Revision 7d163a24
/dev/null | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
DIR=/var/lib/snf-network |
|
4 |
SUBNET=$1 |
|
5 |
GATEWAY=$2 |
|
6 |
TYPE=$3 |
|
7 |
NAME=$4 |
|
8 |
RT_TABLES=/etc/iproute2/rt_tables |
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
if [ $# -ne 4 ]; then |
|
13 |
echo "$0 <subnet> <gateway> <private/public> <name>" |
|
14 |
exit 1 |
|
15 |
fi |
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
cat > $DIR/networks/$NAME <<EOF |
|
20 |
SUBNET=$SUBNET |
|
21 |
GATEWAY=$GATEWAY |
|
22 |
TYPE=$TYPE |
|
23 |
EOF |
|
24 |
|
|
25 |
|
|
26 |
IDX=$(ls $DIR/networks | wc -l) |
|
27 |
|
|
28 |
# remove old entry |
|
29 |
sed -i '/^'"$IDX"'\ / d' $RT_TABLES |
|
30 |
|
|
31 |
echo "$IDX rt_$NAME" >> $RT_TABLES |
|
32 |
|
|
33 |
|
/dev/null | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
DIR=/var/lib/snf-network |
|
4 |
NODES=$1 |
|
5 |
ROUTER=$2 |
|
6 |
IFACE=$3 |
|
7 |
VLAN=$4 |
|
8 |
VLANS=$5 |
|
9 |
NAME=$6 |
|
10 |
|
|
11 |
|
|
12 |
if [ $# -ne 6 ]; then |
|
13 |
echo "$0 <list_nodes> <router> <iface> <public_vlan> <list_of_private_vlans> <name>" |
|
14 |
echo "$0 'dev88 89' 'dev88' 'eth0' '101' '2990 2999' 'default'" |
|
15 |
exit 1 |
|
16 |
fi |
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
cat > $DIR/nodegroups/$NAME <<EOF |
|
21 |
ROUTER=$ROUTER |
|
22 |
INTERFACE=$IFACE |
|
23 |
PUBLIC_VLAN=$VLAN |
|
24 |
PRIVATE_VLANS=$VLANS |
|
25 |
EOF |
|
26 |
|
|
27 |
|
b/configure-interfaces | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
source /etc/default/snf-network |
|
4 |
|
|
5 |
HOSTNAME=$(hostname) |
|
6 |
|
|
7 |
|
|
8 |
INTERFACES=$SHAREDDIR/interfaces/$HOSTNAME |
|
9 |
INFRA=$SHAREDDIR/infra/$HOSTNAME |
|
10 |
|
|
11 |
if [ -e $INFRA ]; then |
|
12 |
source $INFRA |
|
13 |
fi |
|
14 |
|
|
15 |
if [ -e /proc/sys/net/ipv4/conf/$PUBLIC_VLAN -o \ |
|
16 |
# -e /proc/sys/net/ipv4/conf/$PUBLIC_BRIDGE -o \ |
|
17 |
-e /proc/sys/net/ipv4/conf/$MASQ_VLAN -o \ |
|
18 |
-e /proc/sys/net/ipv4/conf/$MASQ_BRIDGE -o \ |
|
19 |
-e /proc/sys/net/ipv4/conf/$PRIVATE_VLAN -o \ |
|
20 |
-e /proc/sys/net/ipv4/conf/$PRIVATE_BRIDGE ]; then |
|
21 |
echo Interfaces already exist! Please check: |
|
22 |
echo $PUBLIC_BRIDGE for bridging TAPs with public IPs |
|
23 |
echo $PUBLIC_VLAN for routing TAPs with public IPs |
|
24 |
echo $PRIVATE_VLAN bridged on $PRIVATE_BRIDGE for private LANs |
|
25 |
echo $MASQ_VLAN bridged on $MASQ_BRIDGE for private IPs that get MASQUERADED |
|
26 |
exit 1 |
|
27 |
fi |
|
28 |
|
|
29 |
|
|
30 |
cat > $INTERFACES<<EOF |
|
31 |
#auto $PUBLIC_BRIDGE |
|
32 |
#iface $PUBLIC_BRIDGE inet manual |
|
33 |
# bridge_ports $PUBLIC_INTERFACE |
|
34 |
