diff options
| author | Deepti Kulkarni <deepti@vyatta.com> | 2011-12-19 14:57:28 -0800 |
|---|---|---|
| committer | Deepti Kulkarni <deepti@vyatta.com> | 2011-12-19 14:57:28 -0800 |
| commit | 38149e2d28cb7b1f8296fbff84d61e5f378f3b89 (patch) | |
| tree | 062ecbe813df0a1c55dbd29492e56a9ed307978a /lib/Vyatta/Conntrack | |
| parent | 0b904cdf5341bf183e324478e16b1b73f8b74914 (diff) | |
| download | vyatta-conntrack-38149e2d28cb7b1f8296fbff84d61e5f378f3b89.tar.gz vyatta-conntrack-38149e2d28cb7b1f8296fbff84d61e5f378f3b89.zip | |
Improved validation of command syntax.
Resolved a typo.
Diffstat (limited to 'lib/Vyatta/Conntrack')
| -rw-r--r-- | lib/Vyatta/Conntrack/Config.pm | 90 |
1 files changed, 70 insertions, 20 deletions
diff --git a/lib/Vyatta/Conntrack/Config.pm b/lib/Vyatta/Conntrack/Config.pm index 2104681..511a83e 100644 --- a/lib/Vyatta/Conntrack/Config.pm +++ b/lib/Vyatta/Conntrack/Config.pm @@ -9,10 +9,15 @@ use Vyatta::TypeChecker; use NetAddr::IP; my %fields = ( + _udp => undef, + _tcp => undef, + _icmp => undef, + _other => undef, _udp_new => undef, _udp_update => undef, _udp_destroy => undef, _tcp_new => undef, + _tcp_update => undef, _tcp_srec => undef, _tcp_est => undef, _tcp_fwait => undef, @@ -55,6 +60,10 @@ sub setup { } else { $self->{_is_empty} = 0; } + if ( $config->exists('udp') ) { $self->{_udp} = 1; } + if ( $config->exists('tcp') ) { $self->{_tcp} = 1; } + if ( $config->exists('icmp') ) { $self->{_icmp} = 1; } + if ( $config->exists('other') ) { $self->{_other} = 1; } if ( $config->exists('udp new') ) { $self->{_udp_new} = 1; } if ( $config->exists('udp update') ) { $self->{_udp_update} = 1; } if ( $config->exists('udp destroy') ) { $self->{_udp_destroy} = 1; } @@ -65,6 +74,7 @@ sub setup { if ( $config->exists('other update') ) { $self->{_other_update} = 1; } if ( $config->exists('other destroy') ) { $self->{_other_destroy} = 1; } if ( $config->exists('tcp new') ) { $self->{_tcp_new} = 1; } + if ( $config->exists('tcp update') ) { $self->{_tcp_update} = 1; } if ( $config->exists('tcp update syn-received') ) { $self->{_tcp_srec} = 1; } if ( $config->exists('tcp update established') ) { $self->{_tcp_est} = 1; } if ( $config->exists('tcp update fin-wait') ) { $self->{_tcp_fwait} = 1; } @@ -86,6 +96,10 @@ sub setupOrig { } else { $self->{_is_empty} = 0; } + if ( $config->existsOrig('udp') ) { $self->{_udp} = 1; } + if ( $config->existsOrig('tcp') ) { $self->{_tcp} = 1; } + if ( $config->existsOrig('icmp') ) { $self->{_icmp} = 1; } + if ( $config->existsOrig('other') ) { $self->{_other} = 1; } if ( $config->existsOrig('udp new') ) { $self->{_udp_new} = 1; } if ( $config->existsOrig('udp update') ) { $self->{_udp_update} = 1; } if ( $config->existsOrig('udp destroy') ) { $self->{_udp_destroy} = 1; } @@ -96,6 +110,7 @@ sub setupOrig { if ( $config->existsOrig('other update') ) { $self->{_other_update} = 1; } if ( $config->existsOrig('other destroy') ) { $self->{_other_destroy} = 1; } if ( $config->existsOrig('tcp new') ) { $self->{_tcp_new} = 1; } + if ( $config->existsOrig('tcp update') ) { $self->{_tcp_update} = 1; } if ( $config->existsOrig('tcp update syn-received') ) { $self->{_tcp_srec} = 1; } if ( $config->existsOrig('tcp update established') ) { $self->{_tcp_est} = 1; } if ( $config->existsOrig('tcp update fin-wait') ) { $self->{_tcp_fwait} = 1; } @@ -113,10 +128,15 @@ sub isEmpty { sub isDifferentFrom { my ($this, $that) = @_; no warnings qw(uninitialized); + return 1 if ($this->{_udp} ne $that->{_udp}); + return 1 if ($this->{_tcp} ne $that->{_tcp}); + return 1 if ($this->{_icmp} ne $that->{_icmp}); + return 1 if ($this->{_other} ne $that->{_other}); return 1 if ($this->{_udp_new} ne $that->{_udp_new}); return 1 if ($this->{_udp_update} ne $that->{_udp_update}); return 1 if ($this->{_udp_destroy} ne $that->{_udp_destroy}); return 1 if ($this->{_tcp_new} ne $that->{_tcp_new}); + return 1 if ($this->{_tcp_update} ne $that->{_tcp_update}); return 1 if ($this->{_tcp_srec} ne $that->{_tcp_srec}); return 1 if ($this->{_tcp_est} ne $that->{_tcp_est}); return 1 if ($this->{_tcp_fwait} ne $that->{_tcp_fwait}); @@ -136,25 +156,55 @@ sub isDifferentFrom { sub get_command { my ($self) = @_; my $cmd = "/opt/vyatta/sbin/vyatta-conntrack-logging"; - - if( $self->{_udp_new} ) { $cmd .