bug 12883: Fix numerous NETWORK_STAT related rule in iptables

Also use script in the router for the execution.

status 12883: resolved fixed

patches/systemvm/debian/config/root/netusage.sh

@@ -37,6 +37,11 @@ usage() {
 }
 
 create_usage_rules () {
+  iptables-save|grep "INPUT -j NETWORK_STATS" > /dev/null
+  if [ $? -eq 0 ]
+  then
+      return $?
+  fi
   iptables -N NETWORK_STATS > /dev/null
   iptables -I FORWARD -j NETWORK_STATS > /dev/null
   iptables -I INPUT -j NETWORK_STATS > /dev/null
@@ -50,6 +55,11 @@ create_usage_rules () {
 
 add_public_interface () {
   local pubIf=$1
+  iptables-save|grep "NETWORK_STATS -i eth0 -o $pubIf" > /dev/null
+  if [ $? -eq 0 ]
+  then
+      return $?
+  fi
   iptables -A NETWORK_STATS -i eth0 -o $pubIf > /dev/null
   iptables -A NETWORK_STATS -i $pubIf -o eth0 > /dev/null
   iptables -A NETWORK_STATS -o $pubIf ! -i eth0 -p tcp > /dev/null
@@ -91,7 +101,7 @@ iflag=
 aflag=
 dflag=
 
-while getopts 'cgra:d:' OPTION
+while getopts 'cgria:d:' OPTION
 do
   case $OPTION in
   c)	cflag=1
@@ -106,6 +116,8 @@ do
   d)    dflag=1
         publicIf="$OPTARG"
         ;;
+  i)    #Do nothing, since it's parameter for host script
+        ;;
   ?)	usage
                 unlock_exit 2 $lock $locked
 		;;

scripts/network/domr/networkUsage.sh

@@ -41,97 +41,12 @@ check_gw() {
 
 cert="/root/.ssh/id_rsa.cloud"
 
-create_usage_rules () {
-  local dRIp=$1
-   ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
-     iptables -N NETWORK_STATS > /dev/null;
-     iptables -I FORWARD -j NETWORK_STATS > /dev/null;
-     iptables -I INPUT -j NETWORK_STATS > /dev/null;
-     iptables -I OUTPUT -j NETWORK_STATS > /dev/null;
-     iptables -A NETWORK_STATS -i eth0 -o eth2 > /dev/null;
-     iptables -A NETWORK_STATS -i eth2 -o eth0 > /dev/null;
-     iptables -A NETWORK_STATS -o eth2 ! -i eth0 -p tcp > /dev/null;
-     iptables -A NETWORK_STATS -i eth2 ! -o eth0 -p tcp > /dev/null;
-     "
-  return $?
-}
-
-add_public_interface () {
-  local dRIp=$1
-  local pubIf=$2
-   ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
-     iptables -A NETWORK_STATS -i eth0 -o $pubIf > /dev/null;
-     iptables -A NETWORK_STATS -i $pubIf -o eth0 > /dev/null;
-     iptables -A NETWORK_STATS -o $pubIf ! -i eth0 -p tcp > /dev/null;
-     iptables -A NETWORK_STATS -i $pubIf ! -o eth0 -p tcp > /dev/null;
-     "
-  return $?
-}
-
-delete_public_interface () {
-  local dRIp=$1
-  local pubIf=$2
-   ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
-     echo $pubIf >> /root/removedVifs;
-     "
-  return $?
-}
-
-get_usage () {
-  local dRIp=$1
-   ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
-     iptables -L NETWORK_STATS -n -v -x | awk '\$1 ~ /^[0-9]+\$/ { printf \"%s:\", \$2}';
-     if [ -f /root/removedVifs ] ; then iptables -Z NETWORK_STATS ; fi;
-     /root/clearUsageRules.sh > /dev/null;
-     "
-  if [ $? -gt 0  -a $? -ne 2 ]
-  then
-     printf $?
-     return 1
-  fi
-}
-
-reset_usage () {
-  local dRIp=$1
-   ssh -q -p 3922 -o StrictHostKeyChecking=no -i $cert root@$dRIp "\
-     iptables -Z NETWORK_STATS > /dev/null;
-     "
-  if [ $? -gt 0  -a $? -ne 2 ]
-  then
-     return 1
-  fi
-}
-
-#set -x
-
-cflag=
-gflag=
-rflag=
-iflag=
-aflag=
-dflag=
-
 while getopts 'cgri:a:d:' OPTION
 do
   case $OPTION in
-  c)	cflag=1
-		;;
-  g)	gflag=1
-		;;
-  r)	rflag=1
-		;;
   i)	iflag=1
 		domRIp="$OPTARG"
 		;;
-  a)    aflag=1
-                publicIf="$OPTARG"
-               ;;
-  d)    dflag=1
-                publicIf="$OPTARG"
-                ;;
-  ?)	usage
-		exit 2
-		;;
   esac
 done
 
@@ -142,36 +57,5 @@ then
    exit 3
 fi
 
-
-if [ "$cflag" == "1" ] 
-then
-  create_usage_rules $domRIp  
-  exit $?
-fi
-
-if [ "$gflag" == "1" ] 
-then
-  get_usage $domRIp  
-  exit $?
-fi
-
-if [ "$rflag" == "1" ] 
-then
-  reset_usage $domRIp  
-  exit $?
-fi
-
-if [ "$aflag" == "1" ] 
-then
-  add_public_interface $domRIp $publicIf 
-  exit $?
-fi
-
-if [ "$dflag" == "1" ] 
-then
-  delete_public_interface $domRIp $publicIf 
-  exit $?
-fi
-
-exit 0
-
+ssh -p 3922 -q -o StrictHostKeyChecking=no -i $cert root@$domRIp "/root/netusage.sh $*"
+exit $?