From: Jim Fehlig <jfehlig@suse.com>
To: xen-devel <xen-devel@lists.xensource.com>
Subject: [PATCH] Prevent vif-bridge from adding user-created taps to a bridge
Date: Tue, 25 Oct 2011 17:06:19 -0600 [thread overview]
Message-ID: <4EA740EB.7030804@suse.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 800 bytes --]
I previously sent this from my @suse.com mail address without having
subscribed it. Sending again now that I have done so...
I received a report that vif-bridge adds any tap interface to a bridge,
regardless if xen is running and who created the tap interface. E.g.
# tunctl -p -t tap42
will cause vif-bridge to be executed as per the following rule in
xen-backend.rules
SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add",
RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
I'm not sure how to improve the rule to prevent execution of vif-setup
in this case. But it seems better to handle it in vif-bridge anyhow, by
not connecting the interface to a bridge if there is no corresponding
info in xenstore. Something along the lines of the attached quick
patch. Comments?
Thanks!
Jim
[-- Attachment #2: vif-bridge.patch --]
[-- Type: text/x-patch, Size: 943 bytes --]
# HG changeset patch
# User Jim Fehlig <jfehlig@suse.com>
# Date 1319581952 21600
# Node ID 74da2a3a1db1476d627f42e4a99e9e720cc6774d
# Parent 6c583d35d76dda2236c81d9437ff9d57ab02c006
Prevent vif-bridge from adding user-created tap interfaces to a bridge
Exit vif-bridge script if there is no device info in xenstore, preventing
it from adding user-created taps to bridges.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
diff -r 6c583d35d76d -r 74da2a3a1db1 tools/hotplug/Linux/vif-bridge
--- a/tools/hotplug/Linux/vif-bridge Thu Oct 20 15:36:01 2011 +0100
+++ b/tools/hotplug/Linux/vif-bridge Tue Oct 25 16:32:32 2011 -0600
@@ -31,6 +31,13 @@
dir=$(dirname "$0")
. "$dir/vif-common.sh"
+
+domu=$(xenstore_read_default "$XENBUS_PATH/domain" "")
+if [ -z "$domu" ]
+then
+ log debug "No device details in $XENBUS_PATH, exiting."
+ exit 0
+fi
bridge=${bridge:-}
bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2011-10-25 23:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-25 23:06 Jim Fehlig [this message]
2011-10-26 7:37 ` [PATCH] Prevent vif-bridge from adding user-created taps to a bridge Ian Campbell
2011-10-26 18:13 ` Jim Fehlig
2011-10-27 5:28 ` Jim Fehlig
2011-10-27 9:02 ` Ian Campbell
2011-10-27 15:13 ` Jim Fehlig
2011-10-27 15:16 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EA740EB.7030804@suse.com \
--to=jfehlig@suse.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.