#
#  1310, Tue 31 Oct 95  rules.two-ip-groups
#
#  Nevil Brownlee, ITSS Technology Development, University of Auckland
#
#
#  Rule specification file to tally IP packets in three groups:
#     UA to AIT, UA to elsewhere, AIT to elsewhere
#
#     -------+-------------------+-----------------+--------
#            |                   |                 |
#       +----+-----+        +----+-----+        +---+---+
#       |   UA     |        |   AIT    |        | meter |
#       +-+-+-+-+--+        +-+-+-+-+--+        +-------+
#
#  The rules work as follows:
#     Non-IP packets are ignored
#     The 'classify' subroutine is used to determine which IP addresses
#        are part of 'UA' and which are part of 'AIT.'
#     ua-to-ait is the 'forward' direction for these flows; ait to ua
#        packets are retried
#

DEFINE ua  = (130.216/16, 202.37.88/24);
DEFINE ait = (156.62/16, 192.73.21/24);

   IF SourcePeerType == IP SAVE ;
   ELSE IGNORE;  # Not IP

   CALL classify(SourcePeerAddress)
   1: {  # from ua
         CALL classify(DestPeerAddress)
         1: IGNORE;    # ua -> ua
         2: COUNT;     # ua -> ait
            ENDCALL;
         COUNT;  # Not ua or ait
         }
   2: {  # from ait
         CALL classify(DestPeerAddress)
         1: NOMATCH;   # ait -> ua
         2: IGNORE;    # ait -> ait
            ENDCALL;
         COUNT;        # ait -> other
         }
      ENDCALL;


   SUBROUTINE classify (ADDRESS peer)
      IF peer == ua {
         SAVE peer/24;  RETURN 1;         # ua
         }
      ELSE IF peer == ait {
         SAVE peer/24;  RETURN 2;      # ait
         }
      SAVE peer/32;              # other
      ENDSUB;


SET 5;
FORMAT FlowRuleSet FlowIndex FirstTime " "
   SourcePeerType " "
   SourcePeerAddress DestPeerAddress "  " 
   ToOctets FromOctets;
STATISTICS ;

# end of file