2007-03-17 00:29:01 +01:00
|
|
|
#
|
2007-06-11 21:39:30 +02:00
|
|
|
# Shorewall-perl 4.0 -- /usr/share/shorewall-perl/Shorewall/Proxyarp.pm
|
2007-03-17 00:29:01 +01:00
|
|
|
#
|
2007-09-08 18:09:51 +02:00
|
|
|
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
2007-03-17 00:29:01 +01:00
|
|
|
#
|
|
|
|
# (c) 2007 - Tom Eastep (teastep@shorewall.net)
|
|
|
|
#
|
|
|
|
# Complete documentation is available at http://shorewall.net
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of Version 2 of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
2007-09-08 18:09:51 +02:00
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-03-17 00:29:01 +01:00
|
|
|
#
|
|
|
|
#
|
|
|
|
package Shorewall::Proxyarp;
|
|
|
|
require Exporter;
|
|
|
|
use Shorewall::Config;
|
2007-07-17 00:07:50 +02:00
|
|
|
use Shorewall::Zones;
|
2007-03-17 00:29:01 +01:00
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
|
|
|
our @ISA = qw(Exporter);
|
2007-04-08 16:42:26 +02:00
|
|
|
our @EXPORT = qw(
|
2007-03-17 00:29:01 +01:00
|
|
|
setup_proxy_arp
|
2007-03-21 21:35:40 +01:00
|
|
|
dump_proxy_arp
|
2007-03-17 00:29:01 +01:00
|
|
|
);
|
|
|
|
|
2007-06-14 16:58:48 +02:00
|
|
|
our @EXPORT_OK = qw( initialize );
|
2007-07-27 19:04:11 +02:00
|
|
|
our $VERSION = 4.01;
|
2007-03-17 00:29:01 +01:00
|
|
|
|
2007-06-05 18:49:13 +02:00
|
|
|
our @proxyarp;
|
2007-03-17 00:29:01 +01:00
|
|
|
|
2007-06-15 00:07:45 +02:00
|
|
|
#
|
|
|
|
# Initialize globals -- we take this novel approach to globals initialization to allow
|
|
|
|
# the compiler to run multiple times in the same process. The
|
|
|
|
# initialize() function does globals initialization for this
|
|
|
|
# module and is called from an INIT block below. The function is
|
|
|
|
# also called by Shorewall::Compiler::compiler at the beginning of
|
2007-07-26 20:36:18 +02:00
|
|
|
# the second and subsequent calls to that function.
|
2007-06-15 00:07:45 +02:00
|
|
|
#
|
|
|
|
|
2007-06-14 01:02:39 +02:00
|
|
|
sub initialize() {
|
|
|
|
@proxyarp = ();
|
|
|
|
}
|
|
|
|
|
2007-06-14 16:58:48 +02:00
|
|
|
INIT {
|
|
|
|
initialize;
|
|
|
|
}
|
|
|
|
|
2007-03-17 00:29:01 +01:00
|
|
|
sub setup_one_proxy_arp( $$$$$ ) {
|
|
|
|
my ( $address, $interface, $external, $haveroute, $persistent) = @_;
|
|
|
|
|
2007-03-19 19:29:58 +01:00
|
|
|
if ( "\L$haveroute" eq 'no' || $haveroute eq '-' ) {
|
2007-03-19 19:34:49 +01:00
|
|
|
$haveroute = '';
|
2007-03-17 00:29:01 +01:00
|
|
|
} elsif ( "\L$haveroute" eq 'yes' ) {
|
2007-03-19 19:34:49 +01:00
|
|
|
$haveroute = 'yes';
|
2007-03-17 00:29:01 +01:00
|
|
|
} else {
|
2007-03-30 04:05:11 +02:00
|
|
|
fatal_error "Invalid value ($haveroute) for HAVEROUTE";
|
2007-03-17 00:29:01 +01:00
|
|
|
}
|
|
|
|
|
2007-03-19 19:29:58 +01:00
|
|
|
if ( "\L$persistent" eq 'no' || $persistent eq '-' ) {
|
2007-03-19 19:34:49 +01:00
|
|
|
$persistent = '';
|
2007-03-17 00:29:01 +01:00
|
|
|
} elsif ( "\L$persistent" eq 'yes' ) {
|
2007-03-19 19:34:49 +01:00
|
|
|
$persistent = 'yes';
|
2007-03-17 00:29:01 +01:00
|
|
|
} else {
|
2007-03-30 04:05:11 +02:00
|
|
|
fatal_error "Invalid value ($persistent) for PERSISTENT";
|
2007-03-17 00:29:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
unless ( $haveroute ) {
|
|
|
|
emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
|
|
|
|
$haveroute = 1 if $persistent;
|
|
|
|
}
|
|
|
|
|
2007-07-23 20:14:12 +02:00
|
|
|
