forked from toralf/torutils
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ipset-stats.sh
executable file
·67 lines (51 loc) · 1.39 KB
/
ipset-stats.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
# SPDX-License-Identifier: GPL-3.0-or-later
# set -x
# dump and plot hostograms about occurrence of ip addresses in ipset(s)
function dump() {
ipset list -s $1 |\
sed -e '1,8d' |\
awk '{ print $1 }'
}
# 1.2.3.4 -> 1.2.3.0/24
function anonymise() {
sed -e "s,\.[0-9]*$,.0/24,"
}
# 2000::23:42 -> 2000::/64
function anonymise6() {
/opt/torutils/expand_v6.py |\
cut -c1-19 |\
sed -e "s,$,::/64,"
}
# a simple histogram
function plot() {
local tmpfile=$(mktemp /tmp/$(basename $0)_XXXXXX.tmp)
sort | uniq -c | sort -bn | awk '{ print $1 }' | uniq -c | awk '{ print $2, $1 }' > $tmpfile
gnuplot -e '
set terminal dumb 65 24;
set border back;
set title "'"$N"' occurrences of '"$n"' ip addresses";
set key noautotitle;
set xlabel "occurrence";
set logscale y 2;
plot "'$tmpfile'" pt "o";
'
rm $tmpfile
}
#######################################################################
set -euf
export LANG=C.utf8
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
while getopts aAdDp opt
do
shift
case $opt in
a) dump ${1:-tor-ddos} | anonymise | uniq -c ;;
A) dump ${1:-tor-ddos6} | anonymise6 | uniq -c ;;
d) dump ${1:-tor-ddos} ;;
D) dump ${1:-tor-ddos6} ;;
p) [[ $# -gt 0 ]]; N=$(cat $* | wc -l); n=$(cat $* | sort -u | wc -l); cat $* | plot ;;
*) echo "unknown parameter '$opt'"; exit 1 ;;
esac
done