Halaman utama Jelajahi Bantuan
Masuk
rajven
/
Eye
cermin dari https://github.com/rajven/Eye
1
0
Fork 0
Berkas Masalah 0 Wiki
Pohon: 4de614f019
Ranting Tag
Eye
/
scripts
/
eye-statd.pl

eye-statd.pl 19 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587 
  1. #!/usr/bin/perl -w
    2. 

  2. 

  3. use utf8;
    4. 

  4. use open ":encoding(utf8)";
    5. 

  5. use English;
    6. 

  6. use base;
    7. 

  7. use FindBin '$Bin';
    8. 

  8. use lib "/opt/Eye/scripts";
    9. 

  9. use strict;
    10. 

  10. use DBI;
    11. 

  11. use Time::Local;
    12. 

  12. use Net::Patricia;
    13. 

  13. use Data::Dumper;
    14. 

  14. use Date::Parse;
    15. 

  15. use DateTime;
    16. 

  16. use eyelib::config;
    17. 

  17. use eyelib::main;
    18. 

  18. use eyelib::net_utils;
    19. 

  19. use eyelib::mysql;
    20. 

  20. use Socket qw(AF_INET6 inet_ntop);
    21. 

  21. use IO::Socket;
    22. 

  22. use Data::Dumper;
    23. 

  23. 

  24. $debug = 1;
    25. 

  25. 

  26. my @router_ref = ();
    27. 

  27. my @interfaces = ();
    28. 

  28. 

  29. my %router_svi;
    30. 

  30. my %routers;
    31. 

  31. my %wan_dev;
    32. 

  32. my %lan_dev;
    33. 

  33. 

  34. my @traffic = ();
    35. 

  35. 

  36. #user statistics for cached data
    37. 

  37. my %user_stats;
    38. 

  38. 

  39. my $MAXREAD = 9216;
    40. 

  40. 

  41. my $childrunning = 0;
    42. 

  42. 

  43. my $fork_count = $cpu_count*10;
    44. 

  44. 

  45. my $timeshift = get_option($dbh,55)*60;
    46. 

  46. 

  47. #save traffic to DB
    48. 

  48. my $traf_lastflush = time();
    49. 

  49. 

  50. # NetFlow
    51. 

  51. my $server_port = 2055;
    52. 

  52. my $netflow5_header_len = 24;
    53. 

  53. my $netflow5_flowrec_len = 48;
    54. 

  54. my $netflow9_header_len = 20;
    55. 

  55. my $netflow9_templates = {};
    56. 

  56. 

  57. # reap dead children
    58. 

  58. $SIG{CHLD} = \&REAPER;
    59. 

  59. $SIG{TERM} = \&TERM;
    60. 

  60. $SIG{INT} = \&TERM;
    61. 

  61. $SIG{HUP} = \&INIT;
    62. 

  62. 

  63. sub REAPER {
    64. 

  64. 	wait;
    65. 

  65. 	$childrunning = 0;
    66. 

  66. 	$SIG{CHLD} = \&REAPER;
    67. 

  67. }
    68. 

  68. 

  69. sub TERM {
    70. 

  70. 	print "SIGTERM received\n";
    71. 

  71. 	flush_traffic(1);
    72. 

  72. 	while (wait() != -1) {}
    73. 

  73. 	exit 0;
    74. 

  74. }
    75. 

  75. 

  76. sub INIT {
    77. 

  77. 

  78. # Create new database handle. If we can't connect, die()
    79. 

  79. my $hdb = DBI->connect("dbi:mysql:database=$DBNAME;host=$DBHOST","$DBUSER","$DBPASS");
    80. 

  80. if ( !defined $hdb ) { die "Cannot connect to mySQL server: $DBI::errstr\n"; }
    81. 

  81. 

  82. InitSubnets();
    83. 

  83. 

  84. init_option($hdb);
    85. 

  85. 

  86. $timeshift = get_option($dbh,55)*60;
    87. 

  87. 

  88. @router_ref = get_records_sql($hdb,"SELECT * FROM devices WHERE deleted=0 AND device_type=2 AND snmp_version>0 ORDER by ip" );
    89. 

  89. @interfaces = get_records_sql($hdb,"SELECT * FROM `device_l3_interfaces` ORDER by device_id" );
    90. 

  90. 

  91. #router device_id by known device ip
    92. 

  92. foreach my $row (@router_ref) {
    93. 

  93.     $routers{$row->{id}}=$row;
    94. 

  94.     my @auth_list = get_records_sql($hdb,"SELECT ip FROM User_auth WHERE deleted=0 AND user_id=".$row->{user_id});
    95. 

  95.     foreach my $auth (@auth_list) {
    96. 

