Statistics
| Branch: | Tag: | Revision:

root @ 184370fd

Name Size
README 417 Bytes
common.sh 5.5 kB
devflow.conf 57 Bytes
dnshook 6 kB
fix-net 1.2 kB
hooks-log 163 Bytes
ifup-extra 1.8 kB
interfaces 2.5 kB
kvm-vif-bridge 1.4 kB
mac2eui64 1.1 kB
pylintrc 2.7 kB
runlocked 4.5 kB
version 11 Bytes
vif-custom 1.4 kB

Latest revisions

# Date Author Comment
c05f2608 03/05/2014 06:14 pm Dimitris Aragiorgis

Refactor ifup-extra script

1) Look for all kind of tags (interface specific or not):
some-prefix:1:mail
some-prefix:snf-nic-12345:mail
some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail
some-prefix:mail

2) some-prefix must be other than synnefo:network:...
fd80d055 03/05/2014 06:14 pm Dimitris Aragiorgis

Do not add ebtables rule for dhcp response

nfdhpcd opens a socket and binds it with tap interface. So dhcp
response will NOT go though the bridge and ebtables rule is
not needed.

Signed-off-by: Dimitris Aragiorgis <>
e5171922 03/05/2014 06:14 pm Dimitris Aragiorgis

Fix typo in ebtables

If interface has an IP we used to add a rule that does not allow
packets coming from TAP to have a different IP. There was a typo
in if statement and the rule did never apply.

Still, we do NOT want this rule so we fix typo and comment the...
184370fd 03/05/2014 06:14 pm Dimitris Aragiorgis

Create ebtables chains with RETURN policy

This fixes inter-node private networks in case of multicast packets.
Multicast packets are forwarded to all interfaces bridged
on the bridge. Lets assume the following:

prv0 bridge with tap0, tap1, and eth1.
From tap0 comes a multicast packet....
66c58448 03/05/2014 06:14 pm Dimitris Aragiorgis

Support execution of extra script

In case of kvm-ifup, if an extra script (/etc/ganeti/ifup-extra)
exists, execute it before exiting.

An dummy example script is given, that parses instance's tags,
and searches for synnefo:network:<ident>:mail.

Signed-off-by: Dimitris Aragiorgis <>
c780a7c5 03/05/2014 06:14 pm Dimitris Aragiorgis

Add sample rules in ifup-extra

Here we allows outgoing traffic with destination port 25.

Please note that every rule that is added when the corresponding
tag is found it should always be removed at the beginning of the
script. With other words you should remove stale entries before...
a57b3c64 03/05/2014 06:14 pm Dimitris Aragiorgis

Fix ebtables

1) Add ebtables in INPUT/OUTPUT chains too
This is needed because multicast packets
(e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain

2) In case of nfdhpcd allow DHCP replies only with src address the
MAC address of incoming device (e.g. prv0)...
2cf27346 03/05/2014 06:14 pm Dimitris Aragiorgis

Setup ebtables only for mac filtered setups

We used to drop DHCP requests for all bridged setups in case of
nfdhcpd. This requires ebtables setup for private vlans as well.

Dropping DHCP requests in case of nfdhcpd is not really needed
because they are dropped in user space...
b725f126 01/13/2014 12:02 pm Dimitris Aragiorgis

Make fix-net use common.sh and correct env vars

Helper functions for getting uplink and eui64 reside in common.sh

New Ganeti provides correct GANETI_NEW_PRIMARY GANETI_OLD_PRIMARY
environment variables. Use them in hooks.

Signed-off-by: Dimitris Aragiorgis <>
1bdc9427 01/13/2014 11:03 am Dimitris Aragiorgis

Move fix-net logic from hooks to if-up

In target node we used to run arping and ndsend. Move these
commands to if-up script.

Introduce helper function to get eui64 and uplink.

Signed-off-by: Dimitris Aragiorgis <>

View all revisions | View revisions

Also available in: Atom