提交 5754dbd5 编写于 作者: L Laine Stump

Give each virtual network bridge its own fixed MAC address

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=609463

The problem was that, since a bridge always acquires the MAC address
of the connected interface with the numerically lowest MAC, as guests
are started and stopped, it was possible for the MAC address to change
over time, and this change in the network was being detected by
Windows 7 (it sees the MAC of the default route change), so on each
reboot it would bring up a dialog box asking about this "new network".

The solution is to create a dummy tap interface with a MAC guaranteed
to be lower than any guest interface's MAC, and attach that tap to the
bridge as soon as it's created. Since all guest MAC addresses start
with 0xFE, we can just generate a MAC with the standard "0x52, 0x54,
0" prefix, and it's guaranteed to always win (physical interfaces are
never connected to these bridges, so we don't need to worry about
competing numerically with them).

Note that the dummy tap is never set to IFF_UP state - that's not
necessary in order for the bridge to take its MAC, and not setting it
to UP eliminates the clutter of having an (eg) "virbr0-nic" displayed
in the output of the ifconfig command.

I chose to not auto-generate the MAC address in the network XML
parser, as there are likely to be consumers of that API that don't
need or want to have a MAC address associated with the
bridge.

Instead, in bridge_driver.c when the network is being defined, if
there is no MAC, one is generated. To account for virtual network
configs that already exist when upgrading from an older version of
libvirt, I've added a %post script to the specfile that searches for
all network definitions in both the config directory
(/etc/libvirt/qemu/networks) and the state directory
(/var/lib/libvirt/network) that are missing a mac address, generates a
random address, and adds it to the config (and a matching address to
the state file, if there is one).

docs/formatnetwork.html.in: document <mac address.../>
docs/schemas/network.rng: add nac address to schema
libvirt.spec.in: %post script to update existing networks
src/conf/network_conf.[ch]: parse and format <mac address.../>
src/libvirt_private.syms: export a couple private symbols we need
src/network/bridge_driver.c:
    auto-generate mac address when needed,
    create dummy interface if mac address is present.
tests/networkxml2xmlin/isolated-network.xml
tests/networkxml2xmlin/routed-network.xml
tests/networkxml2xmlout/isolated-network.xml
tests/networkxml2xmlout/routed-network.xml: add mac address to some tests
上级 13ae7a02
...@@ -105,12 +105,15 @@ ...@@ -105,12 +105,15 @@
<h3><a name="elementsAddress">Addressing</a></h3> <h3><a name="elementsAddress">Addressing</a></h3>
<p> <p>
The final set of elements define the IPv4 address range available, The final set of elements define the addresses (IPv4 and/or
and optionally enable DHCP sevices. IPv6, as well as MAC) to be assigned to the bridge device
associated with the virtual network, and optionally enable DHCP
services.
</p> </p>
<pre> <pre>
... ...
&lt;mac address='00:16:3E:5D:C7:9E'/&gt;
&lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt; &lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt;
&lt;dhcp&gt; &lt;dhcp&gt;
&lt;range start="192.168.122.100" end="192.168.122.254" /&gt; &lt;range start="192.168.122.100" end="192.168.122.254" /&gt;
...@@ -121,6 +124,20 @@ ...@@ -121,6 +124,20 @@
&lt;/network&gt;</pre> &lt;/network&gt;</pre>
<dl> <dl>
<dt><code>mac</code></dt>
<dd>The <code>address</code> attribute defines a MAC
(hardware) address formatted as 6 groups of 2-digit
hexadecimal numbers, the groups separated by colons
(eg, <code>"52:54:00:1C:DA:2F"</code>). This MAC address is
assigned to the bridge device when it is created. Generally
it is best to not specify a MAC address when creating a
network - in this case, if a defined MAC address is needed for
proper operation, libvirt will automatically generate a random
MAC address and save it in the config. Allowing libvirt to
generate the MAC address will assure that it is compatible
with the idiosyncrasies of the platform where libvirt is
running. <span class="since">Since 0.8.8</span>
</dd>
<dt><code>ip</code></dt> <dt><code>ip</code></dt>
<dd>The <code>address</code> attribute defines an IPv4 address in <dd>The <code>address</code> attribute defines an IPv4 address in
dotted-decimal format, or an IPv6 address in standard dotted-decimal format, or an IPv6 address in standard
......