# bridge_stp off |
|
35 |
# bridge_fd 2 |
|
36 |
|
|
37 |
auto $PUBLIC_VLAN |
|
38 |
iface $PUBLIC_VLAN inet manual |
|
39 |
|
|
40 |
auto $PRIVATE_VLAN |
|
41 |
iface $PRIVATE_VLAN inet manual |
|
42 |
|
|
43 |
auto $PRIVATE_BRIDGE |
|
44 |
iface $PRIVATE_BRIDGE inet manual |
|
45 |
bridge_ports $PRIVATE_VLAN |
|
46 |
bridge_stp off |
|
47 |
bridge_fd 2 |
|
48 |
|
|
49 |
auto $MASQ_VLAN |
|
50 |
iface $MASQ_VLAN inet manual |
|
51 |
|
|
52 |
auto $MASQ_BRIDGE |
|
53 |
iface $MASQ_BRIDGE inet manual |
|
54 |
bridge_ports $MASQ_VLAN |
|
55 |
bridge_stp off |
|
56 |
bridge_fd 2 |
|
57 |
EOF |
|
58 |
|
|
59 |
|
|
60 |
ifup -i $INTERFACES -a |
|
61 |
|
|
62 |
|
|
63 |
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding |
|
64 |
echo 1 > /proc/sys/net/ipv4/ip_forward |
/dev/null | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
DIR=/var/lib/snf-network |
|
4 |
NETWORK=$1 |
|
5 |
NODEGROUP=$2 |
|
6 |
MODE=$3 |
|
7 |
LINK=$4 |
|
8 |
|
|
9 |
source /etc/default/snf-network |
|
10 |
|
|
11 |
if [ $# -ne 4 ]; then |
|
12 |
echo "$0 <network> <nodegroup> <mode> <link>" |
|
13 |
exit 1 |
|
14 |
fi |
|
15 |
|
|
16 |
NETWORK_FILE=$DIR/networks/$NETWORK |
|
17 |
NODEGROUP_FILE=$DIR/nodegoups/$NODEGROUP |
|
18 |
INTERFACES=$DIR/interfaces/$NETWORK-$NODEGROUP |
|
19 |
|
|
20 |
source $NETWORK_FILE |
|
21 |
source $NODEGROUP_FILE |
|
22 |
|
|
23 |
if [ $MODE == "routed" ]; then |
|
24 |
VLAN=$LINK |
|
25 |
if [ $TYPE == "public" ]; then |
|
26 |
APR_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}') |
|
27 |
cat > $INTERFACES<<EOF |
|
28 |
# $VLAN $MODE |
|
29 |
auto $VLAN |
|
30 |
iface $VLAN inet manual |
|
31 |
# ip-routing-table rt_$NETWORK |
|
32 |
# ip-routes $SUBNET |
|
33 |
# ip-gateway $GATEWAY |
|
34 |
# ip-forwarding 1 |
|
35 |
# ip-proxy-arp 1 |
|
36 |
# arp-ip $ARP_IP |
|
37 |
EOF |
|
38 |
ifup -i $INTERFACES $VLAN |
|
39 |
ip link set $VLAN up |
|
40 |
|
|
41 |
ip rule add iif $VLAN table rt_$NAME |
|
42 |
|
|
43 |
ip route add $SUBNET dev $VLAN table main |
|
44 |
|
|
45 |
ip route add $SUBNET dev $VLAN table rt_$NAME |
|
46 |
ip route add default via $GATEWAY dev $VLAN table rt_$NAME |
|
47 |
|
|
48 |
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding |
|
49 |
|
|
50 |
arptables -A OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s $ARP_IP |
|
51 |
fi |
|
52 |
fi |
|
53 |
|
|
54 |
|
|
55 |
|
|
56 |
if [ $MODE == "bridged" ]; then |
|
57 |
BRIDGE=$LINK |
|
58 |
echo 1 > /proc/sys/net/ipv4/ip_forward |
|
59 |
if [ $TYPE == "public" ]; then |
|
60 |
VLAN=$INTERFACE.$PUBLIC_VLAN_ID |
|
61 |
elif [ $TYPE == "private" ]; then |
|
62 |
VLAN_ID=${PRIVATE_VLAN_IDS%% *} |
|
63 |
VLAN_IDS=${PRIVATE_VLAN_IDS#* } |
|
64 |
sed -i 's/PRIVATE_VLAN_IDS/ s/=.*/='"VLAN_IDS"'/' $NODEGROUP_FILE |
|
65 |
#set -- $PRIVATE_VLAN_IDS |
|
66 |
#VLAN=$1 |
|
67 |
#shift |
|
68 |
#VLANS=$@ |
|
69 |
VLAN=$INTERFACE.$VLAN_ID |
|
70 |
fi |
|
71 |
cat > $INTERFACES <<EOF |
|
72 |
# $VLAN $MODE $BRIDGE |
|
73 |
auto $VLAN |
|
74 |
iface $VLAN inet manual |
|
75 |
|
|
76 |
auto $BRIDGE |
|
77 |
iface $BRIDGE inet manual |
|
78 |
bridge_ports $VLAN |
|
79 |
bridge_stp off |
|
80 |
bridge_fd 2 |
|
81 |
EOF |
|
82 |
ifup -i $INTERFACES $BRIDGE |
|
83 |
ip link set $VLAN up |
|
84 |
ip route add $SUBNET dev $BRIDGE table main |
|
85 |
|
|
86 |
ip route add $SUBNET dev $BRIDGE table rt_$NETWORK |
|
87 |
if [ ! -z $GATEWAY ]; then |
|
88 |
ip route add default via dev $BRIDGE table rt_$NETWORK |
|
89 |
if [ $TYPE == "private" ]; then |
|
90 |
if [ ! -z $ROUTER ]; then |
|
91 |
if [ $(hostname) == $ROUTER ]; then |
|
92 |
NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}') |
|
93 |
ip addr add $GATEWAY/$NETMASK dev $BRIDGE |
|
94 |
iptables -t nat -A POSTROUTING -s $SUBNET \! -d $SUBNET -j MASQUERADE |
|
95 |
fi |
|
96 |
fi |
|
97 |
fi |
|
98 |
fi |
|
99 |
fi |
/dev/null | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
DIR=/var/lib/snf-network |
|
4 |
NETWORK=$1 |
|
5 |
NODEGROUP=$2 |
|
6 |
|
|
7 |
source /etc/default/snf-network |
|
8 |
|
|
9 |
if [ $# -ne 2 ]; then |
|
10 |
echo "$0 <network> <nodegroup>" |
|
11 |
exit 1 |
|
12 |
fi |
|
13 |
|
|
14 |
NETWORK_FILE=$DIR/networks/$NETWORK |
|
15 |
NODEGROUP_FILE=$DIR/nodegoups/$NODEGROUP |
|
16 |
INTERFACES=$DIR/interfaces/$NETWORK-$NODEGROUP |
|
17 |
|
|
18 |
read x VLAN BRIDGE < $INTERFACES |
|
19 |
|
|
20 |
VLAN_ID=${VLAN#*:} |
|
21 |
|
|
22 |
source $NETWORK_FILE |
|
23 |
source $NODEGROUP_FILE |
|
24 |
|
|
25 |
if [ $MODE == "routed" ]; then |
|
26 |
if [ $TYPE == "public" ]; then |
|
27 |
APR_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}') |
|
28 |
ip rule del iif $VLAN table rt_$NAME |
|
29 |
|
|
30 |
ip route del $SUBNET dev $VLAN table main |
|
31 |
|
|
32 |
ip route del $SUBNET dev $VLAN table rt_$NAME |
|
33 |
ip route del default via $GATEWAY dev $VLAN table rt_$NAME |
|
34 |
|
|
35 |
arptables -D OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s $ARP_IP |
|
36 |
ifdown -i $INTERFACES $VLAN |
|
37 |
rm $INTERFACES |
|
38 |
fi |
|
39 |
fi |
|
40 |
|
|
41 |
|
|
42 |
|
|
43 |
if [ $MODE == "bridged" ]; then |
|
44 |
if [ $TYPE == "private" ]; then |
|
45 |
VLAN_IDS="$VLAN_ID $PRIVATE_VLAN_IDS" |
|
46 |
sed -i 's/PRIVATE_VLAN_IDS/ s/=.*/='"VLAN_IDS"'/' $NODEGROUP_FILE |
|
47 |
fi |
|
48 |
|
|
49 |
ip route del $SUBNET dev $BRIDGE table main |
|
