#!/usr/bin/perl
# $Id: markrule,v 1.3 2001/02/24 21:37:10 stes Exp $

$IPLOG=$ENV{'IPLOG'};
$IPMENU=$ENV{'IPMENU'};
require "$IPMENU/ipmenu.lib";

$i=0;
$flag=$ARGV[$i++];
$chain=$ARGV[$i++];
$num=$ARGV[$i++];
$idev=$ARGV[$i++];
$odev=$ARGV[$i++];
$proto=$ARGV[$i++];
$saddr=$ARGV[$i++];
$sport=$ARGV[$i++];
$daddr=$ARGV[$i++];
$dport=$ARGV[$i++];
$tcpmask=$ARGV[$i++];
$tcpflag=$ARGV[$i++];
$icmptype=$ARGV[$i++];
$connstate=$ARGV[$i++];
$limit=$ARGV[$i++];
$limitburst=$ARGV[$i++];
$mark=$ARGV[$i++];

if ("$mark" eq "Default") { exit(0); }

$num="" if $num == 0;
$cmd="iptables -t mangle $flag $chain $num ";

if ($mark =~ /([\w\d]+)\:([\w\d]+)/) {
  $h=hex("0x$1$2");
  $cmd="$cmd -j MARK --set-mark $h ";
} else {
  if ($mark =~ /[\d]+/) {
    $cmd="$cmd -j MARK --set-mark $mark ";
  } else {
    %rt=rtkeys();
    for $key (keys(%rt)) {
      if ($rt{$key} eq $mark) {
        $cmd="$cmd -j MARK --set-mark $key ";
      }
    }
  }
}

if ("x$idev" ne "x" and "$idev" ne "All" and "$idev" ne "Any") {
  $cmd="$cmd -i $idev";
}
if ("x$odev" ne "x" and "$odev" ne "All" and "$odev" ne "Any") {
  $cmd="$cmd -o $odev";
}
if ("x$saddr" ne "x" and "$saddr" ne "All" and "$saddr" ne "Any") {
  $cmd="$cmd -s $saddr";
}
if ("x$daddr" ne "x" and "$daddr" ne "All" and "$daddr" ne "Any") {
  $cmd="$cmd -d $daddr";
}
if ("x$proto" ne "x" and "$proto" ne "All" and "$proto" ne "Any") {
  $cmd="$cmd -p $proto";
}
if ("x$sport" ne "x" and "$sport" ne "All") {
   $cmd="$cmd --sport $sport";
} 
if ("x$dport" ne "x" and "$dport" ne "All") {
   $cmd="$cmd --dport $dport";
} 
if ("x$icmptype" ne "x" and "$icmptype" ne "All") {
   $cmd="$cmd --icmp-type $icmptype";
} 
if ("x$tcpmask" ne "x" and "$tcpmask" ne "NONE") {
   $cmd="$cmd --tcp-flags $tcpmask $tcpflag";
} 
if ("x$connstate" ne "x" and "$connstate" ne "Unused") {
  $cmd="$cmd -m state --state $connstate";
}
if ("x$limit" ne "x" and "$limit" ne "Unused") {
  $cmd="$cmd -m limit --limit $limit";
}
if ("x$limitburst" ne "x" and "$limitburst" ne "Unused") {
  $cmd="$cmd -m limit --limit-burst $limitburst";
}
system("$cmd") if "x$cmd" ne "x";
system("echo \"# $mark\" >> $IPLOG");
system("echo \"$cmd\" >> $IPLOG");

