Hello,<br><br>Here's some random patches for your consideration :-)<br><br>First patch allows you to specify the source of the random numbers instead of /dev/random. Using /dev/urandom is faster and doesn't exhaust hosts entropy, or you could specify /dev/hwrng for direct access, etc.<br>
<br>--- lguest.c.orig 2010-12-01 19:48:18.212001069 +1100<br>+++ lguest.c 2010-12-01 19:52:15.325002565 +1100<br>@@ -1802,13 +1802,13 @@<br> /*L:199<br> * This creates a "hardware" random number device for the Guest.<br>
*/<br>-static void setup_rng(void)<br>+static void setup_rng(char *rng_source)<br> {<br> struct device *dev;<br> struct rng_info *rng_info = malloc(sizeof(*rng_info));<br><br>- /* Our device's privat info simply contains the /dev/random fd. */<br>
- rng_info->rfd = open_or_die("/dev/random", O_RDONLY);<br>+ /* Our device's privat info simply contains the rng_source fd. */<br>+ rng_info->rfd = open_or_die(rng_source, O_RDONLY);<br>
<br> /* Create the new device. */<br> dev = new_device("rng", VIRTIO_ID_RNG);<br>@@ -1817,7 +1817,7 @@<br> /* The device has one virtqueue, where the Guest places inbufs. */<br> add_virtqueue(dev, VIRTQUEUE_NUM, rng_input);<br>
<br>- verbose("device %u: rng\n", devices.device_num++);<br>+ verbose("device %u: rng from %s\n", devices.device_num++, rng_source);<br> }<br> /* That's the end of device setup. */<br><br>
@@ -1885,6 +1885,7 @@<br> { "tunnet", 1, NULL, 't' },<br> { "block", 1, NULL, 'b' },<br> { "rng", 0, NULL, 'r' },<br>+ { "rng-source", 1, NULL, 's' },<br>
{ "initrd", 1, NULL, 'i' },<br> { "username", 1, NULL, 'u' },<br> { "chroot", 1, NULL, 'c' },<br>@@ -1916,6 +1917,9 @@<br> /* Directory to chroot to */<br>
char *chroot_path = NULL;<br><br>+ /* RNG source, defaults to /dev/random */<br>+ char *rng_source = "/dev/random";<br>+<br> /* Save the args: we "reboot" by execing ourselves again. */<br>
main_args = argv;<br><br>@@ -1966,8 +1970,11 @@<br> case 'b':<br> setup_block_file(optarg);<br> break;<br>+ case 's':<br>+ rng_source = optarg;<br>
+ break;<br> case 'r':<br>- setup_rng();<br>+ setup_rng(rng_source);<br> break;<br> case 'i':<br>
initrd_name = optarg;<br><br><br><br>This patch allows you to specify the tap device name -- useful for iptables -i interface and long lived rules.<br><br><br><br>--- lguest.c.rng 2010-12-01 20:24:44.577001373 +1100<br>
+++ lguest.c 2010-12-01 20:22:24.924001823 +1100<br>@@ -1482,7 +1482,8 @@<br> */<br> netfd = open_or_die("/dev/net/tun", O_RDWR);<br> ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_VNET_HDR;<br>
- strcpy(ifr.ifr_name, "tap%d");<br>+ strcpy(ifr.ifr_name, tapif);<br> if (ioctl(netfd, TUNSETIFF, &ifr) != 0)<br> err(1, "configuring /dev/net/tun");<br><br>@@ -1506,7 +1507,7 @@<br>
* packets into the Host as if they came in from a normal network card. We<br> * just shunt packets between the Guest and the tun device.<br> */<br>-static void setup_tun_net(char *arg)<br>+static void setup_tun_net(char *arg, char *tapdev_name)<br>
{<br> struct device *dev;<br> struct net_info *net_info = malloc(sizeof(*net_info));<br>@@ -1516,6 +1517,10 @@<br> char tapif[IFNAMSIZ], *p;<br> struct virtio_net_config conf;<br><br>+ /* Copy over the device name we are going to use */<br>
+ strncpy(tapif, tapdev_name, IFNAMSIZ);<br>+ tapif[IFNAMSIZ-1] = '\0';<br>+<br> net_info->tunfd = get_tun_device(tapif);<br><br> /* First we create a new network device. */<br>@@ -1882,6 +1887,7 @@<br>
<br> static struct option opts[] = {<br> { "verbose", 0, NULL, 'v' },<br>+ { "tap-name", 1, NULL, 'd' },<br> { "tunnet", 1, NULL, 't' },<br> { "block", 1, NULL, 'b' },<br>
{ "rng", 0, NULL, 'r' },<br>@@ -1920,6 +1926,9 @@<br> /* RNG source, defaults to /dev/random */<br> char *rng_source = "/dev/random";<br><br>+ /* The device name to set in setup_tun_net */<br>
+ char *tap_name = "tap%d";<br>+<br> /* Save the args: we "reboot" by execing ourselves again. */<br> main_args = argv;<br><br>@@ -1964,8 +1973,11 @@<br> case 'v':<br>
verbose = true;<br> break;<br>+ case 'd':<br>+ tap_name = optarg;<br>+ break;<br> case 't':<br>
- setup_tun_net(optarg);<br>+ setup_tun_net(optarg, tap_name);<br> break;<br> case 'b':<br> setup_block_file(optarg);<br>
<br><br>This patch allows you to specify the netmask on the command line. Useful if you don't want to assign the default netmask class to the instance. (ie, /31 or /30's). <br><br>--- lguest.c.tapdev 2010-12-01 20:27:13.462001086 +1100<br>
