bug 11191: Added global config to disable/enable rp_filter for domR(public interfaces)

2025-11-03 04:12:31 +01:00 · 2011-08-24 13:30:23 +05:30 · 2011-08-24 13:30:23 +05:30 · 145a4aad37
commit 145a4aad37
parent 4169be9e49
4 changed files with 34 additions and 3 deletions
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@ -183,6 +183,20 @@ disable_rpfilter() {
  sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
 }

+disable_rpfilter_domR() {
+  log_it "cloud: disable rp_filter"
+  log_it "disable rpfilter"
+  sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
+  if [ "$DISABLE_RP_FILTER" == "true" ]
+  then
+      log_it "cloud: disable rp_filter : updating proc"
+      sed -i "s/net.ipv4.conf.eth2.rp_filter.*$/net.ipv4.conf.eth2.rp_filter = 0/" /etc/sysctl.conf 
+      sed -i "s/net.ipv4.conf.eth3.rp_filter.*$/net.ipv4.conf.eth3.rp_filter = 0/" /etc/sysctl.conf 
+      echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter
+      echo "0" > /proc/sys/net/ipv4/conf/eth3/rp_filter
+  fi
+}
+
 enable_svc() {
  local svc=$1
  local enabled=$2
@ -375,7 +389,7 @@ setup_router() {
  enable_svc haproxy 1
  enable_svc cloud-passwd-srvr 1
  enable_svc cloud 0
-  disable_rpfilter
+  disable_rpfilter_domR
  enable_fwding 1
  chkconfig nfs-common off
  cp /etc/iptables/iptables-router /etc/iptables/rules
@ -560,6 +574,7 @@ parse_cmd_line() {
 CMDLINE=$(cat /var/cache/cloud/cmdline)
 TYPE="unknown"
 BOOTPROTO="static"
+DISABLE_RP_FILTER="false"

 for i in $CMDLINE
  do
@ -567,6 +582,9 @@ for i in $CMDLINE
    KEY=$(echo $i | cut -d= -f1)
    VALUE=$(echo $i | cut -d= -f2)
    case $KEY in 
+      disable_rp_filter)
+          DISABLE_RP_FILTER=$VALUE
+          ;;
      eth0ip)
          ETH0_IP=$VALUE
          ;;
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@ -62,6 +62,8 @@ public enum Config {
 	NetworkLBHaproxyStatsUri("Network", ManagementServer.class, String.class, "network.loadbalancer.haproxy.stats.uri","/admin?stats","Load Balancer(haproxy) uri.",null),
 	NetworkLBHaproxyStatsAuth("Network", ManagementServer.class, String.class, "network.loadbalancer.haproxy.stats.auth","admin1:AdMiN123","Load Balancer(haproxy) authetication string in the format username:password",null),
 	NetworkLBHaproxyStatsPort("Network", ManagementServer.class, String.class, "network.loadbalancer.haproxy.stats.port","8081","Load Balancer(haproxy) stats port number.",null),		
+	NetworkRouterRpFilter("Network", ManagementServer.class, Integer.class, "network.disable.rpfilter", "true", "disable rp_filter on Domain Router VM public interfaces.", null),
+    
 	GuestVlanBits("Network", ManagementServer.class, Integer.class, "guest.vlan.bits", "12", "The number of bits to reserve for the VLAN identifier in the guest subnet.", null),
 	//MulticastThrottlingRate("Network", ManagementServer.class, Integer.class, "multicast.throttling.rate", "10", "Default multicast rate in megabits per second allowed.", null),
 	NetworkThrottlingRate("Network", ManagementServer.class, Integer.class, "network.throttling.rate", "200", "Default data transfer rate in megabits per second allowed in network.", null),
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@ -313,6 +313,8 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
    private ServiceOfferingVO _offering;
    private String trafficSentinelHostname;
    private String _dnsBasicZoneUpdates = "all";
+    
+    private boolean _disable_rp_filter = false;

    ScheduledExecutorService _executor;
    ScheduledExecutorService _checkExecutor;
@ -584,6 +586,11 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
            _instance = "DEFAULT";
        }
        
+        String rpValue = configs.get("network.disable.rpfilter");
+        if (rpValue != null && rpValue.equalsIgnoreCase("true")) {
+            _disable_rp_filter = true;
+        }
+        
        _dnsBasicZoneUpdates = String.valueOf(_configDao.getValue(Config.DnsBasicZoneUpdates.key()));

        s_logger.info("Router configurations: " + "ramsize=" + _routerRamSize);
@ -1208,7 +1215,7 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian

        String type = null;
        String dhcpRange = null;
-
+        String rpFilter = " ";
        DataCenter dc = dest.getDataCenter();
        DataCenterVO dcVO = _dcDao.findById(dc.getId());
        _dcDao.loadDetails(dcVO);
@ -1224,10 +1231,13 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
            type = "dhcpsrvr";
        } else {
            type = "router";
+            if (_disable_rp_filter) {
+                rpFilter=" disable_rp_filter=true";
+            }
        }

        StringBuilder buf = profile.getBootArgsBuilder();
-        buf.append(" template=domP type=" + type);
+        buf.append(" template=domP type=" + type+rpFilter);
        buf.append(" name=").append(profile.getHostName());

        boolean isRedundant = _configDao.getValue("network.redundantrouter").equals("true");
--- a/setup/db/db/schema-229to2210.sql
+++ b/setup/db/db/schema-229to2210.sql
@ -35,6 +35,7 @@ INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-serve
 INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.uri','/admin?stats','Load Balancer(haproxy) uri.');
 INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.auth','admin1:AdMiN123','Load Balancer(haproxy) authetication string in the format username:password');
 INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.loadbalancer.haproxy.stats.port','8081','Load Balancer(haproxy) stats port number.');
+INSERT IGNORE INTO configuration VALUES ('Network', 'DEFAULT', 'management-server', 'network.disable.rpfilter','true','disable rp_filter on Domain Router VM public interfaces.');
 INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'NetworkManager', 'use.external.dns', 'false', 'Bypass the cloudstack DHCP/DNS server vm name service, use zone external dns1 and dns2');
 INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.enabled', 'false', 'Whether the load balancing service is enabled for basic zones');
 INSERT IGNORE INTO configuration VALUES ('Advanced', 'DEFAULT', 'management-server', 'network.loadbalancer.basiczone.elb.gc.interval.minutes', '120', 'Garbage collection interval to destroy unused ELB vms in minutes. Minimum of 5');