Commit 9fd95b1a authored by Mike Hibler's avatar Mike Hibler
Browse files

Add yet another route to jails: an interface route for the real control net.

Previously, if you accessed a phys node by its real IP address (155.101.132.N)
from inside a jail, it used the default route going to the router and back.
Now it will put it out directly on the control net.

The main reason for this is so that minibed vnodes can reach their boss and
ops nodes.  Vnodes in mini don't have a default route that works, so we needed
a way to get to boss/ops.

Note that gated will remove this route when it starts up.  Thus, vnodes will
revert to using the default route to get to the real control net.  On mainbed,
this will still work (hop through the router as before).  On mini, it won't
work at all.

Moral: don't use session routing and vnodes on mini.
parent cdd903cc
......@@ -15,6 +15,7 @@ then
echo $new_host_name > $BOOTDIR/realname
echo $new_routers > $BOOTDIR/routerip
echo $new_ip_address > $BOOTDIR/myip
echo $new_subnet_mask > $BOOTDIR/mynetmask
fi
#
......
......@@ -964,7 +964,7 @@ sub addroutestorc($rc)
open(RC, ">$rc") or
fatal("Could not open $rc to append static routes");
my $routerip = getcnetrouter();
my $routerip = getcnetrouter($USEVCNETROUTES);
my $hostip = `cat $BOOTDIR/myip`;
chomp($hostip);
......@@ -975,36 +975,41 @@ sub addroutestorc($rc)
print RC "route_default=\"default $routerip\"\n";
print RC "route_lo0=\"localhost -interface lo0\"\n";
print RC "route_host=\"$hostip localhost\"\n";
if ($IP ne $hostip) {
#
# Setup a route for all jails on this node, to the loopback.
#
print RC "static_routes=\"\$static_routes jailnet\"\n";
print RC "route_jailnet=\"-net $IP -interface lo0 255.255.255.0\"\n";
#
# All other jails are reachable via the control net interface.
#
print RC "static_routes=\"\$static_routes privnet\"\n";
print RC "route_privnet=\"-net $IP -interface $phys_cnet_if $IPMASK\"\n";
#
# If using the virtual control net for routes, also make sure that
# nodes are reachable with their real control net addresses directly.
#
if ($USEVCNETROUTES) {
print RC "static_routes=\"\$static_routes rcnet\"\n";
print RC "route_rcnet=\"-net $hostip -netmask " . getcnetmask(0) .
" -interface $phys_cnet_if\"\n";
}
}
#
# XXX I don't think this is really a virtual control net issue, but
# rather a gated issue. However, this is the only hook I have right now.
#
# This just in! It looks like whatever the gated problem was, it went
# away after fixing numerous other bugs. But I'll leave the conditional
# here for a little while just in case...
#
if (1 || !$USEVCNETROUTES) {
#
# Now a list of routes for each of the IPs the jail has access
# to. The idea here is to override the interface route such that
# traffic to the local interface goes through lo0 instead. This
# avoids going through traffic shaping when, say, pinging your own
# interface!
#
foreach my $ip (@jailips) {
print RC "static_routes=\"ip${count} \$static_routes\"\n";
print RC "route_ip${count}=\"$ip -interface lo0\"\n";
$count++;
}
# Now a list of routes for each of the IPs the jail has access
# to. The idea here is to override the interface route such that
# traffic to the local interface goes through lo0 instead. This
# avoids going through traffic shaping when, say, pinging your own
# interface!
#
foreach my $ip (@jailips) {
print RC "static_routes=\"ip${count} \$static_routes\"\n";
print RC "route_ip${count}=\"$ip -interface lo0\"\n";
$count++;
}
close(RC);
return 0;
......@@ -1134,11 +1139,13 @@ sub clearcnethostalias($)
}
}
sub getcnetrouter()
sub getcnetrouter($)
{
my ($usevcnet) = @_;
my $routerip;
if (!$USEVCNETROUTES) {
if (!$usevcnet) {
$routerip = `cat $BOOTDIR/routerip`;
chomp($routerip);
} else {
......@@ -1148,3 +1155,21 @@ sub getcnetrouter()
return $routerip;
}
sub getcnetmask($)
{
my ($usevcnet) = @_;
my $cnetmask = "255.255.255.0";
if (!$usevcnet) {
if (-e "$BOOTDIR/mynetmask") {
$cnetmask = `cat $BOOTDIR/mynetmask`;
chomp($cnetmask);
}
} else {
$cnetmask = $JAILCNETMASK;
}
return $cnetmask;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment