From b0a87613ef7a597726bcd219062dc945ffbacbce Mon Sep 17 00:00:00 2001
From: Dimitris Aragiorgis <dimara@grnet.gr>
Date: Tue, 4 Mar 2014 16:39:56 +0200
Subject: [PATCH] Fix ebtables in vif-custom

..and remove any unused rules (comments) related to ebtables

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
---
 common.sh      |    1 +
 kvm-vif-bridge |    6 ------
 vif-custom     |    8 +-------
 3 files changed, 2 insertions(+), 13 deletions(-)

diff --git a/common.sh b/common.sh
index d06330f..b78317a 100755
--- a/common.sh
+++ b/common.sh
@@ -171,6 +171,7 @@ function setup_ebtables {
   # accept dhcp responses from host (nfdhcpd)
   # this is actually not needed because nfdhcpd opens a socket and binds is with
   # tap interface so dhcp response does not go through bridge
+  # INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
   # runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp  --ip-destination-port=68 -j ACCEPT
   # allow only packets from the same mac prefix
   runlocked $RUNLOCKED_OPTS ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP
diff --git a/kvm-vif-bridge b/kvm-vif-bridge
index 62d28ac..b22a995 100755
--- a/kvm-vif-bridge
+++ b/kvm-vif-bridge
@@ -19,14 +19,10 @@ if [ "$MODE" = "routed" ]; then
   TABLE=$LINK
   ip link set $INTERFACE addr $TAP_CONSTANT_MAC up
   INDEV=$INTERFACE
-  # DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
 elif [ "$MODE" = "bridged" ]; then
   ip link set $INTERFACE up
   brctl addif $BRIDGE $INTERFACE
   INDEV=$BRIDGE
-  # nfdhcpd creates responses with src mac the mac of indec
-  INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
-  # DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
 fi
 
 for tag in $NETWORK_TAGS; do
@@ -38,8 +34,6 @@ for tag in $NETWORK_TAGS; do
     try send_garp
   ;;
   $NFDHCPD_TAG)
-    # Drop unicast BOOTP/DHCP packets
-    # $DROPDHCPREQCMD
     try setup_nfdhcpd
   ;;
   $MAC_FILTERED_TAG)
diff --git a/vif-custom b/vif-custom
index dd32f9a..b396555 100755
--- a/vif-custom
+++ b/vif-custom
@@ -32,17 +32,12 @@ if [ "$MODE" = "routed" ]; then
   ip link set $INTERFACE up
   success
   INDEV=$INTERFACE
-  DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
 elif [ "$MODE" = "bridged" ]; then
   ip link set $INTERFACE up
   BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")
   brctl addif $BRIDGE $INTERFACE
   success
   INDEV=$BRIDGE
-  try init_ebtables
-  # nfdhcpd creates responses with src mac the mac of indec
-  INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
-  DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
 fi
 
 for tag in $NETWORK_TAGS; do
@@ -54,11 +49,10 @@ for tag in $NETWORK_TAGS; do
     try send_garp
   ;;
   $NFDHCPD_TAG)
-    # Drop unicast BOOTP/DHCP packets
-    $DROPDHCPREQCMD
     try setup_nfdhcpd
   ;;
   $MAC_FILTERED_TAG)
+    try init_ebtables
     try setup_ebtables
   ;;
   $MASQ_TAG)
-- 
1.7.10.4