ia64/xen-unstable

view tools/examples/network-bridge @ 6198:ff3460690004

Tweaks to network-bridge script.
Signed-off-by: ian@xensource.com
author iap10@firebug.cl.cam.ac.uk
date Mon Aug 15 21:47:44 2005 +0000 (2005-08-15)
parents dc27fd3392b1
children 8523b124c8f8
line source
1 #!/bin/sh -x
2 #============================================================================
3 # Default Xen network start/stop script.
4 # Xend calls a network script when it starts.
5 # The script name to use is defined in /etc/xen/xend-config.sxp
6 # in the network-script field.
7 #
8 # This script creates a bridge (default xen-br0), adds a device
9 # (default eth0) to it, copies the IP addresses from the device
10 # to the bridge and adjusts the routes accordingly.
11 #
12 # If all goes well, this should ensure that networking stays up.
13 # However, some configurations are upset by this, especially
14 # NFS roots. If the bridged setup does not meet your needs,
15 # configure a different script, for example using routing instead.
16 #
17 # Usage:
18 #
19 # network (start|stop|status) {VAR=VAL}*
20 #
21 # Vars:
22 #
23 # bridge The bridge to use (default xen-br0).
24 # netdev The interface to add to the bridge (default eth0).
25 # antispoof Whether to use iptables to prevent spoofing (default yes).
26 #
27 # start:
28 # Creates the bridge and enslaves netdev to it.
29 # Copies the IP addresses from netdev to the bridge.
30 # Deletes the routes to netdev and adds them on bridge.
31 #
32 # stop:
33 # Removes netdev from the bridge.
34 # Deletes the routes to bridge and adds them to netdev.
35 #
36 # status:
37 # Print ifconfig for netdev and bridge.
38 # Print routes.
39 #
40 #============================================================================
42 # Exit if anything goes wrong.
43 set -e
45 # First arg is the operation.
46 OP=$1
47 shift
49 # Pull variables in args in to environment.
50 for arg ; do export "${arg}" ; done
52 bridge=${bridge:-xen-br0}
53 netdev=${netdev:-eth0}
54 antispoof=${antispoof:-yes}
56 echo "*network $OP bridge=$bridge netdev=$netdev antispoof=$antispoof" >&2
58 # Usage: transfer_addrs src dst
59 # Copy all IP addresses (including aliases) from device $src to device $dst.
60 transfer_addrs () {
61 local src=$1
62 local dst=$2
63 # Don't bother if $dst already has IP addresses.
64 if ip addr show dev ${dst} | egrep -q '^ *inet ' ; then
65 return
66 fi
67 # Address lines start with 'inet' and have the device in them.
68 # Replace 'inet' with 'ip addr add' and change the device name $src
69 # to 'dev $src'.
70 ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
71 s/inet/ip addr add/
72 s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@
73 s/${src}/dev ${dst}/
74 " | sh -e
75 # Remove automatic routes on destionation device
76 ip route list | sed -ne "
77 /dev ${dst}\( \|$\)/ {
78 s/^/ip route del /
79 p
80 }" | sh -e
81 }
83 # Usage: del_addrs src
84 del_addrs () {
85 local src=$1
86 ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
87 s/inet/ip addr del/
88 s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)/[0-9]\+@\1@
89 s/${src}/dev ${src}/
90 " | sh -e
91 }
93 # Usage: transfer_routes src dst
94 # Get all IP routes to device $src, delete them, and
95 # add the same routes to device $dst.
96 # The original routes have to be deleted, otherwise adding them
97 # for $dst fails (duplicate routes).
98 transfer_routes () {
99 local src=$1
100 local dst=$2
101 # List all routes and grep the ones with $src in.
102 # Stick 'ip route del' on the front to delete.
103 # Change $src to $dst and use 'ip route add' to add.
104 ip route list | sed -ne "
105 /dev ${src}\( \|$\)/ {
106 h
107 s/^/ip route del /
108 P
109 g
110 s/${src}/${dst}/
111 s/^/ip route add /
112 P
113 d
114 }" | sh -e
115 }
117 # Usage: create_bridge bridge
118 create_bridge () {
119 local bridge=$1
121 # Don't create the bridge if it already exists.
122 if ! brctl show | grep -q ${bridge} ; then
123 brctl addbr ${bridge}
124 brctl stp ${bridge} off
125 brctl setfd ${bridge} 0
126 fi
127 ifconfig ${bridge} up
128 }
130 # Usage: add_to_bridge bridge dev
131 add_to_bridge () {
132 local bridge=$1
133 local dev=$2
134 # Don't add $dev to $bridge if it's already on a bridge.
135 if ! brctl show | grep -q ${dev} ; then
136 brctl addif ${bridge} ${dev}
137 fi
138 }
140 # Usage: antispoofing dev bridge
141 # Set the default forwarding policy for $dev to drop.
142 # Allow forwarding to the bridge.
143 antispoofing () {
144 local dev=$1
145 local bridge=$2
147 iptables -P FORWARD DROP
148 iptables -A FORWARD -m physdev --physdev-in ${dev} -j ACCEPT
149 }
151 # Usage: show_status dev bridge
152 # Print ifconfig and routes.
153 show_status () {
154 local dev=$1
155 local bridge=$2
157 echo '============================================================'
158 ifconfig ${dev}
159 ifconfig ${bridge}
160 echo ' '
161 ip route list
162 echo ' '
163 route -n
164 echo '============================================================'
165 }
167 op_start () {
168 if [ "${bridge}" == "null" ] ; then
169 return
170 fi
172 create_bridge ${bridge}
174 if ifconfig 2>/dev/null | grep -q veth0 ; then
175 return
176 fi
178 if ifconfig veth0 2>/dev/null | grep -q veth0 ; then
179 mac=`ifconfig ${netdev} | grep HWadd | sed -e 's/.*\(..:..:..:..:..:..\).*/\1/'`
180 if ! ifdown ${netdev} ; then
181 # if ifup didn't work, see if we have an ip= on cmd line
182 if egrep 'ip=[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:' /proc/cmdline ;
183 then
184 kip=`sed -e 's!.*ip=\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\):.*!\1!' /proc/cmdline`
185 kmask=`sed -e 's!.*ip=[^:]*:[^:]*:[^:]*:\([^:]*\):.*!\1!' /proc/cmdline`
186 kgate=`sed -e 's!.*ip=[^:]*:[^:]*:\([^:]*\):.*!\1!' /proc/cmdline`
187 ifconfig ${netdev} 0.0.0.0 down
188 fi
189 fi
190 ip link set ${netdev} name p${netdev}
191 ip link set veth0 name ${netdev}
192 ifconfig p${netdev} -arp down
193 ifconfig p${netdev} hw ether fe:ff:ff:ff:ff:ff
194 ifconfig ${netdev} hw ether ${mac}
195 add_to_bridge ${bridge} vif0.0
196 add_to_bridge ${bridge} p${netdev}
197 ip link set ${bridge} up
198 ip link set vif0.0 up
199 ip link set p${netdev} up
200 if ! ifup ${netdev} ; then
201 if [ ${kip} ] ; then
202 # use the addresses we grocked from /proc/cmdline
203 ifconfig ${netdev} ${kip}
204 [ ${kmask} ] && ifconfig ${netdev} netmask ${kmask}
205 ifconfig ${netdev} up
206 [ ${kgate} ] && ip route add default via ${kgate}
207 fi
208 fi
209 else
210 # old style without veth0
211 transfer_addrs ${netdev} ${bridge}
212 transfer_routes ${netdev} ${bridge}
213 fi
215 if [ ${antispoof} == 'yes' ] ; then
216 antispoofing ${netdev} ${bridge}
217 fi
218 }
220 op_stop () {
221 if [ "${bridge}" == "null" ] ; then
222 return
223 fi
225 brctl delif ${bridge} ${netdev}
227 if ifconfig veth0 2>/dev/null | grep -q veth0 ; then
228 brctl delif ${bridge} vif0.0
229 ifconfig vif0.0 down
230 mac=`ifconfig veth0 | grep HWadd | sed -e 's/.*\(..:..:..:..:..:..\).*/\1/'`
231 ifconfig ${netdev} down
232 ifconfig ${netdev} hw ether ${mac}
233 ifconfig ${netdev} arp up
234 transfer_addrs veth0 ${netdev}
235 transfer_routes veth0 ${netdev}
236 del_addrs veth0
237 ifconfig veth0 -arp down
238 ifconfig veth0 hw ether 00:00:00:00:00:00
239 else
240 transfer_routes ${bridge} ${netdev}
241 fi
242 }
244 case ${OP} in
245 start)
246 op_start
247 ;;
249 stop)
250 op_stop
251 ;;
253 status)
254 show_status ${netdev} ${bridge}
255 ;;
257 *)
258 echo 'Unknown command: ' ${OP} >&2
259 echo 'Valid commands are: start, stop, status' >&2
260 exit 1
261 esac