  96. 	$router_svi{$auth->{ip}}=$row->{id};
    97. 

  97. 	}
    98. 

  98.     }
    99. 

  99. 

  100. #snmp index for WAN/LAN interface by device id
    101. 

  101. foreach my $row (@interfaces) {
    102. 

  102.     if ($row->{interface_type}) { $wan_dev{$row->{device_id}}{$row->{snmpin}}=1; } else { $lan_dev{$row->{device_id}}{$row->{snmpin}}=1; }
    103. 

  103.     }
    104. 

  104. 

  105. #get userid list
    106. 

  106. my @auth_list_ref = get_records_sql($dbh,"SELECT id,ip,save_traf FROM User_auth where deleted=0 ORDER by id");
    107. 

  107. 

  108. foreach my $row (@auth_list_ref) {
    109. 

  109.     $user_stats{$row->{ip}}{auth_id}=$row->{id};
    110. 

  110.     $user_stats{$row->{ip}}{save_traf}=$row->{save_traf};
    111. 

  111.     }
    112. 

  112. $hdb->disconnect();
    113. 

  113. }
    114. 

  114. 

  115. ############### MAIN ##########################
    116. 

  116. 

  117. #close default database
    118. 

  118. $dbh->disconnect();
    119. 

  119. 

  120. INIT();
    121. 

  121. 

  122. my $lsn_nflow;
    123. 

  123. my $sel = IO::Select->new();
    124. 

  124. 

  125. # prepare to listen for NetFlow UDP packets
    126. 

  126. if ($server_port > 0) {
    127. 

  127. 	$lsn_nflow = IO::Socket::INET->new(LocalPort => $server_port, Proto => "udp")
    128. 

  128. 		or die "Couldn't be a NetFlow UDP server on port $server_port : $@\n";
    129. 

  129. 	$sel->add($lsn_nflow);
    130. 

  130. }
    131. 

  131. 

  132. my ($him,$datagram,$flags);
    133. 

  133. 

  134. # main datagram receive loop
    135. 

  135. while (1) {
    136. 

  136. 	while (my @ready = $sel->can_read) {
    137. 

  137. 		foreach my $server (@ready) {
    138. 

  138. 			$him = $server->recv($datagram, $MAXREAD);
    139. 

  139. 			next if (!$him);
    140. 

  140. 			
    141. 

  141. 			my ($port, $ipaddr) = sockaddr_in($server->peername);
    142. 

  142. 			
    143. 

  143. 			if (defined($lsn_nflow) && $server == $lsn_nflow) {
    144. 

  144. 				my ($version) = unpack("n", $datagram);
    145. 

  145.                                 if ($version == 5) {
    146. 

  146.                                         parse_netflow_v5($datagram, $ipaddr);
    147. 

  147.                                 } elsif ($version == 9) {
    148. 

  148.                                         parse_netflow_v9($datagram, $ipaddr);
    149. 

  149.                                 } else {
    150. 

  150.                                         print "unknown NetFlow version: $version\n";
    151. 

  151.                                 }
    152. 

  152. 			}
    153. 

  153. 		}
    154. 

  154. 	}
    155. 

  155. }
    156. 

  156. 

  157. sub parse_netflow_v5 {
    158. 

  158.         my $datagram = shift;
    159. 

  159.         my $ipaddr = shift;
    160. 

  160. 

  161.         my ($version, $count, $sysuptime, $unix_secs, $unix_nsecs,
    162. 

  162.           $flow_sequence, $engine_type, $engine_id, $aggregation,
    163. 

  163.           $agg_version) = unpack("nnNNNNCCCC", $datagram);
    164. 

  164. 

  165.         my $flowrecs = substr($datagram, $netflow5_header_len);
    166. 

  166. 

  167. #0 - N 0-3	srcaddr	Source IP address
    168. 

  168. #1 - N 4-7	dstaddr	Destination IP address
    169. 

  169. #2 - N 8-11	nexthop	IP address of next hop router
    170. 

  170. #3 - n 12-13	input	SNMP index of input interface
    171. 

  171. #4 - n 14-15	output	SNMP index of output interface
    172. 

  172. #5 - N 16-19	dPkts	Packets in the flow
    173. 

  173. #6 - N 20-23	dOctets	Total number of Layer 3 bytes in the packets of the flow
    174. 

  174. #7 - N 24-27	First	SysUptime at start of flow
    175. 

  175. #8 - N 28-31	Last	SysUptime at the time the last packet of the flow was received
    176. 

  176. #9 - n 32-33	src_port	TCP/UDP source port number or equivalent
    177. 

  177. #10- n 34-35	dst_port	TCP/UDP destination port number or equivalent
    178. 

  178. #11- C 36	pad1	Unused (zero) byte
    179. 

  179. #12- C 37	tcp_flags	Cumulative OR of TCP flags
    180. 

  180. #13- C 38	prot	IP protocol type (for example, TCP = 6; UDP = 17)
    181. 

  181. #14- C 39	tos	IP type of service (ToS)
    182. 

  182. #15- n 40-41	src_as	Autonomous system number of the source, either origin or peer
    183. 

  183. #16- n 42-43	dst_as	Autonomous system number of the destination, either origin or peer
    184. 

  184. #17- C 44	src_mask	Source address prefix mask bits
    185. 

  185. #18- C 45	dst_mask	Destination address prefix mask bits
    186. 

  186. #19- n 46-47	pad2	Unused (zero) bytes
    187. 

  187. 

  188.         for (my $i = 0; $i < $count; $i++) {
    189. 

  189.                 my $flowrec = substr($datagram, $netflow5_header_len + ($i*$netflow5_flowrec_len), $netflow5_flowrec_len);
    190. 

  190.                 my @flowdata = unpack("NNNnnNNNNnnCCCCnnCCn", $flowrec);
    191. 

  191. 		my %flow;
    192. 

  192.                 $flow{src_ip} = join '.', unpack 'C4', pack 'N', $flowdata[0];
    193. 

  193.                 $flow{dst_ip} = join '.', unpack 'C4', pack 'N', $flowdata[1];
    194. 

  194. 		$flow{snmp_in} = $flowdata[3] || 0;
    195. 

  195. 		$flow{snmp_out} = $flowdata[4] || 0;
    196. 

  196. 		$flow{pkts} = $flowdata[5] || 0;
    197. 

  197. 		$flow{octets} = $flowdata[6] || 0;
    198. 

  198. 		$flow{src_port} = $flowdata[9] || 0;
    199. 

  199. 		$flow{dst_port} = $flowdata[10] || 0;
    200. 

  200. 		$flow{proto} = $flowdata[13] || 0;
    201. 

  201. 		$flow{xsrc_ip} = $flow{src_ip};
    202. 

  202. 		$flow{xdst_ip} = $flow{dst_ip};
    203. 

  203. 		$flow{starttime} = time();
    204. 

  204. 		$flow{netflow_v} = '5';
    205. 

  205. 		$flow{ipv} = '4';
    206. 

  206. 		save_flow($ipaddr, \%flow);
    207. 

  207.         }
    208. 

  208. }
    209. 

  209. 

  210. sub parse_netflow_v9 {
    211. 

  211. 	my $datagram = shift;
    212. 

  212. 	my $ipaddr = shift;
    213. 

  213. 	
    214. 

  214. 	# Parse packet
    215. 

  215. 	my ($version, $count, $sysuptime, $unix_secs, $seqno, $source_id, @flowsets) = unpack("nnNNNN(nnX4/a)*", $datagram);
    216. 

  216. 	
    217. 

  217. 	# Loop through FlowSets and take appropriate action
    218. 

  218. 	for (my $i = 0; $i < scalar @flowsets; $i += 2) {
    219. 

  219. 		my $flowsetid = $flowsets[$i];
    220. 

  220. 		my $flowsetdata = substr($flowsets[$i+1], 4);	# chop off id/length
    221. 

  221. 		if ($flowsetid == 0) {
    222. 

  222. 			# 0 = Template FlowSet
    223. 

  223. 			parse_netflow_v9_template_flowset($flowsetdata, $ipaddr, $source_id);
    224. 

  224. 		} elsif ($flowsetid == 1) {
    225. 

  225. 			# 1 - Options Template FlowSet
    226. 

  226. 		} elsif ($flowsetid > 255) {
    227. 

  227. 			# > 255: Data FlowSet
    228. 

  228. 			parse_netflow_v9_data_flowset($flowsetid, $flowsetdata, $ipaddr, $source_id);
    229. 

  229. 		} else {
    230. 

  230. 			# reserved FlowSet
    231. 

  231. 			print "Unknown FlowSet ID $flowsetid found\n";
    232. 

  232. 		}
    233. 

  233. 	}
    234. 

  234. }
    235. 

  235. 

  236. sub parse_netflow_v9_template_flowset {
    237. 

  237. 	my $templatedata = shift;
    238. 

  238. 	my $ipaddr = shift;
    239. 

  239. 	my $source_id = shift;
    240. 

  240. 	
    241. 

  241. 	# Note: there may be multiple templates in a Template FlowSet
    242. 

  242. 	
    243. 

  243. 	my @template_ints = unpack("n*", $templatedata);
    244. 

  244. 

  245. 	my $i = 0;
    246. 

  246. 	while ($i < scalar @template_ints) {
    247. 

  247. 		my $template_id = $template_ints[$i];
    248. 

  248. 		my $fldcount = $template_ints[$i+1];
    249. 

  249. 

  250. 		last if (!defined($template_id) || !defined($fldcount));
    251. 

  251. 

  252. 		print "Updated template ID $template_id (source ID $source_id, from " . inet_ntoa($ipaddr) . ")\n" if ($debug);
    253. 

  253. 		my $template = [@template_ints[($i+2) .. ($i+2+$fldcount*2-1)]];
    254. 

  254. 		$netflow9_templates->{$ipaddr}->{$source_id}->{$template_id}->{'template'} = $template;
    255. 

  255. 		
    256. 

  256. 		# Calculate total length of template data
    257. 

  257. 		my $totallen = 0;
    258. 

  258. 		for (my $j = 1; $j < scalar @$template; $j += 2) {
    259. 

  259. 			$totallen += $template->[$j];
    260. 

  260. 		}
    261. 

  261. 

  262. 		$netflow9_templates->{$ipaddr}->{$source_id}->{$template_id}->{'len'} = $totallen;
    263. 

  263. 

  264. 		$i += (2 + $fldcount*2);
    265. 

  265. 	}
    266. 

  266. }
    267. 

  267. 

  268. sub parse_netflow_v9_data_flowset {
    269. 

  269. 	my $flowsetid = shift;
    270. 

  270. 	my $flowsetdata = shift;
    271. 

  271. 	my $ipaddr = shift;
    272. 

  272. 	my $source_id = shift;
    273. 

  273. 	
    274. 

  274. 	my $template = $netflow9_templates->{$ipaddr}->{$source_id}->{$flowsetid}->{'template'};
    275. 

  275. 	if (!defined($template)) {
    276. 

  276. 		print "Template ID $flowsetid from $source_id/" . inet_ntoa($ipaddr) . " does not (yet) exist\n" if ($debug);
    277. 

  277. 		return;
    278. 

  278. 		}
    279. 

  279. 

  280. # Flowset record types
    281. 

  281. #define NF9_IN_BYTES            1
    282. 

  282. #define NF9_IN_PACKETS          2
    283. 

  283. #define NF9_IN_PROTOCOL         4
    284. 

  284. #define NF9_L4_SRC_PORT         7
    285. 

  285. #define NF9_IPV4_SRC_ADDR       8
    286. 

  286. #define NF9_INPUT_SNMP          10
    287. 

  287. #define NF9_L4_DST_PORT         11
    288. 

  288. #define NF9_IPV4_DST_ADDR       12
    289. 

  289. #define NF9_OUTPUT_SNMP         14
    290. 

  290. #define NF9_OUT_BYTES           23
    291. 

  291. #define NF9_OUT_PKTS            24
    292. 

  292. #define NF9_DIRECTION           61
    293. 

  293. #define NF_F_XLATE_SRC_ADDR_IPV4          225
    294. 

  294. #define NF_F_XLATE_DST_ADDR_IPV4          226
    295. 

  295. #define NF_F_XLATE_SRC_PORT               227
    296. 

  296. #define NF_F_XLATE_DST_PORT               228
    297. 

  297. #define NF9_IPV6_SRC_ADDR       27
    298. 

  298. #define NF9_IPV6_DST_ADDR       28
    299. 

  299. #define NF_F_XLATE_SRC_ADDR_IPV6          281
    300. 

  300. #define NF_F_XLATE_DST_ADDR_IPV6          282
    301. 

  301. 

  302. 	my $len = $netflow9_templates->{$ipaddr}->{$source_id}->{$flowsetid}->{'len'};
    303. 

  303. 	my $offset = 0;
    304. 

  304. 	my $datalen = length($flowsetdata);
    305. 

  305. 

  306. 	while (($offset + $len) <= $datalen) {
    307. 

  307. 		my %flow;
    308. 

  308. 		$flow{netflow_v} = '9';
    309. 

  309. 		$flow{ipv} = '4';
    310. 

  310. 		$flow{starttime} = time();
    311. 

  311. 		for (my $i = 0; $i < scalar @$template; $i += 2) {
    312. 

  312. 		    my $field_type = $template->[$i];
    313. 

  313. 		    my $field_length = $template->[$i+1];
    314. 

  314. 		    my $value = substr($flowsetdata, $offset, $field_length);
    315. 

  315. 		    $offset += $field_length;
    316. 

  316. 			# IN_BYTES
    317. 

  317. 		    if ($field_type == 1) {
    318. 

  318. 				if ($field_length == 4) {
    319. 

  319. 				    $flow{octets} = unpack("N", $value);
    320. 

  320. 				    } elsif ($field_length == 8) {
    321. 

  321. 					$flow{octets} = unpack("Q>", $value);
    322. 

  322. 				    }
    323. 

  323. 				}
    324. 

  324. 			# IN_PACKETS
    325. 

  325. 			elsif ($field_type == 2) {
    326. 

  326. 				if ($field_length == 4) {
    327. 

  327. 				    $flow{pkts} = unpack("N", $value);
    328. 

  328. 				    } elsif ($field_length == 8) {
    329. 

  329. 					$flow{pkts} = unpack("Q>", $value);
    330. 

  330. 				    }
    331. 

  331. 				}
    332. 

  332. 			# IN_PROTOCOL
    333. 

  333. 			elsif ($field_type == 4) { $flow{proto} = unpack("C", $value); }
    334. 

  334. 			# L4_SRC_PORT
    335. 

  335. 			elsif ($field_type == 7) { $flow{src_port} = unpack("n", $value); }
    336. 

  336. 			# IPV4_SRC_ADDR
    337. 

  337. 			elsif ($field_type == 8) { $flow{src_ip} = inet_ntop(AF_INET, $value); }
    338. 

  338. 			# INPUT_SNMP
    339. 

  339. 			elsif ($field_type == 10) {
    340. 

  340. 				if ($field_length == 2) {
    341. 

  341. 				    $flow{snmp_in} = unpack("n", $value);
    342. 

  342. 				    } elsif ($field_length == 4) {
    343. 

  343. 					$flow{snmp_in} = unpack("N", $value);
    344. 

  344. 				    }
    345. 

  345. 				}
    346. 

  346. 			# L4_DST_PORT
    347. 

  347. 			elsif ($field_type == 11) { $flow{dst_port} = unpack("n", $value); }
    348. 

  348. 			# IPV4_DST_ADDR
    349. 

  349. 			elsif ($field_type == 12) { $flow{dst_ip} = inet_ntop(AF_INET, $value); }
    350. 

  350. 			# OUTPUT_SNMP
    351. 

  351. 			elsif ($field_type == 14) {
    352. 

  352. 				if ($field_length == 2) {
    353. 

  353. 				    $flow{snmp_out} = unpack("n", $value);
    354. 

  354. 				    } elsif ($field_length == 4) {
    355. 

  355. 					$flow{snmp_out} = unpack("N", $value);
    356. 

  356. 				    }
    357. 

  357. 				}
    358. 

  358. 			# IP_PROTOCOL_VERSION
    359. 

  359. 			elsif ($field_type == 60) { my $ipversion = unpack("C", $value);
    360. 

  360. 				#skip ipv6
    361. 

  361. 				if ($ipversion == 6) { %flow=(); last; }
    362. 

  362. 				}
    363. 

  363. 			# XLATE_SRC_ADDR_IPV4
    364. 

  364. 			elsif ($field_type == 225) { $flow{xsrc_ip} = inet_ntop(AF_INET, $value); }
    365. 

  365. 			# XLATE_DST_ADDR_IPV4
    366. 

  366. 			elsif ($field_type == 226) { $flow{xdst_ip} = inet_ntop(AF_INET, $value); }
    367. 

  367. 		}
    368. 

  368. 		$flow{snmp_in} = 0 if (!$flow{snmp_in});
    369. 

  369. 		$flow{snmp_out} = 0 if (!$flow{snmp_out});
    370. 

  370. 		$flow{octets} = 0 if (!$flow{octets});
    371. 

  371. 		$flow{pkts} = 0 if (!$flow{pkts});
    372. 

  372. 		if (%flow and $flow{snmp_in} and $flow{snmp_out}) { save_flow($ipaddr, \%flow); }
    373. 

  373. 	}
    374. 

  374. }
    375. 

  375. 

  376. sub save_flow {
    377. 

  377. 	my $router_ip = shift;
    378. 

  378. 	my $flow = shift;
    379. 

  379. 	$router_ip = inet_ntoa($router_ip);
    380. 

  380. 	#direction for user, 0 - in, 1 - out
    381. 

  381. 	$flow->{direction} = '0';
    382. 

  382. 	my $router_id;
    383. 

  383. 	#skip unknown router
    384. 

  384. 	if (exists $router_svi{$router_ip}) { 
    385. 

  385. 		$router_id = $router_svi{$router_ip};
    386. 

  386. 		$flow->{router_ip} = $router_ip;
    387. 

  387. 		$flow->{device_id} = $router_id;
    388. 

  388. 		} else { return; }
    389. 

