From: Steve R. <Ste...@sa...> - 2010-05-24 17:26:01
|
>>> Heiko: Could one of you just send me the already patched network script I have just taken a detailed look at Stefan's patch, and it seems his network script has his improved regexp, and also he has coded a call to a new "create_mactab()" function. Perhaps Stefan could submit his final network script to become the definitive copy? Regards - Steve. Stephen H F Ralph Principal Computer Officer | Integration Team | ICT Services | Transform Sandwell | Sandwell MBC | Freeth Street | Oldbury | West Midlands | B69 3DE Tel: 0121 569 3132 | Fax: 0121 569 3493 Email: ste...@sa... -----Original Message----- From: Heiko Zuerker [mailto:he...@zu...] Sent: 24 May 2010 16:13 To: dev...@li... Subject: Re: [Devil-linux-develop] Enable "nameif" to associate MAC address with correct interface name I'm having trouble applying the patches. Could one of you just send me the already patched network script? Thanks Heiko Quoting Heiko Zuerker <he...@zu...>: > I finally have some time to look at this... > The new patch should be applied after the first one? > > Heiko > >> -----Original Message----- >> From: Stefan Engel [mailto:ma...@en...] >> Sent: Monday, May 10, 2010 6:01 PM >> To: dev...@li... >> Subject: Re: [Devil-linux-develop] Enable "nameif" to associate MAC >> address with correct interface name >> >> Hi, >> >> thanks to Steve and Roy for helping getting this setup started. >> Until >> now I didn't know there is this nice little tool called nameif. >> >> I just polished the patch a little bit and modified the code which >> creates /etc/mactab from /etc/mactable.conf. I uploaded it as >> network_mactable.patch to bug #73. >> >> After patching the /etc/init.d/network script now works as follows: >> # if /etc/mactable.conf doesn't exist, just proceed as normal >> # if /etc/mactable.conf exists, then >> ## get MAC addresses of all interfaces (via ip link show) >> ## skip any empty lines or comment lines beginning with '#' in >> /etc/mactable.conf >> ## check if interface definitions are found in /etc/mactable.conf >> ### if so, then write interface definitions into /etc/mactab.tmp >> ### if not, then issue a warning about the not defined interface(s) >> ## if all interfaces are found, rename /etc/mactab.tmp into >> /etc/mactab >> ## if an interface definition is missing, then remove >> /etc/mactab.tmp >> and don't touch an already existing /etc/mactab >> >> After that, the patch works as suggested: if /etc/mactab exists, >> then >> use it. If not, skip this stuff and proceed as normal. >> >> With my setup here everything works as expected (after defining the >> MAC >> addresses of course). So in case of trouble, I don't have to think >> about >> the correct MAC setup to get things running again, but I can now >> switch >> the usb-stick with the firewall config from one machine to another >> and >> that's it. >> >> Regards, >> Stefan >> >> roy barnard wrote: >> > Stefan, >> > >> > I helped Steve Ralph write the patch. >> > Your understanding of regexp is way better than mine. >> > I like this as it removes the need for the "cut" command which >> should speed the code up. >> > >> > I had to read it twice to get it but today I learnt a little more >> regexp. >> > >> > Thank you. >> > >> > Roy Barnard >> > >> > >> > --- On Wed, 5/5/10, Stefan Engel <ma...@en...> wrote: >> > >> >> From: Stefan Engel <ma...@en...> >> >> Subject: Re: [Devil-linux-develop] Enable "nameif" to associate >> MAC address with correct interface name >> >> To: dev...@li... >> >> Date: Wednesday, 5 May, 2010, 23:18 >> >> I did some testing with the patch and >> >> it looks good so far. Only thing I >> >> would change is the regexp. From: >> >> >> >> MacList=`/sbin/ip addr show | /bin/grep "link/ether" >> >> | /bin/sed >> >> "s#.