* [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes
@ 2020-07-30 15:52 Diego Sueiro
2020-07-30 15:52 ` [PATCH 2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host Diego Sueiro
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: Diego Sueiro @ 2020-07-30 15:52 UTC (permalink / raw)
To: meta-arm; +Cc: nd
This patch introduces two fixes for the vif-nat script:
1- Setting the hostname is failing because the "$XENBUS_PATH/domain"
doesn't exist anymore. To fix this we set it to dom$domid.
2- Copy temp files used to add/remove dhcpd configurations to avoid
replacing potential symlinks.
Change-Id: I5f2ed917c15bbe1c6ff9ec3cc9ad2fc4e1c0fb60
Issue-Id: SCM-1019
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
.../xen/xen-tools/0001-vif-nat-fix-hostname.patch | 18 +++++++++
.../0002-vif-nat-fix-symlink-removal.patch | 45 ++++++++++++++++++++++
.../recipes-extended/xen/xen-tools_%.bbappend | 5 +++
3 files changed, 68 insertions(+)
create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
new file mode 100644
index 0000000..87f25e2
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
@@ -0,0 +1,18 @@
+Upstream-Status: Pending
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+
+Setting the hostname is failing because the "$XENBUS_PATH/domain"
+doesn't exist anymore. To fix this we set it to dom$domid
+
+Index: git/tools/hotplug/Linux/vif-nat
+===================================================================
+--- git.orig/tools/hotplug/Linux/vif-nat
++++ git/tools/hotplug/Linux/vif-nat
+@@ -86,6 +86,7 @@ router_ip=$(routing_ip "$ip")
+ vif_ip=`echo ${ip} | awk -F/ '{print $1}'`
+
+ hostname=$(xenstore_read "$XENBUS_PATH/domain" | tr -- '_.:/+' '-----')
++[ -z "${hostname}" ] && hostname=dom$domid
+ if [ "$vifid" != "1" ]
+ then
+ hostname="$hostname-$vifid"
diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
new file mode 100644
index 0000000..bcd5778
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
@@ -0,0 +1,45 @@
+Upstream-Status: Pending
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+
+Copy temp files used to add/remove dhcpd configurations to avoid
+replacing potential symlinks.
+
+Index: git/tools/hotplug/Linux/vif-nat
+===================================================================
+--- git.orig/tools/hotplug/Linux/vif-nat
++++ git/tools/hotplug/Linux/vif-nat
+@@ -99,7 +100,8 @@ dhcparg_remove_entry()
+ then
+ rm "$tmpfile"
+ else
+- mv "$tmpfile" "$dhcpd_arg_file"
++ cp "$tmpfile" "$dhcpd_arg_file"
++ rm "$tmpfile"
+ fi
+ }
+
+@@ -109,11 +111,11 @@ dhcparg_add_entry()
+ local tmpfile=$(mktemp)
+ # handle Red Hat, SUSE, and Debian styles, with or without quotes
+ sed -e 's/^DHCPDARGS="*\([^"]*\)"*/DHCPDARGS="\1'"${dev} "'"/' \
+- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
+ sed -e 's/^DHCPD_INTERFACE="*\([^"]*\)"*/DHCPD_INTERFACE="\1'"${dev} "'"/' \
+- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
+ sed -e 's/^INTERFACES="*\([^"]*\)"*/INTERFACES="\1'"${dev} "'"/' \
+- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
+ rm -f "$tmpfile"
+ }
+
+@@ -125,7 +127,8 @@ dhcp_remove_entry()
+ then
+ rm "$tmpfile"
+ else
+- mv "$tmpfile" "$dhcpd_conf_file"
++ cp "$tmpfile" "$dhcpd_conf_file"
++ rm "$tmpfile"
+ fi
+ dhcparg_remove_entry
+ }
diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend b/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
new file mode 100644
index 0000000..ef8eddd
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
@@ -0,0 +1,5 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += "file://0001-vif-nat-fix-hostname.patch \
+ file://0002-vif-nat-fix-symlink-removal.patch \
+ "
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host
2020-07-30 15:52 [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Diego Sueiro
@ 2020-07-30 15:52 ` Diego Sueiro
2020-07-30 15:55 ` [meta-arm] " Bertrand Marquis
2020-07-30 15:52 ` [PATCH 3/4] arm-autonomy/xenguest-network: Add private network support for xenguest Diego Sueiro
` (2 subsequent siblings)
3 siblings, 1 reply; 9+ messages in thread
From: Diego Sueiro @ 2020-07-30 15:52 UTC (permalink / raw)
To: meta-arm; +Cc: nd
To properly set the iptables rules to be applied when configuring the
network between the host and guest we need to have the netfilter.scc
kernel feature and following kernel extra kernel configs:
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
Change-Id: I6f3ff9e8db5d359efba5fb3ead04703f4f2ec88b
Issue-Id: SCM-1019
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
| 2 ++
.../features/arm-autonomy/xen-host-iptables.scc | 9 +++++++++
meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc | 6 +++++-
3 files changed, 16 insertions(+), 1 deletion(-)
create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
--git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
new file mode 100644
index 0000000..1a57369
--- /dev/null
+++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
@@ -0,0 +1,2 @@
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
new file mode 100644
index 0000000..8f8ba45
--- /dev/null
+++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
@@ -0,0 +1,9 @@
+#
+# Not directly sourced via a kernel type but via an external bb
+#
+
+define KFEATURE_DESCRIPTION "Enable netfilter + conn tracking + extras"
+define KFEATURE_COMPATIBILITY all
+
+include features/netfilter/netfilter.scc
+kconf non-hardware netfilter-extra.cfg
diff --git a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
index 2763444..5f55d9b 100644
--- a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
+++ b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
@@ -10,7 +10,11 @@ SRC_URI_append = " file://arm-autonomy-kmeta;type=kmeta;name=arm-autonomy-kmeta;
# Add xen host drivers to kernel if arm-autonomy-host is activated
KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
- 'arm-autonomy-host', 'features/arm-autonomy/xen-host.scc', '', d)}"
+ 'arm-autonomy-host', \
+ 'features/arm-autonomy/xen-host.scc \
+ features/arm-autonomy/xen-host-iptables.scc', \
+ '', d)}"
+
# Add xen guest drivers to kernel if arm-autonomy-guest is activated
KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/4] arm-autonomy/xenguest-network: Add private network support for xenguest
2020-07-30 15:52 [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Diego Sueiro
2020-07-30 15:52 ` [PATCH 2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host Diego Sueiro
@ 2020-07-30 15:52 ` Diego Sueiro
2020-07-30 15:55 ` [meta-arm] " Bertrand Marquis
2020-07-30 15:52 ` [PATCH 4/4] arm-autonomy/xenguest-network: Add NAT port forward support Diego Sueiro
2020-07-30 15:55 ` [meta-arm] [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Bertrand Marquis
3 siblings, 1 reply; 9+ messages in thread
From: Diego Sueiro @ 2020-07-30 15:52 UTC (permalink / raw)
To: meta-arm; +Cc: nd
Introduce the private/internal network support for xenguest by using NAT
and applying the proper iptables rules to allow the guest to have access
to the external network.
The XENGUEST_NETWORK_TYPE variable was introduced to allow the user to
setup the xenguest network type between "bridge" (default), "nat" and
"none".
Change-Id: I919e5b0fd0809093698b9dec3a9503b598b54828
Issue-Id: SCM-1019
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
meta-arm-autonomy/classes/xenguest-image.bbclass | 18 +--
.../documentation/xenguest-network-bridge.md | 49 --------
.../documentation/xenguest-network.md | 70 +++++++++++
...k-bridge.bbappend => xenguest-network.bbappend} | 0
.../images/arm-autonomy-host-image-minimal.bb | 2 +-
.../xenguest/files/00-vif-xenguest.hook | 130 +++++++++++++++++++++
.../xenguest/files/dhcpd-params.cfg | 30 +++++
.../xenguest/files/network-bridge.sh.in | 25 +++-
.../xenguest/xenguest-base-image.bb | 7 +-
...guest-network-bridge.bb => xenguest-network.bb} | 16 ++-
10 files changed, 283 insertions(+), 64 deletions(-)
delete mode 100644 meta-arm-autonomy/documentation/xenguest-network-bridge.md
create mode 100644 meta-arm-autonomy/documentation/xenguest-network.md
rename meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/{xenguest-network-bridge.bbappend => xenguest-network.bbappend} (100%)
create mode 100755 meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
create mode 100644 meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
rename meta-arm-autonomy/recipes-extended/xenguest/{xenguest-network-bridge.bb => xenguest-network.bb} (79%)
diff --git a/meta-arm-autonomy/classes/xenguest-image.bbclass b/meta-arm-autonomy/classes/xenguest-image.bbclass
index e8880f3..be1dde5 100644
--- a/meta-arm-autonomy/classes/xenguest-image.bbclass
+++ b/meta-arm-autonomy/classes/xenguest-image.bbclass
@@ -58,10 +58,14 @@ XENGUEST_IMAGE_DISK_SIZE ??= "${@ '4' if not d.getVar('INITRAMFS_IMAGE') else '0
# and containing the root filesystem produced by Yocto
XENGUEST_IMAGE_DISK_PARTITIONS ??= "1:${XENGUEST_IMAGE_DISK_SIZE}:ext4:rootfs.tar.gz"
-# XENGUEST_IMAGE_NETWORK_BRIDGE can be set to 1 to have a network interface
-# on the guest connected to host bridged network. This will provide the guest
-# with a network interface connected directly to the external network
-XENGUEST_IMAGE_NETWORK_BRIDGE ??= "1"
+# XENGUEST_IMAGE_NETWORK_TYPE can be set to "bridge", "nat" or "none".
+# The "bridge" type will share the physical eth interface from dom0 with the
+# domU. This will allow the domU to have access to the external network.
+# The "nat" type will setup a virtual network between dom0 and domU and also
+# configure and run the dhcpd on dom0 to serve the domU.
