Added code to configure netusage for vpc and domR devices

Removed code from existing scripts that does the same Fixed some more issues with CsNetfilter Added rsync for/etc/iptables in rsync
2025-10-26 08:42:29 +01:00 · 2014-09-09 12:19:55 +02:00 · 2014-09-09 12:19:55 +02:00 · 725c040d5c
commit 725c040d5c
parent 56900434b4
5 changed files with 46 additions and 10 deletions
--- a/systemvm/patches/debian/config/opt/cloud/bin/CsNetfilter.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/CsNetfilter.py
@ -92,7 +92,7 @@ class CsNetfilters(object):
        for r in del_list:
            cmd = "iptables -t %s %s" % (r.get_table(), r.to_str(True))
            CsHelper.execute(cmd)
-            print "Delete rule %s from table %s" % (r.to_str(True), r.get_table())
+            #print "Delete rule %s from table %s" % (r.to_str(True), r.get_table())
            logging.info("Delete rule %s from table %s", r.to_str(True), r.get_table())

    def compare(self, list):
@ -109,6 +109,7 @@ class CsNetfilters(object):
            if self.has_rule(new_rule):
                logging.debug("rule %s exists in table %s", fw[2], new_rule.get_table())
            else:
+                #print "Add rule %s in table %s" % ( fw[2], new_rule.get_table())
                logging.info("Add rule %s in table %s", fw[2], new_rule.get_table())
                # front means insert instead of append
                cpy = fw[2]
@ -177,6 +178,8 @@ class CsNetfilter(object):
        rule = rule.replace('-p all', '')
        rule = rule.replace('  ', ' ')
        rule = rule.replace('bootpc', '68')
+        # Ugly hack no.23 split this or else I will have an odd number of parameters
+        rule = rule.replace('--checksum-fill', '--checksum fill')
        # -m can appear twice in a string
        rule = rule.replace('-m state', '-m2 state')
        rule = rule.replace('ESTABLISHED,RELATED', 'RELATED,ESTABLISHED')
@ -206,8 +209,8 @@ class CsNetfilter(object):
    def to_str(self, delete = False):
        """ Convert the rule back into aynactically correct iptables command """
        # Order is important 
-        order = ['-A', '-s', '-d', '!_-d', '-i', '-p', '-m', '-m2', '--icmp-type', '--state', 
-                '--dport', '--destination-port', '-o', '-j', '--set-xmark',
+        order = ['-A', '-s', '-d', '!_-d', '-i', '!_-i', '-p', '-m', '-m2', '--icmp-type', '--state', 
+                '--dport', '--destination-port', '-o', '!_-o', '-j', '--set-xmark', '--checksum',
                 '--to-source', '--to-destination']
        str = ''
        for k in order:
@ -220,6 +223,7 @@ class CsNetfilter(object):
                    str = "%s %s" % (printable, self.rule[k])
                else:
                    str = "%s %s %s" % (str, printable, self.rule[k])
+        str = str.replace("--checksum fill", "--checksum-fill")
        return str

    def __eq__(self, rule):
@ -229,6 +233,8 @@ class CsNetfilter(object):
            return False
        if len(rule.get_rule().items()) != len(self.get_rule().items()):
            return False
+        #if '--checksum' in self.get_rule().keys() and self.get_rule()['--checksum'] == "fill":
+            #pprint(self.get_rule())
        common = set(rule.get_rule().items()) & set(self.get_rule().items())
        if len(common) != len(rule.get_rule()):
            return False
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@ -489,8 +489,6 @@ class CsIP:
            self.post_config_change("delete")


