- 21 12月, 2012 6 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 04 12月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
Currently to deal with auto-shutdown libvirtd must periodically poll all stateful drivers. Thus sucks because it requires acquiring both the driver lock and locks on every single virtual machine. Instead pass in a "inhibit" callback to virStateInitialize which drivers can invoke whenever they want to inhibit shutdown due to existance of active VMs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The only important state that should prevent libvirtd shutdown is from running VMs. Networks, host devices, network filters and storage pools are all long lived resources that have no significant in-memory state. They should not block shutdown.
-
- 30 11月, 2012 2 次提交
-
-
由 Ján Tomko 提交于
Also removed some unreachable code found by coverity: libvirt-0.10.2/src/nwfilter/nwfilter_driver.c:259: unreachable: This code cannot be reached: "nwfilterDriverUnlock(driver...".
-
由 Daniel P. Berrange 提交于
The virStateInitialize method and several cgroups methods were using an 'int privileged' parameter or similar for dual-state values. These are better represented with the bool type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 11月, 2012 2 次提交
-
-
由 Eric Blake 提交于
Commit cb022152 went overboard and introduced a dead conditional while trying to get rid of a potential NULL dereference. * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqNew): Remove redundant conditional.
-
由 Ján Tomko 提交于
This can't lead to a crash since virNWFilterSnoopReqNew is only called with a static array as the argument, but if we check for NULL we should do it right.
-
- 02 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt coding standard is to use 'function(...args...)' instead of 'function (...args...)'. A non-trivial number of places did not follow this rule and are fixed in this patch. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 17 9月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Simply returns the object list. No filtering. src/nwfilter/nwfilter_driver.c: Implement listAllNWFilters
-
- 15 9月, 2012 1 次提交
-
-
由 Dwight Engen 提交于
virNWFilterSnoopAdjustPoll() uses a struct pollfd but poll.h is never included nwfilter/nwfilter_dhcpsnoop.c:1297: error: 'struct pollfd' declared inside parameter list
-
- 07 9月, 2012 2 次提交
-
-
由 Eric Blake 提交于
Commit 2a41bc95 dropped a dependency on gawk, but we can go one step further and avoid awk altogether. * src/nwfilter/nwfilter_ebiptables_driver.c (iptablesLinkIPTablesBaseChain): Simplify command. (ebiptablesDriverInit, ebiptablesDriverShutdown): Drop awk probe.
-
由 Eric Blake 提交于
FreeBSD and OpenBSD have a <net/if.h> that is not self-contained; and mingw lacks the header altogether. But gnulib has just taken care of that for us, so we might as well simplify our code. In the process, I got a syntax-check failure if we don't also take the gnulib execinfo module. * .gnulib: Update to latest, for execinfo and net_if. * bootstrap.conf (gnulib_modules): Add execinfo and net_if modules. * configure.ac: Let gnulib check for headers. Simplify check for 'struct ifreq', while also including enough prereq headers. * src/internal.h (IF_NAMESIZE): Drop, now that gnulib guarantees it. * src/nwfilter/nwfilter_learnipaddr.h: Use correct header for IF_NAMESIZE. * src/util/virnetdev.c (includes): Assume <net/if.h> exists. * src/util/virnetdevbridge.c (includes): Likewise. * src/util/virnetdevtap.c (includes): Likewise. * src/util/logging.c (includes): Assume <execinfo.h> exists. (virLogStackTraceToFd): Handle gnulib's fallback implementation.
-
- 31 8月, 2012 3 次提交
-
-
由 Stefan Berger 提交于
Adapt the IP learning code to also accept broadcasted DHCP replies
-
由 Stefan Berger 提交于
Some DHCP servers send their DHCP replies to the broadcast MAC address rather than to the MAC address of the VM. The existing DHCP snooping code assumes that the reply always goes to the MAC address of the VM thus filtering the traffic of some DHCP servers' replies. The below patch adapts the code to 1) filter DHCP replies by comparing the MAC address in the reply against the MAC address of the VM (held in the snoop request) 2) adapts the pcap filter for traffic towards the VM to accept DHCP replies sent to any MAC address; for further filtering we rely on 1) 3) creates initial rules that are active while waiting for DHCP replies; these rules now accept DHCP replies to the VM's MAC address or to the MAC broadcast address
-
由 Stefan Berger 提交于
The loop processing the trusted DHCP server generated one too many rules and added one final rules that accepted responses from all DHCP servers. Below patch fixes this.
-
- 29 8月, 2012 2 次提交
-
-
由 Peter Krempa 提交于
To silence error if DBus support is not compiled in.
