From 9f9eefb14e6d33260a71e6221543eac66f706f76 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 21:01:52 +0200 Subject: [PATCH 01/62] Comments --- run/disk.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run/disk.sh b/run/disk.sh index 26c1fea..4eb4e27 100644 --- a/run/disk.sh +++ b/run/disk.sh @@ -3,9 +3,9 @@ set -eu # Docker environment variabeles -: ${DISK_IO:='native'} # I/O Mode -: ${DISK_ROTATION:='1'} # Rotation rate -: ${DISK_CACHE:='none'} # Caching mode +: ${DISK_IO:='native'} # I/O Mode, can be set to 'native', 'threads' or 'io_turing' +: ${DISK_ROTATION:='1'} # Rotation rate, set to 1 for SSD storage and increase for HDD +: ${DISK_CACHE:='none'} # Caching mode, can be set to 'writeback' for better performance BOOT="$STORAGE/$BASE.boot.img" SYSTEM="$STORAGE/$BASE.system.img" From 51b106b7e8729de02d76973a7e550c259b4b508c Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 21:03:58 +0200 Subject: [PATCH 02/62] Formatting --- run/install.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/run/install.sh b/run/install.sh index 7cb6354..5a05ffd 100644 --- a/run/install.sh +++ b/run/install.sh @@ -103,7 +103,7 @@ BOOT=$(find $TMP -name "*.bin.zip") BOOT=$(echo "$BOOT" | head -c -5) unzip -q -o "$BOOT".zip -d $TMP - [ "$ALLOCATE" != "Z" ] && echo "Install: Allocating diskspace..." +[ "$ALLOCATE" != "Z" ] && echo "Install: Allocating diskspace..." SYSTEM="$TMP/sys.img" SYSTEM_SIZE=4954537983 @@ -121,10 +121,8 @@ if ! fallocate -l "${SYSTEM_SIZE}" "${SYSTEM}"; then fi if [ "$ALLOCATE" = "Z" ]; then - echo "Install: Preallocating 4 GB of diskspace..." dd if=/dev/urandom of="${SYSTEM}" count="${SYSTEM_SIZE}" bs=1M iflag=count_bytes status=none - fi # Check if file exists From 7014b0fd06a7bd1973a0c0ff913fc3ffdc251903 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 21:50:35 +0200 Subject: [PATCH 03/62] Macvlan --- run/network.sh | 118 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 78 insertions(+), 40 deletions(-) diff --git a/run/network.sh b/run/network.sh index dad2de8..2720512 100644 --- a/run/network.sh +++ b/run/network.sh @@ -3,22 +3,61 @@ set -eu # Docker environment variabeles -: ${VM_NET_TAP:=''} -: ${VM_NET_IP:='20.20.20.21'} : ${VM_NET_HOST:='VirtualDSM'} : ${VM_NET_MAC:='02:11:32:AA:BB:CC'} : ${DNS_SERVERS:=''} -: ${DNSMASQ:='/usr/sbin/dnsmasq'} : ${DNSMASQ_OPTS:=''} +: ${DNSMASQ:='/usr/sbin/dnsmasq'} : ${DNSMASQ_CONF_DIR:='/etc/dnsmasq.d'} # ###################################### # Functions # ###################################### -# Setup macvtap device to connect later the VM and setup a new macvlan device to connect the host machine to the network -configureNatNetworks () { +configureMacVlan () { + + VM_NET_TAP="_VmMacvtap" + echo "... to retrieve IP via DHCP through Macvtap (${VM_NET_TAP}) and MAC: ${VM_NET_MAC}" + + ip l add link eth0 name ${VM_NET_TAP} address ${VM_NET_MAC} type macvtap mode bridge || true + ip l set ${VM_NET_TAP} up + + ip a flush eth0 + ip a flush ${VM_NET_TAP} + + _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) + [[ "${_DhcpIP}" == [0-9.]* ]] \ + && echo "... Retrieve IP: ${_DhcpIP} from DHCP with MAC: ${VM_NET_MAC}" \ + || ( echo "... Cannot retrieve IP from DHCP with MAC: ${VM_NET_MAC}" && exit 16 ) + + ip a flush ${VM_NET_TAP} + + _tmpTapPath="/dev/tap$( /var/lib/misc/dnsmasq.leases chmod 644 /var/lib/misc/dnsmasq.leases + + NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0" + + # Build DNS options from container /etc/resolv.conf + nameservers=($(grep '^nameserver' /etc/resolv.conf | sed 's/nameserver //')) + searchdomains=$(grep '^search' /etc/resolv.conf | sed 's/search //' | sed 's/ /,/g') + domainname=$(echo $searchdomains | awk -F"," '{print $1}') + + for nameserver in "${nameservers[@]}"; do + if ! [[ $nameserver =~ .*:.* ]]; then + [[ -z $DNS_SERVERS ]] && DNS_SERVERS=$nameserver || DNS_SERVERS="$DNS_SERVERS,$nameserver" + fi + done + + [[ -z $DNS_SERVERS ]] && DNS_SERVERS="1.1.1.1" + + DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:dns-server,$DNS_SERVERS --dhcp-option=option:router,${VM_NET_IP%.*}.1" + + if [ -n "$searchdomains" -a "$searchdomains" != "." ]; then + DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-search,$searchdomains --dhcp-option=option:domain-name,$domainname" + else + [[ -z $(hostname -d) ]] || DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-name,$(hostname -d)" + fi + + [ "$DEBUG" = "Y" ] && echo && echo "$DNSMASQ $DNSMASQ_OPTS" + + $DNSMASQ $DNSMASQ_OPTS + + NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" } # ###################################### @@ -59,46 +127,16 @@ fi [ ! -c /dev/net/tun ] && echo "Error: TUN network interface not available..." && exit 85 if [ "$DEBUG" = "Y" ]; then - ifconfig - ip link - ip route + echo && ifconfig + echo && ip link + echo && ip route fi update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null -VM_NET_TAP="_VmNatTap" -configureNatNetworks -NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0" - -# Build DNS options from container /etc/resolv.conf -nameservers=($(grep '^nameserver' /etc/resolv.conf | sed 's/nameserver //')) -searchdomains=$(grep '^search' /etc/resolv.conf | sed 's/search //' | sed 's/ /,/g') -domainname=$(echo $searchdomains | awk -F"," '{print $1}') - -for nameserver in "${nameservers[@]}"; do - if ! [[ $nameserver =~ .*:.* ]]; then - [[ -z $DNS_SERVERS ]] && DNS_SERVERS=$nameserver || DNS_SERVERS="$DNS_SERVERS,$nameserver" - fi -done - -[[ -z $DNS_SERVERS ]] && DNS_SERVERS="1.1.1.1" - -DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:dns-server,$DNS_SERVERS --dhcp-option=option:router,${VM_NET_IP%.*}.1" - -if [ -n "$searchdomains" -a "$searchdomains" != "." ]; then - DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-search,$searchdomains --dhcp-option=option:domain-name,$domainname" -else - [[ -z $(hostname -d) ]] || DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-name,$(hostname -d)" -fi - -if [ "$DEBUG" = "Y" ]; then - echo "$DNSMASQ $DNSMASQ_OPTS" -fi - -$DNSMASQ $DNSMASQ_OPTS - -NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" +#configureNatNetwork +configureMacVlan # Hack for guest VMs complaining about "bad udp checksums in 5 packets" iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill From 0c829b05efb3ae52ed5029291e34758415d93ad6 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 21:53:23 +0200 Subject: [PATCH 04/62] Remove link --- run/network.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 2720512..85b25b6 100644 --- a/run/network.sh +++ b/run/network.sh @@ -128,7 +128,6 @@ fi if [ "$DEBUG" = "Y" ]; then echo && ifconfig - echo && ip link echo && ip route fi From 6313e86ef016b151c62af7500ca48b96c4bbb50c Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 21:55:01 +0200 Subject: [PATCH 05/62] Messages --- run/network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run/network.sh b/run/network.sh index 85b25b6..44cf7d1 100644 --- a/run/network.sh +++ b/run/network.sh @@ -18,7 +18,7 @@ set -eu configureMacVlan () { VM_NET_TAP="_VmMacvtap" - echo "... to retrieve IP via DHCP through Macvtap (${VM_NET_TAP}) and MAC: ${VM_NET_MAC}" + echo "Retrieving IP via DHCP using MAC: ${VM_NET_MAC}..." ip l add link eth0 name ${VM_NET_TAP} address ${VM_NET_MAC} type macvtap mode bridge || true ip l set ${VM_NET_TAP} up @@ -29,7 +29,7 @@ configureMacVlan () { _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ && echo "... Retrieve IP: ${_DhcpIP} from DHCP with MAC: ${VM_NET_MAC}" \ - || ( echo "... Cannot retrieve IP from DHCP with MAC: ${VM_NET_MAC}" && exit 16 ) + || ( echo "ERROR: Cannot retrieve IP from DHCP with MAC: ${VM_NET_MAC}" && exit 16 ) ip a flush ${VM_NET_TAP} From e6a10dc314bd734c9f3606e30516941b5fe667e2 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:10:26 +0200 Subject: [PATCH 06/62] Macvlan --- run/network.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/run/network.sh b/run/network.sh index 44cf7d1..92287a5 100644 --- a/run/network.sh +++ b/run/network.sh @@ -18,17 +18,17 @@ set -eu configureMacVlan () { VM_NET_TAP="_VmMacvtap" - echo "Retrieving IP via DHCP using MAC: ${VM_NET_MAC}..." + echo "Info: Retrieving IP via DHCP using MAC: ${VM_NET_MAC}..." ip l add link eth0 name ${VM_NET_TAP} address ${VM_NET_MAC} type macvtap mode bridge || true ip l set ${VM_NET_TAP} up ip a flush eth0 ip a flush ${VM_NET_TAP} - + dhclient -v ${VM_NET_TAP} _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ - && echo "... Retrieve IP: ${_DhcpIP} from DHCP with MAC: ${VM_NET_MAC}" \ + && echo "Info: Retrieved IP: ${_DhcpIP} from DHCP with MAC: ${VM_NET_MAC}" \ || ( echo "ERROR: Cannot retrieve IP from DHCP with MAC: ${VM_NET_MAC}" && exit 16 ) ip a flush ${VM_NET_TAP} @@ -128,7 +128,7 @@ fi if [ "$DEBUG" = "Y" ]; then echo && ifconfig - echo && ip route + echo && ip route && echo fi update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null From 1ac687fec7e476c15c016f8e2ccfd67acadee54f Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:11:39 +0200 Subject: [PATCH 07/62] Blaat --- run/network.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 92287a5..2a9f378 100644 --- a/run/network.sh +++ b/run/network.sh @@ -18,13 +18,14 @@ set -eu configureMacVlan () { VM_NET_TAP="_VmMacvtap" - echo "Info: Retrieving IP via DHCP using MAC: ${VM_NET_MAC}..." + echo "Info: Retrieving IP via DHCP using MAC ${VM_NET_MAC}..." ip l add link eth0 name ${VM_NET_TAP} address ${VM_NET_MAC} type macvtap mode bridge || true ip l set ${VM_NET_TAP} up ip a flush eth0 ip a flush ${VM_NET_TAP} + dhclient -v ${VM_NET_TAP} _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ From ec1f13cc336106e497575b5000cd5c5d37023a6b Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:19:08 +0200 Subject: [PATCH 08/62] Display IP / Gateway --- run/network.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/run/network.sh b/run/network.sh index 2a9f378..86fdf26 100644 --- a/run/network.sh +++ b/run/network.sh @@ -128,8 +128,14 @@ fi [ ! -c /dev/net/tun ] && echo "Error: TUN network interface not available..." && exit 85 if [ "$DEBUG" = "Y" ]; then + + GATEWAY=$(ip r | grep default | awk '{print $3}') + IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) + echo && ifconfig echo && ip route && echo + echo "IP: ${IP} GATEWAY: ${GATEWAY}" && echo + fi update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null From 81ed762dc5e984f50f90c24f360518a17cf5469b Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:22:25 +0200 Subject: [PATCH 09/62] udhcpc --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 7ec80c4..73482d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ RUN apt-get update && apt-get -y upgrade && \ fdisk \ unzip \ procps \ + udhcpc \ dnsmasq \ iptables \ iproute2 \ From 96d6caafb14bc0fd33443a15f605d9d8eb502dc6 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:23:31 +0200 Subject: [PATCH 10/62] udhcpc --- run/network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run/network.sh b/run/network.sh index 86fdf26..95a6a16 100644 --- a/run/network.sh +++ b/run/network.sh @@ -26,8 +26,8 @@ configureMacVlan () { ip a flush eth0 ip a flush ${VM_NET_TAP} - dhclient -v ${VM_NET_TAP} - _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) + udhcpc -v ${VM_NET_TAP} + _DhcpIP=$( udhcpc -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ && echo "Info: Retrieved IP: ${_DhcpIP} from DHCP with MAC: ${VM_NET_MAC}" \ || ( echo "ERROR: Cannot retrieve IP from DHCP with MAC: ${VM_NET_MAC}" && exit 16 ) From f0767937867b1ec0dbacf7160c6e8737f7494524 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:34:38 +0200 Subject: [PATCH 11/62] dhclient --- run/network.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/run/network.sh b/run/network.sh index 95a6a16..dd992b5 100644 --- a/run/network.sh +++ b/run/network.sh @@ -19,32 +19,32 @@ configureMacVlan () { VM_NET_TAP="_VmMacvtap" echo "Info: Retrieving IP via DHCP using MAC ${VM_NET_MAC}..." - + ip l add link eth0 name ${VM_NET_TAP} address ${VM_NET_MAC} type macvtap mode bridge || true ip l set ${VM_NET_TAP} up - + ip a flush eth0 ip a flush ${VM_NET_TAP} - udhcpc -v ${VM_NET_TAP} - _DhcpIP=$( udhcpc -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) + dhclient -v ${VM_NET_TAP} + _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ && echo "Info: Retrieved IP: ${_DhcpIP} from DHCP with MAC: ${VM_NET_MAC}" \ || ( echo "ERROR: Cannot retrieve IP from DHCP with MAC: ${VM_NET_MAC}" && exit 16 ) ip a flush ${VM_NET_TAP} - + _tmpTapPath="/dev/tap$( Date: Wed, 19 Apr 2023 22:37:07 +0200 Subject: [PATCH 12/62] isc-dhcp-client --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 73482d8..d87e65d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,16 +17,16 @@ RUN apt-get update && apt-get -y upgrade && \ fdisk \ unzip \ procps \ - udhcpc \ - dnsmasq \ + xz-utils \ iptables \ iproute2 \ - xz-utils \ + dnsmasq \ net-tools \ btrfs-progs \ bridge-utils \ - netcat-openbsd \ ca-certificates \ + isc-dhcp-client \ + netcat-openbsd \ qemu-system-x86 \ && apt-get clean From e4e8147e12e2ebc89cf214815ea7afd897b26f3b Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:47:27 +0200 Subject: [PATCH 13/62] Macvlan --- readme.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index ab2c3ad..ab51a05 100644 --- a/readme.md +++ b/readme.md @@ -128,10 +128,20 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti --ip-range=192.168.0.100/28 \ -o parent=eth0 vdsm ``` - Modify these values to match your local subnet. And change the docker network of the container from `bridged` to `vdsm` in your run command or compose file: + Modify these values to match your local subnet. And change the docker network of the container from `bridged` to `vdsm` in your compose file: ``` - --network vdsm --ip=192.168.0.100 + networks: + vdsm: + ipv4_address: 192.168.0.100 + ``` + + And add the following to the very bottom of your compose file: + + ``` + networks: + vlan: + external: true ``` This also has the advantage that you don't need to do any portmapping anymore, because all ports will be fully exposed this way. From 21c037c3279d1e007844482727ac4488df98781a Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:49:45 +0200 Subject: [PATCH 14/62] Macvlan --- readme.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/readme.md b/readme.md index ab51a05..e991aad 100644 --- a/readme.md +++ b/readme.md @@ -128,7 +128,9 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti --ip-range=192.168.0.100/28 \ -o parent=eth0 vdsm ``` - Modify these values to match your local subnet. And change the docker network of the container from `bridged` to `vdsm` in your compose file: + Modify these values to match your local subnet. + + Next change the containers network in your compose file: ``` networks: @@ -136,11 +138,11 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ipv4_address: 192.168.0.100 ``` - And add the following to the very bottom of your compose file: + And add the same network to the very bottom of your compose file: ``` networks: - vlan: + vdsm: external: true ``` From c116b1b372781a9e5531a9c627db71b7739c747f Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:51:24 +0200 Subject: [PATCH 15/62] Macvlan --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index e991aad..41e582e 100644 --- a/readme.md +++ b/readme.md @@ -130,7 +130,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ``` Modify these values to match your local subnet. - Next change the containers network in your compose file: + Next change the containers configuration in your compose file: ``` networks: @@ -138,7 +138,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ipv4_address: 192.168.0.100 ``` - And add the same network to the very bottom of your compose file: + And add the network to the very bottom of your compose file: ``` networks: From 4befd3a62115f1f872cc23c198a3ba865e1f4c3b Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:58:17 +0200 Subject: [PATCH 16/62] Auto detect macvlan --- run/network.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/run/network.sh b/run/network.sh index dd992b5..06d7012 100644 --- a/run/network.sh +++ b/run/network.sh @@ -129,20 +129,26 @@ fi if [ "$DEBUG" = "Y" ]; then - GATEWAY=$(ip r | grep default | awk '{print $3}') IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) echo && ifconfig echo && ip route && echo - echo "IP: ${IP} GATEWAY: ${GATEWAY}" && echo + echo "Container IP: ${IP}" && echo fi update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null -#configureNatNetwork -configureMacVlan +GATEWAY=$(ip r | grep default | awk '{print $3}') + +if [[ "$GATEWAY" == "172."* ]]; then + # Configuration for bridge network + configureNatNetwork +else + # Configuration for macvlan network + configureMacVlan +fi # Hack for guest VMs complaining about "bad udp checksums in 5 packets" iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill From 8e4055a22cfb1796041348a7d8d567de1838fb7f Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 22:59:17 +0200 Subject: [PATCH 17/62] Macvlan --- run/network.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index 06d7012..80a0fb3 100644 --- a/run/network.sh +++ b/run/network.sh @@ -26,11 +26,10 @@ configureMacVlan () { ip a flush eth0 ip a flush ${VM_NET_TAP} - dhclient -v ${VM_NET_TAP} _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ - && echo "Info: Retrieved IP: ${_DhcpIP} from DHCP with MAC: ${VM_NET_MAC}" \ - || ( echo "ERROR: Cannot retrieve IP from DHCP with MAC: ${VM_NET_MAC}" && exit 16 ) + && echo "Info: Retrieved IP ${_DhcpIP} from DHCP with MAC ${VM_NET_MAC}" \ + || ( echo "ERROR: Cannot retrieve IP from DHCP with MAC ${VM_NET_MAC}" && exit 16 ) ip a flush ${VM_NET_TAP} From a4b635b626f34ad70fd00786368694f8b10ec3f9 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 23:07:38 +0200 Subject: [PATCH 18/62] Macvlan --- run/network.