bug 7411: IPv6 conntrack delete code, updated formatting

2 files changed, 108 insertions, 18 deletions

diff --git a/scripts/vyatta-delete-conntrack.pl b/scripts/vyatta-delete-conntrack.pl
index 8ca4738..4062a37 100755
--- a/scripts/vyatta-delete-conntrack.pl
+++ b/scripts/vyatta-delete-conntrack.pl
@@ -33,8 +33,10 @@ use POSIX;
 use lib "/opt/vyatta/share/perl5";
 use Vyatta::Misc;
 use Sys::Syslog qw(:standard :macros); 
+use Vyatta::TypeChecker;
 
-my $format = "Connection ID %-10s Source IP %-22s Destination IP %-22s Protocol %-12s\n";
+my $format = "%-10s %-22s %-22s %-12s\n";
+my $format_IPv6 = "%-10s %-40s %-40s %-12s\n";
 
 sub add_xml_root {
     my $xml = shift;
@@ -44,13 +46,18 @@ sub add_xml_root {
 }
 
 sub print_data_from_xml {
-    my ($data, $cache) = @_;
+    my ($data, $cache, $family) = @_;
 
     my $flow = 0;
 
     my %flowh;
     my $tcount = 0;
     print "Deleting following Conntrack entries\n\n";  
+    if ($family eq 'ipv6') {
+        printf($format_IPv6, 'CONN ID', 'Source', 'Destination', 'Protocol');
+    } else {
+        printf($format, 'CONN ID', 'Source', 'Destination', 'Protocol');
+    }
     #open syslog 
     openlog($0, "", LOG_USER);
     while (1) {
@@ -106,7 +113,12 @@ sub print_data_from_xml {
         $out_dst .= ":$sport{reply}" if defined $sport{reply};
 
         my $protocol = $proto . ' [' . $protonum . ']';
-        printf($format, $connection_id ,$in_src, $in_dst, $protocol);
+        if ($family eq 'ipv6') {
+            #IPv6 Addresses can be 39 chars long, so chose the format as per family
+            printf($format_IPv6, $connection_id ,$in_src, $in_dst, $protocol);
+        } else { 
+            printf($format, $connection_id ,$in_src, $in_dst, $protocol);
+        }
         syslog("info", "Deleting Conntrack entry:conn-id $connection_id, src. IP $in_src, dest. IP $in_dst, protocol $protocol");
         $flow++;
     }
@@ -206,8 +218,82 @@ if ($family eq "ipv4") {
        $command .= " -d $destIP";   
     }
 } else {
-    #family IPv6 not supported, placeholder for v6 code.
-    die "IPv6 Conntrack commands are not supported yet\n";
+    #IPv6 code.
+    if ((defined $sourceIP) and ($sourceIP ne "0:0:0:0:0:0:0:0")) {
+        if ((($sourceIP =~ m/^\[/) and (!($sourceIP =~ m/]/))) or 
+             (!($sourceIP =~ m/^\[/) and (($sourceIP =~ m/]/)))) {
+           die "Please use prescribed format for source IP: [IPv6-address]:port \n";
+        }
+        if (($sourceIP =~ m/^\[/) and ($sourceIP =~ m/]/)) {
+            # [IPv6-address]:port
+            my @address = split(/]/, $sourceIP);
+            if (@address) {
+                if(!$address[0] or !$address[1]) {
+                    die "Please use prescribed format for source IP: [IPv6-address]:port \n";
+                }
+                $sourceIP = substr($address[0], 1);
+                $sourcePort = substr($address[1], 1);
+                my( $success, $err ) = isValidPortNumber($sourcePort);
+                if (validateType('ipv6', $sourceIP, 'quiet')) {
+                    #Valid ipv6 address.
+                } else {
+                    if(!defined($success)) {
+                        die "Please enter a valid source IPv6 address and port \n";
+                    } 
+                }
+                if(!defined($success)) {
+                    die "Please enter a valid source port \n";
+                }    
+                $command .= " --orig-port-src $sourcePort";
+            }
+        } else {
+            #IPv6-address without port
+                if (validateType('ipv6', $sourceIP, 'quiet')) {
+                    #Valid ipv6 address.
+                } else {
+                    die "Please enter a valid source IPv6 address\n";
+                }
+        }
+    }
+    if ((defined $destIP) and ($destIP ne "0:0:0:0:0:0:0:0")) {
+        if ((($destIP =~ m/^\[/) and (!($destIP =~ m/]/))) or 
+             (!($destIP =~ m/^\[/) and (($destIP =~ m/]/)))) {
+           die "Please use prescribed format for destination IP: [IPv6-address]:port \n";
+        }
+        if (($destIP =~ m/^\[/) and ($destIP =~ m/]/)) {
+            my @address = split(/]/, $destIP);
+            if (@address) {
+                $destIP = substr($address[0], 1);
+                $destPort = substr($address[1], 1);
+                my( $success, $err ) = isValidPortNumber($destPort);
+                if (validateType('ipv6', $destIP, 'quiet')) {
+                    #Valid ipv6 address.
+                } else {
+                    if(!defined($success)) {
+                        die "Please enter a valid destination IPv6 address and port \n";
+                    } 
+                }
+                if(!defined($success)) {
+                    die "Please enter a valid destination port \n";
+                }    
+                #$command .= " --orig-port-dst $destPort";
+            }
+        } else {
+            #IPv6-address without port
+            if (validateType('ipv6', $destIP, 'quiet')) {
+                 #Valid ipv6 address.
+                 #$command .= " -d $destIP";
+            } else {
+                die "Please enter a valid destination IPv6 address\n";
+            }
+        }
+    }
+    if (($sourceIP) and ($sourceIP ne "0:0:0:0:0:0:0:0")) {
+        $command .= " -s $sourceIP";
+    }
+    if (($destIP) and ($destIP ne "0:0:0:0:0:0:0:0")) {
+        $command .= " -d $destIP";
+    }
 }
 
