[gentoo-commits] proj/openrc:master commit in: net/, doc/

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[Robin H. Johnson]

commit:     683a21b0a0e52ad756366a9527f509761214e971
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 21 09:41:48 2011 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Feb 21 09:41:48 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=683a21b0

net/vlan: update to use modern iproute2 interface

This replaces the vlan setup code that previously used the old vconfig
binary with a new implementation using the iproute2 interface.

vconfig does not handle many of the newer setups. No automatic migration
path is provided, as altering the configuration is non-trivial.

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Written-by: Guillaume Castagnino <casta <AT> xwing.info>
X-Gentoo-Bug: 346365

---
 doc/net.example.Linux.in |   21 +++++++++++-----
 net/vlan.sh              |   58 +++++++++++++++++++++++----------------------
 2 files changed, 44 insertions(+), 35 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 2d1a7dc..d3b97c5 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -527,7 +527,8 @@
 
 #-----------------------------------------------------------------------------
 # VLAN (802.1q support)
-# For VLAN support, emerge net-misc/vconfig
+# For VLAN support, emerge sys-apps/iproute2
+# The old vconfig based VLAN support is no longer available.
 
 # Specify the VLAN numbers for the interface like so
 # Please ensure your VLAN IDs are NOT zero-padded
@@ -537,10 +538,17 @@
 # need it up.
 #config_eth0="null"
 
-# You can also configure the VLAN - see for vconfig man page for more details
-#vconfig_eth0="set_name_type VLAN_PLUS_VID_NO_PAD"
-#vconfig_vlan1="set_flag 1
-#set_egress_map 2 6"
+# You can also configure the VLAN - see for ip man page for more details
+# To change the vlan interface name. If not set, the standard "iface.vlanid"
+# will be used
+#vlan1_name="vlan1"
+#vlan2_name="eth0.2"
+# Set the vlan flags
+#vlan1_flags="reorder_hdr off gvrp on loose_binding on"
+# Configure in/egress maps
+#vlan1_ingress="2:6 3:5"
+#vlan1_egress="1:2"
+
 #config_vlan1="172.16.3.1/23"
 #config_vlan2="172.16.2.1/23"
 
@@ -553,8 +561,7 @@
 # This means you do not need to create init scripts in /etc/init.d for each
 # vlan, you must need to create one for the physical interface.
 # If you wish to control the configuration of each vlan through a separate
-# script, or wish to rename the vlan interface to something that vconfig
-# cannot then you need to do this.
+# script then you need to do this.
 #vlan_start_eth0="no"
 
 # If you do the above then you may want to depend on eth0 like so

diff --git a/net/vlan.sh b/net/vlan.sh
index 5cd4957..1d50d4f 100644
--- a/net/vlan.sh
+++ b/net/vlan.sh
@@ -1,9 +1,18 @@
 # Copyright (c) 2007-2008 Roy Marples <roy@marples.name>
 # All rights reserved. Released under the 2-clause BSD license.
 
+_ip()
+{
+	if [ -x /bin/ip ]; then
+		echo /bin/ip
+	else
+		echo /sbin/ip
+	fi
+}
+
 vlan_depend()
 {
-	program /sbin/vconfig
+	program $(_ip)
 	after interface
 	before dhcp
 }
@@ -36,31 +45,12 @@ _check_vlan()
 
 vlan_pre_start()
 {
-	local vc="$(_get_array "vconfig_${IFVAR}")"
-	[ -z "${vc}" ] && return 0
-
-	_check_vlan || return 1
-	_exists || return 1
-
-	local v= x= e=
-	local IFS="$__IFS"
-	for v in ${vc}; do
-		unset IFS
-		case "${v}" in
-			set_name_type" "*) x=${v};;
-			*)
-				set -- ${v}
-				x="$1 ${IFACE}"
-				shift
-				x="${x} $@"
-				;;
-		esac
-
-		e="$(vconfig ${x} 2>&1 1>/dev/null)"
-		[ -z "${e}" ] && continue
-		eerror "${e}"
+	local vconfig
+	eval vconfig=\$vconfig_${IFVAR}
+	if [ -n "${vconfig}" ]; then
+		eerror "You must convert your vconfig_ VLAN entries to vlan${N} entries."
 		return 1
-	done
+	fi
 }
 
 vlan_post_start()
@@ -72,10 +62,22 @@ vlan_post_start()
 	_check_vlan || return 1
 	_exists || return 1
 
