diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-05-14 13:21:09 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-05-14 13:21:09 -0700 |
| commit | 1beb14e6dfb50c41b5b612b6696ab68e237d7ed3 (patch) | |
| tree | 29bf32814735eeef5878c77380df44ec40cb2832 | |
| parent | 507404a62bbab41de83c006a84476d1069aabf5c (diff) | |
| download | vyatta-conntrack-1beb14e6dfb50c41b5b612b6696ab68e237d7ed3.tar.gz vyatta-conntrack-1beb14e6dfb50c41b5b612b6696ab68e237d7ed3.zip | |
change default behavior, added vyatta-cthelper.pl
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | lib/Vyatta/Conntrack/ConntrackUtil.pm | 22 | ||||
| -rw-r--r-- | templates-cfg/system/conntrack/node.def | 7 | ||||
| -rw-r--r-- | templates-cfg/system/conntrack/table-size/node.def | 2 |
4 files changed, 24 insertions, 8 deletions
diff --git a/Makefile.am b/Makefile.am index 39a08b2..26b6b1f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,6 +23,7 @@ bin_sudo_usersdir = $(bindir)/sudo-users bin_sudo_users_SCRIPTS = scripts/vyatta-show-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-delete-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-conntrack-timeouts.pl +bin_sudo_users_SCRIPTS += scripts/vyatta-cthelper.pl curver_DATA = cfg-version/conntrack@1 diff --git a/lib/Vyatta/Conntrack/ConntrackUtil.pm b/lib/Vyatta/Conntrack/ConntrackUtil.pm index 8f529c2..c256bd6 100644 --- a/lib/Vyatta/Conntrack/ConntrackUtil.pm +++ b/lib/Vyatta/Conntrack/ConntrackUtil.pm @@ -24,8 +24,9 @@ # package Vyatta::Conntrack::ConntrackUtil; +use Vyatta::IpTables::Mgr; use base qw(Exporter); -our @EXPORT = qw(check_for_conntrack_hooks); +our @EXPORT = qw(check_for_conntrack_hooks, check_and_add_helpers); #function to find if connection tracking is enabled. #looks in the iptables to see if any of the features introduced @@ -48,4 +49,23 @@ sub check_for_conntrack_hooks { } } 1; + +sub +check_ct_helper_rules { + my $index; + my $cthelper_chain = "VYATTA_CT_HELPER"; + foreach my $label ('PREROUTING', 'OUTPUT') { + $index = ipt_find_chain_rule($iptables_cmd, 'raw', $label, $cthelper_chain); + if (!defined($index)) { + # add VYATTA_CT_HELPER to PREROUTING / OUTPUT + print "hook not present\n"; + } + } +} + +sub check_and_add_helpers { + if (check_for_conntrack_hooks()) { + check_ct_helper_rules(); + } +} # end of file diff --git a/templates-cfg/system/conntrack/node.def b/templates-cfg/system/conntrack/node.def index 2ac9101..211c963 100644 --- a/templates-cfg/system/conntrack/node.def +++ b/templates-cfg/system/conntrack/node.def @@ -2,11 +2,6 @@ help: Connection tracking engine options priority: 218 # before NAT and conntrack-sync are configured -end:expression: "if [ -f \"/tmp/vyatta-conntrack-sync\" ]; then \ - sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable; \ - sudo rm \"/tmp/vyatta-conntrack-sync\"; \ - fi" - delete: # set conntrack table size to standard 16384 entries if conntrack settings are removed sudo sysctl -q -w net/nf_conntrack_max=16384 @@ -25,5 +20,5 @@ delete: # set conntrack table size to standard 16384 entries if conntrack settin # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - touch /tmp/vyatta-conntrack-sync + sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable fi diff --git a/templates-cfg/system/conntrack/table-size/node.def b/templates-cfg/system/conntrack/table-size/node.def index 74cf58a..6b1decf 100644 --- a/templates-cfg/system/conntrack/table-size/node.def +++ b/templates-cfg/system/conntrack/table-size/node.def @@ -28,7 +28,7 @@ update: sudo sysctl -q -w net/nf_conntrack_max=$VAR(@) # need to restart conntrackd with updated conntrack table size if cli-shell-api existsActive service conntrack-sync; then - touch /tmp/vyatta-conntrack-sync + sudo /opt/vyatta/sbin/vyatta-conntrack-sync.pl --action=enable fi |