- 30 3月, 2010 22 次提交
-
-
由 Stefan Berger 提交于
This patch changes the network filtering code to use libvirt's existing IPv4 and IPv6 address parsers/printers rather than my self-written ones. I am introducing a new function in network.c that counts the number of bits in a netmask and ensures that the given address is indeed a netmask, return -1 on error or values of 0-32 for IPv4 addresses and 0-128 for IPv6 addresses. I then based the function checking for valid netmask on invoking this function.
-
由 Stefan Berger 提交于
This patch adds IPv6 filtering support for the following protocols: - tcp-ipv6 - udp-ipv6 - udplite-ipv6 - esp-ipv6 - ah-ipv6 - sctp-ipv6 - all-ipv6 - icmpv6 Many of the IPv4 data structure could be re-used for IPv6 support. Since ip6tables also supports pretty much the same command line parameters as iptables does, also much of the code could be re-used and now command lines are invoked with the ip(6)tables tool parameter passed through the functions as a parameter.
-
由 Stefan Berger 提交于
This patch removes the driver dependency from nwfilter_conf.c and moves a callback function calling into the driver into nwfilter_gentech_driver.c and passes a pointer to that callback function upon initialization of nwfilter_conf.c.
-
由 Stefan Berger 提交于
This patch adds filtering support for the so-far missing protocols 'ah', 'esp' and 'udplite'.
-
由 Daniel Veillard 提交于
* daemon/libvirtd.c: we should error out only if virHookInitialize() return value is negative
-
由 Laine Stump 提交于
Since the timers are defined to cover all possible config cases for several different hypervisors, many of these possibilities generate an error on qemu. Here is what is currently supported: RTC: If the -rtc commandline option is available, allow setting "clock=host" or "clock=vm" based on the rtc timer clock='host|guest' value. Also add "driftfix=slew" if the tickpolicy is 'catchup', or add nothing if tickpolicy is 'delay'. (Other tickpolicies will raise an error). If -rtc isn't available, but -rtc-td-hack is, add that option if the tickpolicy is 'catchup', add -rtc-td-hack, if it is 'delay' add nothing, and if it's anything else, raise an error. PIT: If -no-kvm-pit-reinjection is available, and tickpolicy is 'delay', add that option. if tickpolicy is 'catchup', do nothing. Anything else --> raise an error. If -no-kvm-pit-reinjection *isn't* available, but -tdf is, when tickpolicy is 'catchup' add -tdf. If it's 'delay', do nothing. Anything else --> raise an error. If neither of those commandline options is available, and tickpolicy is anything other than 'delay' (or unspecified), raise an error. HPET: If -no-hpet flag is available and present='no', add -no-hpet. If -no-hpet is not available, and present='yes', raise an error. If present is unspecified, the default is to do whatever this particular qemu does by default, so don't raise an error. All other timer types are unsupported by QEMU, so they will raise an error. * src/qemu/qemu_conf.c: extend qemuBuildClockArgStr() to generate the command line arguments for the new options
-
由 Laine Stump 提交于
* src/qemu/qemu_conf.h: define 4 new flags * src/qemu/qemu_conf.c: check the help text of qemu for presence of features indicated by each flag. * tests/qemuhelptest.c: add appropriate flags into the masks for each test
-
由 Laine Stump 提交于
timers are sub-elements of clocks. A clock can have zero or more instances of timer. Within the timer, only the name attribute is required; all other attributes are optional. A simpler representation of a timer element is: <timer name='platform|pit|rtc|hpet|tsc' wallclock='host|guest' tickpolicy='delay|catchup|merge|discard' frequency='123' mode='auto|native|emulate|paravirt' present='yes|no'/> frequency is a ulong. All other attributes are simple enums.