-	local vlan= e= s=
+	local vlan= e= s= vname= vflags= vingress= vegress=
 	for vlan in ${vlans}; do
 		einfo "Adding VLAN ${vlan} to ${IFACE}"
-		e="$(vconfig add "${IFACE}" "${vlan}" 2>&1 1>/dev/null)"
+		# We need to gather all interface configuration options
+		# 1) naming. Default to the standard "${IFACE}.${vlan}" but it can be anything
+		eval vname=\$vlan${vlan}_name
+		[ -z "${vname}" ] && vname="${IFACE}.${vlan}"
+		# 2) flags
+		eval vflags=\$vlan${vlan}_flags
+		# 3) ingress/egress map
+		eval vingress=\$vlan${vlan}_ingress
+		[ -z "${vingress}" ] || vingress="ingress-qos-map ${vingress}"
+		eval vegress=\$vlan${vlan}_egress
+		[ -z "${vegress}" ] || vegress="egress-qos-map ${vegress}"
+
+		e="$(ip link add link "${IFACE}" name "${vname}" type vlan id "${vlan}" ${vflags} ${vingress} ${vegress} 2>&1 1>/dev/null)"
 		if [ -n "${e}" ]; then
 			eend 1 "${e}"
 			continue
@@ -110,7 +112,7 @@ vlan_post_stop()
 			stop
 		) && {
 			mark_service_stopped "net.${vlan}"
-			vconfig rem "${vlan}" >/dev/null
+			ip link delete "${vlan}" type vlan >/dev/null
 		}
 	done
 

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[Robin H. Johnson]

commit:     dfd42d139357b23fb7629bea3bc39918a660cd4c
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 22 02:54:26 2011 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Feb 22 02:59:38 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=dfd42d13

net/ethtool: official interface for changing ethtool params (bug #195479)

Implement a consistent interface for changing ethtool parameters, as
suggested in bug 195479. All variable names are based on the long option
to ethtool to set each group of parameters. Multiple entries seperated
by newlines are permitted for variable values.

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
X-Gentoo-Bug: 195479

---
 doc/net.example.Linux.in |   66 ++++++++++++++++++++++++++++++++++++++++++++++
 net/Makefile.Linux       |    4 +-
 net/ethtool.sh           |   54 +++++++++++++++++++++++++++++++++++++
 3 files changed, 122 insertions(+), 2 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index d3b97c5..69c9ba6 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -980,6 +980,72 @@
 #ifplugd_eth0="--api-mode=wlan"
 # man ifplugd for more options
 
+#-----------------------------------------------------------------------------
+# Interface hardware tuning & configuration via ethtool
+# If you need to change explicit hardware settings on your network card prior
+# to bringing the interface up, the following is available.
+#
+# For a full listing of settings, please consulting ethtool(8) and the output
+# of "ethtool --help".
+#
+# Multiple entries (seperated by newlines) are supported in all of the
+# variables as some settings cannot be changed at the same time.
+#
+# Valid variable name fragments: change pause coalesce ring offload
+# change_eeprom identify nfc flash rxfh_indir ntuple
+
+# Set Wake-On-Lan to listen for SecureOn MagicPacket(tm), the message level to
+# notify us of WOL changes, and the SecureOn password to 'DE:AD:BE:EF:CA:FE'.
+#ethtool_change_eth0="wol gs
+#msglvl wol on
+#sopass DE:AD:BE:EF:CA:FE"
+
+# Disable pause auto-negotiation and explicitly enable RX and TX pause.
+#ethtool_pause_eth0="autoneg off
+#rx on tx on"
+
+# Enasble adaptive RX and TX coalescing
+#ethtool_coalesce_eth0="adaptive-rx on adaptive-tx on"
+
+# Change ring buffer settings
+#ethtool_ring_eth0=""
+
+# Enable all offload settings
+#ethtool_offload_eth0="rx on tx on sg on tso on ufo on gso on gro on lro on"
+
+# Change specific bytes in the EEPROM
+#ethtool_change_eeprom_eth0=""
+
+# Run the identify sequence on the interface for 1 second (does not return until completion)
+#ethtool_identify_eth0="1"
+
+# Configure receive network flow classification
+#ethtool_nfc_eth0="
+#rx-flow-hash tcp4 f
+#rx-flow-hash udp4 s"
+
+# Flash firmware to all regions
+#ethtool_flash_eth0="/some/path/firmware1 0"
+
+# Flash firmware to region 1
+#ethtool_flash_eth0="/some/path/firmware2 1"
+
+# Set receive flow hash indirection table for even balancing between N receive queues
+#ethtool_rxfh_indir_eth0="equal 4"
+
+# Configure Rx ntuple filters and actions
+#ethtool_ntuple_eth0=""
+
+# Additionally, there is a special control variable, if you need to change the
+# order of option processing. The default order is:
+# flash change-eeprom change pause coalesce ring offload identify nfc rxfh-indir ntuple
+
+# Set global order to default
+#ethtool_order="flash change-eeprom change pause coalesce ring offload identify nfc rxfh-indir ntuple"
+
+# Hypothetical network card that requires a change-eeprom toggle to enable flashing
+#ethtool_order_eth0="change-eeprom flash change pause coalesce ring offload nfc rxfh-indir ntuple"
+
 ##############################################################################
 # ADVANCED CONFIGURATION
 #

diff --git a/net/Makefile.Linux b/net/Makefile.Linux
index 7006d74..f7fb087 100644
--- a/net/Makefile.Linux
+++ b/net/Makefile.Linux
@@ -1,7 +1,7 @@
 SRCS+=		iwconfig.sh.in
 INC+=		adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \
-		ccwgroup.sh clip.sh iproute2.sh ifplugd.sh ip6to4.sh ipppd.sh \
-		iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
+		ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \
+		ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
 		vlan.sh
 
