LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: VS-DR arp problem on 2.4 kernels

To: Anushankar Elangovan <eas@xxxxxxx>
Subject: Re: VS-DR arp problem on 2.4 kernels
Cc: "lvs-users@xxxxxxxxxxxxxxxxxxxxxx" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: ratz <ratz@xxxxxx>
Date: Tue, 31 Oct 2000 11:50:57 +0100
Hi

> I had gone through the documentation for preventing the arp problem, it had
> mentioned about the 2.2 kernels and the 2.0 kernels but there was no
> information about the 2.4 kernels. What is the easiest way to prevent the arp
> problem in a 2.4 kernel?

Apply the patch attached.
 
> 1)Is there a kernel patch like http://www.linux-vs.org/sdw_fullarpfix.patch
> there is for  the 2.2.x kernels? Is there anything like Julian's
> arp_invisible sysctl in 2.4?

Yep, he and/or Alexey wrote it.
 
regards,
Roberto Nibali, ratz

-- 
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`
--- v2.3.41/linux/include/linux/inetdevice.h.orig       Sat Sep 11 07:06:19 1999
+++ linux/include/linux/inetdevice.h    Sat Jan 29 14:51:12 2000
@@ -17,6 +17,7 @@
        int     forwarding;
        int     mc_forwarding;
        int     tag;
+       int     hidden;
        void    *sysctl;
 };
 
@@ -43,6 +44,7 @@
 
 #define IN_DEV_LOG_MARTIANS(in_dev)    (ipv4_devconf.log_martians || 
(in_dev)->cnf.log_martians)
 #define IN_DEV_PROXY_ARP(in_dev)       (ipv4_devconf.proxy_arp || 
(in_dev)->cnf.proxy_arp)
+#define IN_DEV_HIDDEN(in_dev)          ((in_dev)->cnf.hidden && 
ipv4_devconf.hidden)
 #define IN_DEV_SHARED_MEDIA(in_dev)    (ipv4_devconf.shared_media || 
(in_dev)->cnf.shared_media)
 #define IN_DEV_TX_REDIRECTS(in_dev)    (ipv4_devconf.send_redirects || 
(in_dev)->cnf.send_redirects)
 #define IN_DEV_SEC_REDIRECTS(in_dev)   (ipv4_devconf.secure_redirects || 
(in_dev)->cnf.secure_redirects)
--- v2.3.41/linux/include/linux/sysctl.h.orig   Sat Jan 29 09:02:10 2000
+++ linux/include/linux/sysctl.h        Sat Jan 29 14:54:32 2000
@@ -300,7 +300,8 @@
        NET_IPV4_CONF_ACCEPT_SOURCE_ROUTE=9,
        NET_IPV4_CONF_BOOTP_RELAY=10,
        NET_IPV4_CONF_LOG_MARTIANS=11,
-       NET_IPV4_CONF_TAG=12
+       NET_IPV4_CONF_TAG=12,
+       NET_IPV4_CONF_HIDDEN=13,
 };
 
 /* /proc/sys/net/ipv6 */
--- v2.3.41/linux/net/ipv4/arp.c.orig   Sat Jan 29 09:02:14 2000
+++ linux/net/ipv4/arp.c        Sun Jan 30 20:51:44 2000
@@ -65,6 +65,8 @@
  *                                     clean up the APFDDI & gen. FDDI bits.
  *             Alexey Kuznetsov:       new arp state machine;
  *                                     now it is in net/core/neighbour.c.
+ *             Julian Anastasov:       "hidden" flag: hide the
+ *                                     interface and don't reply for it
  */
 
 /* RFC1122 Status:
@@ -328,12 +330,23 @@
 static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
 {
        u32 saddr;
+       int from_skb;
+       struct in_device *in_dev2 = NULL;
+       struct net_device *dev2 = NULL;
        u8  *dst_ha = NULL;
        struct net_device *dev = neigh->dev;
        u32 target = *(u32*)neigh->primary_key;
        int probes = atomic_read(&neigh->probes);
 
-       if (skb && inet_addr_type(skb->nh.iph->saddr) == RTN_LOCAL)
+       from_skb = (skb &&
+               (dev2 = ip_dev_find(skb->nh.iph->saddr)) != NULL &&
+               (in_dev2 = in_dev_get(dev2)) != NULL &&
+               !IN_DEV_HIDDEN(in_dev2));
+       if (dev2) {
+               if (in_dev2) in_dev_put(in_dev2);
+               dev_put(dev2);
+       }
+       if (from_skb)
                saddr = skb->nh.iph->saddr;
        else
                saddr = inet_select_addr(dev, target, RT_SCOPE_LINK);
@@ -706,9 +719,22 @@
 
        /* Special case: IPv4 duplicate address detection packet (RFC2131) */
        if (sip == 0) {
-               if (arp->ar_op == __constant_htons(ARPOP_REQUEST) &&
-                   inet_addr_type(tip) == RTN_LOCAL)
+               int reply;
+               struct net_device *dev2 = NULL;
+               struct in_device *in_dev2 = NULL;
+
+               reply =
+                   (arp->ar_op == __constant_htons(ARPOP_REQUEST) &&
+                   (dev2 = ip_dev_find(tip)) != NULL &&
+                   (dev2 == dev ||
+                   ((in_dev2 = in_dev_get(dev2)) != NULL &&
+                   !IN_DEV_HIDDEN(in_dev2))));
+               if (dev2) {
+                   if (in_dev2) in_dev_put(in_dev2);
+                   dev_put(dev2);
+                   if (reply)
                        
arp_send(ARPOP_REPLY,ETH_P_ARP,tip,dev,tip,sha,dev->dev_addr,dev->dev_addr);
+               }
                goto out;
        }
 
@@ -721,6 +747,26 @@
                if (addr_type == RTN_LOCAL) {
                        n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
                        if (n) {
+                               if (ipv4_devconf.hidden &&
+                                   skb->pkt_type != PACKET_HOST) {
+                                       int skip;
+                                       struct net_device *dev2 = NULL;
+                                       struct in_device *in_dev2 = NULL;
+
+                                       skip =
+                                         ((dev2 = ip_dev_find(tip)) != NULL &&
+                                         dev2 != dev &&
+                                         (in_dev2=in_dev_get(dev2)) != NULL &&
+                                         IN_DEV_HIDDEN(in_dev2));
+                                       if (dev2) {
+                                           if (in_dev2) in_dev_put(in_dev2);
+                                           dev_put(dev2);
+                                           if (skip) {
+                                               neigh_release(n);
+                                               goto out;
+                                           }
+                                       }
+                               }
                                
arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha);
                                neigh_release(n);
                        }
--- v2.3.41/linux/net/ipv4/devinet.c.orig       Wed Jan 12 08:46:50 2000
+++ linux/net/ipv4/devinet.c    Sat Jan 29 15:13:34 2000
@@ -745,7 +745,8 @@
 
                read_lock(&in_dev->lock);
                for_primary_ifa(in_dev) {
-                       if (ifa->ifa_scope != RT_SCOPE_LINK &&
+                       if (!IN_DEV_HIDDEN(in_dev) &&
+                           ifa->ifa_scope != RT_SCOPE_LINK &&
                            ifa->ifa_scope <= scope) {
                                read_unlock(&in_dev->lock);
                                read_unlock(&inetdev_lock);
@@ -1027,7 +1028,7 @@
 static struct devinet_sysctl_table
 {
        struct ctl_table_header *sysctl_header;
-       ctl_table devinet_vars[13];
+       ctl_table devinet_vars[14];
        ctl_table devinet_dev[2];
        ctl_table devinet_conf_dir[2];
        ctl_table devinet_proto_dir[2];
@@ -1069,6 +1070,9 @@
          &proc_dointvec},
        {NET_IPV4_CONF_TAG, "tag",
         &ipv4_devconf.tag, sizeof(int), 0644, NULL,
+        &proc_dointvec},
+       {NET_IPV4_CONF_HIDDEN, "hidden",
+        &ipv4_devconf.hidden, sizeof(int), 0644, NULL,
         &proc_dointvec},
         {0}},
 
--- v2.3.41/linux/Documentation/networking/ip-sysctl.txt.orig   Sat Jan 29 
09:01:43 2000
+++ linux/Documentation/networking/ip-sysctl.txt        Sat Jan 29 14:57:27 2000
@@ -299,6 +299,14 @@
        Default value is 0. Note that some distributions enable it
        in startip scripts.
 
+hidden - BOOLEAN
+       Hide addresses attached to this device from another devices.
+       Such addresses will never be selected by source address autoselection
+       mechanism, host does not answer broadcast ARP requests for them,
+       does not announce it as source address of ARP requests, but they
+       are still reachable via IP. This flag is activated only if it is
+       enabled both in specific device section and in "all" section.
+
 Alexey Kuznetsov.
 kuznet@xxxxxxxxxxxxx
 
--- v2.3.41/linux/Documentation/filesystems/proc.txt.orig       Sat Nov 13 
08:04:14 1999
+++ linux/Documentation/filesystems/proc.txt    Sat Jan 29 15:01:54 2000
@@ -1490,6 +1490,16 @@
 
 Determines whether to send ICMP redirects to other hosts.
 
+hidden
+------
+
+Hide addresses attached to this device from another devices.
+Such addresses will never be selected by source address autoselection
+mechanism, host does not answer broadcast ARP requests for them,
+does not announce it as source address of ARP requests, but they
+are still reachable via IP. This flag is activated only if it is
+enabled both in specific device section and in "all" section.
+
 Routing settings
 ----------------
 





<Prev in Thread] Current Thread [Next in Thread>