1. 16 1月, 2013 1 次提交
  2. 21 12月, 2012 7 次提交
  3. 18 12月, 2012 1 次提交
    • L
      network: don't require private addresses if dnsmasq uses SO_BINDTODEVICE · 4b31da34
      Laine Stump 提交于
      This is yet another refinement to the fix for CVE-2012-3411:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      It turns out that it would be very intrusive to correctly backport the
      entire --bind-dynamic option to older dnsmasq versions
      (e.g. dnsmasq-2.48 that is used on RHEL6.x and CentOS 6.x), but very
      simple to patch those versions to just use SO_BINDTODEVICE on all
      their listening sockets (SO_BINDTODEVICE also has the desired effect
      of permitting only traffic that was received on the interface(s) where
      dnsmasq was set to listen.)
      
      This patch modifies the dnsmasq capabilities detection to detect the
      string:
      
          --bind-interfaces with SO_BINDTODEVICE
      
      in the output of "dnsmasq --version", and in that case realize that
      using the old --bind-interfaces option is just as safe as
      --bind-dynamic (and therefore *not* forbid creation of networks that
      use public IP address ranges).
      
      If -bind-dynamic is available, it is still preferred over
      --bind-interfaces.
      
      Note that this patch does no harm in upstream, or in any distro's
      downstream if it happens to end up there, but builds for distros that
      have a new enough dnsmasq to support --bind-dynamic do *NOT* need to
      specifically backport this patch; it's only required for distro
      releases that have dnsmasq too old to have --bind-dynamic (and those
      distros will need to add the SO_BINDTODEVICE patch to dnsmasq,
      *including the extra string in the --version output*, as well.
      4b31da34
  4. 11 12月, 2012 1 次提交
    • G
      network: add support for DHCPv6 · 2d5cd1d7
      Gene Czarcinski 提交于
      The DHCPv6 support includes IPV6 dhcp-range and dhcp-host for one
      IPv6 subnetwork on one interface.  This support will only work
      if dnsmasq version >= 2.64; otherwise an error occurs if
      dhcp-range or dhcp-host is specified for an IPv6 address.
      
      Essentially, this change provides the same DHCP support for IPv6
      that has been available for IPv4.
      
      With dnsmasq >= 2.64, support for the RA service is also now provided
      by dnsmasq (radvd is no longer used/started). (Although at least one
      version of dnsmasq prior to 2.64 "supported" IPv6 Router
      Advertisement, there were bugs (fixed in 2.64) that rendered it
      unusable.)
      
      Documentation and the network schema has been updated
      to reflect the new support.
      2d5cd1d7
  5. 10 12月, 2012 1 次提交
  6. 06 12月, 2012 2 次提交
    • M
      dnsmasq: Fix parsing of the version number · ff33f807
      Michal Privoznik 提交于
      If debugging is enabled, the debug messages are sent to stderr.
      Moreover, if a command has catching of stderr set, the messages
      gets mixed with stdout output (assuming both outputs are stored
      in the same variable). The resulting string then doesn't
      necessarily have to start with desired prefix then. This bug
      exposes itself when parsing dnsmasq output:
      
      2012-12-06 11:18:11.445+0000: 18491: error :
      dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
      /usr/sbin/dnsmasq version number in '2012-12-06
      11:11:02.232+0000: 18492: debug : virFileClose:72 : Closed fd 22'
      
      We can clearly see that the output of dnsmasq --version doesn't
      start with expected "Dnsmasq version " string but a libvirt debug
      output.
      ff33f807
    • M
      dnsmasq: Fix parsing of the version number · 51144313
      Michal Privoznik 提交于
      If the debugging is enabled, the virCommand subsystem catches debug
      messages in the command output as well. In that case, we can't assume
      the string corresponding to command's stdout will start with specific
      prefix. But the prefix can be moved deeper in the string. This bug
      shows itself when parsing dnsmasq output:
      
      2012-12-06 11:18:11.445+0000: 18491: error :
      dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
      /usr/sbin/dnsmasq version number in '2012-12-06 11:11:02.232+0000:
      18492: debug : virFileClose:72 : Closed fd 22'
      
      We can clearly see that the output of dnsmasq --version
      doesn't start with expected "Dnsmasq version " string but a libvirt
      debug output.
      51144313
  7. 30 11月, 2012 1 次提交
    • L
      util: capabilities detection for dnsmasq · 719c2c76
      Laine Stump 提交于
      In order to optionally take advantage of new features in dnsmasq when
      the host's version of dnsmasq supports them, but still be able to run
      on hosts that don't support the new features, we need to be able to
      detect the version of dnsmasq running on the host, and possibly
      determine from the help output what options are in this dnsmasq.
      