-
由 Guido Günther 提交于
Fedora uses gawk as awk so there's no change and in behavior while Debian/Ubuntu use mawk by default. This was reported by Luca Capello in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636712
-
- 24 8月, 2012 1 次提交
-
-
由 Laine Stump 提交于
The original patch to support firewalld in nwfilter wasn't personally checking the exit status of firewall-cmd, but was instead sending NULL in the *exitstatus arg, which meant that virCommandWait would log an error just for the exit status being non-0 (and a "more scary than useful" error at that). We don't want to treat this as an error, though, just as a reason to use standard (ip|eb)tables commands instead of firewall-cmd. This patch modifies the virCommandRun in the nwfilter code to request status back from the caller. This avoids virCommandWait logging an error message, and allows the caller to do as it likes after examining the status. The VIR_DEBUG() logged when firewalld is enabled has also been reworded and changed to a VIR_INFO, and a similar VIR_INFO has been added in the case that firewalld is *not* found+enabled.
-
- 22 8月, 2012 1 次提交
-
-
由 Stefan Berger 提交于
This patch provides basic support for using firewalld's firewall-cmd rather than then plain eb/ip(6)tables commands.
-
- 10 8月, 2012 1 次提交
-
-
由 Stefan Berger 提交于
Remove the target table before renaming a table to it, i.e., remove table B before renaming A to B. This makes the renaming more robust against unconnected left-over tables.
-
- 02 8月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
There are a few issues with the current virAtomic APIs - They require use of a virAtomicInt struct instead of a plain int type - Several of the methods do not implement memory barriers - The methods do not implement compiler re-ordering barriers - There is no Win32 native impl The GLib library has a nice LGPLv2+ licensed impl of atomic ops that works with GCC, Win32, or pthreads.h that addresses all these problems. The main downside to their code is that the pthreads impl uses a single global mutex, instead of a per-variable mutex. Given that it does have a Win32 impl though, we don't expect anyone to seriously use the pthread.h impl, so this downside is not significant. * .gitignore: Ignore test case * configure.ac: Check for which atomic ops impl to use * src/Makefile.am: Add viratomic.c * src/nwfilter/nwfilter_dhcpsnoop.c: Switch to new atomic ops APIs and plain int datatype * src/util/viratomic.h: inline impls of all atomic ops for GCC, Win32 and pthreads * src/util/viratomic.c: Global pthreads mutex for atomic ops * tests/viratomictest.c: Test validate to validate safety of atomic ops. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 27 7月, 2012 1 次提交
-
-
由 Eric Blake 提交于
Any time we have a string with no % passed through gettext, a translator can inject a % to cause a stack overread. When there is nothing to format, it's easier to ask for a string that cannot be used as a formatter, by using a trivial "%s" format instead. In the past, we have used --disable-nls to catch some of the offenders, but that doesn't get run very often, and many more uses have crept in. Syntax check to the rescue! The syntax check can catch uses such as virReportError(code, _("split " "string")); by using a sed script to fold context lines into one pattern space before checking for a string without %. This patch is just mechanical insertion of %s; there are probably several messages touched by this patch where we would be better off giving the user more information than a fixed string. * cfg.mk (sc_prohibit_diagnostic_without_format): New rule. * src/datatypes.c (virUnrefConnect, virGetDomain) (virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface) (virUnrefInterface, virGetStoragePool, virUnrefStoragePool) (virGetStorageVol, virUnrefStorageVol, virGetNodeDevice) (virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter) (virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper. * src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters) (lxcDomainGetBlkioParameters): Likewise. * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML) (virDomainDiskDefParseXML, virDomainGraphicsDefParseXML): Likewise. * src/conf/network_conf.c (virNetworkDNSHostsDefParseXML) (virNetworkDefParseXML): Likewise. * src/conf/nwfilter_conf.c (virNWFilterIsValidChainName): Likewise. * src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple) (virNWFilterVarAccessParse): Likewise. * src/libvirt.c (virDomainSave, virDomainSaveFlags) (virDomainRestore, virDomainRestoreFlags) (virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML) (virDomainCoreDump, virDomainGetXMLDesc) (virDomainMigrateVersion1, virDomainMigrateVersion2) (virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2) (virStreamSendAll, virStreamRecvAll) (virDomainSnapshotGetXMLDesc): Likewise. * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel) (virNWFilterDHCPSnoopReq): Likewise. * src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise. * src/openvz/openvz_util.c (openvzKBPerPages): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise. * src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr) (qemuBuildCommandLine): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise. * src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity): Likewise. * src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX) (virNetSocketSendFD, virNetSocketRecvFD): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool): Likewise. * src/storage/storage_backend_fs.c (virStorageBackendFileSystemProbe) (virStorageBackendFileSystemBuild): Likewise. * src/storage/storage_backend_rbd.c (virStorageBackendRBDOpenRADOSConn): Likewise. * src/storage/storage_driver.c (storageVolumeResize): Likewise. * src/test/test_driver.c (testInterfaceChangeBegin) (testInterfaceChangeCommit, testInterfaceChangeRollback): Likewise. * src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise. * src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr): Likewise. * src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk) (xenFormatXM): Likewise.
