From 0a500f12c46d9aac9aa17178a7f62dfb2fa99c6a Mon Sep 17 00:00:00 2001
From: Leon Morten Richter <github@leonmortenrichter.de>
Date: Sun, 13 Nov 2022 12:17:07 +0100
Subject: [PATCH] add IPv6 firewall records

---
 mktxp/collector/firewall_collector.py | 29 ++++++---
 mktxp/datasource/firewall_ds.py       | 88 +++++++++++++++++++--------
 2 files changed, 84 insertions(+), 33 deletions(-)

diff --git a/mktxp/collector/firewall_collector.py b/mktxp/collector/firewall_collector.py
index 50b7180..19e9bbd 100644
--- a/mktxp/collector/firewall_collector.py
+++ b/mktxp/collector/firewall_collector.py
@@ -25,21 +25,36 @@ class FirewallCollector(BaseCollector):
         if not router_entry.config_entry.firewall:
             return
 
-        # initialize all pool counts, including those currently not used
+        # Initialize all pool counts, including those currently not used
+        # These are the same for both IPv4 and IPv6
         firewall_labels = ['chain', 'action', 'bytes', 'comment', 'log']
         
-        firewall_filter_records = FirewallMetricsDataSource.metric_records(router_entry, metric_labels = firewall_labels)   
+        # ~*~*~*~*~*~ IPv4 ~*~*~*~*~*~
+        firewall_filter_records = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels)   
         if firewall_filter_records:           
-            metris_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records]
-            firewall_filter_metrics = BaseCollector.counter_collector('firewall_filter', 'Total amount of bytes matched by firewall rules', metris_records, 'bytes', ['name', 'log'])
+            metrics_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records]
+            firewall_filter_metrics = BaseCollector.counter_collector('firewall_filter', 'Total amount of bytes matched by firewall rules', metrics_records, 'bytes', ['name', 'log'])
             yield firewall_filter_metrics
 
-        firewall_raw_records = FirewallMetricsDataSource.metric_records(router_entry, metric_labels = firewall_labels, raw = True)        
+        firewall_raw_records = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels, raw = True)        
         if firewall_raw_records:      
-            metris_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records]     
-            firewall_raw_metrics = BaseCollector.counter_collector('firewall_raw', 'Total amount of bytes matched by raw firewall rules', metris_records, 'bytes', ['name', 'log'])
+            metrics_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records]     
+            firewall_raw_metrics = BaseCollector.counter_collector('firewall_raw', 'Total amount of bytes matched by raw firewall rules', metrics_records, 'bytes', ['name', 'log'])
             yield firewall_raw_metrics
 
+        # ~*~*~*~*~*~ IPv6 ~*~*~*~*~*~
+        firewall_filter_records_ipv6 =  FirewallMetricsDataSource.metric_records_ipv6(router_entry, metric_labels = firewall_labels)
+        if firewall_filter_records_ipv6:           
+            metrics_records_ipv6 = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records_ipv6]
+            firewall_filter_metrics_ipv6 = BaseCollector.counter_collector('firewall_filter_ipv6', 'Total amount of bytes matched by firewall rules (IPv6)', metrics_records_ipv6, 'bytes', ['name', 'log'])
+            yield firewall_filter_metrics_ipv6
+
+        firewall_raw_records_ipv6 = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels, raw = True)        
+        if firewall_raw_records_ipv6:      
+            metrics_records_ipv6 = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records_ipv6]     
+            firewall_raw_metrics_ipv6 = BaseCollector.counter_collector('firewall_raw_ipv6', 'Total amount of bytes matched by raw firewall rules (IPv6)', metrics_records_ipv6, 'bytes', ['name', 'log'])
+            yield firewall_raw_metrics_ipv6
+
     # Helpers
     @staticmethod
     def metric_record(router_entry, firewall_record):
diff --git a/mktxp/datasource/firewall_ds.py b/mktxp/datasource/firewall_ds.py
index 4ac456f..f4a948c 100644
--- a/mktxp/datasource/firewall_ds.py
+++ b/mktxp/datasource/firewall_ds.py
@@ -1,43 +1,79 @@
 # coding=utf8
-## Copyright (c) 2020 Arseniy Kuznetsov
-##
-## This program is free software; you can redistribute it and/or
-## modify it under the terms of the GNU General Public License
-## as published by the Free Software Foundation; either version 2
-## of the License, or (at your option) any later version.
-##
-## This program is distributed in the hope that it will be useful,
-## but WITHOUT ANY WARRANTY; without even the implied warranty of
-## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-## GNU General Public License for more details.
+# Copyright (c) 2020 Arseniy Kuznetsov
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
 
 
 from mktxp.datasource.base_ds import BaseDSProcessor
+from mktxp.flow.router_entry import RouterEntry
+
+TRANSLATION_TABLE = {
+    'comment': lambda value: value if value else '',
+    'log': lambda value: '1' if value == 'true' else '0'
+}
 
 
 class FirewallMetricsDataSource:
     ''' Firewall Metrics data provider
-    '''             
+    This datasource supports both IPv4 and IPv6
+    '''
     @staticmethod
-    def metric_records(router_entry, *, metric_labels = None, raw = False, matching_only = True):
+    def _get_records(router_entry: RouterEntry, filter_path: str, args: dict, matching_only: bool = False):
+        """
+        Get firewall records from a Mikrotik ROS device.
+        :param router_entry: The ROS API entry used to connect to the API
+        :param filter_path:  The path to query the records for (e.g. /ip/firewall/filter)
+        :param args:         A dictionary of arguments to pass to the print function used for export.
+                             Looks like: '{'stats': '', 'all': ''}'
+        """
+        firewall_records = router_entry.api_connection.router_api().get_resource(filter_path).call('print', args)
+        if matching_only:
+            firewall_records = [record for record in firewall_records if int(record.get('bytes', '0')) > 0]
+        return firewall_records
+
+    @staticmethod
+    def metric_records_ipv4(router_entry, *, metric_labels=None, raw=False, matching_only=True):
         if metric_labels is None:
-            metric_labels = []                
+            metric_labels = []
         try:
             filter_path = '/ip/firewall/filter' if not raw else '/ip/firewall/raw'
-            firewall_records = router_entry.api_connection.router_api().get_resource(filter_path).call('print', {'stats':'', 'all':''})
-            if matching_only:
-                firewall_records = [record for record in firewall_records if int(record.get('bytes', '0')) > 0]
+            firewall_records = FirewallMetricsDataSource._get_records(
+                router_entry,
+                filter_path,
+                {'stats': '', 'all': ''},
+                matching_only=matching_only
+            )
 
-            # translation rules
-            translation_table = {}
-            if 'comment' in metric_labels:
-                translation_table['comment'] = lambda value: value if value else ''           
-            if 'log' in metric_labels:
-                translation_table['log'] = lambda value: '1' if value == 'true' else '0'           
-
-            return BaseDSProcessor.trimmed_records(router_entry, router_records = firewall_records, metric_labels = metric_labels, translation_table = translation_table)
+            return BaseDSProcessor.trimmed_records(router_entry, router_records=firewall_records, metric_labels=metric_labels, translation_table=TRANSLATION_TABLE)
         except Exception as exc:
-            print(f'Error getting firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}')
+            print(
+                f'Error getting firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}'
+            )
             return None
 
+    @staticmethod
+    def metric_records_ipv6(router_entry, metric_labels=None, raw=False, matching_only=True):
+        metric_labels = metric_labels or []
+        try:
+            filter_path = '/ipv6/firewall/filter' if not raw else '/ip/firewall/raw'
+            firewall_records = FirewallMetricsDataSource._get_records(
+                router_entry,
+                filter_path,
+                {'stats': ''},
+                matching_only=matching_only
+            )
 
+            return BaseDSProcessor.trimmed_records(router_entry, router_records=firewall_records, metric_labels=metric_labels, translation_table=TRANSLATION_TABLE)
+        except Exception as exc:
+            print(
+                f'Error getting IPv6 firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}'
+            )
+            return None