* [patch] xen bridged network setup fixes
@ 2006-05-12 10:24 Gerd Hoffmann
2006-06-14 14:38 ` Ewan Mellor
0 siblings, 1 reply; 3+ messages in thread
From: Gerd Hoffmann @ 2006-05-12 10:24 UTC (permalink / raw)
To: Xen devel list
[-- Attachment #1: Type: text/plain, Size: 650 bytes --]
Hi,
The attached patch fixes the setup of the bridge ports and the bridge
itself. Changes:
* move some functions to xen-network-common.sh, so both vif-bridge
and network-bridge can use them.
* add a new function to configure bridge ports and use it.
* make sure arp requests, ipv6 autoconfiguration and ipv6 router
solicitations are disabled for the bridge ports and also for the
bridge itself.
cheers,
Gerd
--
Gerd Hoffmann <kraxel@suse.de>
Erst mal heiraten, ein, zwei Kinder, und wenn alles läuft
geh' ich nach drei Jahren mit der Familie an die Börse.
http://www.suse.de/~kraxel/julika-dora.jpeg
[-- Attachment #2: xen-netconf.diff --]
[-- Type: text/x-patch, Size: 3977 bytes --]
--- /etc/xen/scripts/vif-bridge.ipv6 2006-05-11 17:23:16.000000000 +0200
+++ /etc/xen/scripts/vif-bridge 2006-05-12 09:12:12.000000000 +0200
@@ -48,16 +48,8 @@
case "$command" in
online)
- if brctl show | grep -q "$vif"
- then
- log debug "$vif already attached to a bridge"
- exit 0
- fi
-
- brctl addif "$bridge" "$vif" ||
- fatal "brctl addif $bridge $vif failed"
-
- ifconfig "$vif" up || fatal "ifconfig $vif up failed"
+ setup_bridge_port "$vif"
+ add_to_bridge "$bridge" "$vif"
;;
offline)
--- /etc/xen/scripts/network-bridge.ipv6 2006-05-11 17:23:30.000000000 +0200
+++ /etc/xen/scripts/network-bridge 2006-05-12 10:27:04.000000000 +0200
@@ -137,29 +137,6 @@
}
-# Usage: create_bridge bridge
-create_bridge () {
- local bridge=$1
-
- # Don't create the bridge if it already exists.
- if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
- brctl addbr ${bridge}
- brctl stp ${bridge} off
- brctl setfd ${bridge} 0
- fi
- ip link set ${bridge} up
-}
-
-# Usage: add_to_bridge bridge dev
-add_to_bridge () {
- local bridge=$1
- local dev=$2
- # Don't add $dev to $bridge if it's already on a bridge.
- if [ ! -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
- brctl addif ${bridge} ${dev}
- fi
-}
-
# Set the default forwarding policy for $dev to drop.
# Allow forwarding to the bridge.
antispoofing () {
@@ -220,15 +197,14 @@
ifdown ${netdev}
ip link set ${netdev} name ${pdev}
ip link set ${vdev} name ${netdev}
- ip link set ${pdev} down arp off
- ip link set ${pdev} addr fe:ff:ff:ff:ff:ff
- ip addr flush ${pdev}
+
+ setup_bridge_port ${pdev}
+ setup_bridge_port ${vif0}
ip link set ${netdev} addr ${mac} arp on
- add_to_bridge ${bridge} ${vif0}
ip link set ${bridge} up
- ip link set ${vif0} up
- ip link set ${pdev} up
+ add_to_bridge ${bridge} ${vif0}
add_to_bridge2 ${bridge} ${pdev}
+
ip link set ${netdev} up
ifup ${hwddev}
else
@@ -286,6 +262,7 @@
local maxtries=10
echo -n "Waiting for ${dev} to negotiate link."
+ ip link set ${dev} up
for i in `seq ${maxtries}` ; do
if ifconfig ${dev} | grep -q RUNNING ; then
break
--- /etc/xen/scripts/xen-network-common.sh.ipv6 2006-05-12 08:58:19.000000000 +0200
+++ /etc/xen/scripts/xen-network-common.sh 2006-05-12 10:41:47.000000000 +0200
@@ -67,3 +67,57 @@
{
first_file -x /etc/init.d/{dhcp3-server,dhcp,dhcpd}
}
+
+# configure interfaces which act as pure bridge ports:
+# - make quiet: no arp, no ipv6 autoconf
+# - set mac address to fe:ff:ff:ff:ff:ff
+setup_bridge_port() {
+ local dev="$1"
+
+ # take interface down ...
+ ip link set ${dev} up # creates ipv6 conf dir
+ ip link set ${dev} down
+
+ # ... and configure
+ if test -f /proc/sys/net/ipv6/conf/${dev}/autoconf; then
+ echo 0 > /proc/sys/net/ipv6/conf/${dev}/autoconf
+ echo 0 > /proc/sys/net/ipv6/conf/${dev}/router_solicitations
+ fi
+ ip link set ${dev} arp off
+ ip link set ${dev} addr fe:ff:ff:ff:ff:ff
+ ip addr flush ${dev}
+}
+
+# Usage: create_bridge bridge
+create_bridge () {
+ local bridge=$1
+
+ # Don't create the bridge if it already exists.
+ if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
+ brctl addbr ${bridge}
+ brctl stp ${bridge} off
+ brctl setfd ${bridge} 0
+ ip link set ${bridge} arp off
+ ip link set ${bridge} up # creates ipv6 conf dir
+ if test -f /proc/sys/net/ipv6/conf/${bridge}/autoconf; then
+ echo 0 > /proc/sys/net/ipv6/conf/${bridge}/autoconf
+ echo 0 > /proc/sys/net/ipv6/conf/${bridge}/router_solicitations
+ fi
+ else
+ ip link set ${bridge} up
+ fi
+}
+
+# Usage: add_to_bridge bridge dev
+add_to_bridge () {
+ local bridge=$1
+ local dev=$2
+
+ # Don't add $dev to $bridge if it's already on a bridge.
+ if [ -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
+ return
+ fi
+ brctl addif ${bridge} ${dev}
+ ip link set ${dev} up
+}
+
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] xen bridged network setup fixes
2006-05-12 10:24 [patch] xen bridged network setup fixes Gerd Hoffmann
@ 2006-06-14 14:38 ` Ewan Mellor
2006-06-15 13:24 ` Gerd Hoffmann
0 siblings, 1 reply; 3+ messages in thread
From: Ewan Mellor @ 2006-06-14 14:38 UTC (permalink / raw)
To: Gerd Hoffmann; +Cc: Xen devel list
On Fri, May 12, 2006 at 12:24:18PM +0200, Gerd Hoffmann wrote:
> Hi,
>
> The attached patch fixes the setup of the bridge ports and the bridge
> itself. Changes:
>
> * move some functions to xen-network-common.sh, so both vif-bridge
> and network-bridge can use them.
> * add a new function to configure bridge ports and use it.
> * make sure arp requests, ipv6 autoconfiguration and ipv6 router
> solicitations are disabled for the bridge ports and also for the
> bridge itself.
>
> cheers,
>
> Gerd
Could you please make this patch against xen-unstable, not against your
installed machine? Also, we need a Signed-off-by: line before we can accept
it.
Thanks,
Ewan.
>
> --
> Gerd Hoffmann <kraxel@suse.de>
> Erst mal heiraten, ein, zwei Kinder, und wenn alles läuft
> geh' ich nach drei Jahren mit der Familie an die Börse.
> http://www.suse.de/~kraxel/julika-dora.jpeg
> --- /etc/xen/scripts/vif-bridge.ipv6 2006-05-11 17:23:16.000000000 +0200
> +++ /etc/xen/scripts/vif-bridge 2006-05-12 09:12:12.000000000 +0200
> @@ -48,16 +48,8 @@
>
> case "$command" in
> online)
> - if brctl show | grep -q "$vif"
> - then
> - log debug "$vif already attached to a bridge"
> - exit 0
> - fi
> -
> - brctl addif "$bridge" "$vif" ||
> - fatal "brctl addif $bridge $vif failed"
> -
> - ifconfig "$vif" up || fatal "ifconfig $vif up failed"
> + setup_bridge_port "$vif"
> + add_to_bridge "$bridge" "$vif"
> ;;
>
> offline)
> --- /etc/xen/scripts/network-bridge.ipv6 2006-05-11 17:23:30.000000000 +0200
> +++ /etc/xen/scripts/network-bridge 2006-05-12 10:27:04.000000000 +0200
> @@ -137,29 +137,6 @@
> }
>
>
> -# Usage: create_bridge bridge
> -create_bridge () {
> - local bridge=$1
> -
> - # Don't create the bridge if it already exists.
> - if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
> - brctl addbr ${bridge}
> - brctl stp ${bridge} off
> - brctl setfd ${bridge} 0
> - fi
> - ip link set ${bridge} up
> -}
> -
> -# Usage: add_to_bridge bridge dev
> -add_to_bridge () {
> - local bridge=$1
> - local dev=$2
> - # Don't add $dev to $bridge if it's already on a bridge.
> - if [ ! -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
> - brctl addif ${bridge} ${dev}
> - fi
> -}
> -
> # Set the default forwarding policy for $dev to drop.
> # Allow forwarding to the bridge.
> antispoofing () {
> @@ -220,15 +197,14 @@
> ifdown ${netdev}
> ip link set ${netdev} name ${pdev}
> ip link set ${vdev} name ${netdev}
> - ip link set ${pdev} down arp off
> - ip link set ${pdev} addr fe:ff:ff:ff:ff:ff
> - ip addr flush ${pdev}
> +
> + setup_bridge_port ${pdev}
> + setup_bridge_port ${vif0}
> ip link set ${netdev} addr ${mac} arp on
> - add_to_bridge ${bridge} ${vif0}
> ip link set ${bridge} up
> - ip link set ${vif0} up
> - ip link set ${pdev} up
> + add_to_bridge ${bridge} ${vif0}
> add_to_bridge2 ${bridge} ${pdev}
> +
> ip link set ${netdev} up
> ifup ${hwddev}
> else
> @@ -286,6 +262,7 @@
> local maxtries=10
>
> echo -n "Waiting for ${dev} to negotiate link."
> + ip link set ${dev} up
> for i in `seq ${maxtries}` ; do
> if ifconfig ${dev} | grep -q RUNNING ; then
> break
> --- /etc/xen/scripts/xen-network-common.sh.ipv6 2006-05-12 08:58:19.000000000 +0200
> +++ /etc/xen/scripts/xen-network-common.sh 2006-05-12 10:41:47.000000000 +0200
> @@ -67,3 +67,57 @@
> {
> first_file -x /etc/init.d/{dhcp3-server,dhcp,dhcpd}
> }
> +
> +# configure interfaces which act as pure bridge ports:
> +# - make quiet: no arp, no ipv6 autoconf
> +# - set mac address to fe:ff:ff:ff:ff:ff
> +setup_bridge_port() {
> + local dev="$1"
> +
> + # take interface down ...
> + ip link set ${dev} up # creates ipv6 conf dir
> + ip link set ${dev} down
> +
> + # ... and configure
> + if test -f /proc/sys/net/ipv6/conf/${dev}/autoconf; then
> + echo 0 > /proc/sys/net/ipv6/conf/${dev}/autoconf
> + echo 0 > /proc/sys/net/ipv6/conf/${dev}/router_solicitations
> + fi
> + ip link set ${dev} arp off
> + ip link set ${dev} addr fe:ff:ff:ff:ff:ff
> + ip addr flush ${dev}
> +}
> +
> +# Usage: create_bridge bridge
> +create_bridge () {
> + local bridge=$1
> +
> + # Don't create the bridge if it already exists.
> + if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
> + brctl addbr ${bridge}
> + brctl stp ${bridge} off
> + brctl setfd ${bridge} 0
> + ip link set ${bridge} arp off
> + ip link set ${bridge} up # creates ipv6 conf dir
> + if test -f /proc/sys/net/ipv6/conf/${bridge}/autoconf; then
> + echo 0 > /proc/sys/net/ipv6/conf/${bridge}/autoconf
> + echo 0 > /proc/sys/net/ipv6/conf/${bridge}/router_solicitations
> + fi
> + else
> + ip link set ${bridge} up
> + fi
> +}
> +
> +# Usage: add_to_bridge bridge dev
> +add_to_bridge () {
> + local bridge=$1
> + local dev=$2
> +
> + # Don't add $dev to $bridge if it's already on a bridge.
> + if [ -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
> + return
> + fi
> + brctl addif ${bridge} ${dev}
> + ip link set ${dev} up
> +}
> +
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [patch] xen bridged network setup fixes
2006-06-14 14:38 ` Ewan Mellor
@ 2006-06-15 13:24 ` Gerd Hoffmann
0 siblings, 0 replies; 3+ messages in thread
From: Gerd Hoffmann @ 2006-06-15 13:24 UTC (permalink / raw)
To: Ewan Mellor; +Cc: Olaf Kirch, Clyde Griffin, Xen devel list
[-- Attachment #1: Type: text/plain, Size: 799 bytes --]
Hi,
> Could you please make this patch against xen-unstable, not against your
> installed machine? Also, we need a Signed-off-by: line before we can accept
> it.
Here we go. We have a slightly different attack on the problem now, our
ipv6 guy suggested to simply patch the kernel to not send out the ipv6
autoconfiguration multicast packets in case multicast is turned off for
the network interface in question. That is certainly cleaner than
poking around in /proc/sys/net/ipv6 and also has no race conditions ;)
The cleanups are the same though: create some helper functions to do the
interface setup and use them everythere. Additionally there is a second
patch which adds the kernel bits.
cheers,
Gerd
--
Gerd Hoffmann <kraxel@suse.de>
http://www.suse.de/~kraxel/julika-dora.jpeg
[-- Attachment #2: tools.diff --]
[-- Type: text/x-patch, Size: 3648 bytes --]
Signed-off-by: Gerd Hoffmann <kraxel@suse.de>
diff -r 360f9dc71f51 tools/examples/network-bridge
--- a/tools/examples/network-bridge Tue Jun 13 10:41:15 2006
+++ b/tools/examples/network-bridge Thu Jun 15 15:11:56 2006
@@ -151,30 +151,6 @@
fi
}
-
-# Usage: create_bridge bridge
-create_bridge () {
- local bridge=$1
-
- # Don't create the bridge if it already exists.
- if ! brctl show | grep -q ${bridge} ; then
- brctl addbr ${bridge}
- brctl stp ${bridge} off
- brctl setfd ${bridge} 0
- fi
- ip link set ${bridge} up
-}
-
-# Usage: add_to_bridge bridge dev
-add_to_bridge () {
- local bridge=$1
- local dev=$2
- # Don't add $dev to $bridge if it's already on a bridge.
- if ! brctl show | grep -q ${dev} ; then
- brctl addif ${bridge} ${dev}
- fi
-}
-
# Set the default forwarding policy for $dev to drop.
# Allow forwarding to the bridge.
antispoofing () {
@@ -238,14 +214,13 @@
fi
ip link set ${netdev} name ${pdev}
ip link set ${vdev} name ${netdev}
- ip link set ${pdev} down arp off
- ip link set ${pdev} addr fe:ff:ff:ff:ff:ff
- ip addr flush ${pdev}
+
+ setup_bridge_port ${pdev}
+ setup_bridge_port ${vif0}
ip link set ${netdev} addr ${mac} arp on
- add_to_bridge ${bridge} ${vif0}
+
ip link set ${bridge} up
- ip link set ${vif0} up
- ip link set ${pdev} up
+ add_to_bridge ${bridge} ${vif0}
add_to_bridge2 ${bridge} ${pdev}
do_ifup ${netdev}
else
@@ -301,6 +276,7 @@
local maxtries=10
echo -n "Waiting for ${dev} to negotiate link."