+# The "none" type will not affect any networking setting between on dom0 and
+# domU.
+XENGUEST_IMAGE_NETWORK_TYPE ??= "bridge"
# Sub-directory in wich the guest is created. This is create in deploy as a
# subdirectory and must be coherent between all components using this class so
@@ -147,10 +151,10 @@ xenguest_image_create() {
call_xenguest_mkimage update --set-param=GUEST_AUTOBOOT=0
fi
- if [ "${XENGUEST_IMAGE_NETWORK_BRIDGE}" = "1" ]; then
- call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=1
+ if [ -n "${XENGUEST_IMAGE_NETWORK_TYPE}" ]; then
+ call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="${XENGUEST_IMAGE_NETWORK_TYPE}"
else
- call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=0
+ call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="none"
fi
}
diff --git a/meta-arm-autonomy/documentation/xenguest-network-bridge.md b/meta-arm-autonomy/documentation/xenguest-network-bridge.md
deleted file mode 100644
index 6653fe8..0000000
--- a/meta-arm-autonomy/documentation/xenguest-network-bridge.md
+++ /dev/null
@@ -1,49 +0,0 @@
-xenguest network bridge
-=======================
-
-Introduction
-------------
-
-xenguest-network-bridge is creating a network bridge to allow some guests to
-have a direct connection to the external network.
-To do this, a bridge is created on the host using brctl with the network
-interfaces added to it so that the bridge is connected to the external network.
-It is also adding a guest init script which will, for guests configured to use
-it, create a virtual network interface for the guest and connect it to the
-network bridge on the host.
-
-Usage
------
-
-On the host the package xenguest-network-bridge must be included in your image.
-
-On the xenguest image of your guest, the parameter NETWORK_BRIDGE must be set
-to 1 (using xenguest-mkimage --set-param=NETWORK_BRIDGE=1).
-
-Bitbake parameters
-------------------
-Several parameters are available to configure the xenguest network bridge
-during Yocto project compilation (those can be set in your project local.conf,
-for example).
-
-The following parameters are available:
-
-- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
- bridge that is created on the host during init.
- This is set by default to "xenbr0".
-
-- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of network
- interfaces that are added to the bridge when it is created on the host during
- init.
- This is set by default to "eth0".
-
-- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
- to use to configure the bridge network. By default it points to have file
- configuring the network using dhcp.
- You can provide a different file using a bbappend and make this variable
- point to it if you want to customize your network configuration.
-
-- XENGUEST_IMAGE_NETWORK_BRIDGE: This variable can be set to 0 or 1 on guest
- projects to enable or not the connection of the guest to the host bridge.
- This is set by default to "1".
-
diff --git a/meta-arm-autonomy/documentation/xenguest-network.md b/meta-arm-autonomy/documentation/xenguest-network.md
new file mode 100644
index 0000000..c61a11a
--- /dev/null
+++ b/meta-arm-autonomy/documentation/xenguest-network.md
@@ -0,0 +1,70 @@
+Xenguest Network
+================
+
+Introduction
+------------
+
+The xenguest-network package is primarly creating a network bridge to share
+the host eth physical interfaces with the guests virtual interfaces (vif).
+This way the guests can have access to the external network.
+
+At the moment 3 types of network arrangements are provided:
+
+- Bridge: where the guest vif is added to the created bridge interface;
+
+- NAT: where a private subnet is created for the guest, a dhcpd is started on
+ the host to serve the guest and the proper iptables rules are created to
+ allow the guest to access the external network;
+
+- None: the guest vif is not connected to the bridge.
+
+Usage
+-----
+
+On the host project the package xenguest-network must be included in your
+image, and on the guest project the XENGUEST_NETWORK_TYPE needs to be set to
+"bridge", "nat" or "none".
+
+Bitbake parameters
+------------------
+
+Several parameters are available to configure the xenguest network bridge
+during Yocto project compilation (those can be set in your project local.conf
+or xenguest-network.bbappend, for example).
+
+The following parameters are available:
+
+- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
+ bridge that is created on the host during init.
+ This is set by default to "xenbr0".
+
+- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of the
+ physical network interfaces that are added to the bridge when it is created
+ on the host during init.
+ By default no physical interfaces are added.
+
+- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
+ to use to configure the bridge network. By default it points to have file
+ configuring the network using dhcp.
+ You can provide a different file using a bbappend and make this variable
+ point to it if you want to customize your network configuration.
+
+- XENGUEST_IMAGE_NETWORK_TYPE: This variable can be set to "bridge" (default),
+ "nat" or "none".
+ The **bridge** type will add the domU vif interface to a bridge which also
+ contains the dom0 physical interface giving the guest direct access to the
+ external network.
+ The **nat** type will setup a private network between dom0 and domU, setup
+ the appropriate routing table, configure and run the dhcpd on dom0 to serve
+ the domU and apply the iptables rules to allow the guest to acess the
+ external network. The dhcpd configuration for the guest can be customised by
+ replacing the
+ "meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg" file
+ in a xenguest-network.bbappend. The dhcpd-params.cfg file is installed in
+ the xenguest image and copied to
+ "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg" when the guest
+ image is created. It will be consumed by the
+ "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" script which is called by
+ "/etc/xen/scripts/vif-nat" script when starting/stopping the xenguest.
+ The **none** type will not affect any networking setting between on dom0 and
+ domU.
diff --git a/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend b/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
similarity index 100%
rename from meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend
rename to meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
diff --git a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
index 9731c7c..188e31d 100644
--- a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
+++ b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
@@ -41,7 +41,7 @@ IMAGE_INSTALL += " \
packagegroup-core-ssh-openssh \
qemu-system-i386 \
xenguest-manager \
- xenguest-network-bridge \
+ xenguest-network \
"
# Build xen binary
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
new file mode 100755
index 0000000..32d5976
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
@@ -0,0 +1,130 @@
+#============================================================================
+# ${XEN_SCRIPT_DIR}/vif-post.d/00-vif-xenguest.hook
+#
+# Script for performing local configuration of a vif.
+# This script will be sourced by, e.g., vif-bridge after the hotplugging
+# system calls vif-bridge. The script is here and not simply executed as
+# a udev rule because this allows simple access to several environment
+# variables set by the calling vif-* script.
+#
+# Environment vars:
+# command (add|remove|online|offline)
+# dev vif interface name (required).
+# main_ip IP address of Dom0
+# ip list of IP networks for the vif, space-separated
+# XENBUS_PATH path to this device's details in the XenStore (required).
+#============================================================================
+
+domid=$(xenstore_read "${XENBUS_PATH}/frontend-id")
+guestname=$(xenstore_read "/local/domain/${domid}/name")
+bridge=$(xenstore_read "${XENBUS_PATH}/bridge")
+
+if [ ! -f /etc/xenguest/guests/${guestname}/params.cfg ]; then
+ log debug "No /etc/xenguest/guests/${guestname}/params.cfg. Exiting."
+ return
+fi
+
+# Source the params file to get the choosen XENGUEST_NETWORK_TYPE
+. /etc/xenguest/guests/${guestname}/params.cfg
+
+# We need to get the xenguest subnet prefix to set the subnet and
+# the fixed ip to assing to the guest.
+get_subnet_prefix() {
+ # ${vif_ip} is set in the vif-nat script
+ echo ${vif_ip} | awk -F. '{print $1"."$2"."$3}'
+}
+
+subnetprefix=$(get_subnet_prefix)
+
+dhcpd_remove_conf_entry()
+{
+ local tmpfile=$(mktemp)
+
+ # Remove the the xenguest dhcpd config file inclusion in the dhcpd
+ # main config
+ grep -v "include \"${XENGUEST_DHCPD_CONF_FILE}\";" \
+ "${dhcpd_conf_file}" >"${tmpfile}"
+ if ! diff "${tmpfile}" "${dhcpd_conf_file}" >/dev/null
+ then
+ cp "${tmpfile}" "${dhcpd_conf_file}"
+ fi
+ rm ${tmpfile}
+
+ # Remove the generated the xenguest dhcpd file
+ rm ${XENGUEST_DHCPD_CONF_FILE}
+}
+
+# This function removes the dhcpd options added by the vif-nat script and
+# adds the user provided options under the ${XENGUEST_DHCPD_HOST_OPTIONS}
+# variable set in "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"
+# file.
+dhcpd_add_conf_entries()
+{
+ # We need to remove the previous added entry from vif-nat script
+ dhcp_remove_entry
+
+ # Include the xenguest dhcpd config file in the dhcpd main config
+ echo >>"${dhcpd_conf_file}" "include \"${XENGUEST_DHCPD_CONF_FILE}\";"
+
+ # Generate the xenguest dhcpd file
+ echo -e "$(eval "echo -e \"$(cat ${XENGUEST_DHCPD_PARAMS_FILE})\"")" \
+ >> "${XENGUEST_DHCPD_CONF_FILE}"
+
+ # Re-add the dhcpargs entries removed by dhcp_remove_entry call
+ dhcparg_add_entry
+}
+
+dhcpd_online(){
+ log debug "dhcpd_online"
+ claim_lock "vif-nat-dhcp"
+ dhcpd_add_conf_entries
+ release_lock "vif-nat-dhcp"
+ "$dhcpd_init_file" restart || true
+}
+
+dhcpd_offline(){
+ log debug "dhcpd_offline"
+ claim_lock "vif-nat-dhcp"
+ dhcpd_remove_conf_entry
+ release_lock "vif-nat-dhcp"
+ "$dhcpd_init_file" restart || true # We need to ignore failure because
+ # ISC dhcpd 3 borks if there is nothing
+ # for it to do, which is the case if
+ # the outgoing interface is not
+ # configured to offer leases and there
+ # are no vifs.
