From fd71c20d7328b71ac47493f9f27925de690980ed Mon Sep 17 00:00:00 2001 From: marta Date: Wed, 16 Dec 2009 17:10:02 +0000 Subject: [PATCH] Update the cleanup for expired rules. Changed the package name, properties set. --- planetlab/ipfw-cleanup | 53 ++++++++++++++++++++++--------------- planetlab/ipfwroot.spec | 8 +++--- planetlab/ipfwslice.spec | 6 ++--- planetlab/planetlab-tags.mk | 2 +- planetlab/planetlab.mk | 2 +- planetlab/sample_hook | 1 + 6 files changed, 41 insertions(+), 31 deletions(-) diff --git a/planetlab/ipfw-cleanup b/planetlab/ipfw-cleanup index 429328a..c58dc3e 100755 --- a/planetlab/ipfw-cleanup +++ b/planetlab/ipfw-cleanup @@ -2,7 +2,6 @@ # # Marta Carbone # Copyright (C) 2009 Universita` di Pisa -# $Id$ # # This script parse the ipfw rules # and remove the old ones. @@ -13,43 +12,53 @@ # If the time value is older than current, # the rules and related pipes will be deleted. # -# $Id$ +# $Id:$ + +DEBUG=0 # 1 to enable debug messages +LOG_FILE=/tmp/ipfw.log +# variable shared with the vsys ipfw-be backend +DBFILE=/tmp/ff + +debug() # $1 debug message +{ + if [ ! $DEBUG ]; then + echo "$1" >> $LOG_FILE + fi +} -RULE_LIST="ipfw show" # Get $NOW referred to UTC NOW=`date -u +%s` # check for module existence -/sbin/lsmod | grep ipfw +/sbin/lsmod | grep ipfw >> /dev/null if [ x"$?" == x"1" ]; then - echo "ipfw module does not exist"; + debug "ipfw module does not exist" exit 0; fi -${RULE_LIST} | +cat ${DBFILE} | awk ' BEGIN { - print now a "Start to clean rules "; + system("echo Start to clean rules >> /tmp/ipfw.log"); cleaned=0; } - # delete rules and pipes - function delete_rule(rule_id) { - command="/sbin/ipfw delete " rule_id "; ipfw pipe delete " rule_id; - system(command); - } - # awk main body - /\/\/\ [0-9]*/ { # select timeout string - - timeout=$13; - - if (now > timeout) { - delete_rule($1); - cleaned++; - } + { + slice_id=$1; + type=$2; + port=$3; + timeout=$6; + if (now > timeout) { + # call the backend script to cleanup expired rules + command="echo delete " type " " port " | /vsys/ipfw-be "; + # grep for the username + command=command "`grep :" slice_id ": /etc/passwd | cut -d ':' -f 1`"; + system(command); + cleaned++; + } } - END { print " " cleaned " rules cleaned"; + END { system("echo " cleaned " rules cleaned >> /tmp/ipfw.log"); } ' now=${NOW} diff --git a/planetlab/ipfwroot.spec b/planetlab/ipfwroot.spec index 25b418e..0e5e696 100644 --- a/planetlab/ipfwroot.spec +++ b/planetlab/ipfwroot.spec @@ -1,11 +1,11 @@ # -# $Id$ +# $Id: ipfwroot.spec 16174 2009-12-15 13:38:15Z marta $ # # TODO: # restart crond # modprobe ipfw_mod.ko (depmod ?) # -%define url $URL: http://onelab1.iet.unipi.it/svn/trunk/ipfw.spec $ +%define url $URL:$ # Marta Carbone # 2009 - Universita` di Pisa @@ -15,7 +15,7 @@ # kernel_release : vs2.3.0.29.1.planetlab # kernel_version : 2.6.22.14 -%define name ipfw +%define name ipfwroot %define version 0.9 %define taglevel 7 @@ -59,7 +59,7 @@ rm -rf $RPM_BUILD_ROOT install -D -m 755 dummynet/ipfw_mod.ko $RPM_BUILD_ROOT/lib/modules/%{kernel_id}/net/netfilter/ipfw_mod.ko install -D -m 755 ipfw/ipfw $RPM_BUILD_ROOT/sbin/ipfw install -D -m 755 planetlab/ipfw-cleanup $RPM_BUILD_ROOT/usr/bin/ipfw-cleanup -install -D -m 755 planetlab/ipfw.cron $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/ipfw.cron +install -D -m 644 planetlab/ipfw.cron $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/ipfw.cron %clean rm -rf $RPM_BUILD_ROOT diff --git a/planetlab/ipfwslice.spec b/planetlab/ipfwslice.spec index a4f1521..30824ab 100644 --- a/planetlab/ipfwslice.spec +++ b/planetlab/ipfwslice.spec @@ -1,17 +1,17 @@ # -# $Id$ +# $Id: ipfwslice.spec 16174 2009-12-15 13:38:15Z marta $ # # TODO: # restart crond # modprobe ipfw_mod.ko (depmod ?) # -%define url $URL: http://onelab1.iet.unipi.it/svn/trunk/ipfw-slice.spec $ +%define url $URL:$ # Marta Carbone # 2009 - Universita` di Pisa # License is BSD. -%define name ipfw-slice +%define name ipfwslice %define version 0.9 %define taglevel 7 diff --git a/planetlab/planetlab-tags.mk b/planetlab/planetlab-tags.mk index ee3c12d..26c5d2f 100644 --- a/planetlab/planetlab-tags.mk +++ b/planetlab/planetlab-tags.mk @@ -1,4 +1,4 @@ -# $Id: planetlab-tags.mk 4496 2009-12-14 12:01:38Z luigi $ +# $Id:$ # These are good to build the ipfw modules from svn on kernels 2.6.22 linux-2.6-SVNBRANCH := 22 linux-2.6-SVNPATH := http://svn.planet-lab.org/svn/linux-2.6/tags/linux-2.6-22-39-1 diff --git a/planetlab/planetlab.mk b/planetlab/planetlab.mk index e49bde8..bc6daf3 100644 --- a/planetlab/planetlab.mk +++ b/planetlab/planetlab.mk @@ -1,4 +1,4 @@ -# $Id: planetlab.mk 4496 2009-12-14 12:01:38Z luigi $ +# $Id:$ # .mk file to build a module kernel-MODULES := linux-2.6 kernel-SPEC := kernel-2.6.spec diff --git a/planetlab/sample_hook b/planetlab/sample_hook index b47c8de..ec56cbd 100755 --- a/planetlab/sample_hook +++ b/planetlab/sample_hook @@ -3,6 +3,7 @@ # # Marta Carbone # 2009 - Universita` di Pisa +# $Id:$ # # This is a sample hook file in charge to collect # statistical information on netconfig usage. It dumps -- 2.43.0