src/scripts/consort.sh

   1 #/bin/bash
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 # sort conntrack table entries based on ip addresses
  23 # @parm sort field
  24 do_ip_sort() {
  25         sed \
  26                 -r \
  27                 's/.*src=([0-9\.]+).*dst=([0-9\.]+).*src=.*/\'$1'#\0/' $FILE_NAME \
  28          | sort \
  29                 -t. \
  30                 -k 1,1n$SORT_ORDER -k 2,2n$SORT_ORDER -k 3,3n$SORT_ORDER -k 4,4n$SORT_ORDER \
  31          | sed \
  32                 -r \
  33                 's/.*#(.*)/\1/'
  34 }
  35
  36 # sort conntrack table entries based on port addresses
  37 # @parm sort field
  38 do_port_sort() {
  39         sed \
  40                 -r \
  41                 's/.*sport=([0-9]+).*dport=([0-9]+).*src=.*/\'$1'#\0/' $FILE_NAME \
  42         | sort \
  43                 -t# \
  44                 -k 1,1n$SORT_ORDER \
  45         | sed \
  46                 -r \
  47                 's/.*#(.*)/\1/'
  48 }
  49
  50 # sort conntrack table entries based on protocol
  51 do_protocol_sort() {
  52         sed \
  53                 -r \
  54                 's/^[0-9a-zA-Z]+[       ]+[0-9]+[       ]+([a-zA-Z0-9]+)/\1#\0/' $FILE_NAME \
  55         | sort \
  56                 -t# \
  57                 -k 1,1$SORT_ORDER  \
  58         | sed \
  59                 -r \
  60                 's/.*#(.*)/\1/'
  61 }
  62
  63 # sort conntrack table entries based on connection status
  64 do_status_sort() {
  65         sed \
  66                 -r \
  67                 's/^[0-9a-zA-Z]+[       ]+[0-9]+[       ]+[a-zA-Z0-9]+[         ]+[0-9]+[       ]+[0-9]+[       ]+([a-zA-Z_0-9]+)[      ]+|^[0-9a-zA-Z]+[       ]+[0-9]+[       ]+[a-zA-Z0-9]+[         ]+[0-9]+[       ]+[0-9]+([      ]+)/\1#\0/' $FILE_NAME \
  68         | sort \
  69                 -t# \
  70                 -k 1,1$SORT_ORDER  \
  71         | sed \
  72                 -r \
  73                 's/.*#(.*)/\1/'
  74 }
  75
  76 # sort conntrack table entries based on connection time to life
  77 do_ttl_sort() {
  78         sed \
  79                 -r \
  80                 's/^[0-9a-zA-Z]+[       ]+[0-9]+[       ]+[a-zA-Z0-9]+[         ]+[0-9]+[       ]+([0-9]+)[     ]+/\1#\0/' $FILE_NAME \
  81         | sort \
  82                 -t# \
  83                 -k 1,1n$SORT_ORDER  \
  84         | sed \
  85                 -r \
  86                 's/.*#(.*)/\1/'
  87 }
  88
  89 # sort conntrack table entries based on downloaded bytes
  90 do_downloaded_bytes_sort() {
  91         sed \
  92                 -r \
  93                 's/.*src=.*bytes=([0-9]+).*src=/\1#\0/' $FILE_NAME \
  94         | sort \
  95                 -t# \
  96                 -k 1,1n$SORT_ORDER  \
  97         | sed \
  98                 -r \
  99                 's/.*#(.*)/\1/'
 100 }
 101
 102 # sort conntrack table entries based on uploaded bytes
 103 do_uploaded_bytes_sort() {
 104         sed \
 105                 -r \
 106                 's/.*src=.*bytes=([0-9]+).*/\1#\0/' $FILE_NAME \
 107         | sort \
 108                 -t# \
 109                 -k 1,1n$SORT_ORDER  \
 110         | sed \
 111                 -r \
 112                 's/.*#(.*)/\1/'
 113 }
 114
 115 SORT_ORDER=
 116 FILE_NAME=
 117
 118 if [ $# -lt 2 ]; then
 119         echo "Usage: consort <sort criteria 1=srcIp,2=dstIp,3=srcPort,4=dstPort,5=protocol,6=connection status> <a=ascending,d=descending> [input file]"
 120         echo "  consort.sh 1 a a.txt"
 121         echo "  cat a.txt | consort 1 d"
 122         exit;
 123 fi
 124
 125 if [[ 'a d A D' =~ $2 ]]; then
 126         if [[ 'd D' =~ $2 ]]; then
 127                 SORT_ORDER=r
 128         fi
 129 else
 130         echo "Unknown sort order \"$2\""
 131         exit;
 132 fi
 133
 134 if [ $# == 3 ]; then
 135         if [ ! -f $3 ]; then
 136                 echo "File not found."
 137                 exit;
 138         fi
 139         FILE_NAME=$3
 140 fi
 141
 142 if [[ '1 2' =~ $1 ]]; then
 143         do_ip_sort $1
 144 elif [[ '3 4' =~ $1 ]]; then
 145         do_port_sort $(($1-2))
 146 elif [[ '5' =~ $1 ]]; then
 147         do_protocol_sort
 148 elif [[ '6' =~ $1 ]]; then
 149         do_status_sort
 150 elif [[ '7' =~ $1 ]]; then
 151         do_ttl_sort
 152 elif [[ '8' =~ $1 ]]; then
 153         do_downloaded_bytes_sort
 154 elif [[ '9' =~ $1 ]]; then
 155         do_uploaded_bytes_sort
 156 else
 157         echo "Unknown sort criteria \"$1\""
 158 fi