VPC : pass subnet to guestnw.sh

2012-06-20 12:47:51 -07:00 · 2012-06-20 12:47:51 -07:00 · 997bc8d9ce
parent bb30a6b6bb
commit 997bc8d9ce
3 changed files with 12 additions and 6 deletions
--- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@ -7191,6 +7191,7 @@ public abstract class CitrixResourceBase implements ServerResource, HypervisorRe
            args += " -i " + domrGIP;
            args += " -g " + gw;
            args += " -m " + cidr;
+            args += " -n " + NetUtils.getSubNet(domrGIP, nic.getNetmask());
            if ( dns != null && !dns.isEmpty() ) {
                args += " -s " + dns;
            }
--- a/patches/systemvm/debian/config/opt/cloud/bin/acl.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/acl.sh
@ -56,7 +56,7 @@ acl_restore() {
 acl_save() {
  acl_remove_backup
  sudo iptables -E ACL_INBOUND_$ip _ACL_INBOUND_$ip 2>/dev/null
-  sudo iptables -E ACL_OUTBOUND_$ip _ACL_OUTBOUND_$gGW 2>/dev/null
+  sudo iptables -E ACL_OUTBOUND_$ip _ACL_OUTBOUND_$ip 2>/dev/null
 }

 acl_chain_for_guest_network () {
@ -99,19 +99,19 @@ acl_entry_for_guest_network() {
      [ "$sport" == "-1" ] && typecode="any"
      if [ "$inbound" == "1" ]
      then
-        sudo iptables -I ACL_INBOUND_$gGW -p $prot -s $lcidr  \
+        sudo iptables -I ACL_INBOUND_$ip -p $prot -s $lcidr  \
                    --icmp-type $typecode  -j ACCEPT
      else
-        sudo iptables -I ACL_OUTBOUND_$gGW -p $prot -d $lcidr  \
+        sudo iptables -I ACL_OUTBOUND_$ip -p $prot -d $lcidr  \
                    --icmp-type $typecode  -j ACCEPT
      fi
    else
      if [ "$inbound" == "1" ]
      then
-        sudo iptables -I ACL_INBOUND_$gGW -p $prot -s $lcidr \
+        sudo iptables -I ACL_INBOUND_$ip -p $prot -s $lcidr \
                    --dport $sport:$eport -j ACCEPT
      else
-        sudo iptables -I ACL_OUTBOUND_$gGW -p $prot -d $lcidr \
+        sudo iptables -I ACL_OUTBOUND_$ip -p $prot -d $lcidr \
                    --dport $sport:$eport -j ACCEP`T
    fi
    result=$?
--- a/patches/systemvm/debian/config/opt/cloud/bin/guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/guestnw.sh
@ -77,6 +77,8 @@ create_guest_network() {
  # setup rules to allow dhcp/dns request
  sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
  sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+  local tableName="Table_$dev"
+  sudo ip route add $subnet/$mask dev $dev table $tableName proto static

  # create inbound acl chain
  if sudo iptables -N ACL_INBOUND_$ip 2>/dev/null
@ -108,6 +110,9 @@ destroy_guest_network() {
  sudo iptables -D FORWARD -i $dev -s $ip/$mask -j ACL_OUTBOUND_$ip  2>/dev/null
  sudo iptables -X ACL_OUTBOUND_$ip 2>/dev/null

+  sudo ip addr del dev $dev $ip/$mask
+  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
  desetup_dnsmasq
 }

@ -133,7 +138,7 @@ do
 		op="-D"
 		;;
  n)	nflag=1
-		network="$OPTAGR"
+		subnet="$OPTAGR"
 		;;
  m)	mflag=1
 		mask="$OPTARG"