 $command .= " -o xml";
@@ -226,11 +312,11 @@ if ((defined($destPort)) or (defined($sourcePort))) {
 if ($xml1) {
     $xml1 = add_xml_root($xml1);
     $data = $xs->XMLin($xml1);
-    print_data_from_xml($data);
+    print_data_from_xml($data, "", $family);
 }
 if ($xml2) {
     $xml2 = add_xml_root($xml2);
     $data = $xs->XMLin($xml2);
-    print_data_from_xml($data);
+    print_data_from_xml($data, "", $family);
 }
 # end of file
diff --git a/scripts/vyatta-show-conntrack.pl b/scripts/vyatta-show-conntrack.pl
index efa6fa2..a55e1e7 100755
--- a/scripts/vyatta-show-conntrack.pl
+++ b/scripts/vyatta-show-conntrack.pl
@@ -38,8 +38,7 @@ my $format = "%-10s %-22s %-22s %-12s %-20s\n";
 my $format_IPv6 = "%-10s %-40s %-40s %-12s %-20s\n";
 
 sub print_xml {
-    my ($data, $cache) = @_;
-
+    my ($data, $cache, $family) = @_;
     my $flow = 0;
 
     my %flowh;
@@ -50,7 +49,7 @@ sub print_xml {
         my $flow_ref = $data->{flow}[$flow];
         my $flow_type = $flow_ref->{type};
         my (%src, %dst, %sport, %dport, %proto, %protonum, $timeout_ref, $connection_id_ref, 
-            $state_connection_ref, %l3_protoname);
+            $state_connection_ref);
         while (1) {
             my $meta_ref = $flow_ref->{meta}[$meta];
             last if ! defined $meta_ref;
@@ -61,7 +60,6 @@ sub print_xml {
                 if (defined $l3_ref) {
                     $src{$dir} = $l3_ref->{src}[0];
                     $dst{$dir} = $l3_ref->{dst}[0];
-                    $l3_protoname{dir} = $l3_ref->{protoname};
                     if (defined $l4_ref) {
                         $sport{$dir} = $l4_ref->{sport}[0];
                         $dport{$dir} = $l4_ref->{dport}[0];
@@ -77,7 +75,7 @@ sub print_xml {
             $meta++;
         }
         my ($proto, $protonum, $in_src, $in_dst, $out_src, $out_dst, $connection_id, 
-            $timeout, $state_connection, $l3proto);
+            $timeout, $state_connection);
         $proto    = $proto{original};
         $protonum = $protonum{original};
         $in_src   = "$src{original}";
@@ -86,7 +84,6 @@ sub print_xml {
         $in_dst  .= ":$dport{original}" if defined $dport{original};
         $connection_id = "$connection_id_ref";
         $timeout = "$timeout_ref";
-        $l3proto = $l3_protoname{original};
 
         if ($state_connection_ref) {
             $state_connection = "$state_connection_ref";
@@ -130,7 +127,8 @@ sub print_xml {
                    }
             }
         }
-        if (defined(l3proto) and (l3proto eq 'ipv6')) {
+        if ( $family eq 'ipv6') {
+            #IPv6 Addresses can be 39 chars long, so chose the format as per family
             printf($format_IPv6, $connection_id ,$in_src, $in_dst, $protocol, $timeout);
         } else { 
             printf($format, $connection_id ,$in_src, $in_dst, $protocol, $timeout);
@@ -222,7 +220,7 @@ if ($family eq "ipv4") {
        $command .= " -d $destIP";   
     }
 } else {
-    #placeholder for v6 code.
+    #IPv6 code.
     if ((defined $sourceIP) and ($sourceIP ne "0:0:0:0:0:0:0:0")) {
         if ((($sourceIP =~ m/^\[/) and (!($sourceIP =~ m/]/))) or 
              (!($sourceIP =~ m/^\[/) and (($sourceIP =~ m/]/)))) {
@@ -305,7 +303,13 @@ print "TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED,\n";
 print "                 FW - FIN WAIT, CW - CLOSE WAIT, LA - LAST ACK,\n";
 print "                 TW - TIME WAIT, CL - CLOSE, LI - LISTEN\n\n";
 
-printf($format, 'CONN ID', 'Source', 'Destination', 'Protocol', 'TIMEOUT');
+#IPv6 Addresses can be 39 chars long, so chose the format as per family
+if ($family eq 'ipv4') {
+    printf($format, 'CONN ID', 'Source', 'Destination', 'Protocol', 'TIMEOUT');
+} else {
+    printf($format_IPv6, 'CONN ID', 'Source', 'Destination', 'Protocol', 'TIMEOUT');
+}
+
 if ((defined($destPort)) or (defined($sourcePort))) {
     my $command_final = $command_prefix." -p tcp".$command; 
     $xml1 = `$command_final 2> /dev/null`; 
@@ -320,10 +324,10 @@ if ((defined($destPort)) or (defined($sourcePort))) {
 
 if ($xml1) {
     $data = $xs->XMLin($xml1);
-    print_xml($data);
+    print_xml($data, "", $family);
 }
 if ($xml2) {
     $data = $xs->XMLin($xml2);
-    print_xml($data);
+    print_xml($data, "",  $family);
 }
 # end of file