KevinMidboe/mktxp-no-cli
1
0
Fork 0
mirror of https://github.com/KevinMidboe/mktxp-no-cli.git synced 2025-10-29 17:50:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

add IPv6 firewall records

Browse Source
This commit is contained in:
Leon Morten Richter
2022-11-13 12:17:07 +01:00
parent 9121e8924e
commit 0a500f12c4
2 changed files with 84 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
mktxp/collector/firewall_collector.py
View File

@@ -25,21 +25,36 @@ class FirewallCollector(BaseCollector):
if not router_entry.config_entry.firewall:
return
# initialize all pool counts, including those currently not used
# Initialize all pool counts, including those currently not used
# These are the same for both IPv4 and IPv6
firewall_labels = ['chain', 'action', 'bytes', 'comment', 'log']
firewall_filter_records = FirewallMetricsDataSource.metric_records(router_entry, metric_labels = firewall_labels)
# ~*~*~*~*~*~ IPv4 ~*~*~*~*~*~
firewall_filter_records = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels)
if firewall_filter_records:
metris_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records]
firewall_filter_metrics = BaseCollector.counter_collector('firewall_filter', 'Total amount of bytes matched by firewall rules', metris_records, 'bytes', ['name', 'log'])
metrics_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records]
firewall_filter_metrics = BaseCollector.counter_collector('firewall_filter', 'Total amount of bytes matched by firewall rules', metrics_records, 'bytes', ['name', 'log'])
yield firewall_filter_metrics
firewall_raw_records = FirewallMetricsDataSource.metric_records(router_entry, metric_labels = firewall_labels, raw = True)
firewall_raw_records = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels, raw = True)
if firewall_raw_records:
metris_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records]
firewall_raw_metrics = BaseCollector.counter_collector('firewall_raw', 'Total amount of bytes matched by raw firewall rules', metris_records, 'bytes', ['name', 'log'])
metrics_records = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records]
firewall_raw_metrics = BaseCollector.counter_collector('firewall_raw', 'Total amount of bytes matched by raw firewall rules', metrics_records, 'bytes', ['name', 'log'])
yield firewall_raw_metrics
# ~*~*~*~*~*~ IPv6 ~*~*~*~*~*~
firewall_filter_records_ipv6 = FirewallMetricsDataSource.metric_records_ipv6(router_entry, metric_labels = firewall_labels)
if firewall_filter_records_ipv6:
metrics_records_ipv6 = [FirewallCollector.metric_record(router_entry, record) for record in firewall_filter_records_ipv6]
firewall_filter_metrics_ipv6 = BaseCollector.counter_collector('firewall_filter_ipv6', 'Total amount of bytes matched by firewall rules (IPv6)', metrics_records_ipv6, 'bytes', ['name', 'log'])
yield firewall_filter_metrics_ipv6
firewall_raw_records_ipv6 = FirewallMetricsDataSource.metric_records_ipv4(router_entry, metric_labels = firewall_labels, raw = True)
if firewall_raw_records_ipv6:
metrics_records_ipv6 = [FirewallCollector.metric_record(router_entry, record) for record in firewall_raw_records_ipv6]
firewall_raw_metrics_ipv6 = BaseCollector.counter_collector('firewall_raw_ipv6', 'Total amount of bytes matched by raw firewall rules (IPv6)', metrics_records_ipv6, 'bytes', ['name', 'log'])
yield firewall_raw_metrics_ipv6
# Helpers
@staticmethod
def metric_record(router_entry, firewall_record):

84
mktxp/datasource/firewall_ds.py
View File

@@ -1,43 +1,79 @@
# coding=utf8
## Copyright (c) 2020 Arseniy Kuznetsov
##
## This program is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License
## as published by the Free Software Foundation; either version 2
## of the License, or (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
# Copyright (c) 2020 Arseniy Kuznetsov
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
from mktxp.datasource.base_ds import BaseDSProcessor
from mktxp.flow.router_entry import RouterEntry
TRANSLATION_TABLE = {
'comment': lambda value: value if value else '',
'log': lambda value: '1' if value == 'true' else '0'
}
class FirewallMetricsDataSource:
''' Firewall Metrics data provider
This datasource supports both IPv4 and IPv6
'''
@staticmethod
def metric_records(router_entry, *, metric_labels = None, raw = False, matching_only = True):
def _get_records(router_entry: RouterEntry, filter_path: str, args: dict, matching_only: bool = False):
"""
Get firewall records from a Mikrotik ROS device.
:param router_entry: The ROS API entry used to connect to the API
:param filter_path: The path to query the records for (e.g. /ip/firewall/filter)
:param args: A dictionary of arguments to pass to the print function used for export.
Looks like: '{'stats': '', 'all': ''}'
"""
firewall_records = router_entry.api_connection.router_api().get_resource(filter_path).call('print', args)
if matching_only:
firewall_records = [record for record in firewall_records if int(record.get('bytes', '0')) > 0]
return firewall_records
@staticmethod
def metric_records_ipv4(router_entry, *, metric_labels=None, raw=False, matching_only=True):
if metric_labels is None:
metric_labels = []
try:
filter_path = '/ip/firewall/filter' if not raw else '/ip/firewall/raw'
firewall_records = router_entry.api_connection.router_api().get_resource(filter_path).call('print', {'stats':'', 'all':''})
if matching_only:
firewall_records = [record for record in firewall_records if int(record.get('bytes', '0')) > 0]
firewall_records = FirewallMetricsDataSource._get_records(
router_entry,
filter_path,
{'stats': '', 'all': ''},
matching_only=matching_only
)
# translation rules
translation_table = {}
if 'comment' in metric_labels:
translation_table['comment'] = lambda value: value if value else ''
if 'log' in metric_labels:
translation_table['log'] = lambda value: '1' if value == 'true' else '0'
return BaseDSProcessor.trimmed_records(router_entry, router_records = firewall_records, metric_labels = metric_labels, translation_table = translation_table)
return BaseDSProcessor.trimmed_records(router_entry, router_records=firewall_records, metric_labels=metric_labels, translation_table=TRANSLATION_TABLE)
except Exception as exc:
print(f'Error getting firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}')
print(
f'Error getting firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}'
)
return None
@staticmethod
def metric_records_ipv6(router_entry, metric_labels=None, raw=False, matching_only=True):
metric_labels = metric_labels or []
try:
filter_path = '/ipv6/firewall/filter' if not raw else '/ip/firewall/raw'
firewall_records = FirewallMetricsDataSource._get_records(
router_entry,
filter_path,
{'stats': ''},
matching_only=matching_only
)
return BaseDSProcessor.trimmed_records(router_entry, router_records=firewall_records, metric_labels=metric_labels, translation_table=TRANSLATION_TABLE)
except Exception as exc:
print(
f'Error getting IPv6 firewall filters info from router{router_entry.router_name}@{router_entry.config_entry.hostname}: {exc}'
)
return None