From 0e7c0a80558addae4eaf8e75349b202e52e18e24 Mon Sep 17 00:00:00 2001 From: Robert Volkmann <20912167+robertvolkmann@users.noreply.github.com> Date: Thu, 25 Jul 2024 11:15:43 +0200 Subject: [PATCH] Switch to tc mirrored to get rid of macvtap (#110) --- scripts/manage_vms.py | 32 ++++++++++---------------------- scripts/mirror_tap_to_lan.sh | 22 ++++++++++++++++++++++ scripts/vms_entrypoint.sh | 11 ----------- 3 files changed, 32 insertions(+), 33 deletions(-) create mode 100755 scripts/mirror_tap_to_lan.sh diff --git a/scripts/manage_vms.py b/scripts/manage_vms.py index a3b86d3a..2f2008cf 100755 --- a/scripts/manage_vms.py +++ b/scripts/manage_vms.py @@ -13,7 +13,7 @@ "disk-path": "/machine01.img", "disk-size": "5G", "memory": "2G", - "tap-index-fd": [(0, 30), (1, 40)], + "lan_indices": [0, 1], "serial-port": 4000, }, "machine02": { @@ -22,7 +22,7 @@ "disk-path": "/machine02.img", "disk-size": "5G", "memory": "2G", - "tap-index-fd": [(2, 50), (3, 60)], + "lan_indices": [2, 3], "serial-port": 4001, }, "machine03": { @@ -31,7 +31,7 @@ "disk-path": "/machine03.img", "disk-size": "5G", "memory": "2G", - "tap-index-fd": [(4, 70), (5, 80)], + "lan_indices": [4, 5], "serial-port": 4002, }, } @@ -126,18 +126,6 @@ def _delete_vm_disk(path): @staticmethod def _start_vm(machine): - nics = [] - netdevices = [] - for tap in machine.get("tap-index-fd", []): - ifindex = tap[0] - fd = tap[1] - - mac = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/address".format(ifindex=ifindex)]).decode("utf-8").strip() - tapindex = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/ifindex".format(ifindex=ifindex)]).decode("utf-8").strip() - - nics.append("virtio-net,netdev=hn{ifindex},mac={mac}".format(ifindex=ifindex, mac=mac)) - netdevices.append("tap,fd={fd},id=hn{ifindex} {fd}<>/dev/tap{tapindex}".format(fd=fd, ifindex=ifindex, tapindex=tapindex)) - cmd = [ "qemu-system-x86_64", "-name", machine.get("name"), @@ -153,13 +141,13 @@ def _start_vm(machine): "-nographic", ] - for nic in nics: - cmd.append("-device") - cmd.append(nic) - - for device in netdevices: - cmd.append("-netdev") - cmd.append(device) + for i in machine["lan_indices"]: + with open(f'/sys/class/net/lan{i}/address', 'r') as f: + mac = f.read().strip() + cmd.append('-device') + cmd.append(f'virtio-net,netdev=hn{i},mac={mac}') + cmd.append(f'-netdev') + cmd.append(f'tap,id=hn{i},ifname=tap{i},script=/mini-lab/mirror_tap_to_lan.sh,downscript=no') cmd.append("&") diff --git a/scripts/mirror_tap_to_lan.sh b/scripts/mirror_tap_to_lan.sh new file mode 100755 index 00000000..f62b6d5e --- /dev/null +++ b/scripts/mirror_tap_to_lan.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# Script is taken from https://netdevops.me/2021/transparently-redirecting-packets/frames-between-interfaces/ +# Script is taken from https://netdevops.me/2021/transparently-redirecting-packetsframes-between-interfaces/ +# Read it for better understanding + +set -o errexit +TAP_IF=$1 +# get interface index number up to 3 digits (everything after first three chars) +# tap0 -> 0 +# tap123 -> 123 +INDEX=${TAP_IF:3:3} + +ip link set $TAP_IF up +ip link set $TAP_IF mtu 65000 + +# create tc lan<->tap redirect rules +tc qdisc add dev lan$INDEX ingress +tc filter add dev lan$INDEX parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev $TAP_IF + +tc qdisc add dev $TAP_IF ingress +tc filter add dev $TAP_IF parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev lan$INDEX diff --git a/scripts/vms_entrypoint.sh b/scripts/vms_entrypoint.sh index a6814485..fda2cdd1 100755 --- a/scripts/vms_entrypoint.sh +++ b/scripts/vms_entrypoint.sh @@ -25,15 +25,4 @@ while [ "$MYINT" -lt "$INTFS" ]; do int_calc done -# creating macvtap interfaces for the qemu vms -for i in $(seq 0 5); do - ip link add link lan${i} name macvtap${i} type macvtap mode passthru - ip link set macvtap${i} up - ip link set macvtap${i} promisc on -done - -echo "Connected all interfaces" -ifdown -a || true -ifup -a || true - tail -f /dev/null