#!/usr/local/bin/perl -Tw
#
#   $Id: quickreport.pl,v 1.2 1999/07/09 16:23:28 dgregor Exp $
#
# Copyright (c) 1999 Daniel J. Gregor, Jr., All rights reserved.
# 
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
# 	This product includes software developed by Daniel J. Gregor, Jr.
# 4. The name of Daniel J. Gregor, Jr. may not be used to endorse or promote
#    products derived from this software without specific prior written
#    permission.
# 
# THIS SOFTWARE IS PROVIDED BY DANIEL J. GREGOR, JR. ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL DANIEL J. GREGOR, JR. BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

$ipregexp = '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+';

while (defined($_ = <>)) {
	chomp($_);

	next unless $_ =~ m/IPACCESS/;	# we only want IP access messages
#	next unless $_ =~  m/list [0-9]+ denied/;	# we only watch denied
	next unless $_ =~  m/list [0-9]+ (denied|permitted)/;

	(($accesslist, $permitted, $proto, $sourceip, $sourceport, $destip, $destport, $numpackets) = m/list ([0-9]+) (\S+) (\S+) ($ipregexp)(?:\((\S+)\))? -> ($ipregexp)(?:\s*\((\S+)\))?, (\d+) packets?$/o) || warn "syntax error on $.: \"$_\"\n";

	if (!defined($sourceport)) {
		$sourceport = "";
	}

	if (!defined($destport)) {
		$destport = "";
	}

	# XXX This is really freaking nasty.  This hash is going to
	# XXX get *HUGE*.  I need to do something like
	# XXX $list{$accesslist}{"$sourceip\t$destip\t..."} += $numpackets
	# XXX I have haven't gotten around to it yet.
	foreach $bogus (1 .. $numpackets) {
		$bogus = $bogus;	# quiet warnings
		push (@{$list{$accesslist}}, "$sourceip\t$destip\t$destport\t$sourceport\t$proto\t$permitted");
	}

}

format STDOUT =
@<<<<<    @<<<<<<<<<<<<<<  @<<<<     @<<<<<<<<<<<<<<  @<<<<     @<<<    @<<<<
$count,   $sourceip,       $sourceport, $destip,      $destport,$proto, $permitted
.

	format STDOUT_TOP = 
@|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
  	"Access list $accesslist denied packets"
Count     Source IP    Source Port   Dest IP         Dest Port  Protocol Permit
-------------------------------------------------------------------------------
.

# sort everything
foreach $accesslist (keys %list) {
	@{$list{$accesslist}} = sort(@{$list{$accesslist}});
}

foreach $accesslist (keys %list) {

	$- = 0;

	undef($lastline);
	foreach $line (@{$list{$accesslist}}) {
		if (defined($lastline)) {
			if ($line eq $lastline) {
				$count++;
				next;
			} else {
				($sourceip, $destip, $destport, $sourceport,
					$proto, $permitted) =
					split(/\t/, $lastline);

				write;

				$lastline = $line;
				$count = 1;
			}
		} else {
			$lastline = $line;
			$count = 1;
		}
	}
	if (defined($lastline)) {
		($sourceip, $destip, $destport, $sourceport, $proto, $permitted) =
			split(/\t/, $lastline);
		write;
	}
}