 .SUFFIXES:	.sh.Linux.in

diff --git a/net/ethtool.sh b/net/ethtool.sh
new file mode 100644
index 0000000..64b44a6
--- /dev/null
+++ b/net/ethtool.sh
@@ -0,0 +1,54 @@
+# Copyright (c) 2011 by Gentoo Foundation
+# All rights reserved. Released under the 2-clause BSD license.
+
+_ethtool() {
+	echo /usr/sbin/ethtool
+}
+
+ethtool_depend()
+{
+	program $(_ethtool)
+	before interface
+}
+
+# This is just to trim whitespace, do not add any quoting!
+_trim() {
+	echo $*
+}
+
+ethtool_pre_start() {
+	local order opt OFS="${OIFS}"
+	eval order=\$ethtool_order_${IFVAR}
+	[ -z "${order}" ] && eval order=\$ethtool_order
+	[ -z "${order}" ] && order="flash change-eeprom change pause coalesce ring offload identify nfc rxfh-indir ntuple"
+	# ethtool options not used: --driver, --register-dump, --eeprom-dump, --negotiate, --test, --statistics
+	eindent
+	for opt in ${order} ; do
+		local args
+		eval args=\$ethtool_${opt//-/_}_${IFVAR}
+
+		# Skip everything if no arguments
+		[ -z "${args}" ] && continue
+		
+		# Split on \n
+		local IFS="$__IFS"
+
+		for p in ${args} ; do
+			IFS="${OIFS}"
+			local args_pretty="$(_trim "${p}")"
+			# Do nothing if empty
+			[ -z "${args_prety}" ] && continue
+			args_pretty="--${opt} $IFACE ${args_pretty}"
+			args="--${opt} $IFACE ${args}"
+			ebegin "ethtool ${args_pretty}"
+			$(_ethtool) ${args}
+			rc=$?
+			eend $rc "ethtool exit code $rc"
+			# TODO: ethtool has MANY different exit codes, with no
+			# documentation as to which ones are fatal or not. For now we
+			# simply print the exit code and don't stop the start sequence.
+		done
+		IFS="${OIFS}"
+	done
+	eoutdent
+}

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[Robin H. Johnson]

commit:     3035ae3158eb44e77aa0d287309857f05f8521de
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 19 17:17:53 2011 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Apr 19 17:17:53 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=3035ae31

[oldnet] Bug #363959: Improve plug_timeout ifplugd/netplugd code.

- Add support for a global plug_timeout setting to match the
  documentation.
- Update the documentation to also show per-interface configuration.

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

---
 doc/net.example.Linux.in |    8 +++++---
 net/ifplugd.sh           |    2 ++
 net/netplugd.sh          |    2 ++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 709e201..5d7c49f 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -975,10 +975,12 @@
 # and you're done :)
 
 # By default we don't wait for netplug/ifplugd to configure the interface.
-# If you would like it to wait so that other services know that network is up
-# then you can specify a timeout here.
+# If you would like it to wait so that other services know that network is
+# up then you can specify a timeout here. A value of 0 means wait forever,
+# and a negative value means never wait.
+#plug_timeout_eth0="10"
+# If you want to set it for all interfaces:
 #plug_timeout="10"
-# A value of 0 means wait forever.
 
 # If you don't want to use netplug on a specific interface but you have it
 # installed, you can disable it for that interface via the modules statement

diff --git a/net/ifplugd.sh b/net/ifplugd.sh
index 9f6c884..34cd18a 100644
--- a/net/ifplugd.sh
+++ b/net/ifplugd.sh
@@ -51,7 +51,9 @@ ifplugd_pre_start()
 
 	eindent
 
+	# IFACE-specific, then global, then default
 	eval timeout=\$plug_timeout_${IFVAR}
+	[ -z "${timeout}" ] && timeout=$plug_timeout
 	[ -z "${timeout}" ] && timeout=-1
 	if [ ${timeout} -eq 0 ]; then
 		ewarn "WARNING: infinite timeout set for ${IFACE} to come up"

diff --git a/net/netplugd.sh b/net/netplugd.sh
index 8f36ef2..23b6d9e 100644
--- a/net/netplugd.sh
+++ b/net/netplugd.sh
@@ -53,7 +53,9 @@ netplugd_pre_start()
 
 	eindent
 
+	# IFACE-specific, then global, then default
 	eval timeout=\$plug_timeout_${IFVAR}
+	[ -z "${timeout}" ] && timeout=$plug_timeout
 	[ -z "${timeout}" ] && timeout=-1
 	if [ ${timeout} -eq 0 ]; then
 		ewarn "WARNING: infinite timeout set for ${IFACE} to come up"

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[Robin H. Johnson]

commit:     2d197357ef9b92c6a237b438723c2969b51a802d
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 19 17:17:53 2011 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Apr 19 17:49:20 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=2d197357

[oldnet] Bug #363959: Improve plug_timeout ifplugd/netplugd code.

