holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Cosmetic changes to the Accounting module"

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-02-19 15:50:18 -08:00
parent f44b643038
commit 685de1c588
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -51,12 +51,18 @@ our $restriction;
our $accounting_commands = { COMMENT => 0, SECTION => 2 }; our $accounting_commands = { COMMENT => 0, SECTION => 2 };
our $sectionname; our $sectionname;
#
# Sections in the Accounting File
#
use constant { use constant {
LEGACY => 0, LEGACY => 0,
INPUT => 1, INPUT => 1,
OUTPUT => 2, OUTPUT => 2,
FORWARD => 3 }; FORWARD => 3 };
#
# Map names to values
#
our %asections = ( INPUT => INPUT, our %asections = ( INPUT => INPUT,
FORWARD => FORWARD, FORWARD => FORWARD,
OUTPUT => OUTPUT ); OUTPUT => OUTPUT );
@ -68,7 +74,16 @@ sub initialize() {
$jumpchainref = undef; $jumpchainref = undef;
%tables = (); %tables = ();
%accountingjumps = (); %accountingjumps = ();
#
# The section number is initialized to a value less thatn LEGACY. It will be set to LEGACY if a
# the first non-commentary line in the accounting file isn't a section header
#
# This allows the section header processor to quickly check for correct order
#
$asection = -1; $asection = -1;
#
# These are the legacy values
#
$defaultchain = 'accounting'; $defaultchain = 'accounting';
$defaultrestriction = NO_RESTRICT; $defaultrestriction = NO_RESTRICT;
$sectionname = ''; $sectionname = '';
@ -106,8 +121,7 @@ sub process_section ($) {
# #
sub process_accounting_rule( ) { sub process_accounting_rule( ) {
our $jumpchainref = 0; $jumpchainref = 0;
our %accountingjumps;
my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers ) = split_line1 1, 11, 'Accounting File', $accounting_commands; my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers ) = split_line1 1, 11, 'Accounting File', $accounting_commands;
@ -181,6 +195,7 @@ sub process_accounting_rule( ) {
validate_net $net, 0; validate_net $net, 0;
my $prevnet = $tables{$table}; my $prevnet = $tables{$table};
if ( $prevnet ) { if ( $prevnet ) {
fatal_error "Previous net associated with $table ($prevnet) does not match this one ($net)" unless compare_nets( $net , $prevnet ); fatal_error "Previous net associated with $table ($prevnet) does not match this one ($net)" unless compare_nets( $net , $prevnet );
} else { } else {
@ -193,6 +208,7 @@ sub process_accounting_rule( ) {
} }
} else { } else {
( $action, my $cmd ) = split /:/, $action; ( $action, my $cmd ) = split /:/, $action;
if ( $cmd ) { if ( $cmd ) {
if ( $cmd eq 'COUNT' ) { if ( $cmd eq 'COUNT' ) {
$rule2 = 1; $rule2 = 1;
@ -225,6 +241,7 @@ sub process_accounting_rule( ) {
$dest = ALLIP if $dest eq 'any' || $dest eq 'all'; $dest = ALLIP if $dest eq 'any' || $dest eq 'all';
} else { } else {
$chain = 'accounting' unless $chain and $chain ne '-'; $chain = 'accounting' unless $chain and $chain ne '-';
if ( $dest eq 'any' || $dest eq 'all' || $dest eq ALLIP ) { if ( $dest eq 'any' || $dest eq 'all' || $dest eq ALLIP ) {
expand_rule( expand_rule(
ensure_filter_chain( 'accountout' , 0 ) , ensure_filter_chain( 'accountout' , 0 ) ,
@ -348,8 +365,6 @@ sub process_accounting_rule( ) {
sub setup_accounting() { sub setup_accounting() {
our %accountingjumps;
if ( my $fn = open_file 'accounting' ) { if ( my $fn = open_file 'accounting' ) {
first_entry "$doing $fn..."; first_entry "$doing $fn...";