...) # for a [table, chain, ipset name] combo get_jump_target() { # $1 the table (raw, mangle, filter) # $2 the chain # $3 the ipset name local funtag="[${FUNCNAME[0]}]" iptables -t "$1" -vxnL "$2" |\ awk -v ipsetname="$3" ' $0 ~ "match-set[[:space:]]+" ipsetname "([[:space:]]|$)" { print $3 } ' } # Get a unique jump target (DROP, ACCEPT, ...) # for a [table, chain, ipset name] combo get_set_conditions() { # $1 the table (raw, mangle, filter) # $2 the chain # $3 the ipset name local funtag="[${FUNCNAME[0]}]" # Return a tuple of (packets, bytes, jump-target) iptables -t "$1" -vxnL "$2" |\ awk -v ipsetname="$3" ' $0 ~ "match-set[[:space:]]+" ipsetname "([[:space:]]|$)" { print $1,$2,$3 } ' } # vim: set filetype=sh noexpandtab tabstop=8 shiftwidth=8 autoindent smartindent :