From 7212278256e5d39b863a9e46022e1fe9556488a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20Font=C3=A1n=20Mui=C3=B1os?= <jfontan@fdi.ucm.es>
Date: Tue, 21 Jul 2009 10:45:54 +0000
Subject: [PATCH] Added ebtables-xen hook

git-svn-id: http://svn.opennebula.org/one/trunk@708 3034c82b-c49b-4eb3-8279-a7acafdc01c0
---
 install.sh               | 10 +++++++++-
 share/hooks/ebtables-xen | 42 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100755 share/hooks/ebtables-xen

diff --git a/install.sh b/install.sh
index 4df3e6a24e..23c1ec8971 100755
--- a/install.sh
+++ b/install.sh
@@ -110,7 +110,8 @@ else
 fi
 
 SHARE_DIRS="$SHARE_LOCATION/examples \
-            $SHARE_LOCATION/examples/tm"
+            $SHARE_LOCATION/examples/tm \
+            $SHARE_LOCATION/hooks"
 
 ETC_DIRS="$ETC_LOCATION/im_kvm \
           $ETC_LOCATION/im_xen \
@@ -154,6 +155,7 @@ INSTALL_FILES[8]="SSH_TM_COMMANDS_LIB_FILES:$LIB_LOCATION/tm_commands/ssh"
 INSTALL_FILES[9]="DUMMY_TM_COMMANDS_LIB_FILES:$LIB_LOCATION/tm_commands/dummy"
 INSTALL_FILES[10]="EXAMPLE_SHARE_FILES:$SHARE_LOCATION/examples"
 INSTALL_FILES[11]="TM_EXAMPLE_SHARE_FILES:$SHARE_LOCATION/examples/tm"
+INSTALL_FILES[12]="HOOK_SHARE_FILES:$SHARE_LOCATION/hooks"
 
 INSTALL_ETC_FILES[0]="ETC_FILES:$ETC_LOCATION"
 INSTALL_ETC_FILES[1]="VMM_XEN_ETC_FILES:$ETC_LOCATION/vmm_xen"
@@ -366,6 +368,12 @@ TM_EXAMPLE_SHARE_FILES="share/examples/tm/tm_clone.sh \
                         share/examples/tm/tm_mkswap.sh \
                         share/examples/tm/tm_mv.sh"
 
+#-------------------------------------------------------------------------------
+# HOOK scripts, to be installed under $SHARE_LOCATION/hooks
+#-------------------------------------------------------------------------------
+
+HOOK_SHARE_FILES="share/hooks/ebtables-xen"
+
 #-------------------------------------------------------------------------------
 #-------------------------------------------------------------------------------
 # INSTALL.SH SCRIPT
diff --git a/share/hooks/ebtables-xen b/share/hooks/ebtables-xen
new file mode 100755
index 0000000000..661fceec78
--- /dev/null
+++ b/share/hooks/ebtables-xen
@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+ 
+COMMAND=ARGV[0]
+VM_NAME=ARGV[1]
+ 
+def activate(rule)
+    system "sudo ebtables -A #{rule}"
+end
+ 
+def deactivate(rule)
+    system "sudo ebtables -D #{rule}"
+end
+ 
+vm_id=`sudo xm domid #{VM_NAME}`.strip
+networks=`sudo xm network-list #{vm_id}`.split("\n")[1..-1]
+ 
+networks.each {|net|
+    n=net.split
+    iface_id=n[0]
+    iface_mac=n[2]
+ 
+    mac=iface_mac.split(':')
+    mac[-1]='00'
+    net_mac=mac.join(':')
+ 
+    tap="vif#{vm_id}.#{iface_id}"
+ 
+    in_rule="INPUT -d ! #{iface_mac}/FF:FF:FF:FF:FF:FF -i #{tap} -j DROP"
+    out_rule="OUTPUT -s ! #{net_mac}/FF:FF:FF:FF:FF:00 -o #{tap} -j DROP"
+ 
+    case COMMAND
+    when "start"
+        activate(in_rule)
+        activate(out_rule)
+    when "stop"
+        deactivate(in_rule)
+        deactivate(out_rule)
+    else
+        puts "First parameter should be start or stop"
+    end
+}
+