Bug#330673: /etc/network/if-up.d/ip should check what interface is vlan interface

Tue, 18 Oct 2005 04:03:06 -0700 

On Tue, 18 Oct 2005 11:18:07 +0200
Loic Minier <[EMAIL PROTECTED]> wrote:

>  The /etc/network/if-up.d/ip script will only change settings *IF* you
>  set them.  "if [ -n "$IF_IP_PROXY_ARP" ]" means that the code will only
>  run if something is written in IF_IP_PROXY_ARP, that is if you
>  configured ip_proxy_arp in your interfaces file.

let's look at code: 

        if [ -n "$IF_IP_RP_FILTER" ] && [ "$IF_IP_RP_FILTER" -eq "0" ]
        then
                echo 0 > /proc/sys/net/ipv4/conf/$IFACE/rp_filter
        else
                echo 1 > /proc/sys/net/ipv4/conf/$IFACE/rp_filter
        fi

if $IF_IP_RP_FILTER iz non-zero string, and it also equal to 0, we set 
rp_filter to 0.
if $IF_IP_RP_FILTER iz non-zero string, and it also not equal to 0, we set 
rp_filter to 1.

but. If $IF_IP_RP_FILTER is zero string (not defined), we jump straight to 
'else' and set rp_filter to 1.
so if you do not specify ip-rp-filter in interface specification, you always 
get rp_filter=1.

>  However, please note that rp_filter only makes sense for IP interfaces.
>  If you don't have any IP address on your interface, I suppose
>  rp_filter won't work.

well, this interface really does not need an ip address, it is added just for 
convenience.
but i like it this way.

> > I suggest what /etc/network/if-up.d/ip should act only on vlan interfaces,
> > checking them in a manner if-pre-up.d/vlan script does.
> 
>  I think that /etc/network/if-up.d/ip applies in general to all people
>  wanting to use proxy_arp and/or rp_filter.  This applies to people with
>  DMZ or multiple internet connections for example, and these people
>  don't necessarily use vlans.  Hence, I think this script should be in
>  ifupdown, as the comment points out:
>     # This should probably go into ifupdown
>     # But usually only those with lots of interfaces (vlans) need these
> 
>  ... but this is a separate problem.

maybe this modification can solve this:

        if [ -n "$IF_IP_RP_FILTER" ]
        then if [ "$IF_IP_RP_FILTER" -eq "0" ]
                then
                        echo 0 > /proc/sys/net/ipv4/conf/$IFACE/rp_filter
                else
                        echo 1 > /proc/sys/net/ipv4/conf/$IFACE/rp_filter
                fi
        fi

>  Could you explain your original problem?  I don't think
>  /etc/network/if-up.d/ip is messing with your "post-up" stanza, could
>  you please the complete definition of your interface and run:
>     cat /proc/sys/net/ipv4/conf/sputnik/rp_filter
>  after ifuping your interface?

sorry, i can't mess with whis iface right now, it's on production box. maybe 
later

>    Thanks,
> 
> -- 
> Loïc Minier <[EMAIL PROTECTED]>

Reply via email to