50 |
|
|
51 |
ip route del $SUBNET dev $BRIDGE table rt_$NETWORK |
|
52 |
if [ ! -z $GATEWAY ]; then |
|
53 |
ip route del default via $GATEWAY dev $BRIDGE table rt_$NETWORK |
|
54 |
if [ $TYPE == "private" ]; then |
|
55 |
if [ ! -z $ROUTER ]; then |
|
56 |
if [ $(hostname) == $ROUTER ]; then |
|
57 |
NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}') |
|
58 |
ip addr del $GATEWAY/$NETMASK dev $LINK |
|
59 |
iptables -t nat -D POSTROUTING -s $SUBNET \! -d $SUBNET -j MASQUERADE |
|
60 |
fi |
|
61 |
fi |
|
62 |
fi |
|
63 |
fi |
|
64 |
ifdown -i $INTERFACES $BRIDGE |
|
65 |
rm $INTERFACES |
|
66 |
fi |
b/hooks/group-modify-post.d/snf-network | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
source /etc/default/snf-network |
|
4 |
|
|
5 |
GROUP=$GANETI_GROUP_NAME |
|
6 |
|
|
7 |
ACTION=$GANETI_GROUP_NETWORK_ACTION |
|
8 |
NETWORK=$GANETI_GROUP_NETWORK_NAME |
|
9 |
MODE=$GANETI_GROUP_NETWORK_MODE |
|
10 |
LINK=$GANETI_GROUP_NETWORK_LINK |
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
if [ -z $ACTION ]; then |
|
15 |
exit 0 |
|
16 |
fi |
|
17 |
|
|
18 |
NETFILE=$SHAREDDIR/networks/$NETWORK |
|
19 |
|
|
20 |
MAPFILE=$SHAREDDIR/mappings/$NETWORK-$GROUP |
|
21 |
|
|
22 |
function set_rt_table { |
|
23 |
ID=$(sed -n '/^$/ { =; q}' /etc/iproute2/rt_tables) |
|
24 |
if [ -z $ID ]; then |
|
25 |
ID=$(wc -l /etc/iproute2/rt_tables) |
|
26 |
echo $((ID+1)) rt_$NETWORK > /etc/iproute2/rt_tables |
|
27 |
else |
|
28 |
sed -i '1,/^$/ s/^$/'"$ID"' rt_'"$NETWORK"'/' /etc/iproute2/rt_tables |
|
29 |
fi |
|
30 |
} |
|
31 |
|
|
32 |
|
|
33 |
|
|
34 |
if [ $ACTION == "add" ]; then |
|
35 |
if [ $MODE == "routed" ]; then |
|
36 |
VLAN=$LINK |
|
37 |
if [ $TYPE == "public" ]; then |
|
38 |
ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}') |
|
39 |
|
|
40 |
ip link set $VLAN up |
|
41 |
|
|
42 |
echo 1 > "/proc/sys/net/ipv4/conf/$VLAN/proxy_arp" |
|
43 |
|
|
44 |
set_rt_table |
|
45 |
|
|
46 |
ip rule add iif $VLAN table rt_$NETWORK |
|
47 |
|
|
48 |
ip route add $SUBNET dev $VLAN table main |
|
49 |
|
|
50 |
ip route add $SUBNET dev $VLAN table rt_$NETWORK |
|
51 |
ip route add default via $GATEWAY dev $VLAN table rt_$NETWORK |
|
52 |
|
|
53 |
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding |
|
54 |
|
|
55 |
arptables -A OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s $ARP_IP |
|
56 |
fi |
|
57 |
fi |
|
58 |
|
|
59 |
|
|
60 |
|
|
61 |
if [ $MODE == "bridged" ]; then |
|
62 |
BRIDGE=$LINK |
|
63 |
if [ ! -z $GATEWAY ]; then |
|
64 |
if [ $TYPE == "private" ]; then |
|
65 |
if [ $(hostname) == $ROUTER ]; then |
|
66 |
NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}') |
|
67 |
