Anthony Xu 
							
						 
					 
					
						
						
						
						
							
						
						
							f1fb7c3efe 
							
						 
					 
					
						
						
							
							in security group, CS put a rule in ebtables filter table FORWARD chain to prevent user from changing VM mac address  
						
						... 
						
						
						
						util.pread2(['ebtables', '-A', vm_chain, '-i', vif, '-s', '!', vm_mac,  '-j', 'DROP'])
if user changes the VM mac address, all egress packet from the VM will be dropped, but the egress packet still contaminate the bridge cache with fake MAC,
This patch moves the rule to ebtables nat table PREROUTING chain, then the egress packet with modified MAC will not contaminate the bridge cache.
Anthony 
						
						
					 
					
						2013-07-30 17:04:21 -07:00 
						 
				 
			
				
					
						
							
							
								Bharat Kumar 
							
						 
					 
					
						
						
						
						
							
						
						
							9c24be4837 
							
						 
					 
					
						
						
							
							CLOUDSTACK-3871 XEN - Unable to deploy VM in guest network VLAN with different subnets  
						
						... 
						
						
						
						Signed-off-by: Sheng Yang <sheng.yang@citrix.com> 
						
						
					 
					
						2013-07-28 23:43:44 -07:00 
						 
				 
			
				
					
						
							
							
								Bharat Kumar 
							
						 
					 
					
						
						
						
						
							
						
						
							e14f5d0aeb 
							
						 
					 
					
						
						
							
							Cloudstack-3694 Dnsmasq rewrite in bash  
						
						... 
						
						
						
						(Sheng: Fix typo, fix log and error message, remove 'set -x' in script)
Signed-off-by: Sheng Yang <sheng.yang@citrix.com> 
						
						
					 
					
						2013-07-24 14:00:31 -07:00 
						 
				 
			
				
					
						
							
							
								hongtu_zang 
							
						 
					 
					
						
						
						
						
							
						
						
							9d857c0362 
							
						 
					 
					
						
						
							
							fix xenserver 6.1 and 6.2 can not open vnc console  
						
						... 
						
						
						
						Signed-off-by: Abhinandan Prateek <aprateek@apache.org> 
						
						
					 
					
						2013-07-12 16:35:17 +05:30 
						 
				 
			
				
					
						
							
							
								Anthony Xu 
							
						 
					 
					
						
						
						
						
							
						
						
							fdc9f10cc1 
							
						 
					 
					
						
						
							
							fix , Windows 2008 32bit instance can't get IP address,  
						
						... 
						
						
						
						normally, in dhcp reply, the target ip is allocated ip for VM.
but windows 2008 32bit has special field in dhcp reply, which makes dhcp reply use 255.255.255.255 as target ip, which is blocked by SG rule, 
						
						
					 
					
						2013-05-29 16:01:22 -07:00 
						 
				 
			
				
					
						
							
							
								Harikrishna Patnala 
							
						 
					 
					
						
						
						
						
							
						
						
							ffe90c0059 
							
						 
					 
					
						
						
							
							CLOUDSTACK-2085: VM weight on xen remain same as before vmscaleup ;because "Add-To-VCPUs-Params-Live.sh" is not getting copied on xs host  
						
						... 
						
						
						
						Fixed by updating the patch files that has
 entries to copy scipts on xenserver. Here we added
 Add-To-VCPUs-Params-Live.sh
Added a check on Host params whether host restricts Dynamic memory control(DMC) to able to allow scale up VM.
If DMC is not enabled then static max and min are set to SO.
Signed Off by - Nitin Mehta <nitin.mehta@citrix.com> 
						
						
					 
					
						2013-05-15 16:17:21 +05:30 
						 
				 
			
				
					
						
							
							
								Anthony Xu 
							
						 
					 
					
						
						
						
						
							
						
						
							1518e7ee43 
							
						 
					 
					
						
						
							
							CLOUDSTACK-2115:  remove the trailing '\n' to get correct XS network mode  
						
						
						
						
					 
					
						2013-05-14 17:52:10 -07:00 
						 
				 
			
				
					
						
							
							
								Bharat Kumar 
							
						 
					 
					
						
						
						
						
							
						
						
							052c24c4d1 
							
						 
					 
					
						
						
							
							CLOUDSTACK-702: Multiple ip ranges in different subnets.  
						
