#!/bin/sh#====================================================================

1. #!/bin/sh
2. #============================================================================
3. # /etc/xen/vif-bridge
4. #
5. # Script for configuring a vif in bridged mode.
6. # The hotplugging system will call this script if it is specified either in
7. # the device configuration given to Xend, or the default Xend configuration
8. # in /etc/xen/xend-config.sxp. If the script is specified in neither of those
9. # places, then this script is the default.
10. #
11. # Usage:
12. # vif-bridge (add|remove|online|offline)
13. #
14. # Environment vars:
15. # vif vif interface name (required).
16. # XENBUS_PATH path to this device's details in the XenStore (required).
17. #
18. # Read from the store:
19. # bridge bridge to add the vif to (optional). Defaults to searching for the
20. # bridge itself.
21. # ip list of IP networks for the vif, space-separated (optional).
22. #
23. # up:
24. # Enslaves the vif interface to the bridge and adds iptables rules
25. # for its ip addresses (if any).
26. #
27. # down:
28. # Removes the vif interface from the bridge and removes the iptables
29. # rules for its ip addresses (if any).
30. #============================================================================
31.  
32. dir=$(dirname "$0")
33. . "$dir/vif-common.sh"
34.  
35. bridge=${bridge:-}
36. bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
37.  
38. if [ -z "$bridge" ]
39. then
40. bridge=$(brctl show | cut -d "
41. " -f 2 | cut -f 1)
42.  
43. if [ -z "$bridge" ]
44. then
45. fatal "Could not find bridge, and none was specified"
46. fi
47. fi
48.  
49. RET=0
50. ip link show $bridge 1>/dev/null 2>&1 || RET=1
51. if [ "$RET" -eq 1 ]
52. then
53. fatal "Could not find bridge device $bridge"
54. fi
55.  
56. case "$command" in
57. online)
58. setup_bridge_port "$vif"
59. add_to_bridge "$bridge" "$vif"
60. ebtables -N $vif
61. ebtables -P $vif DROP
62. ebtables -A INPUT -i $vif -j $vif
63. ebtables -A FORWARD -i $vif -j $vif
64. ebtables -A $vif -p ARP --arp-opcode 1 -j ACCEPT
65.  
66. if [ ! -z "$ip" ]
67. then
68. for oneip in $ip
69. do
70. ebtables -A $vif -p IPv4 --ip-src $oneip -j ACCEPT
71. ebtables -A $vif -p IPv4 --ip-dst $oneip -j ACCEPT
72. ebtables -A $vif -p ARP --arp-opcode 2 --arp-ip-src $oneip -j ACCEPT
73. done
74. ebtables -A $vif --log-prefix="arp-drop" --log-arp -j DROP
75. fi
76. ;;
77.  
78. offline)
79. do_without_error brctl delif "$bridge" "$vif"
80. do_without_error ifconfig "$vif" down
81. do_without_error ebtables -D INPUT -i $vif -j $vif
82. do_without_error ebtables -D FORWARD -i $vif -j $vif
83. do_without_error ebtables -F $vif
84. do_without_error ebtables -X $vif
85. ;;
86. esac
87.  
88. #handle_iptable
89.  
90. log debug "Successful vif-bridge $command for $vif, bridge $bridge."
91. if [ "$command" == "online" ]
92. then
93. success
94. fi