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index 80a0fb3..b63a848 100644 --- a/run/network.sh +++ b/run/network.sh @@ -34,13 +34,13 @@ configureMacVlan () { ip a flush ${VM_NET_TAP} _tmpTapPath="/dev/tap$( Date: Wed, 19 Apr 2023 23:11:23 +0200 Subject: [PATCH 19/62] Macvlan --- run/network.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index b63a848..45358d8 100644 --- a/run/network.sh +++ b/run/network.sh @@ -28,8 +28,8 @@ configureMacVlan () { _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ - && echo "Info: Retrieved IP ${_DhcpIP} from DHCP with MAC ${VM_NET_MAC}" \ - || ( echo "ERROR: Cannot retrieve IP from DHCP with MAC ${VM_NET_MAC}" && exit 16 ) + && echo "Info: Retrieved IP ${_DhcpIP} from DHCP using MAC ${VM_NET_MAC}" \ + || ( echo "ERROR: Cannot retrieve IP from DHCP using MAC ${VM_NET_MAC}" && exit 16 ) ip a flush ${VM_NET_TAP} @@ -39,7 +39,7 @@ configureMacVlan () { eval "$( Date: Wed, 19 Apr 2023 23:35:59 +0200 Subject: [PATCH 20/62] NET_OPTS --- run/network.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/run/network.sh b/run/network.sh index 45358d8..cba104e 100644 --- a/run/network.sh +++ b/run/network.sh @@ -39,16 +39,15 @@ configureMacVlan () { eval "$( Date: Wed, 19 Apr 2023 23:38:12 +0200 Subject: [PATCH 21/62] Macvlan --- run/network.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index cba104e..706dd40 100644 --- a/run/network.sh +++ b/run/network.sh @@ -45,7 +45,7 @@ configureMacVlan () { [[ ! -e ${_tmpTapPath} ]] && [[ -e /dev0/${_tmpTapPath##*/} ]] && ln -s /dev0/${_tmpTapPath##*/} ${_tmpTapPath} if [[ ! -e ${_tmpTapPath} ]]; then - if [[ ! mknod ${_tmpTapPath} c $MAJOR $MINOR ]]; then + if [ ! mknod ${_tmpTapPath} c $MAJOR $MINOR ]; then echo "ERROR: Cannot mknod: ${_tmpTapPath}" && exit 20 fi fi From 3dd31587d4f665b2651c972936e36f4b26da5550 Mon Sep 17 00:00:00 2001 From: Kroese Date: Wed, 19 Apr 2023 23:46:24 +0200 Subject: [PATCH 22/62] Macvlan --- run/network.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index 706dd40..f2e563b 100644 --- a/run/network.sh +++ b/run/network.sh @@ -45,9 +45,7 @@ configureMacVlan () { [[ ! -e ${_tmpTapPath} ]] && [[ -e /dev0/${_tmpTapPath##*/} ]] && ln -s /dev0/${_tmpTapPath##*/} ${_tmpTapPath} if [[ ! -e ${_tmpTapPath} ]]; then - if [ ! mknod ${_tmpTapPath} c $MAJOR $MINOR ]; then - echo "ERROR: Cannot mknod: ${_tmpTapPath}" && exit 20 - fi + mknod ${_tmpTapPath} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${_tmpTapPath}" && exit 20) fi NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30 30<>${_tmpTapPath} 40<>/dev/vhost-net" From 298ec4c90b2bc26e881ffc9f1c3e01ffb2976f42 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:09:26 +0200 Subject: [PATCH 23/62] macvlan --- run/network.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/run/network.sh b/run/network.sh index f2e563b..b9e7a22 100644 --- a/run/network.sh +++ b/run/network.sh @@ -35,6 +35,7 @@ configureMacVlan () { _tmpTapPath="/dev/tap$( /var/lib/misc/dnsmasq.leases chmod 644 /var/lib/misc/dnsmasq.leases - NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0" + NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0 ${NET_OPTS}" # Build DNS options from container /etc/resolv.conf nameservers=($(grep '^nameserver' /etc/resolv.conf | sed 's/nameserver //')) @@ -135,6 +136,7 @@ update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null GATEWAY=$(ip r | grep default | awk '{print $3}') +NET_OPTS="-device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" if [[ "$GATEWAY" == "172."* ]]; then # Configuration for bridge network @@ -144,7 +146,5 @@ else configureMacVlan fi -NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" - # Hack for guest VMs complaining about "bad udp checksums in 5 packets" iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill From 66df790cb424a80ef022f79a91074c68a164c5be Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:16:13 +0200 Subject: [PATCH 24/62] DHCP --- run/network.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/run/network.sh b/run/network.sh index b9e7a22..2955ef3 100644 --- a/run/network.sh +++ b/run/network.sh @@ -15,7 +15,7 @@ set -eu # Functions # ###################################### -configureMacVlan () { +configureDHCP() { VM_NET_TAP="_VmMacvtap" echo "Info: Retrieving IP via DHCP using MAC ${VM_NET_MAC}..." @@ -49,10 +49,10 @@ configureMacVlan () { mknod ${_tmpTapPath} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${_tmpTapPath}" && exit 20) fi - NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30 ${NET_OPTS} 30<>${_tmpTapPath} 40<>/dev/vhost-net" + NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30 30<>${_tmpTapPath} 40<>/dev/vhost-net" } -configureNatNetwork () { +configureNAT () { VM_NET_IP='20.20.20.21' VM_NET_TAP="_VmNatTap" @@ -81,7 +81,7 @@ configureNatNetwork () { echo "0 $VM_NET_MAC $VM_NET_IP $VM_NET_HOST 01:${VM_NET_MAC}" > /var/lib/misc/dnsmasq.leases chmod 644 /var/lib/misc/dnsmasq.leases - NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0 ${NET_OPTS}" + NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0" # Build DNS options from container /etc/resolv.conf nameservers=($(grep '^nameserver' /etc/resolv.conf | sed 's/nameserver //')) @@ -136,15 +136,16 @@ update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null GATEWAY=$(ip r | grep default | awk '{print $3}') -NET_OPTS="-device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" if [[ "$GATEWAY" == "172."* ]]; then - # Configuration for bridge network - configureNatNetwork + # Configuration for static IP + configureNAT else - # Configuration for macvlan network - configureMacVlan + # Configuration for DHCP IP + configureDHCP fi +NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" + # Hack for guest VMs complaining about "bad udp checksums in 5 packets" iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill From 25d976d8981fe7a814fff86242a618d4ca5e759c Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:20:35 +0200 Subject: [PATCH 25/62] Test --- run/network.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 2955ef3..8b77f29 100644 --- a/run/network.sh +++ b/run/network.sh @@ -49,7 +49,8 @@ configureDHCP() { mknod ${_tmpTapPath} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${_tmpTapPath}" && exit 20) fi - NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30 30<>${_tmpTapPath} 40<>/dev/vhost-net" + NET_OPTS="-netdev tap,id=hostnet0,ifname=tap2,script=no,downscript=no" + #NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30 30<>${_tmpTapPath} 40<>/dev/vhost-net" } configureNAT () { From d20701751e4bf33be204d7719014801249222fe1 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:42:51 +0200 Subject: [PATCH 26/62] Rework --- run/network.sh | 258 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 255 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index 8b77f29..e53b274 100644 --- a/run/network.sh +++ b/run/network.sh @@ -15,6 +15,222 @@ set -eu # Functions # ###################################### +log () { + case "$1" in + INFO | WARNING | ERROR ) + echo "$1: ${@:2}" + ;; + DEBUG) + echo "$1: ${@:2}" + ;; + *) + echo "-- $@" + ;; + esac +} + +# ContainsElement: checks if first parameter is among the array given as second parameter +# returns 0 if the element is found in the list and 1 if not +# usage: containsElement $item $list + +containsElement () { + local e + for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done + return 1 +} + +# Generate random MAC address +genMAC () { + hexchars="0123456789ABCDEF" + end=$( for i in {1..8} ; do echo -n ${hexchars:$(( $RANDOM % 16 )):1} ; done | sed -e 's/\(..\)/:\1/g' ) + echo "FE:05$end" +} + +# atoi: Returns the integer representation of an IP arg, passed in ascii +# dotted-decimal notation (x.x.x.x) +atoi() { + IP=$1 + IPnum=0 + for (( i=0 ; i<4 ; ++i )) + do + ((IPnum+=${IP%%.*}*$((256**$((3-${i})))))) + IP=${IP#*.