3 [ -n "$CTDB_BASE" ] || \
4 export CTDB_BASE=$(cd -P $(dirname "$0") ; dirname "$PWD")
9 service_name=per_ip_routing
11 # Do nothing if unconfigured
12 [ -n "$CTDB_PER_IP_ROUTING_CONF" ] || exit 0
14 table_id_prefix="ctdb."
16 [ -n "$CTDB_PER_IP_ROUTING_RULE_PREF" ] || \
17 die "error: CTDB_PER_IP_ROUTING_RULE_PREF not configured"
19 [ "$CTDB_PER_IP_ROUTING_TABLE_ID_LOW" -lt "$CTDB_PER_IP_ROUTING_TABLE_ID_HIGH" ] 2>/dev/null || \
20 die "error: CTDB_PER_IP_ROUTING_TABLE_ID_LOW[$CTDB_PER_IP_ROUTING_TABLE_ID_LOW] and/or CTDB_PER_IP_ROUTING_TABLE_ID_HIGH[$CTDB_PER_IP_ROUTING_TABLE_ID_HIGH] improperly configured"
22 if [ "$CTDB_PER_IP_ROUTING_TABLE_ID_LOW" -le 253 -a \
23 255 -le "$CTDB_PER_IP_ROUTING_TABLE_ID_HIGH" ] ; then
24 die "error: range CTDB_PER_IP_ROUTING_TABLE_ID_LOW[$CTDB_PER_IP_ROUTING_TABLE_ID_LOW]..CTDB_PER_IP_ROUTING_TABLE_ID_HIGH[$CTDB_PER_IP_ROUTING_TABLE_ID_HIGH] must not include 253-255"
27 have_link_local_config ()
29 [ "$CTDB_PER_IP_ROUTING_CONF" = "__auto_link_local__" ]
32 if ! have_link_local_config && [ ! -r "$CTDB_PER_IP_ROUTING_CONF" ] ; then
33 die "error: CTDB_PER_IP_ROUTING_CONF=$CTDB_PER_IP_ROUTING_CONF file not found"
36 ######################################################################
43 # Get the shell to break up the address into 1 word per octet
44 for _o in $(export IFS="." ; echo $_ip) ; do
45 # The 2>/dev/null stops output from failures where an "octet"
46 # is not numeric. The test will still fail.
47 if ! [ 0 -le $_o -a $_o -le 255 ] 2>/dev/null ; then
50 _count=$(($_count + 1))
53 # A valid IPv4 address has 4 octets
57 ensure_ipv4_is_valid_addr ()
62 ipv4_is_valid_addr "$_ip" || {
63 echo "$0: $_event not an ipv4 address skipping IP:$_ip"
68 ipv4_host_addr_to_net ()
73 # Convert the host address to an unsigned long by splitting out
74 # the octets and doing the math.
76 for _o in $(export IFS="." ; echo $_host) ; do
77 _host_ul=$(( ($_host_ul << 8) + $_o)) # work around Emacs color bug
80 # Calculate the mask and apply it.
81 _mask_ul=$(( 0xffffffff << (32 - $_maskbits) ))
82 _net_ul=$(( $_host_ul & $_mask_ul ))
84 # Now convert to a network address one byte at a time.
86 for _o in $(seq 1 4) ; do
87 _net="$(($_net_ul & 255))${_net:+.}${_net}"
88 _net_ul=$(($_net_ul >> 8))
91 echo "${_net}/${_maskbits}"
94 ######################################################################
98 rt_tables="$CTDB_SYS_ETCDIR/iproute2/rt_tables"
100 # This file should always exist. Even if this didn't exist on the
101 # system, adding a route will have created it. What if we startup
102 # and immediately shutdown? Let's be sure.
103 if [ ! -f "$rt_tables" ] ; then
104 mkdir -p "${rt_tables%/*}" # dirname
109 # Setup a table id to use for the given IP. We don't need to know it,
110 # it just needs to exist in /etc/iproute2/rt_tables. Fail if no free
111 # table id could be found in the configured range.
112 ensure_table_id_for_ip ()
118 # Maintain a table id for each IP address we've ever seen in
119 # rt_tables. We use a "ctdb." prefix on the label.
120 _label="${table_id_prefix}${_ip}"
122 # This finds either the table id corresponding to the label or a
123 # new unused one (that is greater than all the used ones in the
126 # Note that die() just gets us out of the subshell...
127 flock --timeout 30 0 || \
128 die "ensure_table_id_for_ip: failed to lock file $rt_tables"
130 _new=$CTDB_PER_IP_ROUTING_TABLE_ID_LOW
131 while read _t _l ; do
136 # Found existing: done
137 if [ "$_l" = "$_label" ] ; then
140 # Potentially update the new table id to be used. The
141 # redirect stops error spam for a non-numeric value.
142 if [ $_new -le $_t -a \
143 $_t -le $CTDB_PER_IP_ROUTING_TABLE_ID_HIGH ] 2>/dev/null ; then
148 # If the new table id is legal then add it to the file and
150 if [ $_new -le $CTDB_PER_IP_ROUTING_TABLE_ID_HIGH ] ; then
151 printf "%d\t%s\n" "$_new" "$_label" >>"$rt_tables"
159 # Clean up all the table ids that we might own.
160 clean_up_table_ids ()
165 # Note that die() just gets us out of the subshell...
166 flock --timeout 30 0 || \
167 die "clean_up_table_ids: failed to lock file $rt_tables"
169 # Delete any items from the file that have a table id in our
170 # range or a label matching our label. Preserve comments.
171 _tmp="${rt_tables}.$$.ctdb"
172 awk -v min="$CTDB_PER_IP_ROUTING_TABLE_ID_LOW" \
173 -v max="$CTDB_PER_IP_ROUTING_TABLE_ID_HIGH" \
174 -v pre="$table_id_prefix" \
176 !(min <= $1 && $1 <= max) && \
177 !(index($2, pre) == 1) \
178 { print $0 }' "$rt_tables" >"$_tmp"
180 mv "$_tmp" "$rt_tables"
181 # The lock is gone - don't do anything else here
185 ######################################################################
187 # This prints the config for an IP, which is either relevant entries
188 # from the config file or, if set to the magic link local value, some
189 # link local routing config for the IP.
194 if have_link_local_config ; then
195 # When parsing public_addresses also split on '/'. This means
196 # that we get the maskbits as item #2 without further parsing.
197 while IFS="/$IFS" read _i _maskbits _x ; do
198 if [ "$_ip" = "$_i" ] ; then
199 echo -n "$_ip "; ipv4_host_addr_to_net "$_ip" "$_maskbits"
201 done <"${CTDB_PUBLIC_ADDRESSES:-/dev/null}"
203 while read _i _rest ; do
204 if [ "$_ip" = "$_i" ] ; then
205 printf "%s\t%s\n" "$_ip" "$_rest"
207 done <"$CTDB_PER_IP_ROUTING_CONF"
211 ip_has_configuration ()
215 [ -n "$(get_config_for_ip $_ip)" ]
218 add_routing_for_ip ()
223 # Do nothing if no config for this IP.
224 ip_has_configuration "$_ip" || return 0
226 ensure_table_id_for_ip "$_ip" || \
227 die "add_routing_for_ip: out of table ids in range $CTDB_PER_IP_ROUTING_TABLE_ID_LOW - $CTDB_PER_IP_ROUTING_TABLE_ID_HIGH"
229 _pref="$CTDB_PER_IP_ROUTING_RULE_PREF"
230 _table_id="${table_id_prefix}${_ip}"
232 del_routing_for_ip "$_ip" >/dev/null 2>&1
234 ip rule add from "$_ip" pref "$_pref" table "$_table_id" || \
235 die "add_routing_for_ip: failed to add rule for $_ip"
237 # Add routes to table for any lines matching the IP.
238 get_config_for_ip "$_ip" |
239 while read _i _dest _gw ; do
240 _r="$_dest ${_gw:+via} $_gw dev $_iface table $_table_id"
241 ip route add $_r || \
242 die "add_routing_for_ip: failed to add route: $_r"
246 del_routing_for_ip ()
250 _pref="$CTDB_PER_IP_ROUTING_RULE_PREF"
251 _table_id="${table_id_prefix}${_ip}"
253 # Do this unconditionally since we own any matching table ids.
254 # However, print a meaningful message if something goes wrong.
255 _cmd="ip rule del from $_ip pref $_pref table $_table_id"
256 _out=$($_cmd 2>&1) || \
258 WARNING: Failed to delete policy routing rule
259 Command "$_cmd" failed:
262 # This should never usually fail, so don't redirect output.
263 # However, it can fail when deleting a rogue IP, since there will
264 # be no routes for that IP. In this case it should only fail when
265 # the rule deletion above has already failed because the table id
266 # is invalid. Therefore, go to a little bit of trouble to indent
267 # the failure message so that it is associated with the above
268 # warning message and doesn't look too nasty.
269 ip route flush table $_table_id 2>&1 | sed -e 's@^.@ &@'
272 ######################################################################
274 flush_rules_and_routes ()
277 while read _p _x _i _x _t ; do
278 # Remove trailing colon after priority/preference.
280 # Only remove rules that match our priority/preference.
281 [ "$CTDB_PER_IP_ROUTING_RULE_PREF" = "$_p" ] || continue
283 echo "Removing ip rule for public address $_i for routing table $_t"
284 ip rule del from "$_i" table "$_t" pref "$_p"
285 ip route flush table "$_t" 2>/dev/null
289 # Add any missing routes. Some might have gone missing if, for
290 # example, all IPs on the network were removed (possibly if the
291 # primary was removed). If $1 is "force" then (re-)add all the
293 add_missing_routes ()
296 read _x # skip header line
298 # Read the rest of the lines. We're only interested in the
299 # "IP" and "ActiveInterface" columns. The latter is only set
300 # for addresses local to this node, making it easy to skip
301 # non-local addresses. For each IP local address we check if
302 # the relevant routing table is populated and populate it if
304 while IFS="|" read _x _ip _x _iface _x ; do
305 [ -n "$_iface" ] || continue
307 _table_id="${table_id_prefix}${_ip}"
308 if [ -z "$(ip route show table $_table_id 2>/dev/null)" -o \
309 "$1" = "force" ] ; then
310 add_routing_for_ip "$_iface" "$_ip"
316 # Remove rules/routes for addresses that we're not hosting. If a
317 # releaseip event failed in an earlier script then we might not have
318 # had a chance to remove the corresponding rules/routes.
319 remove_bogus_routes ()
321 # Get a IPs current hosted by this node, each anchored with '@'.
322 _ips=$(ctdb ip -v -X | awk -F'|' 'NR > 1 && $4 != "" {printf "@%s@\n", $2}')
325 while read _p _x _i _x _t ; do
326 # Remove trailing colon after priority/preference.
328 # Only remove rules that match our priority/preference.
329 [ "$CTDB_PER_IP_ROUTING_RULE_PREF" = "$_p" ] || continue
330 # Only remove rules for which we don't have an IP. This could
331 # be done with grep, but let's do it with shell prefix removal
332 # to avoid unnecessary processes. This falls through if
333 # "@${_i}@" isn't present in $_ips.
334 [ "$_ips" = "${_ips#*@${_i}@}" ] || continue
336 echo "Removing ip rule/routes for unhosted public address $_i"
337 del_routing_for_ip "$_i"
341 ######################################################################
343 service_reconfigure ()
345 add_missing_routes "force"
348 # flush our route cache
349 set_proc sys/net/ipv4/route/flush 1
352 ######################################################################
356 ctdb_service_check_reconfigure
360 flush_rules_and_routes
362 # make sure that we only respond to ARP messages from the NIC
363 # where a particular ip address is associated.
364 get_proc sys/net/ipv4/conf/all/arp_filter >/dev/null 2>&1 && {
365 set_proc sys/net/ipv4/conf/all/arp_filter 1
370 flush_rules_and_routes
379 ensure_ipv4_is_valid_addr "$1" "$ip"
380 add_routing_for_ip "$iface" "$ip"
382 # flush our route cache
383 set_proc sys/net/ipv4/route/flush 1
385 ctdb gratiousarp "$ip" "$iface"
394 ensure_ipv4_is_valid_addr "$1" "$ip"
395 add_routing_for_ip "$niface" "$ip"
397 # flush our route cache
398 set_proc sys/net/ipv4/route/flush 1
400 ctdb gratiousarp "$ip" "$niface"
401 tickle_tcp_connections "$ip"
409 ensure_ipv4_is_valid_addr "$1" "$ip"
410 del_routing_for_ip "$ip"
419 ctdb_standard_event_handler "$@"