Revision b0a87613

b/common.sh
171 171 
  # accept dhcp responses from host (nfdhcpd)
172 172 
  # this is actually not needed because nfdhcpd opens a socket and binds is with
173 173 
  # tap interface so dhcp response does not go through bridge
174 
  # INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
174 175 
  # runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp  --ip-destination-port=68 -j ACCEPT
175 176 
  # allow only packets from the same mac prefix
176 177 
  runlocked $RUNLOCKED_OPTS ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP
b/kvm-vif-bridge
19 19 
  TABLE=$LINK
20 20 
  ip link set $INTERFACE addr $TAP_CONSTANT_MAC up
21 21 
  INDEV=$INTERFACE
22 
  # DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
23 22 
elif [ "$MODE" = "bridged" ]; then
24 23 
  ip link set $INTERFACE up
25 24 
  brctl addif $BRIDGE $INTERFACE
26 25 
  INDEV=$BRIDGE
27 
  # nfdhcpd creates responses with src mac the mac of indec
28 
  INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
29 
  # DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
30 26 
fi
31 27 

  		





  32
  28
  
    
for tag in $NETWORK_TAGS; do


  		





  ......




  38
  34
  
    
    try send_garp


  		





  39
  35
  
    
  ;;


  		





  40
  36
  
    
  $NFDHCPD_TAG)


  		





  41
  
  
    
    # Drop unicast BOOTP/DHCP packets


  		





  42
  
  
    
    # $DROPDHCPREQCMD


  		





  43
  37
  
    
    try setup_nfdhcpd


  		





  44
  38
  
    
  ;;


  		





  45
  39
  
    
  $MAC_FILTERED_TAG)


  		












  

    
      b/vif-custom
    
  






  32
  32
  
    
  ip link set $INTERFACE up


  		





  33
  33
  
    
  success


  		





  34
  34
  
    
  INDEV=$INTERFACE


  		





  35
  
  
    
  DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"


  		





  36
  35
  
    
elif [ "$MODE" = "bridged" ]; then


  		





  37
  36
  
    
  ip link set $INTERFACE up


  		





  38
  37
  
    
  BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")


  		





  39
  38
  
    
  brctl addif $BRIDGE $INTERFACE


  		





  40
  39
  
    
  success


  		





  41
  40
  
    
  INDEV=$BRIDGE


  		





  42
  
  
    
  try init_ebtables


  		





  43
  
  
    
  # nfdhcpd creates responses with src mac the mac of indec


  		





  44
  
  
    
  INDEV_MAC=$(cat /sys/class/net/$INDEV/address)


  		





  45
  
  
    
  DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"


  		





  46
  41
  
    
fi


  		





  47
  42
  
    

  		





  48
  43
  
    
for tag in $NETWORK_TAGS; do


  		





  ......




  54
  49
  
    
    try send_garp


  		





  55
  50
  
    
  ;;


  		





  56
  51
  
    
  $NFDHCPD_TAG)


  		





  57
  
  
    
    # Drop unicast BOOTP/DHCP packets


  		





  58
  
  
    
    $DROPDHCPREQCMD


  		





  59
  52
  
    
    try setup_nfdhcpd


  		





  60
  53
  
    
  ;;


  		





  61
  54
  
    
  $MAC_FILTERED_TAG)


  		





  
  55
  
    
    try init_ebtables


  		





  62
  56
  
    
    try setup_ebtables


  		





  63
  57
  
    
  ;;


  		





  64
  58
  
    
  $MASQ_TAG)


  		












Also available in:
  Unified diff