Switch to tc mirrored to get rid of macvtap (#110)

Author: robertvolkmann

scripts/manage_vms.py

@@ -13,7 +13,7 @@
         "disk-path": "/machine01.img",
         "disk-size": "5G",
         "memory": "2G",
-        "tap-index-fd": [(0, 30), (1, 40)],
+        "lan_indices": [0, 1],
         "serial-port": 4000,
     },
     "machine02": {
@@ -22,7 +22,7 @@
         "disk-path": "/machine02.img",
         "disk-size": "5G",
         "memory": "2G",
-        "tap-index-fd": [(2, 50), (3, 60)],
+        "lan_indices": [2, 3],
         "serial-port": 4001,
     },
     "machine03": {
@@ -31,7 +31,7 @@
         "disk-path": "/machine03.img",
         "disk-size": "5G",
         "memory": "2G",
-        "tap-index-fd": [(4, 70), (5, 80)],
+        "lan_indices": [4, 5],
         "serial-port": 4002,
     },
 }
@@ -126,18 +126,6 @@ def _delete_vm_disk(path):
 
     @staticmethod
     def _start_vm(machine):
-        nics = []
-        netdevices = []
-        for tap in machine.get("tap-index-fd", []):
-            ifindex = tap[0]
-            fd = tap[1]
-
-            mac = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/address".format(ifindex=ifindex)]).decode("utf-8").strip()
-            tapindex = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/ifindex".format(ifindex=ifindex)]).decode("utf-8").strip()
-
-            nics.append("virtio-net,netdev=hn{ifindex},mac={mac}".format(ifindex=ifindex, mac=mac))
-            netdevices.append("tap,fd={fd},id=hn{ifindex} {fd}<>/dev/tap{tapindex}".format(fd=fd, ifindex=ifindex, tapindex=tapindex))
-
         cmd = [
             "qemu-system-x86_64",
             "-name", machine.get("name"),
@@ -153,13 +141,13 @@ def _start_vm(machine):
             "-nographic",
         ]
 
-        for nic in nics:
-            cmd.append("-device")
-            cmd.append(nic)
-
-        for device in netdevices:
-            cmd.append("-netdev")
-            cmd.append(device)
+        for i in machine["lan_indices"]:
+            with open(f'/sys/class/net/lan{i}/address', 'r') as f:
+                mac = f.read().strip()
+            cmd.append('-device')
+            cmd.append(f'virtio-net,netdev=hn{i},mac={mac}')
+            cmd.append(f'-netdev')
+            cmd.append(f'tap,id=hn{i},ifname=tap{i},script=/mini-lab/mirror_tap_to_lan.sh,downscript=no')
 
         cmd.append("&")
 

scripts/mirror_tap_to_lan.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Script is taken from https://netdevops.me/2021/transparently-redirecting-packets/frames-between-interfaces/
+# Script is taken from https://netdevops.me/2021/transparently-redirecting-packetsframes-between-interfaces/
+# Read it for better understanding
+
+set -o errexit
+TAP_IF=$1
+# get interface index number up to 3 digits (everything after first three chars)
+# tap0 -> 0
+# tap123 -> 123
+INDEX=${TAP_IF:3:3}
+
+ip link set $TAP_IF up
+ip link set $TAP_IF mtu 65000
+
+# create tc lan<->tap redirect rules
+tc qdisc add dev lan$INDEX ingress
+tc filter add dev lan$INDEX parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev $TAP_IF
+
+tc qdisc add dev $TAP_IF ingress
+tc filter add dev $TAP_IF parent ffff: protocol all u32 match u8 0 0 action mirred egress redirect dev lan$INDEX

scripts/vms_entrypoint.sh

@@ -25,15 +25,4 @@ while [ "$MYINT" -lt "$INTFS" ]; do
   int_calc
 done
 
-# creating macvtap interfaces for the qemu vms
-for i in $(seq 0 5); do
-  ip link add link lan${i} name macvtap${i} type macvtap mode passthru
-  ip link set macvtap${i} up
-  ip link set macvtap${i} promisc on
-done
-
-echo "Connected all interfaces"
-ifdown -a || true
-ifup -a || true
-
 tail -f /dev/null