| Branch: | Tag: | Revision:

root @ master

Name Size
README 417 Bytes 5.5 kB
devflow.conf 57 Bytes
dnshook 6 kB
fix-net 1.2 kB
hooks-log 163 Bytes
ifup-extra 1.8 kB
interfaces 2.5 kB
kvm-vif-bridge 1.4 kB
mac2eui64 1.1 kB
pylintrc 2.7 kB
runlocked 4.5 kB
version 7 Bytes
vif-custom 1.4 kB

Latest revisions

# Date Author Comment
3304ce51 03/05/2014 01:24 pm Dimitris Aragiorgis

Bump version to 0.15.8

8f7d1f1c 03/05/2014 01:03 pm Dimitris Aragiorgis

Create ebtables chains with RETURN policy

This fixes inter-node private networks in case of multicast packets.
Multicast packets are forwarded to all interfaces bridged
on the bridge. Lets assume the following:

prv0 bridge with tap0, tap1, and eth1.
From tap0 comes a multicast packet....

96cefca5 02/28/2014 01:20 pm Dimitris Aragiorgis

Bump version to 0.15.7

efce42cb 02/28/2014 01:20 pm Dimitris Aragiorgis

Fix typo in ebtables

If interface has an IP we used to add a rule that does not allow
packets coming from TAP to have a different IP. There was a typo
in if statement and the rule did never apply.

Still, we do NOT want this rule so we fix typo and comment the...

c7b580d5 02/28/2014 12:56 pm Dimitris Aragiorgis

Do not add ebtables rule for dhcp response

nfdhpcd opens a socket and binds it with tap interface. So dhcp
response will NOT go though the bridge and ebtables rule is
not needed.

Signed-off-by: Dimitris Aragiorgis <>

4d3b0880 02/28/2014 12:34 pm Dimitris Aragiorgis

Refactor ifup-extra script

1) Look for all kind of tags (interface specific or not):

2) some-prefix must be other than synnefo:network:...

52366a23 02/27/2014 05:49 pm Dimitris Aragiorgis

Fix ebtables

1) Add ebtables in INPUT/OUTPUT chains too
This is needed because multicast packets
(e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain

2) In case of nfdhpcd allow DHCP replies only with src address the
MAC address of incoming device (e.g. prv0)...

054ff79a 02/27/2014 05:49 pm Dimitris Aragiorgis

Setup ebtables only for mac filtered setups

We used to drop DHCP requests for all bridged setups in case of
nfdhcpd. This requires ebtables setup for private vlans as well.

Dropping DHCP requests in case of nfdhcpd is not really needed
because they are dropped in user space...

3c8da32d 02/26/2014 03:13 pm Dimitris Aragiorgis

Bump version to 0.15.6

dc1aa5d9 02/26/2014 03:08 pm Dimitris Aragiorgis

Add sample rules in ifup-extra

Here we allows outgoing traffic with destination port 25.

Please note that every rule that is added when the corresponding
tag is found it should always be removed at the beginning of the
script. With other words you should remove stale entries before...

View all revisions | View revisions

Also available in: Atom