conntrack: T3535: add op-mode commands for tracked connections"

author: Christian Poessinger <christian@poessinger.com> 2021-05-15 15:53:40 +0200
committer: Christian Poessinger <christian@poessinger.com> 2021-05-15 15:54:20 +0200
commit: f931d316a6360e8b0e760d60a0c8fcc01e3ded13 (patch)
tree: c3abcbc7b625dc58f8555ed2b69c1023b9d5901b
parent: c3c9d8da767161bca8d6e1e01f6223141376cdd6 (diff)
download: vyos-1x-f931d316a6360e8b0e760d60a0c8fcc01e3ded13.tar.gz
vyos-1x-f931d316a6360e8b0e760d60a0c8fcc01e3ded13.zip
3 files changed, 116 insertions, 9 deletions
diff --git a/data/templates/conntrackd/conntrackd.op-mode.tmpl b/data/templates/conntrackd/conntrackd.op-mode.tmpl
new file mode 100644
index 000000000..82a4b09ad
--- /dev/null
+++ b/data/templates/conntrackd/conntrackd.op-mode.tmpl
@@ -0,0 +1,13 @@
+Source                                           Destination                                      Protocol
+{% for parsed in data if parsed.flow is defined and parsed.flow.meta is defined %}
+{%   for key in parsed.flow.meta %}
+{%     if key['@direction'] == 'original' %}
+{%       set saddr    = key.layer3.src | bracketize_ipv6 %}
+{%       set sport    = key.layer4.sport %}
+{%       set daddr    = key.layer3.dst | bracketize_ipv6 %}
+{%       set dport    = key.layer4.dport %}
+{%       set protocol = key.layer4['@protoname'] %}
+{{ "%-48s" | format(saddr ~ ':' ~ sport) }} {{ "%-48s" | format(daddr ~ ':' ~ dport) }} {{ protocol }}
+{%     endif %}
+{%   endfor %}
+{% endfor %}
diff --git a/op-mode-definitions/conntrack-sync.xml.in b/op-mode-definitions/conntrack-sync.xml.in
index cd0ec5cc8..d1d3bf744 100644
--- a/op-mode-definitions/conntrack-sync.xml.in
+++ b/op-mode-definitions/conntrack-sync.xml.in
@@ -33,4 +33,62 @@
       </leafNode>
     </children>
   </node>
+  <node name="show">
+    <children>
+      <node name="conntrack-sync">
+        <properties>
+          <help>Show connection tracking synchronization information</help>
+        </properties>
+        <children>
+          <node name="cache">
+            <properties>
+              <help>Show connection tracking cache entries</help>
+            </properties>
+            <children>
+              <node name="external">
+                <properties>
+                  <help>Show external connection tracking cache entries</help>
+                </properties>
+                <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external; ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command>
+                <children>
+                  <leafNode name="main">
+                    <properties>
+                      <help>Show external main connection tracking cache entries</help>
+                    </properties>
+                    <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external</command>
+                  </leafNode>
+                  <leafNode name="expect">
+                    <properties>
+                      <help>Show external expect connection tracking cache entries</help>
+                    </properties>
+                    <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command>
+                  </leafNode>
+                </children>
+              </node>
+              <node name="internal">
+                <properties>
+                  <help>Show internal connection tracking cache entries</help>
+                </properties>
+                <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal; ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command>
+                <children>
+                  <leafNode name="main">
+                    <properties>
+                      <help>Show internal main connection tracking cache entries</help>
+                    </properties>
+                    <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal</command>
+                  </leafNode>
+                  <leafNode name="expect">
+                    <properties>
+                      <help>Show internal expect connection tracking cache entries</help>
+                    </properties>
+                    <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command>
+                  </leafNode>
+                </children>
+              </node>
+            </children>
+          </node>
+        </children>
+      </node>
+    </children>
+  </node>
 </interfaceDefinition>
diff --git a/src/op_mode/conntrack_sync.py b/src/op_mode/conntrack_sync.py
index 48017c58a..66ecf8439 100755
--- a/src/op_mode/conntrack_sync.py
+++ b/src/op_mode/conntrack_sync.py
@@ -16,19 +16,26 @@
 
 import os
 import syslog
+import xmltodict
 
 from argparse import ArgumentParser
 from vyos.configquery import CliShellApiConfigQuery
-from vyos.util import call
+from vyos.util import cmd
 from vyos.util import run
+from vyos.template import render_to_string
 
 conntrackd_bin = '/usr/sbin/conntrackd'
 conntrackd_config = '/run/conntrackd/conntrackd.conf'
 
 parser = ArgumentParser(description='Conntrack Sync')
-parser.add_argument('--restart', help='Restart connection tracking synchronization service', action='store_true')
-parser.add_argument('--reset-cache-internal', help='Reset internal cache', action='store_true')
-parser.add_argument('--reset-cache-external', help='Reset external cache', action='store_true')
+group = parser.add_mutually_exclusive_group()
+group.add_argument('--restart', help='Restart connection tracking synchronization service', action='store_true')
+group.add_argument('--reset-cache-internal', help='Reset internal cache', action='store_true')
+group.add_argument('--reset-cache-external', help='Reset external cache', action='store_true')
+group.add_argument('--show-internal', help='Show internal (main) tracking cache', action='store_true')
+group.add_argument('--show-external', help='Show external (main) tracking cache', action='store_true')
+group.add_argument('--show-internal-expect', help='Show internal (expect) tracking cache', action='store_true')
+group.add_argument('--show-external-expect', help='Show external (expect) tracking cache', action='store_true')
 
 def is_configured():
     """ Check if conntrack-sync service is configured """
@@ -39,13 +46,13 @@ def is_configured():
 
 def send_bulk_update():
     """ send bulk update of internal-cache to other systems """
-    tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -B')
+    tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -B')
     if tmp > 0:
         print('ERROR: failed to send bulk update to other conntrack-sync systems')
 
 def request_sync():
     """ request resynchronization with other systems """
-    tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -n')
+    tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -n')
     if tmp > 0:
         print('ERROR: failed to request resynchronization of external cache')
 
@@ -53,10 +60,20 @@ def flush_cache(direction):
     """ flush conntrackd cache (internal or external) """
     if direction not in ['internal', 'external']:
         raise ValueError()
-    tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -f {direction}')
+    tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -f {direction}')
     if tmp > 0:
         print('ERROR: failed to clear {direction} cache')
 
+def xml_to_stdout(xml):
+    out = []
+    for line in xml.splitlines():
+        if line == '\n':
+            continue
+        parsed = xmltodict.parse(line)
+        out.append(parsed)
+
+    print(render_to_string('conntrackd/conntrackd.op-mode.tmpl', {'data' : out}))
+
 if __name__ == '__main__':
     args = parser.parse_args()
     syslog.openlog(ident='conntrack-tools', logoption=syslog.LOG_PID,
@@ -66,7 +83,7 @@ if __name__ == '__main__':
         is_configured()
 
         syslog.syslog('Restarting conntrack sync service...')
-        call('systemctl restart conntrackd.service')
+        cmd('systemctl restart conntrackd.service')
         # request resynchronization with other systems
         request_sync()
         # send bulk update of internal-cache to other systems
@@ -88,13 +105,32 @@ if __name__ == '__main__':
         flush_cache('internal')
 
         # request resynchronization of internal cache with kernel conntrack table
-        tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -R')
+        tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -R')
         if tmp > 0:
             print('ERROR: failed to resynchronize internal cache with kernel conntrack table')
 
         # send bulk update of internal-cache to other systems
         send_bulk_update()
 
+    elif args.show_external or args.show_internal or args.show_external_expect or args.show_internal_expect:
+        is_configured()
+        opt = ''
+        if args.show_external:
+            opt = '-e ct'
+        elif args.show_external_expect:
+            opt = '-e expect'
+        elif args.show_internal:
+            opt = '-i ct'
+        elif args.show_internal_expect:
+            opt = '-i expect'
+
+        if args.show_external or args.show_internal:
+            print('Main Table Entries:')
+        else:
+            print('Expect Table Entries:')
+        out = cmd(f'sudo {conntrackd_bin} -C {conntrackd_config} {opt} -x')
+        xml_to_stdout(out)
+
     else:
         parser.print_help()
         exit(1)
author	Christian Poessinger <christian@poessinger.com>	2021-05-15 15:53:40 +0200
committer	Christian Poessinger <christian@poessinger.com>	2021-05-15 15:54:20 +0200
commit	f931d316a6360e8b0e760d60a0c8fcc01e3ded13 (patch)
tree	c3abcbc7b625dc58f8555ed2b69c1023b9d5901b
parent	c3c9d8da767161bca8d6e1e01f6223141376cdd6 (diff)
download	vyos-1x-f931d316a6360e8b0e760d60a0c8fcc01e3ded13.tar.gz vyos-1x-f931d316a6360e8b0e760d60a0c8fcc01e3ded13.zip