#!/bin/sh
#
# Marta Carbone
# Copyright (C) 2009 Universita` di Pisa
#
# This script parse the ipfw rules
# and remove the old ones.
#
# The ipfw output is parsed and each time
# value stored as comment is compared against
# the current time.
# If the time value is older than current,
# the rules and related pipes will be deleted.
#
# $Id:$

DEBUG=0		# 1 to enable debug messages
LOG_FILE=/tmp/ipfw.log
# variable shared with the vsys ipfw-be backend
DBFILE=/tmp/ff

debug() # $1 debug message
{
	if [ ! $DEBUG ]; then
		echo "$1" >> $LOG_FILE
	fi
}

# Get $NOW referred to UTC
NOW=`date -u +%s`

# check for module existence
/sbin/lsmod | grep ipfw >> /dev/null
if [ x"$?" == x"1" ]; then
	debug "ipfw module does not exist"
	exit 0;
fi

cat ${DBFILE} | 
awk '
	BEGIN {
		system("echo Start to clean rules >> /tmp/ipfw.log");
		cleaned=0;
	}

	# awk main body
	{
		slice_id=$1;
		type=$2;
		port=$3;
		timeout=$6;
		if (now > timeout) {
			# call the backend script to cleanup expired rules
			command="echo delete " type " " port " | /vsys/ipfw-be ";
			# grep for the username
			command=command "`grep :" slice_id ": /etc/passwd | cut -d ':' -f 1`";
			system(command);
			cleaned++;
		}
	}

	END {	system("echo " cleaned " rules cleaned >> /tmp/ipfw.log");
	}
' now=${NOW}