Skip to content

Commit c850e50

Browse files
JamesitsJamesits
committed
more netnsinit changes
1 parent aa61082 commit c850e50

File tree

2 files changed

+77
-29
lines changed

2 files changed

+77
-29
lines changed

scripts/netnsinit

Lines changed: 66 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -8,59 +8,77 @@ display_usage() {
88
echo "Note: you may need root privileges for this."
99
}
1010

11-
autoconfigure_bridge_up_outside() {
12-
autoconfigure_tunnel_up_outside
13-
14-
ip link set ${DEVNAME_OUTSIDE} master ${BRIDGE}
15-
}
16-
17-
autoconfigure_bridge_down_outside() {
18-
autoconfigure_tunnel_down_outside
19-
}
11+
############## configure triggers ###############
2012

2113
autoconfigure_tunnel_up_outside() {
14+
# precaution
2215
! ip link delete ${DEVNAME_OUTSIDE}
2316
! ip link delete ${DEVNAME_INSIDE}
17+
18+
# setup pseudo wire
2419
ip link add ${DEVNAME_OUTSIDE} type veth peer name ${DEVNAME_INSIDE}
2520
! tc qdisc del dev ${DEVNAME_INSIDE} root
26-
ip link set ${DEVNAME_OUTSIDE} up
21+
if [ ! -z "$MACADDR" ]; then
22+
ip link set ${DEVNAME_INSIDE} address ${MACADDR}
23+
fi
2724
ip link set ${DEVNAME_INSIDE} netns ${NSNAME}
25+
ip link set ${DEVNAME_OUTSIDE} up
26+
ip -n ${NSNAME} link set ${DEVNAME_INSIDE} up
27+
28+
# add ipv4 address at global end
2829
# let this fail silently if IPADDR_OUTSIDE is undefined
2930
! ip address add ${IPADDR_OUTSIDE} dev ${DEVNAME_OUTSIDE}
30-
ip -n ${NSNAME} link set ${DEVNAME_INSIDE} up
31+
32+
return 0 # additional precation against "set -e" in case of future mods of this function
33+
}
3134

32-
if [ ! -z "$MACADDR" ]; then
33-
ip link set ${DEVNAME_INSIDE} address ${MACADDR}
35+
autoconfigure_tunnel_up_inside() {
36+
# add ipv4 address at netns end
37+
if [ ! -z "${IPADDR}" ]; then
38+
ip address add ${IPADDR} dev ${DEVNAME_INSIDE}
39+
fi
40+
41+
# setup default route
42+
if [ ! -z "${GATEWAY}" ]; then
43+
ip route add default via ${GATEWAY%%/*} onlink
3444
fi
45+
46+
# if DHCP is configured
3547
if [ "${DHCPV4}" == "1" ]; then
3648
! mkdir -p /var/run/netns
3749
dhclient -v -i ${DEVNAME_INSIDE} -nw -pf /var/run/netns/dhclient-${NSNAME}.pid
38-
else
39-
if [ ! -z "${IPADDR}" ]; then
40-
/bin/ip address add ${IPADDR} dev ${DEVNAME_INSIDE}
41-
fi
42-
if [ ! -z "${GATEWAY}" ]; then
43-
/bin/ip route add default via ${GATEWAY%%/*}
44-
fi
4550
fi
46-
47-
return 0 # additional precation against "set -e" in case of future mods of this function
51+
52+
return 0
4853
}
4954

50-
autoconfigure_tunnel_down_outside() {
55+
autoconfigure_tunnel_down_inside() {
56+
# kill DHCP client
5157
# do not run in ExecStartPost to prevent forked dhclient from being killed
5258
! kill -15 `cat /var/run/netns/dhclient-${NSNAME}.pid`
5359
! rm /var/run/netns/dhclient-${NSNAME}.pid
60+
}
61+
62+
autoconfigure_tunnel_down_outside() {
5463
ip link delete ${DEVNAME_OUTSIDE}
5564
}
5665

57-
autoconfigure_nat_up_inside() {
58-
# add default route if gateway undefined
59-
if [ -z "${GATEWAY}" -a -n "${IPADDR_OUTSIDE}" ]; then
60-
ip route add default via ${IPADDR_OUTSIDE%%/*}
61-
fi
66+
autoconfigure_bridge_up_outside() {
67+
autoconfigure_tunnel_up_outside
6268

63-
return 0 # additional precation against "set -e" in case of future mods of this function
69+
ip link set ${DEVNAME_OUTSIDE} master ${BRIDGE}
70+
}
71+
72+
autoconfigure_bridge_up_inside() {
73+
autoconfigure_tunnel_up_inside
74+
}
75+
76+
autoconfigure_bridge_down_inside() {
77+
autoconfigure_tunnel_down_inside
78+
}
79+
80+
autoconfigure_bridge_down_outside() {
81+
autoconfigure_tunnel_down_outside
6482
}
6583

6684
autoconfigure_nat_up_outside() {
@@ -84,6 +102,23 @@ autoconfigure_nat_up_outside() {
84102
return 0 # additional precation against "set -e" in case of future mods of this function
85103
}
86104

105+
autoconfigure_nat_up_inside() {
106+
autoconfigure_tunnel_up_inside
107+
108+
# add default route if gateway undefined
109+
if [ -z "${GATEWAY}" -a -n "${IPADDR_OUTSIDE}" ]; then
110+
ip route add default via ${IPADDR_OUTSIDE%%/*}
111+
fi
112+
113+
return 0 # additional precation against "set -e" in case of future mods of this function
114+
}
115+
116+
autoconfigure_nat_down_inside() {
117+
autoconfigure_tunnel_down_inside
118+
119+
return 0
120+
}
121+
87122
autoconfigure_nat_down_outside() {
88123
# remove NAT
89124
iptables -t nat -D POSTROUTING -s ${IPADDR_OUTSIDE} -j MASQUERADE
@@ -93,6 +128,8 @@ autoconfigure_nat_down_outside() {
93128
iptables -D INPUT -i ${DEVNAME_OUTSIDE} -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
94129

95130
autoconfigure_tunnel_down_outside
131+
132+
return 0
96133
}
97134

98135
autoconfigure_mvbr_up_outside() {

services/netns@.service

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,21 @@ Type=oneshot
1414
RemainAfterExit=yes
1515
PrivateNetwork=yes
1616

17+
# precaution
1718
ExecStartPre=-/usr/bin/env ip netns delete %I
1819

20+
# set up netns and bind it to this service
1921
ExecStart=/usr/bin/flock --no-fork -- /var/run/netns.lock /usr/bin/env ip netns add %I
2022
ExecStart=/usr/bin/env umount /var/run/netns/%I
2123
ExecStart=/usr/bin/env mount --bind /proc/self/ns/net /var/run/netns/%I
2224

25+
# start hook
26+
ExecStart=/usr/bin/env netnsinit raw %I up outside
27+
ExecStart=/usr/bin/env ip netns exec %I /usr/bin/env netnsinit raw %I up inside
28+
29+
# stop hook
30+
ExecStop=/usr/bin/env ip netns exec %I /usr/bin/env netnsinit raw %I down inside
31+
ExecStop=/usr/bin/env netnsinit raw %I down outside
32+
33+
# remove the netns
2334
ExecStop=/usr/bin/env ip netns delete %I

0 commit comments

Comments
 (0)