diff options
| author | Lulu Cathrinus Grimalkin <e.altunbas@vyos.io> | 2021-08-15 13:10:20 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-15 12:10:20 +0200 |
| commit | 43fcc0db006a12024df1b49d6f3c9e99ce165226 (patch) | |
| tree | b946a2c680b65234e47544e74c5da7b5d8ff8ba2 | |
| parent | 9b21e4a769385514f0bf625d665d588266dc6de4 (diff) | |
| download | vyos-1x-43fcc0db006a12024df1b49d6f3c9e99ce165226.tar.gz vyos-1x-43fcc0db006a12024df1b49d6f3c9e99ce165226.zip | |
conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new default behavior
| -rw-r--r-- | interface-definitions/include/conntrack-module-disable.xml.i | 8 | ||||
| -rw-r--r-- | interface-definitions/system-conntrack.xml.in | 44 | ||||
| -rwxr-xr-x | src/conf_mode/conntrack.py | 2 | ||||
| -rwxr-xr-x | src/migration-scripts/conntrack/2-to-3 | 37 |
4 files changed, 53 insertions, 38 deletions
diff --git a/interface-definitions/include/conntrack-module-disable.xml.i b/interface-definitions/include/conntrack-module-disable.xml.i deleted file mode 100644 index f891225e0..000000000 --- a/interface-definitions/include/conntrack-module-disable.xml.i +++ /dev/null @@ -1,8 +0,0 @@ -<!-- include start from conntrack-module-disable.xml.i --> -<leafNode name="disable"> - <properties> - <help>Disable connection tracking helper</help> - <valueless/> - </properties> -</leafNode> -<!-- include end --> diff --git a/interface-definitions/system-conntrack.xml.in b/interface-definitions/system-conntrack.xml.in index fa73df3db..c408e9bdd 100644 --- a/interface-definitions/system-conntrack.xml.in +++ b/interface-definitions/system-conntrack.xml.in @@ -37,64 +37,50 @@ </leafNode> <node name="modules"> <properties> - <help>Connection tracking modules settings</help> + <help>Connection tracking modules</help> </properties> <children> <node name="ftp"> <properties> - <help>FTP connection tracking settings</help> + <help>FTP connection tracking</help> + <valueless/> </properties> - <children> - #include <include/conntrack-module-disable.xml.i> - </children> </node> <node name="h323"> <properties> - <help>H.323 connection tracking settings</help> + <help>H.323 connection tracking</help> + <valueless/> </properties> - <children> - #include <include/conntrack-module-disable.xml.i> - </children> </node> <node name="nfs"> <properties> - <help>NFS connection tracking settings</help> + <help>NFS connection tracking</help> + <valueless/> </properties> - <children> - #include <include/conntrack-module-disable.xml.i> - </children> </node> <node name="pptp"> <properties> - <help>PPTP connection tracking settings</help> + <help>PPTP connection tracking</help> + <valueless/> </properties> - <children> - #include <include/conntrack-module-disable.xml.i> - </children> </node> <node name="sip"> <properties> - <help>SIP connection tracking settings</help> + <help>SIP connection tracking</help> + <valueless/> </properties> - <children> - #include <include/conntrack-module-disable.xml.i> - </children> </node> <node name="sqlnet"> <properties> - <help>SQLnet connection tracking settings</help> + <help>SQLnet connection tracking</help> + <valueless/> </properties> - <children> - #include <include/conntrack-module-disable.xml.i> - </children> </node> <node name="tftp"> <properties> - <help>TFTP connection tracking settings</help> + <help>TFTP connection tracking</help> + <valueless/> </properties> - <children> - #include <include/conntrack-module-disable.xml.i> - </children> </node> </children> </node> diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/conntrack.py index 4e6e39c0f..b305265db 100755 --- a/src/conf_mode/conntrack.py +++ b/src/conf_mode/conntrack.py @@ -97,7 +97,7 @@ def apply(conntrack): # Depending on the enable/disable state of the ALG (Application Layer Gateway) # modules we need to either insmod or rmmod the helpers. for module, module_config in module_map.items(): - if dict_search(f'modules.{module}.disable', conntrack) != None: + if dict_search(f'modules.{module}', conntrack) is None: if 'ko' in module_config: for mod in module_config['ko']: # Only remove the module if it's loaded diff --git a/src/migration-scripts/conntrack/2-to-3 b/src/migration-scripts/conntrack/2-to-3 new file mode 100755 index 000000000..8a8b43279 --- /dev/null +++ b/src/migration-scripts/conntrack/2-to-3 @@ -0,0 +1,37 @@ +#!/usr/bin/env python3 + +# Conntrack syntax version 3 +# Enables all conntrack modules (previous default behaviour) and omits manually disabled modules. + +import sys + +from vyos.configtree import ConfigTree +from vyos.version import get_version + +if len(sys.argv) < 1: + print('Must specify file name!') + sys.exit(1) + +filename = sys.argv[1] + +with open(filename, 'r') as f: + config = ConfigTree(f.read()) + +module_path = ['system', 'conntrack', 'modules'] + +# Go over all conntrack modules available as of v1.3.0. +for module in ['ftp', 'h323', 'nfs', 'pptp', 'sip', 'sqlnet', 'tftp']: + # 'disable' is being phased out. + if config.exists(module_path + [module, 'disable']): + config.delete(module_path + [module]) + # If it wasn't manually 'disable'd, it was enabled by default. + else: + config.set(module_path + [module]) + +try: + if config.exists(module_path): + with open(filename, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print(f'Failed to save the modified config: {e}') + sys.exit(1) |