[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Break common network code in xen-network-common.sh, and common vif hotplugging
# HG changeset patch # User emellor@xxxxxxxxxxxxxxxxxxxxxx # Node ID 19af31a595377b48400441d8235ebbaff670e18a # Parent cefe36be8592090b4edb08060cca67a004c04617 Break common network code in xen-network-common.sh, and common vif hotplugging code into vif-common.sh. Fix the antispoofing in network-bridge to allow forwarding from physical device to bridge, and vif0.0 to eth0. Change the interface between netback driver and vif hotplugging scripts. The mac address and bridge details are read from the store directly by the script, so that the kernel driver does not need to get involved. Remove an awful lot of cruft from vif-bridge. Move the iptables handling into vif-common.sh, and fix it so that the new vif can get past the antispoofing entries. Merge vif-nat and vif-route into this structure too. Use ip instead of ifconfig to get necessary details. Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx> diff -r cefe36be8592 -r 19af31a59537 linux-2.6-xen-sparse/drivers/xen/netback/xenbus.c --- a/linux-2.6-xen-sparse/drivers/xen/netback/xenbus.c Fri Oct 21 11:04:30 2005 +++ b/linux-2.6-xen-sparse/drivers/xen/netback/xenbus.c Fri Oct 21 11:06:17 2005 @@ -161,33 +161,26 @@ static int netback_hotplug(struct xenbus_device *xdev, char **envp, int num_envp, char *buffer, int buffer_size) { - struct backend_info *be; - netif_t *netif; - char **key, *val; + struct backend_info *be = xdev->data; + netif_t *netif = be->netif; int i = 0, length = 0; - static char *env_vars[] = { "script", "domain", "mac", "bridge", "ip", - NULL }; - - be = xdev->data; - netif = be->netif; + + char *val = xenbus_read(NULL, xdev->nodename, "script", NULL); + if (IS_ERR(val)) { + int err = PTR_ERR(val); + xenbus_dev_error(xdev, err, "reading script"); + return err; + } + else { + add_hotplug_env_var(envp, num_envp, &i, + buffer, buffer_size, &length, + "script=%s", val); + kfree(val); + } add_hotplug_env_var(envp, num_envp, &i, buffer, buffer_size, &length, "vif=%s", netif->dev->name); - - key = env_vars; - while (*key != NULL) { - val = xenbus_read(NULL, xdev->nodename, *key, NULL); - if (!IS_ERR(val)) { - char buf[strlen(*key) + 4]; - sprintf(buf, "%s=%%s", *key); - add_hotplug_env_var(envp, num_envp, &i, - buffer, buffer_size, &length, - buf, val); - kfree(val); - } - key++; - } envp[i] = NULL; diff -r cefe36be8592 -r 19af31a59537 tools/examples/Makefile --- a/tools/examples/Makefile Fri Oct 21 11:04:30 2005 +++ b/tools/examples/Makefile Fri Oct 21 11:06:17 2005 @@ -24,7 +24,7 @@ XEN_SCRIPTS += network-nat vif-nat XEN_SCRIPTS += block XEN_SCRIPTS += block-enbd -XEN_SCRIPTS += xen-hotplug-common.sh +XEN_SCRIPTS += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_HOTPLUG_DIR = /etc/hotplug XEN_HOTPLUG_SCRIPTS = xen-backend.agent diff -r cefe36be8592 -r 19af31a59537 tools/examples/network-bridge --- a/tools/examples/network-bridge Fri Oct 21 11:04:30 2005 +++ b/tools/examples/network-bridge Fri Oct 21 11:06:17 2005 @@ -25,7 +25,7 @@ # higher value than its default of 1. # bridge The bridge to use (default xenbr${vifnum}). # netdev The interface to add to the bridge (default eth${vifnum}). -# antispoof Whether to use iptables to prevent spoofing (default yes). +# antispoof Whether to use iptables to prevent spoofing (default no). # # start: # Creates the bridge and enslaves netdev to it. @@ -42,16 +42,8 @@ # #============================================================================ -# Gentoo doesn't have ifup/ifdown: define appropriate alternatives -which ifup >& /dev/null -if [ "$?" != 0 -a -e /etc/conf.d/net ]; then - ifup() { - /etc/init.d/net.$1 start - } - ifdown() { - /etc/init.d/net.$1 stop - } -fi +dir=$(dirname "$0") +. "$dir/xen-network-common.sh" # Exit if anything goes wrong. set -e @@ -66,13 +58,11 @@ vifnum=${vifnum:-0} bridge=${bridge:-xenbr${vifnum}} netdev=${netdev:-eth${vifnum}} -antispoof=${antispoof:-yes} +antispoof=${antispoof:-no} pdev="p${netdev}" vdev="veth${vifnum}" vif0="vif0.