From patchwork Thu Apr 14 04:37:45 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Amos Jianjun Kong <kongjianjun@gmail.com>
X-Patchwork-Id: 706181
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id p3E4cS6g027864
	for <patchwork-kvm@patchwork.kernel.org>;
	Thu, 14 Apr 2011 04:38:29 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751281Ab1DNEiP (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Thu, 14 Apr 2011 00:38:15 -0400
Received: from mx1.redhat.com ([209.132.183.28]:62934 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751156Ab1DNEiP (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 14 Apr 2011 00:38:15 -0400
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
	(int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p3E4bnQj010255
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Thu, 14 Apr 2011 00:37:49 -0400
Received: from localhost6.localdomain6 (unused-65-224.nay.redhat.com
	[10.66.65.224] (may be forged))
	by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id p3E4bk2b023330; Thu, 14 Apr 2011 00:37:47 -0400
Subject: [PATCH 1/3] kvm tools: Add a script to setup private bridge
To: kvm@vger.kernel.org
From: Amos Kong <kongjianjun@gmail.com>
Cc: penberg@kernel.org, asias.hejun@gmail.com, sirouni@gmail.com
Date: Thu, 14 Apr 2011 12:37:45 +0800
Message-ID: <20110414043745.9279.89159.stgit@localhost6.localdomain6>
User-Agent: StGit/0.15
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]);
	Thu, 14 Apr 2011 04:38:29 +0000 (UTC)

We can use this script to create/delete a private bridge,
and launch a dhcp server on the bridge by dnsmasq,
setup forware rule of iptable, then guest can access public network.

# ./set_private_br.sh vbr0 192.168.33
add new private bridge: vbr0
# brctl show
bridge name     bridge id               STP enabled     interfaces
vbr0            8000.000000000000       yes
# ifconfig vbr0
vbr0      Link encap:Ethernet  HWaddr 82:0f:f5:8f:92:47
          inet addr:192.168.33.1  Bcast:192.168.33.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:1979 (1.9 KB)
# ps aux |grep dnsmasq
nobody .. dnsmasq --strict-order --bind-interfaces --listen-address 192.168.33.1 \
--dhcp-range 192.168.33.1,192.168.33.254

Signed-off-by: Amos Kong <kongjianjun@gmail.com>
---
 tools/kvm/util/set_private_br.sh |   51 ++++++++++++++++++++++++++++++++++++++
 1 files changed, 51 insertions(+), 0 deletions(-)
 create mode 100755 tools/kvm/util/set_private_br.sh


--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/tools/kvm/util/set_private_br.sh b/tools/kvm/util/set_private_br.sh
new file mode 100755
index 0000000..49867dd
--- /dev/null
+++ b/tools/kvm/util/set_private_br.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+#
+# Author: Amos Kong <kongjianjun@gmail.com>
+# Date: Apr 14, 2011
+# Description: this script is used to create/delete a private bridge,
+# launch a dhcp server on the bridge by dnsmasq.
+#
+# @ ./set_private_br.sh $bridge_name $subnet_prefix
+# @ ./set_private_br.sh vbr0 192.168.33
+
+brname='vbr0'
+subnet='192.168.33'
+
+add_br()
+{
+    echo "add new private bridge: $brname"
+    /usr/sbin/brctl addbr $brname
+    echo 1 > /proc/sys/net/ipv6/conf/$brname/disable_ipv6
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    /usr/sbin/brctl stp $brname on
+    /usr/sbin/brctl setfd $brname 0
+    ifconfig $brname $subnet.1
+    ifconfig $brname up
+    # Add forward rule, then guest can access public network
+    iptables -t nat -A POSTROUTING -s $subnet.254/24 ! -d $subnet.254/24 -j MASQUERADE
+    /etc/init.d/dnsmasq stop
+    /etc/init.d/tftpd-hpa stop 2>/dev/null
+    dnsmasq --strict-order --bind-interfaces --listen-address $subnet.1 --dhcp-range $subnet.1,$subnet.254 $tftp_cmd
+}
+
+del_br()
+{
+    echo "cleanup bridge setup"
+    kill -9 `pgrep dnsmasq|tail -1`
+    ifconfig $brname down
+    /usr/sbin/brctl delbr $brname
+    iptables -t nat -D POSTROUTING -s $subnet.254/24 ! -d $subnet.254/24 -j MASQUERADE
+}
+
+
+if [ $# = 0 ]; then
+    del_br 2>/dev/null
+    exit
+fi
+if [ $# > 1 ]; then
+    brname="$1"
+fi
+if [ $# = 2 ]; then
+    subnet="$2"
+fi
+add_br