Switch to tc mirrored to get rid of macvtap (#110)

metal-stack · Jul 25, 2024 · 0e7c0a8 · 0e7c0a8
1 parent 3ae7f59
commit 0e7c0a8
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 33 deletions.
diff --git a/scripts/manage_vms.py b/scripts/manage_vms.py
@@ -13,7 +13,7 @@
  "disk-path": "/machine01.img",
  "disk-size": "5G",
  "memory": "2G",
- "tap-index-fd": [(0, 30), (1, 40)],
+ "lan_indices": [0, 1],
  "serial-port": 4000,
  },
  "machine02": {
@@ -22,7 +22,7 @@
  "disk-path": "/machine02.img",
  "disk-size": "5G",
  "memory": "2G",
- "tap-index-fd": [(2, 50), (3, 60)],
+ "lan_indices": [2, 3],
  "serial-port": 4001,
  },
  "machine03": {
@@ -31,7 +31,7 @@
  "disk-path": "/machine03.img",
  "disk-size": "5G",
  "memory": "2G",
- "tap-index-fd": [(4, 70), (5, 80)],
+ "lan_indices": [4, 5],
  "serial-port": 4002,
  },
 }
@@ -126,18 +126,6 @@ def _delete_vm_disk(path):
 
  @staticmethod
  def _start_vm(machine):
- nics = []
- netdevices = []
- for tap in machine.get("tap-index-fd", []):
- ifindex = tap[0]
- fd = tap[1]
-
- mac = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/address".format(ifindex=ifindex)]).decode("utf-8").strip()
- tapindex = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/ifindex".format(ifindex=ifindex)]).decode("utf-8").strip()
-
- nics.append("virtio-net,netdev=hn{ifindex},mac={mac}".format(ifindex=ifindex, mac=mac))
- netdevices.append("tap,fd={fd},id=hn{ifindex} {fd}<>/dev/tap{tapindex}".format(fd=fd, ifindex=ifindex, tapindex=tapindex))
-
  cmd = [
  "qemu-system-x86_64",
  "-name", machine.get("name"),
@@ -153,13 +141,13 @@ def _start_vm(machine):
  "-nographic",
  ]
 
- for nic in nics:
- cmd.append("-device")
- cmd.append(nic)
-
- for device in netdevices:
- cmd.append("-netdev")
- cmd.append(device)
+ for i in machine["lan_indices"]:
+ with open(f'/sys/class/net/lan{i}/address', 'r') as f:
+  mac = f.read().strip()
+ cmd.append('-device')
+  cmd.append(f'virtio-net,netdev=hn{i},mac={mac}')
+ cmd.append(f'-netdev')
+ cmd.append(f'tap,id=hn{i},ifname=tap{i},script=/mini-lab/mirror_tap_to_lan.sh,downscript=no')
 
  cmd.append("&")
 

diff --git a/scripts/mirror_tap_to_lan.sh b/scripts/mirror_tap_to_lan.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Script is taken from https://netdevops.me/2021/transparently-redirecting-packets/frames-between-interfaces/
+# Script is taken from https://netdevops.me/2021/transparently-redirecting-packetsframes-between-interfaces/
+# Read it for better understanding
+
+set -o errexit
+TAP_IF=$1
+# get interface index number up to 3 digits (everything after first three chars)
+# tap0 -> 0
+# tap123 -> 123
+INDEX=${TAP_IF:3:3}
+
+ip link set $TAP_IF up
+ip link set $TAP_IF mtu 65000
+
+# create tc lan<->tap redirect rules
+tc qdisc add dev lan$INDEX ingress
+tc filter add dev lan$INDEX parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev $TAP_IF
+
+tc qdisc add dev $TAP_IF ingress
+tc filter add dev $TAP_IF parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev lan$INDEX
diff --git a/scripts/vms_entrypoint.sh b/scripts/vms_entrypoint.sh
@@ -25,15 +25,4 @@ while [ "$MYINT" -lt "$INTFS" ]; do
  int_calc
 done
 
-# creating macvtap interfaces for the qemu vms
-for i in $(seq 0 5); do
- ip link add link lan${i} name macvtap${i} type macvtap mode passthru
- ip link set macvtap${i} up
- ip link set macvtap${i} promisc on
-done
-
-echo "Connected all interfaces"
-ifdown -a || true
-ifup -a || true
-
 tail -f /dev/null