- 29 10月, 2010 1 次提交
-
-
由 Lai Jiangshan 提交于
When we mount any cgroup without "-o devices", we will fail to start vms: error: Failed to start domain vm1 error: Unable to deny all devices for vm1: No such file or directory When we mount any cgroup without "-o cpu", we will fail to get schedinfo: Scheduler : posix error: unable to get cpu shares tunable: No such file or directory We should only use the cgroup controllers which are mounted on host. So I add virCgroupMounted() for qemuCgroupControllerActive() Signed-off-by: NLai Jiangshan <laijs@cn.fujitsu.com>
-
- 28 10月, 2010 2 次提交
-
-
由 Matthias Bolte 提交于
Commit 9bd3cce0 added virFork and virDriverLoadModule to libvirt_private.syms, but virFork didn't have a body on Win32 and virDriverLoadModule was already correctly exported conditional via libvirt_driver_modules.syms.
-
由 Daniel P. Berrange 提交于
Add a helper API for ecscaping the value in audit log messages * src/util/virtaudit.h, src/util/virtaudit.c, src/libvirt_private.syms: Add virAuditEncode
-
- 22 10月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
The getnameinfo() function is more flexible than inet_ntop() avoiding the need to if/else the code based on socket family. Also make it support UNIX socket addrs and allow inclusion of a port (service) address. Finally do proper error reporting via normal APIs. * src/conf/domain_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c, src/qemu/qemu_conf.c: Fix error handling with virSocketFormat * src/util/network.c: Rewrite virSocketFormat to use getnameinfo and cope with UNIX socket addrs.
-
- 21 10月, 2010 1 次提交
-
-
由 Eric Blake 提交于
* src/libvirt_private.syms: Sort by header name, then within header, and drop duplicate virNetworkDefParseNode, virFileLinkPointsTo and virXPathBoolean.
-
- 20 10月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt_util.la library was mistakenly linked into libvirtd directly. Since libvirt_util.la is already linked to libvirt.so, this resulted in libvirtd getting two copies of the code and more critically 2 copies of static global variables. Testing in turn exposed a issue with loadable modules. The gnulib replacement functions are not exported to loadable modules. Rather than trying to figure out the name sof all gnulib functions & export them, just linkage all loadable modules against libgnu.la statically. * daemon/Makefile.am: Remove linkage of libvirt_util.la and libvirt_driver.la * src/Makefile.am: Link driver modules against libgnu.la * src/libvirt.c: Don't try to load modules which were compiled out * src/libvirt_private.syms: Export all other internal symbols that are required by drivers
-
- 19 10月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here. There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were. I also dare to declare close() as being deprecated in libvirt code base (HACKING).
-
- 13 10月, 2010 3 次提交
-
-
由 Daniel P. Berrange 提交于
This enables support for nested SVM using the regular CPU model/features block. If the CPU model or features include 'svm', then the '-enable-nesting' flag will be added to the QEMU command line. Latest out of tree patches for nested 'vmx', no longer require the '-enable-nesting' flag. They instead just look at the cpu features. Several of the models already include svm support, but QEMU was just masking out the svm bit silently. So this will enable SVM on such models * src/qemu/qemu_conf.h: flag for -enable-nesting * src/qemu/qemu_conf.c: Use -enable-nesting if VMX or SVM are in the CPUID * src/cpu/cpu.h, src/cpu/cpu.c: API to check for a named feature * src/cpu/cpu_x86.c: x86 impl of feature check * src/libvirt_private.syms: Add cpuHasFeature * src/qemuhelptest.c: Add nesting flag where required
-
由 Stefan Berger 提交于
This is from a bug report and conversation on IRC where Soren reported that while a filter update is occurring on one or more VMs (due to a rule having been edited for example), a deadlock can occur when a VM referencing a filter is started. The problem is caused by the two locking sequences of qemu driver, qemu domain, filter # for the VM start operation filter, qemu_driver, qemu_domain # for the filter update operation that obviously don't lock in the same order. The problem is the 2nd lock sequence. Here the qemu_driver lock is being grabbed in qemu_driver:qemudVMFilterRebuild() The following solution is based on the idea of trying to re-arrange the 2nd sequence of locks as follows: qemu_driver, filter, qemu_driver, qemu_domain and making the qemu driver recursively lockable so that a second lock can occur, this would then lead to the following net-locking sequence qemu_driver, filter, qemu_domain where the 2nd qemu_driver lock has been ( logically ) eliminated. The 2nd part of the idea is that the sequence of locks (filter, qemu_domain) and (qemu_domain, filter) becomes interchangeable if all code paths where filter AND qemu_domain are locked have a preceding qemu_domain lock that basically blocks their concurrent execution So, the following code paths exist towards qemu_driver:qemudVMFilterRebuild where we now want to put a qemu_driver lock in front of the filter lock. -> nwfilterUndefine() [ locks the filter ] -> virNWFilterTestUnassignDef() -> virNWFilterTriggerVMFilterRebuild() -> qemudVMFilterRebuild() -> nwfilterDefine() -> virNWFilterPoolAssignDef() [ locks the filter ] -> virNWFilterTriggerVMFilterRebuild() -> qemudVMFilterRebuild() -> nwfilterDriverReload() -> virNWFilterPoolLoadAllConfigs() ->virNWFilterPoolObjLoad() -> virNWFilterPoolAssignDef() [ locks the filter ] -> virNWFilterTriggerVMFilterRebuild() -> qemudVMFilterRebuild() -> nwfilterDriverStartup() -> virNWFilterPoolLoadAllConfigs() ->virNWFilterPoolObjLoad() -> virNWFilterPoolAssignDef() [ locks the filter ] -> virNWFilterTriggerVMFilterRebuild() -> qemudVMFilterRebuild() Qemu is not the only driver using the nwfilter driver, but also the UML driver calls into it. Therefore qemuVMFilterRebuild() can be exchanged with umlVMFilterRebuild() along with the driver lock of qemu_driver that can now be a uml_driver. Further, since UML and Qemu domains can be running on the same machine, the triggering of a rebuild of the filter can touch both types of drivers and their domains. In the patch below I am now extending each nwfilter callback driver with functions for locking and unlocking the (VM) driver (UML, QEMU) and introduce new functions for locking all registered callback drivers and unlocking them. Then I am distributing the lock-all-cbdrivers/unlock-all-cbdrivers call into the above call paths. The last shown callpath starting with nwfilterDriverStart() is problematic since it is initialize before the Qemu and UML drives are and thus a lock in the path would result in a NULL pointer attempted to be locked -- the call to virNWFilterTriggerVMFilterRebuild() is never called, so we never lock either the qemu_driver or the uml_driver in that path. Therefore, only the first 3 paths now receive calls to lock and unlock all callback drivers. Now that the locks are distributed where it matters I can remove the qemu_driver and uml_driver lock from qemudVMFilterRebuild() and umlVMFilterRebuild() and not requiring the recursive locks. For now I want to put this out as an RFC patch. I have tested it by 'stretching' the critical section after the define/undefine functions each lock the filter so I can (easily) concurrently execute another VM operation (suspend,start). That code is in this patch and if you want you can de-activate it. It seems to work ok and operations are being blocked while the update is being done. I still also want to verify the other assumption above that locking filter and qemu_domain always has a preceding qemu_driver lock.
-
由 Nikunj A. Dadhania 提交于
Provides interfaces for setting/getting memory tunables like hard_limit, soft_limit and swap_hard_limit
-
- 12 10月, 2010 1 次提交
-
-
由 Eric Blake 提交于
Commit 1fe2927a forgot to export a symbol. * src/libvirt_private.syms (virHexToBin): Add. * src/.gitignore: Ignore temporary file.
-
- 07 10月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
The patch below extends the XML parser and generator so that every l3 protocol now can have a state attribute.
-
- 25 8月, 2010 1 次提交
-
-
由 Soren Hansen 提交于
Other drivers will need this same functionality, so move it to up to conf/domain_conf.c and give it a more general name. Signed-off-by: NSoren Hansen <soren@linux2go.dk>
-
- 02 8月, 2010 1 次提交
-
-
由 Laine Stump 提交于
This patch attempts to take advantage of a newly added netfilter module to correct for a problem with some guest DHCP client implementations when used in conjunction with a DHCP server run on the host systems with packet checksum offloading enabled. The problem is that, when the guest uses a RAW socket to read the DHCP response packets, the checksum hasn't yet been fixed by the IP stack, so it is incorrect. The fix implemented here is to add a rule to the POSTROUTING chain of the mangle table in iptables that fixes up the checksum for packets on the virtual network's bridge that are destined for the bootpc port (ie "dhcpc", ie port 68) port on the guest. Only very new versions of iptables will have this support (it will be in the next upstream release), so a failure to add this rule only results in a warning message. The iptables patch is here: http://patchwork.ozlabs.org/patch/58525/ A corresponding kernel module patch is also required (the backend of the iptables patch) and that will be in the next release of the kernel.
-
- 29 7月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
Enable specifying a virtio console device with: <console type='pty'> <target type='virtio'/> </console>
-
- 24 7月, 2010 1 次提交
-
-
由 Chris Lalancette 提交于
Add the library entry point for the new virDomainQemuMonitorCommand() entry point. Because this is not part of the "normal" libvirt API, it gets its own header file, library file, and will eventually get its own over-the-wire protocol later in the series. Changes since v1: - Go back to using the virDriver table for qemuDomainMonitorCommand, due to linking issues - Added versioning information to the libvirt-qemu.so Changes since v2: - None Changes since v3: - Add LGPL header to libvirt-qemu.c - Make virLibConnError and virLibDomainError macros instead of function calls Changes since v4: - Move exported symbols to libvirt_qemu.syms Signed-off-by: NChris Lalancette <clalance@redhat.com>
-
- 21 7月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
To allow compatibility with older QEMU PCI device slot assignment it is necessary to explicitly track the balloon device in the XML. This introduces a new device <memballoon model='virtio|xen'/> It can also have a PCI address, auto-assigned if necessary. The memballoon will be automatically added to all Xen and QEMU guests by default. * docs/schemas/domain.rng: Add <memballoon> element * src/conf/domain_conf.c, src/conf/domain_conf.h: parsing and formatting for memballoon device. Always add a memory balloon device to Xen/QEMU if none exists in XML * src/libvirt_private.syms: Export memballoon model APIs * src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Honour the PCI device address in memory balloon device * tests/*: Update to test new functionality
-
- 20 7月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
There is duplicated code which iterates over disk backing stores performing some action. Provide a convenient helper for doing this to eliminate duplication & risk of mistakes with disk format probing * src/conf/domain_conf.c, src/conf/domain_conf.h, src/libvirt_private.syms: Add virDomainDiskDefForeachPath()
-
- 19 7月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virStorageFileGetMetadataFromFD did two jobs in one. First it probed for storage type, then it extracted metadata for the type. It is desirable to be able to separate these jobs, allowing probing without querying metadata, and querying metadata without probing. To prepare for this, split out probing code into a new pair of methods virStorageFileProbeFormatFromFD virStorageFileProbeFormat * src/util/storage_file.c, src/util/storage_file.h, src/libvirt_private.syms: Introduce virStorageFileProbeFormat and virStorageFileProbeFormatFromFD
-
- 25 6月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
The parallel, serial, console and channel devices are all just character devices. A lot of code needs todo the same thing to all these devices. This provides an convenient API for iterating over all of them. * src/conf/domain_conf.c, src/conf/domain_conf.c, src/libvirt_private.syms: Add virDomainChrDefForeach
-
- 22 6月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
Following Daniel Berrange's multiple helpful suggestions for improving this patch and introducing another driver interface, I now wrote the below patch where the nwfilter driver registers the functions to instantiate and teardown the nwfilters with a function in conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous helper functions that were called from qemu_driver.c and qemu_conf.c were move into conf/domain_nwfilter.h with slight renaming done for consistency. Those functions now call the function expored by domain_nwfilter.c, which in turn call the functions of the new driver interface, if available.
