Bump version to 0.15.8
Create ebtables chains with RETURN policy
This fixes inter-node private networks in case of multicast packets.Multicast packets are forwarded to all interfaces bridgedon the bridge. Lets assume the following:
prv0 bridge with tap0, tap1, and eth1.From tap0 comes a multicast packet....
Bump version to 0.15.7
Fix typo in ebtables
If interface has an IP we used to add a rule that does not allowpackets coming from TAP to have a different IP. There was a typoin if statement and the rule did never apply.
Still, we do NOT want this rule so we fix typo and comment the...
Do not add ebtables rule for dhcp response
nfdhpcd opens a socket and binds it with tap interface. So dhcpresponse will NOT go though the bridge and ebtables rule isnot needed.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Refactor ifup-extra script
1) Look for all kind of tags (interface specific or not): some-prefix:1:mail some-prefix:snf-nic-12345:mail some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail some-prefix:mail
2) some-prefix must be other than synnefo:network:...
Fix ebtables
1) Add ebtables in INPUT/OUTPUT chains too This is needed because multicast packets (e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain
2) In case of nfdhpcd allow DHCP replies only with src address the MAC address of incoming device (e.g. prv0)...
Setup ebtables only for mac filtered setups
We used to drop DHCP requests for all bridged setups in case ofnfdhcpd. This requires ebtables setup for private vlans as well.
Dropping DHCP requests in case of nfdhcpd is not really neededbecause they are dropped in user space...
Bump version to 0.15.6
Add sample rules in ifup-extra
Here we allows outgoing traffic with destination port 25.
Please note that every rule that is added when the correspondingtag is found it should always be removed at the beginning of thescript. With other words you should remove stale entries before...
Bump version to 0.15.5
Support execution of extra script
In case of kvm-ifup, if an extra script (/etc/ganeti/ifup-extra)exists, execute it before exiting.
An dummy example script is given, that parses instance's tags,and searches for synnefo:network:<ident>:mail.
Bump version to 0.15.4
Merge branch 'develop'
Make fix-net use common.sh and correct env vars
Helper functions for getting uplink and eui64 reside in common.sh
New Ganeti provides correct GANETI_NEW_PRIMARY GANETI_OLD_PRIMARYenvironment variables. Use them in hooks.
Move fix-net logic from hooks to if-up
In target node we used to run arping and ndsend. Move thesecommands to if-up script.
Introduce helper function to get eui64 and uplink.
Use correct env vars in fix-net hook
After fixing HooksEnv and HooksNodes in Ganeti migration opcodeto include both source and target nodes, use them correctly infix-net hook.
Bump version to 0.15.3
return in case expected env vars are not set
In case of IPv6 only setup, IP environment variable should not beset. Still if we have a routed setup routed_setup_ipv4() gets invoked.
This means that the following command will be invoked:
ip route replace proto static dev tap3 table public...
Remove unused dsnhook.conf file
The relevant settings have been moved in /etc/default/snf-network.
runlocked forgotten ebtables command
Bump version to 0.15.2
Conflicts: version
Some fixes/changes in dnshook
Bump version to 0.15.1
Support firewalls based on NINC index, uuid, names
Bump version to 0.15.1next
Add GRNET's specific dnshook
Practically rewrite dnshook
Make it more readable.
Introduce specific methods for getting reverse dns info of an IPv4or eui64.
Parse every nic info and check for DNS_FLAG network flag
Do not explicitly pass zone statement to nsupdate. Let it determine...
Bump version to 0.15.0next
Bump version to 0.15.0
Use the script name when logging
Rename clear-proxy-ndp to fix-net
Refactor clear-proxy-ndp post-migrate hook
Serialize the excecution of ebtables processes
ebtables cannot handle multiple userspace ebtables processes runningconcurrently. This could lead to failures while setting up or cleaningup ebtables for VM networks.
ebtables latest release (included in Debian Wheezy) supports ebtables...
Bump version to 0.14.1next
Bump version to 0.14.1
Use devflow
Mods to work with debian's xen
Add vif-custom script and split kvm-vif-bridge
Put functions in /usr/lib/snf-network/common.sh
Fix a bug in clear-proxy-ndp and add logging
Signed-off-by: Dimitris Aragriorgs <dimara@grnet.gr>
Clear existing binding before adding new
This removes the enrty from nfdhcpd runtime (due to inotify).
Use tag types in clear-proxy-ndp
Use tag types in kvm-vif-bridge
Remove vlan files
Remove clear-tap file
Add interfaces example
README refactor
Remove useless files
Refactor snf-network
Fix a bug in generic mode
Fix a minor bug in the generic case
Fix a bug in snf-network-build-node-infra
Change conf files and vars
Insteed of infra.conf introduce generic.conf and grnet.conf.Change PUBLIC_* var into NODE_*.
Add exit 0 to hooks
Add exit 0 in kvm-vif-bridge
Fix a minor bug
Ready for testing
Add PUBLIC_LINK
Handle correctly the PUBLIC_BRIDGE
Add SETUP conf var
Might be either GRNET or GENERIC
Fix kvm-vif-bridge
Fix prv-net-helper bug
Fix a typo in kvm-vif-bridge
Remove MASQ setup
Refactor kvm-vif-bridge
Make better use of ebtables. Correctly drop DHCP request.
prv-net-helper: bridge prefix becomes optional
Fix env vars
Distinguish between GRNET and generic setup
Fix a bug in cluster init hook
Fix number of arguments check
Modify scripts to include network tags
Modify kvm-vif-bridge to support network tags
Refactor code
Add arguments to scripts.Fix few bugs.
clear-tap script
Fix clear-proxy ndp.
source conf files to retrieve public vlan
Modify bridge naming
Change network types
Fix a typo
Initialize conf files for network transition
No mac filtering, no ebtables, no hooksNo private network (bridge with ebtables) just private range(one bridge per vlan)
enable/disable auto conf hooks
Revise snf-network
No NFS storage needed. All info passed in hooks env is producedby ganeti.
Fix log-env
Remove netfile from kvm-vif-bridge
Make nfdhcpd functional
log-env script
clear-proxy-ndp hook script
Fix broken ns_responce in nfdhcpd
Fix proxy ndp configuration
uplink should be public vlan not gateway6
Support routed ipv6 when connecting a network
Modify hook to support grnet specific ip-less routing andproxy ndp for ipv6.
Fix proxy ndp issue
Add a ganeti post hook when a tap gets removedinstance-{migrate, failover, remove, stop}-post.d
Check if the first NIC that usually is the public interfacethat gets routed and does proxy ntp in ipv6 has any orphanrule and remove it....
Code refactoring in kvm-vif-bridge and nfdhcpd
Allow binding files in form ofGATEWAY6=in case not defined.
Modify kvm-vif-bridge that clears the pending rules beforehandling the tap.
Fix IPv6 support for nfdhcpd
Supply all the neccessary fields for dhcp in binding file (createdby kvm-vid-bridge). Reference every dhcp client via the mac or eui64of the incomming packet on the nfqueue.
Modify nfdhcpd to distinguish tap form indev.
DHCPv6 should work fine.
Modify hooks to use node infra details.
When connecting a network in routed mode pass the routing tableand not the vlan as link. The link will be choosen depending thenetwork type and the cluster/node infrastructure.
Fix IPv6 responses in nfdhcpd
Search the interface of incomming request and find binding info(IPv6 subnet) via traversing all clients configuration and matchingcl.ifname (tap0) with the interface above.
Automate config via hooks