diff options
| author | Gaurav <gaurav.sinha@vyatta.com> | 2012-02-23 09:57:17 -0800 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-03-16 16:42:38 -0700 |
| commit | 953d1039cbf8fb42ee5140c3a09ba7e6915008da (patch) | |
| tree | dff472fecabfa92d875b175a20bb03f3bada57f4 | |
| parent | 821ec86eba3cef12188c060f1813aa3989b3b9f7 (diff) | |
| download | vyatta-conntrack-953d1039cbf8fb42ee5140c3a09ba7e6915008da.tar.gz vyatta-conntrack-953d1039cbf8fb42ee5140c3a09ba7e6915008da.zip | |
Fixing nfct-command string:only modified timer is included in the command
(cherry picked from commit 9e17315753bb98c677ec5b11c9e52f6a9f5d80a8)
| -rw-r--r-- | lib/Vyatta/Conntrack/RuleCT.pm | 43 | ||||
| -rw-r--r-- | templates-cfg/system/conntrack/timeout/custom/rule/node.tag/protocol/tcp/syn-sent/node.def | 1 |
2 files changed, 31 insertions, 13 deletions
diff --git a/lib/Vyatta/Conntrack/RuleCT.pm b/lib/Vyatta/Conntrack/RuleCT.pm index 5071087..594c784 100644 --- a/lib/Vyatta/Conntrack/RuleCT.pm +++ b/lib/Vyatta/Conntrack/RuleCT.pm @@ -143,7 +143,6 @@ sub print { print "$self->{_tcp}->{_fin_wait}\n"; print "$self->{_tcp}->{_syn_sent}\n"; print "$self->{_tcp}->{_syn_recv}\n"; - print "Comment is: $self->{_comment}\n"; } # return a string that has the nfct-timeout command to create @@ -152,21 +151,41 @@ sub get_policy_command { my ($self ) = @_; my $command; my @level_nodes = split (' ', $self->{_comment}); - $command .= "policy$level_nodes[2]-$level_nodes[5]"; + $command .= "policy_$level_nodes[2]_$level_nodes[5]"; if ($self->{_protocol} eq 'tcp') { $command .= " tcp"; - $command .= " close $self->{_tcp}->{_close}"; - $command .= " close-wait $self->{_tcp}->{_close_wait}"; - $command .= " time-wait $self->{_tcp}->{_time_wait}"; - $command .= " syn-recv $self->{_tcp}->{_syn_recv}"; - $command .= " syn-sent $self->{_tcp}->{_syn_sent}"; - $command .= " last-ack $self->{_tcp}->{_last_ack}"; - $command .= " fin-wait $self->{_tcp}->{_fin_wait}"; - $command .= " established $self->{_tcp}->{_established}"; + if ($self->{_tcp}->{_close}) { + $command .= " close $self->{_tcp}->{_close}"; + } + if ($self->{_tcp}->{_close_wait}) { + $command .= " close-wait $self->{_tcp}->{_close_wait}"; + } + if ($self->{_tcp}->{_time_wait}) { + $command .= " time-wait $self->{_tcp}->{_time_wait}"; + } + if ($self->{_tcp}->{_syn_recv}) { + $command .= " syn-recv $self->{_tcp}->{_syn_recv}"; + } + if ($self->{_tcp}->{_syn_sent}) { + $command .= " syn-sent $self->{_tcp}->{_syn_sent}"; + } + if ($self->{_tcp}->{_last_ack}) { + $command .= " last-ack $self->{_tcp}->{_last_ack}"; + } + if ($self->{_tcp}->{_fin_wait}) { + $command .= " fin-wait $self->{_tcp}->{_fin_wait}"; + } + if ($self->{_tcp}->{_established}) { + $command .= " established $self->{_tcp}->{_established}"; + } } elsif ($self->{_protocol} eq 'udp') { $command .= " udp"; - $command .= " other $self->{_udp}->{_other}"; - $command .= " stream $self->{_udp}->{_stream}"; + if ($self->{_udp}->{_other}) { + $command .= " other $self->{_udp}->{_other}"; + } + if ($self->{_udp}->{_stream}) { + $command .= " stream $self->{_udp}->{_stream}"; + } } elsif ($self->{_protocol} eq 'icmp') { $command .= " icmp"; $command .= " icmp $self->{_icmp}"; diff --git a/templates-cfg/system/conntrack/timeout/custom/rule/node.tag/protocol/tcp/syn-sent/node.def b/templates-cfg/system/conntrack/timeout/custom/rule/node.tag/protocol/tcp/syn-sent/node.def index 3343bdb..c5edde3 100644 --- a/templates-cfg/system/conntrack/timeout/custom/rule/node.tag/protocol/tcp/syn-sent/node.def +++ b/templates-cfg/system/conntrack/timeout/custom/rule/node.tag/protocol/tcp/syn-sent/node.def @@ -5,4 +5,3 @@ help: TCP SYN-SENT timeout in seconds val_help: u32:1-21474836; TCP SYN-SENT timeout in seconds syntax:expression: ($VAR(@) >= 1 && $VAR(@) <= 21474836) ; "Value must be between 1 and 21474836" - |