*link\/ether \| brd #\|#ig" | /usr/bin/cut -f2 -d'|'` >> >> >> >> to: >> >> MacList=`/sbin/ip link show | /bin/grep "ether" | >> >> /bin/sed "s#.*ether >> >> \([0-9a-f:]*\) .*#\1#ig"` >> >> >> >> Regards, >> >> Stefan >> >> >> >> Stefan Engel wrote: >> >>> Hi, >> >>> >> >>> his patch looks just like what I have been looking >> >> for. I will add it to >> >>> my VM test environment for testing. As far as I can >> >> see, nothing of the >> >>> current network handling gets broken if /etc/mactab >> >> and >> >>> /etc/mactable.conf are missing, so I would vote to add >> >> this patch to DL. >> >>> Regards, >> >>> Stefan >> >>> >> >>> Steve Ralph wrote: >> >>>> Hi, >> >>>> >> >>>> I have just submitted a mantis-patch for >> >> "/etc/init.d/network" that >> >>>> calls nameif to name network interfaces based on >> >> MAC addresses. The call >> >>>> is only made if the required "/etc/mactab" file >> >> exists and is readable. >> >>>> Nameif is called on a per-interface basis after >> >> the module has been >> >>>> modprob'ed into place. >> >>>> >> >>>> Please note that the version of >> >> "/etc/init.d/network" that was used as a >> >>>> starting point was "# $Revision: 1.44 $" which is >> >> has been patched for >> >>>> interface aliases and has a higher revision number >> >> than version 1.43 >> >>>> that ships with DL-1.4-RC3. >> >>>> >> >>>> There are two distinct but linked patches >> >> contained in the one file. >> >>>> They could be separated quite easily, if >> >> required. >> >>>> >> >>>> The first patch that calls nameif/mactab is: >> >>>> @@ -162,8 +163,18 @@ >> >>>> >> >> if [ "$MODULE" != "UNKNOWN" ] >> >> && [ "$MODULE" != >> >>>> "autoselect" ] ; then >> >>>> >> >> >> >> modprobe $MODULE $MODULE_OPTS > /dev/null >> >>>> >> >> fi >> >>>> >> >> fi >> >>>> + >> >> # Using /etc/mactab (may have been created >> >> from >> >>>> /etc/mactable.conf >> >>>> + >> >> # Process >> >> IF for active Media Access Control >> >>>> (Ethernet MAC) Address. >> >>>> + >> >> # Only process interfaces which DON'T have >> >> a :-_. >> >>>> (Colon/dash/underscore/dot) in them. >> >>>> + >> >> # >> >>>> + >> >> if [ -r /etc/mactab ]; then >> >>>> + >> >> if [ `expr index >> >> "$IF" ":-_."` == 0 ]; then >> >>>> + >> >> >> >> UseIFMac=`/bin/grep --ignore-case "^$IF" >> >>>> /etc/mactab` >> >>>> + >> >> >> >> /sbin/nameif -s $UseIFMac >> >>>> + >> >> fi >> >>>> + >> >> fi >> >>>> >> >>>> >> >>>> >> >> if [ "$WIRELESS" = "yes" ]; then >> >>>> >> >> setup_wireless >> >> $DEVICE >> >>>> >> >>>> The format for the optional configuration file >> >> "/etc/mactab" may be >> >>>> taken from my proposed "/etc/mactab.sample": >> >>>> >> >>>> #--- >> >> /etc/mactab.sample >> >>>> # >> >>>> # >> >> Example format for /etc/mactab. >> >>>> # >> >> Used by nameif to name network >> >> interfaces based on MAC >> >>>> addresses >> >>>> # >> >>>> eth0 >> >> 00:40:f4:b8:db:2f >> >>>> eth1 >> >> 00:40:f4:b8:db:2e >> >>>> eth2 >> >> 00:40:f4:b8:db:2d >> >>>> # >> >>>> #--- End >> >>>> >> >>>> I believe this implements standard functionality >> >> to control network >> >>>> interfaces names based on MAC addresses. >> >>>> >> >>>> If implemented, this would prevent udev shuffling >> >> interface names across >> >>>> a system reboot. >> >>>> >> >>>> The second part of the patch introduces new >> >> functionality with the >> >>>> specific aim to allow a single DL-etc-mods.tar.bz2 >> >> config to be moved >> >>>> onto a cold-standby unit, and automatically >> >> receive the correct >> >>>> (preconfigured) interface assignments. >> >>>> >> >>>> The patch is a follows: >> >>>> >> >>>> @@ -376,8 +387,16 @@ >> >>>> >> >> # if vlan tools are installed set vlan naming >> >> shema >> >>>> >> >> # >> >>>> >> >> test -x $VLAN && $VLAN set_name_type >> >>>> VLAN_PLUS_VID_NO_PAD &> /dev/null >> >>>> >> >>>> + >> >> # if /etc/mactable.conf is readable then >> >>>> + >> >> # extract >> >> lines for each available MAC Address we >> >>>> have >> >>>> + >> >> # and >> >> create/overwrite /etc/mactab >> >>>> + >> >> if [ -r /etc/mactable.conf ]; then >> >>>> + >> >> MacList=`/sbin/ip >> >> addr show | /bin/grep >> >>>> "link/ether" | /bin/sed "s#.