From 44c0bffcd3976afc7547d20622d80bf1a7c22e3f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 13 Mar 2016 14:39:46 -0700
Subject: [PATCH] Add 'audit' option to actions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 13 +++++++++++++
 Shorewall/Perl/Shorewall/Rules.pm  | 11 +++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 2939d0a19..92281c831 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -139,6 +139,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
 				       push_action_params
 				       pop_action_params
 				       default_action_params
+                                       setup_audit_action
 				       read_a_line
 				       which
 				       qt
@@ -3295,6 +3296,18 @@ sub get_action_params( $ ) {
     @return;
 }
 
+sub setup_audit_action( $ ) {
+    my ( $action ) = @_;
+
+    my ( $target, $audit ) = get_action_params( 2 );
+
+    if ( supplied $audit ) {
+	fatal_error "Invalid parameter ($audit) to action $action" if $audit ne 'audit';
+	$actparms{1} = "A_$target";
+    }
+}
+
+
 #
 # Returns the Level and Tag for the current action chain
 #
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 8fd188747..e1b2fed31 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -237,6 +237,7 @@ use constant { INLINE_OPT           => 1 ,
 	       FILTER_OPT           => 64 ,
 	       NAT_OPT              => 128 ,
 	       TERMINATING_OPT      => 256 ,
+	       AUDIT_OPT            => 512 ,
 };
 
 our %options = ( inline      => INLINE_OPT ,
@@ -248,6 +249,7 @@ our %options = ( inline      => INLINE_OPT ,
 		 filter      => FILTER_OPT ,
 		 nat         => NAT_OPT ,
 		 terminating => TERMINATING_OPT ,
+		 audit       => AUDIT_OPT ,
     );
 ################################################################################
 #   Declarations moved from the Tc module in 5.0.7                             #
@@ -1829,8 +1831,10 @@ sub process_action(\$\$$) {
     push_open $actionfile, 2, 1, undef, 2;
 
     my $oldparms = push_action_params( $action, $chainref, $param, $level, $tag, $caller );
+    my $options = $actions{$action}{options};
+    my $nolog = $options & NOINLINE_OPT;
 
-    my $nolog = $actions{$action}{options} & NOINLINE_OPT;
+    setup_audit_action( $action ) if $options & AUDIT_OPT;
 
     $active{$action}++;
     push @actionstack, $wholeaction;
@@ -2326,7 +2330,10 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
 				       );
 
     my $inlinefile = $inlines{$inline}{file};
-    my $nolog      = $inlines{$inline}{options} & NOLOG_OPT;
+    my $options    = $inlines{$inline}{options};
+    my $nolog      = $options & NOLOG_OPT;
+
+    setup_audit_action( $inline ) if $options & AUDIT_OPT;
 
     progress_message "..Expanding inline action $inlinefile...";