- 27 4月, 2014 2 次提交
-
-
由 Laine Stump 提交于
Experimentation showed that if virNetworkCreateXML() was called for a network that was already defined, and then the network was subsequently shutdown, the network would continue to be persistent after the shutdown (expected/desired), but the original config would be lost in favor of the transient config sent in with virNetworkCreateXML() (which would then be the new persistent config) (obviously unexpected/not desired). To fix this, virNetworkObjAssignDef() has been changed to 1) properly save/free network->def and network->newDef for all the various combinations of live/active/persistent, including some combinations that were previously considered to be an error but didn't need to be (e.g. setting a "live" config for a network that isn't yet active but soon will be - that was previously considered an error, even though in practice it can be very useful). 2) automatically set the persistent flag whenever a new non-live config is assigned to the network (and clear it when the non-live config is set to NULL). the libvirt network driver no longer directly manipulates network->persistent, but instead relies entirely on virNetworkObjAssignDef() to do the right thing automatically. After this patch, the following sequence will behave as expected: virNetworkDefineXML(X) virNetworkCreateXML(X') (same name but some config different) virNetworkDestroy(X) At the end of these calls, the network config will remain as it was after the initial virNetworkDefine(), whereas previously it would take on the changes given during virNetworkCreateXML(). Another effect of this tighter coupling between a) setting a !live def and b) setting/clearing the "persistent" flag, is that future patches which change the details of network lifecycle management (e.g. upcoming patches to fix detection of "active" networks when libvirtd is restarted) will find it much more difficult to break persistence functionality.
-
由 Dwight Engen 提交于
This fixes the following make rpm warning: warning: Installed (but unpackaged) file(s) found: /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0 /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0.0.0 introduced in comit 8d559864Signed-off-by: NDwight Engen <dwight.engen@oracle.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 26 4月, 2014 2 次提交
-
-
由 Ian Campbell 提交于
Currently the driver only exposes the ability to connect to the serial console of a Xen guest, which doesn't work for a PV guest. Since for an HVM guest the serial devices are duplicated as consoles it is sufficient to just use the console devices unconditionally. Tested with the following bit of config XML: <domain type='xen'> ... <devices> <console type='pty'> <target type='xen'/> </console> </devices> </domain> I have observed and tested this on ARM but I believe it also applies to x86 PV guests. Signed-off-by: NIan Campbell <ian.campbell@citrix.com> Cc: Jim Fehlig <jfehlig@suse.com> Cc: Dario Faggioli <dario.faggioli@citrix.com> Cc: Clark Laughlin <clark.laughlin@linaro.org>
-
由 Dwight Engen 提交于
Signed-off-by: NDwight Engen <dwight.engen@oracle.com>
-
- 25 4月, 2014 36 次提交
-
-
由 Daniel P. Berrange 提交于
dlfcn.h does not exist on Win32 so must only be used conditionally Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Create a nwfilterxml2firewalltest to exercise the ebiptables_driver.applyNewRules method with a variety of different XML input files. The XML input files are taken from the libvirt-tck nwfilter tests. While the nwfilter tests verify the final state of the iptables chains, this test verifies the set of commands invoked to create the chains. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Remove all the left over code related to the direct invocation of firewall-cmd/iptables/ip6tables/ebtables. This is all handled by the virFirewallPtr APIs now. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Conver the ebiptablesDriverProbeStateMatch initialization check to use the virFirewall APIs for querying iptables version. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyNewRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyDropAllRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyDHCPOnlyRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesApplyBasicRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebiptablesTearNewRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebtablesRemoveBasicRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebiptablesTearOldRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the nwfilter ebiptablesAllTeardown method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Convert the virebtables.{c,h} files to use the new virFirewall APIs for changing ebtables rules. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Using the virCommand dry run capability, capture iptables rules created by various network XML documents. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The networkCheckRouteCollision, networkAddFirewallRules and networkRemoveFirewallRules APIs all take a virNetworkObjPtr instance, but only ever access the 'def' member. It thus simplifies testing if the APIs are changed to just take a virNetworkDefPtr instead Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Update the iptablesXXXX methods so that instead of directly executing iptables commands, they populate rules in an instance of virFirewallPtr. The bridge driver can thus construct the ruleset and then invoke it in one operation having rollback handled automatically. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The network and nwfilter drivers both have a need to update firewall rules. The currently share no code for interacting with iptables / firewalld. The nwfilter driver is fairly tied to the concept of creating shell scripts to execute which makes it very hard to port to talk to firewalld via DBus APIs. This patch introduces a virFirewallPtr object which is able to represent a complete sequence of rule changes, with the ability to have multiple transactional checkpoints with rollbacks. By formally separating the definition of the rules to be applied from the mechanism used to apply them, it is also possible to write a firewall engine that uses firewalld DBus APIs natively instead of via the slow firewalld-cmd. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
When a VM fails to launch due to error creating nwfilter rules, we must avoid overwriting the original error when tearing down the partially created rules. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The nwfilter ebiptables driver will build up commands to run in two phases. The first phase contains all of the command, except for the '-A' part. Instead it has a '%c' placeholder, along with a '%s' placeholder for a position arg. The second phase than substitutes these placeholders. The only values ever used for these substitutions though is '-A' and '', so it is entirely pointless. Remove the second phase entirely, since it will make it harder to convert to the new firewall APIs Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The current nwfilter tech driver API has a 'createRuleInstance' method which populates virNWFilterRuleInstPtr with a command line string containing variable placeholders. The 'applyNewRules' method then expands the variables and executes the commands. This split of responsibility won't work when switching to the virFirewallPtr APIs, since we can't just build up command line strings. This patch this merges the functionality of 'createRuleInstance' into the applyNewRules method. The virNWFilterRuleInstPtr struct is changed from holding an array of opaque pointers, into holding generic metadata about the rules to be processed. In essence this is the result of taking a linked set of virNWFilterDefPtr's and flattening the tree to get a list of virNWFilterRuleDefPtr's. At the same time we must keep track of any nested virNWFilterObjPtr instances, so that the locks are held for the duration of the 'applyNewRules' method. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Later refactoring will change use of the virNWFilterRuleInstPtr struct. Prepare for this by pushing use of the virNWFilterRuleInstPtr parameter out of the ebtablesCreateRuleInstance and iptablesCreateRuleInstance methods. Instead they simply string(s) with the constructed rule data. The ebiptablesCreateRuleInstance method will make use of the virNWFilterRuleInstPtr struct instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods to avoid having to write a giant switch statements with many cases. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'displayRuleInstance' callback in the nwfilter tech driver is never invoked, so can be deleted. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'removeRules' callback in the nwfilter tech driver is never invoked, so can be deleted. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virNWFilterHashTable struct contains a virHashTable and then a 'char **names' field which keeps a copy of all the hash keys. Presumably this was intended to record the ordering of the hash keys. No code ever uses this and the ordering is mangled whenever a variable is removed from the hash, because the last element in the list is copied into the middle of the list when shrinking the array. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The 'virDomainNetType' is unused in every impl of the virNWFilterRuleCreateInstance driver method. Remove it from the code to avoid the dependancy on the external enum. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The virNWFilterTechDriver struct is nothing to do with the nwfilter XML configuration. It stores data specific to the driver implementation so should be in a header in the driver directory instead. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
If virNWFilterVarValueCreateSimple fails with OOM, then 'val' will be leaked by virNWFilterVarValueCreateSimpleCopyValue Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Jiri Denemark 提交于
Commit c4206d7c fixed the overflow for running domains. However, we need a similar check when setting migration speed on inactive domains. At first look, it may seem the check in c4206d7c is now redundant but qemuDomainMigrateSetMaxSpeed is not the only caller of qemuMonitorSetMigrationSpeed so we need to check the bandwidth in both places. https://bugzilla.redhat.com/show_bug.cgi?id=1083483Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Daniel P. Berrange 提交于
Replace use of cpuMapOverride with virFileFindResource to locate CPU map from build dir. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Replace virDriverModuleInitialize with virFileFindResource usage. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Replace virLockManagerSetPluginDir with virFileFindResource usage. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Nehal J Wani 提交于
Instead of hardcoding LIBEXECDIR as the location of the libvirt_iohelper binary, use virFileFindResource to optionally find it in the current build directory. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Nehal J Wani 提交于
Instead of hardcoding LIBEXECDIR as the location of the libvirt_parthelper binary, use virFileFindResource to optionally find it in the current build directory. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Nehal J Wani 提交于
Instead of hardcoding LIBEXECDIR as the location of the libvirt_lxc binary set in the LXC driver capabilities, use virFileFindResource to optionally find it in the current build directory. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Nehal J Wani 提交于
Instead of hardcoding LIBEXECDIR as the location of the libvirt_iohelper binary, use virFileFindResource to optionally find it in the current build directory. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-