#!/usr/local/bin/php
<?php
   /*
    * host-traffic.php -- a m0n0wall extension
    *
    * (c) Tom Clegg <tom@tomclegg.net>
    *
    * Distributed under the GNU General Public License, version 2.
    */

$MAX_RULES = 1024;
$RULE_BASE = 10000;
$RULE_MAX = $RULE_BASE+$MAX_RULES;

header ("Content-type: text/plain");

function ip_dechex ($dec)
{
  $hex = 0;
  foreach (explode (".", $dec) as $octet) {
    $hex = ($hex << 8) | (0 + $octet);
  }
  return $hex;
}

function ip_hexdec ($hex)
{
  $dec = "";
  foreach (array (24, 16, 8, 0) as $shift) {
    if ($dec != "") $dec .= ".";
    $dec .= (($hex >> $shift) & 0xff);
  }
  return $dec;
}

$in = array();
$out = array();


if ($_REQUEST['wantether']) {
  $ether = array();
  $h = popen ("/usr/sbin/arp -an", "r");
  while ($x = fgets ($h)) {
    if (ereg ("^\? \(([0-9\.]+)\) at ([0-9a-f:]+)", $x, $regs)) {
      $ether[$regs[1]] = $regs[2];
    }
  }
  pclose ($h);
}


if (ereg ("^0*$RULE_BASE ", `/sbin/ipfw show $RULE_BASE-$RULE_MAX 2>/dev/null`)) {
  passthru ("/sbin/ipfw show $RULE_BASE-$RULE_MAX 2>/dev/null");
  exit;
}


exec ("/usr/bin/netstat -rn", $routelist);
foreach ($routelist as $x)
{
  if (ereg ("^default.*[ \t]([a-z][a-z0-9]+)", $x, $regs)) {
    $wan_ifname = $regs[1];
    break;
  }
}
if (isset ($wan_ifname))
  $via_wan_if = "via $wan_ifname";


exec ("/usr/bin/killall ipfw 2>/dev/null; sleep 1; /sbin/ipfw -q delete set 9", $x);
exec ("/sbin/kldload ipfw 2>/dev/null", $x);
$ipfw = popen ("/sbin/ipfw -q /dev/stdin", "w");
fwrite ($ipfw, "set disable 9\n");
$ruleno = $RULE_BASE;

exec ("/sbin/ifconfig", $iflist);
foreach ($iflist as $x)
{
  if (ereg ("^([^:]+):", $x, $regs)) {
    $ifname = $regs[1];
  }
  else if ($ifname == $wan_ifname) {
  }
  else if (ereg ("^[ \t]*inet ([^ ]+) netmask 0x([0-9a-f]+) broadcast ([^ ]+)", $x, $regs)) {
    $me = ip_dechex ($regs[1]);
    $mask = hexdec ($regs[2]);
    for ($ip = 1 + ($me & $mask);
	 ((($ip+1) & $mask) == ($me & $mask))
	   && ($MAX_RULES-- > 0);
	 $ip++) {
      $octets = ip_hexdec ($ip);
      ++$ruleno;
      fwrite ($ipfw, "add $ruleno set 9 count ip from any to $octets $via_wan_if\n");
      fwrite ($ipfw, "add $ruleno set 9 count ip from $octets to any $via_wan_if\n");
      print "$ruleno 0 0 count ip from any to $octets $via_wan_if\n";
      print "$ruleno 0 0 count ip from $octets to any $via_wan_if\n";
    }
  }
}
fwrite ($ipfw, "add $RULE_BASE set 9 count ip from any to any in  recv $wan_ifname\n");
fwrite ($ipfw, "add $RULE_BASE set 9 count ip from any to any out xmit $wan_ifname\n");
fwrite ($ipfw, "set enable 9\n");
pclose ($ipfw);

?>