projects / snf-network / blob
? search:


6f9be4fe77a53d1d602a446fcda46f44d38c9936
[snf-network] / vif-custom
1 #!/bin/bash
2
3
4 dir=$(dirname "$0")
5 . "$dir"/vif-common.sh
6
7 # taken from older vif-common.sh
8 dev=$vif
9 dev_=${dev#vif}
10 domid=${dev_%.*}
11 devid=${dev_#*.}
12 domname=$(xm domname $domid)
13
14 source /etc/default/snf-network
15 source /usr/lib/snf-network/common.sh
16 source $GANETI_NIC_DIR/$domname/$devid
17
18 INTERFACE=$dev
19 INSTANCE=$domname
20
21 FROM=FROM${INTERFACE^^}
22 TO=TO${INTERFACE^^}
23
24
25 try clear_routed_setup_ipv4
26 try clear_routed_setup_ipv6
27 try clear_routed_setup_firewall
28 try clear_ebtables
29 try clear_nfdhcpd
30
31 if [ "$MODE" = "routed" ]; then
32   TABLE=$LINK
33   ip link set $INTERFACE up
34   success
35   INDEV=$INTERFACE
36   DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
37 elif [ "$MODE" = "bridged" ]; then
38   ip link set $INTERFACE up
39   BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")
40   brctl addif $BRIDGE $INTERFACE
41   success
42   INDEV=$BRIDGE
43   try init_ebtables
44   # nfdhcpd creates responses with src mac the mac of indec
45   INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
46   DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
47 fi
48
49
50 for tag in $NETWORK_TAGS; do
51   case $tag in
52   $IP_LESS_ROUTED_TAG)
53     try routed_setup_ipv4
54     try routed_setup_ipv6
55     try routed_setup_firewall
56   ;;
57   $NFDHCPD_TAG)
58     # Drop unicast BOOTP/DHCP packets
59     $DROPDHCPREQCMD
60     try setup_nfdhcpd
61   ;;
62   $MAC_FILTERED_TAG)
63     try setup_ebtables
64   ;;
65   $MASQ_TAG)
66     try setup_masq
67   ;;
68   esac
69 done
Unnamed repository; edit this file 'description' to name the repository.