This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [RFC][BUGFIX][vif-route] vif-route script exits early when d

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [RFC][BUGFIX][vif-route] vif-route script exits early when deleting vifs
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Fri, 25 Aug 2006 12:27:09 -0400
Delivery-date: Fri, 25 Aug 2006 09:27:39 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
I have experienced that the vif-route script does not work as expected when deleting a virtual interface (Redhat FC5). Both of the commands "ifdown" and "ip route" cause an early vif-route script exit and therefore will cause skipping of the later script commands (such as cleaning up iptables entries for the default 'antispoof'). The vif-route script creates the following syslog error entry: "/etc/xen/scripts/vif-route failed; error detected."
It appears that both of the problematic commands are actually redundant 
when destroying domains:
1. the interface is already gone (I assume because the domain frontend 
is gone already)  --> ifdown does not do anything
2. the route is gone as well since the interface has disappeared --> ip 
route del does not do anything
Executing those redundant commands with "do_without_error" ensures that 
the script completes and cleans up iptables rules. The attached 
RFC-patch only masks those commands when bringing down an interface, so 
that domain creation continues to fail in case of vif setup problems 
(intended behavior).
Having the iptables cleanup called correctly by vif-route is important 
to keep the iptables rule-set clean, otherwise antispoof rules 
accumulate with every vif creation..
Comments welcome.


Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>

 tools/examples/vif-route |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Index: xen-unstable.hg_test/tools/examples/vif-route
--- xen-unstable.hg_test.orig/tools/examples/vif-route
+++ xen-unstable.hg_test/tools/examples/vif-route
@@ -30,10 +30,12 @@ case "$command" in
         ifconfig ${vif} ${main_ip} netmask up
         echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
+        cmdprefix=''
-        ifdown ${vif}
+        do_without_error ifdown ${vif}
+        cmdprefix='do_without_error'
@@ -41,7 +43,7 @@ if [ "${ip}" ] ; then
     # If we've been given a list of IP addresses, then add routes from dom0 to
     # the guest using those addresses.
     for addr in ${ip} ; do
-      ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
+      ${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [RFC][BUGFIX][vif-route] vif-route script exits early when deleting vifs, Reiner Sailer <=