Support bringing up machines with an "other" address accessible for

[invirt/packages/invirt-xen-config.git] / vif-invirtroute

diff --git a/vif-invirtroute b/vif-invirtroute
index f484f87..ed2d072 100755 (executable)
--- a/vif-invirtroute
+++ b/vif-invirtroute
@@ -23,7 +23,6 @@
 # type read to determine if the device is ioemu
 
 #============================================================================
-
 dir=$(dirname "$0")
 . "$dir/vif-common.sh"
 
@@ -40,11 +39,13 @@ case "$command" in
           ethtool -K ${dev} tx off
         fi
         ipcmd='add'
+       ipt_action='-A'
         cmdprefix=''
         ;;
     offline|remove)
         do_without_error ifdown ${vif}
         ipcmd='del'
+       ipt_action='-D'
         cmdprefix='do_without_error'
         ;;
 esac
@@ -55,15 +56,53 @@ if [  ${vif_type} != "ioemu"  -o  x${qemu_online} = xyes ] ; then
     # If we've been given a list of IP addresses, then add routes from dom0 to
     # the guest using those addresses.
        for addr in ${ip} ; do
-           ${cmdprefix} ip route ${ipcmd} ${addr} dev ${dev} src ${main_ip}
+           # When PVHVM is enabled, Xen plugs two interfaces into
+           # HVMs - an emulated tap device and a paravirt vif device.
+           # vif-invirtroute (and vif-route, for that matter!) will
+           # fail when the second one is brought up, because the
+           # second invocation of 'ip route add' is identical to the
+           # first (same source and destination IPs) and the kernel
+           # rejects the new route.
+           #
+           # We work around this by adding the routes with different metrics.
+           # This should work because:
+           #
+           # 1) In the case of a pv-aware guest, the kernel will
+           # unplug the tap interface, which will bring down the tap
+           # interface's route, leaving only the one via the vif (and
+           # so the metric shouldn't matter, because it's the only
+           # route)
+           #
+           # 2) In the case of a non-pv-aware guest, the tap route
+           # (with metric 1) should take precedence over the vif
+           # route and carry all the traffic.
+
+           if [ $ipcmd == "add" ]; then
+               case $dev in
+                   vif*)
+                       metric="metric 2"
+                       ;;
+                   tap*)
+                       metric="metric 1"
+                       ;;
+               esac
+           fi
+           ${cmdprefix} ip route ${ipcmd} ${addr} dev ${dev} src ${main_ip} $metric
            case "$command" in
                online|add)
-                   arpspoof -i $(invirt-getconf xen.iface) -t 18.181.0.1 ${addr}&
-                   sleep 5
-                   kill %arpspoof
+                   timeout 5 arpspoof -i $(invirt-getconf xen.iface) -t ${gateway} ${addr} || :
                    ;;
            esac
        done 
+       if [ -n "$other_ip" ]; then
+           ${cmdprefix} ip route ${ipcmd} ${other_ip} dev ${dev} src ${main_ip} $metric
+           iptables -t nat ${ipt_action} PREROUTING -d ${other_ip} -j DNAT --to-destination ${addr}
+           case "$command" in
+               online|add)
+                   timeout 5 arpspoof -i $(invirt-getconf xen.iface) -t ${other_gateway} ${other_ip} || :
+                   ;;
+           esac
+       fi
     fi
 fi