From: iap10@labyrinth.cl.cam.ac.uk Date: Tue, 16 Sep 2003 20:36:20 +0000 (+0000) Subject: bitkeeper revision 1.427 (3f677444W1iVSBCd44M-cSsiZXgCsg) X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~18700 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=817cec1db4bc8fbfe2e1ebf4b49928ad606ea79d;p=xen.git bitkeeper revision 1.427 (3f677444W1iVSBCd44M-cSsiZXgCsg) rename xen_enable_nat and xen_read_console --- diff --git a/.rootkeys b/.rootkeys index 54b563acad..3f76111e8f 100644 --- a/.rootkeys +++ b/.rootkeys @@ -141,12 +141,12 @@ 3eb781fd0Eo9K1jEFCSAVzO51i_ngg tools/internal/xi_stop.c 3f108ae2to5nHRRXfvUK7oxgjcW_yA tools/internal/xi_usage.c 3eb781fd7211MZsLxJSiuy7W4KnJXg tools/internal/xi_vifinit -3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/enable_nat -3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/enable_nat.README 3f1668d4-FUY6Enc7MB3GcwUtfJ5HA tools/misc/mkdevnodes -3f1668d4F29Jsw0aC0bJEIkOBiagiQ tools/misc/read_console_udp.c 3f5ef5a2ir1kVAthS14Dc5QIRCEFWg tools/misc/xen-clone 3f5ef5a2dTZP0nnsFoeq2jRf3mWDDg tools/misc/xen-clone.README +3f13d81eQ9Vz-h-6RDGFkNR9CRP95g tools/misc/xen_enable_nat +3f13d81e6Z6806ihYYUw8GVKNkYnuw tools/misc/xen_enable_nat.README +3f1668d4F29Jsw0aC0bJEIkOBiagiQ tools/misc/xen_read_console.c 3ddb79bcbOVHh38VJzc97-JEGD4dJQ xen/Makefile 3f5ef5a2Qtt8AshYs-KXFFNhKALeIg xen/README 3ddb79bcWnTwYsQRWl_PaneJfa6p0w xen/Rules.mk diff --git a/tools/misc/enable_nat b/tools/misc/enable_nat deleted file mode 100755 index e6b21a779b..0000000000 --- a/tools/misc/enable_nat +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh - -run_iptables() { - if ! iptables $@ ; then - echo "iptables returned error; have you built netfilter?"; exit 1 - fi -} - -ifconfig eth0:0 169.254.1.0 up -run_iptables -t filter -F -run_iptables -t nat -F -run_iptables -t filter -X -run_iptables -t nat -X -run_iptables -t filter -P FORWARD DROP -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT -run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN -run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE -echo 1 > /proc/sys/net/ipv4/ip_forward - diff --git a/tools/misc/enable_nat.README b/tools/misc/enable_nat.README deleted file mode 100644 index 0c6dd1cd70..0000000000 --- a/tools/misc/enable_nat.README +++ /dev/null @@ -1,24 +0,0 @@ -To use NAT in domain 0 to give access for other domains: -1) Make sure domain 0's kernel contains at least the following options: - (other domains don't need this) - -CONFIG_NETFILTER=y -CONFIG_IP_NF_CONNTRACK=y -CONFIG_IP_NF_FTP=y -CONFIG_IP_NF_IPTABLES=y -CONFIG_IP_NF_MATCH_STATE=y -CONFIG_IP_NF_FILTER=y -CONFIG_IP_NF_NAT=y -CONFIG_IP_NF_NAT_NEEDED=y -CONFIG_IP_NF_TARGET_MASQUERADE=y -CONFIG_IP_NF_NAT_FTP=y - -2) Run the enable_nat script on domain 0 startup. This will bind - 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure - that the real IP address for eth0 has been set before running the - script. -3) Give the other domains IP addresses in 169.254.0.0/16 and a default - gateway of 169.254.1.0. -4) It should now work. Domains 1 and higher should be able to make - outgoing connections through NAT. FTP active or passive should both - work thanks to FTP connection tracking diff --git a/tools/misc/read_console_udp.c b/tools/misc/read_console_udp.c deleted file mode 100644 index 632b01ad9a..0000000000 --- a/tools/misc/read_console_udp.c +++ /dev/null @@ -1,53 +0,0 @@ -/****************************************************************************** - * Test program for reading console lines from DOM0 port 666. - */ - -#include -#include -#include -#include -#include -#include - -int main(void) -{ - unsigned char buf[208], abuf[32]; - struct sockaddr_in addr, from; - int fromlen = sizeof(from); - int len, fd = socket(PF_INET, SOCK_DGRAM, 0); - - if ( fd < 0 ) - { - fprintf(stderr, "could not open datagram socket\n"); - return -1; - } - - memset(&addr, 0, sizeof(addr)); - addr.sin_addr.s_addr = htonl(0xa9fe0100); /* 169.254.1.0 */ - addr.sin_port = htons(666); - addr.sin_family = AF_INET; - if ( bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0 ) - { - fprintf(stderr, "could not bind to local address and port\n"); - return -1; - } - - while ( (len = recvfrom(fd, buf, sizeof(buf), 0, - (struct sockaddr *)&from, &fromlen)) - >= 0 ) - { - printf("%d-byte message from %s:%d --\n", len, - inet_ntop(AF_INET, &from.sin_addr, abuf, sizeof(abuf)), - ntohs(from.sin_port)); - - /* For sanity, clean up the string's tail. */ - if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; } - buf[len] = '\0'; - - printf("%s", buf); - - fromlen = sizeof(from); - } - - return 0; -} diff --git a/tools/misc/xen_enable_nat b/tools/misc/xen_enable_nat new file mode 100755 index 0000000000..e6b21a779b --- /dev/null +++ b/tools/misc/xen_enable_nat @@ -0,0 +1,20 @@ +#!/bin/sh + +run_iptables() { + if ! iptables $@ ; then + echo "iptables returned error; have you built netfilter?"; exit 1 + fi +} + +ifconfig eth0:0 169.254.1.0 up +run_iptables -t filter -F +run_iptables -t nat -F +run_iptables -t filter -X +run_iptables -t nat -X +run_iptables -t filter -P FORWARD DROP +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -s 169.254.0.0/16 -j ACCEPT +run_iptables -t filter -A FORWARD -i eth0 -o eth0 -d 169.254.0.0/16 -m state --state ESTABLISHED,RELATED -j ACCEPT +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.1.0 -j RETURN +run_iptables -t nat -A POSTROUTING -o eth0 -s 169.254.0.0/16 -j MASQUERADE +echo 1 > /proc/sys/net/ipv4/ip_forward + diff --git a/tools/misc/xen_enable_nat.README b/tools/misc/xen_enable_nat.README new file mode 100644 index 0000000000..0c6dd1cd70 --- /dev/null +++ b/tools/misc/xen_enable_nat.README @@ -0,0 +1,24 @@ +To use NAT in domain 0 to give access for other domains: +1) Make sure domain 0's kernel contains at least the following options: + (other domains don't need this) + +CONFIG_NETFILTER=y +CONFIG_IP_NF_CONNTRACK=y +CONFIG_IP_NF_FTP=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_STATE=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_NAT_NEEDED=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_NAT_FTP=y + +2) Run the enable_nat script on domain 0 startup. This will bind + 169.254.1.0 to domain 0 and set up iptables for NAT. Make sure + that the real IP address for eth0 has been set before running the + script. +3) Give the other domains IP addresses in 169.254.0.0/16 and a default + gateway of 169.254.1.0. +4) It should now work. Domains 1 and higher should be able to make + outgoing connections through NAT. FTP active or passive should both + work thanks to FTP connection tracking diff --git a/tools/misc/xen_read_console.c b/tools/misc/xen_read_console.c new file mode 100644 index 0000000000..632b01ad9a --- /dev/null +++ b/tools/misc/xen_read_console.c @@ -0,0 +1,53 @@ +/****************************************************************************** + * Test program for reading console lines from DOM0 port 666. + */ + +#include +#include +#include +#include +#include +#include + +int main(void) +{ + unsigned char buf[208], abuf[32]; + struct sockaddr_in addr, from; + int fromlen = sizeof(from); + int len, fd = socket(PF_INET, SOCK_DGRAM, 0); + + if ( fd < 0 ) + { + fprintf(stderr, "could not open datagram socket\n"); + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sin_addr.s_addr = htonl(0xa9fe0100); /* 169.254.1.0 */ + addr.sin_port = htons(666); + addr.sin_family = AF_INET; + if ( bind(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0 ) + { + fprintf(stderr, "could not bind to local address and port\n"); + return -1; + } + + while ( (len = recvfrom(fd, buf, sizeof(buf), 0, + (struct sockaddr *)&from, &fromlen)) + >= 0 ) + { + printf("%d-byte message from %s:%d --\n", len, + inet_ntop(AF_INET, &from.sin_addr, abuf, sizeof(abuf)), + ntohs(from.sin_port)); + + /* For sanity, clean up the string's tail. */ + if ( buf[len-1] != '\n' ) { buf[len] = '\n'; len++; } + buf[len] = '\0'; + + printf("%s", buf); + + fromlen = sizeof(from); + } + + return 0; +}