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 21 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Running libvirtd unprivileged results in a warning message from the NWFilter driver virNWFilterSnoopLeaseFileRefresh:1882 : open("/var/run/libvirt/network/nwfilter.ltmp"): No such file or directory Since it requires privileged network access, this driver should not even run when unprivileged. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 19 7月, 2012 3 次提交
-
-
由 Daniel P. Berrange 提交于
Update the network filter driver to use virReportError instead of the virNWFilterReportError custom macro Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
This removes all the per-file error reporting macros from the code in src/conf/ Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 17 7月, 2012 3 次提交
-
-
由 Michal Privoznik 提交于
My previous patch wasn't complete as it converted from (unsigned char *) to (virMacAddrPtr *). It should be (virMacAddrPtr) only.
-
由 Michal Privoznik 提交于
The previous commit (387117ad) was incomplete leaving those who does not use libpcap with uncompilable sources beacuse of incomplete conversion of virNWFilterDHCPSnoopReq function.
-
由 Stefan Berger 提交于
Introduce new members in the virMacAddr 'class' - virMacAddrSet: set virMacAddr from a virMacAddr - virMacAddrSetRaw: setting virMacAddr from raw 6 byte MAC address buffer - virMacAddrGetRaw: writing virMacAddr into raw 6 byte MAC address buffer - virMacAddrCmp: comparing two virMacAddr - virMacAddrCmpRaw: comparing a virMacAddr with a raw 6 byte MAC address buffer then replace raw MAC addresses by replacing - 'unsigned char *' with virMacAddrPtr - 'unsigned char ... [VIR_MAC_BUFLEN]' with virMacAddr and introduce usage of above functions where necessary.
-
- 15 6月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
When libpcap is not available, the NWFilter driver provides a no-op stub for the DHCP snooping initialization. This was mistakenly returning '-1' instead of '0', so the entire driver initialization failed
-
- 02 6月, 2012 3 次提交
-
-
由 Stefan Berger 提交于
With support for multiple IP addresses per interface in place, this patch now adds support for multiple IP addresses per interface for the DHCP snooping code. Testing: Since the infrastructure I tested this with does not provide multiple IP addresses per MAC address (anymore), I either had to plug the VM's interface from the virtual bride connected directly to the infrastructure to virbr0 to get a 2nd IP address from dnsmasq (kill and run dhclient inside the VM) or changed the lease file (/var/run/libvirt/network/nwfilter.leases) and restart libvirtd to have a 2nd IP address on an existing interface. Note that dnsmasq can take a lease timeout parameter as part of the --dhcp-range command line parameter, so that timeouts can be tested that way (--dhcp-range 192.168.122.2,192.168.122.254,120). So, terminating and restarting dnsmasq with that parameter is another choice to watch an IP address disappear after 120 seconds. Regards, Stefan
-
由 Stefan Berger 提交于
The goal of this patch is to prepare for support for multiple IP addresses per interface in the DHCP snooping code. Move the code for the IP address map that maps interface names to IP addresses into their own file. Rename the functions on the way but otherwise leave the code as-is. Initialize this new layer separately before dependent layers (iplearning, dhcpsnooping) and shut it down after them.
-
由 Stefan Berger 提交于
This patch adds DHCP snooping support to libvirt. The learning method for IP addresses is specified by setting the "CTRL_IP_LEARNING" variable to one of "any" [default] (existing IP learning code), "none" (static only addresses) or "dhcp" (DHCP snooping). Active leases are saved in a lease file and reloaded on restart or HUP. The following interface XML activates and uses the DHCP snooping: <interface type='bridge'> <source bridge='virbr0'/> <filterref filter='clean-traffic'> <parameter name='CTRL_IP_LEARNING' value='dhcp'/> </filterref> </interface> All filters containing the variable 'IP' are automatically adjusted when the VM receives an IP address via DHCP. However, multiple IP addresses per interface are silently ignored in this patch, thus only supporting one IP address per interface. Multiple IP address support is added in a later patch in this series. Signed-off-by: NDavid L Stevens <dlstevens@us.ibm.com> Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-