Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #============================================================================
- # Default Xen network start/stop script.
- # Xend calls a network script when it starts.
- # The script name to use is defined in /etc/xen/xend-config.sxp
- # in the network-script field.
- #
- # This script creates a bridge (default ${netdev}), adds a device
- # (defaults to the device on the default gateway route) to it, copies
- # the IP addresses from the device to the bridge and adjusts the routes
- # accordingly.
- #
- # If all goes well, this should ensure that networking stays up.
- # However, some configurations are upset by this, especially
- # NFS roots. If the bridged setup does not meet your needs,
- # configure a different script, for example using routing instead.
- #
- # Usage:
- #
- # network-bridge (start|stop|status) {VAR=VAL}*
- #
- # Vars:
- #
- # bridge The bridge to use (default ${netdev}).
- # netdev The interface to add to the bridge (default gateway device).
- # antispoof Whether to use iptables to prevent spoofing (default no).
- #
- # Internal Vars:
- # pdev="p${netdev}"
- # tdev=tmpbridge
- #
- # start:
- # Creates the bridge as tdev
- # Copies the IP and MAC addresses from pdev to bridge
- # Renames netdev to be pdev
- # Renames tdev to bridge
- # Enslaves pdev to bridge
- #
- # stop:
- # Removes pdev from the bridge
- # Transfers addresses, routes from bridge to pdev
- # Renames bridge to tdev
- # Renames pdev to netdev
- # Deletes tdev
- #
- # status:
- # Print addresses, interfaces, routes
- #
- #============================================================================
- dir=$(dirname "$0")
- dirname "$0"
- ++ dirname ./network-bridge
- + dir=.
- . "$dir/xen-script-common.sh"
- + . ./xen-script-common.sh
- #
- # Copyright (c) 2005 XenSource Ltd.
- #
- # This library is free software; you can redistribute it and/or
- # modify it under the terms of version 2.1 of the GNU Lesser General Public
- # License as published by the Free Software Foundation.
- #
- # This library is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- # Lesser General Public License for more details.
- #
- # You should have received a copy of the GNU Lesser General Public
- # License along with this library; if not, write to the Free Software
- # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- #
- set -e
- ++ set -e
- evalVariables()
- {
- for arg in "$@"
- do
- if expr 'index' "$arg" '=' '>' '1' >/dev/null
- then
- eval "$arg"
- fi
- done
- }
- findCommand()
- {
- for arg in "$@"
- do
- if ! expr 'index' "$arg" '=' >/dev/null
- then
- command="$arg"
- return
- fi
- done
- }
- . "$dir/xen-network-common.sh"
- + . ./xen-network-common.sh
- #
- # Copyright (c) 2005 XenSource Ltd.
- #
- # This library is free software; you can redistribute it and/or
- # modify it under the terms of version 2.1 of the GNU Lesser General Public
- # License as published by the Free Software Foundation.
- #
- # This library is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- # Lesser General Public License for more details.
- #
- # You should have received a copy of the GNU Lesser General Public
- # License along with this library; if not, write to the Free Software
- # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- #
- # Gentoo doesn't have ifup/ifdown, so we define appropriate alternatives.
- # Other platforms just use ifup / ifdown directly.
- ##
- # preiftransfer
- #
- # @param $1 The current name for the physical device, which is also the name
- # that the virtual device will take once the physical device has
- # been renamed.
- if ! which ifup >/dev/null 2>/dev/null
- then
- preiftransfer()
- {
- true
- }
- ifup()
- {
- false
- }
- ifdown()
- {
- false
- }
- else
- preiftransfer()
- {
- true
- }
- fi
- ++ which ifup
- first_file()
- {
- t="$1"
- shift
- for file in $@
- do
- if [ "$t" "$file" ]
- then
- echo "$file"
- return
- fi
- done
- }
- find_dhcpd_conf_file()
- {
- first_file -f /etc/dhcp3/dhcpd.conf /etc/dhcpd.conf
- }
- find_dhcpd_init_file()
- {
- first_file -x /etc/init.d/{dhcp3-server,dhcp,dhcpd}
- }
- find_dhcpd_arg_file()
- {
- first_file -f /etc/sysconfig/dhcpd /etc/defaults/dhcp /etc/default/dhcp3-server
- }
- # configure interfaces which act as pure bridge ports:
- setup_bridge_port() {
- local dev="$1"
- # take interface down ...
- ip link set ${dev} down
- # ... and configure it
- ip addr flush ${dev}
- }
- # Usage: create_bridge bridge
- create_bridge () {
- local bridge=$1
- # Don't create the bridge if it already exists.
- if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
- brctl addbr ${bridge}
- brctl stp ${bridge} off
- brctl setfd ${bridge} 0
- # Setting these to zero stops guest<->LAN traffic
- # traversing the bridge from hitting the *tables
- # rulesets. guest<->host traffic still gets processed
- # by the host's iptables rules so this isn't a hole
- sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"
- sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"
- sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"
- fi
- }
- # Usage: add_to_bridge bridge dev
- add_to_bridge () {
- local bridge=$1
- local dev=$2
- # Don't add $dev to $bridge if it's already on a bridge.
- if [ -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
- ip link set ${dev} up || true
- return
- fi
- brctl addif ${bridge} ${dev}
- ip link set ${dev} up
- }
- findCommand "$@"
- + findCommand start
- + for arg in '"$@"'
- + expr index start =
- + command=start
- + return
- evalVariables "$@"
- + evalVariables start
- + for arg in '"$@"'
- + expr index start = '>' 1
- is_network_root () {
- local rootfs=$(awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $3; }}' /etc/mtab)
- local rootopts=$(awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $4; }}' /etc/mtab)
- [[ "$rootfs" =~ "^nfs" ]] || [[ "$rootopts" =~ "_netdev" ]] && has_nfsroot=1 || has_nfsroot=0
- if [ $has_nfsroot -eq 1 ]; then
- local bparms=$(cat /proc/cmdline)
- for p in $bparms; do
- local ipaddr=$(echo $p | awk /nfsroot=/'{ print substr($1,9,index($1,":")-9) }')
- if [ "$ipaddr" != "" ]; then
- local nfsdev=$(ip route get $ipaddr | awk /$ipaddr/'{ print $3 }')
- [[ "$nfsdev" == "$netdev" ]] && return 0 || return 1
- fi
- done
- fi
- return 1
- }
- find_alt_device () {
- local interf=$1
- local prefix=${interf%[[:digit:]]}
- local ifs=$(ip link show | grep " $prefix" |\
- gawk '{ printf ("%s",substr($2,1,length($2)-1)) }' |\
- sed s/$interf//)
- echo "$ifs"
- }
- netdev=${netdev:-$(ip route list 0.0.0.0/0 | \
- sed 's/.*dev \([a-z]\+[0-9]\+\).*$/\1/')}
- ip route list 0.0.0.0/0 | sed 's/.*dev \([a-z]\+[0-9]\+\).*$/\1/'
- ++ ip route list 0.0.0.0/0
- ++ sed 's/.*dev \([a-z]\+[0-9]\+\).*$/\1/'
- + netdev=eth0
- if is_network_root ; then
- altdevs=$(find_alt_device $netdev)
- for netdev in $altdevs; do break; done
- if [ -z "$netdev" ]; then
- [ -x /usr/bin/logger ] && /usr/bin/logger "network-bridge: bridging not supported on network root; not starting"
- exit
- fi
- fi
- + is_network_root
- awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $3; }}' /etc/mtab
- ++ awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $3; }}' /etc/mtab
- + local rootfs=ext3
- awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $4; }}' /etc/mtab
- ++ awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $4; }}' /etc/mtab
- + local rootopts=rw
- + [[ ext3 =~ ^nfs ]]
- + [[ rw =~ _netdev ]]
- + has_nfsroot=0
- + '[' 0 -eq 1 ']'
- + return 1
- netdev=${netdev:-eth0}
- + netdev=eth0
- bridge=${bridge:-${netdev}}
- + bridge=eth0
- antispoof=${antispoof:-no}
- + antispoof=no
- pdev="p${netdev}"
- + pdev=peth0
- tdev=tmpbridge
- + tdev=tmpbridge
- get_ip_info() {
- addr_pfx=`ip addr show dev $1 | egrep '^ *inet' | sed -e 's/ *inet //' -e 's/ .*//'`
- gateway=`ip route show dev $1 | fgrep default | sed 's/default via //'`
- }
- do_ifup() {
- if [ $1 != "${netdev}" ] || ! ifup $1 ; then
- if [ -n "$addr_pfx" ] ; then
- # use the info from get_ip_info()
- ip addr flush $1
- ip addr add ${addr_pfx} dev $1
- ip link set dev $1 up
- [ -n "$gateway" ] && ip route add default via ${gateway}
- fi
- fi
- }
- # Usage: transfer_addrs src dst
- # Copy all IP addresses (including aliases) from device $src to device $dst.
- transfer_addrs () {
- local src=$1
- local dst=$2
- # Don't bother if $dst already has IP addresses.
- if ip addr show dev ${dst} | egrep -q '^ *inet ' ; then
- return
- fi
- # Address lines start with 'inet' and have the device in them.
- # Replace 'inet' with 'ip addr add' and change the device name $src
- # to 'dev $src'.
- ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
- s/inet/ip addr add/
- s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@
- s/${src}/dev ${dst} label ${dst}/
- s/secondary//
- " | sh -e
- # Remove automatic routes on destination device
- ip route list | sed -ne "
- /dev ${dst}\( \|$\)/ {
- s/^/ip route del /
- p
- }" | sh -e
- }
- # Usage: transfer_routes src dst
- # Get all IP routes to device $src, delete them, and
- # add the same routes to device $dst.
- # The original routes have to be deleted, otherwise adding them
- # for $dst fails (duplicate routes).
- transfer_routes () {
- local src=$1
- local dst=$2
- # List all routes and grep the ones with $src in.
- # Stick 'ip route del' on the front to delete.
- # Change $src to $dst and use 'ip route add' to add.
- ip route list | sed -ne "
- /dev ${src}\( \|$\)/ {
- h
- s/^/ip route del /
- P
- g
- s/${src}/${dst}/
- s/^/ip route add /
- P
- d
- }" | sh -e
- }
- ##
- # link_exists interface
- #
- # Returns 0 if the interface named exists (whether up or down), 1 otherwise.
- #
- link_exists()
- {
- if ip link show "$1" >/dev/null 2>/dev/null
- then
- return 0
- else
- return 1
- fi
- }
- # Set the default forwarding policy for $dev to drop.
- # Allow forwarding to the bridge.
- antispoofing () {
- iptables -P FORWARD DROP
- iptables -F FORWARD
- iptables -A FORWARD -m physdev --physdev-in ${pdev} -j ACCEPT
- }
- # Usage: show_status dev bridge
- # Print ifconfig and routes.
- show_status () {
- local dev=$1
- local bridge=$2
- echo '============================================================'
- ip addr show ${dev}
- ip addr show ${bridge}
- echo ' '
- brctl show ${bridge}
- echo ' '
- ip route list
- echo ' '
- route -n
- echo '============================================================'
- }
- op_start () {
- if [ "${bridge}" = "null" ] ; then
- return
- fi
- if link_exists "$pdev"; then
- # The device is already up.
- return
- fi
- create_bridge ${tdev}
- preiftransfer ${netdev}
- transfer_addrs ${netdev} ${tdev}
- # Remember slaves for bonding interface.
- if [ -e /sys/class/net/${netdev}/bonding/slaves ]; then
- slaves=`cat /sys/class/net/${netdev}/bonding/slaves`
- fi
- # Remember the IP details for do_ifup.
- get_ip_info ${netdev}
- if ! ifdown ${netdev}; then
- ip link set ${netdev} down
- ip addr flush ${netdev}
- fi
- sleep 2
- ip link set ${netdev} name ${pdev}
- ip link set ${tdev} name ${bridge}
- setup_bridge_port ${pdev}
- # Restore slaves
- if [ -n "${slaves}" ]; then
- ip link set ${pdev} up
- ifenslave ${pdev} ${slaves}
- fi
- add_to_bridge2 ${bridge} ${pdev}
- do_ifup ${bridge}
- if [ ${antispoof} = 'yes' ] ; then
- antispoofing
- fi
- }
- op_stop () {
- if [ "${bridge}" = "null" ]; then
- return
- fi
- if ! link_exists "$bridge"; then
- return
- fi
- transfer_addrs ${bridge} ${pdev}
- if ! ifdown ${bridge}; then
- get_ip_info ${bridge}
- fi
- ip link set ${pdev} down
- ip addr flush ${bridge}
- brctl delif ${bridge} ${pdev}
- ip link set ${bridge} down
- ip link set ${bridge} name ${tdev}
- ip link set ${pdev} name ${netdev}
- do_ifup ${netdev}
- brctl delbr ${tdev}
- }
- # adds $dev to $bridge but waits for $dev to be in running state first
- add_to_bridge2() {
- local bridge=$1
- local dev=$2
- local maxtries=10
- echo -n "Waiting for ${dev} to negotiate link."