+}
+
+case "${XENGUEST_NETWORK_TYPE}" in
+ nat)
+ XENGUEST_DHCPD_PARAMS_FILE=${XENGUEST_DHCPD_PARAMS_FILE:-"/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"}
+ if [ ! -f ${XENGUEST_DHCPD_PARAMS_FILE} ]; then
+ log debug "No ${XENGUEST_DHCPD_PARAMS_FILE} file. Aborting"
+ return
+ fi
+
+ XENGUEST_DHCPD_CONF_FILE="/etc/dhcp/dhcpd.dom$domid.conf"
+
+ case "$command" in
+ online)
+ dhcpd_online
+
+ # Enable ip forwarding and NAT for the ${bridge} interface
+ sysctl -w net.ipv4.ip_forward=1
+ iptables_w -t nat -A POSTROUTING -o ${bridge} -j MASQUERADE -m comment --comment "dom${domid}"
+ ;;
+ offline)
+ dhcpd_offline
+
+ # Remove the NAT iptables rules created for the dom${domid}
+ guest_ipt_rule=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep -w dom${domid} | awk '{print $1}' | tac)
+ for rule in ${guest_ipt_rule}; do iptables_w -t nat --delete POSTROUTING ${rule}; done
+
+ # If there is no more NAT iptables rules we disable ip forwarding
+ ipt_nat_rules=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep MASQUERADE | awk '{print $1}')
+ [ -z "${ipt_nat_rules##*[!0-9]*}" ] && sysctl -w net.ipv4.ip_forward=0
+ ;;
+ esac
+
+ ;;
+esac
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
new file mode 100644
index 0000000..0495fbd
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
@@ -0,0 +1,30 @@
+# This file holds the guest dhcpd options running on Dom0.
+# The "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" called in the end of
+# the vif-nat script will use this file to generate the final dhcpd
+# configuration.
+
+# This file is added in the xenguest image and installed in dom0 under
+# /etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg when the guest
+# image is created.
+# Any customizations to it should be performed by replacing it via a bbappend.
+
+# The \${hostname}, \${mac}, \${vif_ip} and \${router_ip} variables are set in
+# the vif-nat script context. The \${subnetprefix} variable is set in the
+# 00-vif-xenguest.hook script context.
+
+# The "subnet" configuration node is mandatory in order to have the dhcpd
+# properly running.
+
+host ${hostname} {
+ hardware ethernet ${mac};
+ fixed-address ${vif_ip};
+ option routers ${router_ip};
+ option subnet-mask 255.255.255.0;
+ option broadcast-address ${subnetprefix}.255;
+ option domain-name-servers 8.8.8.8;
+ option host-name \"${hostname}\";
+ option domain-name \"example.com\";
+}
+
+subnet ${subnetprefix}.0 netmask 255.255.255.0 {
+}
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
index 2a36096..752f498 100755
--- a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
@@ -9,7 +9,24 @@ BRIDGE_NAME="###BRIDGE_NAME###"
# get guest parameters
. ./params.cfg
-if [ "${NETWORK_BRIDGE:-}" = "1" ]; then
- echo "vif = ['${BRIDGE_NAME}']" >> ${guestname}.cfg
-fi
-
+case "${XENGUEST_NETWORK_TYPE:-}" in
+ nat)
+ # Create the symlinks for the files that vif-nat script expects
+ if [ ! -f /etc/dhcpd.conf ]; then
+ ln -s dhcp/dhcpd.conf /etc/dhcpd.conf
+ fi
+ if [ ! -f /etc/init.d/dhcp3-server ]; then
+ ln -s dhcp-server /etc/init.d/dhcp3-server
+ fi
+ if [ ! -f /etc/default/dhcp3-server ]; then
+ ln -s dhcp-server /etc/default/dhcp3-server
+ fi
+ echo "vif = ['script=vif-nat']" >> ${guestname}.cfg
+ ;;
+ bridge)
+ echo "vif = ['script=vif-bridge,bridge=${BRIDGE_NAME}']" >> ${guestname}.cfg
+ ;;
+ *)
+ echo "${@}: XENGUEST_NETWORK_TYPE=$XENGUEST_NETWORK_TYPE invalid"
+ ;;
+esac
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
index fb66566..8516fe8 100644
--- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
+++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
@@ -35,7 +35,12 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
XENGUEST_IMAGE_SRC_URI_DISK_FILES ??= ""
# Add xen files
-XENGUEST_IMAGE_SRC_URI_XEN_FILES ??= ""
+# Any extrafiles files to be added to XENGUEST_IMAGE_SRC_URI_XEN_FILES should
+# be performed via XENGUEST_IMAGE_SRC_URI_XEN_FILES_append.
+# The dhcpd-params.cfg holds the dhcpd configuration for Dom0. And it is used
+# when XENGUEST_IMAGE_NETWORK_TYPE="nat". Any customizations to it should be
+# performed by replacing it via a xenguest-network.bbappend.
+XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg"
# Add xen configuration elements
XENGUEST_IMAGE_SRC_URI_XEN_CONFIG ??= ""
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
similarity index 79%
rename from meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
rename to meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
index c6c2242..fa4f93f 100644
--- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
+++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
@@ -1,5 +1,5 @@
# Recipe to handle xenguest network configuration
-DESCRIPTION = "XenGuest Network Bridge"
+DESCRIPTION = "Xenguest Network"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
@@ -20,6 +20,7 @@ SRC_URI = " \
file://xenguest-network-bridge.in \
file://xenguest-network-bridge-dhcp.cfg.in \
file://network-bridge.sh.in \
+ file://00-vif-xenguest.hook \
"
# Bridge configurator needs to run before S01networking init script
@@ -49,8 +50,19 @@ do_install() {
install -d -m 755 ${D}${sysconfdir}/xenguest/init.pre
install -m 755 ${WORKDIR}/network-bridge.sh \
${D}${sysconfdir}/xenguest/init.pre/.
+
+ install -d ${D}${sysconfdir}/xen/scripts/vif-post.d
+ install -m 755 ${WORKDIR}/00-vif-xenguest.hook \
+ ${D}${sysconfdir}/xen/scripts/vif-post.d/.
}
-RDEPENDS_${PN} += "bridge-utils"
+RDEPENDS_${PN} += "bridge-utils \
+ iptables \
+ dhcp-server \
+ kernel-module-xt-tcpudp \
+ kernel-module-xt-physdev \
+ kernel-module-xt-comment \
+ "
FILES_${PN} += "${sysconfdir}/network/interfaces.d/xenguest-network-bridge.cfg"
FILES_${PN} += "${sysconfdir}/xenguest/init.pre/network-bridge.sh"
+FILES_${PN} += "${sysconfdir}/xen/scripts/vif-post.d/00-vif-xenguest.hook"
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4/4] arm-autonomy/xenguest-network: Add NAT port forward support
2020-07-30 15:52 [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Diego Sueiro
2020-07-30 15:52 ` [PATCH 2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host Diego Sueiro
2020-07-30 15:52 ` [PATCH 3/4] arm-autonomy/xenguest-network: Add private network support for xenguest Diego Sueiro
@ 2020-07-30 15:52 ` Diego Sueiro
2020-07-30 15:56 ` [meta-arm] " Bertrand Marquis
2020-07-30 15:55 ` [meta-arm] [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Bertrand Marquis
3 siblings, 1 reply; 9+ messages in thread
From: Diego Sueiro @ 2020-07-30 15:52 UTC (permalink / raw)
To: meta-arm; +Cc: nd
When XENGUEST_IMAGE_NETWORK_TYPE="nat", add the option to set NAT port
forward to have access to the guest from the external network.
The port forward is applied per guest by the 00-xenguest-nat-port-forward.hook
script which is called by /etc/xen/scripts/vif-post.d/00-vif-xenguest.hook.
The ports can be customised by the XENGUEST_IMAGE_HOST_PORT and
XENGUEST_IMAGE_GUEST_PORT variables.
Change-Id: I49492f5ac881fd3cc38838ce24d1d4160a4e65df
Issue-Id: SCM-1019
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
.../documentation/xenguest-network.md | 6 +++
.../xenguest/files/00-vif-xenguest.hook | 16 ++++++++
.../files/00-xenguest-nat-port-forward.hook | 48 ++++++++++++++++++++++
.../xenguest/xenguest-base-image.bb | 28 ++++++++++++-
.../recipes-extended/xenguest/xenguest-network.bb | 1 +
5 files changed, 97 insertions(+), 2 deletions(-)
create mode 100755 meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook
diff --git a/meta-arm-autonomy/documentation/xenguest-network.md b/meta-arm-autonomy/documentation/xenguest-network.md
index c61a11a..b731f3e 100644
--- a/meta-arm-autonomy/documentation/xenguest-network.md
+++ b/meta-arm-autonomy/documentation/xenguest-network.md
@@ -66,5 +66,11 @@ The following parameters are available:
image is created. It will be consumed by the
"/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" script which is called by
"/etc/xen/scripts/vif-nat" script when starting/stopping the xenguest.
+ In the guest project, the NAT port forward can be customised by changing
+ the XENGUEST_IMAGE_HOST_PORT (default: "1000 + ${domid}") and
+ XENGUEST_IMAGE_GUEST_PORT (default: "22") variables in local.conf or
+ xenguest-base-image.bbappend. This configuration is implemented and installed
+ in "/etc/xenguest/guests/${guestname}/files/00-xenguest-nat-port-forward.hook"
+ script which is called by "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook".
The **none** type will not affect any networking setting between on dom0 and
domU.
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
index 32d5976..7a2fb6f 100755
--- a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
@@ -95,6 +95,20 @@ dhcpd_offline(){
# are no vifs.
}
+call_extra_hooks() {
+ for f in /etc/xenguest/guests/${guestname}/files/*.hook; do
+ if [ -x "$f" ]; then
+ log info "Executing $f"
+ . "$f"
+ if [ $? -ne 0 ]; then
+ log err "$f failed."
+ fi
+ else
+ log info "$f is not executable. Skipping."
+ fi
+ done
+}
+
case "${XENGUEST_NETWORK_TYPE}" in
nat)
XENGUEST_DHCPD_PARAMS_FILE=${XENGUEST_DHCPD_PARAMS_FILE:-"/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"}
@@ -126,5 +140,7 @@ case "${XENGUEST_NETWORK_TYPE}" in
;;
esac
+ # We might have extra configs to be applied (e.g.: NAT port forward).
