[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Prevent vif-bridge from adding user-created tap interfaces to a bridge

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Jim Fehlig <jfehlig@xxxxxxxx>
Date: Tue, 25 Oct 2011 16:34:21 -0600
Delivery-date: Thu, 27 Oct 2011 04:49:27 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

I received a report that vif-bridge adds any tap interface to a bridge,
regardless if xen is running and who created the tap interface.  E.g.

# tunctl -p -t tap42

will cause vif-bridge to be executed as per the following rule in
xen-backend.rules

SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add",
RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"

I'm not sure how to improve the rule to prevent execution of vif-setup
in this case.  But it seems better to handle it in vif-bridge anyhow, by
not connecting the interface to a bridge if there is no corresponding
info in xenstore.  Something along the lines of the attached quick
patch.  Comments?

Thanks!
Jim

# HG changeset patch
# User Jim Fehlig <jfehlig@xxxxxxxxxx>
# Date 1319581952 21600
# Node ID 74da2a3a1db1476d627f42e4a99e9e720cc6774d
# Parent  6c583d35d76dda2236c81d9437ff9d57ab02c006
Prevent vif-bridge from adding user-created tap interfaces to a bridge

Exit vif-bridge script if there is no device info in xenstore, preventing
it from adding user-created taps to bridges.

    Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>

diff -r 6c583d35d76d -r 74da2a3a1db1 tools/hotplug/Linux/vif-bridge
--- a/tools/hotplug/Linux/vif-bridge    Thu Oct 20 15:36:01 2011 +0100
+++ b/tools/hotplug/Linux/vif-bridge    Tue Oct 25 16:32:32 2011 -0600
@@ -31,6 +31,13 @@
 
 dir=$(dirname "$0")
 . "$dir/vif-common.sh"
+
+domu=$(xenstore_read_default "$XENBUS_PATH/domain" "")
+if [ -z "$domu" ]
+then
+    log debug "No device details in $XENBUS_PATH, exiting."
+    exit 0
+fi
 
 bridge=${bridge:-}
 bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] Prevent vif-bridge from adding user-created tap interfaces to a bridge
  - From: Ian Jackson

Prev by Date: [Xen-devel] Re: [PATCH RFC V2 5/5] kvm guest : pv-ticketlocks support for linux guests running on KVM hypervisor
Next by Date: [Xen-devel] Re: [PATCH RFC V2 5/5] kvm guest : pv-ticketlocks support for linux guests running on KVM hypervisor
Previous by thread: [Xen-devel] [PATCH 0 of 7] libxl: make spawn interface more generic
Next by thread: Re: [Xen-devel] Prevent vif-bridge from adding user-created tap interfaces to a bridge
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.