summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-05-15 15:53:40 +0200
committerChristian Poessinger <christian@poessinger.com>2021-05-15 15:54:20 +0200
commitf931d316a6360e8b0e760d60a0c8fcc01e3ded13 (patch)
treec3abcbc7b625dc58f8555ed2b69c1023b9d5901b
parentc3c9d8da767161bca8d6e1e01f6223141376cdd6 (diff)
downloadvyos-1x-f931d316a6360e8b0e760d60a0c8fcc01e3ded13.tar.gz
vyos-1x-f931d316a6360e8b0e760d60a0c8fcc01e3ded13.zip
conntrack: T3535: add op-mode commands for tracked connections"
-rw-r--r--data/templates/conntrackd/conntrackd.op-mode.tmpl13
-rw-r--r--op-mode-definitions/conntrack-sync.xml.in58
-rwxr-xr-xsrc/op_mode/conntrack_sync.py54
3 files changed, 116 insertions, 9 deletions
diff --git a/data/templates/conntrackd/conntrackd.op-mode.tmpl b/data/templates/conntrackd/conntrackd.op-mode.tmpl
new file mode 100644
index 000000000..82a4b09ad
--- /dev/null
+++ b/data/templates/conntrackd/conntrackd.op-mode.tmpl
@@ -0,0 +1,13 @@
+Source Destination Protocol
+{% for parsed in data if parsed.flow is defined and parsed.flow.meta is defined %}
+{% for key in parsed.flow.meta %}
+{% if key['@direction'] == 'original' %}
+{% set saddr = key.layer3.src | bracketize_ipv6 %}
+{% set sport = key.layer4.sport %}
+{% set daddr = key.layer3.dst | bracketize_ipv6 %}
+{% set dport = key.layer4.dport %}
+{% set protocol = key.layer4['@protoname'] %}
+{{ "%-48s" | format(saddr ~ ':' ~ sport) }} {{ "%-48s" | format(daddr ~ ':' ~ dport) }} {{ protocol }}
+{% endif %}
+{% endfor %}
+{% endfor %}
diff --git a/op-mode-definitions/conntrack-sync.xml.in b/op-mode-definitions/conntrack-sync.xml.in
index cd0ec5cc8..d1d3bf744 100644
--- a/op-mode-definitions/conntrack-sync.xml.in
+++ b/op-mode-definitions/conntrack-sync.xml.in
@@ -33,4 +33,62 @@
</leafNode>
</children>
</node>
+ <node name="show">
+ <children>
+ <node name="conntrack-sync">
+ <properties>
+ <help>Show connection tracking synchronization information</help>
+ </properties>
+ <children>
+ <node name="cache">
+ <properties>
+ <help>Show connection tracking cache entries</help>
+ </properties>
+ <children>
+ <node name="external">
+ <properties>
+ <help>Show external connection tracking cache entries</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external; ${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command>
+ <children>
+ <leafNode name="main">
+ <properties>
+ <help>Show external main connection tracking cache entries</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external</command>
+ </leafNode>
+ <leafNode name="expect">
+ <properties>
+ <help>Show external expect connection tracking cache entries</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-external-expect</command>
+ </leafNode>
+ </children>
+ </node>
+ <node name="internal">
+ <properties>
+ <help>Show internal connection tracking cache entries</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal; ${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command>
+ <children>
+ <leafNode name="main">
+ <properties>
+ <help>Show internal main connection tracking cache entries</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal</command>
+ </leafNode>
+ <leafNode name="expect">
+ <properties>
+ <help>Show internal expect connection tracking cache entries</help>
+ </properties>
+ <command>${vyos_op_scripts_dir}/conntrack_sync.py --show-internal-expect</command>
+ </leafNode>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
+ </children>
+ </node>
</interfaceDefinition>
diff --git a/src/op_mode/conntrack_sync.py b/src/op_mode/conntrack_sync.py
index 48017c58a..66ecf8439 100755
--- a/src/op_mode/conntrack_sync.py
+++ b/src/op_mode/conntrack_sync.py
@@ -16,19 +16,26 @@
import os
import syslog
+import xmltodict
from argparse import ArgumentParser
from vyos.configquery import CliShellApiConfigQuery
-from vyos.util import call
+from vyos.util import cmd
from vyos.util import run
+from vyos.template import render_to_string
conntrackd_bin = '/usr/sbin/conntrackd'