+ call_extra_hooks
;;
esac
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook
new file mode 100755
index 0000000..875c181
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook
@@ -0,0 +1,48 @@
+#============================================================================
+# /etc/xenguest/guests/${guestname}/files/00-xenguest-nat-port-forward.hook
+#
+# Script for performing local configuration related to NAT port forwarding of
+# a vif.
+# This script will be sourced by
+# /etc/xen/scripts/vif-post.d/00-vif-xenguest.hook when
+# XENGUEST_IMAGE_NETWORK_TYPE="nat".
+# The ${bridge} and ${domid} are set in the 00-vif-xenguest.hook context,
+# and ${vip_if} in the vif-nat script context.
+#
+# Environment vars:
+# command (add|remove|online|offline)
+# dev vif interface name (required).
+# main_ip IP address of Dom0
+# ip list of IP networks for the vif, space-separated
+# XENBUS_PATH path to this device's details in the XenStore (required).
+#============================================================================
+
+host_port="###HOST_PORT###"
+guest_port="###GUEST_PORT###"
+
+port_num_check() {
+ if [ ${host_port} -gt 65535 -o ${guest_port} -gt 65535 ]; then
+ log error "host_port=${host_port} or guest_port=${guest_port} greater than 65535."
+ return 1
+ fi
+ return 0
+}
+
+case "${command}" in
+ online)
+ port_num_check
+ if [ $? -eq 0 ]; then
+ iptables_w -t nat -A PREROUTING -i ${bridge} -p tcp \
+ --dport ${host_port} -j DNAT \
+ --to-destination ${vif_ip}:${guest_port} \
+ -m comment --comment "dom${domid}"
+ fi
+ ;;
+ offline)
+ # Remove the NAT iptables rules created for the dom${domid}
+ guest_ipt_rule=$(iptables_w -t nat -vL PREROUTING -n --line-number \
+ | grep -w dom${domid} | awk '{print $1}' | tac)
+ for rule in ${guest_ipt_rule}; \
+ do iptables_w -t nat --delete PREROUTING ${rule}; done
+ ;;
+esac
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
index 8516fe8..d164a81 100644
--- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
+++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
@@ -23,6 +23,16 @@ LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+# When XENGUEST_IMAGE_NETWORK_TYPE="nat", the "00-xenguest-nat-port-forward.hook"
+# is called by "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" to apply NAT
+# port forwarding. Both dom0 and domU ports can be be set by changing the
+# XENGUEST_IMAGE_HOST_PORT and XENGUEST_IMAGE_GUEST_PORT variables in local.conf
+# or xenguest-base-image.bbappend. The XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT
+# can also be replaced in a xenguest-base-image.bbappend
+XENGUEST_IMAGE_HOST_PORT ?= "\$( expr 1000 + \${domid} )"
+XENGUEST_IMAGE_GUEST_PORT ?= "22"
+XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT ?= "00-xenguest-nat-port-forward.hook"
+
#
# The following variables can contain SRC_URI compatible entries to add
# files to the xenguest image.
@@ -40,7 +50,12 @@ XENGUEST_IMAGE_SRC_URI_DISK_FILES ??= ""
# The dhcpd-params.cfg holds the dhcpd configuration for Dom0. And it is used
# when XENGUEST_IMAGE_NETWORK_TYPE="nat". Any customizations to it should be
# performed by replacing it via a xenguest-network.bbappend.
-XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg"
+# The XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT file is only added if the
+# variable is set.
+XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg \
+ ${@ "file://" + d.getVar('XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT') \
+ if d.getVar('XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT') else "" } \
+ "
# Add xen configuration elements
XENGUEST_IMAGE_SRC_URI_XEN_CONFIG ??= ""
@@ -82,8 +97,8 @@ python __anonymous() {
# Make sure we are removing old files before redoing a fetch
do_fetch[cleandirs] += "${WORKDIR}/extend"
+do_fetch[vardeps] += "XENGUEST_IMAGE_HOST_PORT XENGUEST_IMAGE_GUEST_PORT"
-do_configure[noexec] = "1"
do_compile[noexec] = "1"
do_install[noexec] = "1"
@@ -107,6 +122,15 @@ add_extend_files() {
fi
}
+do_configure() {
+ if [ -f ${WORKDIR}/extend/files/${XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT} ]; then
+ sed -i "s,###HOST_PORT###,${XENGUEST_IMAGE_HOST_PORT}," \
+ ${WORKDIR}/extend/files/${XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT}
+ sed -i "s,###GUEST_PORT###,${XENGUEST_IMAGE_GUEST_PORT}," \
+ ${WORKDIR}/extend/files/${XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT}
+ fi
+}
+
do_deploy() {
# Create a new image
xenguest_image_create
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
index fa4f93f..206a294 100644
--- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
+++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
@@ -62,6 +62,7 @@ RDEPENDS_${PN} += "bridge-utils \
kernel-module-xt-tcpudp \
kernel-module-xt-physdev \
kernel-module-xt-comment \
+ kernel-module-xt-nat \
"
FILES_${PN} += "${sysconfdir}/network/interfaces.d/xenguest-network-bridge.cfg"
FILES_${PN} += "${sysconfdir}/xenguest/init.pre/network-bridge.sh"
--
2.7.4
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [meta-arm] [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes
2020-07-30 15:52 [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Diego Sueiro
` (2 preceding siblings ...)
2020-07-30 15:52 ` [PATCH 4/4] arm-autonomy/xenguest-network: Add NAT port forward support Diego Sueiro
@ 2020-07-30 15:55 ` Bertrand Marquis
2020-07-30 20:25 ` Jon Mason
3 siblings, 1 reply; 9+ messages in thread
From: Bertrand Marquis @ 2020-07-30 15:55 UTC (permalink / raw)
To: Diego Sueiro; +Cc: meta-arm, nd
> On 30 Jul 2020, at 17:52, Diego Sueiro via lists.yoctoproject.org <diego.sueiro=arm.com@lists.yoctoproject.org> wrote:
>
> This patch introduces two fixes for the vif-nat script:
> 1- Setting the hostname is failing because the "$XENBUS_PATH/domain"
> doesn't exist anymore. To fix this we set it to dom$domid.
> 2- Copy temp files used to add/remove dhcpd configurations to avoid
> replacing potential symlinks.
>
> Change-Id: I5f2ed917c15bbe1c6ff9ec3cc9ad2fc4e1c0fb60
> Issue-Id: SCM-1019
> Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
> ---
> .../xen/xen-tools/0001-vif-nat-fix-hostname.patch | 18 +++++++++
> .../0002-vif-nat-fix-symlink-removal.patch | 45 ++++++++++++++++++++++
> .../recipes-extended/xen/xen-tools_%.bbappend | 5 +++
> 3 files changed, 68 insertions(+)
> create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
> create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
> create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
>
> diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
> new file mode 100644
> index 0000000..87f25e2
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
> @@ -0,0 +1,18 @@
> +Upstream-Status: Pending
> +Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
> +
> +Setting the hostname is failing because the "$XENBUS_PATH/domain"
> +doesn't exist anymore. To fix this we set it to dom$domid
> +
> +Index: git/tools/hotplug/Linux/vif-nat
> +===================================================================
> +--- git.orig/tools/hotplug/Linux/vif-nat
> ++++ git/tools/hotplug/Linux/vif-nat
> +@@ -86,6 +86,7 @@ router_ip=$(routing_ip "$ip")
> + vif_ip=`echo ${ip} | awk -F/ '{print $1}'`
> +
> + hostname=$(xenstore_read "$XENBUS_PATH/domain" | tr -- '_.:/+' '-----')
> ++[ -z "${hostname}" ] && hostname=dom$domid
> + if [ "$vifid" != "1" ]
> + then
> + hostname="$hostname-$vifid"
> diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
> new file mode 100644
> index 0000000..bcd5778
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
> @@ -0,0 +1,45 @@
> +Upstream-Status: Pending
> +Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
> +
> +Copy temp files used to add/remove dhcpd configurations to avoid
> +replacing potential symlinks.
> +
> +Index: git/tools/hotplug/Linux/vif-nat
> +===================================================================
> +--- git.orig/tools/hotplug/Linux/vif-nat
> ++++ git/tools/hotplug/Linux/vif-nat
> +@@ -99,7 +100,8 @@ dhcparg_remove_entry()
> + then
> + rm "$tmpfile"
> + else
> +- mv "$tmpfile" "$dhcpd_arg_file"
> ++ cp "$tmpfile" "$dhcpd_arg_file"
> ++ rm "$tmpfile"
> + fi
> + }
> +
> +@@ -109,11 +111,11 @@ dhcparg_add_entry()
> + local tmpfile=$(mktemp)
> + # handle Red Hat, SUSE, and Debian styles, with or without quotes
> + sed -e 's/^DHCPDARGS="*\([^"]*\)"*/DHCPDARGS="\1'"${dev} "'"/' \
> +- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
> ++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
> + sed -e 's/^DHCPD_INTERFACE="*\([^"]*\)"*/DHCPD_INTERFACE="\1'"${dev} "'"/' \
> +- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
> ++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
> + sed -e 's/^INTERFACES="*\([^"]*\)"*/INTERFACES="\1'"${dev} "'"/' \
> +- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
> ++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
> + rm -f "$tmpfile"
> + }
> +
> +@@ -125,7 +127,8 @@ dhcp_remove_entry()
> + then
> + rm "$tmpfile"
> + else
> +- mv "$tmpfile" "$dhcpd_conf_file"
> ++ cp "$tmpfile" "$dhcpd_conf_file"
> ++ rm "$tmpfile"
> + fi
> + dhcparg_remove_entry
> + }
> diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend b/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
> new file mode 100644
> index 0000000..ef8eddd
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
> @@ -0,0 +1,5 @@
> +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
> +
> +SRC_URI += "file://0001-vif-nat-fix-hostname.patch \
> + file://0002-vif-nat-fix-symlink-removal.patch \
> + "
> --
> 2.7.4
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [meta-arm] [PATCH 3/4] arm-autonomy/xenguest-network: Add private network support for xenguest
2020-07-30 15:52 ` [PATCH 3/4] arm-autonomy/xenguest-network: Add private network support for xenguest Diego Sueiro
@ 2020-07-30 15:55 ` Bertrand Marquis
0 siblings, 0 replies; 9+ messages in thread
From: Bertrand Marquis @ 2020-07-30 15:55 UTC (permalink / raw)
To: Diego Sueiro; +Cc: meta-arm, nd
> On 30 Jul 2020, at 17:52, Diego Sueiro via lists.yoctoproject.org <diego.sueiro=arm.com@lists.yoctoproject.org> wrote:
>
> Introduce the private/internal network support for xenguest by using NAT
> and applying the proper iptables rules to allow the guest to have access
> to the external network.
