Reduce number of categories, move "other" plugins

2025-07-21 18:41:03 +00:00 · 2017-02-23 21:14:01 +01:00 · 2017-02-23 21:14:01 +01:00 · c0568802bf
commit c0568802bf
parent 99542938b1
16 changed files with 8 additions and 5 deletions
--- a/plugins/pf/pf
+++ b/plugins/pf/pf
@ -0,0 +1,145 @@
+#!/bin/sh
+#
+# OpenBSD's pf(4) monitoring for FreeBSD
+# 2007, Gergely Czuczy <phoemix@harmless.hu>
+#
+# Needs to run as root.
+# Add "user root" for the [pf] into plugins.conf.
+#
+# Options:
+#  - env.do_searches yes: to enable state table search monitoring`
+#
+# 0.1 - initial release:
+# - state table usage
+# - search rate
+# - match rate
+# - state mismatch rate
+# - blocked packets
+# - monitoring of labelled rules
+#
+# 0.2 - feature improvements:
+#  - Labelled rules for packet count
+#  - OpenBSD compatibility
+#  - Warning and critical on state table
+#
+# 0.3 - feature improvements:
+#  - Aggregate rules with the same label
+#
+# 0.4 - feature changes:
+#  - State searches are optional. it can shrink others.
+#  - Labelled targets are marked with a leading L
+#
+#
+#%# family=auto
+#%# capabilities=autoconf
+PATH=/bin:/sbin:/usr/bin:/usr/sbin
+export PATH
+
+pfctl="/sbin/pfctl"
+
+case $1 in
+    config)
+	echo "graph_title OpenBSD pf statistics"
+	echo "graph_vlabel Entries per second"
+	echo "graph_scale no"
+	echo "graph_category network"
+	echo "graph_args -l 0"
+	echo "graph_info OpenBSD's pf usage statistics"
+	echo "states.label States"
+	echo "states.type GAUGE"
+	${pfctl} -sm 2> /dev/null | awk '/states/ {print "states.warning "$4*0.9; print "states.critical "$4*0.95}'
+	if [ "x${do_searches}" = "xyes" ]; then
+		echo "searches.label Searches"
+		echo "searches.min 0"
+		echo "searches.type DERIVE"
+	fi
+	echo "matches.label Matches"
+	echo "matches.min 0"
+	echo "matches.type DERIVE"
+	echo "mismatches.label State mismatches"
+	echo "mismatches.min 0"
+	echo "mismatches.type DERIVE"
+	echo "blocks.label Blocked packets"
+	echo "blocks.type DERIVE"
+	echo "blocks.min 0"
+	${pfctl} -sl 2>/dev/null | awk '{
+		 l="";
+		 for (i=1; i<NF-2; i=i+1) l=l" "$i;
+		 sub(/^ /, "", l);
+		 f=l;
+		 gsub(/[^a-z0-9A-Z]/, "_", f);
+		 print f".label L: "l;
+		 print f".type DERIVE"
+		 print f".min 0"}'
+	exit 0
+	;;
+
+    autoconf)
+	ostype=`uname -s`
+        # NetBSD
+	if [ ${ostype} = "NetBSD" ]; then
+	# enabled?
+		if [ `${pfctl} -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+			echo "no (pf(4) is not enabled, consult pfctl(8))"
+			exit 1
+		fi
+	# FreeBSD
+	elif [ ${ostype} = "FreeBSD" ]; then
+		# enabled?
+		if [ `${pfctl} -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+			echo "no (pf(4) is not enabled, consult pfctl(8))"
+			exit 1
+		fi
+	# OpenBSD
+	elif [ ${ostype} = "OpenBSD" ]; then
+		# pf(4) module loaded?
+		if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then
+			echo "no (pf(4) is not loaded)"
+			exit 1
+		fi
+		# enabled?
