2
# Copyright (c) 2005 XenSource Ltd.
4
# This library is free software; you can redistribute it and/or
5
# modify it under the terms of version 2.1 of the GNU Lesser General Public
6
# License as published by the Free Software Foundation.
8
# This library is distributed in the hope that it will be useful,
9
# but WITHOUT ANY WARRANTY; without even the implied warranty of
10
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11
# Lesser General Public License for more details.
13
# You should have received a copy of the GNU Lesser General Public
14
# License along with this library; if not, write to the Free Software
15
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20
. "$dir/xen-hotplug-common.sh"
21
. "$dir/xen-network-common.sh"
25
if [ "$command" != "online" ] &&
26
[ "$command" != "offline" ] &&
27
[ "$command" != "add" ] &&
28
[ "$command" != "remove" ]
30
log err "Invalid command: $command"
41
# Parameters may be read from the environment, the command line arguments, and
42
# the store, with overriding in that order. The environment is given by the
43
# driver, the command line is given by the Xend global configuration, and
44
# store details are given by the per-domain or per-device configuration.
49
ip=$(xenstore_read_default "$XENBUS_PATH/ip" "$ip")
51
# Check presence of compulsory args.
52
XENBUS_PATH="${XENBUS_PATH:?}"
56
vifname=$(xenstore_read_default "$XENBUS_PATH/vifname" "")
59
if [ "$command" == "online" ] && ! ip link show "$vifname" >&/dev/null
61
do_or_die ip link set "$vif" name "$vifname"
69
if [ "$command" == "online" ]
76
iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
78
iptables "$c" FORWARD -m state --state RELATED,ESTABLISHED -m physdev \
79
--physdev-out "$vif" -j ACCEPT 2>/dev/null
81
if [ "$command" == "online" -a $? -ne 0 ]
83
log err "iptables setup failed. This may affect guest networking."
89
# Add or remove the appropriate entries in the iptables. With antispoofing
90
# turned on, we have to explicitly allow packets to the interface, regardless
91
# of the ip setting. If ip is set, then we additionally restrict the packets
92
# to those coming from the specified networks, though we allow DHCP requests
97
# Check for a working iptables installation. Checking for the iptables
98
# binary is not sufficient, because the user may not have the appropriate
99
# modules installed. If iptables is not working, then there's no need to do
100
# anything with it, so we can just return.
101
if ! iptables -L -n >&/dev/null
106
claim_lock "iptables"
113
frob_iptable -s "$addr"
116
# Always allow the domain to talk to a DHCP server.
117
frob_iptable -p udp --sport 68 --dport 67
119
# No IP addresses have been specified, so allow anything.
123
release_lock "iptables"
130
# Print the IP address currently in use at the given interface, or nothing if
131
# the interface is not up.
135
ip addr show "$1" | awk "/^.*inet.*$1\$/{print \$2}" | sed -n '1 s,/.*,,p'
142
# Print the IP address of the interface in dom0 through which we are routing.
143
# This is the IP address on the interface specified as "netdev" as a parameter
144
# to these scripts, or eth0 by default. This function will call fatal if no
145
# such interface could be found.
149
local nd=${netdev:-eth0}
150
local result=$(ip_of "$nd")
154
"$netdev is not up. Bring it up or specify another interface with " \
155
"netdev=<if> as a parameter to $0."