summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorJohn Southworth <john.southworth@vyatta.com>2011-12-12 16:32:14 -0800
committerJohn Southworth <john.southworth@vyatta.com>2011-12-12 16:32:14 -0800
commit8b224e177ef4b2889d3e44940196230a24bde392 (patch)
treee4e4ef18378ba0f7264c0f0a00428a8fbad7e3d8 /scripts
parentb4bae46e47eddfeb2a20c6995257710873a79cf9 (diff)
downloadvyatta-cfg-system-8b224e177ef4b2889d3e44940196230a24bde392.tar.gz
vyatta-cfg-system-8b224e177ef4b2889d3e44940196230a24bde392.zip
Add filtering to transition scripts for vmac interfaces; Make transition script able to detect if the interface is a vmac interface before applying the vmac specific changes
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/keepalived/vyatta-keepalived.pl8
-rwxr-xr-xscripts/keepalived/vyatta-vrrp-state.pl30
2 files changed, 27 insertions, 11 deletions
diff --git a/scripts/keepalived/vyatta-keepalived.pl b/scripts/keepalived/vyatta-keepalived.pl
index f7b6bfe7..5c7676ea 100755
--- a/scripts/keepalived/vyatta-keepalived.pl
+++ b/scripts/keepalived/vyatta-keepalived.pl
@@ -146,8 +146,10 @@ sub keepalived_get_values {
}
my $use_vmac = 0;
+ my $transition_intf = $intf;
if ( $config->exists("interface") ) {
$use_vmac = 1;
+ $transition_intf = "$intf"."v"."$group";
}
my $priority = $config->returnValue("priority");
@@ -300,11 +302,11 @@ sub keepalived_get_values {
}
$output .= "\t\}\n";
$output .= "\tnotify_master \"$state_transition_script master ";
- $output .= "$intf $group $run_master_script @vips\" \n";
+ $output .= "$intf $group $transition_intf $run_master_script @vips\" \n";
$output .= "\tnotify_backup \"$state_transition_script backup ";
- $output .= "$intf $group $run_backup_script @vips\" \n";
+ $output .= "$intf $group $transition_intf $run_backup_script @vips\" \n";
$output .= "\tnotify_fault \"$state_transition_script fault ";
- $output .= "$intf $group $run_fault_script @vips\" \n";
+ $output .= "$intf $group $transition_intf $run_fault_script @vips\" \n";
$output .= "\}\n\n";
}
diff --git a/scripts/keepalived/vyatta-vrrp-state.pl b/scripts/keepalived/vyatta-vrrp-state.pl
index bb04df1d..d89aa061 100755
--- a/scripts/keepalived/vyatta-vrrp-state.pl
+++ b/scripts/keepalived/vyatta-vrrp-state.pl
@@ -46,9 +46,12 @@ sub vrrp_state_log {
my $vrrp_state = $ARGV[0];
my $vrrp_intf = $ARGV[1];
my $vrrp_group = $ARGV[2];
-my $vrrp_transitionscript = $ARGV[3];
+# transition interface will contain the vmac interface
+# when one is present and the vrrp interface when one is not
+my $transition_intf = $ARGV[3];
+my $vrrp_transitionscript = $ARGV[4];
my @vrrp_vips;
-foreach my $arg (4 .. $#ARGV) {
+foreach my $arg (5 .. $#ARGV) {
push @vrrp_vips, $ARGV[$arg];
}
@@ -70,9 +73,16 @@ if ($vrrp_state eq 'backup') {
# comment out for now, too expensive with lots of vrrp's at boot
# Vyatta::Keepalived::snoop_for_master($vrrp_intf, $vrrp_group,
# $vrrp_vips[0], 60);
- $vrrp_intf =~ s/\./\//g;
- system("sysctl -w net.ipv4.conf.".$vrrp_intf."v".$vrrp_group.".arp_filter=1");
- system("sysctl -w net.ipv4.conf.".$vrrp_intf."v".$vrrp_group.".accept_local=1");
+ # Filter traffic incoming to the vmac interface when in backup state
+ # Delete the rule then add it to insure that we don't get duplicates
+ if ($transition_intf =~ m/\w+v\d+/){
+ system("iptables -t raw -D VYATTA_VRRP_FILTER -i ".$transition_intf." ! -p 112 -j DROP");
+ system("iptables -t raw -I VYATTA_VRRP_FILTER -i ".$transition_intf." ! -p 112 -j DROP");
+ my $sysctl_intf = $transition_intf;
+ $sysctl_intf =~ s/\./\//g;
+ system("sysctl -w net.ipv4.conf.".$sysctl_intf.".arp_filter=1");
+ system("sysctl -w net.ipv4.conf.".$sysctl_intf.".accept_local=1");
+ }
} elsif ($vrrp_state eq 'master') {
#
# keepalived will send gratuitous arp requests on master transition
@@ -80,9 +90,13 @@ if ($vrrp_state eq 'backup') {
# requests. Some of those host do respond to gratuitous arp replies
# so here we will send 5 gratuitous arp replies also.
#
- $vrrp_intf =~ s/\./\//g;
- system("sysctl -w net.ipv4.conf.".$vrrp_intf."v".$vrrp_group.".arp_filter=0");
- system("sysctl -w net.ipv4.conf.".$vrrp_intf."v".$vrrp_group.".accept_local=1");
+ if ($transition_intf =~ m/\w+v\d+/){
+ system("iptables -t raw -D VYATTA_VRRP_FILTER -i ".$transition_intf." ! -p 112 -j DROP");
+ my $sysctl_intf = $transition_intf;
+ $sysctl_intf =~ s/\./\//g;
+ system("sysctl -w net.ipv4.conf.".$sysctl_intf.".arp_filter=0");
+ system("sysctl -w net.ipv4.conf.".$sysctl_intf.".accept_local=1");
+ }
foreach my $vip (@vrrp_vips) {
system("/usr/bin/arping -A -c5 -I $vrrp_intf $vip");
}