- 28 4月, 2015 2 次提交
-
-
由 Laine Stump 提交于
If someone has updated a network to change its bridge name, but the network is still active (so that bridge name hasn't taken effect yet), we still want to disallow another network from taking that new name.
-
由 Laine Stump 提交于
We already check that any auto-assigned bridge device name for a virtual network (e.g. "virbr1") doesn't conflict with the bridge name for any existing libvirt network (via virNetworkSetBridgeName() in conf/network_conf.c). We also want to check that the name doesn't conflict with any bridge device created on the host system outside the control of libvirt (history: possibly due to the ploriferation of references to libvirt's bridge devices in HOWTO documents all around the web, it is not uncommon for an admin to manually create a bridge in their host's system network config and name it "virbrX"). To add such a check to virNetworkBridgeInUse() (which is called by virNetworkSetBridgeName()) we would have to call virNetDevExists() (from util/virnetdev.c); this function calls ioctl(SIOCGIFFLAGS), which everyone on the mailing list agreed should not be done from an XML parsing function in the conf directory. To remedy that problem, this patch removes virNetworkSetBridgeName() from conf/network_conf.c and puts an identically functioning networkBridgeNameValidate() in network/bridge_driver.c (because it's reasonable for the bridge driver to call virNetDevExists(), although we don't do that yet because I wanted this patch to have as close to 0 effect on function as possible). There are a couple of inevitable changes though: 1) We no longer check the bridge name during virNetworkLoadConfig(). Close examination of the code shows that this wasn't necessary anyway - the only *correct* way to get XML into the config files is via networkDefine(), and networkDefine() will always call networkValidate(), which previously called virNetworkSetBridgeName() (and now calls networkBridgeNameValidate()). This means that the only way the bridge name can be unset during virNetworkLoadConfig() is if someone edited the config file on disk by hand (which we explicitly prohibit). 2) Just on the off chance that somebody *has* edited the file by hand, rather than crashing when they try to start their malformed network, a check for non-NULL bridge name has been added to networkStartNetworkVirtual(). (For those wondering why I don't instead call networkValidateBridgeName() there to set a bridge name if one wasn't present - the problem is that during networkStartNetworkVirtual(), the lock for the network being started has already been acquired, but the lock for the network list itself *has not* (because we aren't adding/removing a network). But virNetworkBridgeInuse() iterates through *all* networks (including this one) and locks each network as it is checked for a duplicate entry; it is necessary to lock each network even before checking if it is the designated "skip" network because otherwise some other thread might acquire the list lock and delete the very entry we're examining. In the end, permitting a setting of the bridge name during network start would require that we lock the entire network list during any networkStartNetwork(), which eliminates a *lot* of parallelism that we've worked so hard to achieve (it can make a huge difference during libvirtd startup). So rather than try to adjust for someone playing against the rules, I choose to instead give them the error they deserve.) 3) virNetworkAllocateBridge() (now removed) would leak any "template" string set as the bridge name. Its replacement networkFindUnusedBridgeName() doesn't leak the template string - it is properly freed.
-
- 02 4月, 2015 1 次提交
-
-
由 Ján Tomko 提交于
In the order of appearance: * MAX_LISTEN - never used added by 23ad665c (qemud) and addec57 (lock daemon) * NEXT_FREE_CLASS_ID - never used, added by 07d1b6b5 * virLockError - never used, added by eb8268a4 * OPENVZ_MAX_ARG, CMDBUF_LEN, CMDOP_LEN unused since the removal of ADD_ARG_LIT in d8b31306 * QEMU_NB_PER_CPU_STAT_PARAM - unused since 897808e7 * QEMU_CMD_PROMPT, QEMU_PASSWD_PROMPT - unused since 1dc10a7b * TEST_MODEL_WORDSIZE - unused since c25c18f7 * TEMPDIR - never used, added by 714bef5b * NSIG - workaround around old headers added by commit 60ed1d2a unused since virExec was moved by commit 02e86910 * DO_TEST_PARSE - never used, added by 9afa0060 * DIFF_MSEC, GETTIMEOFDAY - unused since eee6eb66
-
- 23 3月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
This function does not make any sense now, that network driver is (almost) dropped. I mean, previously, when threads were serialized, this function was there to check, if no other network with the same name or UUID exists. However, nowadays that threads can run more in parallel, this function is useless, in fact it gives misleading return values. Consider the following scenario. Two threads, both trying to define networks with same name but different UUID (e.g. because it was generated during XML parsing phase, whatever). Lets assume that both threads are about to call networkValidate() which immediately calls virNetworkObjIsDuplicate(). T1: calls virNetworkObjIsDuplicate() and since no network with given name or UUID exist, success is returned. T2: calls virNetworkObjIsDuplicate() and since no network with given name or UUID exist, success is returned. T1: calls virNetworkAssignDef() and successfully places its network into the virNetworkObjList. T2: calls virNetworkAssignDef() and since network with the same name exists, the network definition is replaced. Okay, this is mainly because virNetworkAssignDef() does not check whether name and UUID matches. Well, lets make it so! And drop useless function too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 11 3月, 2015 8 次提交
-
-
由 Michal Privoznik 提交于
This patch turns both virNetworkObjFindByUUID() and virNetworkObjFindByName() to return an referenced object so that even if caller unlocks it, it's for sure that object won't disappear meanwhile. Especially if the object (in general) is locked and unlocked during the caller run. Moreover, this commit is nicely small, since the object unrefing can be done in virNetworkObjEndAPI(). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Every API that touches internal structure of the object must lock the object first. Not every API that has the object as an argument needs to do that though. Some APIs just pass the object to lower layers which, however, must lock the object then. Look at the code, you'll get my meaning soon. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This is going to be needed later, when some functions already have the virNetworkObjList object already locked and need to lookup a object to work on. As an example of such function is virNetworkAssignDef(). The other use case might be in virNetworkObjListForEach() callback. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Later we can turn APIs to lock the object if needed instead of relying on caller to mutually exclude itself (probably done by locking a big lock anyway). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This is practically copy of qemuDomObjEndAPI. The reason why is it so widely available is to avoid code duplication, since the function is going to be called from our bridge driver, test driver and parallels driver too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
So far it's just a structure which happens to have 'Obj' in its name, but otherwise it not related to virObject at all. No reference counting, not virObjectLock(), nothing. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michael Chapman 提交于
Undefining a running, autostarted domain removes the autostart link, but dom->autostart is not cleared. If the domain is subsequently redefined, libvirt thinks it is already autostarted and will not create the link even if requested: # virsh dominfo example | grep Autostart Autostart: enable # ls /etc/libvirt/qemu/autostart/example.xml /etc/libvirt/qemu/autostart/example.xml # virsh undefine example Domain example has been undefined # virsh define example.xml Domain example defined from example.xml # virsh dominfo example | grep Autostart Autostart: enable # virsh autostart example Domain example marked as autostarted # ls /etc/libvirt/qemu/autostart/example.xml ls: cannot access /etc/libvirt/qemu/autostart/example.xml: No such file or directory This commit ensures dom->autostart is cleared whenever the config and autostart link (if present) are removed. The bridge network driver cleared this flag itself in networkUndefine. This commit moves this into virNetworkDeleteConfig for symmetry with virDomainDeleteConfig, and to ensure it is not missed in future network drivers. Signed-off-by: NMichael Chapman <mike@very.puzzling.org>
-
- 09 3月, 2015 6 次提交
-
-
由 Michal Privoznik 提交于
Now that all the code uses accessors, don't expose the structure anyway. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Well, one day this will be self-locking object, but not today. But lets prepare the code for that! Moreover, virNetworkObjListFree() is no longer needed, so turn it into virNetworkObjListDispose(). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
The API will iterate over the list of network object and remove desired ones from it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
An accessor following pattern laid out by virDomainObjList* APIs. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
An accessor following pattern laid out by virDomainObjList* APIs. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This API will be used in the future to call passed callback over each network object in the list. It's slightly different to its virDomainObjListForEach counterpart, because virDomainObjList uses a hash table to store domain object, while virNetworkObjList uses an array. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 04 3月, 2015 5 次提交
-
-
由 Michal Privoznik 提交于
It's returning virNetworkObjPtr after all. And it matches the pattern laid out by domain_conf.h. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
It's returning virNetworkObjPtr after all. And it matches the pattern laid out by domain_conf.h. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Instead of copying the whole object onto stack when calling the function, just pass the pointer to the object and save up some space on the stack. Moreover, this prepares the code to hide the virNetworkObjList structure into network_conf.c and use accessors only. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
All of our vir*Free() functions should accept NULL, even though that there's no way of actually passing NULL with current code. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This is probably a copy-paste error from virDomainObj* counterpart. But when speaking of virNetworkObj we should use variable @nets for an array of networks, rather than @doms. It's just confusing. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 26 2月, 2015 2 次提交
-
-
由 Ján Tomko 提交于
In virNetworkDHCPHostDefParseXML an error is reported when partialOkay == true, and none of ip, mac, name were supplied. Add the missing goto and error out in this case.
