diff options
| author | Gaurav <gaurav.sinha@vyatta.com> | 2012-02-24 11:22:41 -0800 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-03-16 16:43:55 -0700 |
| commit | 516e4988be28dd2441e915fe7d4c6a2efb5bd0c6 (patch) | |
| tree | 6cd4d96bce9a2914e4306f96834ff216e6c97796 | |
| parent | d3296d0d9376a67983871736e74409fabfc20634 (diff) | |
| download | vyatta-conntrack-516e4988be28dd2441e915fe7d4c6a2efb5bd0c6.tar.gz vyatta-conntrack-516e4988be28dd2441e915fe7d4c6a2efb5bd0c6.zip | |
Adding deletion, error handling etc.
(cherry picked from commit 6a59a800acf9a9f6a21677e6187a33647ceb3539)
| -rw-r--r-- | lib/Vyatta/Conntrack/RuleCT.pm | 14 | ||||
| -rw-r--r-- | scripts/vyatta-conntrack-timeouts.pl | 31 |
2 files changed, 33 insertions, 12 deletions
diff --git a/lib/Vyatta/Conntrack/RuleCT.pm b/lib/Vyatta/Conntrack/RuleCT.pm index 421b746..d2c6409 100644 --- a/lib/Vyatta/Conntrack/RuleCT.pm +++ b/lib/Vyatta/Conntrack/RuleCT.pm @@ -11,7 +11,7 @@ require Vyatta::IpTables::AddressFilter; my $src = new Vyatta::IpTables::AddressFilter; my $dst = new Vyatta::IpTables::AddressFilter; - +my $CTERROR = "Conntrack Timeout Error:"; my %fields = ( _rule_number => undef, _protocol => undef, @@ -66,11 +66,17 @@ sub rule { my @level_nodes = split (' ', $self->{_comment}); $rule .= "-m comment --comment \"$level_nodes[2]-$level_nodes[5]\" "; ($srcrule, $err_str) = $src->rule(); - return ($err_str, ) if (!defined($srcrule)); + if (defined($err_str)) { + Vyatta::Config::outputError(["Conntrack"], "Conntrack config error: $err_str"); + exit 1; + } ($dstrule, $err_str) = $dst->rule(); - return ($err_str, ) if (!defined($dstrule)); + if (defined($err_str)) { + Vyatta::Config::outputError(["Conntrack"], "Conntrack config error: $err_str"); + exit 1; + } $rule .= " $srcrule $dstrule "; - print "rule is $rule\n"; + return $rule; } sub new { diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl index bf7165e..ac9b56d 100644 --- a/scripts/vyatta-conntrack-timeouts.pl +++ b/scripts/vyatta-conntrack-timeouts.pl @@ -23,6 +23,19 @@ GetOptions("create=s" => \$create, ); update_config(); +sub remove_timeout_policy { + my ($rule_string, $timeout_policy) = @_; + print "removing with $rule_string and $timeout_policy\n"; + # function to apply the policy and then apply the policy to + # the iptables rule. + # Do nothing as of now. +} +sub apply_timeout_policy { + # function to apply the policy and then apply the policy to + # the iptables rule. + # Do nothing as of now. +} + sub update_config { my $config = new Vyatta::Config; @@ -34,20 +47,22 @@ sub update_config { foreach my $rule (sort keys %rules) { if ("$rules{$rule}" eq 'static') { } elsif ("$rules{$rule}" eq 'added') { - print $rules{$rule}; my $node = new Vyatta::Conntrack::RuleCT; + my ($rule_string, $timeout_policy); $node->setup("system conntrack timeout custom rule $rule"); - $node->print(); - $node->rule(); - $node->get_policy_command(); #nfct-timeout command string - + $rule_string = $node->rule(); + $timeout_policy = $node->get_policy_command(); #nfct-timeout command string + apply_timeout_policy($rule_string, $timeout_policy); } elsif ("$rules{$rule}" eq 'changed') { - print $rules{$rule}; my $node = new Vyatta::Conntrack::RuleCT; $node->setup("system conntrack timeout custom rule $rule"); - $node->print(); } elsif ("$rules{$rule}" eq 'deleted') { - print $rules{$rule}; + my $node = new Vyatta::Conntrack::RuleCT; + my ($rule_string, $timeout_policy); + $node->setupOrig("system conntrack timeout custom rule $rule"); + $rule_string = $node->rule(); + $timeout_policy = $node->get_policy_command(); #nfct-timeout command string + remove_timeout_policy($rule_string, $timeout_policy); } } } |