| |
|
 |
|
 |
|
|
|
| |
|
|
xen-changelog
[Xen-changelog] [xen-unstable] [TOOLS] Clean up routed vifs quietly on d
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxxx
# Node ID 0cecfb11b76b79fc71fac713bf2186495df4adec
# Parent b61b7478b3245daac1d76a2eadb6f33123aec85c
[TOOLS] Clean up routed vifs quietly on domain destruction.
I have experienced that the vif-route script does not work as expected
when deleting a virtual interface (Redhat FC5). Both of the commands
"ifdown" and "ip route" cause an early vif-route script exit and
therefore will cause skipping of the later script commands (such as
cleaning up iptables entries for the default 'antispoof'). The
vif-route
script creates the following syslog error entry:
"/etc/xen/scripts/vif-route failed; error detected."
It appears that both of the problematic commands are actually
redundant
when destroying domains:
1. the interface is already gone (I assume because the domain frontend
is gone already) --> ifdown does not do anything
2. the route is gone as well since the interface has disappeared -->
ip
route del does not do anything
Executing those redundant commands with "do_without_error" ensures
that
the script completes and cleans up iptables rules. The attached
RFC-patch only masks those commands when bringing down an interface,
so
that domain creation continues to fail in case of vif setup problems
(intended behavior).
Having the iptables cleanup called correctly by vif-route is important
to keep the iptables rule-set clean, otherwise antispoof rules
accumulate with every vif creation.
Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>
---
tools/examples/vif-route | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff -r b61b7478b324 -r 0cecfb11b76b tools/examples/vif-route
--- a/tools/examples/vif-route Mon Aug 28 12:35:43 2006 +0100
+++ b/tools/examples/vif-route Mon Aug 28 12:41:15 2006 +0100
@@ -30,10 +30,12 @@ case "$command" in
ifconfig ${vif} ${main_ip} netmask 255.255.255.255 up
echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
ipcmd='add'
+ cmdprefix=''
;;
offline)
- ifdown ${vif}
+ do_without_error ifdown ${vif}
ipcmd='del'
+ cmdprefix='do_without_error'
;;
esac
@@ -41,7 +43,7 @@ if [ "${ip}" ] ; then
# If we've been given a list of IP addresses, then add routes from dom0 to
# the guest using those addresses.
for addr in ${ip} ; do
- ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
+ ${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
done
fi
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-changelog] [xen-unstable] [TOOLS] Clean up routed vifs quietly on domain destruction.,
Xen patchbot-unstable <=
|
|
|
| |
|
Home