summaryrefslogtreecommitdiff
path: root/src/op_mode/conntrack_sync.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-05-13 17:20:48 +0200
committerChristian Poessinger <christian@poessinger.com>2021-05-14 21:39:46 +0200
commita93ea04589918d9f984c11892b1a712cab811a3c (patch)
tree1962a7ab009796999be881064ee706da2b1b67fc /src/op_mode/conntrack_sync.py
parent4d11715bd936d5d111bb3cd6e289ef2b3c3c218a (diff)
downloadvyos-1x-a93ea04589918d9f984c11892b1a712cab811a3c.tar.gz
vyos-1x-a93ea04589918d9f984c11892b1a712cab811a3c.zip
op-mode: conntrack: T3535: add XML command definitions
Diffstat (limited to 'src/op_mode/conntrack_sync.py')
-rwxr-xr-xsrc/op_mode/conntrack_sync.py100
1 files changed, 100 insertions, 0 deletions
diff --git a/src/op_mode/conntrack_sync.py b/src/op_mode/conntrack_sync.py
new file mode 100755
index 000000000..48017c58a
--- /dev/null
+++ b/src/op_mode/conntrack_sync.py
@@ -0,0 +1,100 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import syslog
+
+from argparse import ArgumentParser
+from vyos.configquery import CliShellApiConfigQuery
+from vyos.util import call
+from vyos.util import run
+
+conntrackd_bin = '/usr/sbin/conntrackd'
+conntrackd_config = '/run/conntrackd/conntrackd.conf'
+
+parser = ArgumentParser(description='Conntrack Sync')
+parser.add_argument('--restart', help='Restart connection tracking synchronization service', action='store_true')
+parser.add_argument('--reset-cache-internal', help='Reset internal cache', action='store_true')
+parser.add_argument('--reset-cache-external', help='Reset external cache', action='store_true')
+
+def is_configured():
+ """ Check if conntrack-sync service is configured """
+ config = CliShellApiConfigQuery()
+ if not config.exists(['service', 'conntrack-sync']):
+ print('Service conntrackd-sync not configured!')
+ exit(1)
+
+def send_bulk_update():
+ """ send bulk update of internal-cache to other systems """
+ tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -B')
+ if tmp > 0:
+ print('ERROR: failed to send bulk update to other conntrack-sync systems')
+
+def request_sync():
+ """ request resynchronization with other systems """
+ tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -n')
+ if tmp > 0:
+ print('ERROR: failed to request resynchronization of external cache')
+
+def flush_cache(direction):
+ """ flush conntrackd cache (internal or external) """
+ if direction not in ['internal', 'external']:
+ raise ValueError()
+ tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -f {direction}')
+ if tmp > 0:
+ print('ERROR: failed to clear {direction} cache')
+
+if __name__ == '__main__':
+ args = parser.parse_args()
+ syslog.openlog(ident='conntrack-tools', logoption=syslog.LOG_PID,
+ facility=syslog.LOG_INFO)
+
+ if args.restart:
+ is_configured()
+
+ syslog.syslog('Restarting conntrack sync service...')
+ call('systemctl restart conntrackd.service')
+ # request resynchronization with other systems
+ request_sync()
+ # send bulk update of internal-cache to other systems
+ send_bulk_update()
+
+ elif args.reset_cache_external:
+ is_configured()
+ syslog.syslog('Resetting external cache of conntrack sync service...')
+
+ # flush the external cache
+ flush_cache('external')
+ # request resynchronization with other systems
+ request_sync()
+
+ elif args.reset_cache_internal:
+ is_configured()
+ syslog.syslog('Resetting internal cache of conntrack sync service...')
+ # flush the internal cache
+ flush_cache('internal')
+
+ # request resynchronization of internal cache with kernel conntrack table
+ tmp = run(f'{conntrackd_bin} -c {conntrackd_config} -R')
+ if tmp > 0:
+ print('ERROR: failed to resynchronize internal cache with kernel conntrack table')
+
+ # send bulk update of internal-cache to other systems
+ send_bulk_update()
+
+ else:
+ parser.print_help()
+ exit(1)