- 03 7月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Ensure that all APIs which list network objects filter them against the access control system. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 5月, 2013 1 次提交
-
-
由 Gene Czarcinski 提交于
network: static route support for <network> This patch adds the <route> subelement of <network> to define a static route. the address and prefix (or netmask) attribute identify the destination network, and the gateway attribute specifies the next hop address (which must be directly reachable from the containing <network>) which is to receive the packets destined for "address/(prefix|netmask)". These attributes are translated into an "ip route add" command that is executed when the network is started. The command used is of the following form: ip route add <address>/<prefix> via <gateway> \ dev <virbr-bridge> proto static metric <metric> Tests are done to validate that the input data are correct. For example, for a static route ip definition, the address must be a network address and not a host address. Additional checks are added to ensure that the specified gateway is directly reachable via this network (i.e. that the gateway IP address is in the same subnet as one of the IP's defined for the network). prefix='0' is supported for both family='ipv4' address='0.0.0.0' netmask='0.0.0.0' or prefix='0', and for family='ipv6' address='::', prefix=0', although care should be taken to not override a desired system default route. Anytime an attempt is made to define a static route which *exactly* duplicates an existing static route (for example, address=::, prefix=0, metric=1), the following error message will be sent to syslog: RTNETLINK answers: File exists This can be overridden by decreasing the metric value for the route that should be preferred, or increasing the metric for the route that shouldn't be preferred (and is thus in place only in anticipation that the preferred route may be removed in the future). Caution should be used when manipulating route metrics, especially for a default route. Note: The use of the command-line interface should be replaced by direct use of libnl so that error conditions can be handled better. But, that is being left as an exercise for another day. Signed-off-by: NGene Czarcinski <gene@czarc.net> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 27 4月, 2013 1 次提交
-
-
由 Laine Stump 提交于
I remembered to document this bit, but somehow forgot to implement it. This adds <driver name='kvm|vfio'/> as a subelement to the <forward> element of a network (this puts it parallel to the match between mode='hostdev' attribute in a network and type='hostdev' in an <interface>). Since it's already documented, only the parser, formatter, backend driver recognition (it just translates/moves the flag into the <interface> at the appropriate time), and a test case were needed. (I used a separate enum for the values both because the original is defined in domain_conf.h, which is unavailable from network_conf.h, and because in the future it's possible that we may want to support other non-hostdev oriented driver names in the network parser; this makes sure that one can be expanded without the other).
-
- 19 4月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
Until now tranisent networks weren't really useful as libvirtd wasn't able to remember them across restarts. This patch adds support for loading status files of transient networks (that already were generated) so that the status isn't lost. This patch chops up virNetworkObjUpdateParseFile and turns it into virNetworkLoadState and a few friends that will help us to load status XMLs and refactors the functions that are loading the configs to use them.
-
- 13 4月, 2013 1 次提交
-
-
由 Osier Yang 提交于
-
- 27 2月, 2013 1 次提交
-
-
由 Laine Stump 提交于
This reverts commit 383ebc46. We decided the xml for this feature needed more thought to make sure we are doing it the best way, in particular wrt option values that have multiple items.
-
- 25 2月, 2013 1 次提交
-
-
由 Gene Czarcinski 提交于
Originally, only a host name was used to associate a DHCPv6 request with a specific IPv6 address. Further testing demonstrates that this is an unreliable method and, instead, a client-id or DUID needs to be used. According to DHCPv6 standards, this id can be a duid-LLT, duid-LL, or duid-UUID even though dnsmasq will accept almost any text string. Although validity checking of a specified string makes sure it is hexadecimal notation with bytes separated by colons, there is no rigorous check to make sure it meets the standard. Documentation and schemas have been updated. Signed-off-by: NGene Czarcinski <gene@czarc.net> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 23 2月, 2013 1 次提交
-
-
由 Pieter Hollants 提交于
This patch adds support for a new <option>-Tag in the <dhcp> block of network configs, based on a subset of the fifth proposal by Laine Stump in the mailing list discussion at https://www.redhat.com/archives/libvir-list/2012-November/msg01054.html. Any such defined option will result in a dhcp-option=<number>,"<value>" statement in the generated dnsmasq configuration file. Currently, DHCP options can be specified by number only and there is no whitelisting or blacklisting of option numbers, which should probably be added. Signed-off-by: NPieter Hollants <pieter@hollants.com> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 20 2月, 2013 3 次提交
-
-
由 Natanael Copa 提交于
We pass over the address/port start/end values many times so we put them in structs. Signed-off-by: NNatanael Copa <ncopa@alpinelinux.org> Signed-off-by: NLaine Stump <laine@laine.org>
-
由 Natanael Copa 提交于
Let users set the port range to be used for forward mode NAT: ... <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> ... Signed-off-by: NNatanael Copa <ncopa@alpinelinux.org> Signed-off-by: NLaine Stump <laine@laine.org>
-
由 Natanael Copa 提交于
Support setting which public ip to use for NAT via attribute address in subelement <nat> in <forward>: ... <forward mode='nat'> <address start='1.2.3.4' end='1.2.3.10'/> </forward> ... This will construct an iptables line using: '-j SNAT --to-source <start>-<end>' instead of: '-j MASQUERADE' Signed-off-by: NNatanael Copa <ncopa@alpinelinux.org> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 21 12月, 2012 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 12 12月, 2012 2 次提交
-
-
由 Michal Privoznik 提交于
Currently, we are only keeping a inactive XML configuration in status dir. This is no longer enough as we need to keep this class_id attribute so we don't overwrite old entries when the daemon restarts. However, since there has already been release which has just <network/> as root element, and we want to keep things compatible, detect that loaded status file is older one, and don't scream about it.
