mirror of
https://github.com/KevinMidboe/mktxp-no-cli.git
synced 2025-10-29 17:50:23 +00:00
add IPv6 firewall records
This commit is contained in:
Leon Morten Richter
@@ -25,21 +25,36 @@ class FirewallCollector(BaseCollector):
|
|||||||
if not router_entry.config_entry.firewall:
|
if not router_entry.config_entry.firewall:
|
||||||
return
|
return
|
||||||
|
|
||||||
# initialize all pool counts, including those currently not used
|
# Initialize all pool counts, including those currently not used
|
||||||
|
# These are the same for both IPv4 and IPv6
|
||||||
firewall_labels = ['chain', 'action', 'bytes', 'comment', 'log']
|
firewall_labels = ['chain', 'action', 'bytes', 'comment', 'log']
|
||||||
|
|
||||||
firewall_filter_records = FirewallMetricsDataSource.metric_records(router_entry, metric_labels = firewall_labels)
|
# ~*~*~*~*~*~ IPv4 ~*~*~*~*~*~
|
||||||
|
firewall_filter_records = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels)
|
||||||
if firewall_filter_records:
|
if firewall_filter_records:
|
||||||
metris_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records]
|
metrics_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records]
|
||||||
firewall_filter_metrics = BaseCollector.counter_collector('firewall_filter', 'Total amount of bytes matched by firewall rules', metris_records, 'bytes', ['name', 'log'])
|
firewall_filter_metrics = BaseCollector.counter_collector('firewall_filter', 'Total amount of bytes matched by firewall rules', metrics_records, 'bytes', ['name', 'log'])
|
||||||
yield firewall_filter_metrics
|
yield firewall_filter_metrics
|
||||||
|
|
||||||
firewall_raw_records = FirewallMetricsDataSource.metric_records(router_entry, metric_labels = firewall_labels, raw = True)
|
firewall_raw_records = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels, raw = True)
|
||||||
if firewall_raw_records:
|
if firewall_raw_records:
|
||||||
metris_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records]
|
metrics_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records]
|
||||||
firewall_raw_metrics = BaseCollector.counter_collector('firewall_raw', 'Total amount of bytes matched by raw firewall rules', metris_records, 'bytes', ['name', 'log'])
|
firewall_raw_metrics = BaseCollector.counter_collector('firewall_raw', 'Total amount of bytes matched by raw firewall rules', metrics_records, 'bytes', ['name', 'log'])
|
||||||
yield firewall_raw_metrics
|
yield firewall_raw_metrics
|
||||||
|
|
||||||
|
# ~*~*~*~*~*~ IPv6 ~*~*~*~*~*~
|
||||||
|
firewall_filter_records_ipv6 = FirewallMetricsDataSource.metric_records_ipv6(router_entry, metric_labels = firewall_labels)
|
||||||
|
if firewall_filter_records_ipv6:
|
||||||
|
metrics_records_ipv6 = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records_ipv6]
|
||||||
|
firewall_filter_metrics_ipv6 = BaseCollector.counter_collector('firewall_filter_ipv6', 'Total amount of bytes matched by firewall rules (IPv6)', metrics_records_ipv6, 'bytes', ['name', 'log'])
|
||||||
|
yield firewall_filter_metrics_ipv6
|
||||||
|
|
||||||
|
firewall_raw_records_ipv6 = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels, raw = True)
|
||||||
|
if firewall_raw_records_ipv6:
|
||||||
|
metrics_records_ipv6 = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records_ipv6]
|
||||||
|
firewall_raw_metrics_ipv6 = BaseCollector.counter_collector('firewall_raw_ipv6', 'Total amount of bytes matched by raw firewall rules (IPv6)', metrics_records_ipv6, 'bytes', ['name', 'log'])
|
||||||
|
yield firewall_raw_metrics_ipv6
|
||||||
|
|
||||||
# Helpers
|
# Helpers
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def metric_record(router_entry, firewall_record):
|
def metric_record(router_entry, firewall_record):
|
||||||
|
|||||||
@@ -1,43 +1,79 @@
|
|||||||
# coding=utf8
|
# coding=utf8
|
||||||
## Copyright (c) 2020 Arseniy Kuznetsov
|
# Copyright (c) 2020 Arseniy Kuznetsov
|
||||||
##
|
#
|
||||||
## This program is free software; you can redistribute it and/or
|
# This program is free software; you can redistribute it and/or
|
||||||
## modify it under the terms of the GNU General Public License
|
# modify it under the terms of the GNU General Public License
|
||||||
## as published by the Free Software Foundation; either version 2
|
# as published by the Free Software Foundation; either version 2
|
||||||
## of the License, or (at your option) any later version.
|
# of the License, or (at your option) any later version.
|
||||||
##
|
#
|
||||||
## This program is distributed in the hope that it will be useful,
|
# This program is distributed in the hope that it will be useful,
|
||||||
## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
## GNU General Public License for more details.
|
# GNU General Public License for more details.
|
||||||
|
|
||||||
|
|
||||||
from mktxp.datasource.base_ds import BaseDSProcessor
|
from mktxp.datasource.base_ds import BaseDSProcessor
|
||||||
|
from mktxp.flow.router_entry import RouterEntry
|
||||||
|
|
||||||
|
TRANSLATION_TABLE = {
|
||||||
|
'comment': lambda value: value if value else '',
|
||||||
|
'log': lambda value: '1' if value == 'true' else '0'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
class FirewallMetricsDataSource:
|
class FirewallMetricsDataSource:
|
||||||
''' Firewall Metrics data provider
|
''' Firewall Metrics data provider
|
||||||
'''
|
This datasource supports both IPv4 and IPv6
|
||||||
|
'''
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def metric_records(router_entry, *, metric_labels = None, raw = False, matching_only = True):
|
def _get_records(router_entry: RouterEntry, filter_path: str, args: dict, matching_only: bool = False):
|
||||||
|
"""
|
||||||
|
Get firewall records from a Mikrotik ROS device.
|
||||||
|
:param router_entry: The ROS API entry used to connect to the API
|
||||||
|
:param filter_path: The path to query the records for (e.g. /ip/firewall/filter)
|
||||||
|
:param args: A dictionary of arguments to pass to the print function used for export.
|
||||||
|
Looks like: '{'stats': '', 'all': ''}'
|
||||||
|
"""
|
||||||
|
firewall_records = router_entry.api_connection.router_api().get_resource(filter_path).call('print', args)
|
||||||
|
if matching_only:
|
||||||
|
firewall_records = [record for record in firewall_records if int(record.get('bytes', '0')) > 0]
|
||||||
|
return firewall_records
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def metric_records_ipv4(router_entry, *, metric_labels=None, raw=False, matching_only=True):
|
||||||
if metric_labels is None:
|
if metric_labels is None:
|
||||||
metric_labels = []
|
metric_labels = []
|
||||||
try:
|
try:
|
||||||
filter_path = '/ip/firewall/filter' if not raw else '/ip/firewall/raw'
|
filter_path = '/ip/firewall/filter' if not raw else '/ip/firewall/raw'
|
||||||
firewall_records = router_entry.api_connection.router_api().get_resource(filter_path).call('print', {'stats':'', 'all':''})
|
firewall_records = FirewallMetricsDataSource._get_records(
|
||||||
if matching_only:
|
router_entry,
|
||||||
firewall_records = [record for record in firewall_records if int(record.get('bytes', '0')) > 0]
|
filter_path,
|
||||||
|
{'stats': '', 'all': ''},
|
||||||
|
matching_only=matching_only
|
||||||
|
)
|
||||||
|
|
||||||
# translation rules
|
return BaseDSProcessor.trimmed_records(router_entry, router_records=firewall_records, metric_labels=metric_labels, translation_table=TRANSLATION_TABLE)
|
||||||
translation_table = {}
|
|
||||||
if 'comment' in metric_labels:
|
|
||||||
translation_table['comment'] = lambda value: value if value else ''
|
|
||||||
if 'log' in metric_labels:
|
|
||||||
translation_table['log'] = lambda value: '1' if value == 'true' else '0'
|
|
||||||
|
|
||||||
return BaseDSProcessor.trimmed_records(router_entry, router_records = firewall_records, metric_labels = metric_labels, translation_table = translation_table)
|
|
||||||
except Exception as exc:
|
except Exception as exc:
|
||||||
print(f'Error getting firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}')
|
print(
|
||||||
|
f'Error getting firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}'
|
||||||
|
)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def metric_records_ipv6(router_entry, metric_labels=None, raw=False, matching_only=True):
|
||||||
|
metric_labels = metric_labels or []
|
||||||
|
try:
|
||||||
|
filter_path = '/ipv6/firewall/filter' if not raw else '/ip/firewall/raw'
|
||||||
|
firewall_records = FirewallMetricsDataSource._get_records(
|
||||||
|
router_entry,
|
||||||
|
filter_path,
|
||||||
|
{'stats': ''},
|
||||||
|
matching_only=matching_only
|
||||||
|
)
|
||||||
|
|
||||||
|
return BaseDSProcessor.trimmed_records(router_entry, router_records=firewall_records, metric_labels=metric_labels, translation_table=TRANSLATION_TABLE)
|
||||||
|
except Exception as exc:
|
||||||
|
print(
|
||||||
|
f'Error getting IPv6 firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}'
|
||||||
|
)
|
||||||
|
return None
|
||||||
|
|||||||
Reference in New Issue
Block a user