ip addr add $GATEWAY/$NETMASK dev $BRIDGE |
|
68 |
iptables -t nat -A POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE |
|
69 |
fi |
|
70 |
fi |
|
71 |
fi |
|
72 |
fi |
|
73 |
|
|
74 |
cat > $MAPFILE <<EOF |
|
75 |
MODE=$MODE |
|
76 |
LINK=$LINK |
|
77 |
EOF |
|
78 |
|
|
79 |
else |
|
80 |
|
|
81 |
source $MAPFILE |
|
82 |
|
|
83 |
if [ "$MODE" == "routed" ]; then |
|
84 |
VLAN=$LINK |
|
85 |
TABLE=rt_$NETWORK |
|
86 |
if [ $TYPE == "public" ]; then |
|
87 |
ARP_IP=$(ipcalc $SUBNET | grep HostMax | awk '{print $2}') |
|
88 |
|
|
89 |
arptables -D OUTPUT -o $VLAN --opcode request -j mangle --mangle-ip-s $ARP_IP |
|
90 |
|
|
91 |
ip route del default via $GATEWAY dev $VLAN table $TABLE |
|
92 |
ip route del $SUBNET dev $VLAN table $TABLE |
|
93 |
|
|
94 |
ip route del $SUBNET dev $VLAN table main |
|
95 |
|
|
96 |
ip rule del iif $VLAN table $TABLE |
|
97 |
sed -i 's/.*'"$TABLE"'$//' /etc/iproute2/rt_tables |
|
98 |
fi |
|
99 |
fi |
|
100 |
|
|
101 |
|
|
102 |
|
|
103 |
if [ "$MODE" == "bridged" ]; then |
|
104 |
BRIDGE=$LINK |
|
105 |
if [ ! -z $GATEWAY ]; then |
|
106 |
if [ $TYPE == "private" ]; then |
|
107 |
if [ $(hostname) == $ROUTER ]; then |
|
108 |
NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}') |
|
109 |
ip addr del $GATEWAY/$NETMASK dev $BRIDGE |
|
110 |
iptables -t nat -D POSTROUTING -s $SUBNET \! -d 192.168.0.0/16 -j MASQUERADE |
|
111 |
fi |
|
112 |
fi |
|
113 |
fi |
|
114 |
fi |
|
115 |
|
|
116 |
rm $MAPFILE |
|
117 |
|
|
118 |
fi |
b/hooks/network-add-post.d/snf-network | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
source /etc/default/snf-network |
|
4 |
|
|
5 |
|
|
6 |
NETFILE=$SHAREDDIR/networks/$NETWORK |
|
7 |
|
|
8 |
|
|
9 |
cat > $NETFILE <<EOF |
|
10 |
NETWORK=$GANETI_NETWORK_NAME |
|
11 |
SUBNET=$GANETI_NETWORK_SUBNET |
|
12 |
GATEWAY=$GANETI_NETWORK_GATEWAY |
|
13 |
|
|
14 |
SUBNET6=$GANETI_NETWORK_SUBNET6 |
|
15 |
GATEWAY6=$GANETI_NETWORK_GATEWAY6 |
|
16 |
|
|
17 |
MAC_PREFIX=$GANETI_NETWORK_MAC_PREFIX |
|
18 |
|
|
19 |
TYPE=$GANETI_NETWORK_TYPE |
|
20 |
EOF |
|
21 |
|
|
22 |
|
b/kvm-vif-bridge | ||
---|---|---|
7 | 7 |
MAC2EUI64=/usr/bin/mac2eui64 |
8 | 8 |
NFDHCPD_STATE_DIR=/var/lib/nfdhcpd |
9 | 9 |
|
10 |
function clear_tap { |
|
11 |
|
|
12 |
arptables -D OUTPUT -o $INTERFACE --opcode request -j mangle >/dev/null 2>&1 |
|
13 |
while ip rule del dev $INTERFACE; do :; done |
|
14 |
iptables -D FORWARD -i $INTERFACE -p udp --dport 67 -j DROP 2>/dev/null |
|
15 |
|
|
16 |
|
|
17 |
} |
|
18 |
|
|
10 | 19 |
function routed_setup_ipv4 { |
11 | 20 |
# get the link's default gateway |
12 | 21 |
gw=$(ip route list table $TABLE | sed -n 's/default via \([^ ]\+\).*/\1/p' | head -1) |