						... 
						
						
						
						This feature enables adding of guest ip ranges (public ips)  form different subnets.
In order to provide the dhcp service to a different subnet we create an ipalias on the router. This allows the router to listen to the dhcp request from the guest vms and respond accordingly. Every time a vm is deployed in the new subnet we configure an ip alias on the router. Cloudstack uses dnsmasq to provide dhcp service. We need to configure the dnsmasq to issue ips on the new subnets. Added a new class dnsmasqconfigurator which generates the dnsmasq confg file, this file replaces the old config in the router.
The details of the alias ips are stored in db in the nic_ip_alias table. Every time a new subnet is added one of the ip from the subnet is used to configure the ip alias.
I have pushed the code to  https://github.com/bvbharatk/cloud-stack/tree/Cloudstack-702  , also rebased the code with master.
I need to test the code for advanced sg enabled network using kvm.
I have added the unit test
Marvin tests are at https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=53e4965 
Also accomodated some of the changes suggested by koushik.
corrected the import statements. renamed the IpAlias command to createIpAlias command.
This feature supports only ipv4 
						
						
					 
					
						2013-05-13 17:06:44 +05:30 
						 
				 
			
				
					
						
							
							
								Nitin Mehta 
							
						 
					 
					
						
						
						
						
							
						
						
							3e4430d811 
							
						 
					 
					
						
						
							
							CLOUDSTACK-658 - Scaleup vm support for Xenserver  
						
						... 
						
						
						
						Added the framweork so that it can be extended for vmware and kvm as well.
Added unitests and marvin tests. 
						
						
					 
					
						2013-03-28 16:43:37 +05:30 
						 
				 
			
				
					
						
							
							
								Jayapal Uradi 
							
						 
					 
					
						
						
						
						
							
						
						
							a49261c3b1 
							
						 
					 
					
						
						
							
							CLOUDSTACK-24: mipn feature for basiczone  
						
						... 
						
						
						
						Signed-off-by: Abhinandan Prateek <aprateek@apache.org> 
						
						
					 
					
						2013-03-13 10:24:22 +05:30 
						 
				 
			
				
					
						
							
							
								Nitin Mehta 
							
						 
					 
					
						
						
						
						
							
						
						
							b12aebefee 
							
						 
					 
					
						
						
							
							Revert "CLOUDSTACK-658 - Adding Scalevm command and XS related changes"  
						
						... 
						
						
						
						This reverts commit e0019eccd997d9b2b3ff9395bcd99f821f5121db. 
						
						
					 
					
						2013-03-04 23:32:52 +05:30 
						 
				 
			
				
					
						
							
							
								Nitin Mehta 
							
						 
					 
					
						
						
						
						
							
						
						
							e0019eccd9 
							
						 
					 
					
						
						
							
							CLOUDSTACK-658 - Adding Scalevm command and XS related changes  
						
						
						
						
					 
					
						2013-03-04 14:47:55 +05:30 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							db71d3da36 
							
						 
					 
					
						
						
							
							CLOUDSTACK-1167  
						
						... 
						
						
						
						remove arptables rules after VM is stopped 
						
						
					 
					
						2013-02-05 15:07:29 -08:00 
						 
				 
			
				
					
						
							
							
								Anthony Xu 
							
						 
					 
					
						
						
						
						
							
						
						
							acaa22003d 
							
						 
					 
					
						
						
							
							CLOUDSTACK-184: add createFileInDomr plugin  
						
						
						
						
					 
					
						2012-09-24 16:11:04 -07:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							541fec8b46 
							
						 
					 
					
						
						
							
							Bug 13734 : after upgrade, dhcp traffic is allowed for all VMs  
						
						... 
						
