From 0cd22457a3df96bb4144e8942893ba654cf3ea23 Mon Sep 17 00:00:00 2001 From: Naredula Janardhana Reddy Date: Tue, 1 Nov 2011 16:27:18 +0530 Subject: [PATCH] bug 11191: rp_filter changes. The following are summary of changes: 1) when network.disable.rpfilter is set to true, then rp_filter will be disadbled(set to 0) on all the public interfaces and also default setting of the system. 2) when network.disable.rpfilter is set to false, then rp_filter will be enabled(set to 1) on all the public interfaces and also default setting of the system. 2) here public public interface means , eth2 ... ethN. default setting means (/proc/sys/net/ipv4/conf/default/rp_filter). 3) Default setting change will have impact on non-public interface.if there is no specific setting for other interfaces in /etc/sysctl.conf or otherexplict setting , they will follow this default settings. currently non-public interface like eth0 ,eth1 does not have any specific setting in sysctl.conf, due to this there rp_filters will be changed when ever network.disable.rpfilter setting is changed. 4) default setting is required to changes beacuse when a new public interface is created, new interface will take rp_filter value from the default setting. --- .../config/etc/init.d/cloud-early-config | 40 +++++++++++++++---- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index 574916f317e..06d0f516339 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -221,17 +221,43 @@ disable_rpfilter() { sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf } +get_public_vif_list() { + local vif_list="" + for i in /sys/class/net/eth*; do + vif=$(basename $i); + if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] + then + vif_list="$vif_list $vif"; + fi + done + + echo $vif_list +} + disable_rpfilter_domR() { - log_it "cloud: disable rp_filter" - log_it "disable rpfilter" + log_it "cloud: Tuning rp_filter on public interfaces" + + VIF_LIST=$(get_public_vif_list) + log_it "rpfilter public interfaces : $VIF_LIST" if [ "$DISABLE_RP_FILTER" == "true" ] then log_it "cloud: disable rp_filter on public interfaces" -#FIXME : currently public interfaces are assumed as eth2 and eth3. - sed -i "s/net.ipv4.conf.eth2.rp_filter.*$/net.ipv4.conf.eth2.rp_filter = 0/" /etc/sysctl.conf - sed -i "s/net.ipv4.conf.eth3.rp_filter.*$/net.ipv4.conf.eth3.rp_filter = 0/" /etc/sysctl.conf - echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter - echo "0" > /proc/sys/net/ipv4/conf/eth3/rp_filter + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf + echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter + for vif in $VIF_LIST; do + log_it "cloud: disable rp_filter on public interface: $vif" + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf + echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter + done + else + log_it "cloud: enable rp_filter on public interfaces" + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf + echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter + for vif in $VIF_LIST; do + log_it "cloud: enable rp_filter on public interface: $vif" + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf + echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter + done fi }