Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

提交 b86524e8 编写于 作者: D Daniel P. Berrange
浏览文件
操作

Add support for network filter code in LXC driver 

The LXC driver networking uses veth device pairs. These can
be easily hooked into the network filtering code.

* src/lxc/lxc_driver.c: Add calls to setup/teardown nwfilter
上级 b4728dd4
隐藏空白更改
内联 并排
Showing with 38 addition and 2 deletion
src/lxc/lxc_driver.c
浏览文件 @ b86524e8
...@@ -52,7 +52,7 @@ ...@@ -52,7 +52,7 @@
#include "hooks.h" #include "hooks.h"
#include "files.h" #include "files.h"
#include "fdstream.h" #include "fdstream.h"
#include "domain_nwfilter.h"
#define VIR_FROM_THIS VIR_FROM_LXC #define VIR_FROM_THIS VIR_FROM_LXC
...@@ -1027,6 +1027,8 @@ static void lxcVmCleanup(lxc_driver_t *driver, ...@@ -1027,6 +1027,8 @@ static void lxcVmCleanup(lxc_driver_t *driver,
vethDelete(vm->def->nets[i]->ifname); vethDelete(vm->def->nets[i]->ifname);
} }
virDomainConfVMNWFilterTeardown(vm);
if (driver->cgroup && if (driver->cgroup &&
virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) == 0) { virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) == 0) {
virCgroupRemove(cgroup); virCgroupRemove(cgroup);
...@@ -1146,6 +1148,10 @@ static int lxcSetupInterfaces(virConnectPtr conn, ...@@ -1146,6 +1148,10 @@ static int lxcSetupInterfaces(virConnectPtr conn,
if (vethInterfaceUpOrDown(parentVeth, 1) < 0) if (vethInterfaceUpOrDown(parentVeth, 1) < 0)
goto error_exit; goto error_exit;
if (def->nets[i]->filter &&
virDomainConfNWFilterInstantiate(conn, def->nets[i]) < 0)
goto error_exit;
} }
rc = 0; rc = 0;
...@@ -1642,8 +1648,10 @@ cleanup: ...@@ -1642,8 +1648,10 @@ cleanup:
vethDelete(veths[i]); vethDelete(veths[i]);
VIR_FREE(veths[i]); VIR_FREE(veths[i]);
} }
if (rc != 0) if (rc != 0) {
VIR_FORCE_CLOSE(priv->monitor); VIR_FORCE_CLOSE(priv->monitor);
virDomainConfVMNWFilterTeardown(vm);
}
VIR_FORCE_CLOSE(parentTty); VIR_FORCE_CLOSE(parentTty);
VIR_FORCE_CLOSE(handshakefds[0]); VIR_FORCE_CLOSE(handshakefds[0]);
VIR_FORCE_CLOSE(handshakefds[1]); VIR_FORCE_CLOSE(handshakefds[1]);
...@@ -2842,6 +2850,33 @@ cleanup: ...@@ -2842,6 +2850,33 @@ cleanup:
return ret; return ret;
} }
static int
lxcVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
virHashIterator iter, void *data)
{
virHashForEach(lxc_driver->domains.objs, iter, data);
return 0;
}
static void
lxcVMDriverLock(void)
{
lxcDriverLock(lxc_driver);
}
static void
lxcVMDriverUnlock(void)
{
lxcDriverUnlock(lxc_driver);
}
static virNWFilterCallbackDriver lxcCallbackDriver = {
.name = "LXC",
.vmFilterRebuild = lxcVMFilterRebuild,
.vmDriverLock = lxcVMDriverLock,
.vmDriverUnlock = lxcVMDriverUnlock,
};
/* Function Tables */ /* Function Tables */
static virDriver lxcDriver = { static virDriver lxcDriver = {
...@@ -2913,5 +2948,6 @@ int lxcRegister(void) ...@@ -2913,5 +2948,6 @@ int lxcRegister(void)
{ {
virRegisterDriver(&lxcDriver); virRegisterDriver(&lxcDriver);
virRegisterStateDriver(&lxcStateDriver); virRegisterStateDriver(&lxcStateDriver);
virNWFilterRegisterCallbackDriver(&lxcCallbackDriver);
return 0; return 0;
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册