X-Git-Url: http://git.onelab.eu/?p=ipfw.git;a=blobdiff_plain;f=planetlab%2Fipfw-cleanup;h=c58dc3ef8cd615eb49411b780d19deb2f2a342de;hp=429328a578aaf82e6f3368a1f7c31eb4b262c7be;hb=fd71c20d7328b71ac47493f9f27925de690980ed;hpb=127aebb5ecac745bb693162d78d489ccba6273b9

diff --git a/planetlab/ipfw-cleanup b/planetlab/ipfw-cleanup
index 429328a..c58dc3e 100755
--- a/planetlab/ipfw-cleanup
+++ b/planetlab/ipfw-cleanup
@@ -2,7 +2,6 @@
 #
 # Marta Carbone
 # Copyright (C) 2009 Universita` di Pisa
-# $Id$
 #
 # This script parse the ipfw rules
 # and remove the old ones.
@@ -13,43 +12,53 @@
 # If the time value is older than current,
 # the rules and related pipes will be deleted.
 #
-# $Id$
+# $Id:$
+
+DEBUG=0		# 1 to enable debug messages
+LOG_FILE=/tmp/ipfw.log
+# variable shared with the vsys ipfw-be backend
+DBFILE=/tmp/ff
+
+debug() # $1 debug message
+{
+	if [ ! $DEBUG ]; then
+		echo "$1" >> $LOG_FILE
+	fi
+}
 
-RULE_LIST="ipfw show"
 # Get $NOW referred to UTC
 NOW=`date -u +%s`
 
 # check for module existence
-/sbin/lsmod | grep ipfw
+/sbin/lsmod | grep ipfw >> /dev/null
 if [ x"$?" == x"1" ]; then
-	echo "ipfw module does not exist";
+	debug "ipfw module does not exist"
 	exit 0;
 fi
 
-${RULE_LIST} | 
+cat ${DBFILE} | 
 awk '
 	BEGIN {
-		print now a "Start to clean rules ";
+		system("echo Start to clean rules >> /tmp/ipfw.log");
 		cleaned=0;
 	}
 
-	# delete rules and pipes
-	function delete_rule(rule_id) {
-		command="/sbin/ipfw delete " rule_id "; ipfw pipe delete " rule_id;
-		system(command);
-	}
-
 	# awk main body
-	/\/\/\ [0-9]*/ { # select timeout string
-
-			timeout=$13;
-
-			if (now > timeout) {
-				delete_rule($1);
-				cleaned++;
-			}
+	{
+		slice_id=$1;
+		type=$2;
+		port=$3;
+		timeout=$6;
+		if (now > timeout) {
+			# call the backend script to cleanup expired rules
+			command="echo delete " type " " port " | /vsys/ipfw-be ";
+			# grep for the username
+			command=command "`grep :" slice_id ": /etc/passwd | cut -d ':' -f 1`";
+			system(command);
+			cleaned++;
+		}
 	}
 
-	END {	print " " cleaned " rules cleaned";
+	END {	system("echo " cleaned " rules cleaned >> /tmp/ipfw.log");
 	}
 ' now=${NOW}