diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2011-12-15 17:13:57 -0800 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2011-12-15 17:13:57 -0800 |
| commit | 7aaa5c08f46203cd6bdf3c9c12e6c9185341c616 (patch) | |
| tree | a957696a1fceaaa24871d63891bab020e6698687 | |
| parent | 44f59da7eb534c3a572a6b738813ee099cb83fe8 (diff) | |
| download | vyatta-conntrack-7aaa5c08f46203cd6bdf3c9c12e6c9185341c616.tar.gz vyatta-conntrack-7aaa5c08f46203cd6bdf3c9c12e6c9185341c616.zip | |
Bug 7676: including unstaged changes for 7677
7 files changed, 71 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 94c39d5..a2061a3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,6 @@ cfgdir = $(datadir)/vyatta-cfg/templates opdir = $(datadir)/vyatta-op/templates +share_perl5dir = $(datarootdir)/perl5/Vyatta curverdir = $(sysconfdir)/config-migrate/current modprobedir = /etc/modprobe.d @@ -12,6 +13,8 @@ bin_sudo_users_SCRIPTS = scripts/vyatta-show-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-delete-conntrack.pl +share_perl5_DATA = lib/Vyatta/ConntrackUtil.pm + curver_DATA = cfg-version/conntrack@1 modprobe_DATA = etc/modprobe.d/vyatta_nf_conntrack.conf diff --git a/lib/Vyatta/ConntrackUtil.pm b/lib/Vyatta/ConntrackUtil.pm new file mode 100644 index 0000000..b290486 --- /dev/null +++ b/lib/Vyatta/ConntrackUtil.pm @@ -0,0 +1,51 @@ +#!/usr/bin/perl # +# Module:ConntrackUtil.pm +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Gaurav Sinha +# Date: Dec 2011 +# Description: Utility scripts for Vyatta conntrack +# +# +# **** End License **** +# + +package Vyatta::ConntrackUtil; +use base qw(Exporter); +our @EXPORT = qw(check_for_conntrack_hooks); + +#function to find if connection tracking is enabled. +#looks in the iptables to see if any of the features introduced +#its chain in the hooks. +# +#returns one if any hook is present + +sub check_for_conntrack_hooks { + my @output = `sudo iptables -L -t raw`; + foreach(@output) { + if (($_ =~ m/WEBPROXY_CONNTRACK/)) { + return 1; + } + if (($_ =~ m/NAT_CONNTRACK/)) { + return 1; + } + if (($_ =~ m/FW_CONNTRACK/)) { + return 1; + } + } +} +1; +# end of file diff --git a/scripts/vyatta-show-conntrack.pl b/scripts/vyatta-show-conntrack.pl index 95c2341..4740450 100755 --- a/scripts/vyatta-show-conntrack.pl +++ b/scripts/vyatta-show-conntrack.pl @@ -23,11 +23,13 @@ # # **** End License **** # + use Getopt::Long; use XML::Simple; use Data::Dumper; use POSIX; use lib "/opt/vyatta/share/perl5"; +use Vyatta::ConntrackUtil; use Vyatta::Misc; use warnings; use strict; @@ -369,4 +371,11 @@ if ($xml2) { $data = $xs->XMLin($xml2); print_xml($data, "", $family); } + +if (!($xml1) and !($xml2)) { + if (!(Vyatta::ConntrackUtil::check_for_conntrack_hooks())) { + #Connection tracking is being used + die "\nWarning: Connection tracking is not enabled\n\n"; + } +} # end of file diff --git a/templates-op/delete/conntrack/table/ipv4/conn-id/node.tag/quiet/node.def b/templates-op/delete/conntrack/table/ipv4/conn-id/node.tag/quiet/node.def new file mode 100644 index 0000000..58c61af --- /dev/null +++ b/templates-op/delete/conntrack/table/ipv4/conn-id/node.tag/quiet/node.def @@ -0,0 +1,2 @@ +help: Delete without writing to syslogs and the console +run: sudo ${vyatta_bindir}/sudo-users/vyatta-delete-conntrack.pl -family $4 -id $6 -quiet "true" diff --git a/templates-op/delete/conntrack/table/ipv4/source/node.tag/destination/node.tag/quiet/node.def b/templates-op/delete/conntrack/table/ipv4/source/node.tag/destination/node.tag/quiet/node.def new file mode 100644 index 0000000..46f37d2 --- /dev/null +++ b/templates-op/delete/conntrack/table/ipv4/source/node.tag/destination/node.tag/quiet/node.def @@ -0,0 +1,2 @@ +help: Delete without writing to syslogs and the console +run: sudo ${vyatta_bindir}/sudo-users/vyatta-delete-conntrack.pl -family $4 -source_IP $6 -dest_IP $8 -quiet "true" diff --git a/templates-op/delete/conntrack/table/ipv6/conn-id/node.tag/quiet/node.def b/templates-op/delete/conntrack/table/ipv6/conn-id/node.tag/quiet/node.def new file mode 100644 index 0000000..58c61af --- /dev/null +++ b/templates-op/delete/conntrack/table/ipv6/conn-id/node.tag/quiet/node.def @@ -0,0 +1,2 @@ +help: Delete without writing to syslogs and the console +run: sudo ${vyatta_bindir}/sudo-users/vyatta-delete-conntrack.pl -family $4 -id $6 -quiet "true" diff --git a/templates-op/delete/conntrack/table/ipv6/source/node.tag/destination/node.tag/quiet/node.def b/templates-op/delete/conntrack/table/ipv6/source/node.tag/destination/node.tag/quiet/node.def new file mode 100644 index 0000000..46f37d2 --- /dev/null +++ b/templates-op/delete/conntrack/table/ipv6/source/node.tag/destination/node.tag/quiet/node.def @@ -0,0 +1,2 @@ +help: Delete without writing to syslogs and the console +run: sudo ${vyatta_bindir}/sudo-users/vyatta-delete-conntrack.pl -family $4 -source_IP $6 -dest_IP $8 -quiet "true" |