[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [RFC][BUGFIX][vif-route] vif-route script exits early when deleting vifs

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Fri, 25 Aug 2006 12:27:09 -0400
Delivery-date: Fri, 25 Aug 2006 09:27:39 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

I have experienced that the vif-route script does not work as expectedwhen deleting a virtual interface (Redhat FC5). Both of the commands"ifdown" and "ip route" cause an early vif-route script exit andtherefore will cause skipping of the later script commands (such ascleaning up iptables entries for the default 'antispoof'). The vif-routescript creates the following syslog error entry:"/etc/xen/scripts/vif-route failed; error detected."

It appears that both of the problematic commands are actually redundantwhen destroying domains:1. the interface is already gone (I assume because the domain frontendis gone already) --> ifdown does not do anything2. the route is gone as well since the interface has disappeared --> iproute del does not do anything

Executing those redundant commands with "do_without_error" ensures thatthe script completes and cleans up iptables rules. The attachedRFC-patch only masks those commands when bringing down an interface, sothat domain creation continues to fail in case of vif setup problems(intended behavior).

Having the iptables cleanup called correctly by vif-route is importantto keep the iptables rule-set clean, otherwise antispoof rulesaccumulate with every vif creation..


Comments welcome.

Reiner

Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>

---
 tools/examples/vif-route |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Index: xen-unstable.hg_test/tools/examples/vif-route
===================================================================
--- xen-unstable.hg_test.orig/tools/examples/vif-route
+++ xen-unstable.hg_test/tools/examples/vif-route
@@ -30,10 +30,12 @@ case "$command" in
         ifconfig ${vif} ${main_ip} netmask 255.255.255.255 up
         echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
         ipcmd='add'
+        cmdprefix=''
         ;;
     offline)
-        ifdown ${vif}
+        do_without_error ifdown ${vif}
         ipcmd='del'
+        cmdprefix='do_without_error'
         ;;
 esac
 
@@ -41,7 +43,7 @@ if [ "${ip}" ] ; then
     # If we've been given a list of IP addresses, then add routes from dom0 to
     # the guest using those addresses.
     for addr in ${ip} ; do
-      ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
+      ${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} src ${main_ip}
     done 
 fi

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: [Xen-devel] Re: [POWERPC/IA64] Updates required due to loader changes
Next by Date: [Xen-devel] [PATCH] bridge: don't assume headroom in skb
Previous by thread: [Xen-devel] VMX Status Report 11251:d5eb5205ff35
Next by thread: [Xen-devel] [PATCH] Lazy save/restore of SVM debug registers
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.