Handle network hooks located in /rw/config/network-hooks.d

Example: /rw/config/network-hooks.d/test.sh \#!/bin/bash command="$1" vif="$2" ip="$3" if [ "$ip" == '10.137.0.100' ]; then case "$command" in online) ip route add 192.168.0.100 via 10.137.0.100 ;; offline) ip route del 192.168.0.100 ;; esac fi
2019-05-28 18:56:44 +02:00 · 2019-05-28 18:56:44 +02:00 · 73ed5e85fc
commit 73ed5e85fc
parent da33d87c23
1 changed files with 30 additions and 21 deletions
--- a/network/vif-route-qubes
+++ b/network/vif-route-qubes
@ -95,10 +95,11 @@ domid=${domid/.*/}
 #  32752 is max XID aka domid
 metric=$(( 32752 - domid ))

-if [ "${ip}" ] ; then
+if [ "${ip}" ]; then
    # If we've been given a list of IP addresses, then add routes from dom0 to
    # the guest using those addresses.
-	for addr in ${ip} ; do
+    for addr in ${ip};
+    do
        ${cmdprefix} ip route "${ipcmd}" "${addr}" dev "${vif}" metric "$metric"
        if [[ "$addr" = *:* ]]; then
            ipt=ip6tables-restore
@ -107,6 +108,15 @@ if [ "${ip}" ] ; then
        fi
        echo -e "*raw\\n$iptables_cmd -i ${vif} ! -s ${addr} -j DROP\\nCOMMIT" | \
            ${cmdprefix} $ipt --noflush $ipt_arg
+
+        # Network Hooks for triggering supplementary actions on AppVM connect
+        if [ -d /rw/config/network-hooks.d ]; then
+            for hook in /rw/config/network-hooks.d/*
+            do
+                log debug "Executing network-hook $(basename "$hook")..."
+                do_without_error "${hook}" "${command}" "${vif}" "${addr}"
+            done
+        fi
    done
    # if no IPv6 is assigned, block all IPv6 traffic on that interface
    if ! [[ "$ip" = *:* ]]; then
@ -120,8 +130,7 @@ if [ "${ip}" ] ; then
 fi

 log debug "Successful vif-route-qubes $command for $vif."
-if [ "$command" = "online" ]
-then
+if [ "$command" = "online" ]; then
  # disable tx checksumming offload, apparently it doesn't work with our ancient qemu in stubdom
  do_without_error ethtool -K "$vif" tx off
  success