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1196503 We already check whether the host id is valid or not, add a jump to forbid invalid host id. Signed-off-by: NLuyao Huang <lhuang@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 24 2月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1151942 While the restriction doesn't have origin in any RFC, it matters to us while constructing the dnsmasq config file (or command line previously). For better picture, this is how the corresponding part of network XML look like: <dns> <forwarder addr='8.8.4.4'/> <txt name='example' value='example value'/> </dns> And this is how the config file looks like then: server=8.8.4.4 txt-record=example,example value Now we can see why there can't be any commas in the TXT name. They are used by dnsmasq to separate @name and @value. Funny, we have it in the documentation, but the code (which was pushed back in 2011) didn't reflect that. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 21 2月, 2015 1 次提交
-
-
由 Laine Stump 提交于
The function that parses the <forward> subelement of a network used to fail/log an error if the network definition contained both a <pf> element as well as at least one <interface> or <address> element. That check was present because the configuration of a network should have either one <pf>, one or more <interface>, or one or more <address>, but never combinations of multiple kinds. This caused a problem when libvirtd was restarted with a network already active - when a network with a <pf> element is started, the referenced PF (Physical Function of an SRIOV-capable network card) is checked for VFs (Virtual Functions), and the <forward> is filled in with a list of all VFs for that PF either in the form of their PCI addresses (a list of <address>) or their netdev names (a list of <interface>); the <pf> element is not removed though. When libvirtd is restarted, it parses the network status and finds both the original <pf> from the config, as well as the list of either <address> or <interface>, fails the parse, and the network is not added to the active list. This failure is often obscured because the network is marked as autostart so libvirt immediately restarts it. It seems odd to me that <interface> and <address> are stored in the same array rather than keeping two separate arrays, and having separate arrays would have made the check much simpler. However, changing to use two separate arrays would have required changes in more places, potentially creating more conflicts and (more importantly) more possible regressions in the event of a backport, so I chose to keep the existing data structure in order to localize the change. It appears that this problem has been in the code ever since support for <pf> was added (0.9.10), but until commit 34cc3b2f (first in libvirt 1.2.4) networks with interface pools were not properly marked as active on restart anyway, so there is no point in backporting this patch any further than that.
-
- 20 1月, 2015 1 次提交
-
-
由 Josh Stone 提交于
This adds a new "localOnly" attribute on the domain element of the network xml. With this set to "yes", DNS requests under that domain will only be resolved by libvirt's dnsmasq, never forwarded upstream. This was how it worked before commit f69a6b98, and I found that functionality useful. For example, I have my host's NetworkManager dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can easily resolve guest names from outside. But if libvirt's dnsmasq doesn't know a name and forwards it to the host, I'd get an endless forwarding loop. Now I can set localOnly="yes" to prevent the loop. Signed-off-by: NJosh Stone <jistone@redhat.com>
-
- 16 1月, 2015 2 次提交
-
-
由 Cédric Bosdonnat 提交于
Moving code for parsing and formatting network routes to networkcommon_conf helps reusing those routes for domains. The route definition has been hidden to help reducing the number of unnecessary checks in the format function.
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1182486 When updating a network and adding new ip-dhcp-host entry, the deamon may crash. The problem is, we iterate over existing <host/> entries trying to compare MAC addresses to see if there's already an existing rule. However, not all entries are required to have MAC address. For instance, the following is perfectly valid entry: <host id='00:04:58:fd:e4:15:1b:09:4c:0e:09:af:e4:d3:8c:b8:ca:1e' name='redhatipv6.redhat.com' ip='2001:db8:ca2:2::119'/> When the checking loop iterates over this, the entry's MAC address is accessed directly. Well, the fix is obvious - check if the address is defined before trying to compare it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 14 1月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
There's this function virNetDevBandwidthParse which parses the bandwidth XML snippet. But it's not clever much. For the following XML it allocates the virNetDevBandwidth structure even though it's completely empty: <bandwidth> </bandwidth> Later in the code there are some places where we check if bandwidth was set or not. And since we obtained pointer from the parsing function we think that it is when in fact it isn't. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 12月, 2014 2 次提交
-
-
由 Kyle DeFrancia 提交于
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=907779 A <dhcp> element can exist in only one IPv4 address and one IPv6 address per network. This patch enforces that in virNetworkUpdate.
