mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-21 08:22:59 +02:00
7b616db4e2
This change make it possible to use a macvtap interface as a standard interface (green0). This is required by libvirt, because libvirt adds macvtap interfaces to the physical interface, but this causes a problem. A VM with this configuration can communicate with the whole network, but not with the Host (IPFire). To solve this problem, the host interface must be also a macvtap interface. This is achieved by: 1. In /var/ipfire/ethernet/settings the mode of a interface could set with GREEN_MODE= ... When the mode is macvtap the physical interface is renamed to green0phys instead of green0. If the mode is not set the normal configuration is applied . 2. The network-hotplug-macvtap script checks if a physical nic ends with "phys". When the interface ends with "phys", the script adds a macvtap interface to the physical nic which is named green0. The MAC address of this interface is set to the MAC address of the physical nic. The MAC address of the physical is set to a random value. We do this because the MAC address of green0 should not change. All services, IP addresses then binds to the macvatap interface, the physical nic is not used. PS.: The script works also with the orange or blue interface, just replace green with orange or blue. Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
83 lines
2.8 KiB
Bash
83 lines
2.8 KiB
Bash
#!/bin/bash
|
|
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2015 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
# Check if all appropriate variables are set
|
|
[ -n "${INTERFACE}" ] || exit 2
|
|
|
|
# Ignore virtual interfaces, etc.
|
|
case "${INTERFACE}" in
|
|
lo)
|
|
exit 0
|
|
;;
|
|
tun*)
|
|
exit 0
|
|
;;
|
|
ppp*)
|
|
exit 0
|
|
;;
|
|
esac
|
|
|
|
# Check if INTERFACE actually exists
|
|
[ -d "/sys/class/net/${INTERFACE}" ] || exit 1
|
|
|
|
# If the network configuration is not readable,
|
|
# we cannot go on.
|
|
if [ ! -r "/var/ipfire/ethernet/settings" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
# Read network settings
|
|
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
|
|
|
|
# Standard zones
|
|
ZONES="RED GREEN ORANGE BLUE"
|
|
|
|
# Determine the address of INTERFACE
|
|
ADDRESS="$(</sys/class/net/${INTERFACE}/address)"
|
|
|
|
# Walk through all zones and find the matching interface
|
|
for zone in ${ZONES}; do
|
|
address="${zone}_MACADDR"
|
|
device="${zone}_DEV"
|
|
mode="${zone}_MODE"
|
|
|
|
# Skip if address or device is unset
|
|
[ -n "${!address}" -a -n "${!device}" ] || continue
|
|
|
|
# Compare MAC addresses
|
|
[ "${ADDRESS}" = "${!address}" ] || continue
|
|
|
|
# If a matching interface has been found we will
|
|
# print the name to which udev will rename it.
|
|
if [ "${!mode}" = "macvtap" ]; then
|
|
echo "${!device}phys"
|
|
else
|
|
echo "${!device}"
|
|
fi
|
|
|
|
exit 0
|
|
done
|
|
|
|
# If we get here we have not found a matching device,
|
|
# but we won't return an error any way. The new device
|
|
# will remain with the previous name.
|
|
exit 0
|