tech-net: Re: rc.d script for adding static ARP entries

Subject: Re: rc.d script for adding static ARP entries
To: Brian Ginsbach <ginsbach@netbsd.org>
From: Geert Hendrickx <geert.hendrickx@ua.ac.be>
List: tech-net
Date: 08/25/2005 13:18:40
--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Aug 23, 2005 at 09:51:41PM +0000, Brian Ginsbach wrote:
> On Tue, Aug 23, 2005 at 08:23:49PM +0200, Geert Hendrickx wrote:
> > On Tue, Aug 23, 2005 at 07:08:36PM +0200, Matthias Drochner wrote:
> > > 
> > > geert.hendrickx@ua.ac.be said:
> > > > add static ARP entries, listed in /etc/arp.conf
> > > 
> > > I'd prefer a slightly more expensive solution: Have only the IP
> > > addresses in /etc/arp.conf and look up the IP-ether pairs in
> > > /etc/ethers. This avoids duplication of information, and it would
> > > allow to have the /etc/ethers database distributed network- wide, eg.
> > > per LDAP. (security considerations aside, but there are means to
> > > authenticate)
> > > Something like
> > > while read ip; do
> > > 	arp -s $ip `getent ethers $ip`
> > > done
> > > 
> > > Just needs "getent" to handle "ethers".
> > 
> > I concur that this is a good idea.  But I'm not a C coder.  Can anyone
> > hack /etc/ethers support into getent?  And could all this be checked in
> > before 3.0 is released?  
> 
> I've just hacked up ga version of getent with ethers support added.  I'll
> see about getting it committed.  I think it should be possible to get
> this in before 3.0 provided I do all the pullup requests...

Here is an adapted staticroute script.  Using getent, it is now also
possible to have staticroute_stop, clearing the ARP entries matching the
IP's listing in /etc/arp.conf.  This way, "staticarp restart" doesn't print
any "File exists" warnings.  (Without using getent, we could only do "arp
-d -a", or nothing, on staticroute_stop.)

One remark though: using getent with /etc/ethers, it is no longer possible
to use two other flags supported by arp -f: temp and pub.  (Though I'm not
sure whether they're very useful.)

GH

--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=staticarp

#!/bin/sh
#
# $NetBSD$
#

# PROVIDE: staticarp
# REQUIRE: NETWORKING mountcritremote
# BEFORE: SERVERS

. /etc/rc.subr

name="staticarp"
rcvar="staticarp"
conf_file="/etc/arp.conf"
required_files="${conf_file} /etc/ethers"
stop_cmd="staticarp_stop"
start_cmd="staticarp_start"

staticarp_start()
{
	echo "Adding static ARP entries."
	cat $conf_file | \
	while read ip; do
		arp -s $ip `getent ethers $ip`
	done
	return 0
}

staticarp_stop()
{
	echo "Removing static ARP entries."
	cat $conf_file | \
	while read ip; do
		arp -d $ip
	done
	return 0
}

load_rc_config $name
run_rc_command "$1"

--DocE+STaALJfprDB--