"Fossies" - the Fresh Open Source Software Archive

Member "octavia-8.0.0/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh" (14 Apr 2021, 3570 Bytes) of package /linux/misc/openstack/octavia-8.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/bash
    2 #
    3 # Copyright 2020 Red Hat, Inc. All rights reserved.
    4 #
    5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    6 # not use this file except in compliance with the License. You may obtain
    7 # a copy of the License at
    8 #
    9 #   http://www.apache.org/licenses/LICENSE-2.0
   10 #
   11 # Unless required by applicable law or agreed to in writing, software
   12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   14 # License for the specific language governing permissions and limitations
   15 # under the License.
   16 #
   17 
   18 set -e
   19 
   20 usage() {
   21     echo
   22     echo "Usage: $(basename "$0") [add|delete] [ipv4|ipv6] <interface>"
   23     echo
   24     exit 1
   25 }
   26 
   27 if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then
   28     usage
   29 fi
   30 
   31 if [ "$1" == "add" ]; then
   32 
   33     if [ -x "$(sudo bash -c 'command -v nft')" ]; then
   34         # Note: inet for nat requires a 5.2 or newer kernel.
   35         if [ "$2" == "ipv4" ]; then
   36             nft add table ip octavia-ipv4
   37             nft add chain ip octavia-ipv4 ip-udp-masq { type nat hook postrouting priority 100\;}
   38             nft add rule ip octavia-ipv4 ip-udp-masq oifname "$3" meta l4proto udp masquerade
   39             nft add chain ip octavia-ipv4 ip-sctp-masq { type nat hook postrouting priority 100\;}
   40             nft add rule ip octavia-ipv4 ip-sctp-masq oifname "$3" meta l4proto sctp masquerade
   41         elif [ "$2" == "ipv6" ]; then
   42             nft add table ip6 octavia-ipv6
   43             nft add chain ip6 octavia-ipv6 ip6-udp-masq { type nat hook postrouting priority 100\;}
   44             nft add rule ip6 octavia-ipv6 ip6-udp-masq oifname "$3" meta l4proto udp masquerade
   45             nft add chain ip6 octavia-ipv6 ip6-sctp-masq { type nat hook postrouting priority 100\;}
   46             nft add rule ip6 octavia-ipv6 ip6-sctp-masq oifname "$3" meta l4proto sctp masquerade
   47         else
   48             usage
   49         fi
   50 
   51     else # nft not found, fall back to iptables
   52         if [ "$2" == "ipv4" ]; then
   53             /sbin/iptables -t nat -A POSTROUTING -p udp -o $3 -j MASQUERADE
   54             /sbin/iptables -t nat -A POSTROUTING -p sctp -o $3 -j MASQUERADE
   55         elif [ "$2" == "ipv6" ]; then
   56             /sbin/ip6tables -t nat -A POSTROUTING -p udp -o $3 -j MASQUERADE
   57             /sbin/ip6tables -t nat -A POSTROUTING -p sctp -o $3 -j MASQUERADE
   58         else
   59             usage
   60         fi
   61     fi
   62 
   63 elif [ "$1" == "delete" ]; then
   64 
   65     if [ -x "$(sudo bash -c 'command -v nft')" ]; then
   66         if [ "$2" == "ipv4" ]; then
   67             nft flush chain ip octavia-ipv4 ip-udp-masq
   68             nft delete chain ip octavia-ipv4 ip-udp-masq
   69             nft flush chain ip octavia-ipv4 ip-sctp-masq
   70             nft delete chain ip octavia-ipv4 ip-sctp-masq
   71         elif [ "$2" == "ipv6" ]; then
   72             nft flush chain ip6 octavia-ipv6 ip-udp-masq
   73             nft delete chain ip6 octavia-ipv6 ip-udp-masq
   74             nft flush chain ip6 octavia-ipv6 ip-sctp-masq
   75             nft delete chain ip6 octavia-ipv6 ip-sctp-masq
   76         else
   77             usage
   78         fi
   79 
   80     else # nft not found, fall back to iptables
   81         if [ "$2" == "ipv4" ]; then
   82             /sbin/iptables -t nat -D POSTROUTING -p udp -o $3 -j MASQUERADE
   83             /sbin/iptables -t nat -D POSTROUTING -p sctp -o $3 -j MASQUERADE
   84         elif [ "$2" == "ipv6" ]; then
   85             /sbin/ip6tables -t nat -D POSTROUTING -p udp -o $3 -j MASQUERADE
   86             /sbin/ip6tables -t nat -D POSTROUTING -p sctp -o $3 -j MASQUERADE
   87         else
   88             usage
   89         fi
   90     fi
   91 else
   92     usage
   93 fi