*link\/ether \| brd >> >> #\|#ig" | /usr/bin/cut >> >>>> -f2 -d'|'` >> >>>> + >> >> /bin/grep -F >> >> "$MacList" /etc/mactable.conf | >> >>>> /usr/bin/cut -f-2 -d'|' | /bin/sed "s#|# #" >> >>> /etc/mactab >> >>>> + >> >> fi >> >>>> + >> >>>> >> >> # >> >>>> >> >> # physical interfaces are brought up first >> >>>> >> >> # >> >>>> >> >> for interface in $(cd ${CONFIG_DIR}; ls -1 >> >>>> ${CONFIG_FILE}* 2>/dev/null | sed \ >> >>>> >> >>>> The key here is the use of a new >> >> "/etc/mactable.conf " config file which >> >>>> is preconfigured with interface and MAC details >> >> for both the production >> >>>> and the standby hardware. >> >>>> >> >>>> Again, the format for the optional configuration >> >> file >> >>>> "/etc/mactable.conf" may be taken from my >> >> proposed >> >>>> "/etc/mactable.conf.sample": >> >>>> >> >>>> #--- >> >> /etc/mactable.conf.sample >> >>>> # >> >>>> # Interface >> >> name | MAC Address | Comment >> >>>> # >> >>>> >> >> eth0|00:40:f4:b8:db:2f| Gannet01 >> >> (Production fw) lan1 >> >>>> >> >> eth1|00:40:f4:b8:db:2e| Gannet01 >> >> (Production fw) lan2 >> >>>> >> >> eth2|00:40:f4:b8:db:2d| Gannet01 >> >> (Production fw) lan3 >> >>>> # >> >>>> >> >> eth0|00:30:18:49:5f:08| Gannet02 (Cold >> >> Standby fw) lan1 >> >>>> >> >> eth1|00:30:18:49:5f:07| Gannet02 (Cold >> >> Standby fw) lan2 >> >>>> >> >> eth2|00:30:18:49:5f:06| Gannet02 (Cold >> >> Standby fw) lan3 >> >>>> # >> >>>> >> >> eth0|00:11:85:10:be:f9| Hippopotamus >> >> (Development/testbed) eth0 >> >>>> >> >> eth1|00:10:5a:28:51:36| Hippopotamus >> >> (Development/testbed) eth1 >> >>>> >> >> eth2|00:50:04:3a:aa:5b| Hippopotamus >> >> (Development/testbed) eth2 >> >>>> # >> >>>> #--- End >> >>>> >> >>>> Here three systems have their interface and mac >> >> details catalogued. When >> >>>> the patched "/etc/init.d/network" file is run, it >> >> extracts mac-addresses >> >>>> from "/etc/mactable.conf " that match the >> >> physically identified >> >>>> interfaces, and repopulates "/etc/mactab" ready >> >> for nameif to use, but >> >>>> containing only details appropriate for (in the >> >> sample) "Gannet01", >> >>>> "Gannet02", or "Hippopotamus". >> >>>> >> >>>> If the first "/etc/mactab" patch is rejected, then >> >> the second >> >>>> "/etc/mactable.conf" automatically falls, as it >> >> depends on nameif being >> >>>> run against the newly created " /etc/mactab" >> >> file. >> >>>> >> >>>> This will, I believe, give Stefan [ma...@en...] >> >> the ability to >> >>>> have a replacement firewall on cold-standby. >> >>>> >> >>>> Much of the above code must be credited to my >> >> colleague Roy Barnard. >> >>>> >> >>>> Regards - Steve. >> >>>> >> >>>> Stephen H F Ralph >> >>>> Principal Computer Officer | Integration Team | >> >> ICT Services | Transform >> >>>> Sandwell >> >>>> Sandwell MBC | Freeth Street | Oldbury | West >> >> Midlands | B69 3DE >> >>>> Tel: 0121 569 3132 | Fax: 0121 569 3493 >> >>>> Email: ste...@sa... >> >> <mailto:ste...@sa...> >> >> >> ------------------------------------------------------------------- >> ----------- >> >> _______________________________________________ >> Devil-linux-develop mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-develop > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Devil-linux-develop mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-develop > -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ _______________________________________________ Devil-linux-develop mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-develop |