- Add support for a global plug_timeout setting to match the
  documentation.
- Update the documentation to also show per-interface configuration.

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

---
 doc/net.example.Linux.in |    8 +++++---
 net/ifplugd.sh           |    2 ++
 net/netplugd.sh          |    2 ++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 709e201..5d7c49f 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -975,10 +975,12 @@
 # and you're done :)
 
 # By default we don't wait for netplug/ifplugd to configure the interface.
-# If you would like it to wait so that other services know that network is up
-# then you can specify a timeout here.
+# If you would like it to wait so that other services know that network is
+# up then you can specify a timeout here. A value of 0 means wait forever,
+# and a negative value means never wait.
+#plug_timeout_eth0="10"
+# If you want to set it for all interfaces:
 #plug_timeout="10"
-# A value of 0 means wait forever.
 
 # If you don't want to use netplug on a specific interface but you have it
 # installed, you can disable it for that interface via the modules statement

diff --git a/net/ifplugd.sh b/net/ifplugd.sh
index 9f6c884..34cd18a 100644
--- a/net/ifplugd.sh
+++ b/net/ifplugd.sh
@@ -51,7 +51,9 @@ ifplugd_pre_start()
 
 	eindent
 
+	# IFACE-specific, then global, then default
 	eval timeout=\$plug_timeout_${IFVAR}
+	[ -z "${timeout}" ] && timeout=$plug_timeout
 	[ -z "${timeout}" ] && timeout=-1
 	if [ ${timeout} -eq 0 ]; then
 		ewarn "WARNING: infinite timeout set for ${IFACE} to come up"

diff --git a/net/netplugd.sh b/net/netplugd.sh
index 8f36ef2..23b6d9e 100644
--- a/net/netplugd.sh
+++ b/net/netplugd.sh
@@ -53,7 +53,9 @@ netplugd_pre_start()
 
 	eindent
 
+	# IFACE-specific, then global, then default
 	eval timeout=\$plug_timeout_${IFVAR}
+	[ -z "${timeout}" ] && timeout=$plug_timeout
 	[ -z "${timeout}" ] && timeout=-1
 	if [ ${timeout} -eq 0 ]; then
 		ewarn "WARNING: infinite timeout set for ${IFACE} to come up"

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[William Hubbs]

commit:     f94e8836333f6dea142d9a7b29610fcc8d6b12a3
Author:     Stef Simoens <stef.simoens <AT> scarlet <DOT> be>
AuthorDate: Tue Sep 27 21:55:22 2011 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Wed Oct 26 16:28:39 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=f94e8836

Add macvlan support

X-Gentoo-Bug: 384029
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=384029

---
 doc/net.example.Linux.in |   12 ++++++++
 net/Makefile             |    2 +-
 net/macvlan.sh           |   69 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 82 insertions(+), 1 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 952f8eb..b841613 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -581,6 +581,18 @@
 # NOTE: depend functions only work in /etc/conf.d/net
 # and not in profile configs such as /etc/conf.d/net.foo
 
+# MAC-VLAN support
+# The following configuration can be used to create a new interface 'macvlan0'
+# linked to 'eth0'
+#macvlan_macvlan0="eth0"
+
+# MAC-VLAN mode (private, vepa, bridge, passtru)
+#mode_macvlan0="private"
+
+# IP address, MAC address, ... are configured as a normal interface
+#config_macvlan0="192.168.20.20/24"
+#mac_macvlan0="00:50:06:20:20:20"
+
 #-----------------------------------------------------------------------------
 # Bonding
 # For link bonding/trunking on 2.4 kernels, or kernels without sysfs

diff --git a/net/Makefile b/net/Makefile
index 664800d..e87d3dd 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -13,7 +13,7 @@ SRCS-Linux=	iwconfig.sh.in
 INC-Linux=	adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \
 		ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \
 		ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
-		vlan.sh
+		vlan.sh macvlan.sh
 
