[meta-arm,3/4] arm-autonomy/xenguest-network: Add private network support for xenguest

Submitted by Diego Sueiro on July 30, 2020, 3:52 p.m. | Patch ID: 174907

Details

Message ID 1596124338-106961-3-git-send-email-diego.sueiro@arm.com
State New
Headers show

Commit Message

Diego Sueiro July 30, 2020, 3:52 p.m.
Introduce the private/internal network support for xenguest by using NAT
and applying the proper iptables rules to allow the guest to have access
to the external network.

The XENGUEST_NETWORK_TYPE variable was introduced to allow the user to
setup the xenguest network type between "bridge" (default), "nat" and
"none".

Change-Id: I919e5b0fd0809093698b9dec3a9503b598b54828
Issue-Id: SCM-1019
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
 meta-arm-autonomy/classes/xenguest-image.bbclass   |  18 +--
 .../documentation/xenguest-network-bridge.md       |  49 --------
 .../documentation/xenguest-network.md              |  70 +++++++++++
 ...k-bridge.bbappend => xenguest-network.bbappend} |   0
 .../images/arm-autonomy-host-image-minimal.bb      |   2 +-
 .../xenguest/files/00-vif-xenguest.hook            | 130 +++++++++++++++++++++
 .../xenguest/files/dhcpd-params.cfg                |  30 +++++
 .../xenguest/files/network-bridge.sh.in            |  25 +++-
 .../xenguest/xenguest-base-image.bb                |   7 +-
 ...guest-network-bridge.bb => xenguest-network.bb} |  16 ++-
 10 files changed, 283 insertions(+), 64 deletions(-)
 delete mode 100644 meta-arm-autonomy/documentation/xenguest-network-bridge.md
 create mode 100644 meta-arm-autonomy/documentation/xenguest-network.md
 rename meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/{xenguest-network-bridge.bbappend => xenguest-network.bbappend} (100%)
 create mode 100755 meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
 create mode 100644 meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
 rename meta-arm-autonomy/recipes-extended/xenguest/{xenguest-network-bridge.bb => xenguest-network.bb} (79%)

Patch hide | download patch | download mbox

diff --git a/meta-arm-autonomy/classes/xenguest-image.bbclass b/meta-arm-autonomy/classes/xenguest-image.bbclass
index e8880f3..be1dde5 100644
--- a/meta-arm-autonomy/classes/xenguest-image.bbclass
+++ b/meta-arm-autonomy/classes/xenguest-image.bbclass
@@ -58,10 +58,14 @@  XENGUEST_IMAGE_DISK_SIZE ??= "${@ '4' if not d.getVar('INITRAMFS_IMAGE') else '0
 # and containing the root filesystem produced by Yocto
 XENGUEST_IMAGE_DISK_PARTITIONS ??= "1:${XENGUEST_IMAGE_DISK_SIZE}:ext4:rootfs.tar.gz"
 
-# XENGUEST_IMAGE_NETWORK_BRIDGE can be set to 1 to have a network interface
-# on the guest connected to host bridged network. This will provide the guest
-# with a network interface connected directly to the external network
-XENGUEST_IMAGE_NETWORK_BRIDGE ??= "1"
+# XENGUEST_IMAGE_NETWORK_TYPE can be set to "bridge", "nat" or "none".
+# The "bridge" type will share the physical eth interface from dom0 with the
+# domU. This will allow the domU to have access to the external network.
+# The "nat" type will setup a virtual network between dom0 and domU and also
+# configure and run the dhcpd on dom0 to serve the domU.
+# The "none" type will not affect any networking setting between on dom0 and
+# domU.
+XENGUEST_IMAGE_NETWORK_TYPE ??= "bridge"
 
 # Sub-directory in wich the guest is created. This is create in deploy as a
 # subdirectory and must be coherent between all components using this class so
@@ -147,10 +151,10 @@  xenguest_image_create() {
         call_xenguest_mkimage update --set-param=GUEST_AUTOBOOT=0
     fi
 
-    if [ "${XENGUEST_IMAGE_NETWORK_BRIDGE}" = "1" ]; then
-        call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=1
+    if [ -n "${XENGUEST_IMAGE_NETWORK_TYPE}" ]; then
+        call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="${XENGUEST_IMAGE_NETWORK_TYPE}"
     else
-        call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=0
+        call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="none"
     fi
 }
 
