blob: d709146c4749b6a152dd54e930d314a17b97140f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
#! /bin/bash
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
. "$dir/hotplugpath.sh"
findCommand "$@"
if [ "$command" != "setup" -a "$command" != "teardown" ]
then
echo "Invalid command: $command"
log err "Invalid command: $command"
exit 1
fi
evalVariables "$@"
: ${vifname:?}
: ${forwarddev:?}
: ${mode:?}
: ${index:?}
: ${bridge:?}
forwardbr="colobr0"
if [ "$mode" != "primary" -a "$mode" != "secondary" ]
then
echo "Invalid mode: $mode"
log err "Invalid mode: $mode"
exit 1
fi
if [ $index -lt 0 ] || [ $index -gt 100 ]; then
echo "index overflow"
exit 1
fi
function setup_primary()
{
do_without_error tc qdisc add dev $vifname root handle 1: prio
do_without_error tc filter add dev $vifname parent 1: protocol ip prio 10 \
u32 match u32 0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
do_without_error tc filter add dev $vifname parent 1: protocol arp prio 11 \
u32 match u32 0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
do_without_error tc filter add dev $vifname parent 1: protocol ipv6 prio \
12 u32 match u32 0 0 flowid 1:2 action mirred egress mirror \
dev $forwarddev
do_without_error modprobe nf_conntrack_ipv4
do_without_error modprobe xt_PMYCOLO sec_dev=$forwarddev
iptables -t mangle -I PREROUTING -m physdev --physdev-in \
$vifname -j PMYCOLO --index $index
ip6tables -t mangle -I PREROUTING -m physdev --physdev-in \
$vifname -j PMYCOLO --index $index
do_without_error arptables -I INPUT -i $forwarddev -j MARK --set-mark $index
}
function teardown_primary()
{
do_without_error tc filter del dev $vifname parent 1: protocol ip prio 10 u32 match u32 \
0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
do_without_error tc filter del dev $vifname parent 1: protocol arp prio 11 u32 match u32 \
0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
do_without_error tc filter del dev $vifname parent 1: protocol ipv6 prio 12 u32 match u32 \
0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
do_without_error tc qdisc del dev $vifname root handle 1: prio
do_without_error iptables -t mangle -D PREROUTING -m physdev --physdev-in \
$vifname -j PMYCOLO --index $index
do_without_error ip6tables -t mangle -D PREROUTING -m physdev --physdev-in \
$vifname -j PMYCOLO --index $index
do_without_error arptables -F
do_without_error rmmod xt_PMYCOLO
}
function setup_secondary()
{
if which brctl >&/dev/null; then
do_without_error brctl delif $bridge $vifname
do_without_error brctl addbr $forwardbr
do_without_error brctl addif $forwardbr $vifname
do_without_error brctl addif $forwardbr $forwarddev
else
do_without_error ip link set $vifname nomaster
do_without_error ip link add name $forwardbr type bridge
do_without_error ip link set $vifname master $forwardbr
do_without_error ip link set $forwarddev master $forwardbr
fi
do_without_error ip link set dev $forwardbr up
do_without_error modprobe xt_SECCOLO
iptables -t mangle -I PREROUTING -m physdev --physdev-in \
$vifname -j SECCOLO --index $index
ip6tables -t mangle -I PREROUTING -m physdev --physdev-in \
$vifname -j SECCOLO --index $index
}
function teardown_secondary()
{
if which brctl >&/dev/null; then
do_without_error brctl delif $forwardbr $forwarddev
do_without_error brctl delif $forwardbr $vifname
do_without_error brctl delbr $forwardbr
do_without_error brctl addif $bridge $vifname
else
do_without_error ip link set $forwarddev nomaster
do_without_error ip link set $vifname nomaster
do_without_error ip link delete $forwardbr type bridge
do_without_error ip link set $vifname master $bridge
fi
do_without_error iptables -t mangle -D PREROUTING -m physdev --physdev-in \
$vifname -j SECCOLO --index $index
do_without_error ip6tables -t mangle -D PREROUTING -m physdev --physdev-in \
$vifname -j SECCOLO --index $index
do_without_error rmmod xt_SECCOLO
}
case "$command" in
setup)
if [ "$mode" = "primary" ]
then
setup_primary
else
setup_secondary
fi
success
;;
teardown)
if [ "$mode" = "primary" ]
then
teardown_primary
else
teardown_secondary
fi
;;
esac
if [ "$mode" = "primary" ]
then
log debug "Successful colo-proxy-setup $command for $vifname." \
" vifname: $vifname, index: $index, forwarddev: $forwarddev."
else
log debug "Successful colo-proxy-setup $command for $vifname." \
" vifname: $vifname, index: $index, forwarddev: $forwarddev,"\
" forwardbr: $forwardbr."
fi
|
