- 29 1月, 2019 8 次提交
-
-
由 Daniel P. Berrangé 提交于
The previous commit created new chains to hold the firewall rules. This commit changes the code that creates rules to place them in the new private chains instead of the builtin top level chains. With two networks running, the rules in the filter table now look like -N LIBVIRT_FWI -N LIBVIRT_FWO -N LIBVIRT_FWX -N LIBVIRT_INP -N LIBVIRT_OUT -A INPUT -j LIBVIRT_INP -A FORWARD -j LIBVIRT_FWX -A FORWARD -j LIBVIRT_FWI -A FORWARD -j LIBVIRT_FWO -A OUTPUT -j LIBVIRT_OUT -A LIBVIRT_FWI -d 192.168.0.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWI -d 192.168.1.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A LIBVIRT_FWI -o virbr1 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWO -s 192.168.0.0/24 -i virbr0 -j ACCEPT -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWO -s 192.168.1.0/24 -i virbr1 -j ACCEPT -A LIBVIRT_FWO -i virbr1 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT -A LIBVIRT_FWX -i virbr1 -o virbr1 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT -A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT While in the nat table: -N LIBVIRT_PRT -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -s 192.168.0.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.0.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.0.0/24 ! -d 192.168.0.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.0.0/24 ! -d 192.168.0.0/24 -j MASQUERADE -A LIBVIRT_PRT -s 192.168.1.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.1.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.1.0/24 ! -d 192.168.1.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.1.0/24 ! -d 192.168.1.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE And finally the mangle table: -N LIBVIRT_PRT -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -A LIBVIRT_PRT -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Historically firewall rules for virtual networks were added straight into the base chains. This works but has a number of bugs and design limitations: - It is inflexible for admins wanting to add extra rules ahead of libvirt's rules, via hook scripts. - It is not clear to the admin that the rules were created by libvirt - Each rule must be deleted by libvirt individually since they are all directly in the builtin chains - The ordering of rules in the forward chain is incorrect when multiple networks are created, allowing traffic to mistakenly flow between networks in one direction. To address all of these problems, libvirt needs to move to creating rules in its own private chains. In the top level builtin chains, libvirt will add links to its own private top level chains. Addressing the traffic ordering bug requires some extra steps. With everything going into the FORWARD chain there was interleaving of rules for outbound traffic and inbound traffic for each network: -A FORWARD -d 192.168.3.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.3.0/24 -i virbr1 -j ACCEPT -A FORWARD -i virbr1 -o virbr1 -j ACCEPT -A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 192.168.2.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.2.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable The rule allowing outbound traffic from virbr1 would mistakenly allow packets from virbr1 to virbr0, before the rule denying input to virbr0 gets a chance to run. What we really need todo is group the forwarding rules into three distinct sets: * Cross rules - LIBVIRT_FWX -A FORWARD -i virbr1 -o virbr1 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT * Incoming rules - LIBVIRT_FWI -A FORWARD -d 192.168.3.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -d 192.168.2.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable * Outgoing rules - LIBVIRT_FWO -A FORWARD -s 192.168.3.0/24 -i virbr1 -j ACCEPT -A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -s 192.168.2.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable There is thus no risk of outgoing rules for one network mistakenly allowing incoming traffic for another network, as all incoming rules are evalated first. With this in mind, we'll thus need three distinct chains linked from the FORWARD chain, so we end up with: INPUT --> LIBVIRT_INP (filter) OUTPUT --> LIBVIRT_OUT (filter) FORWARD +-> LIBVIRT_FWX (filter) +-> LIBVIRT_FWO \-> LIBVIRT_FWI POSTROUTING --> LIBVIRT_PRT (nat & mangle) Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Some of the query callbacks want to know the firewall layer that was being used for triggering the query to avoid duplicating that data. Reviewed-by: NLaine Stump <laine@laine.org> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Allow the platform driver impls to run logic before and after the firewall reload process. Reviewed-by: NLaine Stump <laine@laine.org> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Peter Krempa 提交于
disk->mirror would not be cleared while the local pointer was freed in qemuDomainBlockCommit if qemuDomainObjExitMonitor or qemuBlockJobDiskNew would return a failure. Since block job handling is executed in the separate handler which needs a qemu job, we don't need to pre-set the mirror state prior to starting the job. Similarly the block copy job does not do that. Move the setting of the data after starting the job so that we avoid this problem. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Peter Krempa 提交于