diff --git a/meta-arm-autonomy/documentation/xenguest-network-bridge.md b/meta-arm-autonomy/documentation/xenguest-network-bridge.md
deleted file mode 100644
index 6653fe8..0000000
--- a/meta-arm-autonomy/documentation/xenguest-network-bridge.md
+++ /dev/null
@@ -1,49 +0,0 @@ 
-xenguest network bridge
-=======================
-
-Introduction
-------------
-
-xenguest-network-bridge is creating a network bridge to allow some guests to
-have a direct connection to the external network.
-To do this, a bridge is created on the host using brctl with the network
-interfaces added to it so that the bridge is connected to the external network.
-It is also adding a guest init script which will, for guests configured to use
-it, create a virtual network interface for the guest and connect it to the
-network bridge on the host.
-
-Usage
------
-
-On the host the package xenguest-network-bridge must be included in your image.
-
-On the xenguest image of your guest, the parameter NETWORK_BRIDGE must be set
-to 1 (using xenguest-mkimage --set-param=NETWORK_BRIDGE=1).
-
-Bitbake parameters
-------------------
-Several parameters are available to configure the xenguest network bridge
-during Yocto project compilation (those can be set in your project local.conf,
-for example).
-
-The following parameters are available:
-
-- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
-  bridge that is created on the host during init.
-  This is set by default to "xenbr0".
-
-- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of network
-  interfaces that are added to the bridge when it is created on the host during
-  init.
-  This is set by default to "eth0".
-
-- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
-  to use to configure the bridge network. By default it points to have file
-  configuring the network using dhcp.
-  You can provide a different file using a bbappend and make this variable
-  point to it if you want to customize your network configuration.
-
-- XENGUEST_IMAGE_NETWORK_BRIDGE: This variable can be set to 0 or 1 on guest
-  projects to enable or not the connection of the guest to the host bridge.
-  This is set by default to "1".
-
diff --git a/meta-arm-autonomy/documentation/xenguest-network.md b/meta-arm-autonomy/documentation/xenguest-network.md
new file mode 100644
index 0000000..c61a11a
--- /dev/null
+++ b/meta-arm-autonomy/documentation/xenguest-network.md
@@ -0,0 +1,70 @@ 
+Xenguest Network
+================
+
+Introduction
+------------
+
+The xenguest-network package is primarly creating a network bridge to share
+the host eth physical interfaces with the guests virtual interfaces (vif).
+This way the guests can have access to the external network.
+
+At the moment 3 types of network arrangements are provided:
+
+- Bridge: where the guest vif is added to the created bridge interface;
+
+- NAT: where a private subnet is created for the guest, a dhcpd is started on
+  the host to serve the guest and the proper iptables rules are created to
+  allow the guest to access the external network;
+
+- None: the guest vif is not connected to the bridge.
+
+Usage
+-----
+
+On the host project the package xenguest-network must be included in your
+image, and on the guest project the XENGUEST_NETWORK_TYPE needs to be set to
+"bridge", "nat" or "none".
+
+Bitbake parameters
+------------------
+
+Several parameters are available to configure the xenguest network bridge
+during Yocto project compilation (those can be set in your project local.conf
+or xenguest-network.bbappend, for example).
+
+The following parameters are available:
+
+- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
+  bridge that is created on the host during init.
+  This is set by default to "xenbr0".
+
+- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of the
+  physical network interfaces that are added to the bridge when it is created
+  on the host during init.
+  By default no physical interfaces are added.
+
+- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
+  to use to configure the bridge network. By default it points to have file
+  configuring the network using dhcp.
+  You can provide a different file using a bbappend and make this variable
+  point to it if you want to customize your network configuration.
+
+- XENGUEST_IMAGE_NETWORK_TYPE: This variable can be set to "bridge" (default),
+  "nat" or "none".
+  The **bridge** type will add the domU vif interface to a bridge which also
+  contains the dom0 physical interface giving the guest direct access to the
+  external network.
+  The **nat** type will setup a private network between dom0 and domU, setup
+  the appropriate routing table, configure and run the dhcpd on dom0 to serve
+  the domU and apply the iptables rules to allow the guest to acess the
+  external network. The dhcpd configuration for the guest can be customised by
+  replacing the
+  "meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg" file
+  in a xenguest-network.bbappend. The dhcpd-params.cfg file is installed in
+  the xenguest image and copied to
+  "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg" when the guest
+  image is created. It will be consumed by the
+  "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" script which is called by
+  "/etc/xen/scripts/vif-nat" script when starting/stopping the xenguest.
+  The **none** type will not affect any networking setting between on dom0 and
+  domU.
diff --git a/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend b/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
similarity index 100%
rename from meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend
rename to meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
diff --git a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
index 9731c7c..188e31d 100644
--- a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
+++ b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
@@ -41,7 +41,7 @@  IMAGE_INSTALL += " \
     packagegroup-core-ssh-openssh \
     qemu-system-i386 \
     xenguest-manager \
-    xenguest-network-bridge \
+    xenguest-network \
     "
 
 # Build xen binary
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
new file mode 100755
index 0000000..32d5976
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
@@ -0,0 +1,130 @@ 
+#============================================================================
+# ${XEN_SCRIPT_DIR}/vif-post.d/00-vif-xenguest.hook
+#
+# Script for performing local configuration of a vif.
+# This script will be sourced by, e.g., vif-bridge after the hotplugging
+# system calls vif-bridge. The script is here and not simply executed as
+# a udev rule because this allows simple access to several environment
+# variables set by the calling vif-* script.
+#
+# Environment vars:
+# command     (add|remove|online|offline)
+# dev         vif interface name (required).
+# main_ip     IP address of Dom0
+# ip          list of IP networks for the vif, space-separated
+# XENBUS_PATH path to this device's details in the XenStore (required).
+#============================================================================
+
+domid=$(xenstore_read "${XENBUS_PATH}/frontend-id")
+guestname=$(xenstore_read "/local/domain/${domid}/name")
+bridge=$(xenstore_read "${XENBUS_PATH}/bridge")
+
+if [ ! -f /etc/xenguest/guests/${guestname}/params.cfg ]; then
+    log debug "No /etc/xenguest/guests/${guestname}/params.cfg. Exiting."
+    return
+fi
+
+# Source the params file to get the choosen XENGUEST_NETWORK_TYPE
+. /etc/xenguest/guests/${guestname}/params.cfg
+
+# We need to get the xenguest subnet prefix to set the subnet and
+# the fixed ip to assing to the guest.
+get_subnet_prefix() {
+    # ${vif_ip} is set in the vif-nat script
+    echo ${vif_ip} | awk -F. '{print $1"."$2"."$3}'
+}
+
+subnetprefix=$(get_subnet_prefix)
+
+dhcpd_remove_conf_entry()
+{
+    local tmpfile=$(mktemp)
+
+    # Remove the the xenguest dhcpd config file inclusion in the dhcpd
+    # main config
+    grep -v "include \"${XENGUEST_DHCPD_CONF_FILE}\";" \
+            "${dhcpd_conf_file}" >"${tmpfile}"
+    if ! diff "${tmpfile}" "${dhcpd_conf_file}" >/dev/null
+    then
+        cp "${tmpfile}" "${dhcpd_conf_file}"
+    fi
+    rm ${tmpfile}
+
+    # Remove the generated the xenguest dhcpd file
+    rm ${XENGUEST_DHCPD_CONF_FILE}
+}
+
+# This function removes the dhcpd options added by the vif-nat script and
+# adds the user provided options under the ${XENGUEST_DHCPD_HOST_OPTIONS}
+# variable set in "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"
+# file.
+dhcpd_add_conf_entries()
+{
+    # We need to remove the previous added entry from vif-nat script
+    dhcp_remove_entry
+
+    # Include the xenguest dhcpd config file in the dhcpd main config
+    echo >>"${dhcpd_conf_file}" "include \"${XENGUEST_DHCPD_CONF_FILE}\";"
+
+    # Generate the xenguest dhcpd file
+    echo -e "$(eval "echo -e \"$(cat ${XENGUEST_DHCPD_PARAMS_FILE})\"")" \
+            >> "${XENGUEST_DHCPD_CONF_FILE}"
+
+    # Re-add the dhcpargs entries removed by dhcp_remove_entry call
+    dhcparg_add_entry
+}
+
+dhcpd_online(){
+    log debug "dhcpd_online"
+    claim_lock "vif-nat-dhcp"
+    dhcpd_add_conf_entries
+    release_lock "vif-nat-dhcp"
+   "$dhcpd_init_file" restart || true
+}
+
+dhcpd_offline(){
+    log debug "dhcpd_offline"
+    claim_lock "vif-nat-dhcp"
+    dhcpd_remove_conf_entry
+    release_lock "vif-nat-dhcp"
+    "$dhcpd_init_file" restart || true # We need to ignore failure because
+                                       # ISC dhcpd 3 borks if there is nothing
+                                       # for it to do, which is the case if
+                                       # the outgoing interface is not
+                                       # configured to offer leases and there
+                                       # are no vifs.
+}
+
+case "${XENGUEST_NETWORK_TYPE}" in
+    nat)
+        XENGUEST_DHCPD_PARAMS_FILE=${XENGUEST_DHCPD_PARAMS_FILE:-"/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"}
+        if [ ! -f ${XENGUEST_DHCPD_PARAMS_FILE} ]; then
+            log debug "No ${XENGUEST_DHCPD_PARAMS_FILE} file. Aborting"
+            return
+        fi
+
+        XENGUEST_DHCPD_CONF_FILE="/etc/dhcp/dhcpd.dom$domid.conf"
+
+        case "$command" in
+            online)
+                dhcpd_online
+
+                # Enable ip forwarding and NAT for the ${bridge} interface
+                sysctl -w net.ipv4.ip_forward=1
+                iptables_w -t nat -A POSTROUTING -o ${bridge} -j MASQUERADE -m comment --comment "dom${domid}"
+                ;;
+            offline)
+                dhcpd_offline
+
+                # Remove the NAT iptables rules created for the dom${domid}
+                guest_ipt_rule=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep -w dom${domid} | awk '{print $1}' | tac)
+                for rule in ${guest_ipt_rule}; do iptables_w -t nat --delete POSTROUTING ${rule}; done
+
+                # If there is no more NAT iptables rules we disable ip forwarding
+                ipt_nat_rules=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep MASQUERADE | awk '{print $1}')
+                [ -z "${ipt_nat_rules##*[!0-9]*}" ] && sysctl -w net.ipv4.ip_forward=0
+               ;;
+        esac
+
+        ;;
+esac
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
new file mode 100644
index 0000000..0495fbd
--- /dev/null
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
@@ -0,0 +1,30 @@ 
+# This file holds the guest dhcpd options running on Dom0.
+# The "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" called in the end of
+# the vif-nat script will use this file to generate the final dhcpd
+# configuration.
+
+# This file is added in the xenguest image and installed in dom0 under
+# /etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg when the guest
+# image is created.
+# Any customizations to it should be performed by replacing it via a bbappend.
+
+# The \${hostname}, \${mac}, \${vif_ip} and \${router_ip} variables are set in
+# the vif-nat script context. The \${subnetprefix} variable is set in the
+# 00-vif-xenguest.hook script context.
+
+# The "subnet" configuration node is mandatory in order to have the dhcpd
+# properly running.
+
+host ${hostname} {
+    hardware ethernet ${mac};
+    fixed-address ${vif_ip};
+    option routers ${router_ip};
+    option subnet-mask 255.255.255.0;
+    option broadcast-address ${subnetprefix}.255;
+    option domain-name-servers 8.8.8.8;
+    option host-name \"${hostname}\";
+    option domain-name \"example.com\";
+}
+
+subnet ${subnetprefix}.0 netmask 255.255.255.0 {
+}
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
index 2a36096..752f498 100755
--- a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
+++ b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
@@ -9,7 +9,24 @@  BRIDGE_NAME="###BRIDGE_NAME###"
 # get guest parameters
 . ./params.cfg
 
-if [ "${NETWORK_BRIDGE:-}" = "1" ]; then
-    echo "vif = ['${BRIDGE_NAME}']" >> ${guestname}.cfg
-fi
-
+case "${XENGUEST_NETWORK_TYPE:-}" in
+    nat)
+        # Create the symlinks for the files that vif-nat script expects
+        if [ ! -f /etc/dhcpd.conf ]; then
+            ln -s dhcp/dhcpd.conf /etc/dhcpd.conf
+        fi
+        if [ ! -f /etc/init.d/dhcp3-server ]; then
+            ln -s dhcp-server /etc/init.d/dhcp3-server
+        fi
+        if [ ! -f /etc/default/dhcp3-server ]; then
+            ln -s dhcp-server /etc/default/dhcp3-server
+        fi
+        echo "vif = ['script=vif-nat']" >> ${guestname}.cfg
+        ;;
+    bridge)
+        echo "vif = ['script=vif-bridge,bridge=${BRIDGE_NAME}']" >> ${guestname}.cfg
+        ;;
+    *)
+        echo "${@}: XENGUEST_NETWORK_TYPE=$XENGUEST_NETWORK_TYPE invalid"
+        ;;
+esac
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
index fb66566..8516fe8 100644
--- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
+++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
@@ -35,7 +35,12 @@  LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
 XENGUEST_IMAGE_SRC_URI_DISK_FILES ??= ""
 
 # Add xen files
-XENGUEST_IMAGE_SRC_URI_XEN_FILES ??= ""
+# Any extrafiles files to be added to XENGUEST_IMAGE_SRC_URI_XEN_FILES should
+# be performed via XENGUEST_IMAGE_SRC_URI_XEN_FILES_append.
+# The dhcpd-params.cfg holds the dhcpd configuration for Dom0. And it is used
+# when XENGUEST_IMAGE_NETWORK_TYPE="nat". Any customizations to it should be
+# performed by replacing it via a xenguest-network.bbappend.
+XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg"
 
 # Add xen configuration elements
 XENGUEST_IMAGE_SRC_URI_XEN_CONFIG ??= ""
diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
similarity index 79%
rename from meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
rename to meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
index c6c2242..fa4f93f 100644
--- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
+++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
@@ -1,5 +1,5 @@ 
 # Recipe to handle xenguest network configuration
-DESCRIPTION = "XenGuest Network Bridge"
+DESCRIPTION = "Xenguest Network"
 
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
@@ -20,6 +20,7 @@  SRC_URI = " \
     file://xenguest-network-bridge.in \
     file://xenguest-network-bridge-dhcp.cfg.in \
     file://network-bridge.sh.in \
+    file://00-vif-xenguest.hook \
     "
 
 # Bridge configurator needs to run before S01networking init script
@@ -49,8 +50,19 @@  do_install() {
     install -d -m 755 ${D}${sysconfdir}/xenguest/init.pre
     install -m 755 ${WORKDIR}/network-bridge.sh \
         ${D}${sysconfdir}/xenguest/init.pre/.
+
+    install -d ${D}${sysconfdir}/xen/scripts/vif-post.d
+    install -m 755 ${WORKDIR}/00-vif-xenguest.hook \
+        ${D}${sysconfdir}/xen/scripts/vif-post.d/.
 }
 
-RDEPENDS_${PN} += "bridge-utils"
+RDEPENDS_${PN} += "bridge-utils \
+                   iptables \
+                   dhcp-server \
+                   kernel-module-xt-tcpudp \
+                   kernel-module-xt-physdev \
+                   kernel-module-xt-comment \
+                  "
 FILES_${PN} += "${sysconfdir}/network/interfaces.d/xenguest-network-bridge.cfg"
 FILES_${PN} += "${sysconfdir}/xenguest/init.pre/network-bridge.sh"
+FILES_${PN} += "${sysconfdir}/xen/scripts/vif-post.d/00-vif-xenguest.hook"

Comments

Bertrand Marquis July 30, 2020, 3:55 p.m.
> On 30 Jul 2020, at 17:52, Diego Sueiro via lists.yoctoproject.org <diego.sueiro=arm.com@lists.yoctoproject.org> wrote:
> 
> Introduce the private/internal network support for xenguest by using NAT
> and applying the proper iptables rules to allow the guest to have access
> to the external network.
> 
> The XENGUEST_NETWORK_TYPE variable was introduced to allow the user to
> setup the xenguest network type between "bridge" (default), "nat" and
> "none".
> 
> Change-Id: I919e5b0fd0809093698b9dec3a9503b598b54828
> Issue-Id: SCM-1019
> Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Reviewed-by: Bertrand Marquis <bertrand.marquis@arm.com>

> ---
> meta-arm-autonomy/classes/xenguest-image.bbclass   |  18 +--
> .../documentation/xenguest-network-bridge.md       |  49 --------
> .../documentation/xenguest-network.md              |  70 +++++++++++
> ...k-bridge.bbappend => xenguest-network.bbappend} |   0
> .../images/arm-autonomy-host-image-minimal.bb      |   2 +-
> .../xenguest/files/00-vif-xenguest.hook            | 130 +++++++++++++++++++++
> .../xenguest/files/dhcpd-params.cfg                |  30 +++++
> .../xenguest/files/network-bridge.sh.in            |  25 +++-
> .../xenguest/xenguest-base-image.bb                |   7 +-
> ...guest-network-bridge.bb => xenguest-network.bb} |  16 ++-
> 10 files changed, 283 insertions(+), 64 deletions(-)
> delete mode 100644 meta-arm-autonomy/documentation/xenguest-network-bridge.md
> create mode 100644 meta-arm-autonomy/documentation/xenguest-network.md
> rename meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/{xenguest-network-bridge.bbappend => xenguest-network.bbappend} (100%)
> create mode 100755 meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> create mode 100644 meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
> rename meta-arm-autonomy/recipes-extended/xenguest/{xenguest-network-bridge.bb => xenguest-network.bb} (79%)
> 
> diff --git a/meta-arm-autonomy/classes/xenguest-image.bbclass b/meta-arm-autonomy/classes/xenguest-image.bbclass
> index e8880f3..be1dde5 100644
> --- a/meta-arm-autonomy/classes/xenguest-image.bbclass
> +++ b/meta-arm-autonomy/classes/xenguest-image.bbclass
> @@ -58,10 +58,14 @@ XENGUEST_IMAGE_DISK_SIZE ??= "${@ '4' if not d.getVar('INITRAMFS_IMAGE') else '0
> # and containing the root filesystem produced by Yocto
> XENGUEST_IMAGE_DISK_PARTITIONS ??= "1:${XENGUEST_IMAGE_DISK_SIZE}:ext4:rootfs.tar.gz"
> 
> -# XENGUEST_IMAGE_NETWORK_BRIDGE can be set to 1 to have a network interface
> -# on the guest connected to host bridged network. This will provide the guest
> -# with a network interface connected directly to the external network
> -XENGUEST_IMAGE_NETWORK_BRIDGE ??= "1"
> +# XENGUEST_IMAGE_NETWORK_TYPE can be set to "bridge", "nat" or "none".
> +# The "bridge" type will share the physical eth interface from dom0 with the
> +# domU. This will allow the domU to have access to the external network.
> +# The "nat" type will setup a virtual network between dom0 and domU and also
> +# configure and run the dhcpd on dom0 to serve the domU.
> +# The "none" type will not affect any networking setting between on dom0 and
> +# domU.
> +XENGUEST_IMAGE_NETWORK_TYPE ??= "bridge"
> 
> # Sub-directory in wich the guest is created. This is create in deploy as a
> # subdirectory and must be coherent between all components using this class so
> @@ -147,10 +151,10 @@ xenguest_image_create() {
>         call_xenguest_mkimage update --set-param=GUEST_AUTOBOOT=0
>     fi
> 
> -    if [ "${XENGUEST_IMAGE_NETWORK_BRIDGE}" = "1" ]; then
> -        call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=1
> +    if [ -n "${XENGUEST_IMAGE_NETWORK_TYPE}" ]; then
> +        call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="${XENGUEST_IMAGE_NETWORK_TYPE}"
>     else
> -        call_xenguest_mkimage update --set-param=NETWORK_BRIDGE=0
> +        call_xenguest_mkimage update --set-param=XENGUEST_NETWORK_TYPE="none"
>     fi
> }
> 
> diff --git a/meta-arm-autonomy/documentation/xenguest-network-bridge.md b/meta-arm-autonomy/documentation/xenguest-network-bridge.md
> deleted file mode 100644
> index 6653fe8..0000000
> --- a/meta-arm-autonomy/documentation/xenguest-network-bridge.md
> +++ /dev/null
> @@ -1,49 +0,0 @@
> -xenguest network bridge
> -=======================
> -
> -Introduction
> -------------
> -
> -xenguest-network-bridge is creating a network bridge to allow some guests to
> -have a direct connection to the external network.
> -To do this, a bridge is created on the host using brctl with the network
> -interfaces added to it so that the bridge is connected to the external network.
> -It is also adding a guest init script which will, for guests configured to use
> -it, create a virtual network interface for the guest and connect it to the
> -network bridge on the host.
> -
> -Usage
> ------
> -
> -On the host the package xenguest-network-bridge must be included in your image.
> -
> -On the xenguest image of your guest, the parameter NETWORK_BRIDGE must be set
> -to 1 (using xenguest-mkimage --set-param=NETWORK_BRIDGE=1).
> -
> -Bitbake parameters
> -------------------
> -Several parameters are available to configure the xenguest network bridge
> -during Yocto project compilation (those can be set in your project local.conf,
> -for example).
> -
> -The following parameters are available:
> -
> -- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
> -  bridge that is created on the host during init.
> -  This is set by default to "xenbr0".
> -
> -- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of network
> -  interfaces that are added to the bridge when it is created on the host during
> -  init.
> -  This is set by default to "eth0".
> -
> -- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
> -  to use to configure the bridge network. By default it points to have file
> -  configuring the network using dhcp.
> -  You can provide a different file using a bbappend and make this variable
> -  point to it if you want to customize your network configuration.
> -
> -- XENGUEST_IMAGE_NETWORK_BRIDGE: This variable can be set to 0 or 1 on guest
> -  projects to enable or not the connection of the guest to the host bridge.
> -  This is set by default to "1".
> -
> diff --git a/meta-arm-autonomy/documentation/xenguest-network.md b/meta-arm-autonomy/documentation/xenguest-network.md
> new file mode 100644
> index 0000000..c61a11a
> --- /dev/null
> +++ b/meta-arm-autonomy/documentation/xenguest-network.md
> @@ -0,0 +1,70 @@
> +Xenguest Network
> +================
> +
> +Introduction
> +------------
> +
> +The xenguest-network package is primarly creating a network bridge to share
> +the host eth physical interfaces with the guests virtual interfaces (vif).
> +This way the guests can have access to the external network.
> +
> +At the moment 3 types of network arrangements are provided:
> +
> +- Bridge: where the guest vif is added to the created bridge interface;
> +
> +- NAT: where a private subnet is created for the guest, a dhcpd is started on
> +  the host to serve the guest and the proper iptables rules are created to
> +  allow the guest to access the external network;
> +
> +- None: the guest vif is not connected to the bridge.
> +
> +Usage
> +-----
> +
> +On the host project the package xenguest-network must be included in your
> +image, and on the guest project the XENGUEST_NETWORK_TYPE needs to be set to
> +"bridge", "nat" or "none".
> +
> +Bitbake parameters
> +------------------
> +
> +Several parameters are available to configure the xenguest network bridge
> +during Yocto project compilation (those can be set in your project local.conf
> +or xenguest-network.bbappend, for example).
> +
> +The following parameters are available:
> +
> +- XENGUEST_NETWORK_BRIDGE_NAME: This variable defines the name of the network
> +  bridge that is created on the host during init.
> +  This is set by default to "xenbr0".
> +
> +- XENGUEST_NETWORK_BRIDGE_MEMBERS: This variable defines the list of the
> +  physical network interfaces that are added to the bridge when it is created
> +  on the host during init.
> +  By default no physical interfaces are added.
> +
> +- XENGUEST_NETWORK_BRIDGE_CONFIG: This variable defines the configuration file
> +  to use to configure the bridge network. By default it points to have file
> +  configuring the network using dhcp.
> +  You can provide a different file using a bbappend and make this variable
> +  point to it if you want to customize your network configuration.
> +
> +- XENGUEST_IMAGE_NETWORK_TYPE: This variable can be set to "bridge" (default),
> +  "nat" or "none".
> +  The **bridge** type will add the domU vif interface to a bridge which also
> +  contains the dom0 physical interface giving the guest direct access to the
> +  external network.
> +  The **nat** type will setup a private network between dom0 and domU, setup
> +  the appropriate routing table, configure and run the dhcpd on dom0 to serve
> +  the domU and apply the iptables rules to allow the guest to acess the
> +  external network. The dhcpd configuration for the guest can be customised by
> +  replacing the
> +  "meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg" file
> +  in a xenguest-network.bbappend. The dhcpd-params.cfg file is installed in
> +  the xenguest image and copied to
> +  "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg" when the guest
> +  image is created. It will be consumed by the
> +  "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" script which is called by
> +  "/etc/xen/scripts/vif-nat" script when starting/stopping the xenguest.
> +  The **none** type will not affect any networking setting between on dom0 and
> +  domU.
> diff --git a/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend b/meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
> similarity index 100%
> rename from meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network-bridge.bbappend
> rename to meta-arm-autonomy/dynamic-layers/meta-arm-bsp/recipes-extended/xenguest/xenguest-network.bbappend
> diff --git a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
> index 9731c7c..188e31d 100644
> --- a/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
> +++ b/meta-arm-autonomy/recipes-core/images/arm-autonomy-host-image-minimal.bb
> @@ -41,7 +41,7 @@ IMAGE_INSTALL += " \
>     packagegroup-core-ssh-openssh \
>     qemu-system-i386 \
>     xenguest-manager \
> -    xenguest-network-bridge \
> +    xenguest-network \
>     "
> 
> # Build xen binary
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> new file mode 100755
> index 0000000..32d5976
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/00-vif-xenguest.hook
> @@ -0,0 +1,130 @@
> +#============================================================================
> +# ${XEN_SCRIPT_DIR}/vif-post.d/00-vif-xenguest.hook
> +#
> +# Script for performing local configuration of a vif.
> +# This script will be sourced by, e.g., vif-bridge after the hotplugging
> +# system calls vif-bridge. The script is here and not simply executed as
> +# a udev rule because this allows simple access to several environment