+		if [ `${pfctl} -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+			echo "no (pf(4) is not enabled, consult pfctl(8))"
+			exit 1
+		fi
+	# Other OSes
+	else
+		echo "no (this plugin is not supported on your OS)"
+		exit 1
+	fi
+	echo "yes"
+	exit 0
+	;;
+
+    suggest)
+	exit 0;
+	;;
+
+esac
+
+#
+${pfctl} -si 2>/dev/null | awk '
+	/current entries/{print "states.value",$3}
+	/searches/{if ( "'${do_searches}'" == "yes" ) print "searches.value",$2}
+	$1~/^match$/{print "matches.value",$2}
+	/state-mismatch/{print "mismatches.value",$2}'
+${pfctl} -vsr 2> /dev/null| grep -A 1 ^block | awk 'BEGIN {sum=0}/^[ \t]*\[/{sum=sum+$5} END {print "blocks.value",sum}'
+
+# the labeled ones
+${pfctl} -sl 2>/dev/null | awk '
+	BEGIN {
+		total=0
+	}
+	{
+		l="";
+		for (i=1; i<NF-2; i=i+1) l=l" "$i;
+		sub(/^ /, "", l);
+		f=l;
+		gsub(/[^a-z0-9A-Z]/, "_", f);
+		total=total+1;
+		fields[f]=fields[f]+$(NF-i+2);
+	}
+	END {
+		if ( total == 0 ) exit 0;
+		for ( k in fields ) print k".value "fields[k]
+	}'
--- a/plugins/pf/pf_bytes
+++ b/plugins/pf/pf_bytes
@ -0,0 +1,85 @@
+#!/bin/sh
+#
+# OpenBSD's pf(4) monitoring for OpenBSD
+# 2007, Originally by Gergely Czuczy <phoemix@harmless.hu>
+# for FreeBSD systems. Ported and splitted by the 
+# immerda admin team admin(at)immerda.ch
+# this version is adapted for openbsd and is only tested on
+# openbsd systems.
+#
+# Needs to run as root.
+# Add "user root" for the [pf] into plugins.conf.
+#
+#%# family=auto
+#%# capabilities=autoconf
+
+pfctl='/sbin/pfctl'
+
+case $1 in
+    config)
+    cat <<EOF
+graph_title OpenBSD pf label bytes statistics
+graph_vlabel bytes per second
+graph_scale no
+graph_category network
+graph_args -l 0
+graph_info OpenBSD's pf label bytes usage statistics
+EOF
+pfctl -sl | awk '
+BEGIN {
+ total=0
+}
+{
+ l=$1;
+ f_bytes=l;
+ gsub(/[^a-z0-9A-Z]/, "_", f_bytes);
+ fields[f_bytes]=l;
+ total=total+1
+}
+END {
+ if ( total == 0 ) exit 0;
+ for ( k in fields ) print k".label "fields[k]"\n"k".type DERIVE\n"k".min 0"
+}'
+
+    exit 0
+    ;;
+    autoconf)
+	# FreeBSD
+	ostype=`uname -s`
+	# OpenBSD
+	if [ ${ostype} = "OpenBSD" ]; then
+            # enabled?
+	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+		echo "no (pf(4) is not enabled, consult pfctl(8)"
+		exit 1
+	    fi
+	# Other OSes
+	else
+	    echo "no (this plugin is not supported on your OS)"
+	    exit 1
+	fi
+	echo "yes"
+	exit 0
+	;;
+    suggest)
+	exit 0;
+	;;
+esac
+
+pfctl -sl | awk '
+BEGIN {
+ total=0
+}
+{
+ l=$1;
+ f_bytes=l;
+ gsub(/[^a-z0-9A-Z]/, "_", f_bytes);
+ total=total+1;
+ fields[f_bytes]=fields[f_bytes]+$4;
+}
+END {
+ if ( total == 0 ) exit 0;
+ for ( k in fields ) print k".value "fields[k]
+}'
+
+
--- a/plugins/pf/pf_ipv4_ipv6_packets
+++ b/plugins/pf/pf_ipv4_ipv6_packets
@ -0,0 +1,41 @@
+#!/bin/sh
+pfctl='/sbin/pfctl'
+
+if [ "$1" = "config" ]; then
+    cat <<EOF
+graph_title OpenBSD pf packets ipv4/ipv6
+graph_vlabel packets numbers
+graph_scale no
+graph_category network
+graph_args -l 0
+graph_info OpenBSD pf packets ipv4/ipv6
+EOF
+    cat <<EOF
+ipv4in.label ipv4 IN
+ipv4in.min 0
