From owner-freebsd-hackers Tue Mar 7 6:23:27 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from mailbox.reptiles.org (mailbox.reptiles.org [198.96.117.155]) by hub.freebsd.org (Postfix) with ESMTP id 8483B37B92E; Tue, 7 Mar 2000 06:23:16 -0800 (PST) (envelope-from jim@reptiles.org) Received: from localhost (5991 bytes) by mailbox.reptiles.org via sendmail with P:stdio/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) (ident using unix) id for ; Tue, 7 Mar 2000 09:22:53 -0500 (EST) (Smail-3.2.0.108 1999-Sep-19 #3 built 1999-Oct-27) Date: Tue, 7 Mar 2000 09:22:53 -0500 From: Jim Mercer To: ucd-snmp@ucd-snmp.ucdavis.edu, hackers@freebsd.org Cc: gpalmer@freebsd.org Subject: ipfw module for ucd-snmp and FreeBSD Message-ID: <20000307092252.E606@reptiles.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG here is a module that compiles into the ucd-snmp agent which allows access to a (at this time) limited selection of the data for all the ipfw rules. it can be fetched from: ftp://ftp.reptiles.org/pub/FreeBSD/other/ucdipfw-0.1.tar.gz here is the attached readme: ucd-snmp support for IPFW rules (as per FreeBSD) this module creates SNMP table access to the IPFW rules in two ways: ucdIPFWMIB.IPFWRules - meant to contain the actual text rules ucdIPFWMIB.IPFWTable - meant to contain the individual items in a rule the tables are indexed by the IPFW fw_number. see the attached snmptranslate for the currently implemented fields. i think the code is done reasonably well enough that adding more fields shouldn't be too hard. installing: - copy the UCD-IPFW-MIB.txt file to the location of your other MIB files - reconfigure and build ucd-snmp-4.1.1 with --with-mib-modules="misc/ipfw" - install new agent (snmpd) - restart snmpd caveats: - only tested on FreeBSD 3.4 - will need #ifdefs for other systems/versions - only handles a subset of the IPFW data (feel free to expand it) - for some reason COUNTER64 does not appear to be working in ucd-snmp, so the packet and byte counts are returned as strings. - there are tricky bits(tm) in the code which are likely not portable - added bytes32 and packets32, as 32 bit representations of the IPFW 64 bit values test the MIB as follows: host$ snmptranslate -M+. -mUCD-IPFW-MIB -Tp -IR ucdExperimental +--ucdExperimental(13) | +--ucdIPFWMIB(16) | +--IPFWRules(1) | | | +--IPFWRuleEntry(1) | | | +-- -R-- Integer Rulenum(1) | | Range: 0..65535 | +-- -R-- String Rule(2) | Textual Convention: DisplayString | Size: 0..255 | +--IPFWTable(2) | +--IPFWEntry(1) | +-- -R-- Integer Rulenum(1) | Range: 0..65535 +-- -R-- Integer TimeStamp(2) +-- -R-- String Bytes(3) | Textual Convention: DisplayString | Size: 0..255 +-- -R-- String Packets(4) | Textual Convention: DisplayString | Size: 0..255 +-- -R-- Counter Bytes32(5) +-- -R-- Counter Packets32(6) | +--SrcAddr(7) | +--SrcMask(8) | +--DstAddr(9) | +--DstMask(10) host$ snmptable localhost public enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWRules SNMP table: enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWRules.IPFWRuleEntry Rulenum Rule 100 output something like rule # (100) 200 output something like rule # (200) 300 output something like rule # (300) 400 output something like rule # (400) 65535 output something like rule # (65535) host$ snmptable localhost public enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWTable SNMP table: enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWTable.IPFWEntry Rulenum TimeStamp Bytes Packets SrcAddr SrcMask DstAddr DstMask 100 952361308 2089716268 6226536 0.0.0.0 0.0.0.0 198.96.117.32 255.255.255.240 200 952361308 3042231453 5781932 198.96.117.32 255.255.255.240 0.0.0.0 0.0.0.0 300 952361308 6348810543 42513136 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 400 952361308 17290068060 51863613 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 65535 952361308 37315413311 161421128 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 host$ snmpget localhost public enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWRules.IPFWRuleEntry.Rulenum.100 enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWRules.IPFWRuleEntry.Rulenum.100 = 100 host$ snmpget localhost public enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWRules.IPFWRuleEntry.Rule.100 enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWRules.IPFWRuleEntry.Rule.100 = output something like rule # (100) host$ snmpget localhost public enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWTable.IPFWEntry.Rulenum.100 enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWTable.IPFWEntry.Rulenum.100 = 100 host$ snmpget localhost public enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWTable.IPFWEntry.Bytes.100 enterprises.ucdavis.ucdExperimental.ucdIPFWMIB.IPFWTable.IPFWEntry.Bytes.100 = 2091614459 using it with MRTG: i added two rules to ipfw: add 65000 count icmp from any to any in via de0 add 65001 count icmp from any to any out via de0 then used this config: Target[hostname-icmp-de0]: .1.3.6.1.4.1.2021.13.16.2.1.5.65000& .1.3.6.1.4.1.2021.13.16.2.1.5.65001 :public@hostname Title[hostname-icmp-de0]: hostname.reptiles.org (ICMP): de0 MaxBytes[hostname-icmp-de0]: 12500000 Options[hostname-icmp-de0]: bits PageTop[hostname-icmp-de0]:

ICMP Analysis for de0

System:hostname.reptiles.org
Interface:de0 (2)
-- [ Jim Mercer jim@reptiles.org +1 416 506-0654 ] [ Reptilian Research -- Longer Life through Colder Blood ] [ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message