Network: add macvtap mode

This change make it possible to use a macvtap interface as a
standard interface (green0).
This is required by libvirt, because libvirt adds macvtap interfaces to
the physical interface, but this causes a problem. A VM  with this
configuration can communicate with the whole network,
but not with the Host (IPFire).
To solve this problem, the host interface must be also a macvtap interface.
This is achieved by:
1. In /var/ipfire/ethernet/settings the mode of a interface could set
with GREEN_MODE= ...
When the mode is macvtap the physical interface is renamed to green0phys
instead of green0. If the mode is not set the normal configuration is
applied .
2. The  network-hotplug-macvtap script checks if a physical nic ends
with "phys".
When the interface ends with "phys", the script adds a macvtap interface
to the physical nic which is named green0. The MAC address of this
interface is set to the MAC address of the physical nic. The MAC address
of the physical is set to a random value. We do this because the MAC
address of green0 should not change.
All services, IP addresses then binds to the macvatap interface, the
physical nic is not used.
PS.:  The script works also with the orange or blue interface, just
replace green with orange or blue.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev
index 4d519544d96d5e3dde75d5cb73020fd7473ff22f..e1f4bd5fbd308ddc9b9ec8a5b66b82be52bc53d5 100644 (file)
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -28,6 +28,7 @@ lib/udev
 #lib/udev/hwdb.d/60-keyboard.hwdb
 #lib/udev/init-net-rules.sh
 #lib/udev/mtd_probe
+#lib/udev/network-hotplug-macvtap
 #lib/udev/network-hotplug-rename
 #lib/udev/network-hotplug-vlan
 #lib/udev/rule_generator.functions

diff --git a/config/udev/60-net.rules b/config/udev/60-net.rules
index e82320cfe4ddb344cab26f2895ecb9ac0a276a2c..e031e7a1edcce7dce7f4f6afe039d87b30bedfad 100644 (file)
--- a/config/udev/60-net.rules
+++ b/config/udev/60-net.rules
@@ -5,3 +5,6 @@ ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RES
 # Call a script that will create all virtual devices for a parent device
 # that has just come up.
 ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-vlan"
+
+# Call a script that will set up macvtap interfaces
+ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-macvtap"

diff --git a/config/udev/network-hotplug-macvtap b/config/udev/network-hotplug-macvtap
new file mode 100644 (file)
index 0000000..7f5da12
--- /dev/null
+++ b/config/udev/network-hotplug-macvtap
@@ -0,0 +1,46 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org>                         #
+#                                                                          #
+############################################################################
+
+[ -n "${INTERFACE}" ] || exit 2
+
+PHYSICAL_INTERFACE="${INTERFACE}"
+VIRTUAL_INTERFACE="${INTERFACE%phys}"
+#VIRTUAL_INTERFACE="${VIRTUAL_INTERFACE}0"
+
+# Do nothing if the physical interface does not end with "phys"
+case "${PHYSICAL_INTERFACE}" in
+       *phys)
+               ;;
+       *)
+               exit 0
+               ;;
+esac
+
+ADDRESS="$(</sys/class/net/${PHYSICAL_INTERFACE}/address)"
+rand="$(</proc/sys/kernel/random/uuid)"
+rand="${rand//-/}"
+GENERATED_ADDRESS=$(echo "02:${rand:0:2}:${rand:2:2}:${rand:4:2}:${rand:6:2}:${rand:8:2}")
+
+ip link add link "${PHYSICAL_INTERFACE}" "${VIRTUAL_INTERFACE}" address "${ADDRESS}" type macvlan mode bridge
+ip link set "${PHYSICAL_INTERFACE}" address "${GENERATED_ADDRESS}"
+ip link set "${PHYSICAL_INTERFACE}" up

diff --git a/config/udev/network-hotplug-rename b/config/udev/network-hotplug-rename
index 331b7881855d06f0463d22237a4c020001b99c6d..aaae641e1529fa3cf2120ac0827c1892d4ebf0f4 100644 (file)
--- a/config/udev/network-hotplug-rename
+++ b/config/udev/network-hotplug-rename
@@ -57,16 +57,23 @@ ADDRESS="$(</sys/class/net/${INTERFACE}/address)"
 for zone in ${ZONES}; do
        address="${zone}_MACADDR"
        device="${zone}_DEV"
+       mode="${zone}_MODE"
 
        # Skip if address or device is unset
        [ -n "${!address}" -a -n "${!device}" ] || continue
 
+       # Compare MAC addresses
+       [ "${ADDRESS}" = "${!address}" ] || continue
+
        # If a matching interface has been found we will
        # print the name to which udev will rename it.
-       if [ "${ADDRESS}" = "${!address}" ]; then
+       if [ "${!mode}" = "macvtap" ]; then
+               echo "${!device}phys"
+       else
                echo "${!device}"
-               exit 0
        fi
+
+       exit 0
 done
 
 # If we get here we have not found a matching device,

diff --git a/lfs/udev b/lfs/udev
index 7d5bdbca19106b427367a7f1903aff517536f6d0..61bd337418c91d4a46201f9e69f7cc549bf9b815 100644 (file)
--- a/lfs/udev
+++ b/lfs/udev
@@ -109,6 +109,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                /lib/udev/network-hotplug-rename
        install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-vlan \
                /lib/udev/network-hotplug-vlan
+       install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-macvtap \
+               /lib/udev/network-hotplug-macvtap
        install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \
                /lib/udev/rules.d