topic

How to us to correct the person who has entered

Creation of sites - model of qualitative imposition

Entrance parameter of function is the file from six elements

Perenapravlenie mistakes in a browser - 100 % as in PHP

TT - the counter of the traffic

Platforms

* Linux

The description

Module CTT allows to count up the traffic which is taking place through the certain interface. With the help of special counters - filters it is possible to set rules of selection of packages on the basis of the IP-address and masks podseti. Kill of packages can be carried out on the basis of the information on a source or on purpose{appointment}.

The module works by a principle sniffera: the corresponding interface is translated in mode PROMISCUOUS after that there are accessible packages of a segment podseti in which the interface is deduced{removed}.

ATTENTION!

* Take into account, that for translation of the interface in a "diverse" mode it is necessary to possess the rights privelegirovannogo the user.

* With the help of the module you cannot supervise passage of packages of a low level - only IP-reports.

* The module as does not pay attention to packages of the IP-version distinct from 4.

* Be close{attentive}, if beside svitch.

Present{True} version (0.1) allows

* To use interfaces of standard Ethernet IEEE 802.3.

* To accumulate the information on taking place packages in 32-bit counters (in limits 4Gb).

* To establish rules of kill of packages to the address of a source and purposes{appointments}, to mask effectless bats of the address, with an opportunity of denying of a condition (conditional inversion).

* To establish for each filter volume of the traffic (entering, proceeding or the general{common}) after which passage it will be caused special obrabotchik. The code obrabotchika can be any way redefined.

Installation of the module

For installation of the module unpack tarbol and pass to the root of a package. Type{collect} the command

perl Makefile. PL

After that in the current catalogue and in subdirectory _lib files Makefile for assembly of the project will be created. Type{collect} the command

make

Performance of this command will lead to to assembly of the project: in subdirectory _lib the library necessary for funkcionarovanija of the module will be created, and in the current catalogue the subdirectory blib in which ready files of the module will be placed will appear.

The test program is not realized yet, on this in case of successful assembly can establish at once the module the command

make install

After that the catalogue of the project can be removed.

THE NOTE

By default module CTT assumes use no more than 256 counters. However you can redefine constant MAX_FILTER before assembly of the module and, having compared her required value to increase quantity{amount} of filters.

Example of use of the module

use CTT; $ctt = new CTT; $ctt-> Enable ("eth0") or die " the Mistake of installation of a diverse mode "; $fi1 = $ctt-> AddFilter (" 192.168.1.90", " 255.255.255.255", "! 192.168.0.0", " 255.255.0.0"); * To filter all with 192.168.1.90 * sent for limits of a network $ctt-> StopOn ($fi1,20000,20000,0); * To signal after achievement * 20000 bytes $fi2 = $ctt-> AddFilter (" 192.168.1.90", " 255.255.255.255", "! 192.168.1.90", " 255.255.255.255"); * To filter all with 192.168.1.90 * addressed to other hosts $ctt-> StopOn ($fi2,40000,40000,0); * To signal after achievement * 40000 bytes while ($ctt-> Read ()) {@filters = $ctt-> GetFilters (); unless (@fi) {print " there Is nothing fil`trovat`.n "; last;}} sub CTT:: OnOverflow {my ($self, $fi) = _; print " the Counter $fi is overflown. The current value: ", scalar (self-> GetCurrBytes ($fi)), "n"; $self-> DelFilter ($fi);}

The interface of class CTT

The module has objective focused interface. One copy can be adhered only to one network interface. However it does not mean, that one interface cannot compare some objects CTT.

The filter defines{determines} conditions of selection of packages and as saves intermediate values of counters. Filters are defined{determined} on indexes, but various copies CTT are not connected in any way among themselves. It means, that identical indexes of filters for each copy of object CTT will specify absolutely untied data.

new

The designer does not accept arguments. Returns the link to a copy of a class or uncertain value in case of failure.

$ctt = new CTT;

Enable

Method Enable as argument accepts the identifier of the interface and tries to translate it{him} in a "illegible" mode. In case of success the true, otherwise - returns znaechnie lie.

$ctt-> Enable ("eth0");

You cannot call method Read for object yet will not specify what interface it is necessary to put sniffer. In this case method Read will always return value 0.

Disable

Method Disable stops process of reading of packages. This method does not accept arguments. All counters remain in a status in which they were after last call of method Read. The repeated call of method Enable as will not lead to to reset of counters, but be close{attentive} in case of purpose{appointment} of other network interface.

Read

Method Read results in reading the next portion of the data. After reading comparison of a package with each set filter is carried out and, in case of need, virtual method OnOverflow is caused. Naturally that call Read is represented senseless if not any rule of selection of packages is set. If to execute reading it is not possible (method Enable preliminary is not called) as result of job the method returns that 0. Thus, if in obrabotchike OnOverflow to define{determine} a code causing method Disable it is possible to organize a cycle of reading of packages as follows

while ($ctt-> Read ()) {...}

AddFilter

Method AddFilter allows to set a new rule of selection of packages. As arguments accepts the IP-address of a source, a mask of the address of a source, the IP-address of purpose{appointment} and a mask of the address of purpose{appointment}.

$fi2 = $ctt-> AddFilter (" 192.168.1.90", " 255.255.255.255", "! 192.168.0.0", " 255.255.0.0");

As result of job the method returns an index of the added filter or-1, in a case if to add the filter it was not possible. The erroneous situation at addition of the filter can arise for example in case of absence of a place for the new filter. For storage of the information of counters the file of the fixed sizes is used. By default each object CTT can have no more than 256 filters. As a rule it should suffice for the majority of problems{tasks} (see the paragraph Installation of the module if want to increase this value).

Pay attention to a way of the task of the address of purpose{appointment}. The exclamation mark before the address specifies denying of the address. It means, that in selection all packages, one of which addresses will get (the source or purpose{appointment}) does not coincide with specified, that is does not enter into a network 192.168.0.0/16.

ATTENTION!

Actually, has no value what source from the set addresses, and what purpose{appointment}. A condition of selection is concurrence (or discrepancy in case of the instruction{indication} "!") one of the specified addresses with the address of a source, and another with the address of purpose{appointment} determined on heading of a package. But necessarily both addresses should coincide. And if during the analysis of a package it was found out, that the source and purpose{appointment} get under the specified condition, but have exchanged places that is carried out inkrement the counter of the received bytes. In case of concurrence of addresses in that order inkrementiruetsja the counter of the sent bytes. Take into account, that you have an opportunity to set such condition of selection at which the total traffic will exceed actual twice. For example at a network 192.168.1.0

* All addresses in a network get both under the first condition, and under the second $ctt-> AddFilter (" 192.168.1.0", " 255.255.255.0", " 192.168.0.0", " 255.255.0.0");

DelFilter

Method DelFilter deletes the filter - counter. As argument accepts an index udaljaemogo the filter. After removal{distance} the slot in which the counter was stored{kept}, is released{exempted} and can be use the module for accommodation of the new filter. The method does not return values.

$fi = $ctt-> AddFilter (" 192.168.1.0", " 255.255.255.0", "! 192.168.0.0", " 255.255.0.0"); $ctt-> DelFilter ($fi);

StopOn

Method StopOn allows to establish a limit of the signal system, that is to specify volume of the entering, proceeding and general{common} traffic after which achievement it will be called virtual obrabotchik OnOverflow (for example if you want to count not simply the traffic, and on the basis of this information also than that to operate). As arguments accepts an index of the filter, value of the proceeding, entering and general{common} traffic, determining borders of the signal system. Value 0 cancels the control over the traffic of concrete type

$fi = $ctt-> AddFilter (" 192.168.1.0", " 255.255.255.0", "! 192.168.0.0", " 255.255.0.0"); $ctt-> StopOn ($fi, 1000,2000,10*1024*1024); * To signal at * proceeding 1000B, entering 2000B * and the general{common} traffic more 10MB. $ctt-> StopOn ($fi, 0,0,10*1024*1024); * To supervise only the general{common} traffic * under a former condition 10MB.

IfName

Method IfName allows to receive the identifier of the interface as he has been transferred{handed} to function Enable.

print $ctt-> IfName ();