From a7f35e8c7db79faa471b560d832732e58d8e75ec Mon Sep 17 00:00:00 2001
From: Gaurav <gaurav.sinha@vyatta.com>
Date: Mon, 27 Feb 2012 11:14:14 -0800
Subject: do_protocol_check function, mandates one protocol subtree per rule
 max (cherry picked from commit c69383c5187f1e702a7146d3762834b70874a344)

---
 scripts/vyatta-conntrack-timeouts.pl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'scripts')

diff --git a/scripts/vyatta-conntrack-timeouts.pl b/scripts/vyatta-conntrack-timeouts.pl
index ffc66d3..ce115e0 100644
--- a/scripts/vyatta-conntrack-timeouts.pl
+++ b/scripts/vyatta-conntrack-timeouts.pl
@@ -124,15 +124,27 @@ sub handle_rule_creation {
   my ($rule) = @_;
   my $node = new Vyatta::Conntrack::RuleCT;
   my ($rule_string, $timeout_policy);
+  do_protocol_check($rule);
   $node->setup("system conntrack timeout custom rule $rule");
   $rule_string = $node->rule();
   $timeout_policy = $node->get_policy_command(); #nfct-timeout command string
   apply_timeout_policy($rule_string, $timeout_policy);
 }
 
+# we mandate only one protocol configuration per rule
+sub do_protocol_check {
+  my ($rule) = @_;
+  my $config = new Vyatta::Config;
+  my $protocol_nos = $config->listNodes("system conntrack timeout custom rule $rule protocol");
+  if ($protocol_nos > 1) {
+    Vyatta::Config::outputError(["Conntrack"], "Conntrack config error: more than one protocol in rule $rule");
+    exit 1;
+  }
+}
 
 sub handle_rule_modification {
   my ($rule) = @_;
+  do_protocol_check($rule);
   handle_rule_deletion($rule);
   handle_rule_creation($rule);
 }
-- 
cgit v1.2.3