 SRCS-NetBSD=
 INC-NetBSD=	ifwatchd.sh

diff --git a/net/macvlan.sh b/net/macvlan.sh
new file mode 100644
index 0000000..92bcf1f
--- /dev/null
+++ b/net/macvlan.sh
@@ -0,0 +1,69 @@
+# 2011-09-22	Stef Simoens <stef@bgs.org>
+#		based on vlan.sh & tuntap.sh
+# Copyright (c) 2007-2008 Roy Marples <roy@marples.name>
+# All rights reserved. Released under the 2-clause BSD license.
+
+_ip()
+{
+	if [ -x /bin/ip ]; then
+		echo /bin/ip
+	else
+		echo /sbin/ip
+	fi
+}
+
+macvlan_depend()
+{
+	program $(_ip)
+	after interface
+	before dhcp macchanger
+}
+
+_is_macvlan()
+{
+	[ -n "$(export RC_SVCNAME="net.${IFACE}"; service_get_value macvlan)" ]
+}
+
+_check_macvlan()
+{
+	if [ ! -d /sys/module/macvlan ]; then
+		modprobe macvlan
+		if [ ! -d /sys/module/macvlan ]; then
+			eerror "MAC-VLAN support is not present in this kernel"
+			return 1
+		fi
+	fi
+}
+
+macvlan_pre_start()
+{
+	# MAC-VLAN needs an existing interface to link to
+	local macvlan=
+	eval macvlan=\$macvlan_${IFVAR}
+	[ -z "${macvlan}" ] && return 0
+
+	_check_macvlan || return 1
+
+	# optional mode, default to "private"
+	local mode=
+	eval mode=\$mode_${IFVAR}
+	[ -z "${mode}" ] && mode="private"
+
+	ebegin "Creating MAC-VLAN ${IFACE} to ${macvlan}"
+	e="$(ip link add link "${macvlan}" name "${IFACE}" type macvlan mode "${mode}" 2>&1 1>/dev/null)"
+	if [ -n "${e}" ]; then
+		eend 1 "${e}"
+	else
+		eend 0 && service_set_value macvlan "${macvlan}"
+	fi
+}
+
+
+macvlan_post_stop()
+{
+	_is_macvlan || return 0
+
+	ebegin "Removing MAC-VLAN ${IFACE}"
+	ip link delete "${IFACE}" type macvlan >/dev/null
+	eend $?
+}

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[William Hubbs]

commit:     a38a5071f3ddcde7f18514d4d669d2bc0fde2736
Author:     Salah Coronya <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Mon Dec 12 04:06:30 2011 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 03:40:39 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=a38a5071

Tuntap: add iproute2 support

This patch was modified by William Hubbs <williamh <AT> gentoo.org> to
document the new usage in net.example.

X-Gentoo-Bug: 394281
X-Gentoo-Bug-URL: http://bugs.gentoo.org/show_bug.cgi?id=394281

---
 doc/net.example.Linux.in |    5 ++++-
 net/tuntap.sh            |   24 +++++++++++++++++-------
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 7bae8d7..a86eebc 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -790,7 +790,7 @@
 
 #-----------------------------------------------------------------------------
 # TUN/TAP
-# For TUN/TAP support emerge net-misc/openvpn or sys-apps/usermode-utilities
+# For TUN/TAP support install iproute2, openvpn or usermode-utilities
 #
 # You must specify if we're a tun or tap device. Then you can give it any
 # name you like - such as vpn
@@ -801,6 +801,9 @@
 #tuntap_tap0="tap"
 #config_tap0="192.168.0.1/24"
 
+# Use something like this to pass custom options to iproute2 during
+# tunnel creation. This sets the user and group ownership of the node.
+#iproute2_tun1="user foo group bar"
 # For passing custom options to tunctl use something like the following.  This
 # example sets the owner to adm
 #tunctl_tun1="-u adm"

diff --git a/net/tuntap.sh b/net/tuntap.sh
index ac505ab..45a80fe 100644
--- a/net/tuntap.sh
+++ b/net/tuntap.sh
@@ -6,7 +6,7 @@ tuntap_depend()
 	before bridge interface macchanger
 }
 
-_config_vars="$_config_vars tunctl"
+_config_vars="$_config_vars iproute2 openvpn tunctl"
 
 _is_tuntap()
 {
@@ -44,28 +44,36 @@ tuntap_pre_start()
 	# Set the base metric to 1000
 	metric=1000
 
-	local o_opts= t_opts= do_openvpn=false do_tunctl=false
+	local i_opts= o_opts= t_opts=
+	local do_iproute2=false do_openvpn=false do_tunctl=false
+	eval i_opts=\$iproute2_${IFVAR}
 	eval o_opts=\$openvpn_${IFVAR}
 	eval t_opts=\$tunctl_${IFVAR}
 
-	if [ -n "${o_opts}" ] && type openvpn >/dev/null 2>&1; then
+	if [ -n "${i_opts}" ] && type ip >/dev/null 2>&1; then
+		do_iproute2=true
+	elif [ -n "${o_opts}" ] && type openvpn >/dev/null 2>&1; then
 		do_openvpn=true
 	elif [ -n "${t_opts}" ] && type tunctl >/dev/null 2>&1; then
 		do_tunctl=true
+	elif type ip >/dev/null 2>&1; then
+		do_iproute2=true
 	elif type openvpn >/dev/null 2>&1; then
 		do_openvpn=true
 	elif type tunctl >/dev/null 2>&1; then
 		do_tunctl=true
 	fi
 
