summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorGaurav <gaurav.sinha@vyatta.com>2012-02-24 14:17:23 -0800
committerGaurav Sinha <gaurav.sinha@vyatta.com>2012-03-16 16:45:13 -0700
commit0c077f247ad6fbce6c8cc7a2a664ac682a56ed4c (patch)
treef838adc2aa5329a05474c7455bbda966847e7fed /scripts
parent2c01ae23d707c984e2f6587da9218e5e63d55e30 (diff)
downloadvyatta-conntrack-0c077f247ad6fbce6c8cc7a2a664ac682a56ed4c.tar.gz
vyatta-conntrack-0c077f247ad6fbce6c8cc7a2a664ac682a56ed4c.zip
add run_cmd function with error checking
(cherry picked from commit 10cd7d81497d87aed44287244f112990768cdfe2)
Diffstat (limited to 'scripts')
-rw-r--r--scripts/vyatta-conntrack-timeouts.pl70
1 files changed, 64 insertions, 6 deletions
diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl
index a98de86..61830ab 100644
--- a/scripts/vyatta-conntrack-timeouts.pl
+++ b/scripts/vyatta-conntrack-timeouts.pl
@@ -14,9 +14,14 @@ use Sys::Syslog qw(:standard :macros);
#for future use when v6 timeouts need to be set
my %cmd_hash = ( 'ipv4' => 'iptables',
'ipv6' => 'ip6tables');
+# Enable printing debug output to stdout.
+my $debug_flag = 0;
-my ($create, $delete, $update);
+# Enable sending debug output to syslog.
+my $syslog_flag = 0;
+my ($create, $delete, $update);
+my $CTERROR = "Conntrack timeout error:";
GetOptions("create=s" => \$create,
"delete=s" => \$delete,
"update=s" => \$update,
@@ -24,6 +29,40 @@ GetOptions("create=s" => \$create,
update_config();
+openlog("vyatta-conntrack", "pid", "local0");
+
+sub log_msg {
+ my $message = shift;
+
+ print "DEBUG: $message\n" if $debug_flag;
+ syslog(LOG_DEBUG, "%s", $message) if $syslog_flag;
+}
+# Run command and capture output
+# run_cmd("$iptables_cmd -t $table -F $name", 1);
+# if command fails, then send output to syslog
+sub run_cmd {
+ my ($cmd_to_run, $redirect) = @_;
+
+ log_msg("Running: $cmd_to_run");
+ print "$cmd_to_run\n";
+
+ if ($redirect) {
+ open (my $out, '-|', $cmd_to_run . ' 2>&1')
+ or die "Can't run command \"$cmd_to_run\": $!";
+ my @cmd_out = <$out>;
+
+ # if command suceeds to do nothing.
+ return if (close ($out));
+
+ foreach my $line (@cmd_out) {
+ chomp $line;
+ syslog(LOG_INFO, "%s", $line);
+ }
+ } else {
+ system($cmd_to_run);
+ }
+}
+
sub remove_timeout_policy {
my ($rule_string, $timeout_policy) = @_;
my @tokens = split (' ', $timeout_policy);
@@ -31,8 +70,18 @@ sub remove_timeout_policy {
my $iptables_cmd1 = "iptables -D PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]";
my $iptables_cmd2 = "iptables -D OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]";
my $nfct_timeout_cmd = "nfct-timeout remove $timeout_policy";
- print "$iptables_cmd1\n$iptables_cmd2\n";
- print "$nfct_timeout_cmd\n";
+ run_cmd($iptables_cmd2);
+ if ($? >> 8) {
+ print "$CTERROR failed to run $iptables_cmd2\n";
+ }
+ run_cmd($iptables_cmd1);
+ if ($? >> 8) {
+ print "$CTERROR failed to run $iptables_cmd1\n";
+ }
+ run_cmd($nfct_timeout_cmd);
+ if ($? >> 8) {
+ print "$CTERROR failed to run $nfct_timeout_cmd\n";
+ }
}
# nfct-timeout create policy1 tcp established 1200 close-wait 100 fin-wait 10
@@ -43,9 +92,18 @@ sub apply_timeout_policy {
my @tokens = split (' ', $timeout_policy);
my $iptables_cmd1 = "iptables -I PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]";
my $iptables_cmd2 = "iptables -I OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]";
-
- print "$nfct_timeout_cmd\n";
- print "$iptables_cmd1\n$iptables_cmd2\n";
+ run_cmd($nfct_timeout_cmd);
+ if ($? >> 8) {
+ print "$CTERROR failed to run $nfct_timeout_cmd\n";
+ }
+ run_cmd($iptables_cmd1);
+ if ($? >> 8) {
+ print "$CTERROR failed to run $iptables_cmd1\n";
+ }
+ run_cmd($iptables_cmd2);
+ if ($? >> 8) {
+ print "$CTERROR failed to run $iptables_cmd2\n";
+ }
}