ia64/xen-unstable

view tools/examples/network-bridge @ 7706:37ad91483bd3

Increase the static constant default number of loopback interfaces, nloopbacks,
to 8. These interfaces are very cheap, so there's no problem having a few
spare. Anyone with more than 8 NICs can still use the kernel command line or
the module parameter line to pass a larger limit to this module.

Detail the kernel command line parameter for nloopbacks in the diagnostic in
network-bridge.

Closes bug #381.

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author emellor@leeni.uk.xensource.com
date Tue Nov 08 15:15:02 2005 +0100 (2005-11-08)
parents f392a8fc7494
children 08f0066158c3
line source
1 #!/bin/sh
2 #============================================================================
3 # Default Xen network start/stop script.
4 # Xend calls a network script when it starts.
5 # The script name to use is defined in /etc/xen/xend-config.sxp
6 # in the network-script field.
7 #
8 # This script creates a bridge (default xenbr${vifnum}), adds a device
9 # (default eth${vifnum}) to it, copies the IP addresses from the device
10 # to the bridge and adjusts the routes accordingly.
11 #
12 # If all goes well, this should ensure that networking stays up.
13 # However, some configurations are upset by this, especially
14 # NFS roots. If the bridged setup does not meet your needs,
15 # configure a different script, for example using routing instead.
16 #
17 # Usage:
18 #
19 # network (start|stop|status) {VAR=VAL}*
20 #
21 # Vars:
22 #
23 # vifnum Virtual device number to use (default 0). Numbers >=1
24 # require the netback driver to have nloopbacks set to a
25 # higher value than its default of 1.
26 # bridge The bridge to use (default xenbr${vifnum}).
27 # netdev The interface to add to the bridge (default eth${vifnum}).
28 # antispoof Whether to use iptables to prevent spoofing (default no).
29 #
30 # start:
31 # Creates the bridge and enslaves netdev to it.
32 # Copies the IP addresses from netdev to the bridge.
33 # Deletes the routes to netdev and adds them on bridge.
34 #
35 # stop:
36 # Removes netdev from the bridge.
37 # Deletes the routes to bridge and adds them to netdev.
38 #
39 # status:
40 # Print ifconfig for netdev and bridge.
41 # Print routes.
42 #
43 #============================================================================
46 dir=$(dirname "$0")
47 . "$dir/xen-script-common.sh"
48 . "$dir/xen-network-common.sh"
50 findCommand "$@"
51 evalVariables "$@"
53 vifnum=${vifnum:-0}
54 bridge=${bridge:-xenbr${vifnum}}
55 netdev=${netdev:-eth${vifnum}}
56 antispoof=${antispoof:-no}
58 pdev="p${netdev}"
59 vdev="veth${vifnum}"
60 vif0="vif0.${vifnum}"
62 legacy_mask_to_prefix() {
63 mask=$1
64 first=${mask%%.*}
65 second=${mask#*.}
66 third=${second#*.}
67 fourth=${third#*.}
68 second=${second%%.*}
69 third=${third%%.*}
70 declare -i INT FULLMASK BIT
71 INT=$((((($first*256)+$second)*256+$third)*256+$fourth))
72 FULLMASK=4294967295
73 BIT=1
74 for bit in `seq 32 -1 0`; do
75 if test $FULLMASK -eq $INT; then PREFIX=$bit; return; fi
76 FULLMASK=$(($FULLMASK-$BIT))
77 BIT=$((BIT*2))
78 done
79 echo "ERROR converting netmask $mask to prefix"
80 exit 1
81 }
83 # Usage: transfer_addrs src dst
84 # Copy all IP addresses (including aliases) from device $src to device $dst.
85 transfer_addrs () {
86 local src=$1
87 local dst=$2
88 # Don't bother if $dst already has IP addresses.
89 if ip addr show dev ${dst} | egrep -q '^ *inet ' ; then
90 return
91 fi
92 # Address lines start with 'inet' and have the device in them.
93 # Replace 'inet' with 'ip addr add' and change the device name $src
94 # to 'dev $src'.
95 ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
96 s/inet/ip addr add/
97 s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@
98 s/${src}/dev ${dst}/
99 " | sh -e
100 # Remove automatic routes on destionation device
101 ip route list | sed -ne "
102 /dev ${dst}\( \|$\)/ {
103 s/^/ip route del /
104 p
105 }" | sh -e
106 }
108 # Usage: del_addrs src
109 del_addrs () {
110 local src=$1
111 ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
112 s/inet/ip addr del/
113 s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)/[0-9]\+@\1@
114 s/${src}/dev ${src}/
115 " | sh -e
116 ip link set dev ${dst} up
117 }
119 # Usage: transfer_routes src dst
120 # Get all IP routes to device $src, delete them, and
121 # add the same routes to device $dst.
122 # The original routes have to be deleted, otherwise adding them
123 # for $dst fails (duplicate routes).
124 transfer_routes () {
125 local src=$1
126 local dst=$2
127 # List all routes and grep the ones with $src in.
128 # Stick 'ip route del' on the front to delete.
129 # Change $src to $dst and use 'ip route add' to add.
130 ip route list | sed -ne "
131 /dev ${src}\( \|$\)/ {
132 h
133 s/^/ip route del /
134 P
