4
4
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
6
# (c) 2007,2008,2009,2010,2011 - Tom Eastep (teastep@shorewall.net)
6
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
8
8
# Complete documentation is available at http://shorewall.net
35
35
our @ISA = qw(Exporter);
36
36
our @EXPORT = qw( setup_accounting );
37
37
our @EXPORT_OK = qw( );
38
our $VERSION = '4.5_3';
38
our $VERSION = '4.5_16';
41
41
# Per-IP accounting tables. Each entry contains the associated network.
50
my $defaultrestriction;
52
my $accounting_commands = { COMMENT => 0, SECTION => 2 };
50
our $defaultrestriction;
57
56
# Sections in the Accounting File
139
138
$asection = $newsect;
141
sub split_nfacct_list( $;$ ) {
142
my ($list, $origlist ) = @_;
144
fatal_error( "Invalid nfacct list (" . ( $origlist ? $origlist : $list ) . ')' ) if $list =~ /^,|,$|,,$/;
145
sub process_accounting_rule( ) {
152
sub process_accounting_rule1( $$$$$$$$$$$ ) {
154
my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers ) = @_;
147
156
$acctable = $config{ACCOUNTING_TABLE};
149
158
$jumpchainref = 0;
151
my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers ) =
152
split_line1 'Accounting File', { action => 0, chain => 1, source => 2, dest => 3, proto => 4, dport => 5, sport => 6, user => 7, mark => 8, ipsec => 9, headers => 10 }, $accounting_commands;
154
fatal_error 'ACTION must be specified' if $action eq '-';
156
if ( $action eq 'COMMENT' ) {
161
if ( $action eq 'SECTION' ) {
162
process_section( $chain );
166
160
$asection = LEGACY if $asection < 0;
168
162
our $disposition = '';
237
232
} elsif ( $action =~ /^NFLOG/ ) {
238
233
$target = validate_level $action;
234
} elsif ( $action =~ /^NFACCT\((.+)\)$/ ) {
235
require_capability 'NFACCT_MATCH', 'The NFACCT action', 's';
237
for ( my @objects = split_nfacct_list $1 ) {
238
validate_nfobject( $_, 1 );
240
$prerule .= do_nfacct( $_ );
242
$rule .= do_nfacct( $_ );
245
} elsif ( $action eq 'INLINE' ) {
246
$rule .= get_inline_matches;
240
248
( $action, my $cmd ) = split /:/, $action;
424
sub process_accounting_rule( ) {
426
my ($action, $chain, $source, $dest, $protos, $ports, $sports, $user, $mark, $ipsec, $headers ) =
427
split_line1 'Accounting File', { action => 0, chain => 1, source => 2, dest => 3, proto => 4, dport => 5, sport => 6, user => 7, mark => 8, ipsec => 9, headers => 10 };
431
for my $proto ( split_list $protos, 'Protocol' ) {
432
fatal_error 'ACTION must be specified' if $action eq '-';
434
if ( $action eq 'SECTION' ) {
435
process_section( $chain );
437
for my $proto ( split_list $protos, 'Protocol' ) {
438
$nonempty |= process_accounting_rule1( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers );
413
446
sub setup_accounting() {
415
if ( my $fn = open_file 'accounting' ) {
448
if ( my $fn = open_file 'accounting', 1, 1 ) {
417
450
first_entry "$doing $fn...";