+ipv4in.type DERIVE
+ipv4out.label ipv4 OUT
+ipv4out.min 0
+ipv4out.type DERIVE
+ipv6in.label ipv6 IN
+ipv6in.min 0
+ipv6in.type DERIVE
+ipv6out.label ipv6 OUT
+ipv6out.min 0
+ipv6out.type DERIVE
+EOF
+exit 0
+fi
+if [ "$1" = "autoconf" ]; then
+    echo yes
+    exit 0
+fi
+
+ipv4_in=$(/sbin/pfctl -si 2>/dev/null | grep 'Bytes In' | awk '{print $3}')
+ipv6_in=$(/sbin/pfctl -si 2>/dev/null  | grep 'Bytes In' | awk '{print $4}')
+ipv4_out=$(/sbin/pfctl -si 2>/dev/null  | grep 'Bytes Out' | awk '{print $3}')
+ipv6_out=$(/sbin/pfctl -si 2>/dev/null  | grep 'Bytes Out' | awk '{print $4}')
+echo "ipv4in.value $ipv4_in"
+echo "ipv4out.value $ipv4_out"
+echo "ipv6in.value $ipv6_in"
+echo "ipv6out.value $ipv6_out"
--- a/plugins/pf/pf_openbsd
+++ b/plugins/pf/pf_openbsd
@ -0,0 +1,82 @@
+#!/bin/sh
+#
+# OpenBSD's pf(4) monitoring for OpenBSD
+# 2007, Originally by Gergely Czuczy <phoemix@harmless.hu>
+# for FreeBSD systems. Ported and splitted by the 
+# immerda admin team admin(at)immerda.ch
+# this version is adapted for openbsd and is only tested on
+# openbsd systems.
+#
+# Needs to run as root.
+# Add "user root" for the [pf] into plugins.conf.
+#
+# Options:
+#  - env.do_searches yes: to enable state table search monitoring`
+#
+#%# family=auto
+#%# capabilities=autoconf
+
+pfctl='/sbin/pfctl'
+
+case $1 in
+    config)
+    cat <<EOF
+graph_title OpenBSD pf statistics
+graph_vlabel Entries per second
+graph_scale no
+graph_category network
+graph_args -l 0
+graph_info OpenBSD's pf usage statistics
+EOF
+    cat <<EOF
+matches.label Matches
+matches.min 0
+matches.type DERIVE
+mismatches.label State mismatches
+mismatches.min 0
+mismatches.type DERIVE
+blocks.label Blocked packets
+blocks.type DERIVE
+blocks.min 0
+EOF
+    exit 0
+    ;;
+    autoconf)
+	# FreeBSD
+	ostype=`uname -s`
+	if [ ${ostype} = "FreeBSD" ]; then
+	    # pf(4) module loaded?
+	    if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then
+		echo "no (pf(4) is not loaded)"
+		exit 1
+	    fi
+	    # enabled?
+	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+		echo "no (pf(4) is not enabled, consult pfctl(8)"
+		exit 1
+	    fi
+	# OpenBSD
+	elif [ ${ostype} = "OpenBSD" ]; then
+            # enabled?
+	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+		echo "no (pf(4) is not enabled, consult pfctl(8)"
+		exit 1
+	    fi
+	# Other OSes
+	else
+	    echo "no (this plugin is not supported on your OS)"
+	    exit 1
+	fi
+	echo "yes"
+	exit 0
+	;;
+    suggest)
+	exit 0;
+	;;
+esac
+
+#
+${pfctl} -si 2>/dev/null | awk '
+$1~/^match$/{print "matches.value",$2}
+/state-mismatch/{print "mismatches.value",$2}'
+${pfctl} -vsr 2> /dev/null| grep -A 1 ^block | awk 'BEGIN {sum=0}/^[ \t]*\[/{sum=sum+$5} END {print "blocks.value",sum}'
--- a/plugins/pf/pf_packets
+++ b/plugins/pf/pf_packets
@ -0,0 +1,96 @@
+#!/bin/sh
+#
+# OpenBSD's pf(4) monitoring for OpenBSD
+# 2007, Originally by Gergely Czuczy <phoemix@harmless.hu>
+# for FreeBSD systems. Ported and splitted by the 
+# immerda admin team admin(at)immerda.ch
+# this version is adapted for openbsd and is only tested on
+# openbsd systems.
