Fix Bug 2463 Allow the neighbor table threshold values to be

             modified via the CLI - (modify ARP table size)
* added cli to configure [arp (ipv4)] and [neighbor (ipv6)] table-size
* set default value for arp_announce so as to avoid local addresses that are
  not in the target's subnet for the interface

5 files changed, 185 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index e487007f..f58c0174 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -40,6 +40,7 @@ sbin_SCRIPTS += scripts/dynamic-dns/vyatta-dynamic-dns.pl
 sbin_SCRIPTS += scripts/vyatta-system-nameservers
 sbin_SCRIPTS += scripts/vyatta-bonding.pl
 sbin_SCRIPTS += scripts/vyatta-raid-event
+sbin_SCRIPTS += scripts/vyatta-update-arp-params
 
 noinst_DATA = test_bootfile
 
diff --git a/scripts/vyatta-update-arp-params b/scripts/vyatta-update-arp-params
new file mode 100644
index 00000000..d444064c
--- /dev/null
+++ b/scripts/vyatta-update-arp-params
@@ -0,0 +1,147 @@
+#!/bin/bash
+#
+# Module: vyatta-update-arp-params
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2009 Vyatta, Inc.
+# All Rights Reserved.
+#
+# Author: Mohit Mehta
+# Date: February 2009
+# Description: Update [ARP (IPv4)|Neighbor (IPV6)] Parameters
+#
+# **** End License ****
+#
+
+#
+# subroutines
+#
+
+print_usage()
+{
+    echo "Usage:"
+    echo -e "\t$0 syntax-check <type of arp paramter> <value of arp paramter> <ipv4/ipv6>"
+    echo -e "\t$0 update <type of arp paramter> <value of arp paramter> <ipv4/ipv6>"
+    echo -e "\t$0 delete <type of arp paramter> <ipv4/ipv6>"
+}
+
+syntax_arp_param ()
+{
+ arp_type=$1
+ arp_value=$2
+ ip_type=$3
+
+ case "$arp_type" in
+
+        table-size)
+        allowed_values=(1024 2048 4096 8192 16384)
+        allowed_values_len=${#allowed_values[*]}
+        i=0
+        while [ $i -lt $allowed_values_len ]; do
+         if [ "${allowed_values[$i]}" == "$arp_value" ] ; then
+          exit 0
+         fi
+         let i++
+        done
+        echo "Allowed values for ARP table-size - 1024 2048 4096 8192 16384"
+        exit 1
+        ;;
+
+        *)
+         echo Invalid arp parameter $arp_type to set
+         exit 1
+        ;;
+ esac
+}
+
+update_arp_param ()
+{
+ arp_type=$1
+ arp_value=$2
+ ip_type=$3
+
+ case "$arp_type" in
+
+        table-size)
+        let softmax=$arp_value\/2;
+        let min=$arp_value\/8;
+        sysctl -q net.$ip_type.neigh.default.gc_thresh3=$arp_value
+        sysctl -q net.$ip_type.neigh.default.gc_thresh2=$softmax
+        sysctl -q net.$ip_type.neigh.default.gc_thresh1=$min
+        ;;
+
+        *)
+         echo Invalid arp parameter $arp_type to update
+        ;;
+ esac
+}
+
+delete_arp_param ()
+{
+ arp_type=$1
+ ip_type=$2
+
+ case "$arp_type" in
+
+        table-size)
+        sysctl -q net.$ip_type.neigh.default.gc_thresh3=1024
+        sysctl -q net.$ip_type.neigh.default.gc_thresh2=512
+        sysctl -q net.$ip_type.neigh.default.gc_thresh1=128
+        ;;
+
+        *)
+         echo Invalid arp parameter $arp_type to update
+        ;;
+ esac
+}
+
+#
+# main
+#
+
+case "$1" in
+    syntax-check)
+        if [ $# -ne 4 ]; then
+                print_usage
+                exit 1
+        fi
+        syntax_arp_param $2 $3 $4
+        ;;
+
+    update)
+        if [ $# -ne 4 ]; then
+                print_usage
+                exit 1
+        fi
+        update_arp_param $2 $3 $4
+        ;;
+
+    delete)
+        if [ $# -ne 3 ]; then
+                print_usage
+                exit 1
+        fi
+        delete_arp_param $2 $3
+        ;;
+
+
+    *)
+        print_usage
+        exit 1
+        ;;
+
+esac
+
+exit 0
+
+# end of file
diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index 24dce03a..5b888a8c 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -12,6 +12,9 @@ kernel.panic=60
 # Only answer ARP requests on same subnet
 net.ipv4.conf.default.arp_filter=1
 
+# avoid local addresses that are not in the target's subnet for this interface
+net.ipv4.conf.default.arp_announce=1
+
 # Enable packet forwarding for IPv4
 net.ipv4.ip_forward=1
 
diff --git a/templates/system/ip/arp/table-size/node.def b/templates/system/ip/arp/table-size/node.def
new file mode 100644
index 00000000..8c548f5b
--- /dev/null
+++ b/templates/system/ip/arp/table-size/node.def
@@ -0,0 +1,17 @@
+help: Set maximum number of entries to keep in the ARP cache
+
+type: u32
+
+default: 1024
+
+allowed: echo "1024 2048 4096 8192 16384"
+
+syntax:expression: exec "                               \
+        /opt/vyatta/sbin/vyatta-update-arp-params       \
+                'syntax-check' 'table-size' '$VAR(@)' 'ipv4' "
+
+update:
+  /opt/vyatta/sbin/vyatta-update-arp-params 'update' 'table-size' '$VAR(@)' 'ipv4'
+
+delete:
+  /opt/vyatta/sbin/vyatta-update-arp-params 'delete' 'table-size' 'ipv4'
diff --git a/templates/system/ipv6/neighbor/table-size/node.def b/templates/system/ipv6/neighbor/table-size/node.def
new file mode 100644
index 00000000..e8a55ac8
--- /dev/null
+++ b/templates/system/ipv6/neighbor/table-size/node.def
@@ -0,0 +1,17 @@
+help: Set maximum number of entries to keep in the Neighbor cache
+
+type: u32
+
+default: 1024
+
+allowed: echo "1024 2048 4096 8192 16384"
+
+syntax:expression: exec "                               \
+        /opt/vyatta/sbin/vyatta-update-arp-params       \
+                'syntax-check' 'table-size' '$VAR(@)' 'ipv6' "
+
+update:
+  /opt/vyatta/sbin/vyatta-update-arp-params 'update' 'table-size' '$VAR(@)' 'ipv6'
+
+delete:
+  /opt/vyatta/sbin/vyatta-update-arp-params 'delete' 'table-size' 'ipv6'