diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-21 13:51:34 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-21 13:51:34 -0700 |
| commit | 055ec2701c5d516b1309abdc422605d52da470e7 (patch) | |
| tree | 9bd83b9c4e28f3f324af7599a31d1e5ae72adac2 | |
| parent | 2acba299599b9f39a17164018227f12978e030aa (diff) | |
| download | vyatta-conntrack-055ec2701c5d516b1309abdc422605d52da470e7.tar.gz vyatta-conntrack-055ec2701c5d516b1309abdc422605d52da470e7.zip | |
Add show conntrack ignore command for showing conntrack ignore rules with packet, byte statistics
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rwxr-xr-x | scripts/vyatta-show-conntrack.pl | 2 | ||||
| -rw-r--r-- | scripts/vyatta-show-ignore.pl | 96 | ||||
| -rw-r--r-- | templates-op/show/conntrack/ignore/node.def | 2 |
4 files changed, 101 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 62642b0..73e1a09 100644 --- a/Makefile.am +++ b/Makefile.am @@ -26,6 +26,7 @@ bin_sudo_users_SCRIPTS += scripts/vyatta-delete-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-conntrack-timeouts.pl bin_sudo_users_SCRIPTS += scripts/vyatta-cthelper.pl bin_sudo_users_SCRIPTS += scripts/vyatta-conntrack-ignore.pl +bin_sudo_users_SCRIPTS += scripts/vyatta-show-ignore.pl curver_DATA = cfg-version/conntrack@1 diff --git a/scripts/vyatta-show-conntrack.pl b/scripts/vyatta-show-conntrack.pl index f1f67c2..cc3bdc6 100755 --- a/scripts/vyatta-show-conntrack.pl +++ b/scripts/vyatta-show-conntrack.pl @@ -40,6 +40,8 @@ my $format = "%-10s %-22s %-22s %-16s %-20s\n"; my $format_IPv6 = "%-10s %-40s %-40s %-16s %-20s\n"; my $href; #reference to hash containing protocol-num to name key-value pairs +sub numerically { $a <=> $b; } + sub print_xml { my ($data, $cache, $family) = @_; my $flow = 0; diff --git a/scripts/vyatta-show-ignore.pl b/scripts/vyatta-show-ignore.pl new file mode 100644 index 0000000..6bcfd15 --- /dev/null +++ b/scripts/vyatta-show-ignore.pl @@ -0,0 +1,96 @@ +#!/usr/bin/perl +# +# Module: vyatta-show-conntrack.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Gaurav Sinha +# Date: Aug 2012 +# Description: Script to show conntrack ignore entries +# +# +# **** End License **** +# + +use Getopt::Long; +use XML::Simple; +use Data::Dumper; +use POSIX; +use lib "/opt/vyatta/share/perl5"; +use Vyatta::Conntrack::ConntrackUtil; +use Vyatta::Misc; +use warnings; +use strict; + +my $format = "%-10s %-22s %-22s %-16s %-20s\n"; +my $format_IPv6 = "%-10s %-40s %-40s %-16s %-20s\n"; +my $href; #reference to hash containing protocol-num to name key-value pairs + +sub numerically { $a <=> $b; } + +sub print_ignore_rules { + my $format_ignore_rules = "%-5s %-22s %-22s %-10s %-5s %-5s %-5s\n"; + print "\n"; + my $config = new Vyatta::Config; + $config->setLevel("system conntrack ignore rule"); + my @rules = sort numerically $config->listOrigNodes(); + + my @rules_in_chain = `sudo iptables -L VYATTA_CT_IGNORE -t raw -nv`; + if (!(@rules_in_chain)){ + die "Error: no ignore rules configured\n"; + } + printf($format_ignore_rules, 'rule', 'source', 'destination', 'protocol', 'Interface [IN]', 'packets', 'bytes'); + splice(@rules_in_chain, 0, 2); + my $rulecount = 0; + foreach (@rules) { + my $sourceAddress = "any"; + my $sourcePort = "any"; + my $destinationAddress = "any"; + my $destPort = "any"; + my $protocol = "any"; + my $interface = "any"; + + $config->setLevel("system conntrack ignore rule $_"); + + $sourceAddress = $config->returnOrigValue("source address"); + $sourcePort = $config->returnOrigValue("source port"); + $destinationAddress = $config->returnOrigValue("destination address"); + $destPort = $config->returnOrigValue("destination port"); + $protocol = $config->returnOrigValue("protocol"); + $interface = $config->returnOrigValue("inbound-interface"); + + if (!defined ($sourcePort)) { $sourcePort = "any";} + if (!defined ($sourceAddress)) { $sourceAddress = "any";} + if (!defined ($destPort)) { $destPort = "any";} + if (!defined ($destinationAddress)) { $destinationAddress = "any";} + if (!defined ($protocol)) { $protocol = "any";} + if (!defined ($interface)) { $interface = "any";} + + $sourceAddress .= ":$sourcePort"; + $destinationAddress .= ":$destPort"; + + my $rule_ipt = $rules_in_chain[$rulecount]; + my @words = split(' ', $rule_ipt); + + printf ($format_ignore_rules, $_, $sourceAddress, $destinationAddress, $protocol, $interface, $words[0], $words[1]); + $rulecount++; + } +} +# +# main +# + +print_ignore_rules(); +# end of file diff --git a/templates-op/show/conntrack/ignore/node.def b/templates-op/show/conntrack/ignore/node.def new file mode 100644 index 0000000..64f3f70 --- /dev/null +++ b/templates-op/show/conntrack/ignore/node.def @@ -0,0 +1,2 @@ +help: Show Conntrack ignore rules and counters +run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-ignore.pl |