Synnefo » snf-network

#!/bin/bash

dir=$(dirname "$0")

. "$dir"/vif-common.sh

# taken from older vif-common.sh

dev=$vif

dev_=${dev#vif}

domid=${dev_%.*}

devid=${dev_#*.}

domname=$(xm domname $domid)

source /etc/default/snf-network

source /usr/lib/snf-network/common.sh

source $GANETI_NIC_DIR/$domname/$devid

INTERFACE=$dev

INSTANCE=$domname

GANETI_INSTANCE_NAME=$INSTANCE

get_info

try clear_routed_setup_ipv4

try clear_routed_setup_ipv6

try clear_routed_setup_firewall

try clear_ebtables

try clear_nfdhcpd

if [ "$MODE" = "routed" ]; then

  TABLE=$LINK

  ip link set $INTERFACE up

  success

  INDEV=$INTERFACE

  DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"

elif [ "$MODE" = "bridged" ]; then

  ip link set $INTERFACE up

  BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")

  brctl addif $BRIDGE $INTERFACE

  success

  INDEV=$BRIDGE

  try init_ebtables

  # nfdhcpd creates responses with src mac the mac of indec

  INDEV_MAC=$(cat /sys/class/net/$INDEV/address)

  DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"

fi

for tag in $NETWORK_TAGS; do

  case $tag in

  $IP_LESS_ROUTED_TAG)

    try routed_setup_ipv4

    try routed_setup_ipv6

    try routed_setup_firewall

    try send_garp

  ;;

  $NFDHCPD_TAG)

    # Drop unicast BOOTP/DHCP packets

    $DROPDHCPREQCMD

    try setup_nfdhcpd

  ;;

  $MAC_FILTERED_TAG)

    try setup_ebtables

  ;;

  $MASQ_TAG)

    try setup_masq

  ;;

  esac

done