-	if ${do_openvpn}; then
+	if ${do_iproute2}; then
+		ip tuntap add dev "${IFACE}" mode "${tuntap}" ${i_opts}
+	elif ${do_openvpn}; then
 		openvpn --mktun --dev-type "${tuntap}" --dev "${IFACE}" \
 			${o_opts} >/dev/null
 	elif ${do_tunctl}; then
 		tunctl ${t_opts} -t "${IFACE}" >/dev/null
 	else
-		eerror "Neither openvpn nor tunctl has been found, please install"
-		eerror "either \"openvpn\" or \"usermode-utilities\"."
+		eerror "Neither iproute2, openvpn nor tunctl has been found, please install"
+		eerror "either \"iproute2\" \"openvpn\" or \"usermode-utilities\"."
 	fi
 	eend $? && _up && service_set_value tuntap "${tuntap}"
 }
@@ -75,7 +83,9 @@ tuntap_post_stop()
 	_is_tuntap || return 0
 
 	ebegin "Destroying Tun/Tap interface ${IFACE}"
-	if type tunctl >/dev/null 2>&1; then
+	if type ip > /dev/null 2>&1; then
+		ip tuntap del dev ${IFACE} mode $(service_get_value tuntap)
+	elif type tunctl >/dev/null 2>&1; then
 		tunctl -d "${IFACE}" >/dev/null
 	else
 		openvpn --rmtun \

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[Robin H. Johnson]

commit:     06f6ce408cb7a7099c763ad13e1ad527e761b75f
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 13 08:17:22 2011 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Dec 13 08:19:58 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=06f6ce40

net/iproute2: Support routing policy for IPv6 per bug #385833

For creation of routing policy entries for IPv6, the family must be
explicitly specified to 'ip'.

X-Gentoo-Bug: 385833
X-Gentoo-Bug-URL: https://bugs.gentoo.org/385833
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

---
 doc/net.example.Linux.in |    7 +++++
 net/iproute2.sh          |   56 ++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 54 insertions(+), 9 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index a86eebc..0ee83a6 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -932,6 +932,8 @@
 # /etc/iproute2/rt_tables, an example follows:
 # 2 oob
 # 3 external
+#
+# IPv6 RPDB entries are to be found in the rules6_IFVAR variables:
 
 #rules_eth0="
 #from ZZZ.ZZZ.200.128/27 table oob priority 500
@@ -946,6 +948,11 @@
 #XXX.XXX.112.0/24 dev eth1 table external scope link
 #default via XXX.XXX.112.1 dev eth1"
 
+# IPv6 example:
+#rules6_eth0="
+#from 2001:0DB8:AAAA:BBBB::/64 table vpn priority 100
+#to 2001:0DB8:AAAA:BBBB::/64 table vpn priority 150"
+
 
 #-----------------------------------------------------------------------------
 # System

diff --git a/net/iproute2.sh b/net/iproute2.sh
index e177c6d..4e7e88c 100644
--- a/net/iproute2.sh
+++ b/net/iproute2.sh
@@ -211,7 +211,16 @@ _trim() {
 # This is our interface to Routing Policy Database RPDB
 # This allows for advanced routing tricks
 _ip_rule_runner() {
-	local cmd rules OIFS="${IFS}"
+	local cmd rules OIFS="${IFS}" family
+	if [ "x$1" = "-4" ]; then
+		family="$1"
+		shift
+	elif [ "x$1" = "-6" ]; then
+		family="$1"
+		shift
+	else
+		family="-4"
+	fi
 	cmd="$1"
 	rules="$2"
 	veindent
@@ -221,7 +230,7 @@ _ip_rule_runner() {
 		ruN="$(_trim "${ru}")"
 		[ -z "${ruN}" ] && continue
 		vebegin "${cmd} ${ruN}"
-		ip rule ${cmd} ${ru}
+		ip $family rule ${cmd} ${ru}
 		veend $?
 		local IFS="$__IFS"
 	done
@@ -277,15 +286,30 @@ iproute2_post_start()
 	if [ -e /proc/net/route ]; then
 		local rules="$(_get_array "rules_${IFVAR}")"
 		if [ -n "${rules}" ]; then
-			if ! ip rule list | grep -q "^"; then
+			if ! ip -4 rule list | grep -q "^"; then
 				eerror "IP Policy Routing (CONFIG_IP_MULTIPLE_TABLES) needed for ip rule"
 			else
 				service_set_value "ip_rule" "${rules}"
-				einfo "Adding RPDB rules"
-				_ip_rule_runner add "${rules}"
+				einfo "Adding IPv4 RPDB rules"
+				_ip_rule_runner -4 add "${rules}"
 			fi
 		fi
-		ip route flush table cache dev "${IFACE}"
+		ip -4 route flush table cache dev "${IFACE}"
+	fi
+
+	# Kernel may not have IPv6 built in
+	if [ -e /proc/net/ipv6_route ]; then
+		local rules="$(_get_array "rules6_${IFVAR}")"
+		if [ -n "${rules}" ]; then
+			if ! ip -6 rule list | grep -q "^"; then
+				eerror "IPv6 Policy Routing (CONFIG_IPV6_MULTIPLE_TABLES) needed for ip rule"
+			else
+				service_set_value "ip6_rule" "${rules}"
+				einfo "Adding IPv6 RPDB rules"
+				_ip_rule_runner -6 add "${rules}"
+			fi
+		fi
+		ip -6 route flush table cache dev "${IFACE}"
 	fi
 
 	if _iproute2_ipv6_tentative; then
@@ -308,13 +332,27 @@ iproute2_post_stop()
 	if [ -e /proc/net/route ]; then
 		local rules="$(service_get_value "ip_rule")"
 		if [ -n "${rules}" ]; then
-			einfo "Removing RPDB rules"
-			_ip_rule_runner del "${rules}"
+			einfo "Removing IPv4 RPDB rules"
+			_ip_rule_runner -4 del "${rules}"
+		fi
+
+		# Only do something if the interface actually exist
+		if _exists; then
+			ip -4 route flush table cache dev "${IFACE}"
+		fi
+	fi
+	
+	# Kernel may not have IPv6 built in
+	if [ -e /proc/net/ipv6_route ]; then
+		local rules="$(service_get_value "ip6_rule")"
+		if [ -n "${rules}" ]; then
+			einfo "Removing IPv6 RPDB rules"
+			_ip_rule_runner -6 del "${rules}"
 		fi
 
 		# Only do something if the interface actually exist
 		if _exists; then
-			ip route flush table cache dev "${IFACE}"
+			ip -6 route flush table cache dev "${IFACE}"
 		fi
 	fi
 

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[Robin H. Johnson]

commit:     a6db2374fe69704ec55de86d815b127432328f24
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 17:20:19 2012 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 17:20:19 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=a6db2374

Bug #427152: Port of VLAN code to sysfs/iproue2 from vconfig lost the ability to create different vlans with the same ID but different interfaces on a single system. Implement it now.

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

---
 doc/net.example.Linux.in |   22 +++++++++++++++-------
 net/vlan.sh              |   31 +++++++++++++++++++++++--------
 2 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 870c794..31da4cb 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -552,26 +552,34 @@
 # You can also configure the VLAN - see for ip man page for more details
 # To change the vlan interface name. If not set, the standard "iface.vlanid"
 # will be used. This is the replacement for the old 'vconfig set_name_type'
-# functionality.
+# functionality. If you previously relied on the DEV_PLUS_VID or
+# DEV_PLUS_VID_NO_PAD options to have different VLANs with same ID value, on
+# different interfaces, please note that you need to use both the interface and
+# vlan number in the numbering. This applies for all of the options: name,
+# txqueuelen, mac, broadcast, mtu, ingress, egress, flags
 #vlan1_name="vlan1"
-#vlan2_name="eth0.2"
+#eth0_vlan2_name="eth0.2"
+#eth1_vlan2_name="eth1.2"
 
 # The following shows the old set_name_type setting and what new option to set:
 # Using eth9 & VLAN VID 26 as an example.
 # VLAN_PLUS_VID         vlan26_name="vlan0026"
 # VLAN_PLUS_VID_NO_PAD  vlan26_name="vlan26"
-# DEV_PLUS_VID          vlan26_name="eth9.0026"
-# DEV_PLUS_VID_NO_PAD   vlan26_name="eth9.26"
+# DEV_PLUS_VID          eth9_vlan26_name="eth9.0026"
+# DEV_PLUS_VID_NO_PAD   eth9_vlan26_name="eth9.26"
 
 # Set the vlan flags
 #vlan1_flags="reorder_hdr off gvrp on loose_binding on"
+#eth0_vlan1_flags="reorder_hdr off gvrp on loose_binding on"
 
 # Configure in/egress maps
 #vlan1_ingress="2:6 3:5"
-#vlan1_egress="1:2"
+#eth0_vlan1_egress="1:2"
 
-#config_vlan1="172.16.3.1/23"
-#config_vlan2="172.16.2.1/23"
+#config_vlan1="172.16.2.1/24"
+#config_vlan2="172.16.3.1/24"
+#config_eth0_1="172.16.4.1/24"
+#config_eth1_1="172.16.5.1/24"
 
 # NOTE: Vlans can be configured with a . in their interface names
 # When configuring vlans with this name type, you need to replace . with a _

diff --git a/net/vlan.sh b/net/vlan.sh
index ff63dfd..b29af80 100644
--- a/net/vlan.sh
+++ b/net/vlan.sh
@@ -66,26 +66,41 @@ vlan_post_start()
 		einfo "Adding VLAN ${vlan} to ${IFACE}"
 		# We need to gather all interface configuration options
 		# 1) naming. Default to the standard "${IFACE}.${vlan}" but it can be anything
-		eval vname=\$vlan${vlan}_name
+		eval vname=\$${IFACE}_vlan${vlan}_name
+		[ -z "${vname}" ] && eval vname=\$vlan${vlan}_name
 		[ -z "${vname}" ] && vname="${IFACE}.${vlan}"
 		# 2) flags
-		eval vflags=\$vlan${vlan}_flags
+		eval vflags=\$${IFACE}_vlan${vlan}_flags
+		[ -z "${vname}" ] && eval vflags=\$vlan${vlan}_flags
 		# 3) ingress/egress map
-		eval vingress=\$vlan${vlan}_ingress
+		eval vingress=\$${IFACE}_vlan${vlan}_ingress
+		[ -z "${vingress}" ] && eval vingress=\$vlan${vlan}_ingress
 		[ -z "${vingress}" ] || vingress="ingress-qos-map ${vingress}"
-		eval vegress=\$vlan${vlan}_egress
+		eval vegress=\$${IFACE}_vlan${vlan}_egress
+		[ -z "${vegress}" ] && eval vegress=\$vlan${vlan}_egress
 		[ -z "${vegress}" ] || vegress="egress-qos-map ${vegress}"
 