+++ lguest.c 2010-12-01 20:53:24.990000713 +1100<br>@@ -1447,7 +1447,7 @@<br> * it up so packets will flow, the copies the MAC address into the hwaddr<br> * pointer.<br> */<br>-static void configure_device(int fd, const char *tapif, u32 ipaddr)<br>
+static void configure_device(int fd, const char *tapif, u32 ipaddr, u32 netmask)<br> {<br> struct ifreq ifr;<br> struct sockaddr_in sin;<br>@@ -1459,8 +1459,26 @@<br> sin.sin_family = AF_INET;<br> sin.sin_addr.s_addr = htonl(ipaddr);<br>
memcpy(&ifr.ifr_addr, &sin, sizeof(sin));<br>+<br> if (ioctl(fd, SIOCSIFADDR, &ifr) != 0)<br> err(1, "Setting %s interface address", tapif);<br>+<br>+ if(netmask) {<br>
+ sin.sin_addr.s_addr = htonl(netmask);<br>+ memcpy(&ifr.ifr_netmask, &sin, sizeof(sin));<br>+<br>+ if(ioctl(fd, SIOCSIFNETMASK, &ifr) != 0)<br>+ err(1, "Setting %s interface netmask", tapif);<br>
+<br>+ /* Set the broadcast address, otherwise it will be incorrect :/ */<br>+ sin.sin_addr.s_addr = htonl(ipaddr | ~(0xffffffff & netmask));<br>+ memcpy(&ifr.ifr_broadaddr, &sin, sizeof(sin));<br>
+<br>+ if(ioctl(fd, SIOCSIFBRDADDR, &ifr) != 0)<br>+ err(1, "Setting %s interface broadcast", tapif);<br>+<br>+ }<br>+<br> ifr.ifr_flags = IFF_UP;<br> if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0)<br>
err(1, "Bringing interface %s up", tapif);<br>@@ -1513,6 +1531,7 @@<br> struct net_info *net_info = malloc(sizeof(*net_info));<br> int ipfd;<br> u32 ip = INADDR_ANY;<br>+ u32 nm = 0;<br>
bool bridging = false;<br> char tapif[IFNAMSIZ], *p;<br> struct virtio_net_config conf;<br>@@ -1553,14 +1572,25 @@<br> *p = '\0';<br> }<br><br>- /* arg is now either an IP address or a bridge name */<br>
- if (bridging)<br>+ /* arg is now either an IP address(/netmask) or a bridge name */<br>+ if (bridging) {<br> add_to_bridge(ipfd, tapif, arg);<br>- else<br>+ } else {<br>+ p = strchr(arg, '/');<br>
+ if(p) {<br>+ /* Calculate the netmask */<br>+ int shift = 0;<br>+ shift = atoi(p+1);<br>+ nm = ~(0xffffffff >> shift);<br>
+<br>+ *p = 0;<br>+ }<br>+<br> ip = str2ip(arg);<br>+ }<br><br> /* Set up the tun device. */<br>- configure_device(ipfd, tapif, ip);<br>+ configure_device(ipfd, tapif, ip, nm);<br>
<br> add_feature(dev, VIRTIO_F_NOTIFY_ON_EMPTY);<br> /* Expect Guest to handle everything except UFO */<br><br><br>And here's some additional documentation :-)<br><br>--- lguest.txt.orig 2010-12-01 20:58:32.555001127 +1100<br>
+++ lguest.txt 2010-12-01 21:05:16.253000679 +1100<br>@@ -83,7 +83,13 @@<br> can also use a standard bzImage.<br><br> --tunnet=<a href="http://192.168.19.1">192.168.19.1</a>: configures a "tap" device for networking with this<br>
- IP address.<br>+ IP address. You can specify the netmask in CIDR notation as<br>+ --tunnet=<a href="http://192.168.19.1/30">192.168.19.1/30</a><br>+<br>+ If you require the ability to specify the tap device name, the option<br>
+ --tap-name example0 can be specified before --tunnet. This can be<br>+ useful if you are running multiple lguest's, and are using<br>+ iptables.<br><br> --block=rootfile: a file or block device which becomes /dev/vda<br>
inside the guest.<br>@@ -114,10 +120,15 @@<br> See <a href="http://linux-net.osdl.org/index.php/Bridge">http://linux-net.osdl.org/index.php/Bridge</a> for general information<br> on how to get bridging working.<br>
<br>-- Random number generation. Using the --rng option will provide a<br>- /dev/hwrng in the guest that will read from the host's /dev/random.<br>- Use this option in conjunction with rng-tools (see ../hw_random.txt)<br>
- to provide entropy to the guest kernel's /dev/random.<br>+- Random number generation. Using the --rng option will provide a /dev/hwrng<br>+ in the guest that will read from the host's /dev/random. Use this option in<br>
+ conjunction with rng-tools (see ../hw_random.txt) to provide entropy to the<br>+ guest kernel's /dev/random. You may specify --rng-source before --rng to<br>+ change the source of the random numbers. Specifying /dev/urandom has the<br>
+ advantage of being faster and does not allow malicious guests to exhaust the<br>+ hosts entropy pool, however the quality of the randomness may be reduced.<br>+ Another use of this option is to allow direct access to the hardware random<br>
+ number generator on the host.<br><br> There is a helpful mailing list at <a href="http://ozlabs.org/mailman/listinfo/lguest">http://ozlabs.org/mailman/listinfo/lguest</a><br>