} + done + echo $IPnum +} + +# itoa: returns the dotted-decimal ascii form of an IP arg passed in integer +# format +itoa() { + echo -n $(($(($(($((${1}/256))/256))/256))%256)). + echo -n $(($(($((${1}/256))/256))%256)). + echo -n $(($((${1}/256))%256)). + echo $((${1}%256)) +} + +cidr2mask() { + local i mask="" + local full_octets=$(($1/8)) + local partial_octet=$(($1%8)) + + for ((i=0;i<4;i+=1)); do + if [ $i -lt $full_octets ]; then + mask+=255 + elif [ $i -eq $full_octets ]; then + mask+=$((256 - 2**(8-$partial_octet))) + else + mask+=0 + fi + test $i -lt 3 && mask+=. + done + + echo $mask +} + +# Generates and returns a new IP and MASK in a superset (inmediate wider range) +# of the given IP/MASK +# usage: getNonConflictingIP IP MASK +# returns NEWIP MASK +getNonConflictingIP () { + local IP="$1" + local CIDR="$2" + + let "newCIDR=$CIDR-1" + + local i=$(atoi $IP) + let "j=$i^(1<<(32-$CIDR))" + local newIP=$(itoa j) + + echo $newIP $newCIDR +} + +# generates unused, random names for macvlan or bridge devices +# usage: generateNetDevNames DEVICETYPE +# DEVICETYPE must be either 'macvlan' or 'bridge' +# returns: +# - bridgeXXXXXX if DEVICETYPE is 'bridge' +# - macvlanXXXXXX, macvtapXXXXXX if DEVICETYPE is 'macvlan' +generateNetdevNames () { + devicetype=$1 + + local netdevinterfaces=($(ip link show | awk "/$devicetype/ { print \$2 }" | cut -d '@' -f 1 | tr -d :)) + local randomID=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 6 | head -n 1) + + # check if the device already exists and regenerate the name if so + while containsElement "$devicetype$randomID" "${netdevinterfaces[@]}"; do randomID=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 6 | head -n 1); done + + echo "$randomID" +} + +setupBridge () { + + set -x + local iface="$1" + local mode="$2" + local deviceID=$(generateNetdevNames $mode) + local bridgeName="$mode$deviceID" + + if [[ $mode == "bridge" ]]; then + brctl addbr "$bridgeName" + brctl addif "$bridgeName" "$iface" + else # use macvlan devices by default + vtapdev="macvtap${deviceID}" + until $(ip link add link $iface name $vtapdev type macvtap mode bridge); do + sleep 1 + done + + ip link set $vtapdev address "$MAC" + ip link set $vtapdev up + + # create a macvlan device for the host + ip link add link $iface name $bridgeName type macvlan mode bridge + ip link set $bridgeName up + + # create dev file (there is no udev in container: need to be done manually) + IFS=: read major minor < <(cat /sys/devices/virtual/net/$vtapdev/tap*/dev) + mknod "/dev/$vtapdev" c $major $minor + fi + + set +x + # get a new IP for the guest machine in a broader network broadcast domain + if ! [[ -z $IP ]]; then + newIP=($(getNonConflictingIP $IP $CIDR)) + ip address del "$IP/$CIDR" dev "$iface" + ip address add "${newIP[0]}/${newIP[1]}" dev "$bridgeName" + fi + + ip link set dev "$bridgeName" up + + echo $deviceID +} + +# Setup macvtap device to connect later the VM and setup a new macvlan devide +# to connect the host machine to the network +configureNetworks () { + + local IP + local i=0 + local GATEWAY=$(ip r | grep default | awk '{print $3}') + + for iface in "${local_ifaces[@]}"; do + + IPs=$(ip address show dev $iface | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) + IPs=($IPs) + MAC=$(ip link show $iface | awk '/ether/ { print $2 }') + log "DEBUG" "Container original MAC address: $MAC" + + # If the container has more than one IP configured in a given interface, + # the user can select which one to use. + # The SELECTED_NETWORK environment variable is used to select that IP. + # This env variable must be in the form IP/MASK (e.g. 1.2.3.4/24). + # + # If this env variable is not set, the IP to be given to the VM is + # the first in the list for that interface (default behaviour). + + if ! [[ -z "$SELECTED_NETWORK" ]]; then + local given_ip given_mask + IFS=/ read given_ip given_mask <<< $SELECTED_NETWORK + local given_addr=$(atoi $given_ip) + local given_mask=$((0xffffffff << (32 - $given_mask) & 0xffffffff)) + local given_broadcast=$((given_addr | ~given_mask & 0xffffffff)) + local given_network=$((given_addr & given_mask)) + + for configured_ip in "${IPs[@]}"; do + local configured_ip=$(atoi $configured_ip) + if [[ $configured_ip -gt $given_network && $configured_ip -lt $given_broadcast ]]; then + IP=$(itoa $configured_ip) + log "INFO" "SELECTED_NETWORK ($SELECTED_NETWORK) found with ip $IP in $iface interface." + fi + done + [[ -z "$IP" ]] && log "WARNING" "SELECTED_NETWORK ($SELECTED_NETWORK) not found in $iface interface." + else + IP=${IPs[0]} + fi + + local CIDR=$(ip address show dev $iface | awk "/inet $IP/ { print \$2 }" | cut -f2 -d/) + + # use container MAC address ($MAC) for tap device + # and generate a new one for the local interface + ip link set $iface down + ip link set $iface address $(genMAC) + ip link set $iface up + + # setup the macvtap devices for bridging the VM + + deviceID=($(setupBridge $iface "macvlan")) + bridgeName="macvlan$deviceID" + # kvm configuration: + let fd=$i+3 + NET_OPTS="$KVM_NET_OPTS -netdev tap,id=net$i,vhost=on,fd=$fd ${fd}<>/dev/macvtap$deviceID" + + setupDhcp + log "DEBUG" "bridgeName: $bridgeName" + NET_OPTS=" -device virtio-net-pci,netdev=net$i,mac=$MAC $NET_OPTS" + let i++ + + done +} + configureDHCP() { VM_NET_TAP="_VmMacvtap" @@ -140,13 +356,49 @@ GATEWAY=$(ip r | grep default | awk '{print $3}') if [[ "$GATEWAY" == "172."* ]]; then # Configuration for static IP - configureNAT + #configureNAT else # Configuration for DHCP IP - configureDHCP + #configureDHCP fi +# Get all interfaces: + local_ifaces=($(ip link show | grep -v noop | grep state | grep -v LOOPBACK | awk '{print $2}' | tr -d : | sed 's/@.*$//')) + local_bridges=($(brctl show | tail -n +2 | awk '{print $1}')) + + # Get non-bridge interfaces: + for i in "${local_bridges[@]}" + do + local_ifaces=(${local_ifaces[@]//*$i*}) + done + +DEFAULT_ROUTE=$(ip route | grep default | awk '{print $3}') + +configureNetworks + + # Hack for guest VMs complaining about "bad udp checksums in 5 packets" + /usr/sbin/iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill + + # Build DNS options from container /etc/resolv.conf + nameservers=($(grep nameserver /etc/resolv.conf | sed 's/nameserver //')) + searchdomains=$(grep search /etc/resolv.conf | sed 's/search //' | sed 's/ /,/g') + domainname=$(echo $searchdomains | awk -F"," '{print $1}') + + for nameserver in "${nameservers[@]}"; do + [[ -z $DNS_SERVERS ]] && DNS_SERVERS=$nameserver || DNS_SERVERS="$DNS_SERVERS,$nameserver" + done + DNSMASQ_OPTS="$DNSMASQ_OPTS \ + --dhcp-option=option:dns-server,$DNS_SERVERS \ + --dhcp-option=option:router,$DEFAULT_ROUTE \ + --dhcp-option=option:domain-search,$searchdomains \ + --dhcp-option=option:domain-name,$domainname \ + " + [[ -z $(hostname -d) ]] || DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-name,$(hostname -d)" + log "INFO" "Lauching dnsmasq" + log "DEBUG" "dnsmasq options: $DNSMASQ_OPTS" + $DNSMASQ $DNSMASQ_OPTS + NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" # Hack for guest VMs complaining about "bad udp checksums in 5 packets" -iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill +# iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill From ec03018762f742a11f48cf87ba81a339a7ab8b17 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:44:54 +0200 Subject: [PATCH 27/62] Rem --- run/network.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index e53b274..8d7ab78 100644 --- a/run/network.sh +++ b/run/network.sh @@ -354,13 +354,13 @@ update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null GATEWAY=$(ip r | grep default | awk '{print $3}') -if [[ "$GATEWAY" == "172."* ]]; then +#if [[ "$GATEWAY" == "172."* ]]; then # Configuration for static IP #configureNAT -else +#else # Configuration for DHCP IP #configureDHCP -fi +#fi # Get all interfaces: local_ifaces=($(ip link show | grep -v noop | grep state | grep -v LOOPBACK | awk '{print $2}' | tr -d : | sed 's/@.*$//')) From 4a607c85d06bad63836597ee0efbe0c992b42da9 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:46:59 +0200 Subject: [PATCH 28/62] Update check.yml --- .github/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 65431a3..205d9ae 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -11,4 +11,4 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: - SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2166 + SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2004 -e SC2219 -e SC2166 From 5c1114c01a63a70aa7c5061fcc21e297d136367d Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:49:11 +0200 Subject: [PATCH 29/62] Trigger --- run/network.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 8d7ab78..a620d8b 100644 --- a/run/network.sh +++ b/run/network.sh @@ -396,7 +396,8 @@ configureNetworks [[ -z $(hostname -d) ]] || DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-name,$(hostname -d)" log "INFO" "Lauching dnsmasq" log "DEBUG" "dnsmasq options: $DNSMASQ_OPTS" - $DNSMASQ $DNSMASQ_OPTS + +$DNSMASQ $DNSMASQ_OPTS NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" From f16ae586c3cc139c8fb9c0345e99d269d382cd99 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:50:41 +0200 Subject: [PATCH 30/62] Update check.yml --- .github/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 205d9ae..a0990fd 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -11,4 +11,4 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: - SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2004 -e SC2219 -e SC2166 + SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2004 -e SC2219 -e SC2155 -e SC2166 From 9dcc8ce5f46b5a5340581538015327ff399d86c7 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:55:27 +0200 Subject: [PATCH 31/62] SELECTED_NETWORK --- run/network.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/run/network.sh b/run/network.sh index a620d8b..e10dbfc 100644 --- a/run/network.sh +++ b/run/network.sh @@ -187,6 +187,8 @@ configureNetworks () { # If this env variable is not set, the IP to be given to the VM is # the first in the list for that interface (default behaviour). + SELECTED_NETWORK="" + if ! [[ -z "$SELECTED_NETWORK" ]]; then local given_ip given_mask IFS=/ read given_ip given_mask <<< $SELECTED_NETWORK From 9274bfa2ca74cda556b7fcb14df796b38d823a2f Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 00:59:22 +0200 Subject: [PATCH 32/62] NET_OPTS --- run/network.