${vifnum}" - -echo "*network $OP bridge=$bridge netdev=$netdev antispoof=$antispoof vifnum=$vifnum" >&2 legacy_mask_to_prefix() { mask=$1 @@ -178,15 +168,13 @@ fi } -# Usage: antispoofing dev bridge # Set the default forwarding policy for $dev to drop. # Allow forwarding to the bridge. antispoofing () { - local dev=$1 - local bridge=$2 - iptables -P FORWARD DROP - iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT + iptables -F FORWARD + iptables -A FORWARD -m physdev --physdev-in ${pdev} -j ACCEPT + iptables -A FORWARD -m physdev --physdev-in ${vif0} -j ACCEPT } # Usage: show_status dev bridge @@ -263,7 +251,7 @@ fi if [ ${antispoof} == 'yes' ] ; then - antispoofing ${netdev} ${bridge} + antispoofing fi } diff -r cefe36be8592 -r 19af31a59537 tools/examples/vif-bridge --- a/tools/examples/vif-bridge Fri Oct 21 11:04:30 2005 +++ b/tools/examples/vif-bridge Fri Oct 21 11:06:17 2005 @@ -3,22 +3,19 @@ # /etc/xen/vif-bridge # # Script for configuring a vif in bridged mode. -# Xend calls a vif script when bringing a vif up or down. -# This script is the default - but it can be configured for each vif. -# -# Example invocation: -# -# vif-bridge up domain=VM1 vif=vif1.0 bridge=xenbr0 ip="128.232.38.45/28 10.10.10.55/24" -# +# The hotplugging system will call this script if it is specified either in +# the device configuration given to Xend, or the default Xend configuration +# in /etc/xen/xend-config.sxp. If the script is specified in neither of those +# places, then this script is the default. # # Usage: -# vif-bridge (up|down) {VAR=VAL}* +# vif-bridge (up|down) # -# Vars: +# Environment vars: +# vif vif interface name (required). +# XENBUS_PATH path to this device's details in the XenStore (required). # -# domain name of the domain the interface is on (required). -# vif vif interface name (required). -# mac vif MAC address (required). +# Read from the store: # bridge bridge to add the vif to (required). # ip list of IP networks for the vif, space-separated (optional). # @@ -32,60 +29,29 @@ #============================================================================ dir=$(dirname "$0") -. "$dir/xen-hotplug-common.sh" +. "$dir/vif-common.sh" -# Operation name. -OP=$1 -shift +bridge=$(xenstore_read "$XENBUS_PATH/bridge") -# Pull variables in args into environment -for arg ; do export "${arg}" ; done +case "$command" in + up) + if brctl show "$bridge" | grep "$vif" >&/dev/null + then + log debug "$vif already attached to $bridge" + exit 0 + fi -# Required parameters. Fail if not set. -domain=${domain:?} -vif=${vif:?} -mac=${mac:?} -bridge=${bridge:?} + brctl addif "$bridge" "$vif" || + fatal "brctl addif $bridge $vif failed" -# Optional parameters. Set defaults. -ip=${ip:-''} # default to null (do nothing) - -# Are we going up or down? -case $OP in - up) - brcmd='addif' - iptcmd='-A' + ifconfig "$vif" up || fatal "ifconfig $vif up failed" ;; down) - brcmd='delif' - iptcmd='-D' - ;; - *) - echo 'Invalid command: ' $OP >&2 - echo 'Valid commands are: up, down' >&2 - exit 1 + # vifs are auto-removed from bridge. + ifconfig "$vif" down || fatal "ifconfig $vif down failed" ;; esac -# Don't do anything if the bridge is "null". -if [ "${bridge}" == "null" ] ; then - exit -fi +handle_iptable -# Add vif to bridge. vifs are auto-removed from bridge. -if [ "${brcmd}" == "addif" ] ; then - brctl ${brcmd} ${bridge} ${vif} -fi -ifconfig ${vif} $OP - -if [ "${ip}" ] ; then - - # If we've been given a list of IP networks, allow pkts with these src addrs. - for addr in ${ip} ; do - iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -s ${addr} -j ACCEPT - done - - # Always allow us to talk to a DHCP server anyhow. - iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -p udp --sport 68 --dport 67 -j ACCEPT -fi - +log debug "vif-bridge operation for $vif successful." diff -r cefe36be8592 -r 19af31a59537 tools/examples/vif-nat --- a/tools/examples/vif-nat Fri Oct 21 11:04:30 2005 +++ b/tools/examples/vif-nat Fri Oct 21 11:06:17 2005 @@ -3,40 +3,30 @@ # /etc/xen/vif-nat # # Script for configuring a vif in routed-nat mode. -# Xend calls a vif script when bringing a vif up or down. -# This script is the default - but it can be