-
由 Laine Stump 提交于
The macTableManager attribute of a network's bridge subelement tells libvirt how the bridge's MAC address table (used to determine the egress port for packets) is managed. In the default mode, "kernel", management is left to the kernel, which usually determines entries in part by turning on promiscuous mode on all ports of the bridge, flooding packets to all ports when the correct destination is unknown, and adding/removing entries to the fdb as it sees incoming traffic from particular MAC addresses. In "libvirt" mode, libvirt turns off learning and flooding on all the bridge ports connected to guest domain interfaces, and adds/removes entries according to the MAC addresses in the domain interface configurations. A side effect of turning off learning and unicast_flood on the ports of a bridge is that (with Linux kernel 3.17 and newer), the kernel can automatically turn off promiscuous mode on one or more of the bridge's ports (usually only the one interface that is used to connect the bridge to the physical network). The result is better performance (because packets aren't being flooded to all ports, and can be dropped earlier when they are of no interest) and slightly better security (a guest can still send out packets with a spoofed source MAC address, but will only receive traffic intended for the guest interface's configured MAC address). The attribute looks like this in the configuration: <network> <name>test</name> <bridge name='br0' macTableManager='libvirt'/> ... This patch only adds the config knob, documentation, and test cases. The functionality behind this knob is added in later patches.
-
- 02 12月, 2014 3 次提交
-
-
由 Ján Tomko 提交于
Partially reverts commit 5754dbd5. The code in the specfile adds a MAC address to every <bridge>, even for <forward mode='bridge'> for which we don't support changing MAC addresses. Remove it completely. For new networks, we have been adding MAC addresses on definition/creation since the commit mentioned above. For existing networks (pre-0.9.0), the MAC is added by this commit. https://bugzilla.redhat.com/show_bug.cgi?id=1156367
-
由 Ján Tomko 提交于
Libvirt's RPMs have been adding it to networks which don't support it. https://bugzilla.redhat.com/show_bug.cgi?id=1156367
-
由 Laine Stump 提交于
The function virNetworkObjListExport() in network_conf.c had a call to the public API virNetworkFree() which was causing a link error: CCLD libvirt_driver_vbox_network_impl.la ./.libs/libvirt_conf.a(libvirt_conf_la-network_conf.o): In function `virNetworkObjListExport': /home/laine/devel/libvirt/src/conf/network_conf.c:4496: undefined reference to `virNetworkFree' This would happen when I added #include "network_conf.h" into domain_conf.h, then attempted to call a new function from that file (and enum converter, similar to virNetworkForwardTypeToString()) In the end, virNetworkFree() ends up just calling virObjectUnref(obj) anyway (after clearing all pending errors, which we probably *don't* want to do in the cleanup of a utility function), so this is likely more correct than the original code as well.
-
- 15 11月, 2014 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 06 10月, 2014 1 次提交
-
-
由 Laine Stump 提交于
This new attribute will control whether or not libvirt will pay attention to guest notifications about changes to network device mac addresses and receive filters. The default for this is 'no' (for security reasons). If it is set to 'yes' *and* the specified device model and connection support it (currently only macvtap+virtio) then libvirt will watch for NIC_RX_FILTER_CHANGED events, and when it receives one, it will issue a query-rx-filter command, retrieve the result, and modify the host-side macvtap interface's mac address and unicast/multicast filters accordingly. The functionality behind this attribute will be in a later patch. This patch merely adds the attribute to the top-level of a domain's <interface> as well as to <network> and <portgroup>, and adds documentation and schema/xml2xml tests. Rather than adding even more test files, I've just added the net attribute in various applicable places of existing test files.
-
- 15 9月, 2014 1 次提交
-
-
由 Erik Skultety 提交于
When spanning tree protocol is allowed in bridge settings, forward delay value is set as well (default is 0 if omitted). Until now, there was no check for delay value validity. Delay makes sense only as a positive numerical value. Note: However, even if you provide positive numerical value, brctl utility only uses values from range <2,30>, so the number provided can be modified (kernel most likely) to fall within this range. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1125764
-
- 11 9月, 2014 1 次提交
-
-
由 John Ferlan 提交于
The code compares def->forwarders when deciding to return 0 at a couple of points, then uses "def->nfwds" as a way to index into the def->forwarders array. That reference results in Coverity complaining that def->forwarders being NULL was checked as part of an arithmetic OR operation where failure could be any one 5 conditions, but that is not checked when entering the loop to dereference the array. Changing the comparisons to use nfwds will clear the warnings Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-