/vif-custom - Annotate - snf-network - Greek Research and Technology Network's projects

root / vif-custom @ a67910c4

History | View | Annotate | Download (1.4 kB)

1	38305e4c	Dimitris Aragiorgis	#!/bin/bash
2	38305e4c	Dimitris Aragiorgis
3	38305e4c	Dimitris Aragiorgis
4	38305e4c	Dimitris Aragiorgis	dir=$(dirname "$0")
5	38305e4c	Dimitris Aragiorgis	. "$dir"/vif-common.sh
6	38305e4c	Dimitris Aragiorgis
7	df006c46	Dimitris Aragiorgis	# taken from older vif-common.sh
8	df006c46	Dimitris Aragiorgis	dev=$vif
9	df006c46	Dimitris Aragiorgis	dev_=${dev#vif}
10	df006c46	Dimitris Aragiorgis	domid=${dev_%.*}
11	df006c46	Dimitris Aragiorgis	devid=${dev_#*.}
12	38305e4c	Dimitris Aragiorgis	domname=$(xm domname $domid)
13	38305e4c	Dimitris Aragiorgis
14	df006c46	Dimitris Aragiorgis	source /etc/default/snf-network
15	df006c46	Dimitris Aragiorgis	source /usr/lib/snf-network/common.sh
16	38305e4c	Dimitris Aragiorgis	source $GANETI_NIC_DIR/$domname/$devid
17	38305e4c	Dimitris Aragiorgis
18	38305e4c	Dimitris Aragiorgis	INTERFACE=$dev
19	38305e4c	Dimitris Aragiorgis	INSTANCE=$domname
20	38305e4c	Dimitris Aragiorgis
21	38305e4c	Dimitris Aragiorgis	FROM=FROM${INTERFACE^^}
22	38305e4c	Dimitris Aragiorgis	TO=TO${INTERFACE^^}
23	38305e4c	Dimitris Aragiorgis
24	38305e4c	Dimitris Aragiorgis
25	38305e4c	Dimitris Aragiorgis	try clear_routed_setup_ipv4
26	38305e4c	Dimitris Aragiorgis	try clear_routed_setup_ipv6
27	38305e4c	Dimitris Aragiorgis	try clear_routed_setup_firewall
28	38305e4c	Dimitris Aragiorgis	try clear_ebtables
29	38305e4c	Dimitris Aragiorgis	try clear_nfdhcpd
30	38305e4c	Dimitris Aragiorgis
31	38305e4c	Dimitris Aragiorgis	if [ "$MODE" = "routed" ]; then
32	38305e4c	Dimitris Aragiorgis	TABLE=$LINK
33	38305e4c	Dimitris Aragiorgis	ip link set $INTERFACE up
34	38305e4c	Dimitris Aragiorgis	success
35	38305e4c	Dimitris Aragiorgis	INDEV=$INTERFACE
36	38305e4c	Dimitris Aragiorgis	DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
37	38305e4c	Dimitris Aragiorgis	elif [ "$MODE" = "bridged" ]; then
38	38305e4c	Dimitris Aragiorgis	ip link set $INTERFACE up
39	38305e4c	Dimitris Aragiorgis	BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")
40	38305e4c	Dimitris Aragiorgis	brctl addif $BRIDGE $INTERFACE
41	38305e4c	Dimitris Aragiorgis	success
42	38305e4c	Dimitris Aragiorgis	INDEV=$BRIDGE
43	38305e4c	Dimitris Aragiorgis	try init_ebtables
44	a67910c4	Dimitris Aragiorgis	# nfdhcpd creates responses with src mac the mac of indec
45	a67910c4	Dimitris Aragiorgis	INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
46	1409faba	Stratos Psomadakis	DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
47	38305e4c	Dimitris Aragiorgis	fi
48	38305e4c	Dimitris Aragiorgis
49	38305e4c	Dimitris Aragiorgis
50	38305e4c	Dimitris Aragiorgis	for tag in $NETWORK_TAGS; do
51	38305e4c	Dimitris Aragiorgis	case $tag in
52	38305e4c	Dimitris Aragiorgis	$IP_LESS_ROUTED_TAG)
53	38305e4c	Dimitris Aragiorgis	try routed_setup_ipv4
54	38305e4c	Dimitris Aragiorgis	try routed_setup_ipv6
55	38305e4c	Dimitris Aragiorgis	try routed_setup_firewall
56	38305e4c	Dimitris Aragiorgis	;;
57	38305e4c	Dimitris Aragiorgis	$NFDHCPD_TAG)
58	38305e4c	Dimitris Aragiorgis	# Drop unicast BOOTP/DHCP packets
59	38305e4c	Dimitris Aragiorgis	$DROPDHCPREQCMD
60	38305e4c	Dimitris Aragiorgis	try setup_nfdhcpd
61	38305e4c	Dimitris Aragiorgis	;;
62	38305e4c	Dimitris Aragiorgis	$MAC_FILTERED_TAG)
63	38305e4c	Dimitris Aragiorgis	try setup_ebtables
64	38305e4c	Dimitris Aragiorgis	;;
65	38305e4c	Dimitris Aragiorgis	$MASQ_TAG)
66	38305e4c	Dimitris Aragiorgis	try setup_masq
67	38305e4c	Dimitris Aragiorgis	;;
68	38305e4c	Dimitris Aragiorgis	esac
69	38305e4c	Dimitris Aragiorgis	done

Synnefo » snf-network

root / vif-custom @ a67910c4