  389. 	#skip input traffic for router
    390. 

  390. 	if (exists $wan_dev{$router_id}->{$flow->{snmp_out}} and exists $wan_dev{$router_id}->{$flow->{snmp_in}}) { return; }
    391. 

  391. 	#skip local traffic for router
    392. 

  392. 	if (!exists $wan_dev{$router_id}->{$flow->{snmp_out}} and ! exists $wan_dev{$router_id}->{$flow->{snmp_in}}) { return; }
    393. 

  393. 

  394. 	if (exists $wan_dev{$router_id}->{$flow->{snmp_out}}) { $flow->{direction} = 1; }
    395. 

  395. 

  396. #	print Dumper($flow) if ($debug);
    397. 

  397. 	push(@traffic,$flow);
    398. 

  398. 	flush_traffic(0);
    399. 

  399. }
    400. 

  400. 

  401. sub flush_traffic {
    402. 

  402. 

  403. my $force = shift || 0;
    404. 

  404. 

  405. if (!$force && ($childrunning || ((time - $traf_lastflush) < $timeshift))) { return; }
    406. 

  406. 

  407. $childrunning = 1;
    408. 

  408. my $pid = fork();
    409. 

  409. 

  410. if (!defined $pid) {
    411. 

  411.     $childrunning = 0;
    412. 

  412.     print "cannot fork! Save traffic and exit...\n";
    413. 

  413.     } elsif ($pid != 0) {
    414. 

  414.         # in parent
    415. 

  415. 	$traf_lastflush = time();
    416. 

  416. 	#clean main cache
    417. 

  417. 	@traffic = ();
    418. 

  418.         return;
    419. 

  419.     }
    420. 

  420. 

  421. #create oper-cache
    422. 

  422. my @flush_table = @traffic;
    423. 

  423. 

  424. my $hdb=init_db();
    425. 

  425. 

  426. #saved packet by users
    427. 

  427. my @detail_traffic = ();
    428. 

  428. 

  429. my %routers_found;
    430. 

  430. 

  431. #last packet timestamp
    432. 

  432. my $last_time = time();
    433. 

  433. 

  434. foreach my $traf_record (@flush_table) {
    435. 

  435. 

  436. my ($auth_id,$l_src_ip,$l_dst_ip,$user_ip,$router_id);
    437. 

  437. 

  438. $router_id = $traf_record->{device_id};
    439. 

  439. 

  440. $routers_found{$router_id} = 1;
    441. 

  441. 

  442. #outbound traffic
    443. 

  443. if ($traf_record->{direction}) {
    444. 

  444.     if (exists $user_stats{$traf_record->{src_ip}}) {
    445. 

  445. 	$user_ip  = $traf_record->{src_ip};
    446. 

  446. 	$l_src_ip = $traf_record->{src_ip};
    447. 

  447. 	$l_dst_ip = $traf_record->{dst_ip};
    448. 

  448. 	if (exists $user_stats{$user_ip}{$router_id}{out}) {
    449. 

  449. 		$user_stats{$user_ip}{$router_id}{out}+=$traf_record->{octets};
    450. 

  450. 		} else {
    451. 

  451. 		$user_stats{$user_ip}{$router_id}{out}=$traf_record->{octets};
    452. 

  452. 		}
    453. 

  453. 	if (exists $user_stats{$user_ip}{$router_id}{pkt_out}) {
    454. 

  454. 		$user_stats{$user_ip}{$router_id}{pkt_out}+=$traf_record->{pkts};
    455. 

  455. 		} else {
    456. 

  456. 		$user_stats{$user_ip}{$router_id}{pkt_out}=$traf_record->{pkts};
    457. 

  457. 		}
    458. 

  458. 	}
    459. 

  459.     if (!$user_ip and $config_ref{add_unknown_user}) {
    460. 

  460.         $user_ip = $traf_record->{src_ip};
    461. 

  461. 	$auth_id = new_auth($hdb,$user_ip);
    462. 

  462. 	$user_stats{$user_ip}{auth_id}=$auth_id;
    463. 

  463. 	$user_stats{$user_ip}{$router_id}{in}=0;
    464. 

  464. 	$user_stats{$user_ip}{$router_id}{out}=$traf_record->{octets};
    465. 

  465. 	$user_stats{$user_ip}{$router_id}{pkt_in}=0;
    466. 

  466. 	$user_stats{$user_ip}{$router_id}{pkt_out}=$traf_record->{pkts};
    467. 

  467. 	$user_stats{$user_ip}{save_traf}=$config_ref{save_detail};
    468. 

  468. 	}
    469. 

  469.     #inbound traffic
    470. 

  470.     } else {
    471. 

  471.     if (exists $user_stats{$traf_record->{xdst_ip}}) {
    472. 

  472. 	$user_ip  = $traf_record->{xdst_ip};
    473. 

  473. 	$l_src_ip = $traf_record->{src_ip};
    474. 

  474. 	$l_dst_ip = $traf_record->{xdst_ip};
    475. 

  475. 	if (exists $user_stats{$user_ip}{$router_id}{in}) {
    476. 

  476. 		$user_stats{$user_ip}{$router_id}{in}+=$traf_record->{octets};
    477. 

  477. 		} else {
    478. 

  478. 		$user_stats{$user_ip}{$router_id}{in}=$traf_record->{octets};
    479. 

  479. 		}
    480. 

  480. 	if (exists $user_stats{$user_ip}{$router_id}{pkt_in}) {
    481. 

  481. 		$user_stats{$user_ip}{$router_id}{pkt_in}+=$traf_record->{pkts};
    482. 

  482. 		} else {
    483. 

  483. 		$user_stats{$user_ip}{$router_id}{pkt_in}=$traf_record->{pkts};
    484. 

  484. 		}
    485. 

  485. 	}
    486. 

  486.     }
    487. 

  487. 

  488. next if (!$user_ip);
    489. 

  489. 

  490. $last_time = $traf_record->{starttime};
    491. 

  491. 

  492. $user_stats{$user_ip}{last_found} = $last_time;
    493. 

  493. 

  494. next if (!$config_ref{save_detail} and !$user_stats{$user_ip}{save_traf});
    495. 

  495. 

  496. my $l_src_ip_aton=StrToIp($l_src_ip);
    497. 

  497. my $l_dst_ip_aton=StrToIp($l_dst_ip);
    498. 

  498. 

  499. my ($sec,$min,$hour,$day,$month,$year,$zone) = (localtime($last_time))[0,1,2,3,4,5];
    500. 

  500. $month++;
    501. 

  501. $year += 1900;
    502. 

  502. my $full_time = sprintf "%04d-%02d-%02d %02d:%02d:%02d",$year,$month,$day,$hour,$min,$sec;
    503. 

  503. 

  504. my @detail_array = ($user_stats{$user_ip}->{auth_id},$router_id,$full_time,$traf_record->{proto},$l_src_ip_aton,$l_dst_ip_aton,$traf_record->{src_port},$traf_record->{dst_port},$traf_record->{octets},$traf_record->{pkts});
    505. 

  505. push(@detail_traffic,\@detail_array);
    506. 

  506. }
    507. 

  507. 

  508. if (scalar(@detail_traffic)) {
    509. 

  509.     db_log_debug($hdb,"Start write traffic detail to DB. ".scalar @detail_traffic." lines count") if ($debug);
    510. 

  510.     batch_db_sql_cached("INSERT INTO Traffic_detail (auth_id,router_id,timestamp,proto,src_ip,dst_ip,src_port,dst_port,bytes,pkt) VALUES(?,?,?,?,?,?,?,?,?,?)",\@detail_traffic);
    511. 

  511.     db_log_debug($hdb,"Write traffic detail to DB stopped") if ($debug);
    512. 

  512.     }
    513. 

  513. 

  514. #save statistics
    515. 

  515. 

  516. #start hour
    517. 

  517. my ($min,$hour,$day,$month,$year) = (localtime($last_time))[1,2,3,4,5];
    518. 

  518. 

  519. #start stat time
    520. 

  520. my $hour_date1 = $hdb->quote(sprintf "%04d-%02d-%02d %02d:00:00",$year+1900,$month+1,$day,$hour);
    521. 

  521. #end hour
    522. 

  522. ($hour,$day,$month,$year) = (localtime($last_time+3600))[2,3,4,5];
    523. 

  523. my $hour_date2 = $hdb->quote(sprintf "%04d-%02d-%02d %02d:00:00",$year+1900,$month+1,$day,$hour);
    524. 

  524. 

  525. my @batch_sql_traf=();
    526. 

  526. 

  527. #print Dumper(\%user_stats) if ($debug);
    528. 

  528. 

  529. # update database
    530. 

  530. foreach my $user_ip (keys %user_stats) {
    531. 

  531.     next if (!exists $user_stats{$user_ip}{last_found});
    532. 

  532.     my $user_ip_aton=StrToIp($user_ip);
    533. 

  533.     my $auth_id = $user_stats{$user_ip}{auth_id};
    534. 

  534. 

  535.     #last flow for user
    536. 

  536.     my ($sec,$min,$hour,$day,$month,$year) = (localtime($user_stats{$user_ip}{last_found}))[0,1,2,3,4,5];
    537. 

