Index: /package_tags/sipb-xen-dom0/2.4/debian/changelog =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/changelog (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/changelog (revision 487) @@ -0,0 +1,50 @@ +sipb-xen-dom0 (2.4) unstable; urgency=low + + * Add sipb-xen-losetup, a half-sane wrapper around the insane losetup. + + -- Greg Price Thu, 1 May 2008 01:13:28 -0400 + +sipb-xen-dom0 (2.3) unstable; urgency=low + + * Depend on generic metapackages/provides instead of particular + versions. + + -- Anders Kaseorg Sat, 27 Oct 2007 21:23:00 -0400 + +sipb-xen-dom0 (2.2) unstable; urgency=low + + * Add qemu-ifup script that depends on the device model script and + invokes vif-sipbroute. As a consequence, we don't really support + bridged hvms any more. It's not clear how to get enough information + out of qemu to do this. + * Call arpspoof with 18.181.0.1's address. This is unfortunate in two + ways. First, if we renumber we'll need to update the script. Second, + it is possible that someone on 18.181 besides the router may have an + address cached. Unfortunately, it doesn't work right if we don't + send the spoofed arp directly to the router. + + -- Sam Hartman Sun, 26 Aug 2007 18:57:17 -0400 + +sipb-xen-dom0 (2.1) unstable; urgency=low + + * Fix typo in init script + * depend on dsniff for arpspoof + + -- Sam Hartman Fri, 24 Aug 2007 17:22:20 -0400 + +sipb-xen-dom0 (2) unstable; urgency=low + + * Add qemu-dm-sipb written by andersk to get us the domain ID in qemu-ifup + * Add vif-sipbroute, a version of vif-route that does better netwwork + isolation and has initial but useless ipv6 support. This version also + uses arpspoof to take over an address for domain migrations. + * Add init script to enable rp_filter, proxy_arp and forwarding for the network config. + + -- Sam Hartman Fri, 24 Aug 2007 17:17:23 -0400 + +sipb-xen-dom0 (1) unstable; urgency=low + + * First version + + -- Sam Hartman Sat, 4 Aug 2007 20:20:32 -0400 + Index: /package_tags/sipb-xen-dom0/2.4/debian/compat =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/compat (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/compat (revision 487) @@ -0,0 +1,1 @@ +4 Index: /package_tags/sipb-xen-dom0/2.4/debian/control =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/control (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/control (revision 487) @@ -0,0 +1,13 @@ +Source: sipb-xen-dom0 +Section: base +Priority: extra +Maintainer: SIPB Xen Project +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0) +Standards-Version: 3.7.2 + +Package: sipb-xen-dom0 +Architecture: all +Depends: ${misc:Depends}, emacs, nullmailer, dsniff, xen-hypervisor, xen-utils, lvm2, grub, linux-image-xen-amd64 +Description: SIPB Xen domain 0 configuration + This package includes the dependencies and configuration for + a domain 0 sipb-xen server. Index: /package_tags/sipb-xen-dom0/2.4/debian/copyright =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/copyright (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/copyright (revision 487) @@ -0,0 +1,3 @@ +This package was created for internal use of the SIPB Xen Project of +the MIT Student Information Processing Board. Ask tabbott@mit.edu if +you have questions about redistribution. Index: /package_tags/sipb-xen-dom0/2.4/debian/rules =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/rules (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/rules (revision 487) @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + + +include /usr/share/cdbs/1/rules/debhelper.mk Index: /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.dirs =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.dirs (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.dirs (revision 487) @@ -0,0 +1,1 @@ +usr/share/sipb-xen-dom0 Index: /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.init =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.init (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.init (revision 487) @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +case $1 in + start) + echo 1 >/proc/sys/net/ipv4/ip_forward + for foo in all default; do + echo 1 >/proc/sys/net/ipv4/conf/$foo/rp_filter + echo 1 >/proc/sys/net/ipv4/conf/$foo/proxy_arp + done + ;; + esac Index: /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.install =================================================================== --- /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.install (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/debian/sipb-xen-dom0.install (revision 487) @@ -0,0 +1,2 @@ +files/* . +xend-config.sxp usr/share/sipb-xen-dom0 Index: /package_tags/sipb-xen-dom0/2.4/files/etc/modprobe.d/loop-maxloop =================================================================== --- /package_tags/sipb-xen-dom0/2.4/files/etc/modprobe.d/loop-maxloop (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/files/etc/modprobe.d/loop-maxloop (revision 487) @@ -0,0 +1,1 @@ +options loop max_loop=64 Index: /package_tags/sipb-xen-dom0/2.4/files/etc/xen/scripts/qemu-ifup =================================================================== --- /package_tags/sipb-xen-dom0/2.4/files/etc/xen/scripts/qemu-ifup (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/files/etc/xen/scripts/qemu-ifup (revision 487) @@ -0,0 +1,16 @@ +#!/bin/sh + +echo "config qemu network with xen bridge for $@" + +if [ -z "$domid" ]; then + echo "domid is not set!!!" >&2 + exit 1 +fi + +dev=$1 +qemu_online=yes +XENBUS_PATH=/local/domain/0/backend/vif/${domid}/0 +vif=vif${domid}.0 +export vif qemu_online XENBUS_PATH dev + +exec /etc/xen/scripts/vif-sipbroute online Index: /package_tags/sipb-xen-dom0/2.4/files/etc/xen/scripts/vif-sipbroute =================================================================== --- /package_tags/sipb-xen-dom0/2.4/files/etc/xen/scripts/vif-sipbroute (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/files/etc/xen/scripts/vif-sipbroute (revision 487) @@ -0,0 +1,87 @@ +#!/bin/bash + + + + + +#============================================================================ +# /etc/xen/vif-route +# +# Script for configuring a vif in routed mode. +# The hotplugging system will call this script if it is specified either in +# the device configuration given to Xend, or the default Xend configuration +# in /etc/xen/xend-config.sxp. If the script is specified in neither of those +# places, then vif-bridge is the default. +# +# Usage: +# vif-route (add|remove|online|offline) +# +# Environment vars: +# vif vif interface name (required). +# XENBUS_PATH path to this device's details in the XenStore (required). +# Read from the store: +# ip list of IP networks for the vif, space-separated (default given in +# this script). +# V6PREFIX prefix of v6 address to use +# Note that the v6 support is kind of broken because there's not really a way to populate the v6 prefix +# This script will set up proxy arp for any ip addresses that are being routed +# type read to determine if the device is ioemu + +#============================================================================ + +dir=$(dirname "$0") +. "$dir/vif-common.sh" + +main_ip=$(dom0_ip) +dev=${dev:-${vif}} + +case "$command" in + online) + ifconfig ${dev} ${main_ip} netmask 255.255.255.255 up + echo 1 >/proc/sys/net/ipv4/conf/${dev}/proxy_arp + echo 1 >/proc/sys/net/ipv4/conf/${dev}/rp_filter + ipcmd='add' + cmdprefix='' + ;; + offline) + do_without_error ifdown ${vif} + if [ -f /var/run/radvd/radvd.pid.${vif} ] ; then + do_without_error kill `cat /var/run/radvd/radvd.pid.${vif}` + fi + ipcmd='del' + cmdprefix='do_without_error' + ;; +esac + +v6prefix=${v6prefix:-} +v6prefix=$(xenstore_read_default "$XENBUS_PATH/v6prefix" "$v6prefix") +vif_type=$(xenstore_read_default "$XENBUS_PATH/type" "viffront") +if [ ${vif_type} != "ioemu" -o x${qemu_online} = xyes ] ; then + if [ "${ip}" ] ; then + # If we've been given a list of IP addresses, then add routes from dom0 to + # the guest using those addresses. + for addr in ${ip} ; do + ${cmdprefix} ip route ${ipcmd} ${addr} dev ${dev} src ${main_ip} + arpspoof -i eth0 -t 18.181.0.1 ${addr}& + sleep 5 + kill %arpspoof + done + fi + + if [ x${v6prefix} != x ] ; then + sed -e "s/@interface@/${dev}/" -e "s+@prefix@+${v6prefix}+" /etc/xen/radvd.conf.template >/var/run/radvd.conf.${vif} + ${cmdprefix} ip -6 addr ${ipcmd} fe80::/64 scope link dev ${dev} + if [ $1 = online ] ; then + radvd -u radvd -C /var/run/radvd.conf.${vif} -p /var/run/radvd/radvd.pid.${vif} + fi + ${cmdprefix} ip -6 route ${ipcmd} ${v6prefix} dev ${dev} + fi +fi + +handle_iptable + +log debug "Successful vif-route $command for $vif." +if [ "$command" == "online" ] +then + success +fi Index: /package_tags/sipb-xen-dom0/2.4/files/usr/sbin/qemu-dm-sipb =================================================================== --- /package_tags/sipb-xen-dom0/2.4/files/usr/sbin/qemu-dm-sipb (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/files/usr/sbin/qemu-dm-sipb (revision 487) @@ -0,0 +1,16 @@ +#!/bin/sh +domid= +for i; do + if [ "$domid" = "_NEXT_" ]; then + domid=$i + break + elif [ "$i" = "-d" ]; then + domid=_NEXT_ + fi +done +export domid +echo 'BEGIN qemu-dm-sipb LOG' >> /tmp/log +echo "$0 $@" >> /tmp/log +env >> /tmp/log +echo 'END qemu-dm-sipb LOG' >> /tmp/log +exec "$ROOT/bin/qemu-dm" "$@" Index: /package_tags/sipb-xen-dom0/2.4/files/usr/sbin/sipb-xen-losetup =================================================================== --- /package_tags/sipb-xen-dom0/2.4/files/usr/sbin/sipb-xen-losetup (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/files/usr/sbin/sipb-xen-losetup (revision 487) @@ -0,0 +1,39 @@ +#!/usr/bin/env python2.5 + +import sys +import os +from subprocess import call + +def losetup(source, offset=0): + # XXX we avoid colliding with other instances of ourself, + # but when it comes to other loop-device users we just + # pick a range things don't seem to use and hope... + lockfilename = '/tmp/losetup.lock' + os.close(os.open(lockfilename, os.O_CREAT+os.O_EXCL)) #lock + try: + loopdevice = None + for i in xrange(32,60): # totally arbitrary, just looks to be unused on black-mesa + filename = '/dev/loop%d'%i + if 0 == len(file(filename).read(1)): + loopdevice = filename # it's empty + break + if loopdevice is not None: + call(['losetup', '-o', str(offset), loopdevice, source]) + else: + raise RuntimeError('out of loop devices for copying VM image: too many at once?') + finally: + os.unlink(lockfilename) #unlock + return loopdevice + +def main(*argv): + args = argv[1:] + os.environ['PATH'] = '/usr/sbin:/usr/bin:/sbin:/bin' + if not (1 <= len(args) <= 2): + print >>sys.stderr, 'usage: %s sourcedevice [offset]' % argv[0] + print >>sys.stderr, 'prints resulting loopback device; don\'t forget to losetup -d' + return 2 + print losetup(*args) + return 0 + +if __name__ == '__main__': + sys.exit(main(*sys.argv)) Index: /package_tags/sipb-xen-dom0/2.4/xend-config.sxp =================================================================== --- /package_tags/sipb-xen-dom0/2.4/xend-config.sxp (revision 487) +++ /package_tags/sipb-xen-dom0/2.4/xend-config.sxp (revision 487) @@ -0,0 +1,135 @@ +# -*- sh -*- + +# +# Xend configuration file. +# + +# This example configuration is appropriate for an installation that +# utilizes a bridged network configuration. Access to xend via http +# is disabled. + +# Commented out entries show the default for that entry, unless otherwise +# specified. + +#(logfile /var/log/xen/xend.log) +#(loglevel DEBUG) + +#(xend-http-server no) +#(xend-unix-server no) +#(xend-tcp-xmlrpc-server no) +#(xend-unix-xmlrpc-server yes) +#(xend-relocation-server no) + +#(xend-unix-path /var/lib/xend/xend-socket) + +# Port xend should use