- 24 4月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Ensure that all drivers implementing public APIs use a naming convention for their implementation that matches the public API name. eg for the public API virDomainCreate make sure QEMU uses qemuDomainCreate and not qemuDomainStart Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
It will simplify later work if the sub-drivers have dedicated APIs / field names. ie virNetworkDriver should have virDrvNetworkOpen and virDrvNetworkClose methods Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Ensure that the driver struct field names match the public API names. For an API virXXXX we must have a driver struct field xXXXX. ie strip the leading 'vir' and lowercase any leading uppercase letters. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 19 4月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
Until now tranisent networks weren't really useful as libvirtd wasn't able to remember them across restarts. This patch adds support for loading status files of transient networks (that already were generated) so that the status isn't lost. This patch chops up virNetworkObjUpdateParseFile and turns it into virNetworkLoadState and a few friends that will help us to load status XMLs and refactors the functions that are loading the configs to use them.
-
- 18 4月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
When turning a started persistent network into a transient one we forgot to remove the autostart flag that is no longer valid at that point.
-
- 17 4月, 2013 1 次提交
-
-
由 Osier Yang 提交于
Detected by a simple Shell script: for i in $(git ls-files -- '*.[ch]'); do awk 'BEGIN { fail=0 } /# *include.*\.h/{ match($0, /["<][^">]*[">]/) arr[substr($0, RSTART+1, RLENGTH-2)]++ } END { for (key in arr) { if (arr[key] > 1) { fail=1 printf("%d %s\n", arr[key], key) } } if (fail == 1) exit 1 }' $i if test $? != 0; then echo "Duplicate header(s) in $i" fi done; A later patch will add the syntax-check to avoid duplicate headers.
-
- 11 3月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
By current implementation, network inbound is required in order to use 'floor' for guaranteeing minimal throughput. This is so, because we want user to tell us the maximal throughput of the network instead of finding out ourselves (and detect bogus values in case of virtual interfaces). However, we are nowadays requiring this only on documentation level. So if user starts a domain with 'floor' set on one its interfaces, we silently ignore the setting. We should error out instead.
-
- 27 2月, 2013 1 次提交
-
-
由 Laine Stump 提交于
This reverts commit 383ebc46. We decided the xml for this feature needed more thought to make sure we are doing it the best way, in particular wrt option values that have multiple items.
-
- 25 2月, 2013 1 次提交
-
-
由 Gene Czarcinski 提交于
Originally, only a host name was used to associate a DHCPv6 request with a specific IPv6 address. Further testing demonstrates that this is an unreliable method and, instead, a client-id or DUID needs to be used. According to DHCPv6 standards, this id can be a duid-LLT, duid-LL, or duid-UUID even though dnsmasq will accept almost any text string. Although validity checking of a specified string makes sure it is hexadecimal notation with bytes separated by colons, there is no rigorous check to make sure it meets the standard. Documentation and schemas have been updated. Signed-off-by: NGene Czarcinski <gene@czarc.net> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 23 2月, 2013 1 次提交
-
-
由 Pieter Hollants 提交于
This patch adds support for a new <option>-Tag in the <dhcp> block of network configs, based on a subset of the fifth proposal by Laine Stump in the mailing list discussion at https://www.redhat.com/archives/libvir-list/2012-November/msg01054.html. Any such defined option will result in a dhcp-option=<number>,"<value>" statement in the generated dnsmasq configuration file. Currently, DHCP options can be specified by number only and there is no whitelisting or blacklisting of option numbers, which should probably be added. Signed-off-by: NPieter Hollants <pieter@hollants.com> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 20 2月, 2013 3 次提交
-
-
由 Natanael Copa 提交于
We pass over the address/port start/end values many times so we put them in structs. Signed-off-by: NNatanael Copa <ncopa@alpinelinux.org> Signed-off-by: NLaine Stump <laine@laine.org>
-
由 Natanael Copa 提交于
Let users set the port range to be used for forward mode NAT: ... <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> ... Signed-off-by: NNatanael Copa <ncopa@alpinelinux.org> Signed-off-by: NLaine Stump <laine@laine.org>
-
由 Natanael Copa 提交于
Support setting which public ip to use for NAT via attribute address in subelement <nat> in <forward>: ... <forward mode='nat'> <address start='1.2.3.4' end='1.2.3.10'/> </forward> ... This will construct an iptables line using: '-j SNAT --to-source <start>-<end>' instead of: '-j MASQUERADE' Signed-off-by: NNatanael Copa <ncopa@alpinelinux.org> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 06 2月, 2013 2 次提交
-
-
由 John Ferlan 提交于
The conditional setting of cmdout in networkBuildDhcpDaemonCommandLine() caused Coverity to complain that 'cmd' could be leaked if !cmdout. Since the function is local and only called with cmdout being passed those checks have been removed.
