1 Modern Linux network virtualizing 2

- 2006

.

Linux : . 2.

SUSE Linux .

[1] . . . , (. [1]):

1. ;2. ;3. ;4. .

, , , , , . , . , .

, Linux.

.

, [1]:

1. udev;2. , ;3. ;4. .

. . 1 udev. , /etc/udev/rules.d/30-net_persistent_names.rules. , hweth*. , , eth3, :

# grep eth3 /etc/udev/rules.d/30-net_persistent_names.rulesSUBSYSTEM=="net", ACTION=="add", -- ---SYSFS{address}=="00:14:85:21:1b:2f", IMPORT="/sbin/rename_netiface %k hweth3"

2 Modern Linux network virtualizing 2

udev [2] , , , udev. , 00:14:85:21:1b:2f . , , , hweth3 ( hardware ethernet). , , rename_netiface . , . , . !

1. .

, , , , , 0.0.0.0, . YaST- , , , (. 1). :

# cat /etc/sysconfig/network/ifcfg-eth-id-00:14:85:21:1b:2fBOOTPROTO='static'

3 Modern Linux network virtualizing 2

BROADCAST=''IPADDR='0.0.0.0'MTU=''NAME='Giga-byte CK804 Ethernet Controller'NETMASK='255.255.255.0'NETWORK=''REMOTE_IPADDR=''STARTMODE='auto'UNIQUE='DkES.QUKldky+OPE'USERCONTROL='no'_nm_name='bus-pci-0000:00:0a.0'PREFIXLEN=''

YaST. . , , NAME , , , . , ifcfg-eth-id-MAC.

. /etc/init.d/network .

. . brctl addbr eth*. , eth. , . , . eth , , , , . , . /etc/sysconfig/network , ifcfg-eth*, eth* , . , eth2, , :

# cat /etc/sysconfig/network/ifcfg-eth2BOOTPROTO='static'UNIQUE='alZb.Tm92cpV9oKE'IPADDR='213.xx.xx.xxx'NETMASK='255.255.255.248'BROADCAST='213.xx.xx.xxx'NETWORK='213.xx.xx.xxx'MTU=''NAME='Virtual device eth2 VDSL'STARTMODE='auto'REMOTE_IPADDR=''USERCONTROL='no'

4 Modern Linux network virtualizing 2

PREFIXLEN=''POST_UP_SCRIPT='/etc/fw/fw-on-internet'POST_DOWN_SCRIPT='/etc/fw/fw-off-internet'

man ifup. VDSL-. , . , . , YaST (. 2).

2. .

2 . 0, eth0, ifcfg-eth0.

, , 3, /etc/init.d/network, . , , .

5 Modern Linux network virtualizing 2

, , , /etc/init.d/network, , , , . 3, .

, , . .

.

, , , . :

1. , ;2. , ;3. .

3 /etc/init.d/network. /etc/init.d/boot.udev , udev , eth*. . , , , /etc/init.d/boot.local. , 3. .

(1, 3) boot.local, , . udev. fw-init :

#!/bin/shiptables -Fiptables -t nat -Fiptables -t mangle -Fiptables -Xiptables -t nat -Xiptables -t mangle -Xiptables -P INPUT DROPiptables -P OUTPUT DROPiptables -P FORWARD DROP

, lo fw-main:

#!/bin/sh

IPT=$(which iptables)LIST1=("-A OUTPUT" "-A INPUT" "-A FORWARD" "-t nat -A POSTROUTING")LIST2=("-o" "-i" "-i" "-o")LIST3=("OUTPUT" "INPUT" "FORWARD" "POSTROUTING")

6 Modern Linux network virtualizing 2

SIZE=4IF=lo

I=0while [ "$I" -lt "$SIZE" ] ; do J=${LIST1[$I]} K=${LIST2[$I]} L=${LIST3[$I]} $IPT $J $K $IF -j ACCEPT $IPT $J -j LOG --log-prefix "main $L DROP " --log-level notice $IPT $J -j DROP I=$((I+1))done$IPT -P INPUT ACCEPT$IPT -P OUTPUT ACCEPT$IPT -P FORWARD ACCEPT

3. .

7 Modern Linux network virtualizing 2

lo, , . DROP . , , , . , . , . , fw-init iptables .

fixudev, udev, , :

#!/bin/shN=/etc/udev/rules.d/30-net_persistent_names.rulesT=/tmp/30-net_persistent_names.rules.$$cat $N | grep -v "k eth" >$Tmv $T $N

, , , YaST, - .

2 ( 3) boot.udev, boot.local, udev.

, 3 ( 3), . bridgeprep. , , [3]. SUSE /etc/init.d/skeleton. - . -, , LSB:

### BEGIN INIT INFO # Provides: bridgeprep # Required-Start: boot.udev # Required-Stop: boot.udev # Default-Start: 2 3 5 # Default-Stop: # Short-Description: Ethernet bridge # Description: Start Bridge to allow configure Bridge device ### END INIT INFO

- bridgeprep, , boot.udev, . chkconfig bridgeprep on, 2,3,5 boot.udev, - boot.udev.

-, :

8 Modern Linux network virtualizing 2

# Check for missing binaries (stale symlinks should not happen) BRIDGE_BIN=/sbin/brctl test -x $BRIDGE_BIN || ( echo "not found $BRIDGE_BIN" ; exit 5 ) # Check for existence of needed config file and read it BRIDGE_CONFIG=/etc/sysconfig/bridge test -r $BRIDGE_CONFIG || ( echo "not found $BRIDGE_CONFIG" ; exit 6 ) . $BRIDGE_CONFIG

brctl . , /etc/sysconfig c bridge, , bash. , , YaST. /etc/sysconfig/bridge , .

, -, SUSE :

# Shell functions sourced from /etc/rc.status: . /etc/rc.status # Reset status of this service rc_reset

, SUSE.

, , . case. . , :

case "$1" in start)

echo "Starting bridge " for i in ${BRIDGE_LIST} ; do $BRIDGE_BIN addbr $i

P="BRIDGE_FD_$i" ; P=${!P} ; [ "1$P" != "1" ] && $BRIDGE_BIN setfd $i $P P="BRIDGE_HELLO_$i" ; P=${!P} [ "1$P" != "1" ] && $BRIDGE_BIN sethello $i $P P="BRIDGE_STP_$i" ; P=${!P} ; [ "1$P" != "1" ] && $BRIDGE_BIN stp $i $P

done $BRIDGE_BIN show echo -n

# Remember status and be verbose rc_status -v ;;

, bash, , [4]. . BRIDGE_LIST , , , :

BRIDGE_LIST="eth0 eth1 eth2 eth3"

9 Modern Linux network virtualizing 2

$i brctl addbr $i. BRIDGE__, , :

BRIDGE_FD_eth0=0 BRIDGE_HELLO_eth0=0 BRIDGE_STP_eth0=off

/etc/sysconfig/bridge, . , FD, HELLO STP, 0,0 off, .

, . SUSE :

# cp bridgeprep /etc/init.d# ln s /etc/init.d/bridgeprep /sbin/rcbridgeprep# chkconfig bridgeprep on

, , , network, 3 4. , network bridgeprep. LSB:

# Required-Start: $local_fs bridgeprep

, network bridgeprep. , network chkconfig network off ; chkconfig network on, 3.

network , network , ... . bridgeup ( 5, 3). , , bridgeprep. :

# Required-Start: random bridgeprep network

, , . , . , , :

for i in ${BRIDGE_LIST} ; do eval j=\$BRIDGE_DEVS_$i

10 Modern Linux network virtualizing 2

if [ "1$j" != "1" ] ; then # static device list for k in $j ; do [ "1$k" != "1" ] && {

$BRIDGE_BIN addif $i $k BRIDGE_POOL=`remove_dev $k` }

done else

...

- , /etc/sysconfig/bridge :

BRIDGE_DEVS_eth0="hweth0 hweth2"

hweth0 hweth2 brctl addif eth0. , .

. , , network. -, [1].

, . , boot.local lo. 1 5 3 . , 0.0.0.0, . network, , ifup. , , :

POST_UP_SCRIPT='/etc/fw/fw-on-internet'POST_DOWN_SCRIPT='/etc/fw/fw-off-internet'

. , lo:

1. iptables. inputeth0 INPUT eth0.2. , DROP.3. .

, , DROP, .. , .

11 Modern Linux network virtualizing 2

( 3), network bridgeup, . , , , network bridgeup, , , network bridgeup. , , .

.

[1]. , . , bridgeup . . , , . .

4. .

12 Modern Linux network virtualizing 2

4. , , hweth0-4. ( ) (LOCALNET), ISP, ADSL, (MAN ISP), DHCP. ( ). - (LOCALNET). - (CLUSTERNET). - ADSL (ADSL ISP). (MAN ISP).

, , , , , , , . , , ?

bridgeup ( 3). ( 4). - , , ?

, , tcpdump . tcpdump -ln -i hweth0, , , hweth0. , grep . , , , STP, , tcpdump 802.1d config. check-tcpdump [3]. , , bridgeup , , else, :

eval j=\$BRIDGE_TCPDUMP_$i if [ "1$j" != "1" ] ; then # check tcpdump

L="" for k in ${BRIDGE_POOL} ; do n=`${BRIDGE_CHK_TCPDUMP} $k "$j" | grep BINGO` [ "1$n" != "1" ] && { $BRIDGE_BIN addif $i $k L="$L $k" } done for k in $L ; do BRIDGE_POOL=`remove_dev $k` done

else

, :

13 Modern Linux network virtualizing 2

BRIDGE_TCPDUMP_eth0="802.1d config"

, , (BRIDGE_POOL) tcpdump check-tcpdump . , , , . , , MAN , . 802.1d config 8000.00:11:d8:cb:df:99.8001, MAC . - , - , , .

, , - . icmp. , , icmp . - . - arp-. , . nemesis [5]. [6] . Arp- , , , . 1, 2. , , ARP . nemesis :

nemesis arp -d -S 1 -D 2

nemesis tcpdump . tcpdump. , arp reply 2 is-as. check-arp [3].

, . , eth2 ADSL 10.0.0.2 ( 4, ), :

BRIDGE_ARP_eth2="10.0.0.1 10.0.0.2"

bridgeup, else, , BRIDGE_ARP_ BRIDGE_POOL :

eval j=\$BRIDGE_ARP_$i if [ "1$j" != "1" ] ; then

14 Modern Linux network virtualizing 2

# check arp L="" for k in ${BRIDGE_POOL} ; do n=`${BRIDGE_CHK_ARP} $k $j | grep BINGO` [ "1$n" != "1" ] && { $BRIDGE_BIN addif $i $k L="$L $k" } done for k in $L ; do BRIDGE_POOL=`remove_dev $k` done

fi fi fi

if, , .

. , 4, ( ):

# rcbridgeup status Checking for service bridge running bridge name bridge id STP enabled interfaces eth0 8000.000479661b70 no hweth1 eth1 8000.000000000000 no eth2 8000.001022ff43d7 no hweth0 eth3 8000.00xxxxxxxxxx no hweth3 eth0 Link encap:Ethernet HWaddr 00:04:79:66:1B:70 inet addr:192.168.0.9 Bcast:192.168.0.255 Mask:255.255.255.0 ... eth1 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.254.1 Bcast:192.168.254.255 Mask:255.255.255.0 ... eth2 Link encap:Ethernet HWaddr 00:10:22:FF:43:D7 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 ... eth3 Link encap:Ethernet HWaddr 00:XX:XX:XX:XX:XX inet addr:172.16.YY.YY Bcast:172.16.255.255 Mask:255.255.0.0 ...

eth3 DHCP ( , MAC , MAN). . , bridgeup , . , .

# rcbridgeup stopDisassemble bridgiesbridge name bridge id STP enabled interfaces eth0 8000.000000000000 no eth1 8000.000000000000 no eth2 8000.000000000000 no eth3 8000.000000000000 no done# rcbridgeup start

15 Modern Linux network virtualizing 2

Assemble bridgies eth0 eth1 eth2 eth3 Hardware pool hweth0 hweth1 hweth2 hweth3 bridge name bridge id STP enabled interfaces eth0 8000.00xxxxxxxxxx no hweth3 eth1 8000.000000000000 no eth2 8000.0011d8956c2e no hweth2 eth3 8000.000000000000 no Free NICs hweth0 hweth1 done#

, MAN, MAC, hweth3 . . , .

, bridgeup, :

# rcbridgeup stop ...# rcbridgeup start Assemble bridgies eth0 eth1 eth2 eth3 Hardware pool hweth0 hweth1 hweth2 hweth3 bridge name bridge id STP enabled interfaces eth0 8000.000479661b70 no hweth1 eth1 8000.000000000000 no eth2 8000.001022ff43d7 no hweth0 eth3 8000.00xxxxxxxxxx no hweth3 Free NICs hweth2 done#

.

- . . , . , , , , , , . . , , , . , .

. , , . , . , . , Linux . , .

16 Modern Linux network virtualizing 2

, .

:

1. . Linux-: . , 6(43) 2006.

2. Daniel Drake. Writing udev rules.http://www.reactivated.net/writing_udev_rules.html

3. .http://www.barabanov.ru/arts/modernserver/netsrc.tgz

4.Advanced Bash-Scripting Guide. 2.5 (15 2004) : Mendel Cooper (thegrendel at theriver dot com) : (kis_an at mail dot ru)http://gazette.linux.ru.net/rus/articles/abs-guide/index.html

5. Nemesis packet injection utility.http://www.packetfactory.net/projects/nemesis/

6. nemesis SUSE.http://www.barabanov.ru/arts/modernserver/nemesis-1.4beta3-1ab.i586.rpm