From: Daniel Selans <daniel@cloudsy.com>
Date: Wed, 11 Jun 2014 03:27:59 +0000 (-0400)
Subject: Added support for statistic module
X-Git-Tag: 1.3.0~1^2~20^2~2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=46bc1b9e5a74001e3cc062e82709db350beda82a;p=puppet-modules%2Fpuppetlabs-firewall.git

Added support for statistic module
---

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 33d1749..1f0dd7b 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -29,6 +29,10 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
   has_feature :ipsec_dir
   has_feature :ipsec_policy
   has_feature :mask
+  has_feature :stat_mode
+  has_feature :stat_every
+  has_feature :stat_packet
+  has_feature :stat_prob
 
   optional_commands({
     :iptables => 'iptables',
@@ -97,6 +101,10 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     :ipsec_policy    => "--pol",
     :mask            => '--mask',
     :mac_source        => ["-m mac --mac-source", "--mac-source"],
+    :stat_mode       => "-m statistic --mode",
+    :stat_every      => '--every',
+    :stat_packet     => '--packet',
+    :stat_prob       => '--probability',
   }
 
   # These are known booleans that do not take a value, but we want to munge
@@ -145,6 +153,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
   # This order can be determined by going through iptables source code or just tweaking and trying manually
   @resource_list = [
     :table, :source, :destination, :iniface, :outiface, :proto, :isfragment,
+    :stat_mode, :stat_every, :stat_packet, :stat_prob,
     :src_range, :dst_range, :tcp_flags, :gid, :uid, :mac_source, :sport, :dport, :port,
     :dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy,
     :state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap,
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index cffab48..538efcb 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -54,6 +54,10 @@ Puppet::Type.newtype(:firewall) do
   feature :ipsec_policy, "Match IPsec policy"
   feature :ipsec_dir, "Match IPsec policy direction"
   feature :mask, "Ability to match recent rules based on the ipv4 mask"
+  feature :stat_mode, "Match packets based on staistic mode"
+  feature :stat_every, "Match one packet every nth time"
+  feature :stat_packet, "Set initial counter"
+  feature :stat_prob, "Match packets based on probability"
 
   # provider specific features
   feature :iptables, "The provider provides iptables features."
@@ -902,6 +906,62 @@ Puppet::Type.newtype(:firewall) do
     newvalues(:in, :out)
   end
 
+  newproperty(:stat_mode, :required_features => :stat_mode) do
+    desc <<-EOS
+      Sets the statistic modoule mode
+    EOS
+
+    newvalues(:nth, :random)
+  end
+
+  newproperty(:stat_every, :required_features => :stat_mode) do
+    desc <<-EOS
+      Match every nth packet (used with 'nth' mode)
+    EOS
+
+    validate do |value|
+      unless value =~ /^\d+$/
+        raise ArgumentError, <<-EOS
+          stat_every value must be a digit
+        EOS
+      end
+
+      unless value.to_i > 0
+        raise ArgumentError, <<-EOS
+          stat_every value must be larger than 0
+        EOS
+      end
+    end
+  end
+
+  newproperty(:stat_packet, :required_features => :stat_mode) do
+    desc <<-EOS
+      Set initial counter (used with 'nth' mode)
+    EOS
+
+    newvalues(/^\d+$/)
+  end
+
+  newproperty(:stat_prob, :required_features => :stat_mode) do
+    desc <<-EOS
+      Set the probably for a packet to be matched (used with 'random' mode)
+    EOS
+
+    validate do |value|
+      unless value =~ /^([01])\.(\d+)$/
+        raise ArgumentError, <<-EOS
+          stat_prob must be between 0.0 and 1.0
+        EOS
+      end
+
+      if $1.to_i == 1 && $2.to_i != 0
+        raise ArgumentError, <<-EOS
+          start_prob must be between 0.0 and 1.0
+        EOS
+      end
+    end
+  end
+
   newproperty(:mask, :required_features => :mask) do
     desc <<-EOS
       Sets the mask to use when `recent` is enabled.
@@ -1083,5 +1143,23 @@ Puppet::Type.newtype(:firewall) do
       self.fail "Mask can only be set if recent is enabled."
     end
 
+    [:stat_packet, :stat_every, :stat_prob].each do |param|
+      if value(param) && ! value(:stat_mode)
+        self.fail "Parameter '#{param.to_s}' requires 'stat_mode' to be set"
+      end
+    end
+
+    if value(:stat_packet) && value(:stat_mode) != :nth
+      self.fail "Parameter 'stat_packet' requires 'stat_mode' to be set to 'nth'"
+    end
+
+    if value(:stat_every) && value(:stat_mode) != :nth
+      self.fail "Parameter 'stat_every' requires 'stat_mode' to be set to 'nth'"
+    end
+
+    if value(:stat_prob) && value(:stat_mode) != :random
+      self.fail "Parameter 'stat_prob' requires 'stat_mode' to be set to 'random'"
+    end
+
   end
 end