-
由 Daniel P. Berrange 提交于
Rename all the pciDeviceXXX and pciXXXDevice APIs to have a fixed virPCIDevice name prefix
-
- 22 1月, 2013 1 次提交
-
-
由 John Ferlan 提交于
On error, the 'tapfd' in networkStartNetworkVirtual() is synonymous with 'macTapIfName' and will be closed in the appropriate error path.
-
- 18 1月, 2013 3 次提交
-
-
由 John Ferlan 提交于
The fetch of 'ipdef' in networkRefreshDhcpDaemon() when the loop to fill in ipv4def fails to find an ipv4 address with dhcp defined. The filled in ipdef value was not used. Code was made unnecessary with commit it 2d5cd1.
-
由 Laine Stump 提交于
The bandwidth plug and unplug functions were assuming that an interface's bandwidth setting was always specified directly in the domain's <interface> definition, but that's not necessarily true - it could have been obtained from a <portgroup> definition in the network definition. This patch fixes those functions to use virDomainNetGetActualBandwidth(), which gets the bandwidth pointer from iface->data.network.actual if it exists, otherwise returns iface->bandwidth.
-
由 John Ferlan 提交于
Remove extraneous check for 'netdef' when dereferencing for vlan.nTags. Prior code would already check if netdef was NULL. Coverity complained about a path where the 'vlan' was potentially valid, but a prior checks may not have allocated 'iface->data.network.actual', so like other paths it needs to be allocated on the fly. Move the copying of vlan up earlier in networkAllocateActualDevice, so that actual.type gets properly set. Since the first assignment to vlan is redundant except in the case of jumping immediately to validate from the start of the function, eliminate its initial setting at the top of the function in favor of calling the helper function virDomainNetGetActualVlan() (which doesn't depend on the local vlan pointer being initialized) down at validate: Signed-off-by: NLaine Stump <laine@redhat.com>
-
- 11 1月, 2013 2 次提交
-
-
由 Peter Krempa 提交于
If addition of rules in networkAddIptablesRules() failed the real error was masked by error reported when trying to clean up the remaining rules. With this patch the original error message is saved and set back after the removal is complete.
-
由 Peter Krempa 提交于
Commit 0211fd6e introduced regression where newly defined networks were not made persistent. This patch makes the network persistent on each successful definition.
-
- 21 12月, 2012 10 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 18 12月, 2012 2 次提交
-
-
由 Laine Stump 提交于
This is yet another refinement to the fix for CVE-2012-3411: https://bugzilla.redhat.com/show_bug.cgi?id=833033 It turns out that it would be very intrusive to correctly backport the entire --bind-dynamic option to older dnsmasq versions (e.g. dnsmasq-2.48 that is used on RHEL6.x and CentOS 6.x), but very simple to patch those versions to just use SO_BINDTODEVICE on all their listening sockets (SO_BINDTODEVICE also has the desired effect of permitting only traffic that was received on the interface(s) where dnsmasq was set to listen.) This patch modifies the dnsmasq capabilities detection to detect the string: --bind-interfaces with SO_BINDTODEVICE in the output of "dnsmasq --version", and in that case realize that using the old --bind-interfaces option is just as safe as --bind-dynamic (and therefore *not* forbid creation of networks that use public IP address ranges). If -bind-dynamic is available, it is still preferred over --bind-interfaces. Note that this patch does no harm in upstream, or in any distro's downstream if it happens to end up there, but builds for distros that have a new enough dnsmasq to support --bind-dynamic do *NOT* need to specifically backport this patch; it's only required for distro releases that have dnsmasq too old to have --bind-dynamic (and those distros will need to add the SO_BINDTODEVICE patch to dnsmasq, *including the extra string in the --version output*, as well.