						
						
						reviewed-by: kelven 
						
						
					 
					
						2012-09-07 17:31:11 -07:00 
						 
				 
			
				
					
						
							
							
								Anthony Xu 
							
						 
					 
					
						
						
						
						
							
						
						
							b58123e075 
							
						 
					 
					
						
						
							
							CS-15921 : in 2.1 timeframe, -untagged string is appended to the end of instance name,  
						
						... 
						
						
						
						in cleanup_rules function, we need to convert chain name to vm name correclty 
						
						
					 
					
						2012-09-07 17:25:41 -07:00 
						 
				 
			
				
					
						
							
							
								Anthony Xu 
							
						 
					 
					
						
						
						
						
							
						
						
							33fdcf1047 
							
						 
					 
					
						
						
							
							CS-16261:  
						
						... 
						
						
						
						egress_vmchain doesn't exist in 2.2.*, create it automatically after upgrade 
						
						
					 
					
						2012-09-07 17:07:10 -07:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							2ea876dfd3 
							
						 
					 
					
						
						
							
							in basic zone,  allow dhcp traffic by default  
						
						
						
						
					 
					
						2012-08-15 13:11:58 -07:00 
						 
				 
			
				
					
						
							
							
								Alena Prokharchyk 
							
						 
					 
					
						
						
						
						
							
						
						
							634cd78baa 
							
						 
					 
					
						
						
							
							Merge branch 'master' into vpc  
						
						... 
						
						
						
						Conflicts:
	api/src/com/cloud/api/ApiConstants.java
	api/src/com/cloud/api/BaseCmd.java
	api/src/com/cloud/api/ResponseGenerator.java
	api/src/com/cloud/api/commands/ListNetworksCmd.java
	api/src/com/cloud/api/response/NetworkResponse.java
	api/src/com/cloud/event/EventTypes.java
	api/src/com/cloud/network/NetworkService.java
	client/tomcatconf/commands.properties.in
	scripts/network/domr/getDomRVersion.sh
	scripts/network/domr/ipassoc.sh
	scripts/network/domr/l2tp_vpn.sh
	scripts/network/domr/networkUsage.sh
	scripts/network/domr/router_proxy.sh
	server/src/com/cloud/api/ApiDBUtils.java
	server/src/com/cloud/api/ApiResponseHelper.java
	server/src/com/cloud/configuration/DefaultComponentLibrary.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/dao/IPAddressDao.java
	server/src/com/cloud/network/dao/IPAddressDaoImpl.java
	setup/apidoc/gen_toc.py
	setup/db/create-schema.sql
	wscript 
						
						
					 
					
						2012-06-28 17:41:40 -07:00 
						 
				 
			
				
					
						
							
							
								David Nalley 
							
						 
					 
					
						
						
						
						
							
						
						
							d630fa8697 
							
						 
					 
					
						
						
							
							license header changes for scripts folder from Chip Childers  
						
						
						
						
					 
					
						2012-06-23 00:58:00 -04:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							418cbe2e17 
							
						 
					 
					
						
						
							
							VPC : fixed get_domr_version  
						
						
						
						
					 
					
						2012-06-15 14:33:43 -07:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							a4d0f91cfe 
							
						 
					 
					
						
						
							
							VPC : use routerProxy to call l2tpVpn  
						
						... 
						
						
						
						Conflicts:
	core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java 
						
						
					 
					
						2012-06-15 14:26:20 -07:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							c75fe80125 
							
						 
					 
					
						
						
							
							VPC : use routerProxy to call networkUsage.sh  
						
						... 
						
						
						
						Conflicts:
	core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java 
						
						
					 
					
						2012-06-15 14:25:21 -07:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							251a91f5b3 
							
						 
					 
					
						
						
							
							VCP : use routerProxy to call checkrouter script  
						
						
						
						
					 
					
						2012-06-15 14:24:18 -07:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							8c1700a3a4 
							
						 
					 
					
						
						
							
							VPC : introduce router_proxy.sh, resource should use this as a proxy to call scripts inside domr  
						
						... 
						
						
						
						already did this for ipassoc and getDomRVersion 
						
						
					 
					
						2012-06-15 14:22:49 -07:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							8581d02ee8 
							
						 
					 
					
						
						
							
							CS-14946, check if it is linux bridge before call ovs  
						
						
						
						
					 
					
						2012-05-23 19:06:35 -07:00 
						 
				 
			
				
					
						
							
							
								Salvatore Orlando 
							
						 
					 
					
						
						
						
						
							
						
						
							9f321ffeac 
							
						 
					 
					
						
						
							
							Open vSwitch tunnel manager  
						
						... 
						
						
						
						Applying patch with new ovs-tunnel-manager on top of cloudstack oss-master 
						
						
					 
					
						2012-04-23 22:32:16 +01:00 
						 
				 
			
				
					
						
							
							
								Edison Su 
							
						 
					 
					
						
						
						
						
							
						
						
							a6d4a76647 
							
						 
					 
					
						
						
							
							bug 14498: in xenserver 6.0 and openvswitch enabled, reboot xenserver will lost link local bridge; the workaround is if the link local bridge is lost, create a new one; status 14498: resolved fixed; Reviewed-by: frank  
						
						
						
						
					 
					
						2012-03-26 17:15:03 -07:00 
						 
				 
			
				
					
						
							
							
								abhi 
							
						 
					 
					
						
						
						
						
							
						
						
							a560ec3001 
							
						 
					 
					
						
						
							
							removing the minor version number for comparisions for Xenserver 6.0  
						
						
						
						
					 
					
						2012-03-13 11:23:27 +05:30 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							7008e5a46b 
							
						 
					 
					
						
						
							
							bug 13734: allow dhcp requests and responses all the time  
						
						
						
						
					 
					
						2012-02-15 15:34:48 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							3a3d096a5c 
							
						 
					 
					
						
						
							
							it appears xs 6.0 allows iptables rules across the bridge without csp  
						
						
						
						
					 
					
						2012-02-13 15:53:45 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							08636d5802 
							
						 
					 
					
						
						
							
							bug 13060: check for resident vms as xapi will return vms running on other hosts in the cluster  
						
						
						
						
					 
					
						2012-01-17 18:37:59 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							af667d26b7 
							
						 
					 
					
						
						
							
							bug 13033: security rule prevents console access  
						
						
						
						
					 
					
						2012-01-12 15:35:25 -08:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							5d54a3aef8 
							
						 
					 
					
						
						
							
							bug 13052: check if ebtables exists in can_bridge_firewall  
						
						... 
						
						
						
						status 13052: resolved fixed 
						
						
					 
					
						2012-01-12 11:34:31 -08:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							f964c4d227 
							
						 
					 
					
						
						
							
							bug 10363 : cleanup vhd in primary storage if download template to primary storage fails  
						
						... 
						
						
						
						Conflicts:
	core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
	scripts/vm/hypervisor/xenserver/vmops 
						
						
					 
					
						2012-01-10 13:56:29 -08:00 
						 
				 
			
				
					
						
							
							
								Naredula Janardhana Reddy 
							
						 
					 
					
						
						
						
						
							
						
						
							6aa0560d37 
							
						 
					 
					
						
						
							
							bug 12917: security groups - icmp type/code validations.  
						
						
						
						
					 
					
						2012-01-06 19:33:07 +05:30 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							5aba3913bb 
							
						 
					 
					
						
						
							
							bug 12854: arp requests can also be used to poison arp caches  
						
						
						
						
					 
					
						2012-01-05 18:01:19 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							f138d15efb 
							
						 
					 
					
						
						
							
							bug 12854: arp and ip antispoof independent of the order of vm start  
						
						
						
						
					 
					
						2012-01-05 18:01:10 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							24894e2354 
							
						 
					 
					
						
						
							
							bug 11302: dont allow stuff like BPDUS, don't allow vms to connect to hypervisor  
						
						
						
						
					 
					
						2011-12-29 17:35:24 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							4718f194ef 
							
						 
					 
					
						
						
							
							bug 12772: typo  
						
						
						
						
					 
					
						2011-12-29 16:01:41 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							a51ee064ee 
							
						 
					 
					
						
						
							
							bug 11302: more efficient caching of keyword  
						
						
						
						
					 
					
						2011-12-29 16:01:41 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							c05903b2d0 
							
						 
					 
					
						
						
							
							bug 11302: support new CSP for SP2.  
						
						... 
						
						
						
						conditional check : --match-set vs --set
forgot to merge this in from 2.2.y 
						
						
					 
					
						2011-12-29 16:01:40 -08:00 
						 
				 
			
				
					
						
							
							
								frank 
							
						 
					 
					
						
						
						
						
							
						
						
							363aea4aee 
							
						 
					 
					
						
						
							
							Bug 12731 - Ebtable rules are blocking all traffic going out of VMs in basic zone  
						
						... 
						
						
						
						status 12731: resolved fixed
reviewed-by: edison 
						
						
					 
					
						2011-12-22 15:04:15 -08:00 
						 
				 
			
				
					
						
							
							
								anthony 
							
						 
					 
					
						
						
						
						
							
						
						
							61eab674d2 
							
						 
					 
					
						
						
							
							bug 12328: XenServer 6.0 changes vnc-port path in xenstore  
						
						... 
						
						
						
						status 12328: resolved fixed 
						
						
					 
					
						2011-12-21 12:00:27 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							2278477737 
							
						 
					 
					
						
						
							
							add stronger security to defend against attacks originating in the vm  
						
						
						
						
					 
					
						2011-12-19 10:56:52 -08:00 
						 
				 
			
				
					
						
							
							
								Chiradeep Vittal 
							
						 
					 
					
						
						
						
						
							
						
						
							5393a44c56 
							
						 
					 
					
						
						
							
							bug 12290: improve antispoofing lgic  
						
						... 
						
						
						
						handle reboot within vm correctly
iptables -S missing in csp 
						
						
					 
					
						2011-12-19 10:56:52 -08:00 
						 
				 
			
				
					
						
							
							
								Naredula Janardhana Reddy 
							
						 
					 
					
						
						
						
						
							
						
						
							0c1e21ab80 
							
						 
					 
					
						
						
							
							bug 10617: vmops related changes.  
						
						
						
						
					 
					
						2011-12-01 19:32:57 +05:30 
						 
				 
			
				
					
						
							
							
								Naredula Janardhana Reddy 
							
						 
					 
					
						
						
						
						
							
						
						
							09905b641b 
							
						 
					 
					
						
						
							
							bug 10617: merge code from branch bug10617.  
						
						
						
						
					 
					
						2011-12-01 14:17:52 +05:30 
						 
				 
			
				
					
						
							
							
								Naredula Janardhana Reddy 
							
						 
					 
					
						
						
						
						
							
						
						
							f1b99f4f07 
							
						 
					 
					
						
						
							
							Revert "bug 10617: merging code from branch bug10617"  
						
						... 
						
						
						
						This reverts commit 8bc33448b9220534ba0ddc6c642ffb1e69d5844e.
Conflicts:
	server/src/com/cloud/api/ApiResponseHelper.java 
						
						
					 
					
						2011-11-11 20:23:26 +05:30 
						 
				 
			
				
					
						
							
							
								Naredula Janardhana Reddy 
							
						 
					 
					
						
						
						
						
							
						
						
							02adbd4bd3 
							
						 
					 
					
						
						
							
							bug 10617: merging code from branch bug10617  
						
						
						
						
					 
					
						2011-11-10 15:23:48 +05:30