forked from extern/shorewall_code
Add Proxyarp.pm
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5559 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
5211f319e3
commit
e63a74d0cd
131
New/Shorewall/Proxyarp.pm
Normal file
131
New/Shorewall/Proxyarp.pm
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
#
|
||||||
|
# Shorewall 3.9 -- /usr/share/shorewall/Shorewall/Proxyarp.pm
|
||||||
|
#
|
||||||
|
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||||
|
#
|
||||||
|
# (c) 2007 - Tom Eastep (teastep@shorewall.net)
|
||||||
|
#
|
||||||
|
# Complete documentation is available at http://shorewall.net
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of Version 2 of the GNU General Public License
|
||||||
|
# as published by the Free Software Foundation.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
|
||||||
|
#
|
||||||
|
#
|
||||||
|
package Shorewall::Proxyarp;
|
||||||
|
require Exporter;
|
||||||
|
use Shorewall::Common;
|
||||||
|
use Shorewall::Config;
|
||||||
|
use Shorewall::Interfaces;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
our @ISA = qw(Exporter);
|
||||||
|
our @EXPORT = qw(
|
||||||
|
setup_proxy_arp
|
||||||
|
@proxyarp
|
||||||
|
);
|
||||||
|
|
||||||
|
our @EXPORT_OK = qw( );
|
||||||
|
our @VERSION = 1.00;
|
||||||
|
|
||||||
|
our @proxyarp;
|
||||||
|
|
||||||
|
sub setup_one_proxy_arp( $$$$$ ) {
|
||||||
|
my ( $address, $interface, $external, $haveroute, $persistent) = @_;
|
||||||
|
|
||||||
|
$haveroute = '-' unless $haveroute;
|
||||||
|
|
||||||
|
if ( "\L$haveroute " eq 'no' || $haveroute eq '-' ) {
|
||||||
|
$haveroute = 0;
|
||||||
|
} elsif ( "\L$haveroute" eq 'yes' ) {
|
||||||
|
$haveroute = 1;
|
||||||
|
} else {
|
||||||
|
fatal_error "Invalid value ($haveroute) for HAVROUTE in Proxy Arp Entry \"$line\"";
|
||||||
|
}
|
||||||
|
|
||||||
|
$persistent = '-' unless $persistent;
|
||||||
|
|
||||||
|
if ( "\L$persistent " eq 'no' || $persistent eq '-' ) {
|
||||||
|
$persistent = 0;
|
||||||
|
} elsif ( "\L$persistent" eq 'yes' ) {
|
||||||
|
$persistent = 1;
|
||||||
|
} else {
|
||||||
|
fatal_error "Invalid value ($persistent) for PERSISTENT in Proxy Arp Entry \"$line\"";
|
||||||
|
}
|
||||||
|
|
||||||
|
unless ( $haveroute ) {
|
||||||
|
emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
|
||||||
|
$haveroute = 1 if $persistent;
|
||||||
|
}
|
||||||
|
|
||||||
|
emit "if ! arp -i $external -Ds $address $external pub; then
|
||||||
|
fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"
|
||||||
|
fi
|
||||||
|
|
||||||
|
progress_message \" Host $address connected to $interface added to ARP on $external\"\n";
|
||||||
|
|
||||||
|
push @proxyarp, "$address $interface $external $haveroute";
|
||||||
|
|
||||||
|
progress_message " Host $address connected to $interface added to ARP on $external";
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Setup Proxy ARP
|
||||||
|
#
|
||||||
|
sub setup_proxy_arp() {
|
||||||
|
|
||||||
|
my $interfaces= find_interfaces_by_option 'proxyarp';
|
||||||
|
|
||||||
|
if ( @$interfaces || -s "$ENV{TMP_DIR}/proxyarp" ) {
|
||||||
|
|
||||||
|
save_progress_message "Setting up Proxy ARP...";
|
||||||
|
|
||||||
|
my ( %set, %reset );
|
||||||
|
|
||||||
|
open PA, "$ENV{TMP_DIR}/proxyarp" or fatal_error "Unable to open stripped proxyarp file: $!";
|
||||||
|
|
||||||
|
while ( $line = <PA> ) {
|
||||||
|
chomp $line;
|
||||||
|
$line =~ s/\s+/ /g;
|
||||||
|
|
||||||
|
my ( $address, $interface, $external, $haveroute, $persistent, $extra ) = split /\s+/, $line;
|
||||||
|
|
||||||
|
fatal_error "Invalid proxyarp file entry: \"$line\"" if $extra;
|
||||||
|
|
||||||
|
$set{$interface} = 1;
|
||||||
|
$reset{$external} = 1 unless $set{$external};
|
||||||
|
|
||||||
|
setup_one_proxy_arp( $address, $interface, $external, $haveroute, $persistent );
|
||||||
|
}
|
||||||
|
|
||||||
|
close PA;
|
||||||
|
|
||||||
|
for my $interface ( keys %reset ) {
|
||||||
|
emit "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" unless $set{interface};
|
||||||
|
}
|
||||||
|
|
||||||
|
for my $interface ( keys %set ) {
|
||||||
|
emit "echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp";
|
||||||
|
}
|
||||||
|
|
||||||
|
for my $interface ( @$interfaces ) {
|
||||||
|
emit "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then
|
||||||
|
echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp
|
||||||
|
else
|
||||||
|
error_message \"WARNING: Unable to enable proxy ARP on $interface\"
|
||||||
|
fi\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
Loading…
Reference in New Issue
Block a user