      This patch implements a greatly simplified version of the capabilities
      code we already have for qemu. A dnsmasqCaps device can be created and
      populated either from running a program on disk, reading a file with
      the concatenated output of "dnsmasq --version; dnsmasq --help", or
      examining a buffer in memory that contains the concatenated output of
      those two commands. Simple functions to retrieve capabilities flags,
      the version number, and the path of the binary are also included.
      
      bridge_driver.c creates a single dnsmasqCaps object at driver startup,
      and disposes of it at driver shutdown. Any time it must be used, the
      dnsmasqCapsRefresh method is called - it checks the mtime of the
      binary, and re-runs the checks if the binary has changed.
      
      networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at
      startup - one "restricted" (doesn't support --bind-dynamic) and one
      "full" (does support --bind-dynamic). Some of the test cases use one
      and some the other, to make sure both code pathes are tested.
      719c2c76
  8. 21 10月, 2012 1 次提交
    • L
      network: always create dnsmasq hosts and addnhosts files, even if empty · 1cb1f9da
      Laine Stump 提交于
      This fixes the problem reported in:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=868389
      
      Previously, the dnsmasq hosts file (used for static dhcp entries, and
      addnhosts file (used for additional dns host entries) were only
      created/referenced on the dnsmasq commandline if there was something
      to put in them at the time the network was started. Once we can update
      a network definition while it's active (which is now possible with
      virNetworkUpdate), this is no longer a valid strategy - if there were
      0 dhcp static hosts (resulting in no reference to the hosts file on the
      commandline), then one was later added, the commandline wouldn't have
      linked dnsmasq up to the file, so even though we create it, dnsmasq
      doesn't pay any attention.
      
      The solution is to just always create these files and reference them
      on the dnsmasq commandline (almost always, anyway). That way dnsmasq
      can notice when a new entry is added at runtime (a SIGHUP is sent to
      dnsmasq by virNetworkUdpate whenever a host entry is added or removed)
      
      The exception to this is that the dhcp static hosts file isn't created
      if there are no lease ranges *and* no static hosts. This is because in
      this case dnsmasq won't be setup to listen for dhcp requests anyway -
      in that case, if the count of dhcp hosts goes from 0 to 1, dnsmasq
      will need to be restarted anyway (to get it listening on the dhcp
      port). Likewise, if the dhcp hosts count goes from 1 to 0 (and there
      are no dhcp ranges) we need to restart dnsmasq so that it will stop
      listening on port 67. These special situations are handled in the
      bridge driver's networkUpdate() by checking for ((bool)
      nranges||nhosts) both before and after the update, and triggering a
      dnsmasq restart if the before and after don't match.
      1cb1f9da
  9. 21 9月, 2012 1 次提交
  10. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  11. 04 12月, 2011 1 次提交
    • E
      maint: fix improper use of 'an' · 3a9ce767
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=648855 mentioned a
      misuse of 'an' where 'a' is proper; that has since been fixed,
      but a search found other problems (some were a spelling error for
      'and', while most were fixed by 'a').
      
      * daemon/stream.c: Fix grammar.
      * src/conf/domain_conf.c: Likewise.
      * src/conf/domain_event.c: Likewise.
      * src/esx/esx_driver.c: Likewise.
      * src/esx/esx_vi.c: Likewise.
      * src/rpc/virnetclient.c: Likewise.
      * src/rpc/virnetserverprogram.c: Likewise.
      * src/storage/storage_backend_fs.c: Likewise.
      * src/util/conf.c: Likewise.
      * src/util/dnsmasq.c: Likewise.
      * src/util/iptables.c: Likewise.
      * src/xen/xen_hypervisor.c: Likewise.
      * src/xen/xend_internal.c: Likewise.
      * src/xen/xs_internal.c: Likewise.
      * tools/virsh.c: Likewise.
      3a9ce767
  12. 10 11月, 2011 1 次提交
    • D
      Santize naming of socket address APIs · 4c544e6c
      Daniel P. Berrange 提交于
      The socket address APIs in src/util/network.h either take the
      form  virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.
      