> +# variables set by the calling vif-* script.
> +#
> +# Environment vars:
> +# command     (add|remove|online|offline)
> +# dev         vif interface name (required).
> +# main_ip     IP address of Dom0
> +# ip          list of IP networks for the vif, space-separated
> +# XENBUS_PATH path to this device's details in the XenStore (required).
> +#============================================================================
> +
> +domid=$(xenstore_read "${XENBUS_PATH}/frontend-id")
> +guestname=$(xenstore_read "/local/domain/${domid}/name")
> +bridge=$(xenstore_read "${XENBUS_PATH}/bridge")
> +
> +if [ ! -f /etc/xenguest/guests/${guestname}/params.cfg ]; then
> +    log debug "No /etc/xenguest/guests/${guestname}/params.cfg. Exiting."
> +    return
> +fi
> +
> +# Source the params file to get the choosen XENGUEST_NETWORK_TYPE
> +. /etc/xenguest/guests/${guestname}/params.cfg
> +
> +# We need to get the xenguest subnet prefix to set the subnet and
> +# the fixed ip to assing to the guest.
> +get_subnet_prefix() {
> +    # ${vif_ip} is set in the vif-nat script
> +    echo ${vif_ip} | awk -F. '{print $1"."$2"."$3}'
> +}
> +
> +subnetprefix=$(get_subnet_prefix)
> +
> +dhcpd_remove_conf_entry()
> +{
> +    local tmpfile=$(mktemp)
> +
> +    # Remove the the xenguest dhcpd config file inclusion in the dhcpd
> +    # main config
> +    grep -v "include \"${XENGUEST_DHCPD_CONF_FILE}\";" \
> +            "${dhcpd_conf_file}" >"${tmpfile}"
> +    if ! diff "${tmpfile}" "${dhcpd_conf_file}" >/dev/null
> +    then
> +        cp "${tmpfile}" "${dhcpd_conf_file}"
> +    fi
> +    rm ${tmpfile}
> +
> +    # Remove the generated the xenguest dhcpd file
> +    rm ${XENGUEST_DHCPD_CONF_FILE}
> +}
> +
> +# This function removes the dhcpd options added by the vif-nat script and
> +# adds the user provided options under the ${XENGUEST_DHCPD_HOST_OPTIONS}
> +# variable set in "/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"
> +# file.
> +dhcpd_add_conf_entries()
> +{
> +    # We need to remove the previous added entry from vif-nat script
> +    dhcp_remove_entry
> +
> +    # Include the xenguest dhcpd config file in the dhcpd main config
> +    echo >>"${dhcpd_conf_file}" "include \"${XENGUEST_DHCPD_CONF_FILE}\";"
> +
> +    # Generate the xenguest dhcpd file
> +    echo -e "$(eval "echo -e \"$(cat ${XENGUEST_DHCPD_PARAMS_FILE})\"")" \
> +            >> "${XENGUEST_DHCPD_CONF_FILE}"
> +
> +    # Re-add the dhcpargs entries removed by dhcp_remove_entry call
> +    dhcparg_add_entry
> +}
> +
> +dhcpd_online(){
> +    log debug "dhcpd_online"
> +    claim_lock "vif-nat-dhcp"
> +    dhcpd_add_conf_entries
> +    release_lock "vif-nat-dhcp"
> +   "$dhcpd_init_file" restart || true
> +}
> +
> +dhcpd_offline(){
> +    log debug "dhcpd_offline"
> +    claim_lock "vif-nat-dhcp"
> +    dhcpd_remove_conf_entry
> +    release_lock "vif-nat-dhcp"
> +    "$dhcpd_init_file" restart || true # We need to ignore failure because
> +                                       # ISC dhcpd 3 borks if there is nothing
> +                                       # for it to do, which is the case if
> +                                       # the outgoing interface is not
> +                                       # configured to offer leases and there
> +                                       # are no vifs.
> +}
> +
> +case "${XENGUEST_NETWORK_TYPE}" in
> +    nat)
> +        XENGUEST_DHCPD_PARAMS_FILE=${XENGUEST_DHCPD_PARAMS_FILE:-"/etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg"}
> +        if [ ! -f ${XENGUEST_DHCPD_PARAMS_FILE} ]; then
> +            log debug "No ${XENGUEST_DHCPD_PARAMS_FILE} file. Aborting"
> +            return
> +        fi
> +
> +        XENGUEST_DHCPD_CONF_FILE="/etc/dhcp/dhcpd.dom$domid.conf"
> +
> +        case "$command" in
> +            online)
> +                dhcpd_online
> +
> +                # Enable ip forwarding and NAT for the ${bridge} interface
> +                sysctl -w net.ipv4.ip_forward=1
> +                iptables_w -t nat -A POSTROUTING -o ${bridge} -j MASQUERADE -m comment --comment "dom${domid}"
> +                ;;
> +            offline)
> +                dhcpd_offline
> +
> +                # Remove the NAT iptables rules created for the dom${domid}
> +                guest_ipt_rule=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep -w dom${domid} | awk '{print $1}' | tac)
> +                for rule in ${guest_ipt_rule}; do iptables_w -t nat --delete POSTROUTING ${rule}; done
> +
> +                # If there is no more NAT iptables rules we disable ip forwarding
> +                ipt_nat_rules=$(iptables_w -t nat -vL POSTROUTING -n --line-number | grep MASQUERADE | awk '{print $1}')
> +                [ -z "${ipt_nat_rules##*[!0-9]*}" ] && sysctl -w net.ipv4.ip_forward=0
> +               ;;
> +        esac
> +
> +        ;;
> +esac
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
> new file mode 100644
> index 0000000..0495fbd
> --- /dev/null
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/dhcpd-params.cfg
> @@ -0,0 +1,30 @@
> +# This file holds the guest dhcpd options running on Dom0.
> +# The "/etc/xen/scripts/vif-post.d/00-vif-xenguest.hook" called in the end of
> +# the vif-nat script will use this file to generate the final dhcpd
> +# configuration.
> +
> +# This file is added in the xenguest image and installed in dom0 under
> +# /etc/xenguest/guests/${guestname}/files/dhcpd-params.cfg when the guest
> +# image is created.
> +# Any customizations to it should be performed by replacing it via a bbappend.
> +
> +# The \${hostname}, \${mac}, \${vif_ip} and \${router_ip} variables are set in
> +# the vif-nat script context. The \${subnetprefix} variable is set in the
> +# 00-vif-xenguest.hook script context.
> +
> +# The "subnet" configuration node is mandatory in order to have the dhcpd
> +# properly running.
> +
> +host ${hostname} {
> +    hardware ethernet ${mac};
> +    fixed-address ${vif_ip};
> +    option routers ${router_ip};
> +    option subnet-mask 255.255.255.0;
> +    option broadcast-address ${subnetprefix}.255;
> +    option domain-name-servers 8.8.8.8;
> +    option host-name \"${hostname}\";
> +    option domain-name \"example.com\";
> +}
> +
> +subnet ${subnetprefix}.0 netmask 255.255.255.0 {
> +}
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
> index 2a36096..752f498 100755
> --- a/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/files/network-bridge.sh.in
> @@ -9,7 +9,24 @@ BRIDGE_NAME="###BRIDGE_NAME###"
> # get guest parameters
> . ./params.cfg
> 
> -if [ "${NETWORK_BRIDGE:-}" = "1" ]; then
> -    echo "vif = ['${BRIDGE_NAME}']" >> ${guestname}.cfg
> -fi
> -
> +case "${XENGUEST_NETWORK_TYPE:-}" in
> +    nat)
> +        # Create the symlinks for the files that vif-nat script expects
> +        if [ ! -f /etc/dhcpd.conf ]; then
> +            ln -s dhcp/dhcpd.conf /etc/dhcpd.conf
> +        fi
> +        if [ ! -f /etc/init.d/dhcp3-server ]; then
> +            ln -s dhcp-server /etc/init.d/dhcp3-server
> +        fi
> +        if [ ! -f /etc/default/dhcp3-server ]; then
> +            ln -s dhcp-server /etc/default/dhcp3-server
> +        fi
> +        echo "vif = ['script=vif-nat']" >> ${guestname}.cfg
> +        ;;
> +    bridge)
> +        echo "vif = ['script=vif-bridge,bridge=${BRIDGE_NAME}']" >> ${guestname}.cfg
> +        ;;
> +    *)
> +        echo "${@}: XENGUEST_NETWORK_TYPE=$XENGUEST_NETWORK_TYPE invalid"
> +        ;;
> +esac
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> index fb66566..8516fe8 100644
> --- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-base-image.bb
> @@ -35,7 +35,12 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda
> XENGUEST_IMAGE_SRC_URI_DISK_FILES ??= ""
> 
> # Add xen files
> -XENGUEST_IMAGE_SRC_URI_XEN_FILES ??= ""
> +# Any extrafiles files to be added to XENGUEST_IMAGE_SRC_URI_XEN_FILES should
> +# be performed via XENGUEST_IMAGE_SRC_URI_XEN_FILES_append.
> +# The dhcpd-params.cfg holds the dhcpd configuration for Dom0. And it is used
> +# when XENGUEST_IMAGE_NETWORK_TYPE="nat". Any customizations to it should be
> +# performed by replacing it via a xenguest-network.bbappend.
> +XENGUEST_IMAGE_SRC_URI_XEN_FILES = "file://dhcpd-params.cfg"
> 
> # Add xen configuration elements
> XENGUEST_IMAGE_SRC_URI_XEN_CONFIG ??= ""
> diff --git a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> similarity index 79%
> rename from meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
> rename to meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> index c6c2242..fa4f93f 100644
> --- a/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network-bridge.bb
> +++ b/meta-arm-autonomy/recipes-extended/xenguest/xenguest-network.bb
> @@ -1,5 +1,5 @@
> # Recipe to handle xenguest network configuration
> -DESCRIPTION = "XenGuest Network Bridge"
> +DESCRIPTION = "Xenguest Network"
> 
> LICENSE = "MIT"
> LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
> @@ -20,6 +20,7 @@ SRC_URI = " \
>     file://xenguest-network-bridge.in \
>     file://xenguest-network-bridge-dhcp.cfg.in \
>     file://network-bridge.sh.in \
> +    file://00-vif-xenguest.hook \
>     "
> 
> # Bridge configurator needs to run before S01networking init script
> @@ -49,8 +50,19 @@ do_install() {
>     install -d -m 755 ${D}${sysconfdir}/xenguest/init.pre
>     install -m 755 ${WORKDIR}/network-bridge.sh \
>         ${D}${sysconfdir}/xenguest/init.pre/.
> +
> +    install -d ${D}${sysconfdir}/xen/scripts/vif-post.d
> +    install -m 755 ${WORKDIR}/00-vif-xenguest.hook \
> +        ${D}${sysconfdir}/xen/scripts/vif-post.d/.
> }
> 
> -RDEPENDS_${PN} += "bridge-utils"
> +RDEPENDS_${PN} += "bridge-utils \
> +                   iptables \
> +                   dhcp-server \
> +                   kernel-module-xt-tcpudp \
> +                   kernel-module-xt-physdev \
> +                   kernel-module-xt-comment \
> +                  "
> FILES_${PN} += "${sysconfdir}/network/interfaces.d/xenguest-network-bridge.cfg"
> FILES_${PN} += "${sysconfdir}/xenguest/init.pre/network-bridge.sh"
> +FILES_${PN} += "${sysconfdir}/xen/scripts/vif-post.d/00-vif-xenguest.hook"
> -- 
> 2.7.4
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#926): https://lists.yoctoproject.org/g/meta-arm/message/926
Mute This Topic: https://lists.yoctoproject.org/mt/75888988/3617530
Group Owner: meta-arm+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/meta-arm/unsub  [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-