...@@ -50,6 +50,14 @@ ...@@ -50,6 +50,14 @@
</element> </element>
</optional> </optional>
<!-- <mac> element -->
<optional>
<element name="mac">
<attribute name="address"><ref name="mac-addr"/></attribute>
<empty/>
</element>
</optional>
<!-- <forward> element --> <!-- <forward> element -->
<optional> <optional>
<!-- The device through which the bridge is connected to the <!-- The device through which the bridge is connected to the
......
...@@ -751,6 +751,46 @@ then ...@@ -751,6 +751,46 @@ then
> %{_sysconfdir}/libvirt/qemu/networks/default.xml > %{_sysconfdir}/libvirt/qemu/networks/default.xml
ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml ln -s ../default.xml %{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
fi fi
# All newly defined networks will have a mac address for the bridge
# auto-generated, but networks already existing at the time of upgrade
# will not. We need to go through all the network configs, look for
# those that don't have a mac address, and add one.
network_files=$( (cd %{_localstatedir}/lib/libvirt/network && \
grep -L "mac address" *.xml; \
cd %{_sysconfdir}/libvirt/qemu/networks && \
grep -L "mac address" *.xml) 2>/dev/null \
| sort -u)
for file in $network_files
do
# each file exists in either the config or state directory (or both) and
# does not have a mac address specified in either. We add the same mac
# address to both files (or just one, if the other isn't there)
mac4=`printf '%X' $(($RANDOM % 256))`
mac5=`printf '%X' $(($RANDOM % 256))`
mac6=`printf '%X' $(($RANDOM % 256))`
for dir in %{_localstatedir}/lib/libvirt/network \
%{_sysconfdir}/libvirt/qemu/networks
do
if test -f $dir/$file
then
sed -i.orig -e \
"s|\(<bridge.*$\)|\0\n <mac address='52:54:00:$mac4:$mac5:$mac6'/>|" \
$dir/$file
if test $? != 0
then
echo "failed to add <mac address='52:54:00:$mac4:$mac5:$mac6'/>" \
"to $dir/$file"
mv -f $dir/$file.orig $dir/$file
else
rm -f $dir/$file.orig
fi
fi
done
done
%endif %endif
%if %{with_cgconfig} %if %{with_cgconfig}
......
...@@ -628,6 +628,19 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt) ...@@ -628,6 +628,19 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
if (virXPathULong("string(./bridge[1]/@delay)", ctxt, &def->delay) < 0) if (virXPathULong("string(./bridge[1]/@delay)", ctxt, &def->delay) < 0)
def->delay = 0; def->delay = 0;
tmp = virXPathString("string(./mac[1]/@address)", ctxt);
if (tmp) {
if (virParseMacAddr(tmp, def->mac) < 0) {
virNetworkReportError(VIR_ERR_XML_ERROR,
_("Invalid bridge mac address '%s' in network '%s'"),
tmp, def->name);
VIR_FREE(tmp);
goto error;
}
VIR_FREE(tmp);
def->mac_specified = true;
}
nIps = virXPathNodeSet("./ip", ctxt, &ipNodes); nIps = virXPathNodeSet("./ip", ctxt, &ipNodes);
if (nIps > 0) { if (nIps > 0) {
int ii; int ii;
...@@ -856,6 +869,11 @@ char *virNetworkDefFormat(const virNetworkDefPtr def) ...@@ -856,6 +869,11 @@ char *virNetworkDefFormat(const virNetworkDefPtr def)
virBufferVSprintf(&buf, " stp='%s' delay='%ld' />\n", virBufferVSprintf(&buf, " stp='%s' delay='%ld' />\n",
def->stp ? "on" : "off", def->stp ? "on" : "off",
def->delay); def->delay);
if (def->mac_specified) {
char macaddr[VIR_MAC_STRING_BUFLEN];
virFormatMacAddr(def->mac, macaddr);
virBufferVSprintf(&buf, " <mac address='%s'/>\n", macaddr);
}
if (def->domain) if (def->domain)
virBufferVSprintf(&buf, " <domain name='%s'/>\n", def->domain); virBufferVSprintf(&buf, " <domain name='%s'/>\n", def->domain);
...@@ -1165,6 +1183,18 @@ error: ...@@ -1165,6 +1183,18 @@ error:
} }
void virNetworkSetBridgeMacAddr(virNetworkDefPtr def)
{
if (!def->mac_specified) {
/* if the bridge doesn't have a mac address explicitly defined,
* autogenerate a random one.
*/
virGenerateMacAddr((unsigned char[]){ 0x52, 0x54, 0 },
def->mac);
def->mac_specified = true;
}
}
/* /*
* virNetworkObjIsDuplicate: * virNetworkObjIsDuplicate:
* @doms : virNetworkObjListPtr to search * @doms : virNetworkObjListPtr to search
......
...@@ -31,6 +31,7 @@ ...@@ -31,6 +31,7 @@
# include "internal.h" # include "internal.h"
# include "threads.h" # include "threads.h"
# include "network.h" # include "network.h"
# include "util.h"
/* 2 possible types of forwarding */ /* 2 possible types of forwarding */
enum virNetworkForwardType { enum virNetworkForwardType {
...@@ -92,6 +93,8 @@ struct _virNetworkDef { ...@@ -92,6 +93,8 @@ struct _virNetworkDef {
char *domain; char *domain;
unsigned long delay; /* Bridge forward delay (ms) */ unsigned long delay; /* Bridge forward delay (ms) */
unsigned int stp :1; /* Spanning tree protocol */ unsigned int stp :1; /* Spanning tree protocol */
unsigned char mac[VIR_MAC_BUFLEN]; /* mac address of bridge device */
bool mac_specified;
int forwardType; /* One of virNetworkForwardType constants */ int forwardType; /* One of virNetworkForwardType constants */
char *forwardDev; /* Destination device for forwarding */ char *forwardDev; /* Destination device for forwarding */
...@@ -191,6 +194,8 @@ int virNetworkSetBridgeName(const virNetworkObjListPtr nets, ...@@ -191,6 +194,8 @@ int virNetworkSetBridgeName(const virNetworkObjListPtr nets,
virNetworkDefPtr def, virNetworkDefPtr def,
int check_collision); int check_collision);
void virNetworkSetBridgeMacAddr(virNetworkDefPtr def);
int virNetworkObjIsDuplicate(virNetworkObjListPtr doms, int virNetworkObjIsDuplicate(virNetworkObjListPtr doms,
virNetworkDefPtr def, virNetworkDefPtr def,
unsigned int check_active); unsigned int check_active);
......
...@@ -608,6 +608,7 @@ virNetworkObjLock; ...@@ -608,6 +608,7 @@ virNetworkObjLock;
virNetworkObjUnlock; virNetworkObjUnlock;
virNetworkRemoveInactive; virNetworkRemoveInactive;
virNetworkSaveConfig; virNetworkSaveConfig;
virNetworkSetBridgeMacAddr;
virNetworkSetBridgeName; virNetworkSetBridgeName;
...@@ -877,6 +878,7 @@ virFileWriteStr; ...@@ -877,6 +878,7 @@ virFileWriteStr;
virFindFileInPath; virFindFileInPath;
virFork; virFork;
virFormatMacAddr; virFormatMacAddr;
virGenerateMacAddr;
virGetGroupID; virGetGroupID;
virGetHostname; virGetHostname;
virGetUserDirectory; virGetUserDirectory;
......