configured for each vif. -# -# Example invocation: -# -# vif-nat up domain=VM1 vif=vif1.0 ip="192.168.0.10/31" +# The hotplugging system will call this script if it is specified either in +# the device configuration given to Xend, or the default Xend configuration +# in /etc/xen/xend-config.sxp. If the script is specified in neither of those +# places, then vif-bridge is the default. # # Usage: -# vif-nat (up|down) {VAR=VAL}* +# vif-nat (up|down) # -# Vars: +# Environment vars: +# vif vif interface name (required). +# XENBUS_PATH path to this device's details in the XenStore (required). # -# domain name of the domain the interface is on (required). -# vif vif interface name (required). -# ip list of IP networks for the vif, space-separated (required). +# Read from the store: +# ip list of IP networks for the vif, space-separated (default given in +# this script). #============================================================================ -# Exit if anything goes wrong -set -e -export PATH=/sbin:/bin:/usr/bin:/usr/sbin:$PATH +dir=$(dirname "$0") +. "$dir/vif-common.sh" -# Operation name. -OP=$1 -shift - -# Pull variables in args into environment -for arg ; do export "${arg}" ; done - -# Required parameters. Fail if not set. -domain=${domain:?} -vif=${vif:?} -ip=${ip:-'169.254.1.1/24'} #if not defined, give a default address - -echo "*vif-nat $OP domain=$domain vif=$vif ip=$ip" >&2 +if [ "$ip" == "" ] +then + ip='169.254.1.1/24' +fi #determine ip address and netmask vif_ip=`echo ${ip} | awk -F/ '{print $1}'` @@ -47,27 +37,20 @@ netmask=$netmask.$(( (($intmask & 0x0000FF00)) >> 8 )) netmask=$netmask.$(( $intmask & 0x000000FF )) -main_ip=`ifconfig eth0 | grep "inet addr:" | sed -e 's/.*inet addr:\(\w\w*\.\w\w*\.\w\w*\.\w\w*\).*/\1/'` +main_ip=$(ip addr show eth0 | sed -e '/inet /!d;s/^.*inet \([^\s*]\)\s.*$/\1/') -# Are we going up or down? -case $OP in +case "$command" in up) ifconfig ${vif} ${vif_ip} netmask ${netmask} up echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp - iptcmd='-A' ipcmd='a' ;; down) ifconfig ${vif} down - iptcmd='-D' ipcmd='d' - ;; - *) - echo 'Invalid command: ' $OP >&2 - echo 'Valid commands are: up, down' >&2 - exit 1 ;; esac ip r ${ipcmd} ${ip} dev ${vif} src ${main_ip} -# iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -p udp --sport 68 --dport 67 -j ACCEPT + +handle_iptable() diff -r cefe36be8592 -r 19af31a59537 tools/examples/vif-route --- a/tools/examples/vif-route Fri Oct 21 11:04:30 2005 +++ b/tools/examples/vif-route Fri Oct 21 11:06:17 2005 @@ -3,74 +3,46 @@ # /etc/xen/vif-route # # Script for configuring a vif in routed mode. -# Xend calls a vif script when bringing a vif up or down. -# This script is the default - but it can be configured for each vif. -# -# Example invocation: -# -# vif-route up domain=VM1 vif=vif1.0 ip="128.232.38.45/28 10.10.10.55/24" +# The hotplugging system will call this script if it is specified either in +# the device configuration given to Xend, or the default Xend configuration +# in /etc/xen/xend-config.sxp. If the script is specified in neither of those +# places, then vif-bridge is the default. # # Usage: -# vif-route (up|down) {VAR=VAL}* +# vif-route (up|down) # -# Vars: +# Environment vars: +# vif vif interface name (required). +# XENBUS_PATH path to this device's details in the XenStore (required). # -# domain name of the domain the interface is on (required). -# vif vif interface name (required). -# mac vif MAC address (required). -# ip list of IP networks for the vif, space-separated (optional). +# Read from the store: +# ip list of IP networks for the vif, space-separated (default given in +# this script). #============================================================================ -# Exit if anything goes wrong -set -e -export PATH=/sbin:/bin:/usr/bin:/usr/sbin:$PATH -echo "*vif-route $*" >&2 +dir=$(dirname "$0") +. "$dir/vif-common.sh" -# Operation name. -OP=$1 -shift +main_ip=$(ip addr show eth0 | sed -e '/inet /!d;s/^.*inet \([^\s*]\)\s.*$/\1/') -# Pull variables in args into environment -for arg ; do export "${arg}" ; done - -# Required parameters. Fail if not set. -domain=${domain:?