+#
+# Needs to run as root.
+# Add "user root" for the [pf] into plugins.conf.
+#
+#%# family=auto
+#%# capabilities=autoconf
+
+pfctl='/sbin/pfctl'
+
+case $1 in
+    config)
+    cat <<EOF
+graph_title OpenBSD pf label packets statistics
+graph_vlabel packets per second
+graph_scale no
+graph_category network
+graph_args -l 0
+graph_info OpenBSD's pf label packets usage statistics
+EOF
+pfctl -sl | awk '
+BEGIN {
+ total=0
+}
+{
+ l=$1;
+ f_packets=l;
+ gsub(/[^a-z0-9A-Z]/, "_", f_packets);
+ fields[f_packets]=l;
+ total=total+1
+}
+END {
+ if ( total == 0 ) exit 0;
+ for ( k in fields ) print k".label "fields[k]"\n"k".type DERIVE\n"k".min 0"
+}'
+
+    exit 0
+    ;;
+    autoconf)
+	# FreeBSD
+	ostype=`uname -s`
+	if [ ${ostype} = "FreeBSD" ]; then
+	    # pf(4) module loaded?
+	    if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then
+		echo "no (pf(4) is not loaded)"
+		exit 1
+	    fi
+	    # enabled?
+	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+		echo "no (pf(4) is not enabled, consult pfctl(8)"
+		exit 1
+	    fi
+	# OpenBSD
+	elif [ ${ostype} = "OpenBSD" ]; then
+            # enabled?
+	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+		echo "no (pf(4) is not enabled, consult pfctl(8)"
+		exit 1
+	    fi
+	# Other OSes
+	else
+	    echo "no (this plugin is not supported on your OS)"
+	    exit 1
+	fi
+	echo "yes"
+	exit 0
+	;;
+    suggest)
+	exit 0;
+	;;
+esac
+
+pfctl -sl | awk '
+BEGIN {
+ total=0
+}
+{
+ l=$1;
+ f_packets=l;
+ gsub(/[^a-z0-9A-Z]/, "_", f_packets);
+ total=total+1;
+ fields[f_packets]=fields[f_packets]+$3;
+}
+END {
+ if ( total == 0 ) exit 0;
+ for ( k in fields ) print k".value "fields[k]
+}'
+
+
--- a/plugins/pf/pf_states
+++ b/plugins/pf/pf_states
@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# OpenBSD's pf(4) monitoring for OpenBSD
+# 2007, Originally by Gergely Czuczy <phoemix@harmless.hu>
+# for FreeBSD systems. Ported and splitted by the 
+# immerda admin team admin(at)immerda.ch
+# this version is adapted for openbsd and is only tested on
+# openbsd systems.
+#
+# Needs to run as root.
+# Add "user root" for the [pf] into plugins.conf.
+#
+# Options:
+#  - env.do_searches yes: to enable state table search monitoring`
+#
+#%# family=auto
+#%# capabilities=autoconf
+
+pfctl='/sbin/pfctl'
+
+case $1 in
+    config)
+    cat <<EOF
+graph_title OpenBSD pf state statistics
+graph_vlabel Entries per second
+graph_scale no
+graph_category network
+graph_args -l 0
+graph_info OpenBSD's pf state statistics
+states.label States
+states.type GAUGE
+searches.label Searches
+searches.min 0
+searches.type DERIVE
+EOF
+${pfctl} -sm 2> /dev/null | awk '
+/states/ {print "states.warning "$4*0.9; print "states.critical "$4*0.95}'
+    exit 0
+    ;;
+    autoconf)
+	# FreeBSD
+	ostype=`uname -s`
+	if [ ${ostype} = "FreeBSD" ]; then
+	    # pf(4) module loaded?