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index e10dbfc..c061f1a 100644 --- a/run/network.sh +++ b/run/network.sh @@ -223,7 +223,7 @@ configureNetworks () { bridgeName="macvlan$deviceID" # kvm configuration: let fd=$i+3 - NET_OPTS="$KVM_NET_OPTS -netdev tap,id=net$i,vhost=on,fd=$fd ${fd}<>/dev/macvtap$deviceID" + NET_OPTS="$NET_OPTS -netdev tap,id=net$i,vhost=on,fd=$fd ${fd}<>/dev/macvtap$deviceID" setupDhcp log "DEBUG" "bridgeName: $bridgeName" From 02094b442676b09f41ac0deb0bfda3ea1648933f Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 01:03:20 +0200 Subject: [PATCH 33/62] NET_OPTS --- run/network.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/run/network.sh b/run/network.sh index c061f1a..8e8fad4 100644 --- a/run/network.sh +++ b/run/network.sh @@ -221,13 +221,14 @@ configureNetworks () { deviceID=($(setupBridge $iface "macvlan")) bridgeName="macvlan$deviceID" + log "DEBUG" "bridgeName: $bridgeName" + # kvm configuration: let fd=$i+3 - NET_OPTS="$NET_OPTS -netdev tap,id=net$i,vhost=on,fd=$fd ${fd}<>/dev/macvtap$deviceID" - setupDhcp - log "DEBUG" "bridgeName: $bridgeName" - NET_OPTS=" -device virtio-net-pci,netdev=net$i,mac=$MAC $NET_OPTS" + NET_OPTS="-netdev tap,id=net$i,vhost=on,fd=$fd ${fd}<>/dev/macvtap$deviceID" + NET_OPTS="-device virtio-net-pci,netdev=net$i,mac=$MAC $NET_OPTS" + let i++ done From 8cd666d7e7123933b6fc0d5b41b81dddde835209 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 01:16:40 +0200 Subject: [PATCH 34/62] let --- run/network.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/run/network.sh b/run/network.sh index 8e8fad4..8eecb6f 100644 --- a/run/network.sh +++ b/run/network.sh @@ -95,10 +95,10 @@ getNonConflictingIP () { local IP="$1" local CIDR="$2" - let "newCIDR=$CIDR-1" + (( "newCIDR=$CIDR-1" )) || true local i=$(atoi $IP) - let "j=$i^(1<<(32-$CIDR))" + (( "j=$i^(1<<(32-$CIDR))" )) || true local newIP=$(itoa j) echo $newIP $newCIDR @@ -224,12 +224,12 @@ configureNetworks () { log "DEBUG" "bridgeName: $bridgeName" # kvm configuration: - let fd=$i+3 + (( fd=$i+3 )) || true NET_OPTS="-netdev tap,id=net$i,vhost=on,fd=$fd ${fd}<>/dev/macvtap$deviceID" NET_OPTS="-device virtio-net-pci,netdev=net$i,mac=$MAC $NET_OPTS" - let i++ + (( i++ )) || true done } From 726f474a40553b4fbd145e66a3a95a9632630c77 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 01:17:24 +0200 Subject: [PATCH 35/62] Update check.yml --- .github/workflows/check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index a0990fd..31bff3f 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -1,5 +1,5 @@ on: [workflow_call] -name: "Check" +name: "Shellcheck" permissions: {} jobs: @@ -11,4 +11,4 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: - SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2004 -e SC2219 -e SC2155 -e SC2166 + SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2004 -e SC2155 -e SC2166 From 8a94f9b94a3f60de9dfcdb33058a1cc46da278c2 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 01:29:37 +0200 Subject: [PATCH 36/62] Network --- run/network.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index 8eecb6f..17db503 100644 --- a/run/network.sh +++ b/run/network.sh @@ -291,6 +291,9 @@ configureNAT () { iptables -t nat -A PREROUTING -i eth0 -p tcp -j DNAT --to $VM_NET_IP iptables -t nat -A PREROUTING -i eth0 -p udp -j DNAT --to $VM_NET_IP + # Hack for guest VMs complaining about "bad udp checksums in 5 packets" + iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill + #Enable port forwarding flag [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]] && sysctl -w net.ipv4.ip_forward=1 @@ -365,7 +368,7 @@ GATEWAY=$(ip r | grep default | awk '{print $3}') #configureDHCP #fi -# Get all interfaces: + # Get all interfaces: local_ifaces=($(ip link show | grep -v noop | grep state | grep -v LOOPBACK | awk '{print $2}' | tr -d : | sed 's/@.*$//')) local_bridges=($(brctl show | tail -n +2 | awk '{print $1}')) @@ -404,5 +407,3 @@ $DNSMASQ $DNSMASQ_OPTS NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" -# Hack for guest VMs complaining about "bad udp checksums in 5 packets" -# iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill From 746d8e86cc9341da801ac697fb5d9235a34d0b92 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 01:31:03 +0200 Subject: [PATCH 37/62] Network --- run/network.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/run/network.sh b/run/network.sh index 17db503..4a4ab22 100644 --- a/run/network.sh +++ b/run/network.sh @@ -91,6 +91,7 @@ cidr2mask() { # of the given IP/MASK # usage: getNonConflictingIP IP MASK # returns NEWIP MASK + getNonConflictingIP () { local IP="$1" local CIDR="$2" @@ -110,6 +111,7 @@ getNonConflictingIP () { # returns: # - bridgeXXXXXX if DEVICETYPE is 'bridge' # - macvlanXXXXXX, macvtapXXXXXX if DEVICETYPE is 'macvlan' + generateNetdevNames () { devicetype=$1 @@ -166,6 +168,7 @@ setupBridge () { # Setup macvtap device to connect later the VM and setup a new macvlan devide # to connect the host machine to the network + configureNetworks () { local IP From 5ed0553489e7eeebd896174671390bd72e32292a Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 01:40:30 +0200 Subject: [PATCH 38/62] macvtap --- run/network.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 4a4ab22..abd3430 100644 --- a/run/network.sh +++ b/run/network.sh @@ -229,7 +229,7 @@ configureNetworks () { # kvm configuration: (( fd=$i+3 )) || true - NET_OPTS="-netdev tap,id=net$i,vhost=on,fd=$fd ${fd}<>/dev/macvtap$deviceID" + NET_OPTS="-netdev tap,id=net$i,vhost=on,fd=$fd -add-fd fd=${fd},set=2,opaque='rdwr:/dev/macvtap$deviceID'" NET_OPTS="-device virtio-net-pci,netdev=net$i,mac=$MAC $NET_OPTS" (( i++ )) || true From d320ee23283dc15a74ac01fd76446c21746b24e0 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 01:52:34 +0200 Subject: [PATCH 39/62] Test --- run/network.sh | 46 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index abd3430..4460f51 100644 --- a/run/network.sh +++ b/run/network.sh @@ -1,4 +1,48 @@ -#!/usr/bin/env bash +if [[ $EUID > 0 ]] + then echo "Run this script as root" + exit +fi + +BRIDGE="br0" +TAP="tap0" +INTERFACE="eth0" + +echo "Adding bridge $BRIDGE" +ip link add name $BRIDGE type bridge + +echo "Flushing interface $INTERFACE" +ip addr flush dev $INTERFACE + +echo "Setting $BRIDGE as master of $INTERFACE" +ip link set $INTERFACE master $BRIDGE + +echo "Adding tap $TAP" +ip tuntap add $TAP mode tap + +echo "Setting $BRIDGE as master of $TAP" +ip link set $TAP master $BRIDGE + +echo "Setting $INTERFACE, $BRIDGE and $TAP up" +ip link set up dev $INTERFACE +ip link set up dev $TAP +ip link set up dev $BRIDGE + +echo "Stopping NetworkManager" +systemctl stop NetworkManager + +echo "Requesting ip for $BRIDGE" +dhclient $BRIDGE + +if [ $? -eq 0 ]; then + echo "Requesting ip for $INTERFACE" + dhclient $INTERFACE + echo "Killing dhclient and starting NetworkManager" + pkill -9 dhclient + systemctl start NetworkManager +fi + + +##!/usr/bin/env bash set -eu # Docker environment variabeles From 256060db0dd9ebcfe9d5c9a930b259074185a371 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 03:17:25 +0200 Subject: [PATCH 40/62] File descriptors --- run/network.sh | 51 ++++---------------------------------------------- 1 file changed, 4 insertions(+), 47 deletions(-) diff --git a/run/network.sh b/run/network.sh index 4460f51..97a7590 100644 --- a/run/network.sh +++ b/run/network.sh @@ -1,48 +1,4 @@ -if [[ $EUID > 0 ]] - then echo "Run this script as root" - exit -fi - -BRIDGE="br0" -TAP="tap0" -INTERFACE="eth0" - -echo "Adding bridge $BRIDGE" -ip link add name $BRIDGE type bridge - -echo "Flushing interface $INTERFACE" -ip addr flush dev $INTERFACE - -echo "Setting $BRIDGE as master of $INTERFACE" -ip link set $INTERFACE master $BRIDGE - -echo "Adding tap $TAP" -ip tuntap add $TAP mode tap - -echo "Setting $BRIDGE as master of $TAP" -ip link set $TAP master $BRIDGE - -echo "Setting $INTERFACE, $BRIDGE and $TAP up" -ip link set up dev $INTERFACE -ip link set up dev $TAP -ip link set up dev $BRIDGE - -echo "Stopping NetworkManager" -systemctl stop NetworkManager - -echo "Requesting ip for $BRIDGE" -dhclient $BRIDGE - -if [ $? -eq 0 ]; then - echo "Requesting ip for $INTERFACE" - dhclient $INTERFACE - echo "Killing dhclient and starting NetworkManager" - pkill -9 dhclient - systemctl start NetworkManager -fi - - -##!/usr/bin/env bash +#!/usr/bin/env bash set -eu # Docker environment variabeles @@ -270,10 +226,11 @@ configureNetworks () { bridgeName="macvlan$deviceID" log "DEBUG" "bridgeName: $bridgeName" - # kvm configuration: + # get a file descriptor (( fd=$i+3 )) || true + exec $fd>>/dev/macvtap$deviceID - NET_OPTS="-netdev tap,id=net$i,vhost=on,fd=$fd -add-fd fd=${fd},set=2,opaque='rdwr:/dev/macvtap$deviceID'" + NET_OPTS="-netdev tap,id=net$i,vhost=on,fd=$fd" NET_OPTS="-device virtio-net-pci,netdev=net$i,mac=$MAC $NET_OPTS" (( i++ )) || true From f06daa780098e0979befdc733bb9cc38400ad827 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 03:50:20 +0200 Subject: [PATCH 41/62] Display IP during boot --- agent/agent.