>
> The XENGUEST_NETWORK_TYPE variable was introduced to allow the user to
> setup the xenguest network type between "bridge" (default), "nat" and
> "none".
>
> Change-Id: I919e5b0fd0809093698b9dec3a9503b598b54828
> Issue-Id: SCM-1019
> Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
> ---
> meta-arm-autonomy/classes/xenguest-image.bbclass | 18 +--
> .../documentation/xenguest-network-bridge.md | 49 --------
> .../documentation/xenguest-network.md | 70 +++++++++++
> ...k-bridge.bbappend => xenguest-network.bbappend} | 0
> .../images/arm-autonomy-host-image-minimal.bb | 2 +-
> .../xenguest/files/00-vif-xenguest.hook | 130 +++++++++++++++++++++
> .../xenguest/files/dhcpd-params.cfg | 30 +++++
> .../xenguest/files/network-bridge.sh.in | 25 +++-
> .../xenguest/xenguest-base-image.bb | 7 +-
> ...guest-network-bridge.bb => xenguest-network.bb} | 16 ++-
> 10 files changed, 283 insertions(+), 64 deletions(-)
> delete mode 100644 meta-arm-autonomy/documentation/xenguest-network-bridge.md
> create mode 100644 meta-arm-autonomy/documentation/xenguest-network.md
> rename meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/{xenguest-network-bridge.bbappend => xenguest-network.bbappend} (100%)
> create mode 100755 meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> create mode 100644 meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
> rename meta-arm-autonomy/recipes-extended/xenguest/{xenguest-network-bridge.bb => xenguest-network.bb} (79%)
>
> diff --git a/meta-arm-autonomy/classes/xenguest-image.bbclass b/meta-arm-autonomy/classes/xenguest-image.bbclass
> index e8880f3..be1dde5 100644
> --- a/meta-arm-autonomy/classes/xenguest-image.bbclass
> +++ b/meta-arm-autonomy/classes/xenguest-image.bbclass
> @@ -58,10 +58,14 @@ XENGUEST_IMAGE_DISK_SIZE ??= "${@ '4' if not d.getVar('INITRAMFS_IMAGE') else '0
> # and containing the root filesystem produced by Yocto
> XENGUEST_IMAGE_DISK_PARTITIONS ??= "1:${XENGUEST_IMAGE_DISK_SIZE}:ext4:rootfs.tar.gz"
>
> -# XENGUEST_IMAGE_NETWORK_BRIDGE can be set to 1 to have a network interface
> -# on the guest connected to host bridged network. This will provide the guest
> -# with a network interface connected directly to the external network
> -XENGUEST_IMAGE_NETWORK_BRIDGE ??= "1"
> +# XENGUEST_IMAGE_NETWORK_TYPE can be set to "bridge", "nat" or "none".
> +# The "bridge" type will share the physical eth interface from dom0 with the
> +# domU. This will allow the domU to have access to the external network.
> +# The "nat" type will setup a virtual network between dom0 and domU and also
> +# configure and run the dhcpd on dom0 to serve the domU.
> +# The "none" type will not affect any networking setting between on dom0 and
> +# domU.
> +XENGUEST_IMAGE_NETWORK_TYPE ??= "bridge"
>
> # Sub-directory in wich the guest is created. This is create in deploy as a
> # subdirectory and must be coherent between all components using this class so
> @@ -147,10 +151,10 @@ xenguest_image_create() {
> call_xenguest_mkimage update --set-param=GUEST_AUTOBOOT=0
> fi
>
> - if [ "${XENGUEST_IMAGE_NETWORK_BRIDGE}" = "1" ]; then
> - call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=1
> + if [ -n "${XENGUEST_IMAGE_NETWORK_TYPE}" ]; then
> + call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="${XENGUEST_IMAGE_NETWORK_TYPE}"
> else
> - call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=0
> + call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="none"
> fi
> }
>
> diff --git a/meta-arm-autonomy/documentation/xenguest-network-bridge.md b/meta-arm-autonomy/documentation/xenguest-network-bridge.md
> deleted file mode 100644
> index 6653fe8..0000000
> --- a/meta-arm-autonomy/documentation/xenguest-network-bridge.md
> +++ /dev/null
> @@ -1,49 +0,0 @@
> -xenguest network bridge
> -=======================
> -
> -Introduction
> -------------
> -
> -xenguest-network-bridge is creating a network bridge to allow some guests to
> -have a direct connection to the external network.
> -To do this, a bridge is created on the host using brctl with the network
> -interfaces added to it so that the bridge is connected to the external network.
> -It is also adding a guest init script which will, for guests configured to use
> -it, create a virtual network interface for the guest and connect it to the
> -network bridge on the host.
> -
> -Usage
> ------
> -
> -On the host the package xenguest-network-bridge must be included in your image.
> -
> -On the xenguest image of your guest, the parameter NETWORK_BRIDGE must be set
> -to 1 (using xenguest-mkimage --set-param=NETWORK_BRIDGE=1).
> -
> -Bitbake parameters
> -------------------
> -Several parameters are available to configure the xenguest network bridge
> -during Yocto project compilation (those can be set in your project local.conf,
> -for example).
> -
> -The following parameters are available:
> -
> -- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
> - bridge that is created on the host during init.
> - This is set by default to "xenbr0".
> -
> -- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of network
> - interfaces that are added to the bridge when it is created on the host during
> - init.
> - This is set by default to "eth0".
> -
> -- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
> - to use to configure the bridge network. By default it points to have file
> - configuring the network using dhcp.
> - You can provide a different file using a bbappend and make this variable
> - point to it if you want to customize your network configuration.
> -
> -- XENGUEST_IMAGE_NETWORK_BRIDGE: This variable can be set to 0 or 1 on guest
> - projects to enable or not the connection of the guest to the host bridge.
> - This is set by default to "1".
> -
> diff --git a/meta-arm-autonomy/documentation/xenguest-network.md b/meta-arm-autonomy/documentation/xenguest-network.md
> new file mode 100644
> index 0000000..c61a11a
> --- /dev/null
> +++ b/meta-arm-autonomy/documentation/xenguest-network.md
> @@ -0,0 +1,70 @@
> +Xenguest Network
> +================
> +
> +Introduction
> +------------
> +
> +The xenguest-network package is primarly creating a network bridge to share
> +the host eth physical interfaces with the guests virtual interfaces (vif).
> +This way the guests can have access to the external network.
> +
> +At the moment 3 types of network arrangements are provided:
> +
> +- Bridge: where the guest vif is added to the created bridge interface;
> +
> +- NAT: where a private subnet is created for the guest, a dhcpd is started on
> + the host to serve the guest and the proper iptables rules are created to
> + allow the guest to access the external network;
> +
> +- None: the guest vif is not connected to the bridge.
> +
> +Usage
> +-----
> +
> +On the host project the package xenguest-network must be included in your
> +image, and on the guest project the XENGUEST_NETWORK_TYPE needs to be set to
> +"bridge", "nat" or "none".
> +
> +Bitbake parameters
> +------------------
> +
> +Several parameters are available to configure the xenguest network bridge
> +during Yocto project compilation (those can be set in your project local.conf
> +or xenguest-network.bbappend, for example).
> +
> +The following parameters are available:
> +
> +- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
> + bridge that is created on the host during init.
> + This is set by default to "xenbr0".
> +
> +- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of the
> + physical network interfaces that are added to the bridge when it is created
> + on the host during init.
> + By default no physical interfaces are added.
> +
> +- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
> + to use to configure the bridge network. By default it points to have file
> + configuring the network using dhcp.
> + You can provide a different file using a bbappend and make this variable
> + point to it if you want to customize your network configuration.
> +
> +- XENGUEST_IMAGE_NETWORK_TYPE: This variable can be set to "bridge" (default),
> + "nat" or "none".
> + The **bridge** type will add the domU vif interface to a bridge which also
> + contains the dom0 physical interface giving the guest direct access to the
> + external network.
> + The **nat** type will setup a private network between dom0 and domU, setup
> + the appropriate routing table, configure and run the dhcpd on dom0 to serve
> + the domU and apply the iptables rules to allow the guest to acess the
> + external network. The dhcpd configuration for the guest can be customised by
> + replacing the
> + "meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg" file
> + in a xenguest-network.bbappend. The dhcpd-params.cfg file is installed in
> + the xenguest image and copied to
> + "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg" when the guest
> + image is created. It will be consumed by the
> + "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" script which is called by
> + "/etc/xen/scripts/vif-nat" script when starting/stopping the xenguest.
> + The **none** type will not affect any networking setting between on dom0 and
> + domU.
> diff --git a/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend b/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
> similarity index 100%
> rename from meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend
> rename to meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
> diff --git a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
> index 9731c7c..188e31d 100644
> --- a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
> +++ b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
> @@ -41,7 +41,7 @@ IMAGE_INSTALL += " \
> packagegroup-core-ssh-openssh \
> qemu-system-i386 \
> xenguest-manager \
> - xenguest-network-bridge \
> + xenguest-network \
> "
>
> # Build xen binary
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> new file mode 100755
> index 0000000..32d5976
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> @@ -0,0 +1,130 @@
> +#============================================================================
> +# ${XEN_SCRIPT_DIR}/vif-post.d/00-vif-xenguest.hook
> +#
> +# Script for performing local configuration of a vif.
> +# This script will be sourced by, e.g., vif-bridge after the hotplugging
> +# system calls vif-bridge. The script is here and not simply executed as
> +# a udev rule because this allows simple access to several environment
> +# variables set by the calling vif-* script.
> +#
> +# Environment vars:
> +# command (add|remove|online|offline)
> +# dev vif interface name (required).
> +# main_ip IP address of Dom0
> +# ip list of IP networks for the vif, space-separated
> +# XENBUS_PATH path to this device's details in the XenStore (required).
> +#============================================================================
> +
> +domid=$(xenstore_read "${XENBUS_PATH}/frontend-id")
> +guestname=$(xenstore_read "/local/domain/${domid}/name")
> +bridge=$(xenstore_read "${XENBUS_PATH}/bridge")
> +
> +if [ ! -f /etc/xenguest/guests/${guestname}/params.cfg ]; then
> + log debug "No /etc/xenguest/guests/${guestname}/params.cfg. Exiting."
> + return
> +fi
> +
> +# Source the params file to get the choosen XENGUEST_NETWORK_TYPE
> +. /etc/xenguest/guests/${guestname}/params.cfg
> +
> +# We need to get the xenguest subnet prefix to set the subnet and
> +# the fixed ip to assing to the guest.
> +get_subnet_prefix() {
> + # ${vif_ip} is set in the vif-nat script
> + echo ${vif_ip} | awk -F. '{print $1"."$2"."$3}'
> +}
> +
> +subnetprefix=$(get_subnet_prefix)
> +
> +dhcpd_remove_conf_entry()
> +{
> + local tmpfile=$(mktemp)
> +
> + # Remove the the xenguest dhcpd config file inclusion in the dhcpd
> + # main config
> + grep -v "include \"${XENGUEST_DHCPD_CONF_FILE}\";" \
> + "${dhcpd_conf_file}" >"${tmpfile}"
> + if ! diff "${tmpfile}" "${dhcpd_conf_file}" >/dev/null
> + then
> + cp "${tmpfile}" "${dhcpd_conf_file}"
> + fi
> + rm ${tmpfile}
> +
> + # Remove the generated the xenguest dhcpd file
> + rm ${XENGUEST_DHCPD_CONF_FILE}
> +}
> +
> +# This function removes the dhcpd options added by the vif-nat script and
> +# adds the user provided options under the ${XENGUEST_DHCPD_HOST_OPTIONS}
> +# variable set in "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"
> +# file.
> +dhcpd_add_conf_entries()
> +{
> + # We need to remove the previous added entry from vif-nat script
> + dhcp_remove_entry
> +
> + # Include the xenguest dhcpd config file in the dhcpd main config
> + echo >>"${dhcpd_conf_file}" "include \"${XENGUEST_DHCPD_CONF_FILE}\";"
> +
> + # Generate the xenguest dhcpd file
> + echo -e "$(eval "echo -e \"$(cat ${XENGUEST_DHCPD_PARAMS_FILE})\"")" \
> + >> "${XENGUEST_DHCPD_CONF_FILE}"
> +
> + # Re-add the dhcpargs entries removed by dhcp_remove_entry call
> + dhcparg_add_entry
> +}
> +
> +dhcpd_online(){
> + log debug "dhcpd_online"
> + claim_lock "vif-nat-dhcp"
> + dhcpd_add_conf_entries
> + release_lock "vif-nat-dhcp"
> + "$dhcpd_init_file" restart || true
> +}
> +
> +dhcpd_offline(){
> + log debug "dhcpd_offline"
> + claim_lock "vif-nat-dhcp"
> + dhcpd_remove_conf_entry
> + release_lock "vif-nat-dhcp"
> + "$dhcpd_init_file" restart || true # We need to ignore failure because
> + # ISC dhcpd 3 borks if there is nothing
> + # for it to do, which is the case if
> + # the outgoing interface is not
> + # configured to offer leases and there
> + # are no vifs.
> +}
> +
> +case "${XENGUEST_NETWORK_TYPE}" in
> + nat)
> + XENGUEST_DHCPD_PARAMS_FILE=${XENGUEST_DHCPD_PARAMS_FILE:-"/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"}
> + if [ ! -f ${XENGUEST_DHCPD_PARAMS_FILE} ]; then
> + log debug "No ${XENGUEST_DHCPD_PARAMS_FILE} file. Aborting"
> + return
> + fi
> +
> + XENGUEST_DHCPD_CONF_FILE="/etc/dhcp/dhcpd.dom$domid.conf"
> +
> + case "$command" in
> + online)
> + dhcpd_online
> +
> + # Enable ip forwarding and NAT for the ${bridge} interface
> + sysctl -w net.ipv4.ip_forward=1
> + iptables_w -t nat -A POSTROUTING -o ${bridge} -j MASQUERADE -m comment --comment "dom${domid}"
> + ;;
> + offline)
> + dhcpd_offline
> +
> + # Remove the NAT iptables rules created for the dom${domid}
> + guest_ipt_rule=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep -w dom${domid} | awk '{print $1}' | tac)
> + for rule in ${guest_ipt_rule}; do iptables_w -t nat --delete POSTROUTING ${rule}; done
> +
> + # If there is no more NAT iptables rules we disable ip forwarding
> + ipt_nat_rules=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep MASQUERADE | awk '{print $1}')
> + [ -z "${ipt_nat_rules##*[!0-9]*}" ] && sysctl -w net.ipv4.ip_forward=0
> + ;;
> + esac
> +
> + ;;
> +esac
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
> new file mode 100644
> index 0000000..0495fbd
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
> @@ -0,0 +1,30 @@
> +# This file holds the guest dhcpd options running on Dom0.
> +# The "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" called in the end of
> +# the vif-nat script will use this file to generate the final dhcpd
> +# configuration.
> +
> +# This file is added in the xenguest image and installed in dom0 under
> +# /etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg when the guest
> +# image is created.
> +# Any customizations to it should be performed by replacing it via a bbappend.
> +
> +# The \${hostname}, \${mac}, \${vif_ip} and \${router_ip} variables are set in
> +# the vif-nat script context. The \${subnetprefix} variable is set in the
> +# 00-vif-xenguest.hook script context.
> +
> +# The "subnet" configuration node is mandatory in order to have the dhcpd
> +# properly running.
> +
> +host ${hostname} {
> + hardware ethernet ${mac};
> + fixed-address ${vif_ip};
> + option routers ${router_ip};
> + option subnet-mask 255.255.255.0;
> + option broadcast-address ${subnetprefix}.255;
> + option domain-name-servers 8.8.8.8;
> + option host-name \"${hostname}\";
> + option domain-name \"example.com\";
> +}
> +
> +subnet ${subnetprefix}.0 netmask 255.255.255.0 {
> +}
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
> index 2a36096..752f498 100755
> --- a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
> @@ -9,7 +9,24 @@ BRIDGE_NAME="###BRIDGE_NAME###"
> # get guest parameters
> . ./params.cfg
>
> -if [ "${NETWORK_BRIDGE:-}" = "1" ]; then
> - echo "vif = ['${BRIDGE_NAME}']" >> ${guestname}.cfg
> -fi
> -
> +case "${XENGUEST_NETWORK_TYPE:-}" in
> + nat)
> + # Create the symlinks for the files that vif-nat script expects
> + if [ ! -f /etc/dhcpd.conf ]; then
> + ln -s dhcp/dhcpd.conf /etc/dhcpd.conf
> + fi
> + if [ ! -f /etc/init.d/dhcp3-server ]; then
> + ln -s dhcp-server /etc/init.d/dhcp3-server
> + fi
> + if [ ! -f /etc/default/dhcp3-server ]; then
> + ln -s dhcp-server /etc/default/dhcp3-server
> + fi
> + echo "vif = ['script=vif-nat']" >> ${guestname}.cfg
> + ;;
> + bridge)
> + echo "vif = ['script=vif-bridge,bridge=${BRIDGE_NAME}']" >> ${guestname}.cfg
> + ;;
> + *)
> + echo "${@}: XENGUEST_NETWORK_TYPE=$XENGUEST_NETWORK_TYPE invalid"
> + ;;
> +esac
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> index fb66566..8516fe8 100644
> --- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> @@ -35,7 +35,12 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
> XENGUEST_IMAGE_SRC_URI_DISK_FILES ??= ""
>
> # Add xen files
> -XENGUEST_IMAGE_SRC_URI_XEN_FILES ??= ""
> +# Any extrafiles files to be added to XENGUEST_IMAGE_SRC_URI_XEN_FILES should
> +# be performed via XENGUEST_IMAGE_SRC_URI_XEN_FILES_append.
> +# The dhcpd-params.cfg holds the dhcpd configuration for Dom0. And it is used
> +# when XENGUEST_IMAGE_NETWORK_TYPE="nat". Any customizations to it should be
> +# performed by replacing it via a xenguest-network.bbappend.
> +XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg"
>
> # Add xen configuration elements
> XENGUEST_IMAGE_SRC_URI_XEN_CONFIG ??= ""
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> similarity index 79%
> rename from meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
> rename to meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> index c6c2242..fa4f93f 100644
> --- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> @@ -1,5 +1,5 @@
> # Recipe to handle xenguest network configuration
> -DESCRIPTION = "XenGuest Network Bridge"
> +DESCRIPTION = "Xenguest Network"
>
> LICENSE = "MIT"
> LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
> @@ -20,6 +20,7 @@ SRC_URI = " \
> file://xenguest-network-bridge.in \
> file://xenguest-network-bridge-dhcp.cfg.in \
> file://network-bridge.sh.in \
> + file://00-vif-xenguest.hook \
> "
>
> # Bridge configurator needs to run before S01networking init script
> @@ -49,8 +50,19 @@ do_install() {
> install -d -m 755 ${D}${sysconfdir}/xenguest/init.pre
> install -m 755 ${WORKDIR}/network-bridge.sh \
> ${D}${sysconfdir}/xenguest/init.pre/.
> +
> + install -d ${D}${sysconfdir}/xen/scripts/vif-post.d
> + install -m 755 ${WORKDIR}/00-vif-xenguest.hook \
> + ${D}${sysconfdir}/xen/scripts/vif-post.d/.
> }
>
> -RDEPENDS_${PN} += "bridge-utils"
> +RDEPENDS_${PN} += "bridge-utils \
> + iptables \
> + dhcp-server \
> + kernel-module-xt-tcpudp \
> + kernel-module-xt-physdev \
> + kernel-module-xt-comment \
> + "
> FILES_${PN} += "${sysconfdir}/network/interfaces.d/xenguest-network-bridge.cfg"
> FILES_${PN} += "${sysconfdir}/xenguest/init.pre/network-bridge.sh"
> +FILES_${PN} += "${sysconfdir}/xen/scripts/vif-post.d/00-vif-xenguest.hook"
> --
> 2.7.4
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [meta-arm] [PATCH 2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host
2020-07-30 15:52 ` [PATCH 2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host Diego Sueiro
@ 2020-07-30 15:55 ` Bertrand Marquis
0 siblings, 0 replies; 9+ messages in thread
From: Bertrand Marquis @ 2020-07-30 15:55 UTC (permalink / raw)
To: Diego Sueiro; +Cc: meta-arm, nd
> On 30 Jul 2020, at 17:52, Diego Sueiro via lists.yoctoproject.org <diego.sueiro=arm.com@lists.yoctoproject.org> wrote:
>
> To properly set the iptables rules to be applied when configuring the
> network between the host and guest we need to have the netfilter.scc
> kernel feature and following kernel extra kernel configs:
> CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
> CONFIG_NETFILTER_XT_MATCH_COMMENT=m
>
> Change-Id: I6f3ff9e8db5d359efba5fb3ead04703f4f2ec88b
> Issue-Id: SCM-1019
> Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
> ---
> .../arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg | 2 ++
> .../features/arm-autonomy/xen-host-iptables.scc | 9 +++++++++
> meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc | 6 +++++-
> 3 files changed, 16 insertions(+), 1 deletion(-)
> create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
> create mode 100644 meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
>
> diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
> new file mode 100644
> index 0000000..1a57369
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/netfilter-extra.cfg
> @@ -0,0 +1,2 @@
> +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
> +CONFIG_NETFILTER_XT_MATCH_COMMENT=m
> diff --git a/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
> new file mode 100644
> index 0000000..8f8ba45
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-kernel/linux/arm-autonomy-kmeta/features/arm-autonomy/xen-host-iptables.scc
> @@ -0,0 +1,9 @@
> +#
> +# Not directly sourced via a kernel type but via an external bb
> +#
> +
> +define KFEATURE_DESCRIPTION "Enable netfilter + conn tracking + extras"
> +define KFEATURE_COMPATIBILITY all
> +
> +include features/netfilter/netfilter.scc
> +kconf non-hardware netfilter-extra.cfg
> diff --git a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
> index 2763444..5f55d9b 100644
> --- a/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
> +++ b/meta-arm-autonomy/recipes-kernel/linux/linux-arm-autonomy.inc
> @@ -10,7 +10,11 @@ SRC_URI_append = " file://arm-autonomy-kmeta;type=kmeta;name=arm-autonomy-kmeta;
>
> # Add xen host drivers to kernel if arm-autonomy-host is activated
> KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
> - 'arm-autonomy-host', 'features/arm-autonomy/xen-host.scc', '', d)}"
> + 'arm-autonomy-host', \
> + 'features/arm-autonomy/xen-host.scc \
> + features/arm-autonomy/xen-host-iptables.scc', \
> + '', d)}"
> +
>
> # Add xen guest drivers to kernel if arm-autonomy-guest is activated
> KERNEL_FEATURES += "${@bb.utils.contains('DISTRO_FEATURES', \
> --
> 2.7.4
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [meta-arm] [PATCH 4/4] arm-autonomy/xenguest-network: Add NAT port forward support
2020-07-30 15:52 ` [PATCH 4/4] arm-autonomy/xenguest-network: Add NAT port forward support Diego Sueiro
@ 2020-07-30 15:56 ` Bertrand Marquis
0 siblings, 0 replies; 9+ messages in thread
From: Bertrand Marquis @ 2020-07-30 15:56 UTC (permalink / raw)
To: Diego Sueiro; +Cc: meta-arm, nd
> On 30 Jul 2020, at 17:52, Diego Sueiro via lists.yoctoproject.org <diego.sueiro=arm.com@lists.yoctoproject.org> wrote:
>
> When XENGUEST_IMAGE_NETWORK_TYPE="nat", add the option to set NAT port
> forward to have access to the guest from the external network.
>
> The port forward is applied per guest by the 00-xenguest-nat-port-forward.hook
> script which is called by /etc/xen/scripts/vif-post.d/00-vif-xenguest.hook.
> The ports can be customised by the XENGUEST_IMAGE_HOST_PORT and
> XENGUEST_IMAGE_GUEST_PORT variables.
>
> Change-Id: I49492f5ac881fd3cc38838ce24d1d4160a4e65df
> Issue-Id: SCM-1019
> Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
> ---
> .../documentation/xenguest-network.md | 6 +++
> .../xenguest/files/00-vif-xenguest.hook | 16 ++++++++
> .../files/00-xenguest-nat-port-forward.hook | 48 ++++++++++++++++++++++
> .../xenguest/xenguest-base-image.bb | 28 ++++++++++++-
> .../recipes-extended/xenguest/xenguest-network.bb | 1 +
> 5 files changed, 97 insertions(+), 2 deletions(-)
> create mode 100755 meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook
>
> diff --git a/meta-arm-autonomy/documentation/xenguest-network.md b/meta-arm-autonomy/documentation/xenguest-network.md
> index c61a11a..b731f3e 100644
> --- a/meta-arm-autonomy/documentation/xenguest-network.md
> +++ b/meta-arm-autonomy/documentation/xenguest-network.md
> @@ -66,5 +66,11 @@ The following parameters are available:
> image is created. It will be consumed by the
> "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" script which is called by
> "/etc/xen/scripts/vif-nat" script when starting/stopping the xenguest.
> + In the guest project, the NAT port forward can be customised by changing
> + the XENGUEST_IMAGE_HOST_PORT (default: "1000 + ${domid}") and
> + XENGUEST_IMAGE_GUEST_PORT (default: "22") variables in local.conf or
> + xenguest-base-image.bbappend. This configuration is implemented and installed
> + in "/etc/xenguest/guests/${guestname}/files/00-xenguest-nat-port-forward.hook"
> + script which is called by "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook".
> The **none** type will not affect any networking setting between on dom0 and
> domU.
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> index 32d5976..7a2fb6f 100755
> --- a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> @@ -95,6 +95,20 @@ dhcpd_offline(){
> # are no vifs.
> }
>
> +call_extra_hooks() {
> + for f in /etc/xenguest/guests/${guestname}/files/*.hook; do
> + if [ -x "$f" ]; then
> + log info "Executing $f"
> + . "$f"
> + if [ $? -ne 0 ]; then
> + log err "$f failed."
> + fi
> + else
> + log info "$f is not executable. Skipping."
> + fi
> + done
> +}
> +
> case "${XENGUEST_NETWORK_TYPE}" in
> nat)
> XENGUEST_DHCPD_PARAMS_FILE=${XENGUEST_DHCPD_PARAMS_FILE:-"/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"}
> @@ -126,5 +140,7 @@ case "${XENGUEST_NETWORK_TYPE}" in
> ;;
> esac
>
> + # We might have extra configs to be applied (e.g.: NAT port forward).
> + call_extra_hooks
> ;;
> esac
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook
> new file mode 100755
> index 0000000..875c181
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-xenguest-nat-port-forward.hook
> @@ -0,0 +1,48 @@
> +#============================================================================
> +# /etc/xenguest/guests/${guestname}/files/00-xenguest-nat-port-forward.hook
> +#
> +# Script for performing local configuration related to NAT port forwarding of
> +# a vif.
> +# This script will be sourced by
> +# /etc/xen/scripts/vif-post.d/00-vif-xenguest.hook when
> +# XENGUEST_IMAGE_NETWORK_TYPE="nat".
> +# The ${bridge} and ${domid} are set in the 00-vif-xenguest.hook context,
> +# and ${vip_if} in the vif-nat script context.
> +#
> +# Environment vars:
> +# command (add|remove|online|offline)
> +# dev vif interface name (required).
> +# main_ip IP address of Dom0
> +# ip list of IP networks for the vif, space-separated
> +# XENBUS_PATH path to this device's details in the XenStore (required).
> +#============================================================================
> +
> +host_port="###HOST_PORT###"
> +guest_port="###GUEST_PORT###"
> +
> +port_num_check() {
> + if [ ${host_port} -gt 65535 -o ${guest_port} -gt 65535 ]; then
> + log error "host_port=${host_port} or guest_port=${guest_port} greater than 65535."
> + return 1
> + fi
> + return 0
> +}
> +
> +case "${command}" in
> + online)
> + port_num_check
> + if [ $? -eq 0 ]; then
> + iptables_w -t nat -A PREROUTING -i ${bridge} -p tcp \
> + --dport ${host_port} -j DNAT \
> + --to-destination ${vif_ip}:${guest_port} \
> + -m comment --comment "dom${domid}"
> + fi
> + ;;
> + offline)
> + # Remove the NAT iptables rules created for the dom${domid}
> + guest_ipt_rule=$(iptables_w -t nat -vL PREROUTING -n --line-number \
> + | grep -w dom${domid} | awk '{print $1}' | tac)
> + for rule in ${guest_ipt_rule}; \
> + do iptables_w -t nat --delete PREROUTING ${rule}; done
> + ;;
> +esac
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> index 8516fe8..d164a81 100644
> --- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> @@ -23,6 +23,16 @@ LICENSE = "MIT"
>
> LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
>
> +# When XENGUEST_IMAGE_NETWORK_TYPE="nat", the "00-xenguest-nat-port-forward.hook"
> +# is called by "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" to apply NAT
> +# port forwarding. Both dom0 and domU ports can be be set by changing the
> +# XENGUEST_IMAGE_HOST_PORT and XENGUEST_IMAGE_GUEST_PORT variables in local.conf
> +# or xenguest-base-image.bbappend. The XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT
> +# can also be replaced in a xenguest-base-image.bbappend
> +XENGUEST_IMAGE_HOST_PORT ?= "\$( expr 1000 + \${domid} )"
> +XENGUEST_IMAGE_GUEST_PORT ?= "22"
> +XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT ?= "00-xenguest-nat-port-forward.hook"
> +
> #
> # The following variables can contain SRC_URI compatible entries to add
> # files to the xenguest image.
> @@ -40,7 +50,12 @@ XENGUEST_IMAGE_SRC_URI_DISK_FILES ??= ""
> # The dhcpd-params.cfg holds the dhcpd configuration for Dom0. And it is used
> # when XENGUEST_IMAGE_NETWORK_TYPE="nat". Any customizations to it should be
> # performed by replacing it via a xenguest-network.bbappend.
> -XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg"
> +# The XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT file is only added if the
> +# variable is set.
> +XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg \
> + ${@ "file://" + d.getVar('XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT') \
> + if d.getVar('XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT') else "" } \
> + "
>
> # Add xen configuration elements
> XENGUEST_IMAGE_SRC_URI_XEN_CONFIG ??= ""
> @@ -82,8 +97,8 @@ python __anonymous() {
>
> # Make sure we are removing old files before redoing a fetch
> do_fetch[cleandirs] += "${WORKDIR}/extend"
> +do_fetch[vardeps] += "XENGUEST_IMAGE_HOST_PORT XENGUEST_IMAGE_GUEST_PORT"
>
> -do_configure[noexec] = "1"
> do_compile[noexec] = "1"
> do_install[noexec] = "1"
>
> @@ -107,6 +122,15 @@ add_extend_files() {
> fi
> }
>
> +do_configure() {
> + if [ -f ${WORKDIR}/extend/files/${XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT} ]; then
> + sed -i "s,###HOST_PORT###,${XENGUEST_IMAGE_HOST_PORT}," \
> + ${WORKDIR}/extend/files/${XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT}
> + sed -i "s,###GUEST_PORT###,${XENGUEST_IMAGE_GUEST_PORT}," \
> + ${WORKDIR}/extend/files/${XENGUEST_IMAGE_NAT_PORT_FORWARD_SCRIPT}
> + fi
> +}
> +
> do_deploy() {
> # Create a new image
> xenguest_image_create
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> index fa4f93f..206a294 100644
> --- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> @@ -62,6 +62,7 @@ RDEPENDS_${PN} += "bridge-utils \
> kernel-module-xt-tcpudp \
> kernel-module-xt-physdev \
> kernel-module-xt-comment \
> + kernel-module-xt-nat \
> "
> FILES_${PN} += "${sysconfdir}/network/interfaces.d/xenguest-network-bridge.cfg"
> FILES_${PN} += "${sysconfdir}/xenguest/init.pre/network-bridge.sh"
> --
> 2.7.4
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [meta-arm] [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes
2020-07-30 15:55 ` [meta-arm] [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Bertrand Marquis
@ 2020-07-30 20:25 ` Jon Mason
0 siblings, 0 replies; 9+ messages in thread
From: Jon Mason @ 2020-07-30 20:25 UTC (permalink / raw)
To: Bertrand Marquis; +Cc: Diego Sueiro, meta-arm, nd
On Thu, Jul 30, 2020 at 03:55:37PM +0000, Bertrand Marquis wrote:
>
>
> > On 30 Jul 2020, at 17:52, Diego Sueiro via lists.yoctoproject.org <diego.sueiro=arm.com@lists.yoctoproject.org> wrote:
> >
> > This patch introduces two fixes for the vif-nat script:
> > 1- Setting the hostname is failing because the "$XENBUS_PATH/domain"
> > doesn't exist anymore. To fix this we set it to dom$domid.
> > 2- Copy temp files used to add/remove dhcpd configurations to avoid
> > replacing potential symlinks.
> >
> > Change-Id: I5f2ed917c15bbe1c6ff9ec3cc9ad2fc4e1c0fb60
> > Issue-Id: SCM-1019
> > Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
> Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>
Series applied to master.
Thanks,
Jon
>
> > ---
> > .../xen/xen-tools/0001-vif-nat-fix-hostname.patch | 18 +++++++++
> > .../0002-vif-nat-fix-symlink-removal.patch | 45 ++++++++++++++++++++++
> > .../recipes-extended/xen/xen-tools_%.bbappend | 5 +++
> > 3 files changed, 68 insertions(+)
> > create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
> > create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
> > create mode 100644 meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
> >
> > diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
> > new file mode 100644
> > index 0000000..87f25e2
> > --- /dev/null
> > +++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0001-vif-nat-fix-hostname.patch
> > @@ -0,0 +1,18 @@
> > +Upstream-Status: Pending
> > +Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
> > +
> > +Setting the hostname is failing because the "$XENBUS_PATH/domain"
> > +doesn't exist anymore. To fix this we set it to dom$domid
> > +
> > +Index: git/tools/hotplug/Linux/vif-nat
> > +===================================================================
> > +--- git.orig/tools/hotplug/Linux/vif-nat
> > ++++ git/tools/hotplug/Linux/vif-nat
> > +@@ -86,6 +86,7 @@ router_ip=$(routing_ip "$ip")
> > + vif_ip=`echo ${ip} | awk -F/ '{print $1}'`
> > +
> > + hostname=$(xenstore_read "$XENBUS_PATH/domain" | tr -- '_.:/+' '-----')
> > ++[ -z "${hostname}" ] && hostname=dom$domid
> > + if [ "$vifid" != "1" ]
> > + then
> > + hostname="$hostname-$vifid"
> > diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
> > new file mode 100644
> > index 0000000..bcd5778
> > --- /dev/null
> > +++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools/0002-vif-nat-fix-symlink-removal.patch
> > @@ -0,0 +1,45 @@
> > +Upstream-Status: Pending
> > +Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
> > +
> > +Copy temp files used to add/remove dhcpd configurations to avoid
> > +replacing potential symlinks.
> > +
> > +Index: git/tools/hotplug/Linux/vif-nat
> > +===================================================================
> > +--- git.orig/tools/hotplug/Linux/vif-nat
> > ++++ git/tools/hotplug/Linux/vif-nat
> > +@@ -99,7 +100,8 @@ dhcparg_remove_entry()
> > + then
> > + rm "$tmpfile"
> > + else
> > +- mv "$tmpfile" "$dhcpd_arg_file"
> > ++ cp "$tmpfile" "$dhcpd_arg_file"
> > ++ rm "$tmpfile"
> > + fi
> > + }
> > +
> > +@@ -109,11 +111,11 @@ dhcparg_add_entry()
> > + local tmpfile=$(mktemp)
> > + # handle Red Hat, SUSE, and Debian styles, with or without quotes
> > + sed -e 's/^DHCPDARGS="*\([^"]*\)"*/DHCPDARGS="\1'"${dev} "'"/' \
> > +- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
> > ++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
> > + sed -e 's/^DHCPD_INTERFACE="*\([^"]*\)"*/DHCPD_INTERFACE="\1'"${dev} "'"/' \
> > +- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
> > ++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
> > + sed -e 's/^INTERFACES="*\([^"]*\)"*/INTERFACES="\1'"${dev} "'"/' \
> > +- "$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
> > ++ "$dhcpd_arg_file" >"$tmpfile" && cp "$tmpfile" "$dhcpd_arg_file"
> > + rm -f "$tmpfile"
> > + }
> > +
> > +@@ -125,7 +127,8 @@ dhcp_remove_entry()
> > + then
> > + rm "$tmpfile"
> > + else
> > +- mv "$tmpfile" "$dhcpd_conf_file"
> > ++ cp "$tmpfile" "$dhcpd_conf_file"
> > ++ rm "$tmpfile"
> > + fi
> > + dhcparg_remove_entry
> > + }
> > diff --git a/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend b/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
> > new file mode 100644
> > index 0000000..ef8eddd
> > --- /dev/null
> > +++ b/meta-arm-autonomy/recipes-extended/xen/xen-tools_%.bbappend
> > @@ -0,0 +1,5 @@
> > +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
> > +
> > +SRC_URI += "file://0001-vif-nat-fix-hostname.patch \
> > + file://0002-vif-nat-fix-symlink-removal.patch \
> > + "
> > --
> > 2.7.4
> >
> >
>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-07-30 20:25 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-30 15:52 [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Diego Sueiro
2020-07-30 15:52 ` [PATCH 2/4] arm-autonomy/linux-arm-autonomy: Extend netfilter config for host Diego Sueiro
2020-07-30 15:55 ` [meta-arm] " Bertrand Marquis
2020-07-30 15:52 ` [PATCH 3/4] arm-autonomy/xenguest-network: Add private network support for xenguest Diego Sueiro
2020-07-30 15:55 ` [meta-arm] " Bertrand Marquis
2020-07-30 15:52 ` [PATCH 4/4] arm-autonomy/xenguest-network: Add NAT port forward support Diego Sueiro
2020-07-30 15:56 ` [meta-arm] " Bertrand Marquis
2020-07-30 15:55 ` [meta-arm] [PATCH 1/4] arm-autonomy/xen-tools: vif-nat script fixes Bertrand Marquis
2020-07-30 20:25 ` Jon Mason
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.