-
- 08 6月, 2010 2 次提交
-
-
由 Daniel P. Berrange 提交于
The network driver is not doing correct checking for duplicate UUID/name values. This introduces a new method virNetworkObjIsDuplicate, based on the previously written virDomainObjIsDuplicate. * src/conf/network_conf.c, src/conf/network_conf.c, src/libvirt_private.syms: Add virNetworkObjIsDuplicate, * src/network/bridge_driver.c: Call virNetworkObjIsDuplicate for checking uniqueness of uuid/names
-
由 Daniel P. Berrange 提交于
The storage pool driver is not doing correct checking for duplicate UUID/name values. This introduces a new method virStoragePoolObjIsDuplicate, based on the previously written virDomainObjIsDuplicate. * src/conf/storage_conf.c, src/conf/storage_conf.c, src/libvirt_private.syms: Add virStoragePoolObjIsDuplicate, * src/storage/storage_driver.c: Call virStoragePoolObjIsDuplicate for checking uniqueness of uuid/names
-
- 03 6月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
This patch that adds support for configuring 802.1Qbg and 802.1Qbh switches. The 802.1Qbh part has been successfully tested with real hardware. The 802.1Qbg part has only been tested with a (dummy) server that 'behaves' similarly to how we expect lldpad to 'behave'. The following changes were made during the development of this patch: - Merging Scott's v13-pre1 patch - Fixing endptr related bug while using virStrToLong_ui() pointed out by Jim Meyering - Addressing Jim Meyering's comments to v11 - requiring mac address to the vpDisassociateProfileId() function to pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched) - determining pid of lldpad daemon by reading it from /var/run/libvirt.pid (hardcode as is hardcode alson in lldpad sources) - merging netlink send code for kernel target and user space target (lldpad) using one function nlComm() to send the messages - adding a select() after the sending and before the reading of the netlink response in case lldpad doesn't respond and so we don't hang - when reading the port status, in case of 802.1Qbg, no status may be received while things are 'in progress' and only at the end a status will be there. - when reading the port status, use the given instanceId and vf to pick the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS. - never sending nor parsing IFLA_PORT_SELF type of messages in the 802.1Qbg case - iterating over the elements in a IFLA_VF_PORTS to pick the right IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId (802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg) and reading the current status in IFLA_PORT_RESPONSE. - recycling a previous patch that adds functionality to interface.c to - get the vlan identifier on an interface - get the flags of an interface and some convenience function to check whether an interface is 'up' or not (not currently used here) - adding function to determine the root physical interface of an interface. For example if a macvtap is linked to eth0.100, it will find eth0. Also adding a function that finds the vlan on the 'way to the root physical interface' - conveying the root physical interface name and index in case of 802.1Qbg - conveying mac address of macvlan device and vlan identifier in IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ] to (future) lldpad via netlink - To enable build with --without-macvtap rename the [dis|]associatePortProfileId functions, prepend 'vp' before their name and make them non-static functions. - Renaming variable multicast to nltarget_kernel and inverting the logic - Addressing Jim Meyering's comments; this also touches existing code for example for correcting indentation of break statements or simplification of switch statements. - Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses - 802.1Qbg part prepared for sending a RTM_SETLINK and getting processing status back plus a subsequent RTM_GETLINK to get IFLA_PORT_RESPONSE. Note: This interface for 802.1Qbg may still change - [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid compiler warning when latest if_link.h isn't available - move from Stefan's 802.1Qb{g|h} XML v8 to v9 - move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh - remove debug fprintfs - use virGetHostUUID (thanks Stefan!) - fix compile issue when latest if_link.h isn't available - change poll timeout to 10s, at 1/8 intervals - if polling times out, log msg and return -ETIMEDOUT - Add Stefan's code for getPortProfileStatus - Poll for up to 2 secs for port-profile status, at 1/8 sec intervals: - if status indicates error, abort openMacvtapTap - if status indicates success, exit polling - if status is "in-progress" after 2 secs of polling, exit polling loop silently, without error My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete. I've tested using the recent kernel updates for VF_PORT netlink msgs and enic for Cisco's 10G Ethernet NIC. I tested many VMs, each with several direct interfaces, each configured with a port-profile per the XML. VM-to-VM, and VM-to-external work as expected. VM-to-VM on same host (using same NIC) works same as VM-to-VM where VMs are on diff hosts. I'm able to change settings on the port-profile while the VM is running to change the virtual port behaviour. For example, adjusting a QoS setting like rate limit. All VMs with interfaces using that port-profile immediatly see the effect of the change to the port-profile. I don't have a SR-IOV device to test so source dev is a non-SR-IOV device, but most of the code paths include support for specifing the source dev and VF index. We'll need to complete this by discovering the PF given the VF linkdev. Once we have the PF, we'll also have the VF index. All this info- mation is available from sysfs.
-
- 26 5月, 2010 3 次提交
-
-
由 Chris Lalancette 提交于
We've been running into a lot of situations where virGetHostname() is returning "localhost", where a plain gethostname() would have returned the correct thing. This is because virGetHostname() is *always* trying to canonicalize the name returned from gethostname(), even when it doesn't have to. This patch changes virGetHostname so that if the value returned from gethostname() is already FQDN or localhost, it returns that string directly. If the value returned from gethostname() is a shortened hostname, then we try to canonicalize it. If that succeeds, we returned the canonicalized hostname. If that fails, and/or returns "localhost", then we just return the original string we got from gethostname() and hope for the best. Note that after this patch it is up to clients to check whether "localhost" is an allowed return value. The only place where it's currently not is in qemu migration. Signed-off-by: NChris Lalancette <clalance@redhat.com>
-
由 Cole Robinson 提交于
Spurious / in a pool target path makes life difficult for apps using the GetVolByPath, and doing other path based comparisons with pools. This has caused a few issues for virt-manager users: https://bugzilla.redhat.com/show_bug.cgi?id=494005 https://bugzilla.redhat.com/show_bug.cgi?id=593565 Add a new util API which removes spurious /, virFileSanitizePath. Sanitize target paths when parsing pool XML, and for paths passed to GetVolByPath. v2: Leading // must be preserved, properly sanitize path=/, sanitize away /./ -> / v3: Properly handle starting ./ and ending /. v4: Drop all '.' handling, just sanitize / for now.
-
由 Daniel P. Berrange 提交于
Allow for a host UUID in the capabilities XML. Local drivers will initialize this from the SMBIOS data. If a sanity check shows SMBIOS uuid is invalid, allow an override from the libvirtd.conf configuration file * daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid configuration option * docs/schemas/capability.rng: Add optional host uuid field * src/conf/capabilities.c, src/conf/capabilities.h: Include host UUID in XML * src/libvirt_private.syms: Export new uuid.h functions * src/lxc/lxc_conf.c, src/qemu/qemu_driver.c, src/uml/uml_conf.c: Set host UUID in capabilities * src/util/uuid.c, src/util/uuid.h: Support for host UUIDs * src/node_device/node_device_udev.c: Use the host UUID functions * tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add new host_uuid config option to test
-
- 22 5月, 2010 1 次提交
-
-
由 Jim Fehlig 提交于
V2: - Move bitmap impl to src/util/bitmap.[ch] - Use CHAR_BIT instead of explicit '8' - Use size_t instead of unsigned int - Fix calculation of bitmap size in virBitmapAlloc - Ensure bit is within range of map in the set, clear, and get operations - Use bool in virBitmapGetBit - Add virBitmapFree to free-like funcs in cfg.mk V3: - Check for overflow in virBitmapAlloc - Fix copy and paste bug in virBitmapAlloc - Use size_t in prototypes - Add ATTRIBUTE_NONNULL in prototypes where appropriate and remove NULL check from impl V4: - Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate.