+		# txqueue
 		local txqueuelen=
-		eval txqueuelen=\$txqueuelen_vlan${vlan}
+		eval txqueuelen=\$txqueuelen_${IFACE}_vlan${vlan}
+		[ -z "${txqueuelen}" ] && eval txqueuelen=\$txqueuelen_vlan${vlan}
+		# mac
 		local mac=
-		eval mac=\$mac_vlan${vlan}
+		eval mac=\$mac_${IFACE}_vlan${vlan}
+		[ -z "${mac}" ] && eval mac=\$mac_vlan${vlan}
+		# broadcast
 		local broadcast=
-		eval broadcast=\$broadcast_vlan${vlan}
+		eval broadcast=\$broadcast_${IFACE}_vlan${vlan}
+		[ -z "${broadcast}" ] && eval broadcast=\$broadcast_vlan${vlan}
+		# mtu
 		local mtu=
-		eval mtu=\$mtu_vlan${vlan}
+		eval mtu=\$mtu_${IFACE}_vlan${vlan}
+		[ -z "${mtu}" ] && eval mtu=\$mtu_vlan${vlan}
+
+		# combine it all
 		local opts="${txqueuelen:+txqueuelen} ${txqueuelen} ${mac:+address} ${mac} ${broadcast:+broadcast} ${broadcast} ${mtu:+mtu} ${mtu}"
 
+		veinfo "ip link add link \"${IFACE}\" name \"${vname}\" ${opts} type vlan id \"${vlan}\" ${vflags} ${vingress} ${vegress}"
 		e="$(ip link add link "${IFACE}" name "${vname}" ${opts} type vlan id "${vlan}" ${vflags} ${vingress} ${vegress} 2>&1 1>/dev/null)"
 		if [ -n "${e}" ]; then
 			eend 1 "${e}"

[gentoo-commits] proj/openrc:master commit in: net/, doc/

[William Hubbs]

commit:     5657fa797512b31ada66e901b891961e63861208
Author:     Doug Goldstein <cardoe <AT> cardoe <DOT> com>
AuthorDate: Mon Nov  5 22:54:09 2012 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Mon Nov  5 23:20:08 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=5657fa79

oldnet: add firewalld support

---
 doc/net.example.Linux.in |    7 +++++++
 net/Makefile             |    2 +-
 net/firewalld.sh         |   38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 1 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 70ae4e9..f050c2a 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -1137,6 +1137,13 @@
 # Hypothetical network card that requires a change-eeprom toggle to enable flashing
 #ethtool_order_eth0="change-eeprom flash change pause coalesce ring offload nfc rxfh-indir ntuple"
 
+#-----------------------------------------------------------------------------
+# Firewalld support
+# If you are using the firewalld daemon to configure your firewall
+# settings and you have specific zones you want to apply to your
+# interfaces, you can do this here.
+#firewalld_zone_eth0="myzone"
+
 ##############################################################################
 # ADVANCED CONFIGURATION
 #

diff --git a/net/Makefile b/net/Makefile
index 660b1fa..cc24a80 100644
--- a/net/Makefile
+++ b/net/Makefile
@@ -13,7 +13,7 @@ SRCS-Linux=	iwconfig.sh.in
 INC-Linux=	adsl.sh apipa.sh arping.sh bonding.sh br2684ctl.sh bridge.sh \
 		ccwgroup.sh clip.sh ethtool.sh iproute2.sh ifplugd.sh ip6to4.sh \
 		ipppd.sh iwconfig.sh netplugd.sh pppd.sh pump.sh tuntap.sh udhcpc.sh \
-		vlan.sh macvlan.sh ip6rd.sh
+		vlan.sh macvlan.sh ip6rd.sh firewalld.sh
 
 SRCS-NetBSD=
 INC-NetBSD=	ifwatchd.sh

diff --git a/net/firewalld.sh b/net/firewalld.sh
new file mode 100644
index 0000000..b002967
--- /dev/null
+++ b/net/firewalld.sh
@@ -0,0 +1,38 @@
+# Copyright (c) 2012 Doug Goldstein <cardoe@cardoe.com>
+# Released under the 2-clause BSD license.
+
+firewalld_depend()
+{
+	after interface
+	before dhcp
+	program start firewall-cmd
+	[ "$IFACE" != "lo" ] && need firewalld
+}
+
+_config_vars="$_config_vars firewalld_zone"
+
+firewalld_post_start()
+{
+	local firewalld_zone=
+	eval firewalld_zone=\$firewalld_zone_${IFVAR}
+
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --zone="${firewalld_zone}" \
+			--change-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}
+
+firewalld_pre_stop()
+{
+	_exists || return 0
+
+	if [ "${IFACE}" != "lo" ]; then
+		firewall-cmd --remove-interface="${IFACE}" > /dev/null 2>&1
+	fi
+
+	return 0
+}