Commit cd25bbad authored by Vangelis Koukis's avatar Vangelis Koukis
Browse files

Add patches to support simple NAT-based networking

Add patches to NFDHCPD, the sample KVM ifup script
and the python-nfqueue package to support simple NAT-based networking,
under contrib/patches.
parent e32bfada
--- kvm-vif-bridge 2011-06-05 11:52:48.000000000 +0300
+++ /etc/ganeti/kvm-vif-bridge 2011-06-05 11:55:16.000000000 +0300
@@ -91,6 +91,10 @@
routed_setup_ipv6
routed_setup_firewall
routed_setup_nfdhcpd
+
+ # Quick and dirty hack for the development platform
+ # also *bridge* the interface to br0, to support host-based NAT
+ brctl addif br0 $INTERFACE
elif [ "$MODE" = "bridged" ]; then
ifconfig $INTERFACE 0.0.0.0 up
brctl addif $BRIDGE $INTERFACE
diff --git a/nfdhcpd b/nfdhcpd
index c3bdcc7..19e8d6c 100755
--- a/nfdhcpd
+++ b/nfdhcpd
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python2.7
#
# nfdcpd: A promiscuous, NFQUEUE-based DHCP server for virtual machine hosting
@@ -496,7 +496,9 @@ class VMNetProxy(object): # pylint: disable=R0902
""" Generate a reply to a BOOTP/DHCP request
"""
- indev = payload.get_indev()
+ # If the packet comes from a bridged interface, use the ifindex
+ # of the physical device instead of the ifindex of the bridge interface
+ indev = payload.get_physindev() or payload.get_indev()
try:
# Get the actual interface from the ifindex
iface = self.ifaces[indev]
@@ -537,7 +539,7 @@ class VMNetProxy(object): # pylint: disable=R0902
return
resp = Ether(dst=mac, src=self.get_iface_hw_addr(iface))/\
- IP(src=DHCP_DUMMY_SERVER_IP, dst=binding.ip)/\
+ IP(src=self.dhcp_server_ip, dst=binding.ip)/\
UDP(sport=pkt.dport, dport=pkt.sport)/resp
subnet = self.subnets[binding.link]
@@ -593,7 +595,7 @@ class VMNetProxy(object): # pylint: disable=R0902
# Finally, always add the server identifier and end options
dhcp_options += [
("message-type", resp_type),
- ("server_id", DHCP_DUMMY_SERVER_IP),
+ ("server_id", self.dhcp_server_ip),
"end"
]
resp /= DHCP(options=dhcp_options)
@@ -606,7 +608,7 @@ class VMNetProxy(object): # pylint: disable=R0902
""" Generate a reply to a BOOTP/DHCP request
"""
- indev = payload.get_indev()
+ indev = payload.get_physindev() or payload.get_indev()
try:
# Get the actual interface from the ifindex
iface = self.ifaces[indev]
@@ -641,7 +643,7 @@ class VMNetProxy(object): # pylint: disable=R0902
""" Generate a reply to an ICMPv6 neighbor solicitation
"""
- indev = payload.get_indev()
+ indev = payload.get_physindev() or payload.get_indev()
try:
# Get the actual interface from the ifindex
iface = self.ifaces[indev]
root@store67:~/src/python-nfqueue# diff -ur original/nfqueue-bindings-0.3/ mine/nfqueue-bindings-0.3|grep -v ^Only
diff -ur original/nfqueue-bindings-0.3//libnetfilter_queue.i mine/nfqueue-bindings-0.3/libnetfilter_queue.i
--- original/nfqueue-bindings-0.3//libnetfilter_queue.i 2009-10-18 18:37:28.000000000 +0300
+++ mine/nfqueue-bindings-0.3/libnetfilter_queue.i 2011-06-05 10:58:46.000000000 +0300
@@ -51,6 +51,7 @@
%extend payload {
int get_nfmark();
int get_indev();
+ int get_physindev();
int get_outdev();
unsigned int get_length(void) {
diff -ur original/nfqueue-bindings-0.3//nfq_common.c mine/nfqueue-bindings-0.3/nfq_common.c
--- original/nfqueue-bindings-0.3//nfq_common.c 2009-10-18 18:37:28.000000000 +0300
+++ mine/nfqueue-bindings-0.3/nfq_common.c 2011-06-05 10:59:54.000000000 +0300
@@ -192,6 +192,11 @@
return nfq_get_indev(self->nfad);
}
+int payload_get_physindev(struct payload *self)
+{
+ return nfq_get_physindev(self->nfad);
+}
+
int payload_get_outdev(struct payload *self)
{
return nfq_get_outdev(self->nfad);
diff -ur original/nfqueue-bindings-0.3//nfq_common.h mine/nfqueue-bindings-0.3/nfq_common.h
--- original/nfqueue-bindings-0.3//nfq_common.h 2009-10-18 18:37:28.000000000 +0300
+++ mine/nfqueue-bindings-0.3/nfq_common.h 2011-06-05 10:59:18.000000000 +0300
@@ -32,6 +32,8 @@
int payload_get_indev(struct payload *self);
+int payload_get_physindev(struct payload *self);
+
int payload_get_outdev(struct payload *self);
#endif /* __NFQ_COMMON__ */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment