Added ebtables-xen hook

git-svn-id: http://svn.opennebula.org/one/trunk@708 3034c82b-c49b-4eb3-8279-a7acafdc01c0
2025-03-26 06:50:09 +03:00 · 2009-07-21 10:45:54 +00:00 · 2009-07-21 10:45:54 +00:00 · 7212278256
commit 7212278256
parent 2e0f4709e5
2 changed files with 51 additions and 1 deletions
--- a/install.sh
+++ b/install.sh
@ -110,7 +110,8 @@ else
 fi

 SHARE_DIRS="$SHARE_LOCATION/examples \
-            $SHARE_LOCATION/examples/tm"
+            $SHARE_LOCATION/examples/tm \
+            $SHARE_LOCATION/hooks"

 ETC_DIRS="$ETC_LOCATION/im_kvm \
          $ETC_LOCATION/im_xen \
@ -154,6 +155,7 @@ INSTALL_FILES[8]="SSH_TM_COMMANDS_LIB_FILES:$LIB_LOCATION/tm_commands/ssh"
 INSTALL_FILES[9]="DUMMY_TM_COMMANDS_LIB_FILES:$LIB_LOCATION/tm_commands/dummy"
 INSTALL_FILES[10]="EXAMPLE_SHARE_FILES:$SHARE_LOCATION/examples"
 INSTALL_FILES[11]="TM_EXAMPLE_SHARE_FILES:$SHARE_LOCATION/examples/tm"
+INSTALL_FILES[12]="HOOK_SHARE_FILES:$SHARE_LOCATION/hooks"

 INSTALL_ETC_FILES[0]="ETC_FILES:$ETC_LOCATION"
 INSTALL_ETC_FILES[1]="VMM_XEN_ETC_FILES:$ETC_LOCATION/vmm_xen"
@ -366,6 +368,12 @@ TM_EXAMPLE_SHARE_FILES="share/examples/tm/tm_clone.sh \
                        share/examples/tm/tm_mkswap.sh \
                        share/examples/tm/tm_mv.sh"

+#-------------------------------------------------------------------------------
+# HOOK scripts, to be installed under $SHARE_LOCATION/hooks
+#-------------------------------------------------------------------------------
+
+HOOK_SHARE_FILES="share/hooks/ebtables-xen"
+
 #-------------------------------------------------------------------------------
 #-------------------------------------------------------------------------------
 # INSTALL.SH SCRIPT
--- a/share/hooks/ebtables-xen
+++ b/share/hooks/ebtables-xen
@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+ 
+COMMAND=ARGV[0]
+VM_NAME=ARGV[1]
+ 
+def activate(rule)
+    system "sudo ebtables -A #{rule}"
+end
+ 
+def deactivate(rule)
+    system "sudo ebtables -D #{rule}"
+end
+ 
+vm_id=`sudo xm domid #{VM_NAME}`.strip
+networks=`sudo xm network-list #{vm_id}`.split("\n")[1..-1]
+ 
+networks.each {|net|
+    n=net.split
+    iface_id=n[0]
+    iface_mac=n[2]
+ 
+    mac=iface_mac.split(':')
+    mac[-1]='00'
+    net_mac=mac.join(':')
+ 
+    tap="vif#{vm_id}.#{iface_id}"
+ 
+    in_rule="INPUT -d ! #{iface_mac}/FF:FF:FF:FF:FF:FF -i #{tap} -j DROP"
+    out_rule="OUTPUT -s ! #{net_mac}/FF:FF:FF:FF:FF:00 -o #{tap} -j DROP"
+ 
+    case COMMAND
+    when "start"
+        activate(in_rule)
+        activate(out_rule)
+    when "stop"
+        deactivate(in_rule)
+        deactivate(out_rule)
+    else
+        puts "First parameter should be start or stop"
+    end
+}
+