From 926eaa3c2998b4cc56224a1f505fd8290f9f2708 Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Fri, 22 Sep 2023 12:29:10 +0200 Subject: [PATCH] mxrouterctl: Add veth feature This adds a `veth(NAME)` config call which creates a pair of connected veth devices, one in the default namespace and the other one on the router namespace, both with the same name. This can be used, for example, to create interfaces on the host for VMs with the traffic routed through a mxrouter instance. Example: interface('vlan.irouter'); ip('vlan.irouter','172.19.141.2/24'); route('default','172.19.141.1'); veth('veth.variation'); my $NET_VARIATION = '172.19.118.0/24'; ip('veth.variation', '172.19.118.1/24'); my $NET_WISNET='141.14.16.0/20'; rule('filter','FORWARD',"-m state --state ESTABLISHED,RELATED -j ACCEPT"); rule('filter','FORWARD','-p icmp --icmp-type 8 -j ACCEPT'); # ping rule('filter','FORWARD',"-d $NET_VARIATION -j variation-out"); rule('filter','variation-out',"-s $NET_WISNET -p tcp --dport 22 -j ACCEPT"); # ssh rule('filter','variation-out',"-j DROP"); rule('filter','FORWARD',"-j ACCEPT"); --- mxrouter/mxrouterctl | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/mxrouter/mxrouterctl b/mxrouter/mxrouterctl index 457241a..d394948 100755 --- a/mxrouter/mxrouterctl +++ b/mxrouter/mxrouterctl @@ -374,6 +374,7 @@ sub radvd { } our $want_if; +our $want_veth; our $DHCRELAY_FORWARD; our %DHCRELAY_IF; @@ -483,7 +484,7 @@ sub start { netif_is_up('lo') or sys('ip link set lo up'); - for my $dev (keys %$want_if) { + for my $dev (keys %$want_if, keys %$want_veth) { netif_is_up($dev) or sys('ip','link','set',$dev,'up'); } @@ -622,6 +623,11 @@ sub interface { $want_if->{$dev}=1; } +sub veth { + my ($dev) = @_; + $want_veth->{$dev} = 1; +} + my @SAVED_ARGV=@ARGV; GetOptions(OPTIONS) or die USAGE; @@ -776,6 +782,9 @@ if (!$opt_this_ns) { for my $dev (sort keys %$want_if) { move_dev_into_ns($dev,$NETNS); } + for my $dev (sort keys %$want_veth) { + sys('ip', 'link', 'add', $dev, 'type', 'veth', 'peer', 'name', $dev, 'netns', $NETNS); + } system('ip','netns','exec',$NETNS,$0,'--this-ns',@SAVED_ARGV) and exit 1; } elsif ($cmd eq 'stop') { have_netns($NETNS) or die "not running (network namespace $NETNS does not exist)\n";