CFEngine: getting network interfaces flags
Just merged into master branch, the new sys.interface_flags[interface_name] variable allows to get the device flags of a network interface by its name.
Supported devices flags follows: (from netdevice(7) manpage)
| Name |
Description |
sys.interface_flags[] value |
| IFF_UP |
Interface is running |
up |
| IFF_BROADCAST |
Valid broadcast address set |
broadcast |
| IFF_DEBUG |
Internal debugging flag |
debug |
| IFF_LOOPBACK |
Interface is a loopback interface |
loopback |
| IFF_POINTOPOINT |
Interface is a point-to-point link |
pointopoint |
| IFF_NOTRAILERS |
Avoid use of trailers |
notrailers |
| IFF_RUNNING |
Resources allocated |
running |
| IFF_NOARP |
No arp protocol, L2 destination address not set |
noarp |
| IFF_PROMISC |
Interface is in promiscuous mode |
promisc |
| IFF_ALLMULTI |
Receive all multicast packets |
allmulti |
| IFF_MULTICAST |
Supports multicast |
multicast |
sys.interface_flags[interface_name] is a space-separated string of all active flags (3rd column of the table above)
Example of use:
1
2
3
4
5
6
7
8
9
10
11
12
|
body common control {
bundlesequence => { "flags" };
}
bundle agent flags {
vars:
"if" slist => { "@(sys.interfaces)"};
reports:
"interface: $(if) flags: $(sys.interface_flags[$(if)])";
}
|
Network settings:
1
2
3
4
5
6
|
# ip link show|grep "^[0-9]"
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
|
Running the bundle:
1
2
3
4
5
6
|
# cf-agent -KIf ~/.cfagent/inputs/flags.cf
Running full policy integrity checks
R: interface: eth0 flags: up broadcast running multicast
R: interface: eth1 flags: broadcast multicast
R: interface: eth2 flags: broadcast multicast
R: interface: eth3 flags: broadcast multicast
|
Tuning some flags…
1
2
3
|
# ip link set eth1 arp off
# ip link set eth2 multicast off
# ip link set eth3 promisc on
|
And running again the bundle:
1
2
3
4
5
6
|
# cf-agent -KIf ~/.cfagent/inputs/flags.cf
Running full policy integrity checks
R: interface: eth0 flags: up broadcast running multicast
R: interface: eth1 flags: broadcast noarp multicast
R: interface: eth2 flags: broadcast
R: interface: eth3 flags: broadcast promisc multicast
|