} -vif=${vif:?} -mac=${mac:?} - -# Optional parameters. Set defaults. -ip=${ip:-''} # default to null (do nothing) - -main_ip=`ifconfig eth0 | grep "inet addr:" | sed -e 's/.*inet addr:\(\w\w*\.\w\w*\.\w\w*\.\w\w*\).*/\1/'` - -# Are we going up or down? -case $OP in +case "$command" in up) - ifconfig ${vif} 169.254.1.0 netmask 255.255.255.255 up + ifconfig ${vif} ${main_ip} netmask 255.255.255.255 up echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp - iptcmd='-A' ipcmd='a' ;; down) - ifconfig ${vif} down - iptcmd='-D' + ifdown ${vif} ipcmd='d' - ;; - *) - echo 'Invalid command: ' $OP >&2 - echo 'Valid commands are: up, down' >&2 - exit 1 ;; esac if [ "${ip}" ] ; then - - # If we've been given a list of IP networks, allow pkts with these src addrs. + # If we've been given a list of IP addresses, then add routes from dom0 to + # the guest using those addresses. for addr in ${ip} ; do ip r ${ipcmd} ${addr} dev ${vif} src ${main_ip} -# iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -s ${addr} -j ACCEPT done +fi - # Always allow us to talk to a DHCP server anyhow. -# iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -p udp --sport 68 --dport 67 -j ACCEPT -fi +handle_iptable() diff -r cefe36be8592 -r 19af31a59537 tools/examples/xen-hotplug-common.sh --- a/tools/examples/xen-hotplug-common.sh Fri Oct 21 11:04:30 2005 +++ b/tools/examples/xen-hotplug-common.sh Fri Oct 21 11:06:17 2005 @@ -10,19 +10,20 @@ logger -p "daemon.$level" -- "$0:" "$@" || echo "$0 $@" >&2 } +fatal() { + log err "$@" + exit 1 +} + xenstore_read() { local v=$(xenstore-read "$@" || true) - if [ "$v" == "" ] - then - log error "xenstore-read $@ failed." - exit 1 - fi + [ "$v" != "" ] || fatal "xenstore-read $@ failed." echo "$v" } xenstore_write() { log debug "Writing $@ to xenstore." - xenstore-write "$@" || log error "Writing $@ to xenstore failed." + xenstore-write "$@" || log err "Writing $@ to xenstore failed." } log debug "$@" "XENBUS_PATH=$XENBUS_PATH" diff -r cefe36be8592 -r 19af31a59537 tools/examples/vif-common.sh --- /dev/null Fri Oct 21 11:04:30 2005 +++ b/tools/examples/vif-common.sh Fri Oct 21 11:06:17 2005 @@ -0,0 +1,74 @@ +# +# Copyright (c) 2005 XenSource Ltd. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + + +dir=$(dirname "$0") +. "$dir/xen-hotplug-common.sh" +. "$dir/xen-network-common.sh" + +command="$1" + +if [ "$command" != "up" ] && [ "$command" != "down" ] +then + log err "Invalid command: $command" + exit 1 +fi + + +XENBUS_PATH="${XENBUS_PATH:?}" +vif="${vif:?}" + +ip=$(xenstore-read "$XENBUS_PATH/ip" >&/dev/null || true) + + +function frob_iptable() +{ + if [ "$command" == "up" ] + then + local c="-A" + else + local c="-D" + fi + + iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT +} + + +## +# Add or remove the appropriate entries in the iptables. With antispoofing +# turned on, we have to explicitly allow packets to the interface, regardless +# of the ip setting. If ip is set, then we additionally restrict the packets +# to those coming from the specified networks, though we allow DHCP requests +# as well. +# +function handle_iptable() +{ + if [ "$ip" != "" ] + then + local addr + for addr in "$ip" + do + frob_iptable -s "$addr" + done + + # Always allow the domain to talk to a DHCP server. + frob_iptable -p udp --sport 68 --dport 67 + else + # No IP addresses have been specified, so allow anything. + frob_iptable + fi +} diff -r cefe36be8592 -r 19af31a59537 tools/examples/xen-network-common.sh --- /dev/null Fri Oct 21 11:04:30 2005 +++ b/tools/examples/xen-network-common.sh Fri Oct 21 11:06:17 2005 @@ -0,0 +1,37 @@ +# +# Copyright (c) 2005 XenSource Ltd. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + + +# Gentoo doesn't have ifup/ifdown: define appropriate alternatives +if ! which ifup >&/dev/null +then + if [ -e /etc/conf.d/net ] + then + ifup() + { + /etc/init.d/net.$1 start + } + ifdown() + { + /etc/init.d/net.$1 stop + } + else + logger -p "daemon.crit" -- \ + "You don't have ifup and don't seem to be running Gentoo either!" + exit 1 + fi +fi _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |