bitkeeper revision 1.1159.223.53 (41fc0c19tGe1rM62SUQk8WYZjH-D1Q)

Add iptables modules to the default xen0 kernel, and add example configuration files for a NAT setup.

5 files changed, 278 insertions, 3 deletions

diff --git a/.rootkeys b/.rootkeys
index b14c560ec8..a6f49dc24c 100644
--- a/.rootkeys
+++ b/.rootkeys
@@ -314,12 +314,15 @@
 405ff55dawQyCHFEnJ067ChPRoXBBA tools/examples/init.d/xend
 40278d94cIUWl2eRgnwZtr4hTyWT1Q tools/examples/init.d/xendomains
 40ee75a9xFz6S05sDKu-JCLqyVTkDA tools/examples/network
+41fc0c18hVgK5rKJyZUsqybux9D9Dg tools/examples/network-nat
 41e661e1giIEKbJ25qfiP-ke8u8hFA tools/examples/network-route
 40ee75a967sxgcRY4Q7zXoVUaJ4flA tools/examples/vif-bridge
+41fc0c18AFAVXA1uGm1JFWHMeeznVw tools/examples/vif-nat
 41e661e1ooiRKlOfwumG6wwzc0PdhQ tools/examples/vif-route
 40ee75a93cqxHp6MiYXxxwR5j2_8QQ tools/examples/xend-config.sxp
 41090ec8Pj_bkgCBpg2W7WfmNkumEA tools/examples/xmexample1
 40cf2937oKlROYOJTN8GWwWM5AmjBg tools/examples/xmexample2
+41fc0c18_k4iL81hu4pMIWQu9dKpKA tools/examples/xmexample3
 3fbba6dbDfYvJSsw9500b4SZyUhxjQ tools/libxc/Makefile
 41cc934abX-QLXJXW_clV_wRjM0zYg tools/libxc/plan9a.out.h
 3fbba6dc1uU7U3IFeF6A-XEOYF2MkQ tools/libxc/rpm.spec
diff --git a/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig b/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig
index d3e884bff4..d41daac521 100644
--- a/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig
+++ b/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig
@@ -499,7 +499,7 @@ CONFIG_IP_NF_FTP=m
 # CONFIG_IP_NF_QUEUE is not set
 CONFIG_IP_NF_IPTABLES=m
 # CONFIG_IP_NF_MATCH_LIMIT is not set
-# CONFIG_IP_NF_MATCH_IPRANGE is not set
+CONFIG_IP_NF_MATCH_IPRANGE=m
 # CONFIG_IP_NF_MATCH_MAC is not set
 # CONFIG_IP_NF_MATCH_PKTTYPE is not set
 # CONFIG_IP_NF_MATCH_MARK is not set
@@ -522,11 +522,20 @@ CONFIG_IP_NF_IPTABLES=m
 # CONFIG_IP_NF_MATCH_SCTP is not set
 # CONFIG_IP_NF_MATCH_COMMENT is not set
 # CONFIG_IP_NF_MATCH_HASHLIMIT is not set
-# CONFIG_IP_NF_FILTER is not set
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_TARGET_REJECT=m
 # CONFIG_IP_NF_TARGET_LOG is not set
 # CONFIG_IP_NF_TARGET_ULOG is not set
 # CONFIG_IP_NF_TARGET_TCPMSS is not set
-# CONFIG_IP_NF_NAT is not set
+CONFIG_IP_NF_NAT=m
+CONFIG_IP_NF_NAT_NEEDED=y
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+# CONFIG_IP_NF_TARGET_REDIRECT is not set
+# CONFIG_IP_NF_TARGET_NETMAP is not set
+# CONFIG_IP_NF_TARGET_SAME is not set
+# CONFIG_IP_NF_NAT_LOCAL is not set
+# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
+CONFIG_IP_NF_NAT_FTP=m
 # CONFIG_IP_NF_MANGLE is not set
 # CONFIG_IP_NF_RAW is not set
 # CONFIG_IP_NF_ARPTABLES is not set
diff --git a/tools/examples/network-nat b/tools/examples/network-nat
new file mode 100644
index 0000000000..ed32b70c58
--- /dev/null
+++ b/tools/examples/network-nat
@@ -0,0 +1,77 @@
+#!/bin/sh
+#============================================================================
+# Default Xen network start/stop script.
+# Xend calls a network script when it starts.
+# The script name to use is defined in /etc/xen/xend-config.sxp
+# in the network-script field.
+#
+# Usage:
+#
+# network-route (start|stop|status) {VAR=VAL}*
+#
+# Vars:
+#
+# netdev     The gateway interface (default eth0).
+# antispoof  Whether to use iptables to prevent spoofing (default yes).
+#
+#============================================================================
+
+
+
+# Exit if anything goes wrong.
+set -e 
+
+# First arg is the operation.
+OP=$1
+shift
+
+# Pull variables in args in to environment.
+for arg ; do export "${arg}" ; done
+
+netdev=${netdev:-eth0}
+# antispoofing not yet implemented
+antispoof=${antispoof:-yes}
+
+echo "network-nat $OP netdev=$netdev antispoof=$antispoof"
+
+
+op_start() {
+	echo 1 >/proc/sys/net/ipv4/ip_forward
+	iptables -t nat -A POSTROUTING -o ${netdev} -j MASQUERADE
+}
+
+
+op_stop() {
+	iptables -t nat -D POSTROUTING -o ${netdev} -j MASQUERADE
+}
+
+
+show_status() {
+    echo '============================================================'
+    ifconfig
+    echo ' '
+    ip route list
+    echo ' '
+    route -n
+    echo '============================================================'
+
+}
+
+case ${OP} in
+    start)
+        op_start
+        ;;
+    
+    stop)
+        op_stop
+        ;;
+
+    status)
+        show_status
+       ;;
+
+    *)
+       echo 'Unknown command: ' ${OP}
+       echo 'Valid commands are: start, stop, status'
+       exit 1
+esac
diff --git a/tools/examples/vif-nat b/tools/examples/vif-nat
new file mode 100644
index 0000000000..2cf3557806
--- /dev/null
+++ b/tools/examples/vif-nat
@@ -0,0 +1,66 @@
+#!/bin/sh
+#============================================================================
+# /etc/xen/vif-nat
+#
+# Script for configuring a vif in routed-nat mode.
+# Xend calls a vif script when bringing a vif up or down.
+# This script is the default - but it can be configured for each vif.
+#
+# Example invocation:
+#
+# vif-nat up domain=VM1 vif=vif1.0 ip="192.168.0.10/31"
+#
+# Usage:
+# vif-nat (up|down) {VAR=VAL}*
+#
+# Vars:
+#
+# domain  name of the domain the interface is on (required).
+# vif     vif interface name (required).
+# ip      list of IP networks for the vif, space-separated (required).
+#============================================================================
+
+# Exit if anything goes wrong
+set -e 
+
+echo "vif-nat $*"
+
+# Operation name.
+OP=$1
+shift
+
+# Pull variables in args into environment
+for arg ; do export "${arg}" ; done
+
+# Required parameters. Fail if not set.
+domain=${domain:?}
+vif=${vif:?}
+ip=${ip:?} 
+
+# better way to strip /netmask from the ip?
+vif_ip=`echo ${ip} | awk -F. '{print $1"."$2"."$3"."$4}'`
+
+main_ip=`ifconfig eth0 | grep "inet addr:" | sed -e 's/.*inet addr:\(\w\w*\.\w\w*\.\w\w*\.\w\w*\).*/\1/'`
+
+# Are we going up or down?
+case $OP in
+    up)
+        ifconfig ${vif} ${vif_ip} netmask 255.255.255.0 up
+        echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
+        iptcmd='-A'
+        ipcmd='a'
+        ;;
+    down)
+        ifconfig ${vif} down
+        iptcmd='-D'
+        ipcmd='d'
+        ;;
+    *)
+        echo 'Invalid command: ' $OP
+        echo 'Valid commands are: up, down'
+        exit 1
+        ;;
+esac
+
+ip r ${ipcmd} ${ip} dev ${vif} src ${main_ip}
+#    iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -p udp --sport 68 --dport 67 -j ACCEPT
diff --git a/tools/examples/xmexample3 b/tools/examples/xmexample3
new file mode 100644
index 0000000000..fd96a7b201
--- /dev/null
+++ b/tools/examples/xmexample3
@@ -0,0 +1,120 @@
+#  -*- mode: python; -*-
+#============================================================================
+# Example Python setup script for 'xm create'.
+# This script sets the parameters used when a domain is created using 'xm create'.
+#
+# This is a relatively advanced script that uses a parameter, vmid, to control
+# the settings. So this script can be used to start a set of domains by
+# setting the vmid parameter on the 'xm create' command line. For example:
+#
+# xm create vmid=1
+# xm create vmid=2
+# xm create vmid=3
+#
+# The vmid is purely a script variable, and has no effect on the the domain
+# id assigned to the new domain.
+#============================================================================
+
+# Define script variables here.
+# xm_vars is defined automatically, use xm_vars.var() to define a variable.
+
+# This function checks that 'vmid' has been given a valid value.
+# It is called automatically by 'xm create'.
+def vmid_check(var, val):
+    val = int(val)
+    if val <= 0:
+        raise ValueError
+    return val
+
+# Define the 'vmid' variable so that 'xm create' knows about it.
+xm_vars.var('vmid',
+            use="Virtual machine id. Integer greater than 0.",
+            check=vmid_check)
+
+# Check the defined variables have valid values..
+xm_vars.check()
+
+#----------------------------------------------------------------------------
+# Kernel image file.
+kernel = "/path/to/domU/kernel"
+
+# Optional ramdisk.
+#ramdisk = "/boot/initrd.gz"
+
+# The domain build function. Default is 'linux'.
+#builder='linux'
+
+# Initial memory allocation (in megabytes) for the new domain.
+memory = 64
+
+# A name for the new domain. All domains have to have different names,
+# so we use the vmid to create a name.
+name = "VM%d" % vmid
+
+# Which CPU to start domain on? 
+#cpu = -1   # leave to Xen to pick
+cpu = vmid  # set based on vmid (mod number of CPUs)
+
+#----------------------------------------------------------------------------
+# Define network interfaces.
+
+# Number of network interfaces. Default is 1.
+#nics=1
+
+# Optionally define mac and/or bridge for the network interfaces.
+# Random MACs are assigned if not given.
+
+vif = [ 'ip=192.168.%d.1/24' % (vmid)]
+
+#----------------------------------------------------------------------------
+# Define the disk devices you want the domain to have access to, and
+# what you want them accessible as.
+# Each disk entry is of the form phy:UNAME,DEV,MODE
+# where UNAME is the device, DEV is the device name the domain will see,
+# and MODE is r for read-only, w for read-write.
+
+# This makes the disk device depend on the vmid - assuming
+# tHat devices sda7, sda8 etc. exist. The device is exported
+# to all domains as sda1.
+# All domains get sda6 read-only (to use for /usr, see below).
+disk = [ 'phy:hda%d,hda1,w' % (vmid)]
+
+#----------------------------------------------------------------------------
+# Set the kernel command line for the new domain.
+# You only need to define the IP parameters and hostname if the domain's
+# IP config doesn't, e.g. in ifcfg-eth0 or via DHCP.
+# You can use 'extra' to set the runlevel and custom environment
+# variables used by custom rc scripts (e.g. VMID=, usr= ).
+
+# Set if you want dhcp to allocate the IP address.
+dhcp="off"
+ip="192.168.%d.2" % (vmid)
+# Set netmask.
+netmask="255.255.255.0"
+# Set default gateway.
+gateway="192.168.%d.1" % (vmid)
+# Set the hostname.
+hostname= "domain-%d.xeno" % vmid
+
+# Set root device.
+root = "/dev/hda1 ro"
+
+# Root device for nfs.
+#root = "/dev/nfs"
+# The nfs server.
+#nfs_server = "10.212.4.103"
+# Root directory on the nfs server.
+#nfs_root   = "/path/to/root/filesystem"
+
+# Sets runlevel 4 and the device for /usr.
+extra = "4 VMID=%d" % vmid
+
+#----------------------------------------------------------------------------
+# Set according to whether you want the domain restarted when it exits.
+# The default is 'onreboot', which restarts the domain when it shuts down
+# with exit code reboot.
+# Other values are 'always', and 'never'.
+
+#restart = 'onreboot'
+
+#============================================================================