-
由 Laine Stump 提交于
Somehow I managed to push the changes to this file with improper indentation. This patch just re-indents, reformats the comment lines, and re-groups a couple of multi-line strings so that they fit within 80 columns. The resulting binary should be identical.
-
- 15 12月, 2012 1 次提交
-
-
由 Laine Stump 提交于
A forgotten "!" in recently-modified code at the top of networkRefreshDaemon() meant an improper early return, which led to 1) dnsmasq config files not being updated from the newly modified config, and 2) dnsmasq not being sent a SIGHUP so that it could learn about the changes to the config. virNetworkDefGetIpByIndex() returns NULL if there are no ip objects of the requested type, and if there are no IP elements, then dnsmasq shouldn't be running, so we can return early. Otherwise we should rewrite the config files and send a SIGHUP.
-
- 14 12月, 2012 1 次提交
-
-
由 Laine Stump 提交于
This patch resolves the problem reported in: https://bugzilla.redhat.com/show_bug.cgi?id=886663 The source of the problem was the fix for CVE 2011-3411: https://bugzilla.redhat.com/show_bug.cgi?id=833033 which was originally committed upstream in commit 753ff83a. That commit improperly removed the "--except-interface lo" from dnsmasq commandlines when --bind-dynamic was used (based on comments in the latter bug). It turns out that the problem reported in the CVE could be eliminated without removing "--except-interface lo", and removing it actually caused each instance of dnsmasq to listen on localhost on port 53, which created a new problem: If another instance of dnsmasq using "bind-interfaces" (instead of "bind-dynamic") had already been started (or if another instance started later used "bind-dynamic"), this wouldn't have any immediately visible ill effects, but if you tried to start another dnsmasq instance using "bind-interfaces" *after* starting any libvirt networks, the new dnsmasq would fail to start, because there was already another process listening on port 53. (Subsequent to the CVE fix, another patch changed the network driver to put dnsmasq options in a conf file rather than directly on the dnsmasq commandline, but preserved the same options.) This patch changes the network driver to *always* add "except-interface=lo" to dnsmasq conf files, regardless of whether we use bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances are listening on localhost (and the CVE is still fixed). The actual code change is miniscule, but must be propogated through all of the test files as well.
-
- 13 12月, 2012 1 次提交
-
-
由 Eric Blake 提交于
I noticed that /var/lib/libvirt/dnsmasq/*.conf used the wrong word; it was intended to match the wording in src/util/xml.c. * src/network/bridge_driver.c (networkDnsmasqConfContents): Fix typo. * tests/networkxml2confdata/*.conf: Update accordingly.
-
- 12 12月, 2012 3 次提交
-
-
由 Michal Privoznik 提交于
Currently, we are only keeping a inactive XML configuration in status dir. This is no longer enough as we need to keep this class_id attribute so we don't overwrite old entries when the daemon restarts. However, since there has already been release which has just <network/> as root element, and we want to keep things compatible, detect that loaded status file is older one, and don't scream about it.
-
由 Michal Privoznik 提交于
Network should be notified if we plug in or unplug an interface, so it can perform some action, e.g. set/unset network part of QoS. However, we are doing this in very early stage, so iface->ifname isn't filled in yet. So whenever we want to report an error, we must use a different identifier, e.g. the MAC address.
-
由 Michal Privoznik 提交于
These classes can borrow unused bandwidth. Basically, only egress qdsics can have classes, therefore we can do this kind of traffic shaping only on host's outgoing, that is domain's incoming traffic.
-
- 11 12月, 2012 1 次提交
-
-
由 Gene Czarcinski 提交于
This patch changes how parameters are passed to dnsmasq. Instead of being on the command line, the parameters are put into a file (one parameter per line) and a commandline --conf-file= specifies the location of the file. The file is located in the same directory as the leases file. Putting the dnsmasq parameters into a configuration file allows them to be examined and more easily understood than examining the command lines displayed by "ps ax". This is especially true when a number of networks have been started. When the use of dnsmasq was originally done, the required command line was simple, but it has gotten more complicated over time and will likely become even more complicated in the future. Note: The test conf files have all been renamed .conf instead of .argv, and tests/networkxml2xmlargvdata was moved to tests/networkxml2xmlconfdata.
-