From be2bfbeae0f6af6d32ce528e3cbf9c6ed58a7f32 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 15 Mar 2007 15:04:29 +0000
Subject: [PATCH] Add Accounting Module

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5545 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 New/Shorewall/Accounting.pm | 109 ++++++++++++++++++++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 New/Shorewall/Accounting.pm

diff --git a/New/Shorewall/Accounting.pm b/New/Shorewall/Accounting.pm
new file mode 100644
index 000000000..9732a7fc3
--- /dev/null
+++ b/New/Shorewall/Accounting.pm
@@ -0,0 +1,109 @@
+package Shorewall::Accounting;
+require Exporter;
+use Shorewall::Common;
+use Shorewall::Config;
+use Shorewall::Zones;
+use Shorewall::Chains;
+
+use strict;
+
+our @ISA = qw(Exporter);
+our @EXPORT = qw( setup_accounting );
+our @EXPORT_OK = qw( );
+our @VERSION = 1.00;
+
+#
+# Accounting
+#
+my $jumpchainref;
+
+sub process_accounting_rule( $$$$$$$$ ) {
+    my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = @_;
+
+    sub accounting_error() {
+	warning_message "Invalid Accounting rule \"$line\"";
+    }
+
+    sub jump_to_chain( $ ) {
+	my $jumpchain = $_[0];
+	$jumpchainref = ensure_chain( 'filter', $jumpchain );
+	"-j $jumpchain";
+    }
+
+    $chain = 'accounting' unless $chain and $chain ne '-';
+    
+    my $chainref = ensure_filter_chain $chain , 0;
+
+    my $target = '';
+
+    my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
+    my $rule2 = 0;
+
+    unless ( $action eq 'COUNT' ) {
+	if ( $action eq 'DONE' ) {
+	    $target = '-j RETURN';
+	} else {
+	    ( $action, my $cmd ) = split /:/, $action;
+	    if ( $cmd ) {
+		if ( $cmd eq 'COUNT' ) {
+		    $rule2=1;
+		    $target = jump_to_chain $action;
+		} elsif ( $cmd ne 'JUMP' ) {
+		    accounting_error;
+		}
+	    } else {
+		$target = jump_to_chain $action;
+	    }
+	}
+    }
+
+    expand_rule
+	$chainref ,
+	$rule ,
+	$source ,
+	$dest ,
+	'' ,
+	$target ,
+	'' ,
+	'' ,
+	'' ;
+
+    if ( $rule2 ) {
+	expand_rule 
+	    $jumpchainref ,
+	    $rule ,
+	    $source ,
+	    $dest ,
+	    '' ,
+	    '' ,
+	    '' ,
+	    '' ,
+	    '' ;
+    }
+}
+
+sub setup_accounting() {
+
+    open ACC, "$ENV{TMP_DIR}/accounting" or fatal_error "Unable to open stripped accounting file: $!";
+
+    while ( $line = <ACC> ) {
+
+	chomp $line;
+	$line =~ s/\s+/ /g;
+
+	my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $extra ) = split /\s+/, $line;
+
+	accounting_error if $extra;
+	process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user;
+    }
+	
+    close ACC;
+
+    if ( $filter_table->{accounting} ) {
+	for my $chain qw/INPUT FORWARD OUTPUT/ {
+	    insert_rule $filter_table->{$chain}, 1, '-j accounting';
+	}
+    }
+}
+
+1;