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/agent/agent.sh b/agent/agent.sh index 397877f..7532930 100644 --- a/agent/agent.sh +++ b/agent/agent.sh @@ -134,9 +134,17 @@ fi # Display message in docker log output -echo "-------------------------------------------" -echo " You can now login to DSM at port 5000 " -echo "-------------------------------------------" +IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) + +if [[ "$IP" == "20.20"* ]]; then + MSG="port 5000" +else + MSG="http://${IP}:5000" +fi + +echo "--------------------------------------------------------" +echo " You can now login to DSM at ${MSG}" +echo "--------------------------------------------------------" # Wait for NMI interrupt as a shutdown signal From a30d0c0dc2b4a56e174d4a9181c73ac9902b1f42 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 04:07:38 +0200 Subject: [PATCH 42/62] Revert --- run/network.sh | 280 ++----------------------------------------------- 1 file changed, 10 insertions(+), 270 deletions(-) diff --git a/run/network.sh b/run/network.sh index 97a7590..2f11b1b 100644 --- a/run/network.sh +++ b/run/network.sh @@ -15,229 +15,6 @@ set -eu # Functions # ###################################### -log () { - case "$1" in - INFO | WARNING | ERROR ) - echo "$1: ${@:2}" - ;; - DEBUG) - echo "$1: ${@:2}" - ;; - *) - echo "-- $@" - ;; - esac -} - -# ContainsElement: checks if first parameter is among the array given as second parameter -# returns 0 if the element is found in the list and 1 if not -# usage: containsElement $item $list - -containsElement () { - local e - for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done - return 1 -} - -# Generate random MAC address -genMAC () { - hexchars="0123456789ABCDEF" - end=$( for i in {1..8} ; do echo -n ${hexchars:$(( $RANDOM % 16 )):1} ; done | sed -e 's/\(..\)/:\1/g' ) - echo "FE:05$end" -} - -# atoi: Returns the integer representation of an IP arg, passed in ascii -# dotted-decimal notation (x.x.x.x) -atoi() { - IP=$1 - IPnum=0 - for (( i=0 ; i<4 ; ++i )) - do - ((IPnum+=${IP%%.*}*$((256**$((3-${i})))))) - IP=${IP#*.} - done - echo $IPnum -} - -# itoa: returns the dotted-decimal ascii form of an IP arg passed in integer -# format -itoa() { - echo -n $(($(($(($((${1}/256))/256))/256))%256)). - echo -n $(($(($((${1}/256))/256))%256)). - echo -n $(($((${1}/256))%256)). - echo $((${1}%256)) -} - -cidr2mask() { - local i mask="" - local full_octets=$(($1/8)) - local partial_octet=$(($1%8)) - - for ((i=0;i<4;i+=1)); do - if [ $i -lt $full_octets ]; then - mask+=255 - elif [ $i -eq $full_octets ]; then - mask+=$((256 - 2**(8-$partial_octet))) - else - mask+=0 - fi - test $i -lt 3 && mask+=. - done - - echo $mask -} - -# Generates and returns a new IP and MASK in a superset (inmediate wider range) -# of the given IP/MASK -# usage: getNonConflictingIP IP MASK -# returns NEWIP MASK - -getNonConflictingIP () { - local IP="$1" - local CIDR="$2" - - (( "newCIDR=$CIDR-1" )) || true - - local i=$(atoi $IP) - (( "j=$i^(1<<(32-$CIDR))" )) || true - local newIP=$(itoa j) - - echo $newIP $newCIDR -} - -# generates unused, random names for macvlan or bridge devices -# usage: generateNetDevNames DEVICETYPE -# DEVICETYPE must be either 'macvlan' or 'bridge' -# returns: -# - bridgeXXXXXX if DEVICETYPE is 'bridge' -# - macvlanXXXXXX, macvtapXXXXXX if DEVICETYPE is 'macvlan' - -generateNetdevNames () { - devicetype=$1 - - local netdevinterfaces=($(ip link show | awk "/$devicetype/ { print \$2 }" | cut -d '@' -f 1 | tr -d :)) - local randomID=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 6 | head -n 1) - - # check if the device already exists and regenerate the name if so - while containsElement "$devicetype$randomID" "${netdevinterfaces[@]}"; do randomID=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 6 | head -n 1); done - - echo "$randomID" -} - -setupBridge () { - - set -x - local iface="$1" - local mode="$2" - local deviceID=$(generateNetdevNames $mode) - local bridgeName="$mode$deviceID" - - if [[ $mode == "bridge" ]]; then - brctl addbr "$bridgeName" - brctl addif "$bridgeName" "$iface" - else # use macvlan devices by default - vtapdev="macvtap${deviceID}" - until $(ip link add link $iface name $vtapdev type macvtap mode bridge); do - sleep 1 - done - - ip link set $vtapdev address "$MAC" - ip link set $vtapdev up - - # create a macvlan device for the host - ip link add link $iface name $bridgeName type macvlan mode bridge - ip link set $bridgeName up - - # create dev file (there is no udev in container: need to be done manually) - IFS=: read major minor < <(cat /sys/devices/virtual/net/$vtapdev/tap*/dev) - mknod "/dev/$vtapdev" c $major $minor - fi - - set +x - # get a new IP for the guest machine in a broader network broadcast domain - if ! [[ -z $IP ]]; then - newIP=($(getNonConflictingIP $IP $CIDR)) - ip address del "$IP/$CIDR" dev "$iface" - ip address add "${newIP[0]}/${newIP[1]}" dev "$bridgeName" - fi - - ip link set dev "$bridgeName" up - - echo $deviceID -} - -# Setup macvtap device to connect later the VM and setup a new macvlan devide -# to connect the host machine to the network - -configureNetworks () { - - local IP - local i=0 - local GATEWAY=$(ip r | grep default | awk '{print $3}') - - for iface in "${local_ifaces[@]}"; do - - IPs=$(ip address show dev $iface | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - IPs=($IPs) - MAC=$(ip link show $iface | awk '/ether/ { print $2 }') - log "DEBUG" "Container original MAC address: $MAC" - - # If the container has more than one IP configured in a given interface, - # the user can select which one to use. - # The SELECTED_NETWORK environment variable is used to select that IP. - # This env variable must be in the form IP/MASK (e.g. 1.2.3.4/24). - # - # If this env variable is not set, the IP to be given to the VM is - # the first in the list for that interface (default behaviour). - - SELECTED_NETWORK="" - - if ! [[ -z "$SELECTED_NETWORK" ]]; then - local given_ip given_mask - IFS=/ read given_ip given_mask <<< $SELECTED_NETWORK - local given_addr=$(atoi $given_ip) - local given_mask=$((0xffffffff << (32 - $given_mask) & 0xffffffff)) - local given_broadcast=$((given_addr | ~given_mask & 0xffffffff)) - local given_network=$((given_addr & given_mask)) - - for configured_ip in "${IPs[@]}"; do - local configured_ip=$(atoi $configured_ip) - if [[ $configured_ip -gt $given_network && $configured_ip -lt $given_broadcast ]]; then - IP=$(itoa $configured_ip) - log "INFO" "SELECTED_NETWORK ($SELECTED_NETWORK) found with ip $IP in $iface interface." - fi - done - [[ -z "$IP" ]] && log "WARNING" "SELECTED_NETWORK ($SELECTED_NETWORK) not found in $iface interface." - else - IP=${IPs[0]} - fi - - local CIDR=$(ip address show dev $iface | awk "/inet $IP/ { print \$2 }" | cut -f2 -d/) - - # use container MAC address ($MAC) for tap device - # and generate a new one for the local interface - ip link set $iface down - ip link set $iface address $(genMAC) - ip link set $iface up - - # setup the macvtap devices for bridging the VM - - deviceID=($(setupBridge $iface "macvlan")) - bridgeName="macvlan$deviceID" - log "DEBUG" "bridgeName: $bridgeName" - - # get a file descriptor - (( fd=$i+3 )) || true - exec $fd>>/dev/macvtap$deviceID - - NET_OPTS="-netdev tap,id=net$i,vhost=on,fd=$fd" - NET_OPTS="-device virtio-net-pci,netdev=net$i,mac=$MAC $NET_OPTS" - - (( i++ )) || true - - done -} - configureDHCP() { VM_NET_TAP="_VmMacvtap" @@ -251,16 +28,15 @@ configureDHCP() { _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) [[ "${_DhcpIP}" == [0-9.]* ]] \ - && echo "Info: Retrieved IP ${_DhcpIP} from DHCP using MAC ${VM_NET_MAC}" \ + && echo "Info: Retrieved IP ${_DhcpIP} via DHCP" \ || ( echo "ERROR: Cannot retrieve IP from DHCP using MAC ${VM_NET_MAC}" && exit 16 ) ip a flush ${VM_NET_TAP} _tmpTapPath="/dev/tap$(>$_tmpTapPath + exec 40>>/dev/vhost-net + + NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30" } configureNAT () { @@ -353,8 +131,8 @@ if [ "$DEBUG" = "Y" ]; then IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - echo && ifconfig - echo && ip route && echo + #echo && ifconfig + #echo && ip route && echo echo "Container IP: ${IP}" && echo fi @@ -369,45 +147,7 @@ GATEWAY=$(ip r | grep default | awk '{print $3}') #configureNAT #else # Configuration for DHCP IP - #configureDHCP + configureDHCP #fi - # Get all interfaces: - local_ifaces=($(ip link show | grep -v noop | grep state | grep -v LOOPBACK | awk '{print $2}' | tr -d : | sed 's/@.*$//')) - local_bridges=($(brctl show | tail -n +2 | awk '{print $1}')) - - # Get non-bridge interfaces: - for i in "${local_bridges[@]}" - do - local_ifaces=(${local_ifaces[@]//*$i*}) - done - -DEFAULT_ROUTE=$(ip route | grep default | awk '{print $3}') - -configureNetworks - - # Hack for guest VMs complaining about "bad udp checksums in 5 packets" - /usr/sbin/iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill - - # Build DNS options from container /etc/resolv.conf - nameservers=($(grep nameserver /etc/resolv.conf | sed 's/nameserver //')) - searchdomains=$(grep search /etc/resolv.conf | sed 's/search //' | sed 's/ /,/g') - domainname=$(echo $searchdomains | awk -F"," '{print $1}') - - for nameserver in "${nameservers[@]}"; do - [[ -z $DNS_SERVERS ]] && DNS_SERVERS=$nameserver || DNS_SERVERS="$DNS_SERVERS,$nameserver" - done - DNSMASQ_OPTS="$DNSMASQ_OPTS \ - --dhcp-option=option:dns-server,$DNS_SERVERS \ - --dhcp-option=option:router,$DEFAULT_ROUTE \ - --dhcp-option=option:domain-search,$searchdomains \ - --dhcp-option=option:domain-name,$domainname \ - " - [[ -z $(hostname -d) ]] || DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-name,$(hostname -d)" - log "INFO" "Lauching dnsmasq" - log "DEBUG" "dnsmasq options: $DNSMASQ_OPTS" - -$DNSMASQ $DNSMASQ_OPTS - NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" - From 30fc91f48d40a79b45c77c835e41b37781c7d169 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 04:09:45 +0200 Subject: [PATCH 43/62] Update check.yml --- .github/workflows/check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 31bff3f..7f69165 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -11,4 +11,4 @@ jobs: - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: - SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2004 -e SC2155 -e SC2166 + SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2116 -e SC2034 -e SC1091 -e SC2143 -e SC2223 -e SC2086 -e SC2145 -e SC2015 -e SC2268 -e SC2207 -e SC2064 -e SC2162 -e SC2153 -e SC2166 From 81fd26c2c193347fb266b6c200218d0397a562e0 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 04:19:33 +0200 Subject: [PATCH 44/62] Formatting --- run/network.sh | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/run/network.sh b/run/network.sh index 2f11b1b..7175010 100644 --- a/run/network.sh +++ b/run/network.sh @@ -26,29 +26,34 @@ configureDHCP() { ip a flush eth0 ip a flush ${VM_NET_TAP} - _DhcpIP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) - [[ "${_DhcpIP}" == [0-9.]* ]] \ - && echo "Info: Retrieved IP ${_DhcpIP} via DHCP" \ - || ( echo "ERROR: Cannot retrieve IP from DHCP using MAC ${VM_NET_MAC}" && exit 16 ) + DHCP_IP=$( dhclient -v ${VM_NET_TAP} 2>&1 | grep ^bound | cut -d' ' -f3 ) + + if [[ "${DHCP_IP}" == [0-9.]* ]]; then + echo "Info: Retrieved IP ${DHCP_IP} via DHCP" + else + echo "ERROR: Cannot retrieve IP from DHCP using MAC ${VM_NET_MAC}" && exit 16 + fi ip a flush ${VM_NET_TAP} - _tmpTapPath="/dev/tap$(>$_tmpTapPath + [[ ! -e ${TAP_PATH} ]] && [[ -e /dev0/${TAP_PATH##*/} ]] && ln -s /dev0/${TAP_PATH##*/} ${TAP_PATH} + + if [[ ! -e ${TAP_PATH} ]]; then + mknod ${TAP_PATH} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${TAP_PATH}" && exit 20) + fi + + exec 30>>$TAP_PATH exec 40>>/dev/vhost-net NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30" From fae34fdfab0a354bfcf65c5e3ff56822cd3f42e4 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 04:24:11 +0200 Subject: [PATCH 45/62] IFS --- run/network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run/network.sh b/run/network.sh index 7175010..15b2b22 100644 --- a/run/network.sh +++ b/run/network.sh @@ -39,8 +39,8 @@ configureDHCP() { TAP_PATH="/dev/tap$( Date: Thu, 20 Apr 2023 04:41:15 +0200 Subject: [PATCH 46/62] TAP --- run/network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run/network.sh b/run/network.sh index 15b2b22..bc985d3 100644 --- a/run/network.sh +++ b/run/network.sh @@ -39,8 +39,8 @@ configureDHCP() { TAP_PATH="/dev/tap$( Date: Thu, 20 Apr 2023 04:48:00 +0200 Subject: [PATCH 47/62] Error checking --- run/network.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/run/network.sh b/run/network.sh index bc985d3..42f12fc 100644 --- a/run/network.sh +++ b/run/network.sh @@ -53,8 +53,13 @@ configureDHCP() { mknod ${TAP_PATH} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${TAP_PATH}" && exit 20) fi - exec 30>>$TAP_PATH - exec 40>>/dev/vhost-net + if ! exec 30>>$TAP_PATH; then + echo "ERROR: Please add the following docker variable: --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 + fi + + if ! exec 40>>/dev/vhost-net; then + echo "ERROR: Cannot find vhost! && exit 22 + fi NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30" } From 2484782a0bc528dc568a85e6ef26d8c65b491a8a Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 04:49:02 +0200 Subject: [PATCH 48/62] Quote --- run/network.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 42f12fc..27f69a2 100644 --- a/run/network.sh +++ b/run/network.sh @@ -58,7 +58,7 @@ configureDHCP() { fi if ! exec 40>>/dev/vhost-net; then - echo "ERROR: Cannot find vhost! && exit 22 + echo "ERROR: Cannot find vhost!" && exit 22 fi NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30" From 18e38f9ef1ecb2e8fc7505cfea3d30c50aae4bb8 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 05:09:38 +0200 Subject: [PATCH 49/62] Error messages --- run/network.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/run/network.sh b/run/network.sh index 27f69a2..685f162 100644 --- a/run/network.sh +++ b/run/network.sh @@ -41,10 +41,8 @@ configureDHCP() { # create dev file (there is no udev in container: need to be done manually) IFS=: read MAJOR MINOR < <(cat /sys/devices/virtual/net/${VM_NET_TAP}/tap*/dev) - if [[ "x${MAJOR}" != "x" ]]; then - echo "Info: Please make sure that the following docker setting is used: --device-cgroup-rule='c ${MAJOR}:* rwm'" - else - echo "Info: Macvtap creation issue: Cannot find: /sys/class/net/${VM_NET_TAP}/" && exit 18 + if (( MAJOR < 1)); then + echo "ERROR: Cannot find: sys/devices/virtual/net/${VM_NET_TAP}" && exit 18 fi [[ ! -e ${TAP_PATH} ]] && [[ -e /dev0/${TAP_PATH##*/} ]] && ln -s /dev0/${TAP_PATH##*/} ${TAP_PATH} @@ -53,11 +51,11 @@ configureDHCP() { mknod ${TAP_PATH} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${TAP_PATH}" && exit 20) fi - if ! exec 30>>$TAP_PATH; then - echo "ERROR: Please add the following docker variable: --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 + if ! exec 30>>$TAP_PATH 2>/dev/null; then + echo "ERROR: Please add the following docker variable to your container: --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 fi - if ! exec 40>>/dev/vhost-net; then + if ! exec 40>>/dev/vhost-net 2>/dev/null; then echo "ERROR: Cannot find vhost!" && exit 22 fi From 2144f1d221bf96de3319ed5b95d763ba33b08c53 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 05:11:59 +0200 Subject: [PATCH 50/62] Error messages --- run/network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run/network.sh b/run/network.sh index 685f162..e5147d5 100644 --- a/run/network.sh +++ b/run/network.sh @@ -51,11 +51,11 @@ configureDHCP() { mknod ${TAP_PATH} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${TAP_PATH}" && exit 20) fi - if ! exec 30>>$TAP_PATH 2>/dev/null; then + if ! exec 30>>$TAP_PATH >/dev/null 2>&1; then echo "ERROR: Please add the following docker variable to your container: --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 fi - if ! exec 40>>/dev/vhost-net 2>/dev/null; then + if ! exec 40>>/dev/vhost-net >/dev/null 2>&1; then echo "ERROR: Cannot find vhost!" && exit 22 fi From 947dd9aaab5cfc2e980f00c5a909d4dde54ac74c Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 05:14:40 +0200 Subject: [PATCH 51/62] Info --- run/network.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/run/network.sh b/run/network.sh index e5147d5..1cacd62 100644 --- a/run/network.sh +++ b/run/network.sh @@ -138,10 +138,7 @@ fi if [ "$DEBUG" = "Y" ]; then IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - - #echo && ifconfig - #echo && ip route && echo - echo "Container IP: ${IP}" && echo + echo "Info: Container IP: ${IP}" && echo fi From dd6b7f384c8c6df3e5aeff73c4acbb2a6539850b Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 05:17:24 +0200 Subject: [PATCH 52/62] Makend --- run/network.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 1cacd62..0e8d587 100644 --- a/run/network.sh +++ b/run/network.sh @@ -48,7 +48,9 @@ configureDHCP() { [[ ! -e ${TAP_PATH} ]] && [[ -e /dev0/${TAP_PATH##*/} ]] && ln -s /dev0/${TAP_PATH##*/} ${TAP_PATH} if [[ ! -e ${TAP_PATH} ]]; then - mknod ${TAP_PATH} c $MAJOR $MINOR && : || ("ERROR: Cannot mknod: ${TAP_PATH}" && exit 20) + if ! mknod ${TAP_PATH} c $MAJOR $MINOR >/dev/null 2>&1; then + echo "ERROR: Cannot mknod: ${TAP_PATH}" && exit 20 + fi fi if ! exec 30>>$TAP_PATH >/dev/null 2>&1; then From d80bc38c2d1d462b09d3e2107b9b7da0fe0c8c1b Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 05:21:36 +0200 Subject: [PATCH 53/62] Errors --- run/network.