13 | 22 |
|
14 | 23 |
# mangle ARPs to come from the gw's IP |
15 |
arptables -D OUTPUT -o $INTERFACE --opcode request -j mangle >/dev/null 2>&1 |
|
16 | 24 |
arptables -A OUTPUT -o $INTERFACE --opcode request -j mangle --mangle-ip-s "$gw" |
17 | 25 |
|
18 | 26 |
# route interface to the proper routing table |
19 |
while ip rule del dev $INTERFACE; do :; done |
|
20 | 27 |
ip rule add dev $INTERFACE table $TABLE |
21 | 28 |
|
22 | 29 |
# static route mapping IP -> INTERFACE |
... | ... | |
73 | 80 |
fi |
74 | 81 |
} |
75 | 82 |
|
76 |
function routed_setup_nfdhcpd {
|
|
83 |
function setup_nfdhcpd { |
|
77 | 84 |
umask 022 |
78 | 85 |
cat >$NFDHCPD_STATE_DIR/$INTERFACE <<EOF |
79 | 86 |
IFACE=$1 |
... | ... | |
85 | 92 |
EOF |
86 | 93 |
} |
87 | 94 |
|
88 |
function reset_ebtables {
|
|
95 |
function clear_ebtables {
|
|
89 | 96 |
TAP=$INTERFACE |
90 | 97 |
FROM=FROM${TAP^^} |
91 | 98 |
TO=TO${TAP^^} |
92 | 99 |
|
93 |
ebtables -D INPUT -i $TAP -j $FROM |
|
94 |
ebtables -D FORWARD -i $TAP -j $FROM |
|
95 |
ebtables -D FORWARD -o $TAP -j $TO |
|
96 |
ebtables -D OUTPUT -o $TAP -j $TO |
|
100 |
exist=$(ebtables -L | grep $TAP) |
|
97 | 101 |
|
98 |
ebtables -X $FROM |
|
99 |
ebtables -X $TO |
|
102 |
if [ ! -z "$exist" ]; then |
|
103 |
ebtables -D INPUT -i $TAP -j $FROM |
|
104 |
ebtables -D FORWARD -i $TAP -j $FROM |
|
105 |
ebtables -D FORWARD -o $TAP -j $TO |
|
106 |
ebtables -D OUTPUT -o $TAP -j $TO |
|
107 |
|
|
108 |
ebtables -X $FROM |
|
109 |
ebtables -X $TO |
|
110 |
fi |
|
100 | 111 |
} |
101 | 112 |
|
102 |
function set_ebtables { |
|
113 |
function setup_ebtables {
|
|
103 | 114 |
TAP=$INTERFACE |
104 | 115 |
FROM=FROM${TAP^^} |
105 | 116 |
TO=TO${TAP^^} |
106 | 117 |
|
107 | 118 |
ebtables -N $FROM |
119 |
# do not allow changes in ip-mac pair |
|
108 | 120 |
ebtables -A $FROM --ip-source \! $IP -p ipv4 -j DROP |
109 | 121 |
ebtables -A $FROM -s \! $MAC -j DROP |
110 |
ebtables -A INPUT -i $TAP -j $FROM |
|
111 | 122 |
ebtables -A FORWARD -i $TAP -j $FROM |
112 | 123 |
ebtables -N $TO |
113 | 124 |
ebtables -A FORWARD -o $TAP -j $TO |
114 |
ebtables -A OUTPUT -o $TAP -j $TO |
|
115 | 125 |
#accept dhcp responses from host (nfdhcpd) |
116 | 126 |
ebtables -A $TO -p ipv4 --ip-protocol=udp --ip-destination-port=68 -j ACCEPT |
117 | 127 |
if [ $TYPE == "private" ]; then |
118 |
ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP |
|
119 | 128 |
if [ ! -z $GATEWAY ]; then |
129 |
# allow packets from/to router (for masquerading |
|
120 | 130 |
ebtables -A $TO -s $ROUTER_MAC -j ACCEPT |
131 |
ebtables -A INPUT -i $TAP -j $FROM |
|
132 |
ebtables -A OUTPUT -o $TAP -j $TO |
|
121 | 133 |
fi |
134 |
# allow only packets from the same mac prefix |
|
135 |
ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP |
|
122 | 136 |
fi |
123 | 137 |
} |
124 | 138 |
|
125 | 139 |
#FIXME: import router mac from the config files |
126 | 140 |
# must know node group!! how??? |
127 |
ROUTER_MAC=6e:10:e1:a0:c3:0f
|
|
141 |
ROUTER_MAC=e4:11:5b:b2:8d:ca
|
|
128 | 142 |
MAC_MASK=ff:ff:ff:0:0:0 |
129 | 143 |
|
130 | 144 |
TABLE=rt_$NETWORK |
... | ... | |
134 | 148 |
|
135 | 149 |
if [ "$MODE" = "routed" ]; then |
136 | 150 |
# special proxy-ARP/NDP routing mode |
137 |
|
|
151 |
clear_tap |
|
138 | 152 |
# use a constant predefined MAC address for the tap |
139 | 153 |
ip link set $INTERFACE addr $TAP_CONSTANT_MAC |
140 | 154 |
# bring the tap up |
141 | 155 |
ifconfig $INTERFACE 0.0.0.0 up |
142 | 156 |
|
143 | 157 |
# Drop unicast BOOTP/DHCP packets |
144 |
iptables -D FORWARD -i $INTERFACE -p udp --dport 67 -j DROP 2>/dev/null |
|
145 | 158 |
iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP |
146 | 159 |
|
147 | 160 |
routed_setup_ipv4 |
148 |
routed_setup_ipv6 |
|
149 |
routed_setup_firewall |
|
150 |
routed_setup_nfdhcpd $INTERFACE
|
|
151 |
reset_ebtables
|
|
161 |
# routed_setup_ipv6
|
|
162 |
# routed_setup_firewall
|
|
163 |
setup_nfdhcpd $INTERFACE |
|
164 |
clear_ebtables >/dev/null 2>&1
|
|
152 | 165 |
elif [ "$MODE" = "bridged" ]; then |
153 |
while ip rule del dev $INTERFACE; do :; done |
|
166 |
clear_tap |
|
167 |
clear_ebtables >/dev/null 2>&1 |
|
154 | 168 |
ifconfig $INTERFACE 0.0.0.0 up |
155 | 169 |
brctl addif $BRIDGE $INTERFACE |
156 |
routed_setup_nfdhcpd $BRIDGE |
|
157 |
reset_ebtables |
|
158 |
set_ebtables |
|
170 |
setup_nfdhcpd $BRIDGE |
|
171 |
setup_ebtables |
|
159 | 172 |
fi |
/dev/null | ||
---|---|---|
1 |
# |
|
2 |
# reserved values |
|
3 |
# |
|
4 |
255 local |
|
5 |
254 main |
|
6 |
253 default |
|
7 |
0 unspec |
|
8 |
# |
|
9 |
# local |
|
10 |
# |
|
11 |
#1 inr.ruhep |
|
12 |
# dev.grnet.gr, routing table used |
|
13 |
# for the public IP space allocated to Synnefo VMs |
|
14 |
# This *must* match the name of the link |
|
15 |
# in gnt-network for nfdhcpd to work properly. |
|
16 |
44 rt_net100 |
|
17 |
45 rt_net101 |
|
18 |
46 rt_public |
b/unconfigure-interfaces | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
source /etc/default/snf-network |
|
4 |
|
|
5 |
HOSTNAME=$(hostname) |
|
6 |
|
|
7 |
|
|
8 |
INTERFACES=$SHAREDDIR/interfaces/$HOSTNAME |
|
9 |
INFRA=$SHAREDDIR/infra/$HOSTNAME |
|
10 |
|
|
11 |
if [ -e $INFRA ]; then |
|
12 |
source $INFRA |
|
13 |
fi |
|
14 |
|
|
15 |
ifdown -i $INTERFACES -a --force |
|
16 |
|
Also available in: Unified diff