-
- 21 5月, 2010 1 次提交
-
-
由 Jiri Denemark 提交于
We need to be able to assign new def to an existing virDomainObj which is already locked. This patch factors out the relevant code from virDomainAssignDef into virDomainObjAssignDef.
-
- 14 5月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
When QEMU runs with its disk on NFS, and as a non-root user, the disk is chownd to that non-root user. When migration completes the last step is shutting down the QEMU on the source host. THis normally resets user/group/security label. This is bad when the VM was just migrated because the file is still in use on the dest host. It is thus neccessary to skip the reset step for any files found to be on a shared filesystem * src/libvirt_private.syms: Export virStorageFileIsSharedFS * src/util/storage_file.c, src/util/storage_file.h: Add a new method virStorageFileIsSharedFS() to determine if a file is on a shared filesystem (NFS, GFS, OCFS2, etc) * src/qemu/qemu_driver.c: Tell security driver not to reset disk labels on migration completion * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_selinux.c, src/security/security_driver.h, src/security/security_apparmor.c: Add ability to skip disk restore step for files on shared filesystems.
-
- 30 4月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
This introduces a new event type VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON This event is the same as the previous VIR_DOMAIN_ID_IO_ERROR event, but also includes a string describing the cause of the event. Thus there is a new callback definition for this event type typedef void (*virConnectDomainEventIOErrorReasonCallback)(virConnectPtr conn, virDomainPtr dom, const char *srcPath, const char *devAlias, int action, const char *reason, void *opaque); This is currently wired up to the QEMU block IO error events * daemon/remote.c: Dispatch IO error events to client * examples/domain-events/events-c/event-test.c: Watch for IO error events * include/libvirt/libvirt.h.in: Define new IO error event ID and callback signature * src/conf/domain_event.c, src/conf/domain_event.h, src/libvirt_private.syms: Extend API to handle IO error events * src/qemu/qemu_driver.c: Connect to the QEMU monitor event for block IO errors and emit a libvirt IO error event * src/remote/remote_driver.c: Receive and dispatch IO error events to application * src/remote/remote_protocol.x: Wire protocol definition for IO error events * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h, src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event from QEMU monitor
-
- 26 4月, 2010 1 次提交
-
-
由 Satoru SATOH 提交于
* po/POTFILES.in: the new module contains translatable strings * src/Makefile.am: include the files in the utils set * src/libvirt_private.syms: exports the symbols internally
-
- 24 4月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
-
- 13 4月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
Changes from v1 to v2: - changed function name prefixes to 'iface' from previous 'Iface' - Further to make make syntax-check pass: - indentation fix in interface.h - added entry to POTFILES.in I am consolidating network interface related functions used in nwfilter and macvtap code in utils/interface.c. All function names are prefixed with 'Iface'. The following functions are now available through interface.h: int ifaceCtrl(const char *name, bool up); int ifaceUp(const char *name); int ifaceDown(const char *name); int ifaceCheck(bool reportError, const char *ifname, const unsigned char *macaddr, int ifindex); int ifaceGetIndex(bool reportError, const char *ifname, int *ifindex); I added 'int ifindex' as parameter to ifaceCheck to the original function and modified the code accordingly.
