Sébastien RICCIO
2008-May-23 10:04 UTC
[Xen-devel] HELP:) vif-common.sh call on xm shutdown / xm destroy
Dear list,
I''m currently modifying the vif-common.sh script in order to be able
to implement custom iptables rules for different guests.
As I can see, when a guest is created with xm create, vif-common.sh is
called with the "online" command. Perfect.
When the guest shutdown itself, vif-common.sh is not called, neither
when I shut down the guest with "xm shutdown" command.
But if I kill the guest with "xm destroy", the vif-common.sh is called
with command "offline".
Is it right that xm shutdown doesn''t call vif-common.sh ?
I was expecting it to be executed when a shutdown is issued, in order
to clean the iptables rules for this particular guest.
Any ideas ?
btw: here is my custom vif-common.sh code:
frob_iptable()
{
if [ "$command" == "online" ]
then
# Adding custom chain
iptables -N "$vif"
if [ -e /etc/xen/fw/$vif.rules ]
then
source /etc/xen/fw/$vif.rules
else
if [ -e /etc/xen/fw/default.rules ]
then
source /etc/xen/fw/default.rules
else
iptables -A "$vif" -j ACCEPT
fi
fi
# Forwarding the packets to the right chain
iptables -A FORWARD -m physdev --physdev-in "$vif" "$@"
-j "$vif"
else
echo "debug" >>/tmp/debug.log
# Removing the chain forward
iptables -D FORWARD -m physdev --physdev-in "$vif" "$@"
-j "$vif"
# Flushing the custom chain
iptables -F "$vif"
# Removing the custom chain
iptables -X "$vif"
fi
}
--
Sébastien Riccio
SwissCenter / OpenBusiness SA
sr@openbusiness.com
________________________________________________
OpenBusiness S.A.
World Trade Center
Av Gratta-Paille 1-2 Tel: +41 21 641 1010
CH-1000 Lausanne 30 FAX: +41 21 641 1011
Switzerland www.openbusiness.ch
__________________________________________________________________________
Disclaimer
This email is confidential and intended solely for the use of the
individual to whom it is addressed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
OpenBusiness Group.
If you are not the intended recipient, be advised that you have received
this email in error and that any use, dissemination, forwarding,
printing, or copy-ing of this email is strictly prohibited.
If you have received this email in error please notify the OpenBusiness
help-desk by telephone on +41 21 641 10 10.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
--
Sébastien Riccio
SwissCenter / OpenBusiness SA
sr@openbusiness.com
________________________________________________
OpenBusiness S.A.
World Trade Center
Av Gratta-Paille 1-2 Tel: +41 21 641 1010
CH-1000 Lausanne 30 FAX: +41 21 641 1011
Switzerland www.openbusiness.ch
__________________________________________________________________________
Disclaimer
This email is confidential and intended solely for the use of the
individual to whom it is addressed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
OpenBusiness Group.
If you are not the intended recipient, be advised that you have received
this email in error and that any use, dissemination, forwarding,
printing, or copy-ing of this email is strictly prohibited.
If you have received this email in error please notify the OpenBusiness
help-desk by telephone on +41 21 641 10 10.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Ian Jackson
2008-May-23 10:47 UTC
Re: [Xen-devel] HELP:) vif-common.sh call on xm shutdown / xm destroy
Sébastien RICCIO writes ("[Xen-devel] HELP:) vif-common.sh call on xm
shutdown / xm destroy"):> Is it right that xm shutdown doesn''t call vif-common.sh ?
shutdown just asks the guest to shut itself down so shouldn''t bring
the interfaces down right away. But I think the script should be
called when the domain indicates that its shutdown is complete,
destroying itself. It''s quite possible that this is buggy ...
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Sébastien RICCIO
2008-May-23 10:58 UTC
Re: [Xen-devel] HELP:) vif-common.sh call on xm shutdown / xm destroy
Hi Ianm Yes this is true. It should be called after the shutdown has been completed, but this doesn''t happen., so iptables rules are never cleaned. (on_shutdown = ''destroy'') in the config files buggy ? Ian Jackson a écrit :> Sébastien RICCIO writes ("[Xen-devel] HELP:) vif-common.sh call on xm shutdown / xm destroy"): > >> Is it right that xm shutdown doesn''t call vif-common.sh ? >> > > shutdown just asks the guest to shut itself down so shouldn''t bring > the interfaces down right away. But I think the script should be > called when the domain indicates that its shutdown is complete, > destroying itself. It''s quite possible that this is buggy ... > > Ian. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel > > >-- Sébastien Riccio SwissCenter / OpenBusiness SA sr@openbusiness.com ________________________________________________ OpenBusiness S.A. World Trade Center Av Gratta-Paille 1-2 Tel: +41 21 641 1010 CH-1000 Lausanne 30 FAX: +41 21 641 1011 Switzerland www.openbusiness.ch __________________________________________________________________________ Disclaimer This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the OpenBusiness Group. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copy-ing of this email is strictly prohibited. If you have received this email in error please notify the OpenBusiness help-desk by telephone on +41 21 641 10 10. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Christopher Thunes
2008-Jun-13 17:43 UTC
Re: [Xen-devel] HELP:) vif-common.sh call on xm shutdown / xm destroy
We''ve also seen this problem and have some more information. Looking into it we have found that the udev "offline" event is not being triggered by the kernel on paravirtual guest shutdowns. HVM guests seem to work just fine though. We can provide udevmonitor output and/or udev log output if it would help. Definitely seems like a bug though. - Chris Thunes Ian Jackson wrote:> Sébastien RICCIO writes ("[Xen-devel] HELP:) vif-common.sh call on xm shutdown / xm destroy"): >> Is it right that xm shutdown doesn''t call vif-common.sh ? > > shutdown just asks the guest to shut itself down so shouldn''t bring > the interfaces down right away. But I think the script should be > called when the domain indicates that its shutdown is complete, > destroying itself. It''s quite possible that this is buggy ... > > Ian. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel