From 27684908c462011e37da64a3a13967f58996e33a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 3 Feb 2011 09:25:13 -0800 Subject: [PATCH] Catch mis-matched nets in per-IP accounting rules --- Shorewall/Perl/Shorewall/Accounting.pm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index 718a09131..87462c989 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -37,12 +37,18 @@ our @EXPORT = qw( setup_accounting ); our @EXPORT_OK = qw( ); our $VERSION = '4.4.17'; +# +# Per-IP accounting tables. Each entry contains the associated network. +# +our %tables; + # # Called by the compiler to [re-]initialize this module's state # sub initialize() { our $jumpchainref; $jumpchainref = undef; + %tables = (); } # @@ -113,6 +119,14 @@ sub process_accounting_rule( ) { fatal_error "Invalid Network Address ($net)" unless defined $net && $net =~ '/(\d+)$'; fatal_error "Netmask ($1) out of range" unless $1 >= 8; validate_net $net, 0; + + my $prevnet = $tables{$table}; + if ( $prevnet ) { + fatal_error "Previous net associated with $table ($prevnet) does not match this one ($net)" unless $net eq $prevnet; + } else { + $tables{$table} = $net; + } + $target = "ACCOUNT --addr $net --tname $table"; } else { fatal_error "Invalid ACCOUNT Action";