diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-02 16:39:50 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-02 16:39:50 -0800 |
| commit | f2cfa4bbdf4f68f0e4c527da1b2188160792c870 (patch) | |
| tree | 062b8deadd2a829210eaf53f7856f34386df926b | |
| parent | ad8c4bbebef0fb038d2a7ac68077a122ad994d68 (diff) | |
| download | vyatta-nat-f2cfa4bbdf4f68f0e4c527da1b2188160792c870.tar.gz vyatta-nat-f2cfa4bbdf4f68f0e4c527da1b2188160792c870.zip | |
partial fix for bug 4115 'clear nat translations' does not clear nat translations
* added op-mode commands to clear counters for NAT rules
clear nat counters # clear counters for all NAT rules
clear nat counters rule <rule-num> # clear counters for a specific NAT rule
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rwxr-xr-x | scripts/vyatta-clear-nat-counters.pl | 100 | ||||
| -rw-r--r-- | templates-op/clear/nat/counters/node.def | 2 | ||||
| -rw-r--r-- | templates-op/clear/nat/counters/rule/node.def | 1 | ||||
| -rw-r--r-- | templates-op/clear/nat/counters/rule/node.tag/node.def | 3 |
5 files changed, 106 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index b7b2432..af54b1f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -8,6 +8,7 @@ curverdir = $(sysconfdir)/config-migrate/current sbin_SCRIPTS = scripts/vyatta-update-nat.pl sbin_SCRIPTS += scripts/vyatta-show-nat.pl sbin_SCRIPTS += scripts/vyatta-show-nat-rules.pl +sbin_SCRIPTS += scripts/vyatta-clear-nat-counters.pl bin_sudo_users_SCRIPTS = scripts/vyatta-clear-nat bin_sudo_users_SCRIPTS += scripts/vyatta-nat-translations.pl diff --git a/scripts/vyatta-clear-nat-counters.pl b/scripts/vyatta-clear-nat-counters.pl new file mode 100755 index 0000000..53a0be3 --- /dev/null +++ b/scripts/vyatta-clear-nat-counters.pl @@ -0,0 +1,100 @@ +#!/usr/bin/perl +# +# Module: vyatta-clear-nat-counters.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006-2009 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: February 2010 +# Description: Script to clear nat counters +# +# **** End License **** +# + +use Getopt::Long; +use POSIX; +use warnings; +use strict; +use lib "/opt/vyatta/share/perl5"; +use Vyatta::Config; + +# NAT type mapping from config node to iptables chain +my %chain_hash = ( 'source' => 'POSTROUTING', + 'destination' => 'PREROUTING', + 'masquerade' => 'POSTROUTING'); + +sub clear_rule { + my $clirule = shift; + my $error = undef; + + if ($clirule eq 'all') { + # clear counters for all rules in NAT table + $error = system("sudo /sbin/iptables -Z -t nat &>/dev/null"); + return "error clearing NAT rule counters" if $error; + } else { + # clear counters for a specific NAT rule + my $config = new Vyatta::Config; + $config->setLevel("service nat rule"); + my @rules = $config->listOrigNodes(); + + # validate that it's a legit CLI rule + if (!((scalar(grep(/^$clirule$/, @rules)) > 0))) { + return "Invalid NAT rule number \"$clirule\""; + } + + # determine rule type + my $rule_type = $config->returnOrigValue("$clirule type"); + + # find corresponding rulenum in the underlying NAT table + my $iptables_rule = undef; + my $cmd = "sudo /sbin/iptables -L $chain_hash{$rule_type} -t nat -nv " . + "--line-numbers | grep '/\* NAT-$clirule ' | awk {'print \$1'}"; + $iptables_rule = `$cmd`; + return "couldn't find an underlying iptables rule" if ! defined $iptables_rule; + chomp $iptables_rule; + + # clear the counters for that rule + $cmd = "sudo /sbin/iptables -t nat -Z $chain_hash{$rule_type} $iptables_rule"; + $error = system($cmd); + return "error clearing counters for NAT rule $clirule" if $error; + } + return; +} + +# +# main +# + +my ($clirulenum); +GetOptions("clirule=s" => \$clirulenum); + +die "undefined rule number" if ! defined $clirulenum; + +my ($error, $warning); + +($error, $warning) = clear_rule($clirulenum); + +if (defined $warning) { + print "$warning\n"; +} + +if (defined $error) { + print "$error\n"; + exit 1; +} + +exit 0; + +# end of file diff --git a/templates-op/clear/nat/counters/node.def b/templates-op/clear/nat/counters/node.def index acd6adb..3327eda 100644 --- a/templates-op/clear/nat/counters/node.def +++ b/templates-op/clear/nat/counters/node.def @@ -1,2 +1,2 @@ help: Clear NAT counters -run: sudo /sbin/iptables -Z -t nat +run: /opt/vyatta/sbin/vyatta-clear-nat-counters.pl --clirule=all diff --git a/templates-op/clear/nat/counters/rule/node.def b/templates-op/clear/nat/counters/rule/node.def new file mode 100644 index 0000000..806ad0a --- /dev/null +++ b/templates-op/clear/nat/counters/rule/node.def @@ -0,0 +1 @@ +help: Clear counters for a specific NAT rule diff --git a/templates-op/clear/nat/counters/rule/node.tag/node.def b/templates-op/clear/nat/counters/rule/node.tag/node.def new file mode 100644 index 0000000..2d1b4a9 --- /dev/null +++ b/templates-op/clear/nat/counters/rule/node.tag/node.def @@ -0,0 +1,3 @@ +help: Clear counters for a specific NAT rule +allowed: ls /opt/vyatta/config/active/service/nat/rule/ 2>/dev/null +run: /opt/vyatta/sbin/vyatta-clear-nat-counters.pl --clirule="$5" |