= " -p udp -e NEW"; } - if( $self->{_udp_update} ) { $cmd .= " -p udp -e UPDATES"; } - if( $self->{_udp_destroy} ) { $cmd .= " -p udp -e DESTROY"; } - if( $self->{_icmp_new} ) { $cmd .= " -p icmp -e NEW"; } - if( $self->{_icmp_update} ) { $cmd .= " -p icmp -e UPDATES"; } - if( $self->{_icmp_destroy} ) { $cmd .= " -p icmp -e DESTROY"; } - if( $self->{_other_new} ) { $cmd .= " -p other p -e NEW"; } - if( $self->{_other_update} ) { $cmd .= " -p other -e UPDATES"; } - if( $self->{_other_destroy} ) { $cmd .= " -p other -e DESTROY"; } - if( $self->{_tcp_new} ) { $cmd .= " -p tcp -e NEW"; } - if( $self->{_tcp_srec} ) { $cmd .= " -p tcp -e UPDATES -s SYN_RECV"; } - if( $self->{_tcp_est} ) { $cmd .= " -p tcp -e UPDATES -s ESTABLISHED"; } - if( $self->{_tcp_fwait} ) { $cmd .= " -p tcp -e UPDATES -s FIN_WAIT"; } - if( $self->{_tcp_cwait} ) { $cmd .= " -p tcp -e UPDATES -s CLOSE_WAIT"; } - if( $self->{_tcp_twait} ) { $cmd .= " -p tcp -e UPDATES -s TIME_WAIT"; } - if( $self->{_tcp_lack} ) { $cmd .= " -p tcp -e UPDATES -s LAST_ACK"; } - if( $self->{_tcp_destroy} ) { $cmd .= " -p tcp -e DESTROY"; } - return ($cmd); + if( $self->{_udp} ) { + if ( $self->{_udp_new} || $self->{_udp_update} || $self->{_udp_destroy} ) { + if( $self->{_udp_new} ) { $cmd .= " -p udp -e NEW"; } + if( $self->{_udp_update} ) { $cmd .= " -p udp -e UPDATES"; } + if( $self->{_udp_destroy} ) { $cmd .= " -p udp -e DESTROY"; } + } else { + return (undef, 'Must specify "Event" for protocol udp'); + } + } + if( $self->{_icmp} ) { + if ( $self->{_icmp_new} || $self->{_icmp_update} || $self->{_icmp_destroy} ) { + if( $self->{_icmp_new} ) { $cmd .= " -p icmp -e NEW"; } + if( $self->{_icmp_update} ) { $cmd .= " -p icmp -e UPDATES"; } + if( $self->{_icmp_destroy} ) { $cmd .= " -p icmp -e DESTROY"; } + } else { + return (undef, 'Must specify "Event" for protocol icmp'); + } + } + if( $self->{_other} ) { + if ( $self->{_other_new} || $self->{_other_update} || $self->{_other_destroy} ) { + if( $self->{_other_new} ) { $cmd .= " -p other p -e NEW"; } + if( $self->{_other_update} ) { $cmd .= " -p other -e UPDATES"; } + if( $self->{_other_destroy} ) { $cmd .= " -p other -e DESTROY"; } + } else { + return (undef, 'Must specify "Event" for other protocols'); + } + } + if( $self->{_tcp} ) { + if ( $self->{_tcp_new} || $self->{_tcp_update} || $self->{_tcp_destroy} ) { + if( $self->{_tcp_new} ) { $cmd .= " -p tcp -e NEW"; } + if( $self->{_tcp_destroy} ) { $cmd .= " -p tcp -e DESTROY"; } + if( $self->{_tcp_update} ) { + if ( $self->{_tcp_srec} || $self->{_tcp_est} || $self->{_tcp_fwait} || + $self->{_tcp_cwait} || $self->{_tcp_twait} || $self->{_tcp_lack} ) { + if( $self->{_tcp_srec} ) { $cmd .= " -p tcp -e UPDATES -s SYN_RECV"; } + if( $self->{_tcp_est} ) { $cmd .= " -p tcp -e UPDATES -s ESTABLISHED"; } + if( $self->{_tcp_fwait} ) { $cmd .= " -p tcp -e UPDATES -s FIN_WAIT"; } + if( $self->{_tcp_cwait} ) { $cmd .= " -p tcp -e UPDATES -s CLOSE_WAIT"; } + if( $self->{_tcp_twait} ) { $cmd .= " -p tcp -e UPDATES -s TIME_WAIT"; } + if( $self->{_tcp_lack} ) { $cmd .= " -p tcp -e UPDATES -s LAST_ACK"; } + } else { + return (undef, 'Must specify "State" for protocol tcp and event update'); + } + } + } else { + return (undef, 'Must specify "Event" for protocol tcp'); + } + } + return ($cmd, undef); } sub kill_daemon { @@ -170,7 +220,7 @@ sub kill_daemon { # kill daemon and its child processes system("kill -HUP -`$pid` >&/dev/null"); if ($? >> 8) { - print STDERR "Conntrack Logging: Failed to stop daemon.\n"; + print STDERR "Conntrack logging error: Failed to stop daemon.\n"; exit 1; } return; |