History | View | Annotate | Download (5.5 kB)
Do not add ebtables rule for dhcp response
nfdhpcd opens a socket and binds it with tap interface. So dhcpresponse will NOT go though the bridge and ebtables rule isnot needed.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Fix typo in ebtables
If interface has an IP we used to add a rule that does not allowpackets coming from TAP to have a different IP. There was a typoin if statement and the rule did never apply.
Still, we do NOT want this rule so we fix typo and comment the...
Create ebtables chains with RETURN policy
This fixes inter-node private networks in case of multicast packets.Multicast packets are forwarded to all interfaces bridgedon the bridge. Lets assume the following:
prv0 bridge with tap0, tap1, and eth1.From tap0 comes a multicast packet....
Fix ebtables
1) Add ebtables in INPUT/OUTPUT chains too This is needed because multicast packets (e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain
2) In case of nfdhpcd allow DHCP replies only with src address the MAC address of incoming device (e.g. prv0)...
Move fix-net logic from hooks to if-up
In target node we used to run arping and ndsend. Move thesecommands to if-up script.
Introduce helper function to get eui64 and uplink.
return in case expected env vars are not set
In case of IPv6 only setup, IP environment variable should not beset. Still if we have a routed setup routed_setup_ipv4() gets invoked.
This means that the following command will be invoked:
ip route replace proto static dev tap3 table public...
Support firewalls based on NINC index, uuid, names
Serialize the excecution of ebtables processes
ebtables cannot handle multiple userspace ebtables processes runningconcurrently. This could lead to failures while setting up or cleaningup ebtables for VM networks.
ebtables latest release (included in Debian Wheezy) supports ebtables...
Add vif-custom script and split kvm-vif-bridge
Put functions in /usr/lib/snf-network/common.sh