Revision:

Revisions

# Date Author Comment
74ab2e3c 03/05/2014 02:30 pm Dimitris Aragiorgis

Create ebtables chains with RETURN policy

This fixes inter-node private networks in case of multicast packets.
Multicast packets are forwarded to all interfaces bridged
on the bridge. Lets assume the following:

prv0 bridge with tap0, tap1, and eth1.
From tap0 comes a multicast packet....
68f103bd 03/05/2014 01:25 pm Dimitris Aragiorgis

Bump version to 0.15.8-1~wheezy

Signed-off-by: Dimitris Aragiorgis <>
6de5017b 03/05/2014 01:24 pm Dimitris Aragiorgis

Merge branch 'master' into debian-wheezy
3304ce51 03/05/2014 01:24 pm Dimitris Aragiorgis

Bump version to 0.15.8
8f7d1f1c 03/05/2014 01:03 pm Dimitris Aragiorgis

Create ebtables chains with RETURN policy

This fixes inter-node private networks in case of multicast packets.
Multicast packets are forwarded to all interfaces bridged
on the bridge. Lets assume the following:

prv0 bridge with tap0, tap1, and eth1.
From tap0 comes a multicast packet....
a3960db8 03/04/2014 05:39 pm Dimitris Aragiorgis

Changes in debian files

- install: kvm-ifup-custom, kvm-ifdown-custom
- default: SNF_NETWORK_LOG, LOGFILE, TTL
- links: kvm-vif-bridge

Signed-off-by: Dimitris Aragiorgis <>
8bdda5ff 03/04/2014 05:38 pm Dimitris Aragiorgis

Add ifup-extra script

..in install and default.

Signed-off-by: Dimitris Aragiorgis <>
c3d3d121 03/04/2014 04:02 pm Dimitris Aragiorgis

Do not add ebtables rule for dhcp response

nfdhpcd opens a socket and binds it with tap interface. So dhcp
response will NOT go though the bridge and ebtables rule is
not needed.

Signed-off-by: Dimitris Aragiorgis <>
c9d2a566 03/04/2014 04:02 pm Dimitris Aragiorgis

Fix typo in ebtables

If interface has an IP we used to add a rule that does not allow
packets coming from TAP to have a different IP. There was a typo
in if statement and the rule did never apply.

Still, we do NOT want this rule so we fix typo and comment the...
95226ff3 03/04/2014 04:02 pm Dimitris Aragiorgis

Setup ebtables only for mac filtered setups

We used to drop DHCP requests for all bridged setups in case of
nfdhcpd. This requires ebtables setup for private vlans as well.

Dropping DHCP requests in case of nfdhcpd is not really needed
because they are dropped in user space...
aa38fdaf 03/04/2014 04:02 pm Dimitris Aragiorgis

Refactor ifup-extra script

1) Look for all kind of tags (interface specific or not):
some-prefix:1:mail
some-prefix:snf-nic-12345:mail
some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail
some-prefix:mail

2) some-prefix must be other than synnefo:network:...
a67910c4 03/04/2014 12:50 pm Dimitris Aragiorgis

Fix ebtables

1) Add ebtables in INPUT/OUTPUT chains too
This is needed because multicast packets
(e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain

2) In case of nfdhpcd allow DHCP replies only with src address the
MAC address of incoming device (e.g. prv0)...
3f64dc08 03/04/2014 12:50 pm Dimitris Aragiorgis

Add sample rules in ifup-extra

Here we allows outgoing traffic with destination port 25.

Please note that every rule that is added when the corresponding
tag is found it should always be removed at the beginning of the
script. With other words you should remove stale entries before...
dc1bb18b 03/04/2014 12:50 pm Dimitris Aragiorgis

Support execution of extra script

In case of kvm-ifup, if an extra script (/etc/ganeti/ifup-extra)
exists, execute it before exiting.

An dummy example script is given, that parses instance's tags,
and searches for synnefo:network:<ident>:mail.

Signed-off-by: Dimitris Aragiorgis <>
9aca216b 02/28/2014 01:22 pm Dimitris Aragiorgis

Bump version to 0.15.7-1~wheezy

Signed-off-by: Dimitris Aragiorgis <>
8d888c63 02/28/2014 01:20 pm Dimitris Aragiorgis

Merge branch 'master' into debian-wheezy
96cefca5 02/28/2014 01:20 pm Dimitris Aragiorgis

Bump version to 0.15.7
efce42cb 02/28/2014 01:20 pm Dimitris Aragiorgis

Fix typo in ebtables

If interface has an IP we used to add a rule that does not allow
packets coming from TAP to have a different IP. There was a typo
in if statement and the rule did never apply.

Still, we do NOT want this rule so we fix typo and comment the...
c7b580d5 02/28/2014 12:56 pm Dimitris Aragiorgis

Do not add ebtables rule for dhcp response

nfdhpcd opens a socket and binds it with tap interface. So dhcp
response will NOT go though the bridge and ebtables rule is
not needed.

Signed-off-by: Dimitris Aragiorgis <>
4d3b0880 02/28/2014 12:34 pm Dimitris Aragiorgis

Refactor ifup-extra script

1) Look for all kind of tags (interface specific or not):
some-prefix:1:mail
some-prefix:snf-nic-12345:mail
some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail
some-prefix:mail

2) some-prefix must be other than synnefo:network:...
52366a23 02/27/2014 05:49 pm Dimitris Aragiorgis

Fix ebtables

1) Add ebtables in INPUT/OUTPUT chains too
This is needed because multicast packets
(e.g. with dst address 01:00:83:xx:xx:xx) do NOT go through forward chain

2) In case of nfdhpcd allow DHCP replies only with src address the
MAC address of incoming device (e.g. prv0)...
054ff79a 02/27/2014 05:49 pm Dimitris Aragiorgis

Setup ebtables only for mac filtered setups

We used to drop DHCP requests for all bridged setups in case of
nfdhcpd. This requires ebtables setup for private vlans as well.

Dropping DHCP requests in case of nfdhcpd is not really needed
because they are dropped in user space...
56ed9805 02/26/2014 03:25 pm Dimitris Aragiorgis

Bump version to 0.15.6-1~wheezy

Signed-off-by: Dimitris Aragiorgis <>
998347e0 02/26/2014 03:24 pm Dimitris Aragiorgis

Merge branch 'master' into debian-wheezy
3c8da32d 02/26/2014 03:13 pm Dimitris Aragiorgis

Bump version to 0.15.6

« Previous 1 2 3 4 5 ... 10 Next » (51-75/249) | Per page: 25, 50, 100

Also available in: Atom