From de3c9a1273701684084281d2372359c3e2609728 Mon Sep 17 00:00:00 2001 From: marta Date: Mon, 11 Jan 2010 10:07:28 +0000 Subject: [PATCH] Removed the cleanup file, it is now integrated into the backend. --- planetlab/ipfw-cleanup | 64 ----------------------------------------- planetlab/ipfw.cron | 4 +-- planetlab/ipfwroot.spec | 6 ++-- 3 files changed, 6 insertions(+), 68 deletions(-) delete mode 100755 planetlab/ipfw-cleanup diff --git a/planetlab/ipfw-cleanup b/planetlab/ipfw-cleanup deleted file mode 100755 index c58dc3e..0000000 --- a/planetlab/ipfw-cleanup +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -# -# Marta Carbone -# Copyright (C) 2009 Universita` di Pisa -# -# This script parse the ipfw rules -# and remove the old ones. -# -# The ipfw output is parsed and each time -# value stored as comment is compared against -# the current time. -# If the time value is older than current, -# the rules and related pipes will be deleted. -# -# $Id:$ - -DEBUG=0 # 1 to enable debug messages -LOG_FILE=/tmp/ipfw.log -# variable shared with the vsys ipfw-be backend -DBFILE=/tmp/ff - -debug() # $1 debug message -{ - if [ ! $DEBUG ]; then - echo "$1" >> $LOG_FILE - fi -} - -# Get $NOW referred to UTC -NOW=`date -u +%s` - -# check for module existence -/sbin/lsmod | grep ipfw >> /dev/null -if [ x"$?" == x"1" ]; then - debug "ipfw module does not exist" - exit 0; -fi - -cat ${DBFILE} | -awk ' - BEGIN { - system("echo Start to clean rules >> /tmp/ipfw.log"); - cleaned=0; - } - - # awk main body - { - slice_id=$1; - type=$2; - port=$3; - timeout=$6; - if (now > timeout) { - # call the backend script to cleanup expired rules - command="echo delete " type " " port " | /vsys/ipfw-be "; - # grep for the username - command=command "`grep :" slice_id ": /etc/passwd | cut -d ':' -f 1`"; - system(command); - cleaned++; - } - } - - END { system("echo " cleaned " rules cleaned >> /tmp/ipfw.log"); - } -' now=${NOW} diff --git a/planetlab/ipfw.cron b/planetlab/ipfw.cron index f6a6486..b5525a0 100644 --- a/planetlab/ipfw.cron +++ b/planetlab/ipfw.cron @@ -1,3 +1,3 @@ # Runs every 5 minutes and clean ipfw expired rules -# $Id$ -*/5 * * * * root /usr/bin/ipfw-cleanup > /dev/null 2>&1 +# $Id:$ +*/5 * * * * root echo "super killexpired" | /vsys/ipfw-be root > /dev/null 2>&1 diff --git a/planetlab/ipfwroot.spec b/planetlab/ipfwroot.spec index ef64aa0..a99da6e 100644 --- a/planetlab/ipfwroot.spec +++ b/planetlab/ipfwroot.spec @@ -58,13 +58,12 @@ rm -rf $RPM_BUILD_ROOT %install install -D -m 755 dummynet2/ipfw_mod.ko $RPM_BUILD_ROOT/lib/modules/%{kernel_id}/net/netfilter/ipfw_mod.ko install -D -m 755 ipfw/ipfw $RPM_BUILD_ROOT/sbin/ipfw -install -D -m 755 planetlab/ipfw-cleanup $RPM_BUILD_ROOT/usr/bin/ipfw-cleanup install -D -m 644 planetlab/ipfw.cron $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/ipfw.cron %post # load the module -##modprobe ipfw_mod ##depmod -a +##modprobe ipfw_mod # clean the old database and initialize the firewall ##echo "super dbcleanup" | /vsys/ipfw-be 0 ##echo "super init" | /vsys/ipfw-be 0 @@ -86,6 +85,9 @@ rm -rf $RPM_BUILD_ROOT LOADED=`cat /proc/modules | grep ^ipfw_mod`; if [ -n "$LOADED" ] ; then rmmod ipfw_mod; fi %changelog +* Mon Jan 11 2010 Marta Carbone +- Integrated the ipfw rules cleanup into the backend + * Sat Jan 09 2010 Thierry Parmentelat - ipfw-0.9-8 - builds on 2.6.22 & 2.6.27 - for 32 and 64 bits -- 2.43.0