  537.     #flow time string
    538. 

  538.     my $flow_date = $hdb->quote(sprintf "%04d-%02d-%02d %02d:%02d:%02d",$year+1900,$month+1,$day,$hour,$min,$sec);
    539. 

  539. 

  540.     #last found timestamp
    541. 

  541.     my $tSQL="UPDATE User_auth SET `last_found`=$flow_date WHERE id='$auth_id'";
    542. 

  542.     push (@batch_sql_traf,$tSQL);
    543. 

  543. 

  544.     #per router stats
    545. 

  545.     foreach my $router_id (keys %routers_found) {
    546. 

  546. 	next if (!exists $user_stats{$user_ip}{$router_id});
    547. 

  547. 	if (!exists $user_stats{$user_ip}{$router_id}{in})  { $user_stats{$user_ip}{$router_id}{in} = 0; }
    548. 

  548. 	if (!exists $user_stats{$user_ip}{$router_id}{out}) { $user_stats{$user_ip}{$router_id}{out} = 0; }
    549. 

  549. 	#skip empty stats
    550. 

  550. 	if ($user_stats{$user_ip}{$router_id}{in} + $user_stats{$user_ip}{$router_id}{out} ==0) { next; }
    551. 

  551. 	#packet count per router
    552. 

  552. 	if (!exists $user_stats{$user_ip}{$router_id}{pkt_in})  { $user_stats{$user_ip}{$router_id}{pkt_in} = 0; }
    553. 

  553. 	if (!exists $user_stats{$user_ip}{$router_id}{pkt_out}) { $user_stats{$user_ip}{$router_id}{pkt_out} = 0; }
    554. 

  554. 	#current stats
    555. 

  555. 	my $tSQL="INSERT INTO User_stats_full (timestamp,auth_id,router_id,byte_in,byte_out,pkt_in,pkt_out,step) VALUES($flow_date,'$auth_id','$router_id','$user_stats{$user_ip}{$router_id}{in}','$user_stats{$user_ip}{$router_id}{out}','$user_stats{$user_ip}{$router_id}{pkt_in}','$user_stats{$user_ip}{$router_id}{pkt_out}','$timeshift')";
    556. 

  556. 	push (@batch_sql_traf,$tSQL);
    557. 

  557. 	#hour stats
    558. 

  558. 	# get current stats
    559. 

  559. 	my $sql = "SELECT id, byte_in, byte_out FROM User_stats WHERE `timestamp`>=$hour_date1 AND `timestamp`<$hour_date2 AND router_id=$router_id AND auth_id=$auth_id";
    560. 

  560. 	my $hour_stat = get_record_sql($hdb,$sql);
    561. 

  561. 	if (!$hour_stat) {
    562. 

  562. 	    my $dSQL="INSERT INTO User_stats (timestamp,auth_id,router_id,byte_in,byte_out) VALUES($flow_date,'$auth_id','$router_id','$user_stats{$user_ip}{$router_id}{in}','$user_stats{$user_ip}{$router_id}{out}')";
    563. 

  563. 	    push (@batch_sql_traf,$dSQL);
    564. 

  564. 	    next;
    565. 

  565. 	    }
    566. 

  566. 	if (!$hour_stat->{byte_in}) { $hour_stat->{byte_in}=0; }
    567. 

  567. 	if (!$hour_stat->{byte_out}) { $hour_stat->{byte_out}=0; }
    568. 

  568. 	$hour_stat->{byte_in} += $user_stats{$user_ip}{$router_id}{in};
    569. 

  569. 	$hour_stat->{byte_out} += $user_stats{$user_ip}{$router_id}{out};
    570. 

  570. 	$tSQL="UPDATE User_stats SET byte_in='".$hour_stat->{byte_in}."', byte_out='".$hour_stat->{byte_out}."' WHERE id='".$auth_id."' AND router_id='".$router_id."'";
    571. 

  571. 	push (@batch_sql_traf,$tSQL);
    572. 

  572. 	}
    573. 

  573.     }
    574. 

  574. 

  575. #print Dumper(\@batch_sql_traf) if ($debug);
    576. 

  576. 

  577. #update statistics in DB
    578. 

  578. batch_db_sql($hdb,\@batch_sql_traf);
    579. 

  579. db_log_debug($hdb,"Recalc quotes started");
    580. 

  580. foreach my $router_id (keys %routers_found) { recalc_quotes($hdb,$router_id); }
    581. 

  581. db_log_debug($hdb,"Recalc quotes stopped");
    582. 

  582. 

  583. $hdb->disconnect();
    584. 

  584. 

  585. exit;
    586. 

  586. 

  587. }
    588.