diff options
| -rwxr-xr-x | scripts/keepalived/vyatta-keepalived.pl | 51 | ||||
| -rwxr-xr-x[-rw-r--r--] | scripts/vyatta-address | 0 | ||||
| -rwxr-xr-x[-rw-r--r--] | scripts/vyatta-bridge.pl | 0 | ||||
| -rwxr-xr-x[-rw-r--r--] | scripts/vyatta-tunnel-cleanup | 0 | ||||
| -rw-r--r-- | sysconf/65-vyatta-net.rules | 3 | ||||
| -rw-r--r-- | templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def | 16 | ||||
| -rw-r--r-- | templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def | 16 | ||||
| -rw-r--r-- | templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def | 16 | ||||
| -rw-r--r-- | templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def | 16 |
9 files changed, 31 insertions, 87 deletions
diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl index 0ff876dd..651832b1 100755 --- a/scripts/keepalived/vyatta-keepalived.pl +++ b/scripts/keepalived/vyatta-keepalived.pl @@ -26,11 +26,11 @@ use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Keepalived; -use Vyatta::TypeChecker; use Vyatta::Interface; use Vyatta::ConntrackSync; use Vyatta::Misc; use Getopt::Long; +use Socket; use strict; use warnings; @@ -40,19 +40,23 @@ my ( $conf_file, $changes_file ); my %HoA_sync_groups; my $ctsync_script = "/opt/vyatta/sbin/vyatta-vrrp-conntracksync.sh"; + +# To test if IP address is local use the kernel since +# Linux will only allow binding to local addresses +sub is_local_address { + my $addr = shift; + + socket( my $sock, PF_INET, SOCK_STREAM, 0) + or die "socket failed\n"; + + return bind($sock, sockaddr_in(0, inet_aton($addr))); +} + sub validate_source_addr { my ( $ifname, $source_addr ) = @_; - my @ipaddrs; if ( defined $source_addr ) { - my %config_ipaddrs; - my @ipaddrs = Vyatta::Misc::getInterfacesIPadresses('all'); - foreach my $ip (@ipaddrs) { - if ( $ip =~ /^([\d.]+)\/([\d.]+)$/ ) { # strip /mask - $config_ipaddrs{$1} = 1; - } - } - if ( !defined $config_ipaddrs{$source_addr} ) { + unless (is_local_address ( $source_addr )) { vrrp_log("no hello-source"); return "hello-source-address [$source_addr] must be " . "configured on the interface\n"; @@ -63,7 +67,7 @@ sub validate_source_addr { # if the hello-source-address wasn't configured, check that the # interface has an IPv4 address configured on it. my $intf = new Vyatta::Interface($ifname); - @ipaddrs = $intf->address(4); + my @ipaddrs = $intf->address(4); if ( scalar(@ipaddrs) < 1 ) { vrrp_log("no primary or hello-source"); return "must configure either a primary address on [$ifname] or" @@ -113,7 +117,7 @@ sub keepalived_get_values { if ( $config->exists("disable") ) { vrrp_log("$vrrp_instance disabled - skipping"); my $state_file = get_state_file( $intf, $group ); - system("rm -f $state_file"); + unlink($state_file); next; } my @vips = $config->returnValues("virtual-address"); @@ -332,7 +336,7 @@ sub remove_from_changes { # we shouldn't get to this point, but try to handle it if we do # vrrp_log("unexpected remove_from_changes()"); - system("rm -f $changes_file"); + unlink($changes_file); return 0; } my @new_lines = (); @@ -348,7 +352,7 @@ sub remove_from_changes { if ( $num_changes > 0 ) { vrrp_save_changes(@new_lines); } else { - system("rm -f $changes_file"); + unlink($changes_file); } return $num_changes; } @@ -488,7 +492,7 @@ if ( $action eq "update" ) { } if ( $vrrp_instances == 0 ) { stop_daemon(); - system("rm -f $conf_file"); + unlink($conf_file); } if ( scalar(@errs) ) { print join( "\n", @errs ); @@ -505,22 +509,7 @@ if ( $action eq "delete" ) { } vrrp_log("vrrp delete $vrrp_intf $vrrp_group"); my $state_file = get_state_file( $vrrp_intf, $vrrp_group ); - system("rm -f $state_file"); - exit 0; -} - -if ( $action eq "check-vip" ) { - if ( !defined $vrrp_vip ) { - print "must include the virtual-address to check"; - exit 1; - } - my $rc = 1; - if ( $vrrp_vip =~ /\// ) { - $rc = Vyatta::TypeChecker::validateType( 'ipv4net', $vrrp_vip, 1 ); - } else { - $rc = Vyatta::TypeChecker::validateType( 'ipv4', $vrrp_vip, 1 ); - } - exit 1 if !$rc; + unlink($state_file); exit 0; } diff --git a/scripts/vyatta-address b/scripts/vyatta-address index 2e521c26..2e521c26 100644..100755 --- a/scripts/vyatta-address +++ b/scripts/vyatta-address diff --git a/scripts/vyatta-bridge.pl b/scripts/vyatta-bridge.pl index fd5fad8a..fd5fad8a 100644..100755 --- a/scripts/vyatta-bridge.pl +++ b/scripts/vyatta-bridge.pl diff --git a/scripts/vyatta-tunnel-cleanup b/scripts/vyatta-tunnel-cleanup index 41b34922..41b34922 100644..100755 --- a/scripts/vyatta-tunnel-cleanup +++ b/scripts/vyatta-tunnel-cleanup diff --git a/sysconf/65-vyatta-net.rules b/sysconf/65-vyatta-net.rules index 0f4b9006..a583b363 100644 --- a/sysconf/65-vyatta-net.rules +++ b/sysconf/65-vyatta-net.rules @@ -10,6 +10,9 @@ NAME=="?*", GOTO="vyatta_net_end" # Do name change for ethernet and wireless devices only KERNEL!="eth*|wlan*", GOTO="vyatta_net_end" +# ignore vlan's +KERNEL=="*.*", GOTO="vyatta_net_end" + # ignore "secondary" monitor interfaces of mac80211 drivers KERNEL=="wlan*", ATTRS{type}=="803", GOTO="vyatta_net_end" diff --git a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def index 28f085e5..676bf8d3 100644 --- a/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def +++ b/templates/interfaces/bonding/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -1,21 +1,9 @@ multi: -type: txt +type: ipv4,ipv4net help: Virtual address [REQUIRED] -syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \ - --vrrp-action='check-vip' --vip='$VAR(@)' "\ - ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)" - syntax:expression: exec " - if echo '$VAR(@)' | grep -q '/' ; then - if /opt/vyatta/sbin/vyatta-interfaces.pl \ - --valid-addr $VAR(@) --dev $VAR(../../../@) ; then - exit 0 - else - echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@) - exit 1 - fi - fi" + if [[ '$VAR(@)' == '*/' ]]; then /opt/vyatta/sbin/valid_address $VAR(@); fi" val_help: ipv4; Virtual IP address (up to 20 per group) val_help: ipv4net; Virtual IP address with prefix (up to 20 per group) diff --git a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def index 28f085e5..676bf8d3 100644 --- a/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def +++ b/templates/interfaces/bonding/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -1,21 +1,9 @@ multi: -type: txt +type: ipv4,ipv4net help: Virtual address [REQUIRED] -syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \ - --vrrp-action='check-vip' --vip='$VAR(@)' "\ - ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)" - syntax:expression: exec " - if echo '$VAR(@)' | grep -q '/' ; then - if /opt/vyatta/sbin/vyatta-interfaces.pl \ - --valid-addr $VAR(@) --dev $VAR(../../../@) ; then - exit 0 - else - echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@) - exit 1 - fi - fi" + if [[ '$VAR(@)' == '*/' ]]; then /opt/vyatta/sbin/valid_address $VAR(@); fi" val_help: ipv4; Virtual IP address (up to 20 per group) val_help: ipv4net; Virtual IP address with prefix (up to 20 per group) diff --git a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def index 28f085e5..676bf8d3 100644 --- a/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def +++ b/templates/interfaces/ethernet/node.tag/vif/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -1,21 +1,9 @@ multi: -type: txt +type: ipv4,ipv4net help: Virtual address [REQUIRED] -syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \ - --vrrp-action='check-vip' --vip='$VAR(@)' "\ - ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)" - syntax:expression: exec " - if echo '$VAR(@)' | grep -q '/' ; then - if /opt/vyatta/sbin/vyatta-interfaces.pl \ - --valid-addr $VAR(@) --dev $VAR(../../../@) ; then - exit 0 - else - echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@) - exit 1 - fi - fi" + if [[ '$VAR(@)' == '*/' ]]; then /opt/vyatta/sbin/valid_address $VAR(@); fi" val_help: ipv4; Virtual IP address (up to 20 per group) val_help: ipv4net; Virtual IP address with prefix (up to 20 per group) diff --git a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def index 28f085e5..676bf8d3 100644 --- a/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def +++ b/templates/interfaces/ethernet/node.tag/vrrp/vrrp-group/node.tag/virtual-address/node.def @@ -1,21 +1,9 @@ multi: -type: txt +type: ipv4,ipv4net help: Virtual address [REQUIRED] -syntax:expression: exec "/opt/vyatta/sbin/vyatta-keepalived.pl \ - --vrrp-action='check-vip' --vip='$VAR(@)' "\ - ; "Invalid virtual-address [$VAR(@)] for vrrp-group $VAR(../@)" - syntax:expression: exec " - if echo '$VAR(@)' | grep -q '/' ; then - if /opt/vyatta/sbin/vyatta-interfaces.pl \ - --valid-addr $VAR(@) --dev $VAR(../../../@) ; then - exit 0 - else - echo Invalid vrrp virtual-address [$VAR(@)] for vrrp-group $VAR(../@) - exit 1 - fi - fi" + if [[ '$VAR(@)' == '*/' ]]; then /opt/vyatta/sbin/valid_address $VAR(@); fi" val_help: ipv4; Virtual IP address (up to 20 per group) val_help: ipv4net; Virtual IP address with prefix (up to 20 per group) |