From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <456A7DE6.4050007@sakhalin.ru> Date: Mon, 27 Nov 2006 15:55:50 +1000 From: Dmitry Lebkov User-Agent: Thunderbird 1.5.0.5 (X11/20060822) MIME-Version: 1.0 To: ALT Devel discussion list References: <20060919104535.GL18615@immo.ru> <20060919162320.GH10353@basalt.office.altlinux.org> <20060920130850.GG18615@immo.ru> <20060920163645.GB12624@basalt.office.altlinux.org> <20060921060737.GJ18615@immo.ru> <20060921103334.GA6823@basalt.office.altlinux.org> <20061126135154.GA14873@nomad.office.altlinux.org> In-Reply-To: <20061126135154.GA14873@nomad.office.altlinux.org> X-Enigmail-Version: 0.94.0.0 Content-Type: multipart/mixed; boundary="------------080106040607000100080501" X-Virus-Scanned: amavisd-new at sakhalin.ru Subject: Re: [devel] openvz arp X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: ALT Devel discussion list List-Id: ALT Devel discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Nov 2006 05:56:05 -0000 Archived-At: List-Archive: List-Post: This is a multi-part message in MIME format. --------------080106040607000100080501 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit Dmitry V. Levin wrote: > On Thu, Sep 21, 2006 at 02:33:34PM +0400, Dmitry V. Levin wrote: >> On Thu, Sep 21, 2006 at 10:07:37AM +0400, Alexey I. Froloff wrote: >>> * Dmitry V. Levin [060920 20:37]: >>>> Можно, конечно, но на месте upstream'а я бы завёл список ip-адресов, >>>> которые не нужно проверять vzarpipdetect'ом, и список ip-адресов, которые >>>> не нужно анонсировать vzarpipset'ом и vzarp'ом. >>> А где держать этот список и в каком виде? Что-то типа >>> ARP_SKIP_DETECT/ARP_SKIP_ANNOUNCE со списком подсетей в >>> /etc/sysconfig/vz ? >> Да, я думаю предложить им такое. > > Я передумал и теперь предполагаю сделать так: > > vzarp: When adding ip, do not announce it on those ifaces where it is not local. > vzarpipdetect: Do not request arp on those ifaces where given ip is not local. > vzarpipset: Do not send arp on those ifaces where given ip is not local. > --- a/etc/vps-functions > +++ b/etc/vps-functions > @@ -119,6 +119,9 @@ vzarp() > > [ -n "${NETDEVICES}" ] || vzwarning "Device list is empty" > for DEV in ${NETDEVICES}; do > + [ "$1" = del ] || > + ! ${IP_CMD} route get ${2} oif ${DEV} |grep -qs ' via .* src ' || > + continue > ${IP_CMD} neigh ${1} proxy ${2} dev ${DEV} > /dev/null 2>&1 > done > } > @@ -130,14 +133,16 @@ vzarpipdetect() > local ip > local cmd > > - [ -z "${1}" ] && return > + [ -n "$1" ] || return > [ "${SKIP_ARPDETECT}" = "yes" ] && return > > - for ip in ${1}; do > - cmd="$cmd -e $ip" > - done > - > for DEV in ${NETDEVICES}; do > + for ip in ${1}; do > + ! ${IP_CMD} route get ${ip} oif ${DEV} |grep -qs ' via .* src ' || > + continue > + cmd="$cmd -e $ip" > + done > + [ -n "$cmd" ] || continue > ${ARPSEND_CMD} -D ${cmd} ${DEV} || > vzwarning "${ARPSEND_CMD} -D ${cmd} ${DEV} FAILED" > done > @@ -148,15 +153,17 @@ vzarpipset() > { > local DEV > local ip > - local dev > + local cmd > > - [ -z "$1" ] && return > + [ -n "$1" ] || return > > - for dev in ${NETDEVICES}; do > + for DEV in ${NETDEVICES}; do > for ip in ${1}; do > - opt="-i ${ip} -e ${ip}" > - ${ARPSEND_CMD} -U ${opt} ${dev} || > - vzwarning "${ARPSEND_CMD} -U ${opt} ${dev} FAILED" > + ! ${IP_CMD} route get ${ip} oif ${DEV} |grep -qs ' via .* src ' || > + continue > + cmd="-i ${ip} -e ${ip}" > + ${ARPSEND_CMD} -U ${cmd} ${DEV} || > + vzwarning "${ARPSEND_CMD} -U ${cmd} ${DEV} FAILED" > done > done > } > > Идея возникла в результате прочтения > https://bugzilla.altlinux.org/show_bug.cgi?id=10324 В аттаче - работающий вариант вышеописанной идеи (если я ее правильно понял). ;) -- WBR, Dmitry Lebkov --------------080106040607000100080501 Content-Type: text/plain; name="vps-functions.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="vps-functions.patch" --- vps-functions.orig 2006-11-27 13:49:37 +1000 +++ vps-functions 2006-11-27 15:52:56 +1000 @@ -115,12 +115,17 @@ vzgetnetdev() # $NETDEVICES - Network devices used to take MAC addresses from vzarp() { - local DEV + local src_addr + local src_dev [ -n "${NETDEVICES}" ] || vzwarning "Device list is empty" - for DEV in ${NETDEVICES}; do - ${IP_CMD} neigh ${1} proxy ${2} dev ${DEV} > /dev/null 2>&1 - done + src_addr=`ip route get ${2} | awk -F 'src ' '{print $2; exit}'` + if [ -n "${src_addr}" ]; then + src_dev=`ip route list ${src_addr} scope host table local | awk '{print $4; exit}'` + if [ -n "${src_dev}" ]; then + ${IP_CMD} neigh ${1} proxy ${2} dev ${src_dev} > /dev/null 2>&1 + fi + fi } # Send ARP request to detect that somebody already have this IP @@ -130,16 +135,18 @@ vzarpipdetect() local ip local cmd - [ -z "${1}" ] && return + [ -n "$1" ] || return [ "${SKIP_ARPDETECT}" = "yes" ] && return - for ip in ${1}; do - cmd="$cmd -e $ip" - done - for DEV in ${NETDEVICES}; do - ${ARPSEND_CMD} -D ${cmd} ${DEV} || - vzwarning "${ARPSEND_CMD} -D ${cmd} ${DEV} FAILED" + for ip in ${1}; do + ! ${IP_CMD} route get ${ip} oif ${DEV} |grep -qs ' via .* src ' || + continue + cmd="-e $ip" + [ -n "$cmd" ] || continue + ${ARPSEND_CMD} -D ${cmd} ${DEV} || + vzwarning "${ARPSEND_CMD} -D ${cmd} ${DEV} FAILED" + done done } @@ -148,16 +155,21 @@ vzarpipset() { local DEV local ip - local dev + local cmd + local src_addr - [ -z "${1}" ] && return + [ -n "$1" ] || return - for dev in ${NETDEVICES}; do - for ip in ${1}; do - opt="-i ${ip} -e ${ip}" - ${ARPSEND_CMD} -U ${opt} ${dev} || - vzwarning "${ARPSEND_CMD} -U ${opt} ${dev} FAILED" - done + for ip in ${1}; do + src_addr=`ip route get ${ip} | awk -F 'src ' '{print $2; exit}'` + if [ -n "${src_addr}" ]; then + DEV=`ip route list ${src_addr} scope host table local | awk '{print $4; exit}'` + if [ -n "${DEV}" ]; then + cmd="-i ${ip} -e ${ip}" + ${ARPSEND_CMD} -U ${cmd} ${DEV} || + vzwarning "${ARPSEND_CMD} -U ${cmd} ${DEV} FAILED" + fi + fi done } @@ -171,9 +183,10 @@ vzaddrouting() if ! ${IP_CMD} route list ${1} | grep "$1 dev venet0" > /dev/null 2>&1; then if [ -n "${VE_ROUTE_SRC_DEV}" ]; then device="dev ${VE_ROUTE_SRC_DEV}" + src_addr=`ip route get ${1} oif ${device} | awk -F 'src ' '{print $2; exit}'` + else + src_addr=`ip route get ${1} | awk -F 'src ' '{print $2; exit}'` fi - src_addr=`ip route list table local ${device} | grep '^local' | - cut -d' ' -f2 | grep -v '^127\.' | head -n 1` if [ -z "${src_addr}" ]; then vzerror "Unable to get source ip [${device}]" ${VZ_CANT_ADDIP} fi --------------080106040607000100080501--