History | View | Annotate | Download (5.4 kB)
Do not add ebtables rule for dhcp response
nfdhpcd opens a socket and binds it with tap interface. So dhcpresponse will NOT go though the bridge and ebtables rule isnot needed.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Fix ebtables
1) Add ebtables in INPUT/OUTPUT chains too This is needed because multicast packets (e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain
2) In case of nfdhpcd allow DHCP replies only with src address the MAC address of incoming device (e.g. prv0)...
Move fix-net logic from hooks to if-up
In target node we used to run arping and ndsend. Move thesecommands to if-up script.
Introduce helper function to get eui64 and uplink.
return in case expected env vars are not set
In case of IPv6 only setup, IP environment variable should not beset. Still if we have a routed setup routed_setup_ipv4() gets invoked.
This means that the following command will be invoked:
ip route replace proto static dev tap3 table public...
Support firewalls based on NINC index, uuid, names
Serialize the excecution of ebtables processes
ebtables cannot handle multiple userspace ebtables processes runningconcurrently. This could lead to failures while setting up or cleaningup ebtables for VM networks.
ebtables latest release (included in Debian Wheezy) supports ebtables...
Add vif-custom script and split kvm-vif-bridge
Put functions in /usr/lib/snf-network/common.sh