...@@ -128,6 +128,15 @@ networkRadvdConfigFileName(const char *netname) ...@@ -128,6 +128,15 @@ networkRadvdConfigFileName(const char *netname)
return configfile; return configfile;
} }
static char *
networkBridgeDummyNicName(const char *brname)
{
char *nicname;
virAsprintf(&nicname, "%s-nic", brname);
return nicname;
}
static void static void
networkFindActiveConfigs(struct network_driver *driver) { networkFindActiveConfigs(struct network_driver *driver) {
unsigned int i; unsigned int i;
...@@ -1566,6 +1575,7 @@ networkStartNetworkDaemon(struct network_driver *driver, ...@@ -1566,6 +1575,7 @@ networkStartNetworkDaemon(struct network_driver *driver,
bool v4present = false, v6present = false; bool v4present = false, v6present = false;
virErrorPtr save_err = NULL; virErrorPtr save_err = NULL;
virNetworkIpDefPtr ipdef; virNetworkIpDefPtr ipdef;
char *macTapIfName;
if (virNetworkObjIsActive(network)) { if (virNetworkObjIsActive(network)) {
networkReportError(VIR_ERR_OPERATION_INVALID, networkReportError(VIR_ERR_OPERATION_INVALID,
...@@ -1585,6 +1595,30 @@ networkStartNetworkDaemon(struct network_driver *driver, ...@@ -1585,6 +1595,30 @@ networkStartNetworkDaemon(struct network_driver *driver,
return -1; return -1;
} }
if (network->def->mac_specified) {
/* To set a mac for the bridge, we need to define a dummy tap
* device, set its mac, then attach it to the bridge. As long
* as its mac address is lower than any other interface that
* gets attached, the bridge will always maintain this mac
* address.
*/
macTapIfName = networkBridgeDummyNicName(network->def->bridge);
if (!macTapIfName) {
virReportOOMError();
goto err0;
}
if ((err = brAddTap(driver->brctl, network->def->bridge,
&macTapIfName, network->def->mac, 0, false, NULL))) {
virReportSystemError(err,
_("cannot create dummy tap device '%s' to set mac"
" address on bridge '%s'"),
macTapIfName, network->def->bridge);
VIR_FREE(macTapIfName);
goto err0;
}
VIR_FREE(macTapIfName);
}
/* Set bridge options */ /* Set bridge options */
if (brSetForwardDelay(driver->brctl, network->def->bridge, if (brSetForwardDelay(driver->brctl, network->def->bridge,
network->def->delay)) { network->def->delay)) {
...@@ -1693,6 +1727,17 @@ networkStartNetworkDaemon(struct network_driver *driver, ...@@ -1693,6 +1727,17 @@ networkStartNetworkDaemon(struct network_driver *driver,
networkRemoveIptablesRules(driver, network); networkRemoveIptablesRules(driver, network);
err1: err1:
if (!save_err)
save_err = virSaveLastError();
if ((err = brDeleteTap(driver->brctl, macTapIfName))) {
char ebuf[1024];
VIR_WARN("Failed to delete dummy tap device '%s' on bridge '%s' : %s",
macTapIfName, network->def->bridge,
virStrerror(err, ebuf, sizeof ebuf));
}
err0:
if (!save_err) if (!save_err)
save_err = virSaveLastError(); save_err = virSaveLastError();
if ((err = brDeleteBridge(driver->brctl, network->def->bridge))) { if ((err = brDeleteBridge(driver->brctl, network->def->bridge))) {
...@@ -1714,6 +1759,7 @@ static int networkShutdownNetworkDaemon(struct network_driver *driver, ...@@ -1714,6 +1759,7 @@ static int networkShutdownNetworkDaemon(struct network_driver *driver,
{ {
int err; int err;
char *stateFile; char *stateFile;
char *macTapIfName;
VIR_INFO(_("Shutting down network '%s'"), network->def->name); VIR_INFO(_("Shutting down network '%s'"), network->def->name);
...@@ -1744,6 +1790,21 @@ static int networkShutdownNetworkDaemon(struct network_driver *driver, ...@@ -1744,6 +1790,21 @@ static int networkShutdownNetworkDaemon(struct network_driver *driver,
kill(network->dnsmasqPid, SIGTERM); kill(network->dnsmasqPid, SIGTERM);
char ebuf[1024]; char ebuf[1024];
if (network->def->mac_specified) {
macTapIfName = networkBridgeDummyNicName(network->def->bridge);
if (!macTapIfName) {
virReportOOMError();
} else {
if ((err = brDeleteTap(driver->brctl, macTapIfName))) {
VIR_WARN("Failed to delete dummy tap device '%s' on bridge '%s' : %s",
macTapIfName, network->def->bridge,
virStrerror(err, ebuf, sizeof ebuf));
}
VIR_FREE(macTapIfName);
}
}
if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) { if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
VIR_WARN("Failed to bring down bridge '%s' : %s", VIR_WARN("Failed to bring down bridge '%s' : %s",
network->def->bridge, virStrerror(err, ebuf, sizeof ebuf)); network->def->bridge, virStrerror(err, ebuf, sizeof ebuf));
...@@ -1988,6 +2049,8 @@ static virNetworkPtr networkCreate(virConnectPtr conn, const char *xml) { ...@@ -1988,6 +2049,8 @@ static virNetworkPtr networkCreate(virConnectPtr conn, const char *xml) {
if (virNetworkSetBridgeName(&driver->networks, def, 1)) if (virNetworkSetBridgeName(&driver->networks, def, 1))
goto cleanup; goto cleanup;
virNetworkSetBridgeMacAddr(def);
if (!(network = virNetworkAssignDef(&driver->networks, if (!(network = virNetworkAssignDef(&driver->networks,
def))) def)))
goto cleanup; goto cleanup;
...@@ -2029,6 +2092,8 @@ static virNetworkPtr networkDefine(virConnectPtr conn, const char *xml) { ...@@ -2029,6 +2092,8 @@ static virNetworkPtr networkDefine(virConnectPtr conn, const char *xml) {
if (virNetworkSetBridgeName(&driver->networks, def, 1)) if (virNetworkSetBridgeName(&driver->networks, def, 1))
goto cleanup; goto cleanup;
virNetworkSetBridgeMacAddr(def);
if (!(network = virNetworkAssignDef(&driver->networks, if (!(network = virNetworkAssignDef(&driver->networks,
def))) def)))
goto cleanup; goto cleanup;
......
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
<name>private</name> <name>private</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid> <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
<bridge name="virbr2" /> <bridge name="virbr2" />
<mac address='52:54:00:17:3F:37'/>
<ip address="192.168.152.1" netmask="255.255.255.0"> <ip address="192.168.152.1" netmask="255.255.255.0">
<dhcp> <dhcp>
<range start="192.168.152.2" end="192.168.152.254" /> <range start="192.168.152.2" end="192.168.152.254" />
......
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
<name>local</name> <name>local</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid> <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
<bridge name="virbr1" /> <bridge name="virbr1" />
<mac address='12:34:56:78:9A:BC'/>
<forward mode="route" dev="eth1"/> <forward mode="route" dev="eth1"/>
<ip address="192.168.122.1" netmask="255.255.255.0"> <ip address="192.168.122.1" netmask="255.255.255.0">
</ip> </ip>
......
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
<name>private</name> <name>private</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid> <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
<bridge name='virbr2' stp='on' delay='0' /> <bridge name='virbr2' stp='on' delay='0' />
<mac address='52:54:00:17:3F:37'/>
<ip address='192.168.152.1' netmask='255.255.255.0'> <ip address='192.168.152.1' netmask='255.255.255.0'>
<dhcp> <dhcp>
<range start='192.168.152.2' end='192.168.152.254' /> <range start='192.168.152.2' end='192.168.152.254' />
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid> <uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
<forward dev='eth1' mode='route'/> <forward dev='eth1' mode='route'/>
<bridge name='virbr1' stp='on' delay='0' /> <bridge name='virbr1' stp='on' delay='0' />
<mac address='12:34:56:78:9A:BC'/>
<ip address='192.168.122.1' netmask='255.255.255.0'> <ip address='192.168.122.1' netmask='255.255.255.0'>
</ip> </ip>
</network> </network>
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册