1#! /bin/bash
2
3dir=$(dirname "$0")
4. "$dir/xen-hotplug-common.sh"
5. "$dir/hotplugpath.sh"
6
7findCommand "$@"
8
9if [ "$command" != "setup" -a  "$command" != "teardown" ]
10then
11    echo "Invalid command: $command"
12    log err "Invalid command: $command"
13    exit 1
14fi
15
16evalVariables "$@"
17
18: ${vifname:?}
19: ${forwarddev:?}
20: ${mode:?}
21: ${index:?}
22: ${bridge:?}
23
24forwardbr="colobr0"
25
26if [ "$mode" != "primary" -a "$mode" != "secondary" ]
27then
28    echo "Invalid mode: $mode"
29    log err "Invalid mode: $mode"
30    exit 1
31fi
32
33if [ $index -lt 0 ] || [ $index -gt 100 ]; then
34    echo "index overflow"
35    exit 1
36fi
37
38function setup_primary()
39{
40    do_without_error tc qdisc add dev $vifname root handle 1: prio
41    do_without_error tc filter add dev $vifname parent 1: protocol ip prio 10 \
42        u32 match u32 0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
43    do_without_error tc filter add dev $vifname parent 1: protocol arp prio 11 \
44        u32 match u32 0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
45    do_without_error tc filter add dev $vifname parent 1: protocol ipv6 prio \
46        12 u32 match u32 0 0 flowid 1:2 action mirred egress mirror \
47        dev $forwarddev
48
49    do_without_error modprobe nf_conntrack_ipv4
50    do_without_error modprobe xt_PMYCOLO sec_dev=$forwarddev
51
52    iptables -t mangle -I PREROUTING -m physdev --physdev-in \
53        $vifname -j PMYCOLO --index $index
54    ip6tables -t mangle -I PREROUTING -m physdev --physdev-in \
55        $vifname -j PMYCOLO --index $index
56    do_without_error arptables -I INPUT -i $forwarddev -j MARK --set-mark $index
57}
58
59function teardown_primary()
60{
61    do_without_error tc filter del dev $vifname parent 1: protocol ip prio 10 u32 match u32 \
62        0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
63    do_without_error tc filter del dev $vifname parent 1: protocol arp prio 11 u32 match u32 \
64        0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
65    do_without_error tc filter del dev $vifname parent 1: protocol ipv6 prio 12 u32 match u32 \
66        0 0 flowid 1:2 action mirred egress mirror dev $forwarddev
67    do_without_error tc qdisc del dev $vifname root handle 1: prio
68
69    do_without_error iptables -t mangle -D PREROUTING -m physdev --physdev-in \
70        $vifname -j PMYCOLO --index $index
71    do_without_error ip6tables -t mangle -D PREROUTING -m physdev --physdev-in \
72        $vifname -j PMYCOLO --index $index
73    do_without_error arptables -F
74    do_without_error rmmod xt_PMYCOLO
75}
76
77function setup_secondary()
78{
79    if which brctl >&/dev/null; then
80        do_without_error brctl delif $bridge $vifname
81        do_without_error brctl addbr $forwardbr
82        do_without_error brctl addif $forwardbr $vifname
83        do_without_error brctl addif $forwardbr $forwarddev
84    else
85        do_without_error ip link set $vifname nomaster
86        do_without_error ip link add name $forwardbr type bridge
87        do_without_error ip link set $vifname master $forwardbr
88        do_without_error ip link set $forwarddev master $forwardbr
89    fi
90    do_without_error ip link set dev $forwardbr up
91    do_without_error modprobe xt_SECCOLO
92
93    iptables -t mangle -I PREROUTING -m physdev --physdev-in \
94        $vifname -j SECCOLO --index $index
95    ip6tables -t mangle -I PREROUTING -m physdev --physdev-in \
96        $vifname -j SECCOLO --index $index
97}
98
99function teardown_secondary()
100{
101    if which brctl >&/dev/null; then
102        do_without_error brctl delif $forwardbr $forwarddev
103        do_without_error brctl delif $forwardbr $vifname
104        do_without_error brctl delbr $forwardbr
105        do_without_error brctl addif $bridge $vifname
106    else
107        do_without_error ip link set $forwarddev nomaster
108        do_without_error ip link set $vifname nomaster
109        do_without_error ip link delete $forwardbr type bridge
110        do_without_error ip link set $vifname master $bridge
111    fi
112
113    do_without_error iptables -t mangle -D PREROUTING -m physdev --physdev-in \
114        $vifname -j SECCOLO --index $index
115    do_without_error ip6tables -t mangle -D PREROUTING -m physdev --physdev-in \
116        $vifname -j SECCOLO --index $index
117    do_without_error rmmod xt_SECCOLO
118}
119
120case "$command" in
121    setup)
122        if [ "$mode" = "primary" ]
123        then
124            setup_primary
125        else
126            setup_secondary
127        fi
128
129        success
130        ;;
131    teardown)
132        if [ "$mode" = "primary" ]
133        then
134            teardown_primary
135        else
136            teardown_secondary
137        fi
138        ;;
139esac
140
141if [ "$mode" = "primary" ]
142then
143    log debug "Successful colo-proxy-setup $command for $vifname." \
144              " vifname: $vifname, index: $index, forwarddev: $forwarddev."
145else
146    log debug "Successful colo-proxy-setup $command for $vifname." \
147              " vifname: $vifname, index: $index, forwarddev: $forwarddev,"\
148              " forwardbr: $forwardbr."
149fi
150