From e37a82375c1dd7631f37de1ed1b336f524d08c62 Mon Sep 17 00:00:00 2001 From: Marcus Sorensen Date: Thu, 17 Jan 2013 12:46:31 -0700 Subject: [PATCH] Summary: Fix rp_filter for VPC router Detail: VPC router was being treated like normal VR, which was an issue because normally the VR has an eth0,1,2 which are isolated, linklocal, and public networks respectively. rp_filter is turned on for eth0,1 and off for 2 (hardcoded). VPC however comes up with eth0,1 as public, linklocal, and no other interfaces until new isolated networks are added, so the process doesn't work. This change turns on rp_filter as new isolated networks are added to the VR. BUG-ID: CLOUDSTACK-938 Bugfix-for: 4.0.2 Signed-off-by: Marcus Sorensen 1358451991 -0700 --- patches/systemvm/debian/config/etc/init.d/cloud-early-config | 2 +- patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config index fe536cbb5a9..285a92fa0a6 100755 --- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config +++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config @@ -660,7 +660,7 @@ EOF enable_svc dnsmasq 1 enable_svc haproxy 1 enable_svc cloud 0 - disable_rpfilter_domR + disable_rpfilter enable_fwding 1 cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules setup_sshd $ETH0_IP "eth0" diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh index d20ed5a05d2..c909cf796d1 100755 --- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh +++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh @@ -134,6 +134,7 @@ create_guest_network() { sudo ip addr add dev $dev $ip/$mask brd + sudo ip link set $dev up sudo arping -c 3 -I $dev -A -U -s $ip $ip + echo 1 > /proc/sys/net/ipv4/conf/$dev/rp_filter # restore mark from connection mark local tableName="Table_$dev" sudo ip route add $subnet/$mask dev $dev table $tableName proto static