Bug #21 - Add the ability to adjust system ARP settings via the CLI on a per interface basis

7 files changed, 151 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index 21e73e01..35117ebc 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,6 +2,7 @@ cfgdir = $(datadir)/vyatta-cfg/templates
 share_perl5dir = $(datarootdir)/perl5/Vyatta/Login
 bin_sudo_usersdir = $(bindir)/sudo-users
 curverdir = $(sysconfdir)/config-migrate/current
+gentmpdir = generated-templates
 checkparamsonrebootdir = $(bindir)/sudo-users/check-params-on-reboot.d
 initddir = /etc/init.d
 netplugupdir = /etc/netplug/linkup.d
@@ -121,6 +122,14 @@ curver_DATA += cfg-version/system@6
 cpiop = find  . ! -regex '\(.*~\|.*\.bak\|.*\.swp\|.*\#.*\#\)' -print0 | \
   cpio -0pd
 
+all-local:
+	rm -rf $(gentmpdir)
+	./gen-interface-templates.pl $(gentmpdir)
+
+clean-local:
+	rm -rf $(gentmpdir)
+
 install-exec-hook:
 	mkdir -p $(DESTDIR)$(cfgdir)
 	cd templates; $(cpiop) $(DESTDIR)$(cfgdir)
+	cd $(gentmpdir); $(cpiop) $(DESTDIR)$(cfgdir)
diff --git a/debian/vyatta-cfg-system.install b/debian/vyatta-cfg-system.install
new file mode 100644
index 00000000..3812e601
--- /dev/null
+++ b/debian/vyatta-cfg-system.install
@@ -0,0 +1,6 @@
+opt/vyatta/share/vyatta-cfg/templates/interfaces/bonding
+opt/vyatta/share/vyatta-cfg/templates/interfaces/bridge
+opt/vyatta/share/vyatta-cfg/templates/interfaces/ethernet
+opt/vyatta/share/vyatta-cfg/templates/interfaces/pseudo-ethernet
+opt/vyatta/share/vyatta-cfg/templates/interfaces/tunnel
+opt/vyatta/share/vyatta-cfg/templates/interfaces/wireless
diff --git a/gen-interface-templates.pl b/gen-interface-templates.pl
new file mode 100755
index 00000000..6cb57a07
--- /dev/null
+++ b/gen-interface-templates.pl
@@ -0,0 +1,124 @@
+#!/usr/bin/perl
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Stephen Hemminger
+# Date: March 2009
+# Description: Script to automatically generate per-interface arp options
+#              templates.
+#
+# **** End License ****
+
+use strict;
+use warnings;
+
+# set DEBUG in environment to test script
+my $debug = $ENV{'DEBUG'};
+
+# Mapping from configuration level to ifname used AT THAT LEVEL
+my %interface_hash = (
+    'ethernet/node.tag'                                           => '$VAR(@)',
+    'ethernet/node.tag/vif/node.tag'                              => '$VAR(../@).$VAR(@)',
+    'ethernet/node.tag/vif/node.tag/vif/node.tag'                 => '$VAR(../../@).$VAR(../@).$VAR(@)',
+    'wireless/node.tag'                                           => '$VAR(@)',
+    'wireless/node.tag/vif/node.tag'                              => '$VAR(../@).$VAR(@)',
+    'pseudo-ethernet/node.tag'                                    => '$VAR(@)',
+    'pseudo-ethernet/node.tag/vif/node.tag'                       => '$VAR(../@).$VAR(@)',
+    'pseudo-ethernet/node.tag/vif/node.tag/vif/node.tag'          => '$VAR(../../@).$VAR(../@).$VAR(@)',
+    'bonding/node.tag'                                            => '$VAR(@)',
+    'bonding/node.tag/vif/node.tag'                               => '$VAR(../@).$VAR(@)',
+    'bonding/node.tag/vif/node.tag/vif/node.tag'                  => '$VAR(../../@).$VAR(../@).$VAR(@)',
+    'tunnel/node.tag'                                             => '$VAR(@)',
+    'bridge/node.tag'                                             => '$VAR(@)',
+);
+
+# Hash table to check if the priority needs to set @ root
+# of the node.def which is generated.
