code.grnet.gr Git - snf-network/blob - vif-custom

   1 #!/bin/bash
   2
   3
   4 dir=$(dirname "$0")
   5 . "$dir"/vif-common.sh
   6
   7 # taken from older vif-common.sh
   8 dev=$vif
   9 dev_=${dev#vif}
  10 domid=${dev_%.*}
  11 devid=${dev_#*.}
  12 domname=$(xm domname $domid)
  13
  14 source /etc/default/snf-network
  15 source /usr/lib/snf-network/common.sh
  16 source $GANETI_NIC_DIR/$domname/$devid
  17
  18 INTERFACE=$dev
  19 INSTANCE=$domname
  20
  21 FROM=FROM${INTERFACE^^}
  22 TO=TO${INTERFACE^^}
  23
  24
  25 try clear_routed_setup_ipv4
  26 try clear_routed_setup_ipv6
  27 try clear_routed_setup_firewall
  28 try clear_ebtables
  29 try clear_nfdhcpd
  30
  31 if [ "$MODE" = "routed" ]; then
  32   TABLE=$LINK
  33   ip link set $INTERFACE up
  34   success
  35   INDEV=$INTERFACE
  36   DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
  37 elif [ "$MODE" = "bridged" ]; then
  38   ip link set $INTERFACE up
  39   BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")
  40   brctl addif $BRIDGE $INTERFACE
  41   success
  42   INDEV=$BRIDGE
  43   try init_ebtables
  44   DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
  45 fi
  46
  47
  48 for tag in $NETWORK_TAGS; do
  49   case $tag in
  50   $IP_LESS_ROUTED_TAG)
  51     try routed_setup_ipv4
  52     try routed_setup_ipv6
  53     try routed_setup_firewall
  54   ;;
  55   $NFDHCPD_TAG)
  56     # Drop unicast BOOTP/DHCP packets
  57     $DROPDHCPREQCMD
  58     try setup_nfdhcpd
  59   ;;
  60   $MAC_FILTERED_TAG)
  61     try setup_ebtables
  62   ;;
  63   $MASQ_TAG)
  64     try setup_masq
  65   ;;
  66   esac
  67 done