From 59981f71c1d510d4c4227746d9eee5ded41571d5 Mon Sep 17 00:00:00 2001 From: Sheng Yang Date: Mon, 9 Jan 2012 20:02:53 -0800 Subject: [PATCH] bug 12883: Fix numerous NETWORK_STAT related rule in iptables Also use script in the router for the execution. status 12883: resolved fixed --- .../systemvm/debian/config/root/netusage.sh | 14 +- scripts/network/domr/networkUsage.sh | 120 +----------------- 2 files changed, 15 insertions(+), 119 deletions(-) diff --git a/patches/systemvm/debian/config/root/netusage.sh b/patches/systemvm/debian/config/root/netusage.sh index f7dbd4a4ab3..fc5267fcfb2 100644 --- a/patches/systemvm/debian/config/root/netusage.sh +++ b/patches/systemvm/debian/config/root/netusage.sh @@ -37,6 +37,11 @@ usage() { } create_usage_rules () { + iptables-save|grep "INPUT -j NETWORK_STATS" > /dev/null + if [ $? -eq 0 ] + then + return $? + fi iptables -N NETWORK_STATS > /dev/null iptables -I FORWARD -j NETWORK_STATS > /dev/null iptables -I INPUT -j NETWORK_STATS > /dev/null @@ -50,6 +55,11 @@ create_usage_rules () { add_public_interface () { local pubIf=$1 + iptables-save|grep "NETWORK_STATS -i eth0 -o $pubIf" > /dev/null + if [ $? -eq 0 ] + then + return $? + fi iptables -A NETWORK_STATS -i eth0 -o $pubIf > /dev/null iptables -A NETWORK_STATS -i $pubIf -o eth0 > /dev/null iptables -A NETWORK_STATS -o $pubIf ! -i eth0 -p tcp > /dev/null @@ -91,7 +101,7 @@ iflag= aflag= dflag= -while getopts 'cgra:d:' OPTION +while getopts 'cgria:d:' OPTION do case $OPTION in c) cflag=1 @@ -106,6 +116,8 @@ do d) dflag=1 publicIf="$OPTARG" ;; + i) #Do nothing, since it's parameter for host script + ;; ?) usage unlock_exit 2 $lock $locked ;; diff --git a/scripts/network/domr/networkUsage.sh b/scripts/network/domr/networkUsage.sh index 68d4ad61b80..545f0d94dc4 100755 --- a/scripts/network/domr/networkUsage.sh +++ b/scripts/network/domr/networkUsage.sh @@ -41,97 +41,12 @@ check_gw() { cert="/root/.ssh/id_rsa.cloud" -create_usage_rules () { - local dRIp=$1 - ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\ - iptables -N NETWORK_STATS > /dev/null; - iptables -I FORWARD -j NETWORK_STATS > /dev/null; - iptables -I INPUT -j NETWORK_STATS > /dev/null; - iptables -I OUTPUT -j NETWORK_STATS > /dev/null; - iptables -A NETWORK_STATS -i eth0 -o eth2 > /dev/null; - iptables -A NETWORK_STATS -i eth2 -o eth0 > /dev/null; - iptables -A NETWORK_STATS -o eth2 ! -i eth0 -p tcp > /dev/null; - iptables -A NETWORK_STATS -i eth2 ! -o eth0 -p tcp > /dev/null; - " - return $? -} - -add_public_interface () { - local dRIp=$1 - local pubIf=$2 - ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\ - iptables -A NETWORK_STATS -i eth0 -o $pubIf > /dev/null; - iptables -A NETWORK_STATS -i $pubIf -o eth0 > /dev/null; - iptables -A NETWORK_STATS -o $pubIf ! -i eth0 -p tcp > /dev/null; - iptables -A NETWORK_STATS -i $pubIf ! -o eth0 -p tcp > /dev/null; - " - return $? -} - -delete_public_interface () { - local dRIp=$1 - local pubIf=$2 - ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\ - echo $pubIf >> /root/removedVifs; - " - return $? -} - -get_usage () { - local dRIp=$1 - ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\ - iptables -L NETWORK_STATS -n -v -x | awk '\$1 ~ /^[0-9]+\$/ { printf \"%s:\", \$2}'; - if [ -f /root/removedVifs ] ; then iptables -Z NETWORK_STATS ; fi; - /root/clearUsageRules.sh > /dev/null; - " - if [ $? -gt 0 -a $? -ne 2 ] - then - printf $? - return 1 - fi -} - -reset_usage () { - local dRIp=$1 - ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\ - iptables -Z NETWORK_STATS > /dev/null; - " - if [ $? -gt 0 -a $? -ne 2 ] - then - return 1 - fi -} - -#set -x - -cflag= -gflag= -rflag= -iflag= -aflag= -dflag= - while getopts 'cgri:a:d:' OPTION do case $OPTION in - c) cflag=1 - ;; - g) gflag=1 - ;; - r) rflag=1 - ;; i) iflag=1 domRIp="$OPTARG" ;; - a) aflag=1 - publicIf="$OPTARG" - ;; - d) dflag=1 - publicIf="$OPTARG" - ;; - ?) usage - exit 2 - ;; esac done @@ -142,36 +57,5 @@ then exit 3 fi - -if [ "$cflag" == "1" ] -then - create_usage_rules $domRIp - exit $? -fi - -if [ "$gflag" == "1" ] -then - get_usage $domRIp - exit $? -fi - -if [ "$rflag" == "1" ] -then - reset_usage $domRIp - exit $? -fi - -if [ "$aflag" == "1" ] -then - add_public_interface $domRIp $publicIf - exit $? -fi - -if [ "$dflag" == "1" ] -then - delete_public_interface $domRIp $publicIf - exit $? -fi - -exit 0 - +ssh -p 3922 -q -o StrictHostKeyChecking=no -i $cert root@$domRIp "/root/netusage.sh $*" +exit $?