diff options
author | Gaurav <gaurav.sinha@vyatta.com> | 2012-02-24 14:17:23 -0800 |
---|---|---|
committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-03-16 16:45:13 -0700 |
commit | 0c077f247ad6fbce6c8cc7a2a664ac682a56ed4c (patch) | |
tree | f838adc2aa5329a05474c7455bbda966847e7fed /scripts | |
parent | 2c01ae23d707c984e2f6587da9218e5e63d55e30 (diff) | |
download | vyatta-conntrack-0c077f247ad6fbce6c8cc7a2a664ac682a56ed4c.tar.gz vyatta-conntrack-0c077f247ad6fbce6c8cc7a2a664ac682a56ed4c.zip |
add run_cmd function with error checking
(cherry picked from commit 10cd7d81497d87aed44287244f112990768cdfe2)
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/vyatta-conntrack-timeouts.pl | 70 |
1 files changed, 64 insertions, 6 deletions
diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl index a98de86..61830ab 100644 --- a/scripts/vyatta-conntrack-timeouts.pl +++ b/scripts/vyatta-conntrack-timeouts.pl @@ -14,9 +14,14 @@ use Sys::Syslog qw(:standard :macros); #for future use when v6 timeouts need to be set my %cmd_hash = ( 'ipv4' => 'iptables', 'ipv6' => 'ip6tables'); +# Enable printing debug output to stdout. +my $debug_flag = 0; -my ($create, $delete, $update); +# Enable sending debug output to syslog. +my $syslog_flag = 0; +my ($create, $delete, $update); +my $CTERROR = "Conntrack timeout error:"; GetOptions("create=s" => \$create, "delete=s" => \$delete, "update=s" => \$update, @@ -24,6 +29,40 @@ GetOptions("create=s" => \$create, update_config(); +openlog("vyatta-conntrack", "pid", "local0"); + +sub log_msg { + my $message = shift; + + print "DEBUG: $message\n" if $debug_flag; + syslog(LOG_DEBUG, "%s", $message) if $syslog_flag; +} +# Run command and capture output +# run_cmd("$iptables_cmd -t $table -F $name", 1); +# if command fails, then send output to syslog +sub run_cmd { + my ($cmd_to_run, $redirect) = @_; + + log_msg("Running: $cmd_to_run"); + print "$cmd_to_run\n"; + + if ($redirect) { + open (my $out, '-|', $cmd_to_run . ' 2>&1') + or die "Can't run command \"$cmd_to_run\": $!"; + my @cmd_out = <$out>; + + # if command suceeds to do nothing. + return if (close ($out)); + + foreach my $line (@cmd_out) { + chomp $line; + syslog(LOG_INFO, "%s", $line); + } + } else { + system($cmd_to_run); + } +} + sub remove_timeout_policy { my ($rule_string, $timeout_policy) = @_; my @tokens = split (' ', $timeout_policy); @@ -31,8 +70,18 @@ sub remove_timeout_policy { my $iptables_cmd1 = "iptables -D PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]"; my $iptables_cmd2 = "iptables -D OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]"; my $nfct_timeout_cmd = "nfct-timeout remove $timeout_policy"; - print "$iptables_cmd1\n$iptables_cmd2\n"; - print "$nfct_timeout_cmd\n"; + run_cmd($iptables_cmd2); + if ($? >> 8) { + print "$CTERROR failed to run $iptables_cmd2\n"; + } + run_cmd($iptables_cmd1); + if ($? >> 8) { + print "$CTERROR failed to run $iptables_cmd1\n"; + } + run_cmd($nfct_timeout_cmd); + if ($? >> 8) { + print "$CTERROR failed to run $nfct_timeout_cmd\n"; + } } # nfct-timeout create policy1 tcp established 1200 close-wait 100 fin-wait 10 @@ -43,9 +92,18 @@ sub apply_timeout_policy { my @tokens = split (' ', $timeout_policy); my $iptables_cmd1 = "iptables -I PREROUTING -t raw $rule_string -j CT --timeout $tokens[0]"; my $iptables_cmd2 = "iptables -I OUTPUT -t raw $rule_string -j CT --timeout $tokens[0]"; - - print "$nfct_timeout_cmd\n"; - print "$iptables_cmd1\n$iptables_cmd2\n"; + run_cmd($nfct_timeout_cmd); + if ($? >> 8) { + print "$CTERROR failed to run $nfct_timeout_cmd\n"; + } + run_cmd($iptables_cmd1); + if ($? >> 8) { + print "$CTERROR failed to run $iptables_cmd1\n"; + } + run_cmd($iptables_cmd2); + if ($? >> 8) { + print "$CTERROR failed to run $iptables_cmd2\n"; + } } |