ebtables-xen accepts an array of bridges to act upon. Changed from array#count to array#length for backwards compatibility

git-svn-id: http://svn.opennebula.org/one/trunk@904 3034c82b-c49b-4eb3-8279-a7acafdc01c0
2025-01-11 05:17:41 +03:00 · 2009-10-29 17:53:02 +00:00 · 2009-10-29 17:53:02 +00:00 · 91ebf207b0
commit 91ebf207b0
parent 94d3551b2b
2 changed files with 61 additions and 10 deletions
--- a/share/hooks/ebtables-kvm
+++ b/share/hooks/ebtables-kvm
@ -35,7 +35,7 @@ def get_bridges
    cur_bridge = ""
    brctl_exit.split("\n")[1..-1].each do |l| 
        l = l.split
-        if l.count > 1
+        if l.length > 1
            cur_bridge = l[0]
            bridges[cur_bridge] = Array.new
            bridges[cur_bridge] << l[3]
--- a/share/hooks/ebtables-xen
+++ b/share/hooks/ebtables-xen
@ -1,29 +1,80 @@
 #!/usr/bin/env ruby

+# -------------------------------------------------------------------------- #
+# Copyright 2002-2009, Distributed Systems Architecture Group, Universidad   #
+# Complutense de Madrid (dsa-research.org)                                   #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License. You may obtain    #
+# a copy of the License at                                                   #
+#                                                                            #
+# http://www.apache.org/licenses/LICENSE-2.0                                 #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS,          #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+#--------------------------------------------------------------------------- #
+
 VM_NAME=ARGV[0]

+# Uncomment to act only on the listed bridges.
+#FILTERED_BRIDGES = ['beth0']
+
 def activate(rule)
    system "sudo ebtables -A #{rule}"
 end

-vm_id=`sudo xm domid one-#{VM_NAME}`.strip
+def get_bridges
+    bridges = Hash.new
+    brctl_exit=`brctl show`
+    cur_bridge = ""
+    brctl_exit.split("\n")[1..-1].each do |l| 
+        l = l.split
+        if l.length > 1
+            cur_bridge = l[0]
+            bridges[cur_bridge] = Array.new
+            bridges[cur_bridge] << l[3]
+        else
+            bridges[cur_bridge] << l[0]
+        end
+    end
+    bridges
+end
+
+def get_interfaces
+    bridges = get_bridges
+    if defined? FILTERED_BRIDGES
+        FILTERED_BRIDGES.collect {|k,v| bridges[k]}.flatten
+    else
+        bridges.values.flatten
+    end
+end
+
+vm_id=`sudo xm domid #{VM_NAME}`.strip
 networks=`sudo xm network-list #{vm_id}`.split("\n")[1..-1]

+interfaces = get_interfaces
+
 networks.each {|net|
    n=net.split
    iface_id=n[0]
    iface_mac=n[2]

-    mac=iface_mac.split(':')
-    mac[-1]='00'
-    net_mac=mac.join(':')
-
    tap="vif#{vm_id}.#{iface_id}"

-    in_rule="FORWARD -s ! #{net_mac}/ff:ff:ff:ff:ff:00 -o #{tap} -j DROP"
-    out_rule="FORWARD -s ! #{iface_mac} -i #{tap} -j DROP"
+    if interfaces.include? tap
+        mac=iface_mac.split(':')
+        mac[-1]='00'
+        net_mac=mac.join(':')

-    activate(in_rule)
-    activate(out_rule)
+
+        in_rule="FORWARD -s ! #{net_mac}/ff:ff:ff:ff:ff:00 -o #{tap} -j DROP"
+        out_rule="FORWARD -s ! #{iface_mac} -i #{tap} -j DROP"
+
+        activate(in_rule)
+        activate(out_rule)
+    end
 }