From: Reiner Sailer <sailer@us.ibm.com>
To: xen-devel@lists.xensource.com
Subject: [RFC][BUGFIX][vif-route] vif-route script exits early when deleting vifs
Date: Fri, 25 Aug 2006 12:27:09 -0400 [thread overview]
Message-ID: <44EF24DD.9010904@us.ibm.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1334 bytes --]
I have experienced that the vif-route script does not work as expected
when deleting a virtual interface (Redhat FC5). Both of the commands
"ifdown" and "ip route" cause an early vif-route script exit and
therefore will cause skipping of the later script commands (such as
cleaning up iptables entries for the default 'antispoof'). The vif-route
script creates the following syslog error entry:
"/etc/xen/scripts/vif-route failed; error detected."
It appears that both of the problematic commands are actually redundant
when destroying domains:
1. the interface is already gone (I assume because the domain frontend
is gone already) --> ifdown does not do anything
2. the route is gone as well since the interface has disappeared --> ip
route del does not do anything
Executing those redundant commands with "do_without_error" ensures that
the script completes and cleans up iptables rules. The attached
RFC-patch only masks those commands when bringing down an interface, so
that domain creation continues to fail in case of vif setup problems
(intended behavior).
Having the iptables cleanup called correctly by vif-route is important
to keep the iptables rule-set clean, otherwise antispoof rules
accumulate with every vif creation..
Comments welcome.
Reiner
Signed-off by: Reiner Sailer <sailer@us.ibm.com>
[-- Attachment #2: vif-route-patch.diff --]
[-- Type: text/plain, Size: 1027 bytes --]
---
tools/examples/vif-route | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: xen-unstable.hg_test/tools/examples/vif-route
===================================================================
--- xen-unstable.hg_test.orig/tools/examples/vif-route
+++ xen-unstable.hg_test/tools/examples/vif-route
@@ -30,10 +30,12 @@ case "$command" in
ifconfig ${vif} ${main_ip} netmask 255.255.255.255 up
echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
ipcmd='add'
+ cmdprefix=''
;;
offline)
- ifdown ${vif}
+ do_without_error ifdown ${vif}
ipcmd='del'
+ cmdprefix='do_without_error'
;;
esac
@@ -41,7 +43,7 @@ if [ "${ip}" ] ; then
# If we've been given a list of IP addresses, then add routes from dom0 to
# the guest using those addresses.
for addr in ${ip} ; do
- ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
+ ${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
done
fi
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
reply other threads:[~2006-08-25 16:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44EF24DD.9010904@us.ibm.com \
--to=sailer@us.ibm.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.