      Sanitize this so everything is virSocketAddrXXXX, and ensure
      that the virSocketAddr parameter is always the first one.
      
      * src/util/network.c, src/util/network.h: Santize socket
        address API naming
      * src/conf/domain_conf.c, src/conf/network_conf.c,
        src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
        src/nwfilter/nwfilter_ebiptables_driver.c,
        src/nwfilter/nwfilter_learnipaddr.c,
        src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
        src/util/dnsmasq.c, src/util/iptables.c,
        src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
        API renaming
      4c544e6c
  13. 22 7月, 2011 1 次提交
    • E
      build: rename files.h to virfile.h · 8e22e089
      Eric Blake 提交于
      In preparation for a future patch adding new virFile APIs.
      
      * src/util/files.h, src/util/files.c: Move...
      * src/util/virfile.h, src/util/virfile.c: ...here, and rename
      functions to virFile prefix.  Macro names are intentionally
      left alone.
      * *.c: All '#include "files.h"' uses changed.
      * src/Makefile.am (UTIL_SOURCES): Reflect rename.
      * cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
      * src/libvirt_private.syms: Likewise.
      * docs/hacking.html.in: Likewise.
      * HACKING: Regenerate.
      8e22e089
  14. 06 7月, 2011 1 次提交
    • M
      Fix return value semantic of virFileMakePath · e123e1ee
      Matthias Bolte 提交于
      Some callers expected virFileMakePath to set errno, some expected
      it to return an errno value. Unify this to return 0 on success and
      -1 on error. Set errno to report detailed error information.
      
      Also optimize virFileMakePath if stat fails with an errno different
      from ENOENT.
      e123e1ee
  15. 29 6月, 2011 3 次提交
    • M
      dnsmasq: Fix errno handling and don't unlink non-existing files · 8cce5436
      Matthias Bolte 提交于
      addnhostsSave and hostsfileSave expect < 0 return value on error from
      addnhostsWrite and hostsfileWrite but then pass err instead of -err
      to virReportSystemError that expects an errno value.
      
      Also addnhostsWrite returns -ENOMEM and errno, change this to -errno.
      
      addnhostsWrite and hostsfileWrite tried to unlink the tempfile after
      renaming it, making both fail on the final step. Remove the unnecessary
      unlink calls.
      8cce5436
    • M
      eb9dee2b
    • M
      network: Fix dnsmasq hostsfile creation logic and related tests · 9523b3c3
      Matthias Bolte 提交于
      networkSaveDnsmasqHostsfile was added in 8fa9c221 (Apr 2010).
      It has a force flag. If the dnsmasq hostsfile already exists force
      needs to be true to overwrite it. networkBuildDnsmasqArgv sets force
      to false, networkDefine sets it to true. This results in the
      hostsfile being written only in networkDefine in the common case.
      If no error occurred networkSaveDnsmasqHostsfile returns true and
      networkBuildDnsmasqArgv adds the --dhcp-hostsfile to the dnsmasq
      command line.
      
      networkSaveDnsmasqHostsfile was changed in 89ae9849 (24 Jun 2011)
      to return a new dnsmasqContext instead of reusing one. This change broke
      the logic of the force flag as now networkSaveDnsmasqHostsfile returns
      NULL on error, but the early return -- if force was not set and the
      hostsfile exists -- returns 0. This turned the early return in an error
      case and networkBuildDnsmasqArgv didn't add the --dhcp-hostsfile option
      anymore if the hostsfile already exists. It did because networkDefine
      created the hostsfile already.
      
      Then 9d4e2845 fixed the return 0 case in networkSaveDnsmasqHostsfile
      but didn't apply the force option correctly to the new addnhosts file.
      Now force doesn't control an early return anymore, but influences the
      handling of the hostsfile context creation and dnsmasqSave is always
      called now. This commit also added test cases that reveal several
      problems. First, the tests now calls functions that try to write the
      dnsmasq config files to disk. If someone runs this tests as root this
      might overwrite actively used dnsmasq config files, this is a no-go. Also
      the tests depend on configure --localstatedir, this needs to be fixed as
      well, because it makes the tests fail when localstatedir is different
      from /var.
      
      This patch does several things to fix this:
      
      1) Move dnsmasqContext creation and saving out of networkBuildDnsmasqArgv
      to the caller to separate the command line generation from the config
      file writing. This makes the command line generation testable without the
      risk of interfering with system files, because the tests just don't call
      dnsmasqSave.
      
      2) This refactoring of networkSaveDnsmasqHostsfile makes the force flag
      useless as the saving happens somewhere else now. This fixes the wrong
      usage of the force flag in combination with then newly added addnhosts
      file by removing the force flag.
      
      3) Adapt the wrong test cases to the correct behavior, by adding the
      missing --dhcp-hostsfile option. Both affected tests contain DHCP host
      elements but missed the necessary --dhcp-hostsfile option.
      
      4) Rename networkSaveDnsmasqHostsfile to networkBuildDnsmasqHostsfile,
      because it doesn't save the dnsmasqContext anymore.
      
      5) Move all directory creations in dnsmasq context handling code from
      the *New functions to dnsmasqSave to avoid directory creations in system
      paths in the test cases.
      
      6) Now that networkBuildDnsmasqArgv doesn't create the dnsmasqContext
      anymore the test case can create one with the localstatedir that is
      expected by the tests instead of the configure --localstatedir given one.
      9523b3c3
  16. 25 6月, 2011 1 次提交
  17. 28 4月, 2011 1 次提交
    • L
      network: fix return value of hostsFileWrite · f7bd72fa
      Laine Stump 提交于
      The lone caller to hostsFileWrite (and the callers for at least 3
      levels up the return stack) assume that the return value will be < 0
      on failure. However, hostsFileWrite returns 0 on success, and a
      positive errno on failure. This patch changes hostsFileWrite to return
      -errno on failure.
      f7bd72fa
  18. 17 11月, 2010 1 次提交
    • S
      deprecate fclose() and introduce VIR_{FORCE_}FCLOSE() · 7b7cb1ec
      Stefan Berger 提交于
      Similarly to deprecating close(), I am now deprecating fclose() and
      introduce VIR_FORCE_FCLOSE() and VIR_FCLOSE(). Also, fdopen() is replaced with
      VIR_FDOPEN().
      
      Most of the files are opened in read-only mode, so usage of
      VIR_FORCE_CLOSE() seemed appropriate. Others that are opened in write
      mode already had the fclose()<  0 check and I converted those to
      VIR_FCLOSE()<  0.
      
      I did not find occurrences of possible double-closed files on the way.
      7b7cb1ec
  19. 23 10月, 2010 1 次提交
  20. 22 10月, 2010 1 次提交
    • D
      Convert virNetwork to use virSocketAddr everywhere · 090404ac
      Daniel P. Berrange 提交于
      Instead of storing the IP address string in virNetwork related
      structs, store the parsed virSocketAddr. This will make it
      easier to add IPv6 support in the future, by letting driver
      code directly check what address family is present
      
      * src/conf/network_conf.c, src/conf/network_conf.h,
        src/network/bridge_driver.c: Convert to use virSocketAddr
        in virNetwork, instead of char *.
      * src/util/bridge.c, src/util/bridge.h,
        src/util/dnsmasq.c, src/util/dnsmasq.h,
        src/util/iptables.c, src/util/iptables.h: Convert to
        take a virSocketAddr instead of char * for any IP
        address parameters
      * src/util/network.h: Add macros to determine if an address
        is set, and what address family is set.
      090404ac
  21. 04 5月, 2010 2 次提交
  22. 26 4月, 2010 1 次提交
    • S
      Add dnsmasq module files · 4ad65ab8
      Satoru SATOH 提交于
      It implements an idea to save dhcp hosts' macaddr vs. ipaddr mappings to
      static file and make dnsmasq loading it with "--dhcp-hostsfile" option,
      originally suggested by Dan, and can address the problem that too
      many "--dhcp-host" args hitting ARG_MAX limit
      
      * src/util/dnsmasq.h src/util/dnsmasq.c: adds the 2 new files
      4ad65ab8