conntrackd_config = '/run/conntrackd/conntrackd.conf'
parser = ArgumentParser(description='Conntrack Sync')
-parser.add_argument('--restart', help='Restart connection tracking synchronization service', action='store_true')
-parser.add_argument('--reset-cache-internal', help='Reset internal cache', action='store_true')
-parser.add_argument('--reset-cache-external', help='Reset external cache', action='store_true')
+group = parser.add_mutually_exclusive_group()
+group.add_argument('--restart', help='Restart connection tracking synchronization service', action='store_true')
+group.add_argument('--reset-cache-internal', help='Reset internal cache', action='store_true')
+group.add_argument('--reset-cache-external', help='Reset external cache', action='store_true')
+group.add_argument('--show-internal', help='Show internal (main) tracking cache', action='store_true')
+group.add_argument('--show-external', help='Show external (main) tracking cache', action='store_true')
+group.add_argument('--show-internal-expect', help='Show internal (expect) tracking cache', action='store_true')
+group.add_argument('--show-external-expect', help='Show external (expect) tracking cache', action='store_true')
def is_configured():
""" Check if conntrack-sync service is configured """
@@ -39,13 +46,13 @@ def is_configured():
def send_bulk_update():
""" send bulk update of internal-cache to other systems """
- tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -B')
+ tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -B')
if tmp > 0:
print('ERROR: failed to send bulk update to other conntrack-sync systems')
def request_sync():
""" request resynchronization with other systems """
- tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -n')
+ tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -n')
if tmp > 0:
print('ERROR: failed to request resynchronization of external cache')
@@ -53,10 +60,20 @@ def flush_cache(direction):
""" flush conntrackd cache (internal or external) """
if direction not in ['internal', 'external']:
raise ValueError()
- tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -f {direction}')
+ tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -f {direction}')
if tmp > 0:
print('ERROR: failed to clear {direction} cache')
+def xml_to_stdout(xml):
+ out = []
+ for line in xml.splitlines():
+ if line == '\n':
+ continue
+ parsed = xmltodict.parse(line)
+ out.append(parsed)
+
+ print(render_to_string('conntrackd/conntrackd.op-mode.tmpl', {'data' : out}))
+
if __name__ == '__main__':
args = parser.parse_args()
syslog.openlog(ident='conntrack-tools', logoption=syslog.LOG_PID,
@@ -66,7 +83,7 @@ if __name__ == '__main__':
is_configured()
syslog.syslog('Restarting conntrack sync service...')
- call('systemctl restart conntrackd.service')
+ cmd('systemctl restart conntrackd.service')
# request resynchronization with other systems
request_sync()
# send bulk update of internal-cache to other systems
@@ -88,13 +105,32 @@ if __name__ == '__main__':
flush_cache('internal')
# request resynchronization of internal cache with kernel conntrack table
- tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -R')
+ tmp = run(f'{conntrackd_bin} -C {conntrackd_config} -R')
if tmp > 0:
print('ERROR: failed to resynchronize internal cache with kernel conntrack table')
# send bulk update of internal-cache to other systems
send_bulk_update()
+ elif args.show_external or args.show_internal or args.show_external_expect or args.show_internal_expect:
+ is_configured()
+ opt = ''
+ if args.show_external:
+ opt = '-e ct'
+ elif args.show_external_expect:
+ opt = '-e expect'
+ elif args.show_internal:
+ opt = '-i ct'
+ elif args.show_internal_expect:
+ opt = '-i expect'
+
+ if args.show_external or args.show_internal:
+ print('Main Table Entries:')
+ else:
+ print('Expect Table Entries:')
+ out = cmd(f'sudo {conntrackd_bin} -C {conntrackd_config} {opt} -x')
+ xml_to_stdout(out)
+
else:
parser.print_help()
exit(1)