-
- 09 4月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
-
- 08 4月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
This patch implements support for learning a VM's IP address. It uses the pcap library to listen on the VM's backend network interface (tap) or the physical ethernet device (macvtap) and tries to capture packets with source or destination MAC address of the VM and learn from DHCP Offers, ARP traffic, or first-sent IPv4 packet what the IP address of the VM's interface is. This then allows to instantiate the network traffic filtering rules without the user having to provide the IP parameter somewhere in the filter description or in the interface description as a parameter. This only supports to detect the parameter IP, which is for the assumed single IPv4 address of a VM. There is not support for interfaces that may have multiple IP addresses (IP aliasing) or IPv6 that may then require more than one valid IP address to be detected. A VM can have multiple independent interfaces that each uses a different IP address and in that case it will be attempted to detect each one of the address independently. So, when for example an interface description in the domain XML has looked like this up to now: <interface type='bridge'> <source bridge='mybridge'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP' value='10.2.3.4'/> </filterref> </interface> you may omit the IP parameter: <interface type='bridge'> <source bridge='mybridge'/> <model type='virtio'/> <filterref filter='clean-traffic'/> </interface> Internally I am walking the 'tree' of a VM's referenced network filters and determine with the given variables which variables are missing. Now, the above IP parameter may be missing and this causes a libvirt-internal thread to be started that uses the pcap library's API to listen to the backend interface (in case of macvtap to the physical interface) in an attempt to determine the missing IP parameter. If the backend interface disappears the thread terminates assuming the VM was brought down. In case of a macvtap device a timeout is being used to wait for packets from the given VM (filtering by VM's interface MAC address). If the VM's macvtap device disappeared the thread also terminates. In all other cases it tries to determine the IP address of the VM and will then apply the rules late on the given interface, which would have happened immediately if the IP parameter had been explicitly given. In case an error happens while the firewall rules are applied, the VM's backend interface is 'down'ed preventing it to communicate. Reasons for failure for applying the network firewall rules may that an ebtables/iptables command failes or OOM errors. Essentially the same failure reasons may occur as when the firewall rules are applied immediately on VM start, except that due to the late application of the filtering rules the VM now is already running and cannot be hindered anymore from starting. Bringing down the whole VM would probably be considered too drastic. While a VM's IP address is attempted to be determined only limited updates to network filters are allowed. In particular it is prevented that filters are modified in such a way that they would introduce new variables. A caveat: The algorithm does not know which one is the appropriate IP address of a VM. If the VM spoofs an IP address in its first ARP traffic or IPv4 packets its filtering rules will be instantiated for this IP address, thus 'locking' it to the found IP address. So, it's still 'safer' to explicitly provide the IP address of a VM's interface in the filter description if it is known beforehand. * configure.ac: detect libpcap * libvirt.spec.in: require libpcap[-devel] if qemu is built * src/internal.h: add the new ATTRIBUTE_PACKED define * src/Makefile.am src/libvirt_private.syms: add the new modules and symbols * src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added * src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch] src/nwfilter/nwfilter_ebiptables_driver.[ch] src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in * tests/nwfilterxml2xmltest: extend testing
-
- 05 4月, 2010 2 次提交
-
-
由 Chris Lalancette 提交于
Signed-off-by: NChris Lalancette <clalance@redhat.com>
-
由 Chris Lalancette 提交于
Signed-off-by: NChris Lalancette <clalance@redhat.com>
-
- 02 4月, 2010 1 次提交
-
-
由 Laine Stump 提交于
The clock timer XML is being updated in the following ways (based on further off-list discussion that was missed during the initial implementation): 1) 'wallclock' is changed to 'track', and the possible values are 'boot' (corresponds to old 'host'), 'guest', and 'wall'. 2) 'mode' has an additional value 'smpsafe' 3) when tickpolicy='catchup', there can be an optional sub-element of timer called 'catchup': <catchup threshold=123 slew=120 limit=10000/> Those three values are all longs, always optional, and if they are present, they are positive. Internally, 0 indicates "unspecified". * docs/schemas/domain.rng: updated RNG definition to account for changes * src/conf/domain_conf.h: change the C struct and enums to match changes. * src/conf/domain_conf.c: timer parse and format functions changed to handle the new selections and new element. * src/libvirt_private.syms: *TimerWallclock* changes to *TimerTrack* * src/qemu/qemu_conf.c: again, account for Wallclock --> Track change.
-
- 01 4月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
virParseVersionString uses virStrToLong_ui instead of sscanf. This also fixes a bug in the UML driver, that always returned 0 as version number. Introduce STRSKIP to check if a string has a certain prefix and to skip this prefix.
-