shorewall_code/Shorewall/clib.proxyarp

155 lines
4.0 KiB
Plaintext
Raw Normal View History

#!/bin/sh
#
# Shorewall 3.2 -- /usr/share/shorewall/clib.proxyarp
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2005,2006 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
# Setup Proxy ARP
#
setup_proxy_arp() {
local setlist= resetlist=
print_error() {
error_message "Invalid value for HAVEROUTE - ($haveroute)"
error_message "Entry \"$address $interface $external $haveroute\" ignored"
}
print_error1() {
error_message "Invalid value for PERSISTENT - ($persistent)"
error_message "Entry \"$address $interface $external $haveroute $persistent\" ignored"
}
print_warning() {
error_message "PERSISTENT setting ignored - ($persistent)"
error_message "Entry \"$address $interface $external $haveroute $persistent\""
}
setup_one_proxy_arp() {
case $haveroute in
[Nn][Oo])
haveroute=
;;
[Yy][Ee][Ss])
;;
*)
if [ -n "$haveroute" ]; then
print_error
return
fi
;;
esac
case $persistent in
[Nn][Oo])
persistent=
;;
[Yy][Ee][Ss])
[ -z "$haveroute" ] || print_warning
;;
*)
if [ -n "$persistent" ]; then
print_error1
return
fi
;;
esac
if [ -z "$haveroute" ]; then
save_command "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface"
[ -n "$persistent" ] && haveroute=yes
fi
indent >&3 << __EOF__
if ! arp -i $external -Ds $address $external pub; then
fatal_error "Command \"arp -i $external -Ds $address $external pub\" failed"
fi
progress_message " Host $address connected to $interface added to ARP on $external"
__EOF__
echo $address $interface $external $haveroute >> $STATEDIR/proxyarp
progress_message " Host $address connected to $interface added to ARP on $external"
}
> $STATEDIR/proxyarp
save_progress_message "Setting up Proxy ARP..."
while read address interface external haveroute persistent; do
expandv address interface external haveroute persistent
list_search $interface $setlist || setlist="$setlist $interface"
list_search $external $resetlist || list_search $external $setlist || resetlist="$resetlist $external"
setup_one_proxy_arp
done < $TMP_DIR/proxyarp
for interface in $resetlist; do
list_search $interface $setlist || \
save_command "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp"
done
for interface in $setlist; do
save_command "echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp"
done
interfaces=$(find_interfaces_by_option proxyarp)
for interface in $interfaces; do
indent >&3 << __EOF__
if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then
echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp
else
error_message "WARNING: Unable to enable proxy ARP on $interface"
fi
__EOF__
done
}
#
# Delete existing Proxy ARP
#
delete_proxy_arp() {
indent >&3 << __EOF__
if [ -f \${VARDIR}/proxyarp ]; then
while read address interface external haveroute; do
qt arp -i \$external -d \$address pub
[ -z "\$haveroute" -a -z "\$NOROUTE" ] && qt ip route del \$address dev \$interface
done < \${VARDIR}/proxyarp
rm -f \${VARDIR}/proxyarp
fi
for f in /proc/sys/net/ipv4/conf/*; do
[ -f \$f/proxy_arp ] && echo 0 > \$f/proxy_arp
done
__EOF__
[ -d $STATEDIR ] && touch $STATEDIR/proxyarp
}
CLIB_PROXYARP_LOADED=Yes