From: Jonatan Schlag <jonatan.schlag@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 1/6] Network: add macvtap mode
Date: Sat, 07 May 2016 16:01:08 +0200 [thread overview]
Message-ID: <1462629673-878-2-git-send-email-jonatan.schlag@ipfire.org> (raw)
In-Reply-To: <1462629673-878-1-git-send-email-jonatan.schlag@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6777 bytes --]
This change make it possible to use a macvtap interface as a
standard interface (green0).
This is required by libvirt, because libvirt adds macvtap interfaces to
the physical interface, but this causes a problem. A VM with this
configuration can communicate with the whole network,
but not with the Host (IPFire).
To solve this problem, the host interface must be also a macvtap interface.
This is achieved by:
1. In /var/ipfire/ethernet/settings the mode of a interface could set
with GREEN_MODE= ...
When the mode is macvtap the physical interface is renamed to green0phys
instead of green0. If the mode is not set the normal configuration is
applied .
2. The network-hotplug-macvtap script checks if a physical nic ends
with "phys".
When the interface ends with "phys", the script adds a macvtap interface
to the physical nic which is named green0. The MAC address of this
interface is set to the MAC address of the physical nic. The MAC address
of the physical is set to a random value. We do this because the MAC
address of green0 should not change.
All services, IP addresses then binds to the macvatap interface, the
physical nic is not used.
PS.: The script works also with the orange or blue interface, just
replace green with orange or blue.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
config/rootfiles/common/udev | 1 +
config/udev/60-net.rules | 3 +++
config/udev/network-hotplug-macvtap | 46 +++++++++++++++++++++++++++++++++++++
config/udev/network-hotplug-rename | 11 +++++++--
lfs/udev | 2 ++
5 files changed, 61 insertions(+), 2 deletions(-)
create mode 100644 config/udev/network-hotplug-macvtap
diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev
index 4d51954..e1f4bd5 100644
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -28,6 +28,7 @@ lib/udev
#lib/udev/hwdb.d/60-keyboard.hwdb
#lib/udev/init-net-rules.sh
#lib/udev/mtd_probe
+#lib/udev/network-hotplug-macvtap
#lib/udev/network-hotplug-rename
#lib/udev/network-hotplug-vlan
#lib/udev/rule_generator.functions
diff --git a/config/udev/60-net.rules b/config/udev/60-net.rules
index e82320c..e031e7a 100644
--- a/config/udev/60-net.rules
+++ b/config/udev/60-net.rules
@@ -5,3 +5,6 @@ ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RES
# Call a script that will create all virtual devices for a parent device
# that has just come up.
ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-vlan"
+
+# Call a script that will set up macvtap interfaces
+ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-macvtap"
diff --git a/config/udev/network-hotplug-macvtap b/config/udev/network-hotplug-macvtap
new file mode 100644
index 0000000..7f5da12
--- /dev/null
+++ b/config/udev/network-hotplug-macvtap
@@ -0,0 +1,46 @@
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2016 IPFire Team <info(a)ipfire.org> #
+# #
+############################################################################
+
+[ -n "${INTERFACE}" ] || exit 2
+
+PHYSICAL_INTERFACE="${INTERFACE}"
+VIRTUAL_INTERFACE="${INTERFACE%phys}"
+#VIRTUAL_INTERFACE="${VIRTUAL_INTERFACE}0"
+
+# Do nothing if the physical interface does not end with "phys"
+case "${PHYSICAL_INTERFACE}" in
+ *phys)
+ ;;
+ *)
+ exit 0
+ ;;
+esac
+
+ADDRESS="$(</sys/class/net/${PHYSICAL_INTERFACE}/address)"
+rand="$(</proc/sys/kernel/random/uuid)"
+rand="${rand//-/}"
+GENERATED_ADDRESS=$(echo "02:${rand:0:2}:${rand:2:2}:${rand:4:2}:${rand:6:2}:${rand:8:2}")
+
+ip link add link "${PHYSICAL_INTERFACE}" "${VIRTUAL_INTERFACE}" address "${ADDRESS}" type macvlan mode bridge
+ip link set "${PHYSICAL_INTERFACE}" address "${GENERATED_ADDRESS}"
+ip link set "${PHYSICAL_INTERFACE}" up
diff --git a/config/udev/network-hotplug-rename b/config/udev/network-hotplug-rename
index 331b788..aaae641 100644
--- a/config/udev/network-hotplug-rename
+++ b/config/udev/network-hotplug-rename
@@ -57,16 +57,23 @@ ADDRESS="$(</sys/class/net/${INTERFACE}/address)"
for zone in ${ZONES}; do
address="${zone}_MACADDR"
device="${zone}_DEV"
+ mode="${zone}_MODE"
# Skip if address or device is unset
[ -n "${!address}" -a -n "${!device}" ] || continue
+ # Compare MAC addresses
+ [ "${ADDRESS}" = "${!address}" ] || continue
+
# If a matching interface has been found we will
# print the name to which udev will rename it.
- if [ "${ADDRESS}" = "${!address}" ]; then
+ if [ "${!mode}" = "macvtap" ]; then
+ echo "${!device}phys"
+ else
echo "${!device}"
- exit 0
fi
+
+ exit 0
done
# If we get here we have not found a matching device,
diff --git a/lfs/udev b/lfs/udev
index 7d5bdbc..61bd337 100644
--- a/lfs/udev
+++ b/lfs/udev
@@ -109,6 +109,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/lib/udev/network-hotplug-rename
install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-vlan \
/lib/udev/network-hotplug-vlan
+ install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-macvtap \
+ /lib/udev/network-hotplug-macvtap
install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \
/lib/udev/rules.d
--
2.1.4
next prev parent reply other threads:[~2016-05-07 14:01 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-07 14:01 New package libvirt Jonatan Schlag
2016-05-07 14:01 ` Jonatan Schlag [this message]
2016-05-07 14:01 ` [PATCH 2/6] New package util-macros Jonatan Schlag
2016-05-07 14:01 ` [PATCH 3/6] New package libpciaccess Jonatan Schlag
2016-05-07 14:01 ` [PATCH 4/6] New package libyajl Jonatan Schlag
2016-05-07 14:01 ` [PATCH 5/6] Ship gettext, gettext.sh, envsubst Jonatan Schlag
2016-05-07 14:01 ` [PATCH 6/6] New package libvirt Jonatan Schlag
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1462629673-878-2-git-send-email-jonatan.schlag@ipfire.org \
--to=jonatan.schlag@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox