CFEngine: getting network interfaces flags
  2013-04-20

Just merged into master branch, the new sys.interface_flags[interface_name] variable allows to get the device flags of a network interface by its name.

Supported devices flags follows: (from netdevice(7) manpage)

Name Description sys.interface_flags[] value
IFF_UP Interface is running up
IFF_BROADCAST Valid broadcast address set broadcast
IFF_DEBUG Internal debugging flag debug
IFF_LOOPBACK Interface is a loopback interface loopback
IFF_POINTOPOINT Interface is a point-to-point link pointopoint
IFF_NOTRAILERS Avoid use of trailers notrailers
IFF_RUNNING Resources allocated running
IFF_NOARP No arp protocol, L2 destination address not set noarp
IFF_PROMISC Interface is in promiscuous mode promisc
IFF_ALLMULTI Receive all multicast packets allmulti
IFF_MULTICAST Supports multicast multicast

sys.interface_flags[interface_name] is a space-separated string of all active flags (3rd column of the table above)

Example of use:

body common control { bundlesequence => { "flags" }; } bundle agent flags { vars: "if" slist => { "@(sys.interfaces)"}; reports: "interface: $(if) flags: $(sys.interface_flags[$(if)])"; }

Network settings:

# ip link show|grep "^[0-9]"
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000

Running the bundle:

# cf-agent -KIf ~/.cfagent/inputs/flags.cf
Running full policy integrity checks
R: interface: eth0 flags: up broadcast running multicast
R: interface: eth1 flags: broadcast multicast
R: interface: eth2 flags: broadcast multicast
R: interface: eth3 flags: broadcast multicast

Tuning some flags…

# ip link set eth1 arp off
# ip link set eth2 multicast off
# ip link set eth3 promisc on

And running again the bundle:

# cf-agent -KIf ~/.cfagent/inputs/flags.cf
Running full policy integrity checks
R: interface: eth0 flags: up broadcast running multicast
R: interface: eth1 flags: broadcast noarp multicast
R: interface: eth2 flags: broadcast
R: interface: eth3 flags: broadcast promisc multicast