135 g
136 s/${src}/${dst}/
137 s/^/ip route add /
138 P
139 d
140 }" | sh -e
141 }
143 # Usage: create_bridge bridge
144 create_bridge () {
145 local bridge=$1
147 # Don't create the bridge if it already exists.
148 if ! brctl show | grep -q ${bridge} ; then
149 brctl addbr ${bridge}
150 brctl stp ${bridge} off
151 brctl setfd ${bridge} 0
152 fi
153 ip link set ${bridge} up
154 }
156 # Usage: add_to_bridge bridge dev
157 add_to_bridge () {
158 local bridge=$1
159 local dev=$2
160 # Don't add $dev to $bridge if it's already on a bridge.
161 if ! brctl show | grep -q ${dev} ; then
162 brctl addif ${bridge} ${dev}
163 fi
164 }
166 # Set the default forwarding policy for $dev to drop.
167 # Allow forwarding to the bridge.
168 antispoofing () {
169 iptables -P FORWARD DROP
170 iptables -F FORWARD
171 iptables -A FORWARD -m physdev --physdev-in ${pdev} -j ACCEPT
172 iptables -A FORWARD -m physdev --physdev-in ${vif0} -j ACCEPT
173 }
175 # Usage: show_status dev bridge
176 # Print ifconfig and routes.
177 show_status () {
178 local dev=$1
179 local bridge=$2
181 echo '============================================================'
182 ip addr show ${dev}
183 ip addr show ${bridge}
184 echo ' '
185 brctl show ${bridge}
186 echo ' '
187 ip route list
188 echo ' '
189 route -n
190 echo '============================================================'
191 }
193 op_start () {
194 if [ "${bridge}" == "null" ] ; then
195 return
196 fi
198 if ! ip link show 2>/dev/null | grep -q "^[0-9]*: ${vdev}"; then
199 echo "
200 Link $vdev is missing.
201 This may be because you have reached the limit of the number of interfaces
202 that the loopback driver supports. If the loopback driver is a module, you
203 may raise this limit by passing it as a parameter (nloopbacks=<N>); if the
204 driver is compiled statically into the kernel, then you may set the parameter
205 using loopback.nloopbacks=<N> on the domain 0 kernel command line.
206 " >&2
207 exit 1
208 fi
210 create_bridge ${bridge}
212 if ip link show ${vdev} 2>/dev/null >/dev/null; then
213 mac=`ip link show ${netdev} | grep 'link\/ether' | sed -e 's/.*ether \(..:..:..:..:..:..\).*/\1/'`
214 preiftransfer ${netdev}
215 transfer_addrs ${netdev} ${vdev}
216 if ! ifdown ${netdev}; then
217 # if ifup didn't work, see if we have an ip= on cmd line
218 if egrep 'ip=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:' /proc/cmdline; then
219 kip=`sed -e 's!.*ip=\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\):.*!\1!' /proc/cmdline`
220 kmask=`sed -e 's!.*ip=[^:]*:[^:]*:[^:]*:\([^:]*\):.*!\1!' /proc/cmdline`
221 kgate=`sed -e 's!.*ip=[^:]*:[^:]*:\([^:]*\):.*!\1!' /proc/cmdline`
222 ip link set ${netdev} down
223 ip addr flush ${netdev}
224 fi
225 fi
226 ip link set ${netdev} name ${pdev}
227 ip link set ${vdev} name ${netdev}
228 ip link set ${pdev} down arp off
229 ip link set ${pdev} addr fe:ff:ff:ff:ff:ff
230 ip addr flush ${pdev}
231 ip link set ${netdev} addr ${mac} arp on
232 add_to_bridge ${bridge} ${vif0}
233 add_to_bridge ${bridge} ${pdev}
234 ip link set ${bridge} up
235 ip link set ${vif0} up
236 ip link set ${pdev} up
237 if ! ifup ${netdev} ; then
238 if [ ${kip} ] ; then
239 # use the addresses we grocked from /proc/cmdline
240 if [ -z "${kmask}" ]; then
241 PREFIX=32;
242 else
243 legacy_mask_to_prefix ${kmask};
244 fi
245 ip addr add ${kip}/${PREFIX} dev ${netdev}
246 ip link set dev ${netdev} up
247 [ ${kgate} ] && ip route add default via ${kgate}
248 fi
249 fi
250 else
251 # old style without ${vdev}
252 transfer_addrs ${netdev} ${bridge}
253 transfer_routes ${netdev} ${bridge}
254 fi
256 if [ ${antispoof} == 'yes' ] ; then
257 antispoofing
258 fi
259 }
261 op_stop () {
262 if [ "${bridge}" == "null" ]; then
263 return
264 fi
265 if ! ip link show ${bridge} >/dev/null 2>&1; then
266 return
267 fi
269 if ip link show ${pdev} 2>/dev/null >/dev/null; then
270 ip link set dev ${vif0} down
271 mac=`ip link show ${netdev} | grep 'link\/ether' | sed -e 's/.*ether \(..:..:..:..:..:..\).*/\1/'`
272 transfer_addrs ${netdev} ${pdev}
273 ifdown ${netdev}
274 ip link set ${netdev} down arp off
275 ip link set ${netdev} addr fe:ff:ff:ff:ff:ff
276 ip link set ${pdev} down
277 ip addr flush ${netdev}
278 ip link set ${pdev} addr ${mac} arp on
280 brctl delif ${bridge} ${pdev}
281 brctl delif ${bridge} ${vif0}
282 ip link set ${bridge} down
284 ip link set ${netdev} name ${vdev}
285 ip link set ${pdev} name ${netdev}
286 ifup ${netdev}
288 else
289 transfer_routes ${bridge} ${netdev}
290 ip link set ${bridge} down
291 fi
292 brctl delbr ${bridge}
293 }
295 case "$command" in
296 start)
297 op_start
298 ;;
300 stop)
301 op_stop
302 ;;
304 status)
305 show_status ${netdev} ${bridge}
306 ;;
308 *)
309 echo "Unknown command: $command" >&2
310 echo 'Valid commands are: start, stop, status' >&2
311 exit 1
312 esac