for the HTTP interface, if xend-http-server is set. +#(xend-port 8000) + +# Port xend should use for the relocation interface, if xend-relocation-server +# is set. +#(xend-relocation-port 8002) + +# Address xend should listen on for HTTP connections, if xend-http-server is +# set. +# Specifying 'localhost' prevents remote connections. +# Specifying the empty string '' (the default) allows all connections. +#(xend-address '') +#(xend-address localhost) + +# Address xend should listen on for relocation-socket connections, if +# xend-relocation-server is set. +# Meaning and default as for xend-address above. +#(xend-relocation-address '') + +# The hosts allowed to talk to the relocation port. If this is empty (the +# default), then all connections are allowed (assuming that the connection +# arrives on a port and interface on which we are listening; see +# xend-relocation-port and xend-relocation-address above). Otherwise, this +# should be a space-separated sequence of regular expressions. Any host with +# a fully-qualified domain name or an IP address that matches one of these +# regular expressions will be accepted. +# +# For example: +# (xend-relocation-hosts-allow '^localhost$ ^.*\.example\.org$') +# +#(xend-relocation-hosts-allow '') + +# The limit (in kilobytes) on the size of the console buffer +#(console-limit 1024) + +## +# To bridge network traffic, like this: +# +# dom0: fake eth0 -> vif0.0 -+ +# | +# bridge -> real eth0 -> the network +# | +# domU: fake eth0 -> vifN.0 -+ +# +# use +# +# (network-script network-bridge) +# +# Your default ethernet device is used as the outgoing interface, by default. +# To use a different one (e.g. eth1) use +# +# (network-script 'network-bridge netdev=eth1') +# +# The bridge is named xenbr0, by default. To rename the bridge, use +# +# (network-script 'network-bridge bridge=') +# +# It is possible to use the network-bridge script in more complicated +# scenarios, such as having two outgoing interfaces, with two bridges, and +# two fake interfaces per guest domain. To do things like this, write +# yourself a wrapper script, and call network-bridge from it, as appropriate. +# +(network-script network-bridge) + +# The script used to control virtual interfaces. This can be overridden on a +# per-vif basis when creating a domain or a configuring a new vif. The +# vif-bridge script is designed for use with the network-bridge script, or +# similar configurations. +# +# If you have overridden the bridge name using +# (network-script 'network-bridge bridge=') then you may wish to do the +# same here. The bridge name can also be set when creating a domain or +# configuring a new vif, but a value specified here would act as a default. +# +# If you are using only one bridge, the vif-bridge script will discover that, +# so there is no need to specify it explicitly. +# +(vif-script vif-bridge) + + +## Use the following if network traffic is routed, as an alternative to the +# settings for bridged networking given above. +#(network-script network-route) +#(vif-script vif-route) + + +## Use the following if network traffic is routed with NAT, as an alternative +# to the settings for bridged networking given above. +#(network-script network-nat) +#(vif-script vif-nat) + + +# Dom0 will balloon out when needed to free memory for domU. +# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to. +# If dom0-min-mem=0, dom0 will never balloon out. +(dom0-min-mem 196) + +# In SMP system, dom0 will use dom0-cpus # of CPUS +# If dom0-cpus = 0, dom0 will take all cpus available +(dom0-cpus 0) + +# Whether to enable core-dumps when domains crash. +#(enable-dump no) + +# The tool used for initiating virtual TPM migration +#(external-migration-tool '') + +# The interface for VNC servers to listen on. Defaults +# to 127.0.0.1 To restore old 'listen everywhere' behaviour +# set this to 0.0.0.0 +#(vnc-listen '127.0.0.1')