- ip link set ${dev} up
- for i in `seq ${maxtries}` ; do
- if ifconfig ${dev} | grep -q RUNNING ; then
- break
- else
- echo -n '.'
- sleep 1
- fi
- done
- if [ ${i} -eq ${maxtries} ] ; then echo -n '(link isnt in running state)' ; fi
- echo
- add_to_bridge ${bridge} ${dev}
- }
- case "$command" in
- start)
- op_start
- ;;
- stop)
- op_stop
- ;;
- status)
- show_status ${netdev} ${bridge}
- ;;
- *)
- echo "Unknown command: $command" >&2
- echo 'Valid commands are: start, stop, status' >&2
- exit 1
- esac
- + case "$command" in
- + op_start
- + '[' eth0 = null ']'
- + link_exists peth0
- + ip link show peth0
- + return 1
- + create_bridge tmpbridge
- + local bridge=tmpbridge
- + '[' '!' -e /sys/class/net/tmpbridge/bridge ']'
- + brctl addbr tmpbridge
- + brctl stp tmpbridge off
- + brctl setfd tmpbridge 0
- + sysctl -q -w net.bridge.bridge-nf-call-arptables=0
- + sysctl -q -w net.bridge.bridge-nf-call-ip6tables=0
- + sysctl -q -w net.bridge.bridge-nf-call-iptables=0
- + preiftransfer eth0
- + true
- + transfer_addrs eth0 tmpbridge
- + local src=eth0
- + local dst=tmpbridge
- + ip addr show dev tmpbridge
- + egrep -q '^ *inet '
- + ip addr show dev eth0
- + egrep '^ *inet '
- + sed -e '
- s/inet/ip addr add/
- s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@
- s/eth0/dev tmpbridge label tmpbridge/
- s/secondary//
- '
- + sh -e
- + ip route list
- + sed -ne '
- /dev tmpbridge\( \|$\)/ {
- s/^/ip route del /
- p
- }'
- + sh -e
- + '[' -e /sys/class/net/eth0/bonding/slaves ']'
- + get_ip_info eth0
- ip addr show dev $1 | egrep '^ *inet' | sed -e 's/ *inet //' -e 's/ .*//'
- ++ ip addr show dev eth0
- ++ egrep '^ *inet'
- ++ sed -e 's/ *inet //' -e 's/ .*//'
- + addr_pfx=46.4.95.215
- ip route show dev $1 | fgrep default | sed 's/default via //'
- ++ ip route show dev eth0
- ++ fgrep default
- ++ sed 's/default via //'
- + gateway='46.4.95.193 '
- + ifdown eth0
- + false
- + ip link set eth0 down
- + ip addr flush eth0
- + sleep 2
- + ip link set eth0 name peth0
- + ip link set tmpbridge name eth0
- + setup_bridge_port peth0
- + local dev=peth0
- + ip link set peth0 down
- + ip addr flush peth0
- Nothing to flush.
- + '[' -n '' ']'
- + add_to_bridge2 eth0 peth0
- + local bridge=eth0
- + local dev=peth0
- + local maxtries=10
- + echo -n 'Waiting for peth0 to negotiate link.'
- Waiting for peth0 to negotiate link.+ ip link set peth0 up
- seq ${maxtries}
- ++ seq 10
- + for i in '`seq ${maxtries}`'
- + ifconfig peth0
- + grep -q RUNNING
- + break
- + '[' 1 -eq 10 ']'
- + echo
- + add_to_bridge eth0 peth0
- + local bridge=eth0
- + local dev=peth0
- + '[' -e /sys/class/net/eth0/brif/peth0 ']'
- + brctl addif eth0 peth0
- + ip link set peth0 up
- + do_ifup eth0
- + '[' eth0 '!=' eth0 ']'
- + ifup eth0
- + false
- + '[' -n 46.4.95.215 ']'
- + ip addr flush eth0
- + ip addr add 46.4.95.215 dev eth0
- + ip link set dev eth0 up
- + '[' -n '46.4.95.193 ' ']'
- + ip route add default via 46.4.95.193
- RTNETLINK answers: Network is unreachable
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement