From b90f8af4fb0b2a8ce60014144e47fdbb0922e34d Mon Sep 17 00:00:00 2001
From: Deepti Kulkarni <deepti@vyatta.com>
Date: Tue, 13 Dec 2011 02:49:29 -0800
Subject: Bug fix 7397 - Conntrack log creation and deletion.

---
 lib/Vyatta/Conntrack/Config.pm | 177 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 177 insertions(+)
 create mode 100644 lib/Vyatta/Conntrack/Config.pm

(limited to 'lib/Vyatta/Conntrack')

diff --git a/lib/Vyatta/Conntrack/Config.pm b/lib/Vyatta/Conntrack/Config.pm
new file mode 100644
index 0000000..2104681
--- /dev/null
+++ b/lib/Vyatta/Conntrack/Config.pm
@@ -0,0 +1,177 @@
+package Vyatta::Conntrack::Config;
+
+use strict;
+use warnings;
+
+use lib "/opt/vyatta/share/perl5";
+use Vyatta::Config;
+use Vyatta::TypeChecker;
+use NetAddr::IP;
+
+my %fields = (
+   _udp_new     => undef,
+   _udp_update  => undef,
+   _udp_destroy => undef,
+   _tcp_new	=> undef, 
+   _tcp_srec	=> undef, 
+   _tcp_est	=> undef, 
+   _tcp_fwait   => undef, 
+   _tcp_cwait   => undef, 
+   _tcp_lack   => undef, 
+   _tcp_twait   => undef, 
+   _tcp_destroy => undef,
+   _icmp_new	=> undef, 
+   _icmp_update  => undef,
+   _icmp_destroy => undef,
+   _other_new	=> undef, 
+   _other_update  => undef,
+   _other_destroy => undef,
+   _is_empty	  => 1,
+);
+
+my $pidfile = '/var/run/vyatta/connlogd.lock';
+my $level = 'system conntrack log';
+
+sub new {
+  my $that = shift;
+  my $class = ref ($that) || $that;
+  my $self = {
+    %fields,
+  };
+
+  bless $self, $class;
+  return $self;
+}
+
+sub setup {
+  my $self = shift;
+  my $config = new Vyatta::Config;
+
+  $config->setLevel("$level");
+  my @nodes = $config->listNodes();
+  if (scalar(@nodes) <= 0) {
+    $self->{_is_empty} = 1;
+    return 0;
+  } else {
+    $self->{_is_empty} = 0;
+  }
+  if ( $config->exists('udp new') ) { $self->{_udp_new} = 1; }
+  if ( $config->exists('udp update') ) { $self->{_udp_update} = 1; }
+  if ( $config->exists('udp destroy') ) { $self->{_udp_destroy} = 1; }
+  if ( $config->exists('icmp new') ) { $self->{_icmp_new} = 1; }
+  if ( $config->exists('icmp update') ) { $self->{_icmp_update} = 1; }
+  if ( $config->exists('icmp destroy') ) { $self->{_icmp_destroy} = 1; }
+  if ( $config->exists('other new') ) { $self->{_other_new} = 1; }
+  if ( $config->exists('other update') ) { $self->{_other_update} = 1; }
+  if ( $config->exists('other destroy') ) { $self->{_other_destroy} = 1; }
+  if ( $config->exists('tcp new') ) { $self->{_tcp_new} = 1; }
+  if ( $config->exists('tcp update syn-received') ) { $self->{_tcp_srec} = 1; }
+  if ( $config->exists('tcp update established') ) { $self->{_tcp_est} = 1; }
+  if ( $config->exists('tcp update fin-wait') ) { $self->{_tcp_fwait} = 1; }
+  if ( $config->exists('tcp update close-wait') ) { $self->{_tcp_cwait} = 1; }
+  if ( $config->exists('tcp update last-ack') ) { $self->{_tcp_lack} = 1; }
+  if ( $config->exists('tcp update time-wait') ) { $self->{_tcp_twait} = 1; }
+  if ( $config->exists('tcp destroy') ) { $self->{_tcp_destroy} = 1; }
+}
+
+sub setupOrig {
+  my $self = shift;
+  my $config = new Vyatta::Config;
+
+  $config->setLevel("$level");
+  my @nodes = $config->listOrigNodes();
+  if (scalar(@nodes) <= 0) {
+    $self->{_is_empty} = 1;
+    return 0;
+  } else {
+    $self->{_is_empty} = 0;
+  }
+  if ( $config->existsOrig('udp new') ) { $self->{_udp_new} = 1; }
+  if ( $config->existsOrig('udp update') ) { $self->{_udp_update} = 1; }
+  if ( $config->existsOrig('udp destroy') ) { $self->{_udp_destroy} = 1; }
+  if ( $config->existsOrig('icmp new') ) { $self->{_icmp_new} = 1; }
+  if ( $config->existsOrig('icmp update') ) { $self->{_icmp_update} = 1; }
+  if ( $config->existsOrig('icmp destroy') ) { $self->{_icmp_destroy} = 1; }
+  if ( $config->existsOrig('other new') ) { $self->{_other_new} = 1; }
+  if ( $config->existsOrig('other update') ) { $self->{_other_update} = 1; }
+  if ( $config->existsOrig('other destroy') ) { $self->{_other_destroy} = 1; }
+  if ( $config->existsOrig('tcp new') ) { $self->{_tcp_new} = 1; }
+  if ( $config->existsOrig('tcp update syn-received') ) { $self->{_tcp_srec} = 1; }
+  if ( $config->existsOrig('tcp update established') ) { $self->{_tcp_est} = 1; }
+  if ( $config->existsOrig('tcp update fin-wait') ) { $self->{_tcp_fwait} = 1; }
+  if ( $config->existsOrig('tcp update close-wait') ) { $self->{_tcp_cwait} = 1; }
+  if ( $config->existsOrig('tcp update last-ack') ) { $self->{_tcp_lack} = 1; }
+  if ( $config->existsOrig('tcp update time-wait') ) { $self->{_tcp_twait} = 1; }
+  if ( $config->existsOrig('tcp destroy') ) { $self->{_tcp_destroy} = 1; }
+}
+
+sub isEmpty {
+  my ($self) = @_;
+  return $self->{_is_empty};
+}
+
+sub isDifferentFrom {
+  my ($this, $that) = @_;
+  no warnings qw(uninitialized); 
+  return 1 if ($this->{_udp_new} ne $that->{_udp_new});
+  return 1 if ($this->{_udp_update} ne $that->{_udp_update});
+  return 1 if ($this->{_udp_destroy} ne $that->{_udp_destroy});
+  return 1 if ($this->{_tcp_new} ne $that->{_tcp_new});
+  return 1 if ($this->{_tcp_srec} ne $that->{_tcp_srec});
+  return 1 if ($this->{_tcp_est} ne $that->{_tcp_est});
+  return 1 if ($this->{_tcp_fwait} ne $that->{_tcp_fwait});
+  return 1 if ($this->{_tcp_cwait} ne $that->{_tcp_cwait});
+  return 1 if ($this->{_tcp_twait} ne $that->{_tcp_twait});
+  return 1 if ($this->{_tcp_lack} ne $that->{_tcp_lack});
+  return 1 if ($this->{_tcp_destroy} ne $that->{_tcp_destroy});
+  return 1 if ($this->{_icmp_new} ne $that->{_icmp_new});
+  return 1 if ($this->{_icmp_update} ne $that->{_icmp_update});
+  return 1 if ($this->{_icmp_destroy} ne $that->{_icmp_destroy});
+  return 1 if ($this->{_other_new} ne $that->{_other_new});
+  return 1 if ($this->{_other_update} ne $that->{_other_update});
+  return 1 if ($this->{_other_destroy} ne $that->{_other_destroy});
+}
+
+
+sub get_command {
+  my ($self) = @_;
+  my $cmd = "/opt/vyatta/sbin/vyatta-conntrack-logging";
+
+  if( $self->{_udp_new} ) { $cmd .= " -p udp -e NEW"; }
+  if( $self->{_udp_update} ) { $cmd .= " -p udp -e UPDATES"; }
+  if( $self->{_udp_destroy} ) { $cmd .= " -p udp -e DESTROY"; }
+  if( $self->{_icmp_new} ) { $cmd .= " -p icmp -e NEW"; }
+  if( $self->{_icmp_update} ) { $cmd .= " -p icmp -e UPDATES"; }
+  if( $self->{_icmp_destroy} ) { $cmd .= " -p icmp -e DESTROY"; }
+  if( $self->{_other_new} ) { $cmd .= " -p other p -e NEW"; }
+  if( $self->{_other_update} ) { $cmd .= " -p other -e UPDATES"; }
+  if( $self->{_other_destroy} ) { $cmd .= " -p other -e DESTROY"; }
+  if( $self->{_tcp_new} ) { $cmd .= " -p tcp -e NEW"; }
+  if( $self->{_tcp_srec} ) { $cmd .= " -p tcp -e UPDATES -s SYN_RECV"; }
+  if( $self->{_tcp_est} ) { $cmd .= " -p tcp -e UPDATES -s ESTABLISHED"; }
+  if( $self->{_tcp_fwait} ) { $cmd .= " -p tcp -e UPDATES -s FIN_WAIT"; }
+  if( $self->{_tcp_cwait} ) { $cmd .= " -p tcp -e UPDATES -s CLOSE_WAIT"; }
+  if( $self->{_tcp_twait} ) { $cmd .= " -p tcp -e UPDATES -s TIME_WAIT"; }
+  if( $self->{_tcp_lack} ) { $cmd .= " -p tcp -e UPDATES -s LAST_ACK"; }
+  if( $self->{_tcp_destroy} ) { $cmd .= " -p tcp -e DESTROY"; }
+  return ($cmd);
+}
+
+sub kill_daemon {
+  my $pid;
+  $pid = "cat $pidfile";
+   
+  system("$pid >&/dev/null");
+    if ($? >> 8) {
+        # daemon not running 
+        return;
+    }
+ 
+  # kill daemon and its child processes 
+    system("kill -HUP -`$pid` >&/dev/null");
+    if ($? >> 8) {
+        print STDERR "Conntrack Logging: Failed to stop daemon.\n";
+        exit 1;
+    }
+  return; 
+}
-- 
cgit v1.2.3