On Thu, Sep 21, 2006 at 02:33:34PM +0400, Dmitry V. Levin wrote:
> On Thu, Sep 21, 2006 at 10:07:37AM +0400, Alexey I. Froloff wrote:
> > * Dmitry V. Levin <ldv@> [060920 20:37]:
> > > Можно, конечно, но на месте upstream'а я бы завёл список ip-адресов,
> > > которые не нужно проверять vzarpipdetect'ом, и список ip-адресов, которые
> > > не нужно анонсировать vzarpipset'ом и vzarp'ом.
> > А где держать этот список и в каком виде?  Что-то типа
> > ARP_SKIP_DETECT/ARP_SKIP_ANNOUNCE со списком подсетей в
> > /etc/sysconfig/vz ?
> 
> Да, я думаю предложить им такое.

Я передумал и теперь предполагаю сделать так:

vzarp: When adding ip, do not announce it on those ifaces where it is not local.
vzarpipdetect: Do not request arp on those ifaces where given ip is not local.
vzarpipset: Do not send arp on those ifaces where given ip is not local.
--- a/etc/vps-functions
+++ b/etc/vps-functions
@@ -119,6 +119,9 @@ vzarp()
 
 	[ -n "${NETDEVICES}" ] || vzwarning "Device list is empty"
 	for DEV in ${NETDEVICES}; do
+		[ "$1" = del ] ||
+		! ${IP_CMD} route get ${2} oif ${DEV} |grep -qs ' via .* src ' ||
+			continue
 		${IP_CMD} neigh ${1} proxy ${2} dev ${DEV} > /dev/null 2>&1
 	done
 }
@@ -130,14 +133,16 @@ vzarpipdetect()
 	local ip
 	local cmd
 
-	[ -z "${1}" ] && return
+	[ -n "$1" ] || return
 	[ "${SKIP_ARPDETECT}" = "yes" ] && return
 
-	for ip in ${1}; do
-		cmd="$cmd -e $ip"
-	done
-
 	for DEV in ${NETDEVICES}; do
+		for ip in ${1}; do
+			! ${IP_CMD} route get ${ip} oif ${DEV} |grep -qs ' via .* src ' ||
+				continue
+			cmd="$cmd -e $ip"
+		done
+		[ -n "$cmd" ] || continue
 		${ARPSEND_CMD} -D ${cmd} ${DEV} ||
 			vzwarning "${ARPSEND_CMD} -D ${cmd} ${DEV} FAILED"
 	done
@@ -148,15 +153,17 @@ vzarpipset()
 {
 	local DEV
 	local ip
-	local dev
+	local cmd
 
-	[ -z "$1" ] && return
+	[ -n "$1" ] || return
 
-	for dev in ${NETDEVICES}; do
+	for DEV in ${NETDEVICES}; do
 		for ip in ${1}; do
-			opt="-i ${ip} -e ${ip}"
-			${ARPSEND_CMD} -U ${opt} ${dev} ||
-				vzwarning "${ARPSEND_CMD} -U ${opt} ${dev} FAILED"
+			! ${IP_CMD} route get ${ip} oif ${DEV} |grep -qs ' via .* src ' ||
+				continue
+			cmd="-i ${ip} -e ${ip}"
+			${ARPSEND_CMD} -U ${cmd} ${DEV} ||
+				vzwarning "${ARPSEND_CMD} -U ${cmd} ${DEV} FAILED"
 		done
 	done
 }

Идея возникла в результате прочтения
https://bugzilla.altlinux.org/show_bug.cgi?id=10324


-- 
ldv