Refactor ifup-extra script
1) Look for all kind of tags (interface specific or not): some-prefix:1:mail some-prefix:snf-nic-12345:mail some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail some-prefix:mail
2) some-prefix must be other than synnefo:network:...
Do not add ebtables rule for dhcp response
nfdhpcd opens a socket and binds it with tap interface. So dhcpresponse will NOT go though the bridge and ebtables rule isnot needed.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Fix typo in ebtables
If interface has an IP we used to add a rule that does not allowpackets coming from TAP to have a different IP. There was a typoin if statement and the rule did never apply.
Still, we do NOT want this rule so we fix typo and comment the...
Create ebtables chains with RETURN policy
This fixes inter-node private networks in case of multicast packets.Multicast packets are forwarded to all interfaces bridgedon the bridge. Lets assume the following:
prv0 bridge with tap0, tap1, and eth1.From tap0 comes a multicast packet....
Support execution of extra script
In case of kvm-ifup, if an extra script (/etc/ganeti/ifup-extra)exists, execute it before exiting.
An dummy example script is given, that parses instance's tags,and searches for synnefo:network:<ident>:mail.
Add sample rules in ifup-extra
Here we allows outgoing traffic with destination port 25.
Please note that every rule that is added when the correspondingtag is found it should always be removed at the beginning of thescript. With other words you should remove stale entries before...
Fix ebtables
1) Add ebtables in INPUT/OUTPUT chains too This is needed because multicast packets (e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain
2) In case of nfdhpcd allow DHCP replies only with src address the MAC address of incoming device (e.g. prv0)...
Setup ebtables only for mac filtered setups
We used to drop DHCP requests for all bridged setups in case ofnfdhcpd. This requires ebtables setup for private vlans as well.
Dropping DHCP requests in case of nfdhcpd is not really neededbecause they are dropped in user space...
Add docs
Log table's uplink only if exists
Minor fix related to logging in dnshook
Add kvm-ifdown-custom script
This should do any cleanup needed related to the interfacethat is going down.
Move things inside get_info()
Fix ebtables in vif-custom
..and remove any unused rules (comments) related to ebtables
Rename kvm-vif-bridge to kvm-ifup-custom
Package will create a symlink until this gets renamed inupstream Ganeti as well.
Introduce get_info helper method
It gets the exported environment and calculates all needed vars fora specific interface. Use this function early in scripts and assoon as you extract each interface info in hooks.
Make get_info caclulate ebtables chain names
Minor changes related to logging
Some minor fixes..
- Use NETWORK_SUBNET6 since this is exported by Ganeti and not just SUBNET6- All logging in helper function- Do not send GARP or delete neighbor proxy if desired vars are not set
Use arpsend instead of arping
arpsend comes along with ndsend with vzctl package.We send only one packet in order not to delay ifup script.
Small changes in if* scripts
Use env var for logging script
Rename dnshook and fix-net
..to snf-network-dnshook and snf-network-hook correspondingly.
Factor out common funtions from dnshook
hooks-log -> snf-network-log
« Previous 1 2 3 4 ... 10 Next » (26-50/249) | Per page: 25, 50, 100
Also available in: Atom