+
+sub gen_template {
+    my ( $inpath, $outpath, $ifname, $gen_prio, $prio, $depth ) = @_;
+
+    print $outpath, "\n" if ($debug);
+    opendir my $d, $inpath
+      or die "Can't open: $inpath:$!";
+
+    # walk through sample templates
+    foreach my $name ( grep { !/^\./ } readdir $d ) {
+        my $in  = "$inpath/$name";
+        my $out = "$outpath/$name";
+
+	# recurse into subdirectory
+        if ( -d $in ) {
+            my $subif = $ifname;
+            $subif =~ s#@\)#../@)#g if ($name ne 'node.tag');
+
+            ( -d $out )
+              or mkdir($out)
+              or die "Can't create $out: $!";
+
+            gen_template( $in, $out, $subif, $gen_prio, $prio, $depth+1);
+            next;
+        }
+
+        print "in: $in out: $out\n" if ($debug);
+        open my $inf,  '<', $in  or die "Can't open $in: $!";
+        open my $outf, '>', $out or die "Can't open $out: $!";
+
+        # For the top node.tag create the priority tag.
+        if ($name eq 'node.def' && $gen_prio == 1 && $depth <= 1) {
+            print $outf "priority: $prio\n";
+        }
+        while ( my $line = <$inf> ) {
+            $line =~ s#\$IFNAME#$ifname#;
+            print $outf $line;
+        }
+        close $inf;
+        close $outf or die "Close error $out:$!";
+    }
+    closedir $d;
+}
+
+sub mkdir_p {
+    my $path = shift;
+
+    return 1 if ( mkdir($path) );
+
+    my $pos = rindex( $path, "/" );
+    return unless $pos != -1;
+    return unless mkdir_p( substr( $path, 0, $pos ) );
+    return mkdir($path);
+}
+
+die "Usage: $0 output_directory\n" if ($#ARGV < 0);
+
+my $outdir = $ARGV[0];
+
+foreach my $if_tree ( keys %interface_hash ) {
+    my $inpath  = "interface-templates";
+    my $outpath = "$outdir/interfaces/$if_tree";
+    ( -d $outpath )
+      or mkdir_p($outpath)
+      or die "Can't create $outpath:$!";
+
+    my $gen_prio = 0;
+    my $prio = 0;
+    $gen_prio = 1  if (exists $interface_prio{ $if_tree });
+    if ($gen_prio == 1) {
+        $prio = $interface_prio{ $if_tree };
+    }
+
+    gen_template( $inpath, $outpath, $interface_hash{$if_tree},
+                 $gen_prio, $prio, 0 );
+}
diff --git a/interface-templates/ip/disable-arp-filter/node.def b/interface-templates/ip/disable-arp-filter/node.def
new file mode 100644
index 00000000..e41b0d8e
--- /dev/null
+++ b/interface-templates/ip/disable-arp-filter/node.def
@@ -0,0 +1,3 @@
+help: Disable arp-filter on this interface
+create:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$IFNAME/arp_filter\" "
+delete:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$IFNAME/arp_filter\" "
diff --git a/interface-templates/ip/enable-arp-accept/node.def b/interface-templates/ip/enable-arp-accept/node.def
new file mode 100644
index 00000000..d5413737
--- /dev/null
+++ b/interface-templates/ip/enable-arp-accept/node.def
@@ -0,0 +1,3 @@
+help: Enable arp-accept on this interface
+create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$IFNAME/arp_accept\" "
+delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$IFNAME/arp_accept\" "
diff --git a/interface-templates/ip/enable-arp-announce/node.def b/interface-templates/ip/enable-arp-announce/node.def
new file mode 100644
index 00000000..fde37ce5
--- /dev/null
+++ b/interface-templates/ip/enable-arp-announce/node.def
@@ -0,0 +1,3 @@
+help: Enable arp-announce on this interface
+create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$IFNAME/arp_announce\" "
+delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$IFNAME/arp_announce\" "
diff --git a/interface-templates/ip/enable-arp-ignore/node.def b/interface-templates/ip/enable-arp-ignore/node.def
new file mode 100644
index 00000000..bd6aee52
--- /dev/null
+++ b/interface-templates/ip/enable-arp-ignore/node.def
@@ -0,0 +1,3 @@
+help: Enable arp-ignore on this interface
+create:expression: "sudo sh -c \"echo 1 > /proc/sys/net/ipv4/conf/$IFNAME/arp_ignore\" "
+delete:expression: "sudo sh -c \"echo 0 > /proc/sys/net/ipv4/conf/$IFNAME/arp_ignore\" "