-
-
 class CsPassword(CsDataBag):
    """
      Update the password cache
@ -761,6 +759,7 @@ class CsAddress(CsDataBag):
            if dev == "id":
                continue
            ip = CsIP(dev)
+            addcnt = 0
            for address in self.dbag[dev]:
                if not address["nw_type"] == "control":
                    CsRoute(dev).add(address)
@ -772,6 +771,36 @@ class CsAddress(CsDataBag):
                    logging.info("Address %s on device %s not configured", ip.ip(), dev)
                    if CsDevice(dev).waitfordevice():
                        ip.configure()
+                # This could go one level up but the ip type is stored in the 
+                # ip address object and not in the device object
+                # Call only once
+                if addcnt == 0:
+                    self.add_netstats(address)
+                addcnt += 1
+
+    def add_netstats(self, address):
+        # add in the network stats iptables rules
+        dev = "eth%s" % address['nic_dev_id']
+        if address["nw_type"] == "public_ip":
+            fw.append(["", "front", "-A FORWARD -j NETWORK_STATS"])
+            fw.append(["", "front", "-A INPUT -j NETWORK_STATS"])
+            fw.append(["", "front", "-A OUTPUT -j NETWORK_STATS"])
+            # it is not possible to calculate these devices
+            # When the vrouter and the vpc router are combined this silliness can go
+            fw.append(["", "", "-A NETWORK_STATS -i %s -o eth0 -p tcp" % dev])
+            fw.append(["", "", "-A NETWORK_STATS -o %s -i eth0 -p tcp" % dev])
+            fw.append(["", "", "-A NETWORK_STATS -o %s ! -i eth0 -p tcp" % dev])
+            fw.append(["", "", "-A NETWORK_STATS -i %s ! -o eth0 -p tcp" % dev])
+
+        if address["nw_type"] == "guest":
+            fw.append(["", "front", "-A FORWARD -j NETWORK_STATS_%s" % dev])
+            fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -s %s" % (dev, dev, address['network'])])
+            fw.append(["", "front", "-A NETWORK_STATS_%s -o %s -d %s" % (dev, dev, address['network'])])
+            # Only relevant if there is a VPN configured so will have to move
+            # at some stage
+            fw.append(["mangle", "", "-A FORWARD -j VPN_STATS_%s" % dev])
+            fw.append(["mangle", "", "-A VPN_STATS_%s -o %s -m mark --mark 0x525" % (dev, dev)])
+            fw.append(["mangle", "", "-A VPN_STATS_%s -i %s -m mark --mark 0x524" % (dev, dev)])

 class CsForwardingRules(CsDataBag):
    def __init__(self, key):
--- a/systemvm/patches/debian/config/opt/cloud/bin/netusage.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/netusage.sh
@ -123,7 +123,7 @@ done

 if [ "$cflag" == "1" ] 
 then
-  create_usage_rules  
+  #create_usage_rules  
  unlock_exit $? $lock $locked
 fi

@ -141,13 +141,13 @@ fi

 if [ "$aflag" == "1" ] 
 then
-  add_public_interface $publicIf 
+  #add_public_interface $publicIf 
  unlock_exit $? $lock $locked
 fi

 if [ "$dflag" == "1" ] 
 then
-  delete_public_interface $publicIf 
+  #delete_public_interface $publicIf 
  unlock_exit $? $lock $locked
 fi

--- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_netusage.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/vpc_netusage.sh
@ -138,13 +138,13 @@ fi

 if [ "$nflag" == "1" ] 
 then
-  get_vpn_usage 
+  #get_vpn_usage 
  unlock_exit $? $lock $locked
 fi

 if [ "$dflag" == "1" ] 
 then
-  remove_usage_rules
+  #remove_usage_rules
  unlock_exit 0 $lock $locked
 fi

--- a/tools/vagrant/systemvm/Vagrantfile
+++ b/tools/vagrant/systemvm/Vagrantfile
@ -81,6 +81,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
    'config/opt'  => '/opt',
    'config/root' => '/root',
    'config/var'  => '/var',
+    'config/etc/iptables'  => '/etc/iptables',
    # cannot have two rsyncs pointing to the same dir
    # 'vpn/etc'     => '/etc',
    # 'vpn/opt'     => '/opt',