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run/network.sh b/run/network.sh index 0e8d587..d023008 100644 --- a/run/network.sh +++ b/run/network.sh @@ -48,16 +48,16 @@ configureDHCP() { [[ ! -e ${TAP_PATH} ]] && [[ -e /dev0/${TAP_PATH##*/} ]] && ln -s /dev0/${TAP_PATH##*/} ${TAP_PATH} if [[ ! -e ${TAP_PATH} ]]; then - if ! mknod ${TAP_PATH} c $MAJOR $MINOR >/dev/null 2>&1; then + if ! mknod ${TAP_PATH} c $MAJOR $MINOR ; then echo "ERROR: Cannot mknod: ${TAP_PATH}" && exit 20 fi fi - if ! exec 30>>$TAP_PATH >/dev/null 2>&1; then + if ! exec 30>>$TAP_PATH; then echo "ERROR: Please add the following docker variable to your container: --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 fi - if ! exec 40>>/dev/vhost-net >/dev/null 2>&1; then + if ! exec 40>>/dev/vhost-net; then echo "ERROR: Cannot find vhost!" && exit 22 fi From 8c85d3d987c924128a77d84a3b16ee54396fc2fc Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 05:41:23 +0200 Subject: [PATCH 54/62] Create vhost --- run/network.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/run/network.sh b/run/network.sh index d023008..28a6f06 100644 --- a/run/network.sh +++ b/run/network.sh @@ -17,6 +17,15 @@ set -eu configureDHCP() { + # Create /dev/vhost-net + if [ ! -c /dev/vhost-net ]; then + [ ! -d /dev/vhost-net ] && mkdir -m 755 /dev/vhost-net + mknod /dev/vhost-net c 10 238 + chmod 666 /dev/vhost-net + fi + + [ ! -c /dev/vhost-net ] && echo "Error: VHOST interface not available..." && exit 85 + VM_NET_TAP="_VmMacvtap" echo "Info: Retrieving IP via DHCP using MAC ${VM_NET_MAC}..." From 29391e59d20aa6798c8d503250a2035fa4cb81e1 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 05:45:39 +0200 Subject: [PATCH 55/62] Vhost --- run/network.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 28a6f06..1128f35 100644 --- a/run/network.sh +++ b/run/network.sh @@ -19,7 +19,6 @@ configureDHCP() { # Create /dev/vhost-net if [ ! -c /dev/vhost-net ]; then - [ ! -d /dev/vhost-net ] && mkdir -m 755 /dev/vhost-net mknod /dev/vhost-net c 10 238 chmod 666 /dev/vhost-net fi From 1644676b7ef1b7a4fe8c036f69a1b52f43123681 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 06:02:38 +0200 Subject: [PATCH 56/62] Bridge --- run/network.sh | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/run/network.sh b/run/network.sh index 1128f35..860073a 100644 --- a/run/network.sh +++ b/run/network.sh @@ -20,10 +20,13 @@ configureDHCP() { # Create /dev/vhost-net if [ ! -c /dev/vhost-net ]; then mknod /dev/vhost-net c 10 238 - chmod 666 /dev/vhost-net + chmod 660 /dev/vhost-net fi - [ ! -c /dev/vhost-net ] && echo "Error: VHOST interface not available..." && exit 85 + if [ ! -c /dev/vhost-net ]; then + echo -n "Error: VHOST interface not available. Please add the following " + echo "docker variable to your container: --device=/dev/vhost-net" && exit 85 + fi VM_NET_TAP="_VmMacvtap" echo "Info: Retrieving IP via DHCP using MAC ${VM_NET_MAC}..." @@ -62,11 +65,11 @@ configureDHCP() { fi if ! exec 30>>$TAP_PATH; then - echo "ERROR: Please add the following docker variable to your container: --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 + echo "ERROR: Please add the following docker variables to your container: --device=/dev/vhost-net --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 fi if ! exec 40>>/dev/vhost-net; then - echo "ERROR: Cannot find vhost!" && exit 22 + echo "ERROR: VHOST can not be found. Please add the following docker variable to your container: --device=/dev/vhost-net" && exit 22 fi NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30" @@ -157,12 +160,17 @@ update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null GATEWAY=$(ip r | grep default | awk '{print $3}') -#if [[ "$GATEWAY" == "172."* ]]; then - # Configuration for static IP - #configureNAT -#else - # Configuration for DHCP IP - configureDHCP -#fi +if [[ "$GATEWAY" == "172."* ]]; then + # Bridge network + configureNAT +else + if [ "$DHCP" = "Y" ]; then + # Configuration for DHCP IP + configureDHCP + else + # Configuration for static IP + configureNAT + fi +fi NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" From 2cefb0be237ddef90ead44f7076db4384ed036d6 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 06:04:42 +0200 Subject: [PATCH 57/62] DHCP --- run/network.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/run/network.sh b/run/network.sh index 860073a..da37aaf 100644 --- a/run/network.sh +++ b/run/network.sh @@ -6,6 +6,7 @@ set -eu : ${VM_NET_HOST:='VirtualDSM'} : ${VM_NET_MAC:='02:11:32:AA:BB:CC'} +: ${DHCP:='N'} : ${DNS_SERVERS:=''} : ${DNSMASQ_OPTS:=''} : ${DNSMASQ:='/usr/sbin/dnsmasq'} From 0b6465e0c7c0962ef2c9eab853d10c161c419565 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 06:07:03 +0200 Subject: [PATCH 58/62] Gateway --- run/network.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/run/network.sh b/run/network.sh index da37aaf..989bf67 100644 --- a/run/network.sh +++ b/run/network.sh @@ -149,18 +149,18 @@ fi [ ! -c /dev/net/tun ] && echo "Error: TUN network interface not available..." && exit 85 -if [ "$DEBUG" = "Y" ]; then - - IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - echo "Info: Container IP: ${IP}" && echo - -fi - update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null GATEWAY=$(ip r | grep default | awk '{print $3}') +if [ "$DEBUG" = "Y" ]; then + + IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) + echo "Info: Container IP is ${IP} with gateway {GATEWAY}" && echo + +fi + if [[ "$GATEWAY" == "172."* ]]; then # Bridge network configureNAT From 73a1d82ded460955dd5f51d23b421b8ec99a2559 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 06:25:46 +0200 Subject: [PATCH 59/62] DHCP --- run/network.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/run/network.sh b/run/network.sh index 989bf67..986d5a0 100644 --- a/run/network.sh +++ b/run/network.sh @@ -161,17 +161,21 @@ if [ "$DEBUG" = "Y" ]; then fi -if [[ "$GATEWAY" == "172."* ]]; then - # Bridge network - configureNAT +if [ "$DHCP" != "Y" ]; then + + # Configuration for static IP + configureNAT + else - if [ "$DHCP" = "Y" ]; then - # Configuration for DHCP IP - configureDHCP - else - # Configuration for static IP - configureNAT + + if [[ "$GATEWAY" == "172."* ]]; then + echo -n "ERROR: You cannot enable DHCP while the container is " + echo "in a bridge network, only on a macvlan network!" && exit 86 fi + + # Configuration for DHCP IP + configureDHCP + fi NET_OPTS="${NET_OPTS} -device virtio-net-pci,romfile=,netdev=hostnet0,mac=${VM_NET_MAC},id=net0" From fdbd80adb00cf625692dd58a3b002e429264afa5 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 06:43:16 +0200 Subject: [PATCH 60/62] DHCP --- run/network.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/run/network.sh b/run/network.sh index 986d5a0..99d002a 100644 --- a/run/network.sh +++ b/run/network.sh @@ -66,11 +66,13 @@ configureDHCP() { fi if ! exec 30>>$TAP_PATH; then - echo "ERROR: Please add the following docker variables to your container: --device=/dev/vhost-net --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 + echo -n "ERROR: Please add the following docker variables to your container: " + echo "--device=/dev/vhost-net --device-cgroup-rule='c ${MAJOR}:* rwm'" && exit 21 fi if ! exec 40>>/dev/vhost-net; then - echo "ERROR: VHOST can not be found. Please add the following docker variable to your container: --device=/dev/vhost-net" && exit 22 + echo -n "ERROR: VHOST can not be found. Please add the following docker " + echo "variable to your container: --device=/dev/vhost-net" && exit 22 fi NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30" @@ -157,14 +159,14 @@ GATEWAY=$(ip r | grep default | awk '{print $3}') if [ "$DEBUG" = "Y" ]; then IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) - echo "Info: Container IP is ${IP} with gateway {GATEWAY}" && echo + echo "Info: Container IP is ${IP} with gateway {GATEWAY}" fi if [ "$DHCP" != "Y" ]; then - # Configuration for static IP - configureNAT + # Configuration for static IP + configureNAT else From ba15d71f7f93a0f09f623301b0ef03583400a6c4 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 06:47:45 +0200 Subject: [PATCH 61/62] ifconfig --- run/network.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 99d002a..b4a6301 100644 --- a/run/network.sh +++ b/run/network.sh @@ -160,7 +160,8 @@ if [ "$DEBUG" = "Y" ]; then IP=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/) echo "Info: Container IP is ${IP} with gateway {GATEWAY}" - + ifconfig + ip route fi if [ "$DHCP" != "Y" ]; then From ce2ee98386f1a45ef4daacefbac5aaf15d6ffbc2 Mon Sep 17 00:00:00 2001 From: Kroese Date: Thu, 20 Apr 2023 06:48:16 +0200 Subject: [PATCH 62/62] Macvlan compose --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 41e582e..febe0b9 100644 --- a/readme.md +++ b/readme.md @@ -130,7 +130,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ``` Modify these values to match your local subnet. - Next change the containers configuration in your compose file: + Now change the containers configuration in your compose file: ``` networks: