Network: add macvtap mode

This change make it possible to use a macvtap interface as a standard interface (green0). This is required by libvirt, because libvirt adds macvtap interfaces to the physical interface, but this causes a problem. A VM with this configuration can communicate with the whole network, but not with the Host (IPFire). To solve this problem, the host interface must be also a macvtap interface. This is achieved by: 1. In /var/ipfire/ethernet/settings the mode of a interface could set with GREEN_MODE= ... When the mode is macvtap the physical interface is renamed to green0phys instead of green0. If the mode is not set the normal configuration is applied . 2. The network-hotplug-macvtap script checks if a physical nic ends with "phys". When the interface ends with "phys", the script adds a macvtap interface to the physical nic which is named green0. The MAC address of this interface is set to the MAC address of the physical nic. The MAC address of the physical is set to a random value. We do this because the MAC address of green0 should not change. All services, IP addresses then binds to the macvatap interface, the physical nic is not used. PS.: The script works also with the orange or blue interface, just replace green with orange or blue. Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2016-05-07 16:01:08 +02:00
parent 48396bdffe
commit 7b616db4e2
5 changed files with 61 additions and 2 deletions
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -28,6 +28,7 @@ lib/udev
 #lib/udev/hwdb.d/60-keyboard.hwdb
 #lib/udev/init-net-rules.sh
 #lib/udev/mtd_probe
+#lib/udev/network-hotplug-macvtap
 #lib/udev/network-hotplug-rename
 #lib/udev/network-hotplug-vlan
 #lib/udev/rule_generator.functions
--- a/config/udev/60-net.rules
+++ b/config/udev/60-net.rules
@@ -5,3 +5,6 @@ ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RES
 # Call a script that will create all virtual devices for a parent device
 # that has just come up.
 ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-vlan"
+
+# Call a script that will set up macvtap interfaces
+ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-macvtap"
--- a/config/udev/network-hotplug-macvtap
+++ b/config/udev/network-hotplug-macvtap
@@ -0,0 +1,46 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org>                         #
+#                                                                          #
+############################################################################
+
+[ -n "${INTERFACE}" ] || exit 2
+
+PHYSICAL_INTERFACE="${INTERFACE}"
+VIRTUAL_INTERFACE="${INTERFACE%phys}"
+#VIRTUAL_INTERFACE="${VIRTUAL_INTERFACE}0"
+
+# Do nothing if the physical interface does not end with "phys"
+case "${PHYSICAL_INTERFACE}" in
+	*phys)
+		;;
+	*)
+		exit 0
+		;;
+esac
+
+ADDRESS="$(</sys/class/net/${PHYSICAL_INTERFACE}/address)"
+rand="$(</proc/sys/kernel/random/uuid)"
+rand="${rand//-/}"
+GENERATED_ADDRESS=$(echo "02:${rand:0:2}:${rand:2:2}:${rand:4:2}:${rand:6:2}:${rand:8:2}")
+
+ip link add link "${PHYSICAL_INTERFACE}" "${VIRTUAL_INTERFACE}" address "${ADDRESS}" type macvlan mode bridge
+ip link set "${PHYSICAL_INTERFACE}" address "${GENERATED_ADDRESS}"
+ip link set "${PHYSICAL_INTERFACE}" up
--- a/config/udev/network-hotplug-rename
+++ b/config/udev/network-hotplug-rename
@@ -57,16 +57,23 @@ ADDRESS="$(</sys/class/net/${INTERFACE}/address)"
 for zone in ${ZONES}; do
 	address="${zone}_MACADDR"
 	device="${zone}_DEV"
+	mode="${zone}_MODE"

 	# Skip if address or device is unset
 	[ -n "${!address}" -a -n "${!device}" ] || continue

+	# Compare MAC addresses
+	[ "${ADDRESS}" = "${!address}" ] || continue
+
 	# If a matching interface has been found we will
 	# print the name to which udev will rename it.
-	if [ "${ADDRESS}" = "${!address}" ]; then
+	if [ "${!mode}" = "macvtap" ]; then
+		echo "${!device}phys"
+	else
 		echo "${!device}"
-		exit 0
 	fi
+
+	exit 0
 done

 # If we get here we have not found a matching device,
--- a/lfs/udev
+++ b/lfs/udev
@@ -109,6 +109,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		/lib/udev/network-hotplug-rename
 	install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-vlan \
 		/lib/udev/network-hotplug-vlan
+	install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-macvtap \
+		/lib/udev/network-hotplug-macvtap
 	install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \
 		/lib/udev/rules.d