Hi,
> Could you please make this patch against xen-unstable, not against your
> installed machine? Also, we need a Signed-off-by: line before we can accept
> it.
Here we go. We have a slightly different attack on the problem now, our
ipv6 guy suggested to simply patch the kernel to not send out the ipv6
autoconfiguration multicast packets in case multicast is turned off for
the network interface in question. That is certainly cleaner than
poking around in /proc/sys/net/ipv6 and also has no race conditions ;)
The cleanups are the same though: create some helper functions to do the
interface setup and use them everythere. Additionally there is a second
patch which adds the kernel bits.
cheers,
Gerd
--
Gerd Hoffmann <kraxel@xxxxxxx>
http://www.suse.de/~kraxel/julika-dora.jpeg
Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxx>
diff -r 360f9dc71f51 tools/examples/network-bridge
--- a/tools/examples/network-bridge Tue Jun 13 10:41:15 2006
+++ b/tools/examples/network-bridge Thu Jun 15 15:11:56 2006
@@ -151,30 +151,6 @@
fi
}
-
-# Usage: create_bridge bridge
-create_bridge () {
- local bridge=$1
-
- # Don't create the bridge if it already exists.
- if ! brctl show | grep -q ${bridge} ; then
- brctl addbr ${bridge}
- brctl stp ${bridge} off
- brctl setfd ${bridge} 0
- fi
- ip link set ${bridge} up
-}
-
-# Usage: add_to_bridge bridge dev
-add_to_bridge () {
- local bridge=$1
- local dev=$2
- # Don't add $dev to $bridge if it's already on a bridge.
- if ! brctl show | grep -q ${dev} ; then
- brctl addif ${bridge} ${dev}
- fi
-}
-
# Set the default forwarding policy for $dev to drop.
# Allow forwarding to the bridge.
antispoofing () {
@@ -238,14 +214,13 @@
fi
ip link set ${netdev} name ${pdev}
ip link set ${vdev} name ${netdev}
- ip link set ${pdev} down arp off
- ip link set ${pdev} addr fe:ff:ff:ff:ff:ff
- ip addr flush ${pdev}
+
+ setup_bridge_port ${pdev}
+ setup_bridge_port ${vif0}
ip link set ${netdev} addr ${mac} arp on
- add_to_bridge ${bridge} ${vif0}
+
ip link set ${bridge} up
- ip link set ${vif0} up
- ip link set ${pdev} up
+ add_to_bridge ${bridge} ${vif0}
add_to_bridge2 ${bridge} ${pdev}
do_ifup ${netdev}
else
@@ -301,6 +276,7 @@
local maxtries=10
echo -n "Waiting for ${dev} to negotiate link."
+ ip link set ${dev} up
for i in `seq ${maxtries}` ; do
if ifconfig ${dev} | grep -q RUNNING ; then
break
diff -r 360f9dc71f51 tools/examples/vif-bridge
--- a/tools/examples/vif-bridge Tue Jun 13 10:41:15 2006
+++ b/tools/examples/vif-bridge Thu Jun 15 15:11:56 2006
@@ -48,16 +48,8 @@
case "$command" in
online)
- if brctl show | grep -q "$vif"
- then
- log debug "$vif already attached to a bridge"
- exit 0
- fi
-
- brctl addif "$bridge" "$vif" ||
- fatal "brctl addif $bridge $vif failed"
-
- ifconfig "$vif" up || fatal "ifconfig $vif up failed"
+ setup_bridge_port "$vif"
+ add_to_bridge "$bridge" "$vif"
;;
offline)
diff -r 360f9dc71f51 tools/examples/xen-network-common.sh
--- a/tools/examples/xen-network-common.sh Tue Jun 13 10:41:15 2006
+++ b/tools/examples/xen-network-common.sh Thu Jun 15 15:11:56 2006
@@ -104,3 +104,48 @@
{
first_file -x /etc/init.d/{dhcp3-server,dhcp,dhcpd}
}
+
+# configure interfaces which act as pure bridge ports:
+# - make quiet: no arp, no multicast (ipv6 autoconf)
+# - set mac address to fe:ff:ff:ff:ff:ff
+setup_bridge_port() {
+ local dev="$1"
+
+ # take interface down ...
+ ip link set ${dev} down
+
+ # ... and configure it
+ ip link set ${dev} arp off
+ ip link set ${dev} multicast off
+ ip link set ${dev} addr fe:ff:ff:ff:ff:ff
+ ip addr flush ${dev}
+}
+
+# Usage: create_bridge bridge
+create_bridge () {
+ local bridge=$1
+
+ # Don't create the bridge if it already exists.
+ if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
+ brctl addbr ${bridge}
+ brctl stp ${bridge} off
+ brctl setfd ${bridge} 0
+ ip link set ${bridge} arp off
+ ip link set ${bridge} multicast off
+ fi
+ ip link set ${bridge} up
+}
+
+# Usage: add_to_bridge bridge dev
+add_to_bridge () {
+ local bridge=$1
+ local dev=$2
+
+ # Don't add $dev to $bridge if it's already on a bridge.
+ if [ -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
+ return
+ fi
+ brctl addif ${bridge} ${dev}
+ ip link set ${dev} up
+}
+
diff -r 360f9dc71f51 patches/linux-2.6.16.13/ipv6-no-autoconf.patch
--- /dev/null Tue Jun 13 10:41:15 2006
+++ b/patches/linux-2.6.16.13/ipv6-no-autoconf.patch Thu Jun 15 15:11:29 2006
@@ -0,0 +1,23 @@
+ net/ipv6/addrconf.c | 2 ++
+ 1 files changed, 2 insertions(+)
+
+Index: build/net/ipv6/addrconf.c
+===================================================================
+--- build.orig/net/ipv6/addrconf.c
++++ build/net/ipv6/addrconf.c
+@@ -2462,6 +2462,7 @@ static void addrconf_dad_start(struct in
+ spin_lock_bh(&ifp->lock);
+
+ if (dev->flags&(IFF_NOARP|IFF_LOOPBACK) ||
++ !(dev->flags&IFF_MULTICAST) ||
+ !(ifp->flags&IFA_F_TENTATIVE)) {
+ ifp->flags &= ~IFA_F_TENTATIVE;
+ spin_unlock_bh(&ifp->lock);
+@@ -2546,6 +2547,7 @@ static void addrconf_dad_completed(struc
+ if (ifp->idev->cnf.forwarding == 0 &&
+ ifp->idev->cnf.rtr_solicits > 0 &&
+ (dev->flags&IFF_LOOPBACK) == 0 &&
++ (dev->flags & IFF_MULTICAST) &&
+ (ipv6_addr_type(&ifp->addr) & IPV6_ADDR_LINKLOCAL)) {
+ struct in6_addr all_routers;
+
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home
