#!/bin/sh
# $Id: rc.vdenetwork,v 1.7 2011/12/06 14:18:08 root Exp root $
# Qemu environment preparation script

# ---------------------------------------------------------------------------
#
# After running this startup script, run a QEMU virtual machine in this way:
#
#  qemu-system-x86_64 \
#    -net vde,sock=/var/run/kvm0.ctl,vlan=0 -net nic,vlan=0 \
#    [qemu_option [qemu_option], ...]
#
# This will automatically connect the QEMU virtual machine to the VDE switch.
#
# ---------------------------------------------------------------------------
#
# Network type can be one of "route" "bridge" or "nat":
# - In "route" mode, the script will expect that the 'routed' daemon is running
#   on the host (see /etc/rc.d/rc.inet2 to start 'routed'), and will not
#   create iptables NAT rules.
#   The virtual network will be routed on the LAN and will be accessible as a
#   separate network segment (make sure the IP range defined below does not
#   conflict with existing parts of your network!). The guests will use our
#   private dnsmasq server to obtain IP addresses.
# - In "bridge" mode, the script will try to add the tap device to an existing
#   network bridge, and will not create iptables NAT rules.
#   The guests will be seen on the LAN as part of the network.
# - In "nat" mode, the script will create iptables NAT rules. These hide the
#   virtual network behind an internal NAT router. The guests will have full
#   network access, but will be accessible only from the host.
#
# ---------------------------------------------------------------------------

#NETWORKTYPE="route"
#NETWORKTYPE="bridge"
NETWORKTYPE="nat"

# Host interfaces that need to be NAT-ed (in case we're not bridging/routing):
# Add more interfaces space-separated, like "eth+ wlan+"
NAT_IFS="eth+"

# What is the bridge interface called if we are bridging?
BR_DEV=br0

# What is the name of the tun/tap device we will be using?
TAP_DEV=kvm0

start_tap() {
  # Load tun module
  /sbin/modprobe tun 2>/dev/null
  # Wait for the module to be loaded
  while ! /bin/lsmod |grep -q "^tun"; do echo Waiting for tun device;sleep 1; done

  # Start tap switch
  vde_switch --tap ${TAP_DEV} --daemon --group kvm \
    --sock /var/run/${TAP_DEV}.ctl --pidfile /var/run/${TAP_DEV}_vde.pid \
    --mod 775 --mgmtmode 770 --mgmt /var/run/${TAP_DEV}-manage

  sleep 1

  # Change pipe permission:
  #chmod -R a+rwx /var/run/vde.ctl
} # End start_tap

stop_tap() {
  # Bring tap interface down:
  ifconfig ${TAP_DEV} down

  # Kill VDE switch:
  #pgrep -f vde_switch | xargs kill -TERM
  kill -HUP $(cat /var/run/${TAP_DEV}_vde.pid)

  # Remove the control socket:
  #rmdir /var/run/vde.ctl
} # End stop_tap

start_localdhcp() {
  # The IP configuration for the tap device that will be used for
  # the virtual machine network:

  TAP_IP=10.111.111.254
  TAP_MASK=255.255.255.0
  TAP_BCAST=$(/bin/ipmask ${TAP_MASK} ${TAP_IP} | cut -f 1 -d ' ')

  # Definitions for the LAN segment the Qemu virtual machines will be in.
  # These definitions will be fed to dnsmasq - this program will provide DNS
  # and DHCP to the Qemu LAN.

  # The VM_IPLOW and VM_IPHIGH addresses must agree with the definitions for
  # the tap0 device above. These 'low' and 'high' values are the IP address
  # range for the DHCP server to use.

  VM_DOMAIN=qemu.lan
  VM_IPLOW=10.111.111.128
  VM_IPHIGH=10.111.111.199
  VM_BCAST=${TAP_BCAST}
  VM_MASK=${TAP_MASK}

  # For additional options to dnsmasq - the commented example specifies that
  # all DNS lookups for 'my.net' should go to 192.168.1.1;
  # On the second line you find a configuration for supporting network boot:
  #DNSMASQ_OPTIONS="--server /my.net/192.168.1.1 \
  #                 --dhcp-boot=/pxelinux.0,\"192.168.1.1\",192.168.1.1"
  DNSMASQ_OPTIONS=""

  # Bring tap interface up
  ifconfig ${TAP_DEV} ${TAP_IP} broadcast ${TAP_BCAST} netmask ${TAP_MASK}

  # Start dnsmasq, the DNS/DHCP server
  # for our Virtual Machines behind the tap0 interface.
  # The '--conf-file' option prevents this instance from reading the default
  # /etc/dnsmasq.conf settings. Also, binds to the tun interface, to keep it
  # from interfering with other dnsmasq/named processes running on the host's
  # primary interfaces. 
  /usr/sbin/dnsmasq \
    --log-queries \
    --user=daemon \
    --dhcp-leasefile=/var/state/dhcp/qemu-dhcpd.leases \
    --dhcp-range=${VM_IPLOW},${VM_IPHIGH},${VM_MASK},${VM_BCAST},8h \
    --interface=${TAP_DEV} --except-interface=lo --bind-interfaces \
    --pid-file=/var/run/${TAP_DEV}_dnsmasq.pid --conf-file \
    --domain=${VM_DOMAIN} \
    $DNSMASQ_OPTIONS

} # End start_localdhcp

stop_localdhcp() {
  # Stop dnsmasq
  #pgrep -f dnsmasq | xargs kill -TERM
  kill -TERM $(cat /var/run/${TAP_DEV}_dnsmasq.pid) \
    && rm -f /var/run/${TAP_DEV}_dnsmasq.pid
} # End stop_localdhcp

start_route() {
  # We need a private dnsmasq instance in a routed configuration:
  start_localdhcp
} # End start_route

stop_route() {
  # We need to stop our private dnsmasq instance in a routed configuration:
  stop_localdhcp
} # End stop_route

start_nat() {
  # Start IP Forwarding
  echo "1" > /proc/sys/net/ipv4/ip_forward
  for NIC in ${NAT_IFS}; do
    iptables -t nat -A POSTROUTING -o ${NIC} -j MASQUERADE
  done

  # We need a private dnsmasq instance in a NAT configuration:
  start_localdhcp

} # End start_nat

stop_nat() {
  # We need to stop our private dnsmasq in a NAT configuration:
  stop_localdhcp

  # Delete the NAT rules
  for NIC in ${NAT_IFS}; do
    iptables -t nat -D POSTROUTING -o ${NIC} -j MASQUERADE
  done
  # Stop IP Forwarding
  echo "0" > /proc/sys/net/ipv4/ip_forward
}

start_bridge() {
  # Connect our tap device from the bridge:
  /sbin/ifconfig $TAP_DEV down                              
  /sbin/ifconfig $TAP_DEV 0.0.0.0 promisc up                
  /sbin/brctl addif $BR_DEV $TAP_DEV
}

stop_bridge() {
  # Disconnect our tap device from the bridge:
  /sbin/brctl delif $BR_DEV $TAP_DEV
}

# See how we were called.

case "$1" in
  start)
    echo -n "Starting VDE network for QEMU: "

    start_tap
    start_$NETWORKTYPE
    echo
    ;;
  stop)
    echo -n "Stopping VDE network for QEMU: "
    stop_$NETWORKTYPE
    stop_tap
    echo
    ;;
  restart|reload)
    $0 stop
    sleep 1
    $0 start
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|reload}"
    exit 1
esac