[Xen-devel] [PATCH 1/5] hotplug/linux: Fix the vif script to handle_iptable for tap interfaces

[Sylvain Munaut <s.munaut@xxxxxxxxxxxxxxxxxxxx>]

The TAP interfaces need the same iptables rules as the VIF, without it,
traffic will not be forwarded to/from them is the default FORWARD policy
is DROP/REJECT

Signed-off-by: Sylvain Munaut <s.munaut@xxxxxxxxxxxxxxxxxxxx>
---
 tools/hotplug/Linux/vif-bridge    |    2 +-
 tools/hotplug/Linux/vif-common.sh |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/hotplug/Linux/vif-bridge b/tools/hotplug/Linux/vif-bridge
index b7dcbd6..87279df 100644
--- a/tools/hotplug/Linux/vif-bridge
+++ b/tools/hotplug/Linux/vif-bridge
@@ -97,7 +97,7 @@ case "$command" in
         ;;
 esac
 
-if [ "$type_if" = vif ]; then
+if [ "$type_if" = vif -o "$type_if" = tap ]; then
     handle_iptable
 fi
 
diff --git a/tools/hotplug/Linux/vif-common.sh 
b/tools/hotplug/Linux/vif-common.sh
index 73ee241..28ddae5 100644
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -123,7 +123,7 @@ ip=$(xenstore_read_default "$XENBUS_PATH/ip" "$ip")
 
 frob_iptable()
 {
-  if [ "$command" == "online" ]
+  if [ "$command" == "online" -o "$command" == "add" ]
   then
     local c="-I"
   else
@@ -135,7 +135,7 @@ frob_iptable()
   iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-out "$dev" \
     -j ACCEPT 2>/dev/null
 
-  if [ "$command" == "online" -a $? -ne 0 ]
+  if [ \( "$command" == "online" -o "$command" == "add" \) -a $? -ne 0 ]
   then
     log err "iptables setup failed. This may affect guest networking."
   fi
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel