ia64/xen-unstable

view tools/examples/vif-common.sh @ 8062:3c01d53e383d

Don't issue the iptables diagnostic when removing entries. Depending upon your
hotplug config, the offline event may come through to this script twice, and
the iptables -D will fail the second time.

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author emellor@leeni.uk.xensource.com
date Fri Nov 25 17:08:22 2005 +0000 (2005-11-25)
parents 83bc047bb346
children a20a9ec0e510
line source
1 #
2 # Copyright (c) 2005 XenSource Ltd.
3 #
4 # This library is free software; you can redistribute it and/or
5 # modify it under the terms of version 2.1 of the GNU Lesser General Public
6 # License as published by the Free Software Foundation.
7 #
8 # This library is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 # Lesser General Public License for more details.
12 #
13 # You should have received a copy of the GNU Lesser General Public
14 # License along with this library; if not, write to the Free Software
15 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
16 #
19 dir=$(dirname "$0")
20 . "$dir/xen-hotplug-common.sh"
21 . "$dir/xen-network-common.sh"
23 findCommand "$@"
25 if [ "$command" != "online" ] &&
26 [ "$command" != "offline" ] &&
27 [ "$command" != "add" ] &&
28 [ "$command" != "remove" ]
29 then
30 log err "Invalid command: $command"
31 exit 1
32 fi
34 case "$command" in
35 add | remove)
36 exit 0
37 ;;
38 esac
41 # Parameters may be read from the environment, the command line arguments, and
42 # the store, with overriding in that order. The environment is given by the
43 # driver, the command line is given by the Xend global configuration, and
44 # store details are given by the per-domain or per-device configuration.
46 evalVariables "$@"
48 ip=${ip:-}
49 ip=$(xenstore_read_default "$XENBUS_PATH/ip" "$ip")
51 # Check presence of compulsory args.
52 XENBUS_PATH="${XENBUS_PATH:?}"
53 vif="${vif:?}"
56 function frob_iptable()
57 {
58 if [ "$command" == "online" ]
59 then
60 local c="-A"
61 else
62 local c="-D"
63 fi
65 iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT ||
66 [ "$c" == "-D" ] ||
67 log err \
68 "iptables $c FORWARD -m physdev --physdev-in $vif $@ -j ACCEPT failed.
69 If you are using iptables, this may affect networking for guest domains."
70 }
73 ##
74 # Add or remove the appropriate entries in the iptables. With antispoofing
75 # turned on, we have to explicitly allow packets to the interface, regardless
76 # of the ip setting. If ip is set, then we additionally restrict the packets
77 # to those coming from the specified networks, though we allow DHCP requests
78 # as well.
79 #
80 function handle_iptable()
81 {
82 # Check for a working iptables installation. Checking for the iptables
83 # binary is not sufficient, because the user may not have the appropriate
84 # modules installed. If iptables is not working, then there's no need to do
85 # anything with it, so we can just return.
86 if ! iptables -L -n >&/dev/null
87 then
88 return
89 fi
91 if [ "$ip" != "" ]
92 then
93 local addr
94 for addr in "$ip"
95 do
96 frob_iptable -s "$addr"
97 done
99 # Always allow the domain to talk to a DHCP server.
100 frob_iptable -p udp --sport 68 --dport 67
101 else
102 # No IP addresses have been specified, so allow anything.
103 frob_iptable
104 fi
105 }