all the python scripts are for python2, and fedora31 requires to be specific

[vsys-scripts.git] / root-context / exec / vif_up

diff --git a/root-context/exec/vif_up b/root-context/exec/vif_up
index 33cbb22..4e50cab 100755 (executable)
--- a/root-context/exec/vif_up
+++ b/root-context/exec/vif_up
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python2
 # VSYS script to configure per-slice virtual network interfaces from the root slice
 #   Thom Haddow - 06/10/09
 #
@@ -12,6 +12,7 @@
 # Options:
 #   - pointopoint=IP: other endpoint's (private) IP (sets routing)
 #   - snat=1: enables SNAT ip rules
+#   - dropkern=1: drops RST packets generated by the kernel
 #   - txqueuelen=N: sets TX queue
 #   - gre=<> : enable GRE tunnelling - several formats supported
 #   -   gre=true|yes|name : computes GRE key as a hash of slice name (so it's valid across federations)
@@ -19,6 +20,7 @@
 #   -   gre=somestring    : computes GRE key as a hash of the provided string
 #   -   gre=somekey       : use the provided key as is
 #   - remote=IP : when using GRE, the (public) IP for the remote endpoint
+#   - mtu=N  : set the MTU for the device
 
 import sys
 import pwd
@@ -114,11 +116,12 @@ if vmask<mask:
 opt_txqueuelen = None
 opt_rp_filter = None
 opt_snat = None
+opt_dropkern = None
 opt_ovs_dp = None
 opt_pointopoint = None
 opt_gre = None
 opt_gre_remote = None
-
+opt_mtu = None
 
 for optionline in options:
     if len(optionline)==0: continue
@@ -147,6 +150,10 @@ for optionline in options:
         intval = int(val)
         if val=="1":
             opt_snat = True
+    elif opt=="dropkern":
+        intval = int(val)
+        if val=="1":
+            opt_dropkern = True
     elif opt=="pointopoint":
         opt_pointopoint = val.strip()
         try:
@@ -166,6 +173,12 @@ for optionline in options:
         except socket.error,e:
             print >>sys.stderr, "could not parse remote: %s" % (e,)
             sys.exit(1)
+    elif opt=="mtu":
+        intval = int(val)
+        if intval<1:
+            print >>sys.stderr, "MTU value %s out of range" % (val)
+            sys.exit(1)
+        opt_mtu = intval
     else:
         print >>sys.stderr, "Unknown option: \"%s\"" % (opt)
         sys.exit(1)
@@ -217,6 +230,8 @@ if opt_txqueuelen is not None:
     cmd_ifconfig += " txqueuelen %d" % (opt_txqueuelen,)
 if opt_pointopoint is not None:
     cmd_ifconfig += " pointopoint %s" % (opt_pointopoint,)
+if opt_mtu is not None:
+    cmd_ifconfig += " mtu %d" % (opt_mtu,)
 
 # Add iptables rules (Clearing old ones first, if they exist)
 cmd_iptables_in = "/sbin/iptables -A INPUT -i %s -m mark -m state --state NEW ! --mark %d -j DROP" % (vif, sliceid)
@@ -230,6 +245,8 @@ public_src = os.popen("ifconfig | grep $(ip route | grep default | awk '{print $
 cmd_iptables_pr = "/sbin/iptables -t nat -A POSTROUTING -s %s/%d -j SNAT --to-source %s --random" % (vip, vmask, public_src)
 cmd_iptables_del_pr = "/sbin/iptables -t nat -D POSTROUTING -s %s/%d -j SNAT --to-source %s --random > /dev/null 2>&1" % (vip, vmask, public_src)
 
+cmd_iptables_dk = "/sbin/iptables -I OUTPUT -p tcp -s %s/%d --tcp-flags RST RST -j DROP"%(vip,vmask)
+cmd_iptables_del_dk = "/sbin/iptables -D OUTPUT -p tcp -s %s/%d --tcp-flags RST RST -j DROP > /dev/null 2>&1"%(vip,vmask)
 
 if opt_gre:
     cmd_gre_setup = "modprobe ip_gre ; ip link add %s type %s remote %s local %s ttl 64 csum key %s" % (
@@ -253,6 +270,10 @@ os.system(cmd_iptables_del_pr)
 if (opt_snat):
     os.system(cmd_iptables_pr)
 
+os.system(cmd_iptables_del_dk)
+if (opt_snat):
+    os.system(cmd_iptables_dk)
+
 # Process additional options
 if opt_rp_filter is not None:
     rp_cmd = "/sbin/sysctl net.ipv4.conf.%s.rp_filter=%s" % (vif, opt_rp_filter)