+ ip link set ${dev} up
for i in `seq ${maxtries}` ; do
if ifconfig ${dev} | grep -q RUNNING ; then
break
diff -r 360f9dc71f51 tools/examples/vif-bridge
--- a/tools/examples/vif-bridge Tue Jun 13 10:41:15 2006
+++ b/tools/examples/vif-bridge Thu Jun 15 15:11:56 2006
@@ -48,16 +48,8 @@
case "$command" in
online)
- if brctl show | grep -q "$vif"
- then
- log debug "$vif already attached to a bridge"
- exit 0
- fi
-
- brctl addif "$bridge" "$vif" ||
- fatal "brctl addif $bridge $vif failed"
-
- ifconfig "$vif" up || fatal "ifconfig $vif up failed"
+ setup_bridge_port "$vif"
+ add_to_bridge "$bridge" "$vif"
;;
offline)
diff -r 360f9dc71f51 tools/examples/xen-network-common.sh
--- a/tools/examples/xen-network-common.sh Tue Jun 13 10:41:15 2006
+++ b/tools/examples/xen-network-common.sh Thu Jun 15 15:11:56 2006
@@ -104,3 +104,48 @@
{
first_file -x /etc/init.d/{dhcp3-server,dhcp,dhcpd}
}
+
+# configure interfaces which act as pure bridge ports:
+# - make quiet: no arp, no multicast (ipv6 autoconf)
+# - set mac address to fe:ff:ff:ff:ff:ff
+setup_bridge_port() {
+ local dev="$1"
+
+ # take interface down ...
+ ip link set ${dev} down
+
+ # ... and configure it
+ ip link set ${dev} arp off
+ ip link set ${dev} multicast off
+ ip link set ${dev} addr fe:ff:ff:ff:ff:ff
+ ip addr flush ${dev}
+}
+
+# Usage: create_bridge bridge
+create_bridge () {
+ local bridge=$1
+
+ # Don't create the bridge if it already exists.
+ if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
+ brctl addbr ${bridge}
+ brctl stp ${bridge} off
+ brctl setfd ${bridge} 0
+ ip link set ${bridge} arp off
+ ip link set ${bridge} multicast off
+ fi
+ ip link set ${bridge} up
+}
+
+# Usage: add_to_bridge bridge dev
+add_to_bridge () {
+ local bridge=$1
+ local dev=$2
+
+ # Don't add $dev to $bridge if it's already on a bridge.
+ if [ -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
+ return
+ fi
+ brctl addif ${bridge} ${dev}
+ ip link set ${dev} up
+}
+
[-- Attachment #3: kernel.diff --]
[-- Type: text/x-patch, Size: 1053 bytes --]
diff -r 360f9dc71f51 patches/linux-2.6.16.13/ipv6-no-autoconf.patch
--- /dev/null Tue Jun 13 10:41:15 2006
+++ b/patches/linux-2.6.16.13/ipv6-no-autoconf.patch Thu Jun 15 15:11:29 2006
@@ -0,0 +1,23 @@
+ net/ipv6/addrconf.c | 2 ++
+ 1 files changed, 2 insertions(+)
+
+Index: build/net/ipv6/addrconf.c
+===================================================================
+--- build.orig/net/ipv6/addrconf.c
++++ build/net/ipv6/addrconf.c
+@@ -2462,6 +2462,7 @@ static void addrconf_dad_start(struct in
+ spin_lock_bh(&ifp->lock);
+
+ if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) ||
++ !(dev->flags&IFF_MULTICAST) ||
+ !(ifp->flags&IFA_F_TENTATIVE)) {
+ ifp->flags &= ~IFA_F_TENTATIVE;
+ spin_unlock_bh(&ifp->lock);
+@@ -2546,6 +2547,7 @@ static void addrconf_dad_completed(struc
+ if (ifp->idev->cnf.forwarding == 0 &&
+ ifp->idev->cnf.rtr_solicits > 0 &&
+ (dev->flags&IFF_LOOPBACK) == 0 &&
++ (dev->flags & IFF_MULTICAST) &&
+ (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) {
+ struct in6_addr all_routers;
+
[-- Attachment #4: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-06-15 13:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-12 10:24 [patch] xen bridged network setup fixes Gerd Hoffmann
2006-06-14 14:38 ` Ewan Mellor
2006-06-15 13:24 ` Gerd Hoffmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.