From 7b616db4e2a2cdfb81c2e6cd1be0813747921905 Mon Sep 17 00:00:00 2001
From: Jonatan Schlag <jonatan.schlag@ipfire.org>
Date: Sat, 7 May 2016 16:01:08 +0200
Subject: [PATCH] Network: add macvtap mode

This change make it possible to use a macvtap interface as a
standard interface (green0).
This is required by libvirt, because libvirt adds macvtap interfaces to
the physical interface, but this causes a problem. A VM  with this
configuration can communicate with the whole network,
but not with the Host (IPFire).
To solve this problem, the host interface must be also a macvtap interface.
This is achieved by:
1. In /var/ipfire/ethernet/settings the mode of a interface could set
with GREEN_MODE= ...
When the mode is macvtap the physical interface is renamed to green0phys
instead of green0. If the mode is not set the normal configuration is
applied .
2. The  network-hotplug-macvtap script checks if a physical nic ends
with "phys".
When the interface ends with "phys", the script adds a macvtap interface
to the physical nic which is named green0. The MAC address of this
interface is set to the MAC address of the physical nic. The MAC address
of the physical is set to a random value. We do this because the MAC
address of green0 should not change.
All services, IP addresses then binds to the macvatap interface, the
physical nic is not used.
PS.:  The script works also with the orange or blue interface, just
replace green with orange or blue.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/udev        |  1 +
 config/udev/60-net.rules            |  3 ++
 config/udev/network-hotplug-macvtap | 46 +++++++++++++++++++++++++++++
 config/udev/network-hotplug-rename  | 11 +++++--
 lfs/udev                            |  2 ++
 5 files changed, 61 insertions(+), 2 deletions(-)
 create mode 100644 config/udev/network-hotplug-macvtap

diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev
index 4d519544d9..e1f4bd5fbd 100644
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -28,6 +28,7 @@ lib/udev
 #lib/udev/hwdb.d/60-keyboard.hwdb
 #lib/udev/init-net-rules.sh
 #lib/udev/mtd_probe
+#lib/udev/network-hotplug-macvtap
 #lib/udev/network-hotplug-rename
 #lib/udev/network-hotplug-vlan
 #lib/udev/rule_generator.functions
diff --git a/config/udev/60-net.rules b/config/udev/60-net.rules
index e82320cfe4..e031e7a1ed 100644
--- a/config/udev/60-net.rules
+++ b/config/udev/60-net.rules
@@ -5,3 +5,6 @@ ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RES
 # Call a script that will create all virtual devices for a parent device
 # that has just come up.
 ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-vlan"
+
+# Call a script that will set up macvtap interfaces
+ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-macvtap"
diff --git a/config/udev/network-hotplug-macvtap b/config/udev/network-hotplug-macvtap
new file mode 100644
index 0000000000..7f5da12cbe
--- /dev/null
+++ b/config/udev/network-hotplug-macvtap
@@ -0,0 +1,46 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2016 IPFire Team <info@ipfire.org>                         #
+#                                                                          #
+############################################################################
+
+[ -n "${INTERFACE}" ] || exit 2
+
+PHYSICAL_INTERFACE="${INTERFACE}"
+VIRTUAL_INTERFACE="${INTERFACE%phys}"
+#VIRTUAL_INTERFACE="${VIRTUAL_INTERFACE}0"
+
+# Do nothing if the physical interface does not end with "phys"
+case "${PHYSICAL_INTERFACE}" in
+	*phys)
+		;;
+	*)
+		exit 0
+		;;
+esac
+
+ADDRESS="$(</sys/class/net/${PHYSICAL_INTERFACE}/address)"
+rand="$(</proc/sys/kernel/random/uuid)"
+rand="${rand//-/}"
+GENERATED_ADDRESS=$(echo "02:${rand:0:2}:${rand:2:2}:${rand:4:2}:${rand:6:2}:${rand:8:2}")
+
+ip link add link "${PHYSICAL_INTERFACE}" "${VIRTUAL_INTERFACE}" address "${ADDRESS}" type macvlan mode bridge
+ip link set "${PHYSICAL_INTERFACE}" address "${GENERATED_ADDRESS}"
+ip link set "${PHYSICAL_INTERFACE}" up
diff --git a/config/udev/network-hotplug-rename b/config/udev/network-hotplug-rename
index 331b788185..aaae641e15 100644
--- a/config/udev/network-hotplug-rename
+++ b/config/udev/network-hotplug-rename
@@ -57,16 +57,23 @@ ADDRESS="$(</sys/class/net/${INTERFACE}/address)"
 for zone in ${ZONES}; do
 	address="${zone}_MACADDR"
 	device="${zone}_DEV"
+	mode="${zone}_MODE"
 
 	# Skip if address or device is unset
 	[ -n "${!address}" -a -n "${!device}" ] || continue
 
+	# Compare MAC addresses
+	[ "${ADDRESS}" = "${!address}" ] || continue
+
 	# If a matching interface has been found we will
 	# print the name to which udev will rename it.
-	if [ "${ADDRESS}" = "${!address}" ]; then
+	if [ "${!mode}" = "macvtap" ]; then
+		echo "${!device}phys"
+	else
 		echo "${!device}"
-		exit 0
 	fi
+
+	exit 0
 done
 
 # If we get here we have not found a matching device,
diff --git a/lfs/udev b/lfs/udev
index 7d5bdbca19..61bd337418 100644
--- a/lfs/udev
+++ b/lfs/udev
@@ -109,6 +109,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		/lib/udev/network-hotplug-rename
 	install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-vlan \
 		/lib/udev/network-hotplug-vlan
+	install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-macvtap \
+		/lib/udev/network-hotplug-macvtap
 	install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \
 		/lib/udev/rules.d
 
-- 
2.39.2