shorewall_code/New/Shorewall/Accounting.pm

package Shorewall::Accounting;
require Exporter;
use Shorewall::Common;
use Shorewall::Config;
use Shorewall::Zones;
use Shorewall::Chains;

use strict;

our @ISA = qw(Exporter);
our @EXPORT = qw( setup_accounting );
our @EXPORT_OK = qw( );
our @VERSION = 1.00;

#
# Accounting
#
my $jumpchainref;

sub process_accounting_rule( $$$$$$$$ ) {
    my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = @_;

    sub accounting_error() {
	warning_message "Invalid Accounting rule \"$line\"";
    }

    sub jump_to_chain( $ ) {
	my $jumpchain = $_[0];
	$jumpchainref = ensure_chain( 'filter', $jumpchain );
	"-j $jumpchain";
    }

    $chain = 'accounting' unless $chain and $chain ne '-';
    
    my $chainref = ensure_filter_chain $chain , 0;

    my $target = '';

    my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
    my $rule2 = 0;

    unless ( $action eq 'COUNT' ) {
	if ( $action eq 'DONE' ) {
	    $target = '-j RETURN';
	} else {
	    ( $action, my $cmd ) = split /:/, $action;
	    if ( $cmd ) {
		if ( $cmd eq 'COUNT' ) {
		    $rule2=1;
		    $target = jump_to_chain $action;
		} elsif ( $cmd ne 'JUMP' ) {
		    accounting_error;
		}
	    } else {
		$target = jump_to_chain $action;
	    }
	}
    }

    expand_rule
	$chainref ,
	$rule ,
	$source ,
	$dest ,
	'' ,
	$target ,
	'' ,
	'' ,
	'' ;

    if ( $rule2 ) {
	expand_rule 
	    $jumpchainref ,
	    $rule ,
	    $source ,
	    $dest ,
	    '' ,
	    '' ,
	    '' ,
	    '' ,
	    '' ;
    }
}

sub setup_accounting() {

    open ACC, "$ENV{TMP_DIR}/accounting" or fatal_error "Unable to open stripped accounting file: $!";

    while ( $line = <ACC> ) {

	chomp $line;
	$line =~ s/\s+/ /g;

	my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $extra ) = split /\s+/, $line;

	accounting_error if $extra;
	process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user;
    }
	
    close ACC;

    if ( $filter_table->{accounting} ) {
	for my $chain qw/INPUT FORWARD OUTPUT/ {
	    insert_rule $filter_table->{$chain}, 1, '-j accounting';
	}
    }
}

1;
Add Accounting Module git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5545 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2007-03-15 16:04:29 +01:00			`package Shorewall::Accounting;`
			`require Exporter;`
			`use Shorewall::Common;`
			`use Shorewall::Config;`
			`use Shorewall::Zones;`
			`use Shorewall::Chains;`

			`use strict;`

			`our @ISA = qw(Exporter);`
			`our @EXPORT = qw( setup_accounting );`
			`our @EXPORT_OK = qw( );`
			`our @VERSION = 1.00;`

			`#`
			`# Accounting`
			`#`
			`my $jumpchainref;`

			`sub process_accounting_rule( $$$$$$$$ ) {`
			`my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = @_;`

			`sub accounting_error() {`
			`warning_message "Invalid Accounting rule \"$line\"";`
			`}`

			`sub jump_to_chain( $ ) {`
			`my $jumpchain = $_[0];`
			`$jumpchainref = ensure_chain( 'filter', $jumpchain );`
			`"-j $jumpchain";`
			`}`

			`$chain = 'accounting' unless $chain and $chain ne '-';`

			`my $chainref = ensure_filter_chain $chain , 0;`

			`my $target = '';`

			`my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );`
			`my $rule2 = 0;`

			`unless ( $action eq 'COUNT' ) {`
			`if ( $action eq 'DONE' ) {`
			`$target = '-j RETURN';`
			`} else {`
			`( $action, my $cmd ) = split /:/, $action;`
			`if ( $cmd ) {`
			`if ( $cmd eq 'COUNT' ) {`
			`$rule2=1;`
			`$target = jump_to_chain $action;`
			`} elsif ( $cmd ne 'JUMP' ) {`
			`accounting_error;`
			`}`
			`} else {`
			`$target = jump_to_chain $action;`
			`}`
			`}`
			`}`

			`expand_rule`
			`$chainref ,`
			`$rule ,`
			`$source ,`
			`$dest ,`
			`'' ,`
			`$target ,`
			`'' ,`
			`'' ,`
			`'' ;`

			`if ( $rule2 ) {`
			`expand_rule`
			`$jumpchainref ,`
			`$rule ,`
			`$source ,`
			`$dest ,`
			`'' ,`
			`'' ,`
			`'' ,`
			`'' ,`
			`'' ;`
			`}`
			`}`

			`sub setup_accounting() {`

			`open ACC, "$ENV{TMP_DIR}/accounting" or fatal_error "Unable to open stripped accounting file: $!";`

			`while ( $line = <ACC> ) {`

			`chomp $line;`
			`$line =~ s/\s+/ /g;`

			`my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $extra ) = split /\s+/, $line;`

			`accounting_error if $extra;`
			`process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user;`
			`}`

			`close ACC;`

			`if ( $filter_table->{accounting} ) {`
			`for my $chain qw/INPUT FORWARD OUTPUT/ {`
			`insert_rule $filter_table->{$chain}, 1, '-j accounting';`
			`}`
			`}`
			`}`

			`1;`