-
由 Laine Stump 提交于
This extension is described in http://www.redhat.com/archives/libvir-list/2010-March/msg00304.html Currently all attributes are optional, except name. * src/conf/domain_conf.h: add data definition for virDomainTimerDef and add a list of them to virDomainClockDef * src/conf/domain_conf.c: XML parser and formatter for a timer inside a clock * src/libvirt_private.syms: add new Timer enum helper functions to symbols
-
由 Daniel P. Berrange 提交于
The QEMU cpu affinity is used in NUMA scenarios to ensure that guest memory is allocated from a specific node. Normally memory is allocate on demand in vCPU threads, but when using hugepages the initial thread leader allocates memory upfront. libvirt was not setting affinity of the thread leader, or I/O threads. This patch changes the code to set the process affinity in between the fork()/exec() of QEMU. This ensures that every single QEMU thread gets the affinity * src/qemu/qemu_driver.c: Set affinity on entire QEMU process at startup
-
由 Daniel Veillard 提交于
Laine Stump, Stefan Berger, Eric Blake now have commit rights !
-
由 Eric Blake 提交于
Common Unix practice is to prefer VISUAL over EDITOR, particularly if the editor of choice spawns a new window. Thus, it is also common to see settings like EDITOR='emacs -nw', with the expectation that the shell will parse this as an argument to 'emacs' and not try to invoke a file containing a space. If a user puts junk in EDITOR, they deserve what they get (much more than virsh will misbehave); furthermore, sudo scrubs EDITOR by default. So the blind use of metacharacters in EDITOR should not be considered too much of a security issue. * tools/virsh.c (editFile): Prefer VISUAL over EDITOR. Don't reject shell metacharacters in EDITOR. * tools/virsh.pod (edit, net-edit, ENVIRONMENT): Document VISUAL. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=487738.
-
由 Eric Blake 提交于
* tools/virsh.pod: (DESCRIPTION): Improve grammar. Mention other drivers. (ENVIRONMENT): Document EDITOR. (COPYRIGHT): Bump.
-
由 Stefan Berger 提交于
This patch adds a dummy nwfilter driver to the test driver so that the int-overflow test passes without modifications.
-
由 Stefan Berger 提交于
This patch fixes the 'make check' runs for me which, under certain circumstances and login configurations, did invoke popups requesting authentication. I removed the parameter conn from being passed into the error reporting function. * src/conf/nwfilter_conf.h src/conf/nwfilter_conf.c: remove conn from error reporting parameters.
-
由 Daniel Veillard 提交于
-
由 Daniel Veillard 提交于
Right now this implements only 2 basic hooks: - before the lxc control process is being launched - after the lxc control process is terminated the XML description of the domain is passed to the hook script stdin /etc/libvirt/hook/lxc * src/lxc/lxc_driver.c: implement synchronous script hooks for LXC at domain startup and end
-
由 Daniel Veillard 提交于
Right now this implements only 2 basic hooks: - before the qemu process is being launched - after the qemu process is terminated the XML description of the domain is passed to the hook script stdin /etc/libvirt/hook/qemu * src/qemu/qemu_driver.c: implement synchronous script hooks for QEmu at domain startup and end
-
由 Daniel Veillard 提交于
It supports 3 kind of probing times, at daemon startup, when the daemon reloads its drivers on SIGHUP and when the daemon exits * daemon/libvirtd.c: daemon hooks for startup, reload and exit
-
由 Daniel Veillard 提交于
This exports 3 basic routines: - virHookInitialize() initializing the hook support by looking for scripts availability - virHookPresent() used to test if there is a hook for a given driver - virHookCall() which actually calls a synchronous script hook with the needed parameters Note that this doesn't expose any public API except for the locations and arguments passed to the scripts * src/Makefile.am: add the 2 new files * src/util/hooks.h src/util/hooks.c: implements the 3 functions * src/libvirt_private.syms: export the 3 symbols internally * po/POTFILES.in: add src/util/hooks.c to translatables modules
-
由 Daniel Veillard 提交于
* include/libvirt/virterror.h: add VIR_FROM_HOOK and VIR_ERR_HOOK_SCRIPT_FAILED * src/util/virterror.c: associated strings
-
由 Daniel Veillard 提交于
used to read the data from virExec stdout/err file descriptors * src/util/util.c src/util/util.h: not static anymore and export it * src/libvirt_private.syms: allow access internally
-
- 27 3月, 2010 18 次提交
-
-
由 Jiri Denemark 提交于
This flag is used in migration prepare step to send updated XML definition of a guest. Also ``virsh dumpxml --update-cpu [--inactive] guest'' command can be used to see the updated CPU requirements.
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
Useful mainly for migration. cpuUpdate changes guest CPU requirements in the following way: - match == "strict" || match == "exact" - optional features which are supported by host CPU are changed into required features - optional features which are not supported by host CPU are disabled - all other features remain untouched - match == "minimum" - match is changed into "exact" - optional features and all features not mentioned in guest CPU specification which are supported by host CPU become required features - other optional features are disabled - all other features remain untouched This ensures that no feature will suddenly disappear from the guest after migration.
-
由 Jiri Denemark 提交于
When a domain is defined on host1, migrated to host2 and then migrated back to host1, its current configuration would overwrite the libvirtd's in-memory copy of persistent configuration of that domain. This is not desired as we want to preserve the persistent configuration untouched. This patch introduces new 'live' parameter to virDomainAssignDef. Passing 'true' for 'live' means the configuration passed to virDomainAssignDef describes a configuration of live instance of the domain. This applies for saved domains which are being restored or for incoming domains during migration. All callers have been changed to pass the appropriate value.
-
由 Jim Meyering 提交于
* src/conf/nwfilter_conf.h: Indent cpp directives. * src/conf/nwfilter_params.h: Likewise. * src/datatypes.h: Likewise. * src/nwfilter/nwfilter_driver.h: Likewise. * src/nwfilter/nwfilter_ebiptables_driver.h: Likewise. * src/nwfilter/nwfilter_gentech_driver.h: Likewise.
-
由 David Allan 提交于
* Fixes per feedback from Dan and Daniel * Added test datafiles * Re-disabled JSON flags * Added code to print the error policy attribute when generating XML * Re-add empty tag
-
由 Eric Blake 提交于
My prior patch forced an autogen.sh run, and I was surprised that the suggested './autogen.sh' lost the fact that I had previously used './autogen.sh -C' for speed. * autogen.sh: Use config.status, if present and there were no arguments. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Picks up fixes for gethostname compilation problems on mingw. * .gnulib: Update to latest. * build-aux/.gitignore: Regenerate. * cfg.mk (local-checks-to-skip): Avoid new test not relevent to libvirt.
-
由 Stefan Berger 提交于
This patch adds some example filters to libvirt. They are automatically installed into the proper directory for libvirt to pick them up.
-
由 Stefan Berger 提交于
This patch adds support for L3/L4 filtering using iptables. This adds support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering. As mentioned in the introduction, a .c file provided by this patch is #include'd into a .c file. This will need work, but should be alright for review. Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch adds IPv6 support for the ebtables layer. Since the parser etc. are all parameterized, it was fairly easy to add this... Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
Add support for Qemu to have firewall rules applied and removed on VM startup and shutdown respectively. This patch also provides support for the updating of a filter that causes all VMs that reference the filter to have their ebtables/iptables rules updated. Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch implements the core driver and provides - management functionality for managing the filter XMLs - compiling the internal filter representation into ebtables rules - applying ebtables rules on a network (tap,macvtap) interface - tearing down ebtables rules that were applied on behalf of an interface - updating of filters while VMs are running and causing the firewalls to be rebuilt - other bits and pieces Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch adds XML processing for the network filter schema and extends the domain XML processing to parse the top level referenced filter along with potentially provided parameters Signed-off-by: NStefan Berger <stefanb@us.ibm.com> Signed-off-by: NGerhard Stenzel <gerhard.stenzel@de.ibm.com>
-
由 Stefan Berger 提交于
This patch adds virsh support for the five new CLI commands to manage network filters. Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch adds the definition of the wire format for RPC calls and implementation of the RPC client & server code Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch adds the implementation of the public API for the network filtering (ACL) extensions to libvirt.c . Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-
由 Stefan Berger 提交于
This patch adds the internal API extensions for network filtering (ACL) support. Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
-