Statistics
| Branch: | Tag: | Revision:

root / vif-custom @ a57b3c64

History | View | Annotate | Download (1.4 kB)

1
#!/bin/bash
2

    
3

    
4
dir=$(dirname "$0")
5
. "$dir"/vif-common.sh
6

    
7
# taken from older vif-common.sh
8
dev=$vif
9
dev_=${dev#vif}
10
domid=${dev_%.*}
11
devid=${dev_#*.}
12
domname=$(xm domname $domid)
13

    
14
source /etc/default/snf-network
15
source /usr/lib/snf-network/common.sh
16
source $GANETI_NIC_DIR/$domname/$devid
17

    
18
INTERFACE=$dev
19
INSTANCE=$domname
20

    
21
FROM=FROM${INTERFACE^^}
22
TO=TO${INTERFACE^^}
23

    
24

    
25
try clear_routed_setup_ipv4
26
try clear_routed_setup_ipv6
27
try clear_routed_setup_firewall
28
try clear_ebtables
29
try clear_nfdhcpd
30

    
31
if [ "$MODE" = "routed" ]; then
32
  TABLE=$LINK
33
  ip link set $INTERFACE up
34
  success
35
  INDEV=$INTERFACE
36
  DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
37
elif [ "$MODE" = "bridged" ]; then
38
  ip link set $INTERFACE up
39
  BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")
40
  brctl addif $BRIDGE $INTERFACE
41
  success
42
  INDEV=$BRIDGE
43
  try init_ebtables
44
  # nfdhcpd creates responses with src mac the mac of indec
45
  INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
46
  DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
47
fi
48

    
49

    
50
for tag in $NETWORK_TAGS; do
51
  case $tag in
52
  $IP_LESS_ROUTED_TAG)
53
    try routed_setup_ipv4
54
    try routed_setup_ipv6
55
    try routed_setup_firewall
56
  ;;
57
  $NFDHCPD_TAG)
58
    # Drop unicast BOOTP/DHCP packets
59
    $DROPDHCPREQCMD
60
    try setup_nfdhcpd
61
  ;;
62
  $MAC_FILTERED_TAG)
63
    try setup_ebtables
64
  ;;
65
  $MASQ_TAG)
66
    try setup_masq
67
  ;;
68
  esac
69
done