emit ( "if ! arp -i $external -Ds $address $external pub; then",
|
2007-04-18 03:07:39 +02:00
|
|
|
" fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" ,
|
|
|
|
'fi' ,
|
|
|
|
'',
|
|
|
|
"progress_message \" Host $address connected to $interface added to ARP on $external\"\n" );
|
2007-03-27 01:17:46 +02:00
|
|
|
|
2007-03-17 00:29:01 +01:00
|
|
|
push @proxyarp, "$address $interface $external $haveroute";
|
|
|
|
|
|
|
|
progress_message " Host $address connected to $interface added to ARP on $external";
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
|
|
|
# Setup Proxy ARP
|
|
|
|
#
|
|
|
|
sub setup_proxy_arp() {
|
|
|
|
|
|
|
|
my $interfaces= find_interfaces_by_option 'proxyarp';
|
2007-03-30 17:57:08 +02:00
|
|
|
my $fn = open_file 'proxyarp';
|
2007-03-17 00:29:01 +01:00
|
|
|
|
2007-03-30 17:57:08 +02:00
|
|
|
if ( @$interfaces || $fn ) {
|
|
|
|
|
|
|
|
my $first_entry = 1;
|
2007-03-17 00:29:01 +01:00
|
|
|
|
|
|
|
save_progress_message "Setting up Proxy ARP...";
|
|
|
|
|
|
|
|
my ( %set, %reset );
|
|
|
|
|
2007-03-29 19:02:13 +02:00
|
|
|
while ( read_a_line ) {
|
2007-03-27 01:17:46 +02:00
|
|
|
|
2007-04-01 17:38:05 +02:00
|
|
|
my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 3, 5, 'proxyarp file';
|
2007-03-17 00:29:01 +01:00
|
|
|
|
2007-03-30 17:57:08 +02:00
|
|
|
if ( $first_entry ) {
|
|
|
|
progress_message2 "$doing $fn...";
|
|
|
|
$first_entry = 0;
|
|
|
|
}
|
2007-04-08 16:42:26 +02:00
|
|
|
|
2007-03-17 00:29:01 +01:00
|
|
|
$set{$interface} = 1;
|
|
|
|
$reset{$external} = 1 unless $set{$external};
|
|
|
|
|
|
|
|
setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent );
|
|
|
|
}
|
|
|
|
|
2007-04-18 03:07:39 +02:00
|
|
|
emit '';
|
|
|
|
|
2007-03-17 00:29:01 +01:00
|
|
|
for my $interface ( keys %reset ) {
|
2007-04-18 03:07:39 +02:00
|
|
|
unless ( $set{interface} ) {
|
2007-07-23 20:14:12 +02:00
|
|
|
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
2007-04-18 03:07:39 +02:00
|
|
|
" echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
|
|
|
emit "fi\n";
|
|
|
|
}
|
2007-03-17 00:29:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
for my $interface ( keys %set ) {
|
2007-07-23 20:14:12 +02:00
|
|
|
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
|
2007-04-18 03:07:39 +02:00
|
|
|
" echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
2007-07-23 20:14:12 +02:00
|
|
|
emit ( 'else' ,
|
2007-04-18 03:07:39 +02:00
|
|
|
" error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface );
|
|
|
|
emit "fi\n";
|
2007-03-17 00:29:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
for my $interface ( @$interfaces ) {
|
2007-04-18 20:15:46 +02:00
|
|
|
my $value = get_interface_option $interface, 'proxyarp';
|
2007-07-23 20:14:12 +02:00
|
|
|
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" ,
|
2007-04-18 20:15:46 +02:00
|
|
|
" echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
|
2007-07-23 20:14:12 +02:00
|
|
|
emit ( 'else' ,
|
2007-07-26 20:36:18 +02:00
|
|
|
" error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface );
|
2007-04-18 03:07:39 +02:00
|
|
|
emit "fi\n";
|
2007-03-17 00:29:01 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-03-21 21:35:40 +01:00
|
|
|
sub dump_proxy_arp() {
|
2007-07-07 18:34:38 +02:00
|
|
|
for ( @proxyarp ) {
|
|
|
|
emit_unindented $_;
|
2007-03-21 21:35:40 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-03-17 00:29:01 +01:00
|
|
|
1;
|