While this should not be necessary as we clear it in the event handler, let's be sure and clear it prior to starting the job. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Peter Krempa 提交于
Switching a block job to some states (e.g. QEMU_BLOCKJOB_STATE_READY) might not require a job, thus if it will become ready asynchronously we should not overwrite the state any more. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Peter Krempa 提交于
While the callers should make sure that they don't call qemuBlockJobEmitEvents for any internal state or job, let's add checks that prevents us from emitting wrong events altogether. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 28 1月, 2019 2 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1665553 Ceph can be mounted just like any other filesystem and in fact is a shared and cluster filesystem. The filesystem magic constant was taken from kernel sources as it is not in magic.h yet. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Michal Privoznik 提交于
We have this very handy macro called VIR_STEAL_PTR() which steals one pointer into the other and sets the other to NULL. The following coccinelle patch was used to create this commit: @ rule1 @ identifier a, b; @@ - b = a; ... - a = NULL; + VIR_STEAL_PTR(b, a); Some places were clean up afterwards to make syntax-check happy (e.g. some curly braces were removed where the body become a one liner). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 27 1月, 2019 1 次提交
-
-
由 Roman Bogorodskiy 提交于
Implement support for passing custom command line arguments to bhyve using the 'bhyve:commandline' element: <bhyve:commandline> <bhyve:arg value='-newarg'/> </bhyve:commandline> * Define virDomainXMLNamespace for the bhyve driver, which at this point supports only the 'commandline' element described above, * Update command generation code to inject these command line arguments between driver-generated arguments and the vmname positional argument. Signed-off-by: NRoman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 26 1月, 2019 1 次提交
-
-
由 Laine Stump 提交于
networkMigrateStateFiles was added nearly 5 years ago when the network state directory was moved from /var/lib/libvirt to /var/run/libvirt just prior to libvirt-1.2.4). It was only required to maintain proper state information for networks that were active during an upgrade that didn't involve rebooting the host. At this point the likelyhood of anyone upgrading their libvirt from pre-1.2.4 directly to 5.0.0 or later *without rebooting the host* is probably so close to 0 that no properly informed bookie would take *any* odds on it happening, so it seems appropriate to remove this pointless code. Signed-off-by: NLaine Stump <laine@laine.org> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
- 25 1月, 2019 23 次提交
-
-
由 Eric Blake 提交于
Upcoming patches need an array of strings for use in QMP block-dirty-bitmap-merge. A convenience wrapper cuts down on the verbosity of creating the array, similar to the existing virJSONValueObjectAppendString(). Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Eric Blake 提交于
A function that returns -1 for multiple possible failures, but only raises a libvirt error for some of those failures, can be hard to use correctly. Yet both of our JSON object/array appenders fall in that pattern. True, the silent errors represent coding bugs that none of the callers should ever trigger, while the noisy errors represent memory failures that can happen anywhere, so we happened to never end up failing without an error. But it is better to either use the _QUIET memory allocation variants, and make callers decide to report failure; or make all failure paths noisy. This patch takes the latter approach. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
Now that the nested loop is gone. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Use qemuBuildControllersCommandLine since it builds the command line for (nearly) all controllers, not just one. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
section Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Since they go on the USB bus, format them after USB hubs. https://bugzilla.redhat.com/show_bug.cgi?id=1375402Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Now that the inner loop does not require any other variables, it can be easily separated. Apart from reducing the indentation level this will allow it to be called from different code paths. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Now that it's no longer needed, remove the argument. This removes the last helper variable in qemuBuildControllerDevCommandLine. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
qemuBuildLegacyUSBControllerCommandLine is the only place where we need to count the USB controllers. Count them again instead of keeping track in a variable passed to qemuBuildControllerDevStr. This removes the need for another variable in the loop in qemuBuildControllerDevCommandLine. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Count them in qemuBuildLegacyUSBControllerCommandLine to remove yet another variable accessed from the loop in qemuBuildControllerDevCommandLine. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Shorten some long conditions. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
This removes the need to mark it in the 'usbcontroller' variable. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Move out the code formatting "-usb" on the QEMU command line. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Ján Tomko 提交于
Similar to what commit 86dba8f3 did for virPortAllocatorRelease, ignore port 0 in virPortAllocatorSetUsed. For all the reasonable use cases the callers already check that the port is non-zero, however if the port from the XML overflows unsigned short and turns into 0, it can be set as used by virPortAllocatorSetUsed but not released by virPortAllocatorRelease. Also skip port '0' in virPortAllocatorSetUsed to make this behavior symmetric. The serenity was disturbed by commit 5dbda5e9 which started using virPortAllocatorRelease instead of virPortAllocatorSetUsed (false). https://bugzilla.redhat.com/show_bug.cgi?id=1591645Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Switch qemuBuildVirtioDevStr to use virDomainDeviceSetData: callers pass in the virDomainDeviceType and the void * DefPtr. This will save us from having to repeatedly extend the function argument list in subsequent patches. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
This is essentially a wrapper for easily setting the variable name in virDomainDeviceDef that matches its associated VIR_DOMAIN_DEVICE_TYPE. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Current code essentially duplicates the same logic, but misses some cases (like vhost-vsock-device). Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
The vhost-scsi device string should depend on the requested address type, not strictly on the emulated arch. This is the same logic used by qemuBuildVirtioDevStr, and this particular path is already tested in the hostdev-scsi-vhost-scsi-ccw tests Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Move the rng->model == VIRTIO check to parse time. This also allows us to remove similar checks throughout the qemu driver Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
If we validate that memballoon is NONE|VIRTIO at parse time, we can drop similar checks elsewhere in the qemu driver Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
This will be extended in the future, so let's simplify things by centralizing the checks. Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
So later code can more easily access def->model Reviewed-by: NAndrea Bolognani <abologna@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cheng Lin 提交于
If the two sysfs_path are both NULL, there may be an incorrect object returned for virNodeDeviceObjListFindBySysfsPath(). This check exists in old interface virNodeDeviceFindBySysfsPath(). e.g. virNodeDeviceFindBySysfsPath(virNodeDeviceObjListPtr devs, const char *sysfs_path) { ... if ((devs->objs[i]->def->sysfs_path != NULL) && (STREQ(devs->objs[i]->def->sysfs_path, sysfs_path))) { ... } Reviewed-by: NCole Robinson <crobinso@redhat.com> Signed-off-by: NCheng Lin <cheng.lin130@zte.com.cn>
-
- 24 1月, 2019 5 次提交
-
-
由 Michal Privoznik 提交于
13 bytes in 1 blocks are definitely lost in loss record 44 of 179 at 0x4C2EE6F: malloc (vg_replace_malloc.c:299) by 0x9514A69: strdup (in /lib64/libc-2.27.so) by 0x5E60C0B: virStrdup (virstring.c:956) by 0x54C856F: virHostGetDRMRenderNode (qemuxml2argvmock.c:190) by 0x57CB4E3: qemuProcessGraphicsSetupRenderNode (qemu_process.c:4860) by 0x57CB571: qemuProcessSetupGraphics (qemu_process.c:4881) by 0x57CE01B: qemuProcessPrepareDomain (qemu_process.c:6040) by 0x57D102E: qemuProcessCreatePretendCmd (qemu_process.c:6975) by 0x114C1C: testCompareXMLToArgv (qemuxml2argvtest.c:611) by 0x134B90: virTestRun (testutils.c:174) by 0x123478: mymain (qemuxml2argvtest.c:1697) by 0x136BFA: virTestMain (testutils.c:1112) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Michal Privoznik 提交于
This partially reverts 00dc991c. 2,030 (1,456 direct, 574 indirect) bytes in 14 blocks are definitely lost in loss record 77 of 80 at 0x4C30E96: calloc (vg_replace_malloc.c:711) by 0x50F83AA: virAlloc (viralloc.c:143) by 0x5178DFA: virPCIDeviceNew (virpci.c:1753) by 0x51753E9: virPCIDeviceIterDevices (virpci.c:468) by 0x5175EB5: virPCIDeviceGetParent (virpci.c:759) by 0x517AB55: virPCIDeviceIsBehindSwitchLackingACS (virpci.c:2476) by 0x517AC24: virPCIDeviceIsAssignable (virpci.c:2494) by 0x10BF27: testVirPCIDeviceIsAssignable (virpcitest.c:229) by 0x10D14C: virTestRun (testutils.c:174) by 0x10C535: mymain (virpcitest.c:422) by 0x10F1B6: virTestMain (testutils.c:1112) by 0x10CF93: main (virpcitest.c:455) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Michal Privoznik 提交于
This is a return argument that is to be compared against NULL on successful return. However, it is not initialized and therefore relies on callers setting it to NULL prior calling the function. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Eric Blake 提交于
Asserting the value we set four lines earlier in qemuBlockjobState doesn't buy us any safety (if the public header adds a value, we end up skipping that value without the compiler warning us of our gap); what we really want is to assert that the value auto-assigned by the compiler matches the actual last value in the public headers (as was done below for qemuBlockJobType). Add useful comments while at it. Signed-off-by: NEric Blake <eblake@redhat.com> ACKed-by: NPeter Krempa <pkrempa@redhat.com>
-
由 Jim Fehlig 提交于
Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-