1. 24 4月, 2013 3 次提交
  2. 19 4月, 2013 1 次提交
    • P
      network: bridge_driver: don't lose transient networks on daemon restart · 446dd66b
      Peter Krempa 提交于
      Until now tranisent networks weren't really useful as libvirtd wasn't
      able to remember them across restarts. This patch adds support for
      loading status files of transient networks (that already were generated)
      so that the status isn't lost.
      
      This patch chops up virNetworkObjUpdateParseFile and turns it into
      virNetworkLoadState and a few friends that will help us to load status
      XMLs and refactors the functions that are loading the configs to use
      them.
      446dd66b
  3. 18 4月, 2013 1 次提交
  4. 17 4月, 2013 1 次提交
    • O
      cleanup: Remove the duplicate header · bc95be5d
      Osier Yang 提交于
      Detected by a simple Shell script:
      
      for i in $(git ls-files -- '*.[ch]'); do
          awk 'BEGIN {
              fail=0
          }
          /# *include.*\.h/{
              match($0, /["<][^">]*[">]/)
              arr[substr($0, RSTART+1, RLENGTH-2)]++
          }
          END {
              for (key in arr) {
                  if (arr[key] > 1) {
                      fail=1
                      printf("%d %s\n", arr[key], key)
                  }
              }
              if (fail == 1)
                  exit 1
          }' $i
      
          if test $? != 0; then
              echo "Duplicate header(s) in $i"
          fi
      done;
      
      A later patch will add the syntax-check to avoid duplicate
      headers.
      bc95be5d
  5. 11 3月, 2013 1 次提交
    • M
      bandwidth: Require network QoS if interface uses 'floor' · f3fb916d
      Michal Privoznik 提交于
      By current implementation, network inbound is required in order
      to use 'floor' for guaranteeing  minimal throughput. This is so,
      because we want user to tell us the maximal throughput of the
      network instead of finding out ourselves (and detect bogus values
      in case of virtual interfaces). However, we are nowadays
      requiring this only on documentation level. So if user starts a
      domain with 'floor' set on one its interfaces, we silently ignore
      the setting. We should error out instead.
      f3fb916d
  6. 27 2月, 2013 1 次提交
  7. 25 2月, 2013 1 次提交
    • G
      use client id for IPv6 DHCP host definition · 0b73a763
      Gene Czarcinski 提交于
      Originally, only a host name was used to associate a
      DHCPv6 request with a specific IPv6 address.  Further testing
      demonstrates that this is an unreliable method and, instead,
      a client-id or DUID needs to be used.  According to DHCPv6
      standards, this id can be a duid-LLT, duid-LL, or duid-UUID
      even though dnsmasq will accept almost any text string.
      
      Although validity checking of a specified string makes sure it is
      hexadecimal notation with bytes separated by colons, there is no
      rigorous check to make sure it meets the standard.
      
      Documentation and schemas have been updated.
      Signed-off-by: NGene Czarcinski <gene@czarc.net>
      Signed-off-by: NLaine Stump <laine@laine.org>
      0b73a763
  8. 23 2月, 2013 1 次提交
  9. 20 2月, 2013 3 次提交
  10. 06 2月, 2013 2 次提交
  11. 22 1月, 2013 1 次提交
  12. 18 1月, 2013 3 次提交
    • J
      network: Remove dead code getting, but not using ipdef · 7d31dd64
      John Ferlan 提交于
      The fetch of 'ipdef' in networkRefreshDhcpDaemon() when the loop to fill
      in ipv4def fails to find an ipv4 address with dhcp defined. The filled in
      ipdef value was not used.  Code was made unnecessary with commit it 2d5cd1.
      7d31dd64
    • L
      network: use bandwidth from portgroup when appropriate · 7d480a46
      Laine Stump 提交于
      The bandwidth plug and unplug functions were assuming that an
      interface's bandwidth setting was always specified directly in the
      domain's <interface> definition, but that's not necessarily true - it
      could have been obtained from a <portgroup> definition in the network
      definition. This patch fixes those functions to use
      virDomainNetGetActualBandwidth(), which gets the bandwidth pointer
      from iface->data.network.actual if it exists, otherwise returns
      iface->bandwidth.
      7d480a46
    • J
      network: Resolve some issues around vlan copying · 35ed25bd
      John Ferlan 提交于
      Remove extraneous check for 'netdef' when dereferencing for vlan.nTags.
      Prior code would already check if netdef was NULL.
      
      Coverity complained about a path where the 'vlan' was potentially valid,
      but a prior checks may not have allocated 'iface->data.network.actual',
      so like other paths it needs to be allocated on the fly.
      
      Move the copying of vlan up earlier in networkAllocateActualDevice, so
      that actual.type gets properly set.
      
      Since the first assignment to vlan is redundant except in the case of
      jumping immediately to validate from the start of the function,
      eliminate its initial setting at the top of the function in favor of
      calling the helper function virDomainNetGetActualVlan() (which doesn't
      depend on the local vlan pointer being initialized) down at validate:
      Signed-off-by: NLaine Stump <laine@redhat.com>
      35ed25bd
  13. 11 1月, 2013 2 次提交
  14. 21 12月, 2012 10 次提交
  15. 18 12月, 2012 2 次提交
    • L
      network: don't require private addresses if dnsmasq uses SO_BINDTODEVICE · 4b31da34
      Laine Stump 提交于
      This is yet another refinement to the fix for CVE-2012-3411:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      It turns out that it would be very intrusive to correctly backport the
      entire --bind-dynamic option to older dnsmasq versions
      (e.g. dnsmasq-2.48 that is used on RHEL6.x and CentOS 6.x), but very
      simple to patch those versions to just use SO_BINDTODEVICE on all
      their listening sockets (SO_BINDTODEVICE also has the desired effect
      of permitting only traffic that was received on the interface(s) where
      dnsmasq was set to listen.)
      
      This patch modifies the dnsmasq capabilities detection to detect the
      string:
      
          --bind-interfaces with SO_BINDTODEVICE
      
      in the output of "dnsmasq --version", and in that case realize that
      using the old --bind-interfaces option is just as safe as
      --bind-dynamic (and therefore *not* forbid creation of networks that
      use public IP address ranges).
      
      If -bind-dynamic is available, it is still preferred over
      --bind-interfaces.
      
      Note that this patch does no harm in upstream, or in any distro's
      downstream if it happens to end up there, but builds for distros that
      have a new enough dnsmasq to support --bind-dynamic do *NOT* need to
      specifically backport this patch; it's only required for distro
      releases that have dnsmasq too old to have --bind-dynamic (and those
      distros will need to add the SO_BINDTODEVICE patch to dnsmasq,
      *including the extra string in the --version output*, as well.
      4b31da34
    • L
      network: fix indentation of networkDnsmasqConfContents · bc5b270c
      Laine Stump 提交于
      Somehow I managed to push the changes to this file with improper
      indentation. This patch just re-indents, reformats the comment lines,
      and re-groups a couple of multi-line strings so that they fit within
      80 columns. The resulting binary should be identical.
      bc5b270c
  16. 15 12月, 2012 1 次提交
    • L
      network: fix (non)update of dnsmasq config during virDomainUpdateDeviceFlags · e3802e13
      Laine Stump 提交于
      A forgotten "!" in recently-modified code at the top of
      networkRefreshDaemon() meant an improper early return, which led to 1)
      dnsmasq config files not being updated from the newly modified config,
      and 2) dnsmasq not being sent a SIGHUP so that it could learn about
      the changes to the config.
      
      virNetworkDefGetIpByIndex() returns NULL if there are no ip objects of
      the requested type, and if there are no IP elements, then dnsmasq
      shouldn't be running, so we can return early. Otherwise we should
      rewrite the config files and send a SIGHUP.
      e3802e13
  17. 14 12月, 2012 1 次提交
    • L
      network: prevent dnsmasq from listening on localhost · d66eb786
      Laine Stump 提交于
      This patch resolves the problem reported in:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=886663
      
      The source of the problem was the fix for CVE 2011-3411:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      which was originally committed upstream in commit
      753ff83a. That commit improperly
      removed the "--except-interface lo" from dnsmasq commandlines when
      --bind-dynamic was used (based on comments in the latter bug).
      
      It turns out that the problem reported in the CVE could be eliminated
      without removing "--except-interface lo", and removing it actually
      caused each instance of dnsmasq to listen on localhost on port 53,
      which created a new problem:
      
      If another instance of dnsmasq using "bind-interfaces" (instead of
      "bind-dynamic") had already been started (or if another instance
      started later used "bind-dynamic"), this wouldn't have any immediately
      visible ill effects, but if you tried to start another dnsmasq
      instance using "bind-interfaces" *after* starting any libvirt
      networks, the new dnsmasq would fail to start, because there was
      already another process listening on port 53.
      
      (Subsequent to the CVE fix, another patch changed the network driver
      to put dnsmasq options in a conf file rather than directly on the
      dnsmasq commandline, but preserved the same options.)
      
      This patch changes the network driver to *always* add
      "except-interface=lo" to dnsmasq conf files, regardless of whether we use
      bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
      are listening on localhost (and the CVE is still fixed).
      
      The actual code change is miniscule, but must be propogated through all
      of the test files as well.
      d66eb786
  18. 13 12月, 2012 1 次提交
    • E
      network: match xml warning message · 7339bc4c
      Eric Blake 提交于
      I noticed that /var/lib/libvirt/dnsmasq/*.conf used the wrong word;
      it was intended to match the wording in src/util/xml.c.
      
      * src/network/bridge_driver.c (networkDnsmasqConfContents): Fix typo.
      * tests/networkxml2confdata/*.conf: Update accordingly.
      7339bc4c
  19. 12 12月, 2012 3 次提交
    • M
      network: Create real network status files · ae757743
      Michal Privoznik 提交于
      Currently, we are only keeping a inactive XML configuration
      in status dir. This is no longer enough as we need to keep
      this class_id attribute so we don't overwrite old entries
      when the daemon restarts. However, since there has already
      been release which has just <network/> as root element,
      and we want to keep things compatible, detect that loaded
      status file is older one, and don't scream about it.
      ae757743
    • M
      bandwidth: Create network bandwidth (un)plug functions · 07d1b6b5
      Michal Privoznik 提交于
      Network should be notified if we plug in or unplug an
      interface, so it can perform some action, e.g. set/unset
      network part of QoS. However, we are doing this in very
      early stage, so iface->ifname isn't filled in yet. So
      whenever we want to report an error, we must use a different
      identifier, e.g. the MAC address.
      07d1b6b5
    • M
      bandwidth: Create hierarchical shaping classes · 67159f1c
      Michal Privoznik 提交于
      These classes can borrow unused bandwidth. Basically,
      only egress qdsics can have classes, therefore we can
      do this kind of traffic shaping only on host's outgoing,
      that is domain's incoming traffic.
      67159f1c
  20. 11 12月, 2012 1 次提交
    • G
      network: put dnsmasq parameters in conf-file instead of command line · 8b32c80d
      Gene Czarcinski 提交于
      This patch changes how parameters are passed to dnsmasq.  Instead of
      being on the command line, the parameters are put into a file (one
      parameter per line) and a commandline --conf-file= specifies the
      location of the file.  The file is located in the same directory as
      the leases file.
      
      Putting the dnsmasq parameters into a configuration file
      allows them to be examined and more easily understood than
      examining the command lines displayed by "ps ax".  This is
      especially true when a number of networks have been started.
      
      When the use of dnsmasq was originally done, the required command line
      was simple, but it has gotten more complicated over time and will
      likely become even more complicated in the future.
      
      Note: The test conf files have all been renamed .conf instead of
      .argv, and tests/networkxml2xmlargvdata was moved to
      tests/networkxml2xmlconfdata.
      8b32c80d