Skip to content

Instantly share code, notes, and snippets.

@hkparker

hkparker/setup_ids.rb

Created July 14, 2019 07:11
Show Gist options
  • Save hkparker/5507ac094f0b28b5407b93aae020948d to your computer and use it in GitHub Desktop.
Save hkparker/5507ac094f0b28b5407b93aae020948d to your computer and use it in GitHub Desktop.
Download ZIP
Every time I boot xenserver/xcp-ng I have to bridge the interfaces for my IDS to get TAP traffic. My IDS runs this at boot to ssh in and do it.
Raw
setup_ids.rb
#!/usr/bin/ruby
require 'net/ssh'
bridges = ["xenbr3", "xenbr4", "xenbr5"]
bridge_interfaces = {
"xenbr3" => "eth3",
"xenbr4" => "eth4",
"xenbr5" => "eth5"
}
bridge_vifs = {}
begin
ssh = Net::SSH.start("hypervisor", "root")
rescue
retry
end
vif_lines = ssh.exec!("ovs-vsctl show").split("\n")
bridges.each do |bridge|
grabbing = false
vif_lines.each do |line|
if line == " Bridge \"#{bridge}\""
grabbing = true
end
if grabbing
if line.include? " Port \"vif"
bridge_vifs[bridge] = line[/vif\d+.\d+/]
grabbing = false
end
end
next
end
end
bridge_vifs.each do |bridge, vif|
interface = bridge_interfaces[bridge]
ssh.exec! "ovs-vsctl -- set Bridge #{bridge} mirrors=@m -- --id=@#{interface} get Port #{interface} -- --id=@#{vif} get Port #{vif} -- --id=@m create Mirror name=#{interface}-mirror select-dst-port=@#{interface} select-src-port=@#{interface} output-port=@#{vif}"
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment