Re: [patch] xen udev rule interfering with openvpn

From: Roger Pau Monne <roger.pau@citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
	M A Young <m.a.young@durham.ac.uk>
Subject: Re: [patch] xen udev rule interfering with openvpn
Date: Tue, 17 Apr 2012 14:08:02 +0100	[thread overview]
Message-ID: <0BD309F0-D2F1-45D5-899B-F0242D13A569@citrix.com> (raw)
In-Reply-To: <1334658395.23948.6.camel@zakaz.uk.xensource.com>

El 17/04/2012, a las 11:26, Ian Campbell escribió:
> On Mon, 2012-04-16 at 20:03 +0100, M A Young wrote:
>> There is a Fedora bug report 
>> https://bugzilla.redhat.com/show_bug.cgi?id=812421 reporting that openvpn 
>> is having problems because of the line
>> SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add", RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
>> in /etc/udev/rules.d/xen-backend.rules which is causing the xen script to 
>> run when openvpn tries to use a tap device, causing it to fail. I have 
>> used the attached patch to solve this problem, by matching the form of the 
>> tap device that xen uses more exactly to avoid to openvpn case. A better 
>> long-term solution (suggested in one of the comments in the bug) might be 
>> to use a more specific name instead of "tap" so we have less chance of 
>> interfering with another application.
> 
> This is a good start, I think we should do this for 4.2.
> 
> Changing the name might be pretty simple though e.g. the following.
> Works for me with xl but I didn't try xend (seems "obviously correct"?)
> 
> I noticed that when vifname is set xend prepends "tap-" (presumably to
> distinguish it from the vif device) whereas libxl does not, so I suspect
> named vifs for HVM guests don't work so well, I fixed that while I was
> there...
> 
> Also at least for the libxl case we will likely not be running these
> hotplug scripts via udev any more in 4.2, however I don't think there is
> any harm in making this change first (iff we decide it is suitable for
> 4.2).
> 
> Ian.
> 
> # HG changeset patch
> # User Ian Campbell <ian.campbell@citrix.com>
> # Date 1334658366 -3600
> # Node ID de3e65d804cceab7291e2accc18d50ae8b816433
> # Parent  8d92d1f34921c8675d85c74aa36e319c9451f68f
> libxl/xend: name tap devices with a xentap prefix
> 
> This prevents the udev scripts from operating on other tap devices (e.g.
> openvpn etc)
> 
> Also add "xentap-" prefix to the tap device when an explicit name is given to
> avoid a conflict with the vif device, which would otherwise have the same name.
> Likewise correct the documentation for this option which suggested it applied
> to HVM tap devices only.
> 
> Reported by Michael Young.
> 
> Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

Acked-by: Roger Pau Monne <roger.pau@citrix.com>

I've already changed my hotplug series to match this change in the udev rules, so this has to go in before mine.

> 
> diff -r 8d92d1f34921 -r de3e65d804cc docs/misc/xl-network-configuration.markdown
> --- a/docs/misc/xl-network-configuration.markdown	Mon Apr 16 17:57:00 2012 +0100
> +++ b/docs/misc/xl-network-configuration.markdown	Tue Apr 17 11:26:06 2012 +0100
> @@ -93,11 +93,14 @@ are:
> 
> ### vifname
> 
> -This keyword is valid for HVM guest devices with `type=ioemu` only.
> +Specifies the backend device name for the virtual device.
> 
> -Specifies the backend device name for an emulated device. The default
> -is `tapDOMID.DEVID` where `DOMID` is the guest domain ID and `DEVID`
> -is the device number.
> +If the domain is an HVM domain then the associated emulated (tap)
> +device will have a "xentap-" prefix added.
> +
> +The default name for the virtual device is `vifDOMID.DEVID` where
> +`DOMID` is the guest domain ID and `DEVID` is the device
> +number. Likewise the default tap name is `xentapDOMID.DEVID`.
> 
> ### script
> 
> diff -r 8d92d1f34921 -r de3e65d804cc tools/hotplug/Linux/vif-common.sh
> --- a/tools/hotplug/Linux/vif-common.sh	Mon Apr 16 17:57:00 2012 +0100
> +++ b/tools/hotplug/Linux/vif-common.sh	Tue Apr 17 11:26:06 2012 +0100
> @@ -85,8 +85,8 @@ elif [ "$type_if" = tap ]; then
>     : ${INTERFACE:?}
> 
>     # Get xenbus_path from device name.
> -    # The name is built like that: "tap${domid}.${devid}".
> -    dev_=${dev#tap}
> +    # The name is built like that: "xentap${domid}.${devid}".
> +    dev_=${dev#xentap}
>     domid=${dev_%.*}
>     devid=${dev_#*.}
> 
> diff -r 8d92d1f34921 -r de3e65d804cc tools/hotplug/Linux/xen-backend.rules
> --- a/tools/hotplug/Linux/xen-backend.rules	Mon Apr 16 17:57:00 2012 +0100
> +++ b/tools/hotplug/Linux/xen-backend.rules	Tue Apr 17 11:26:06 2012 +0100
> @@ -13,4 +13,4 @@ KERNEL=="blktap-control", NAME="xen/blkt
> KERNEL=="gntdev", NAME="xen/%k", MODE="0600"
> KERNEL=="pci_iomul", NAME="xen/%k", MODE="0600"
> KERNEL=="tapdev[a-z]*", NAME="xen/blktap-2/tapdev%m", MODE="0600"
> -SUBSYSTEM=="net", KERNEL=="tap*", ACTION=="add", RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
> +SUBSYSTEM=="net", KERNEL=="xentap*", ACTION=="add", RUN+="/etc/xen/scripts/vif-setup $env{ACTION} type_if=tap"
> diff -r 8d92d1f34921 -r de3e65d804cc tools/libxl/libxl_dm.c
> --- a/tools/libxl/libxl_dm.c	Mon Apr 16 17:57:00 2012 +0100
> +++ b/tools/libxl/libxl_dm.c	Tue Apr 17 11:26:06 2012 +0100
> @@ -212,9 +212,9 @@ static char ** libxl__build_device_model
>                 char *ifname;
>                 if (!vifs[i].ifname)
>                     ifname = libxl__sprintf(gc,
> -                                            "tap%d.%d", domid, vifs[i].devid);
> +                                            "xentap%d.%d", domid, vifs[i].devid);
>                 else
> -                    ifname = vifs[i].ifname;
> +                    ifname = libxl__sprintf(gc, "xentap-%s", vifs[i].ifname);
>                 flexarray_vappend(dm_args,
>                                 "-net", libxl__sprintf(gc, "nic,vlan=%d,macaddr=%s,model=%s",
>                                                        vifs[i].devid, smac, vifs[i].model),
> @@ -451,10 +451,10 @@ static char ** libxl__build_device_model
>                                 LIBXL_MAC_FMT, LIBXL_MAC_BYTES(vifs[i].mac));
>                 char *ifname;
>                 if (!vifs[i].ifname) {
> -                    ifname = libxl__sprintf(gc, "tap%d.%d",
> +                    ifname = libxl__sprintf(gc, "xentap%d.%d",
>                                             guest_domid, vifs[i].devid);
>                 } else {
> -                    ifname = vifs[i].ifname;
> +                    ifname = libxl__sprintf(gc, "xentap-%s", vifs[i].ifname);
>                 }
>                 flexarray_append(dm_args, "-device");
>                 flexarray_append(dm_args,
> diff -r 8d92d1f34921 -r de3e65d804cc tools/python/xen/xend/image.py
> --- a/tools/python/xen/xend/image.py	Mon Apr 16 17:57:00 2012 +0100
> +++ b/tools/python/xen/xend/image.py	Tue Apr 17 11:26:06 2012 +0100
> @@ -921,7 +921,7 @@ class HVMImageHandler(ImageHandler):
>             if vifname:
>                 vifname = "tap-" + vifname
>             else:
> -                vifname = "tap%d.%d" % (self.vm.getDomid(), nics-1)
> +                vifname = "xentap%d.%d" % (self.vm.getDomid(), nics-1)
>             ret.append("-net")
>             ret.append("tap,vlan=%d,ifname=%s,bridge=%s" %
>                        (nics, vifname, bridge))
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel