2 # Copyright (c) 2005 XenSource Ltd.
4 # This library is free software; you can redistribute it and/or
5 # modify it under the terms of version 2.1 of the GNU Lesser General Public
6 # License as published by the Free Software Foundation.
8 # This library is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 # Lesser General Public License for more details.
13 # You should have received a copy of the GNU Lesser General Public
14 # License along with this library; if not, write to the Free Software
15 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 . "$dir/xen-hotplug-common.sh"
21 . "$dir/xen-network-common.sh"
25 if [ "$command" != "online" ] &&
26 [ "$command" != "offline" ] &&
27 [ "$command" != "add" ] &&
28 [ "$command" != "remove" ]
30 log err "Invalid command: $command"
41 # Parameters may be read from the environment, the command line arguments, and
42 # the store, with overriding in that order. The environment is given by the
43 # driver, the command line is given by the Xend global configuration, and
44 # store details are given by the per-domain or per-device configuration.
49 ip=$(xenstore_read_default "$XENBUS_PATH/ip" "$ip")
51 # Check presence of compulsory args.
52 XENBUS_PATH="${XENBUS_PATH:?}"
56 vifname=$(xenstore_read_default "$XENBUS_PATH/vifname" "")
59 if [ "$command" == "online" ] && ! ip link show "$vifname" >&/dev/null
61 do_or_die ip link set "$vif" name "$vifname"
69 if [ "$command" == "online" ]
76 iptables "$c" FORWARD -m physdev --physdev-in "$vif" "$@" -j ACCEPT \
80 "iptables $c FORWARD -m physdev --physdev-in $vif $@ -j ACCEPT failed.
81 If you are using iptables, this may affect networking for guest domains."
86 # Add or remove the appropriate entries in the iptables. With antispoofing
87 # turned on, we have to explicitly allow packets to the interface, regardless
88 # of the ip setting. If ip is set, then we additionally restrict the packets
89 # to those coming from the specified networks, though we allow DHCP requests
94 # Check for a working iptables installation. Checking for the iptables
95 # binary is not sufficient, because the user may not have the appropriate
96 # modules installed. If iptables is not working, then there's no need to do
97 # anything with it, so we can just return.
98 if ! iptables -L -n >&/dev/null
108 frob_iptable -s "$addr"
111 # Always allow the domain to talk to a DHCP server.
112 frob_iptable -p udp --sport 68 --dport 67
114 # No IP addresses have been specified, so allow anything.
123 # Print the IP address currently in use at the given interface, or nothing if
124 # the interface is not up.
128 ip addr show "$1" | awk "/^.*inet.*$1\$/{print \$2}" | sed -n '1 s,/.*,,p'
135 # Print the IP address of the interface in dom0 through which we are routing.
136 # This is the IP address on the interface specified as "netdev" as a parameter
137 # to these scripts, or eth0 by default. This function will call fatal if no
138 # such interface could be found.
142 local nd=${netdev:-eth0}
143 local result=$(ip_of "$nd")
147 "$netdev is not up. Bring it up or specify another interface with " \
148 "netdev=<if> as a parameter to $0."