+	    if [ `kldstat -v | grep pf | wc -l` -eq 0 ]; then
+		echo "no (pf(4) is not loaded)"
+		exit 1
+	    fi
+	    # enabled?
+	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+		echo "no (pf(4) is not enabled, consult pfctl(8)"
+		exit 1
+	    fi
+	# OpenBSD
+	elif [ ${ostype} = "OpenBSD" ]; then
+            # enabled?
+	    if [ `pfctl -si 2>/dev/null | awk '/^Status:/{print $2}'` != "Enabled" ]; then
+		echo "no (pf(4) is not enabled, consult pfctl(8)"
+		exit 1
+	    fi
+	# Other OSes
+	else
+	    echo "no (this plugin is not supported on your OS)"
+	    exit 1
+	fi
+	echo "yes"
+	exit 0
+	;;
+    suggest)
+	exit 0;
+	;;
+esac
+
+#
+${pfctl} -si 2>/dev/null | awk '
+/current entries/{print "states.value",$3}
+/searches/ { print "searches.value",$2}'
--- a/plugins/pf/pf_tables_
+++ b/plugins/pf/pf_tables_
@ -0,0 +1,252 @@
+#!/usr/bin/perl -w
+# -*- perl -*-
+
+=head1 NAME
+
+pf_tables : Munin plugin to monitor pf tables.
+Inout: bandwidth usage for table
+Addresses: number of entries in table
+
+
+=head1 APPLICABLE SYSTEMS
+
+Should work on any BSD that has pf(4).
+
+Examples:
+
+=over
+
+=item pf_tables_inout_tablename
+
+=item pf_tables_addresses_authenticated
+
+=item pf_tables_addresses_badboys
+
+
+=head1 CONFIGURATION
+
+[pf_tables_*]
+user root
+
+=head1 INTERPRETATION
+
+The plugin simply runs the pfctl -sTables -vvv command and counts the number of
+Addresses and InBytes/OutBytes in each table.
+
+=head1 BUGS
+
+Only tested extensively on FreeBSD.
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf suggest
+
+=head1 VERSION
+
+  $Id$
+
+=head1 AUTHOR
+
+Copyright (C) 2015.
+
+Original version by Luc Duchosal (at) arcantel (dot) ch.
+Created by Luc Duchosal, 2015
+
+=head1 LICENSE
+
+BSD
+
+=cut
+
+
+use strict;
+use Munin::Plugin;
+
+$0 =~ /pf_tables_(addresses|inout)_(.+)$/;
+my $name = $2;
+my $operation = $1;
+
+if ( defined($ARGV[0])) {
+    if ($ARGV[0] eq 'autoconf') {
+        print "yes\n";
+        exit 0;
+    }
+
+    if ($ARGV[0] eq "config") {
+
+        if (!defined($name)) {
+            print "Unknown table\n";
+            exit 0;
+        }
+
+        if (!defined($operation)) {
+            print "Unknown operation\n";
+            exit 0;
+        }
+
+        if ($operation =~ m/addresses/) {
+
+            print "graph_title Connected users ($name)\n";
+            print "graph_args --base 1000 -l 0\n";
+            print "graph_vlabel Users\n";
+            print "graph_scale no\n";
+            print "graph_category network\n";
+            print "graph_printf %3.0lf\n";
+
+            print "users.label users\n";
+            print "users.draw AREASTACK\n";
+            print "users.colour 00C000\n";
+            foreach my $field (qw(users)) {
+                print_thresholds($field);
+            }
+        }
+
+        if ($operation =~ m/inout/) {
+
+            print "graph_title Network bandwidth ($name)\n";
+            print "graph_args --base 1024 -l 0\n";
+            print "graph_vlabel Bandwidth\n";
+            print "graph_scale yes\n";
+            print "graph_category network\n";
+#            print "graph_printf %3.0lf\n";
+
+            print "in.label in\n";
+            print "in.type DERIVE\n";
+            print "in.draw AREA\n";
+            print "in.colour C00000\n";
+            print "in.cdef in,8,*\n";
+            print "in.min 0\n";
+            print "in.graph no\n";
+            print "out.label bps\n";
+            print "out.type DERIVE\n";
+            print "out.negative in\n";
+            print "out.draw AREA\n";
+            print "out.colour COLOUR18\n";
+            print "out.cdef out,8,*\n";
+            print "out.min 0\n";
+
+            foreach my $field (qw(in out)) {
+                print_thresholds($field);
+            }
+
+        }
+        exit 0;
+    }
+
+    if ($ARGV[0] eq "suggest") {
+        my %tables = &tables();
+        foreach my $key (keys(%tables)) {
+            print "addresses_$key\n";
+            print "inout_$key\n";
+        }
+        exit 0;
+    }
+
+}
+
+if (!defined($name)) {
+    print "Usage: pf_tables_addresses_tablename or pf_tables_inout_tablename\n";
+    exit 1;
+}
+
+my %tables = &tables();
+if (!exists $tables{$name}) {
+   print "Unknown table name $name\n";
+   exit 2;
+}
+
+if ($operation =~ m/addresses/) {
+    my $users = $tables{$name}->{"addresses"};
+    print "users.value $users\n";
+}
+
+if ($operation =~ m/inout/) {
+    my $in = $tables{$name}->{"inpassbytes"};
+    my $out = $tables{$name}->{"outpassbytes"};
+    print "in.value $in\n";
+    print "out.value $out\n";
+}
+
+
+sub tables {
+
+    # # pfctl -s Tables -vv
+    # -pa-r-- auth
+    #         Addresses:   0
+    #         Cleared:     Fri Sep 18 17:34:42 2015
+    #         References:  [ Anchors: 0                  Rules: 14                 ]
+    #         Evaluations: [ NoMatch: 43624              Match: 788                ]
+    #         In/Block:    [ Packets: 0                  Bytes: 0                  ]
+    #         In/Pass:     [ Packets: 30908              Bytes: 2704516            ]
+    #         In/XPass:    [ Packets: 124                Bytes: 7897               ]
+    #         Out/Block:   [ Packets: 0                  Bytes: 0                  ]
+    #         Out/Pass:    [ Packets: 30288              Bytes: 26313114           ]
+    #         Out/XPass:   [ Packets: 89                 Bytes: 21166              ]
+
+    my $output = `/sbin/pfctl -s Tables -vv 2> /dev/null`;
+    my %tables;
+    my $name;
+
+    foreach (split(/\n/, $output)) {
+
+       if (m|^[cpairhC\-]{7}\s+(\S+)$|) {
+          $name = $1;
+		  $name =~ s/\-/_/;
+          $tables{$name}->{"name"} = $name;
+          next;
+       }
+
+       if (m|Addresses:\s+([0-9]+)$|) {
+          $tables{$name}->{"addresses"} = $1;
+          next;
+       }
+
+       if (m|Cleared:\s+(.+)$|) {
+          $tables{$name}->{"cleared"} = $1;
+          next;
+       }
+
+       if (m|In/Block:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"inblockpackets"} = $1;
+          $tables{$name}->{"inblockbytes"} = $2;
+          next;
+       }
+
+       if (m|In/Pass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"inpasspackets"} = $1;
+          $tables{$name}->{"inpassbytes"} = $2;
+          next;
+       }
+
+       if (m|In/XPass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"inxpasspackets"} = $1;
+          $tables{$name}->{"inxpassbytes"} = $2;
+          next;
+       }
+
+       if (m|Out/Block:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"outblockpackets"} = $1;
+          $tables{$name}->{"outblockbytes"} = $2;
+          next;
+       }
+
+       if (m|Out/Pass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"outpasspackets"} = $1;
+          $tables{$name}->{"outpassbytes"} = $2;
+          next;
+       }
+
+       if (m|Out/XPass:\s+\[\s+Packets:\s+([0-9]+)\s+Bytes:\s+([0-9]+)\s+\]$|) {
+          $tables{$name}->{"outxpasspackets"} = $1;
+          $tables{$name}->{"outxpassbytes"} = $2;
+          next;
+       }
+
+    }
+
+    return %tables;
+
+}
+
+# vim:syntax=perl