-
由 Michal Privoznik 提交于
Network should be notified if we plug in or unplug an interface, so it can perform some action, e.g. set/unset network part of QoS. However, we are doing this in very early stage, so iface->ifname isn't filled in yet. So whenever we want to report an error, we must use a different identifier, e.g. the MAC address.
-
- 11 12月, 2012 5 次提交
-
-
由 Jiri Denemark 提交于
-
由 Laine Stump 提交于
The attributes of a <network> element's <forward> element were previously stored directly in the virNetworkDef object, but virNetworkUpdateForward() needs to operate on a <forward> in isolation, so this patchs pulls out all those attributes into a separate virNetworkForwardDef struct (and shortens their names appropriately). This new object is contained in the virNetworkDef, not pointed to by it, so there is no extra memory management. This patch makes no functional changes, it only changes, e.g., "nForwardIfs" to "forward.nifs".
-
由 Laine Stump 提交于
Since there is only a single virNetworkDNSDef for any virNetworkDef, and it's trivial to determine whether or not it contains any real data, it's much simpler (and fits more uniformly with the parse function calling sequence of the parsers for many other objects that are subordinates of virNetworkDef) if virNetworkDef *contains* an virNetworkDNSDef rather than pointing to one. Since it is now just a part of another object rather than its own object, it no longer makes sense to have a *Free() function, so that is changed to a *Clear() function. More importantly though, ParseXML and Clear functions are needed for the individual items contained in a virNetworkDNSDef (srv, txt, and host records), but none of them have a *Clear(), and only two of the three had *ParseXML() functions (both of which used a non-uniform arglist). Those problems are cleared up by this patch - it splits the higher-level Clear function into separate functions for each of the three, creates a parse for txt records, and cleans up the srv and host parsers, so we now have all the utility functions necessary to implement virNetworkDefUpdateDNS(Host|Srv|Txt).
-
由 Laine Stump 提交于
This shortens the name of the structs for srv and txt, and their instances in virNetworkDNSDef, to be more compact and uniform with the naming of the dns host array. It also changes the type of ntxts, etc from unsigned int to size_t, so that they can be used directly as args to VIR_*_ELEMENT.
-
由 Laine Stump 提交于
The already-written backend functions for virNetworkUpdate that add and delete items into lists within the a network were already debugged to work properly, but future such functions will use VIR_(INSERT|DELETE)_ELEMENT instead, so these are changed for uniformity.
-
- 06 12月, 2012 1 次提交
-
-
由 Gene Czarcinski 提交于
This patch adds the capability for virtual guests to do IPv6 communication via a virtual network interface with no IPv6 (gateway) addresses specified. This capability has always been enabled by default for IPv4, but disabled for IPv6 for security concerns, and because it requires the ip6tables command to be operational (which isn't the case on a system with the ipv6 module completely disabled). This patch adds a new attribute "ipv6" at the toplevel of a <network> object. If ipv6='yes', the extra ip6tables rules required to permite inter-guest communications are added when the network is started. If it is 'no', or not present, those rules will not be added; thus the default behavior doesn't change, so there should be no compatibility issues with any existing installations. Note that virtual guests cannot communication with the virtualization host via this interface, because the following kernel tunable has been set: net.ipv6.conf.<bridge_interface_name>.disable_ipv6 = 1 This assures that the bridge interface will not have an IPv6 link-local (fe80::) address. To control this behavior so that it is not enabled by default, the parameter ipv6='yes' on the <network> statement has been added. Documentation related to this patch has been updated. The network schema has also been updated.
-
- 02 11月, 2012 1 次提交
-
-
由 Peter Krempa 提交于
The argument check_active is used only as a boolean so this patch changes the type and updates callers.
-
- 20 10月, 2012 1 次提交
-
-
由 Laine Stump 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=866364 pointed out a crash due to virNetworkObjAssignDef free'ing network->newDef without NULLing it afterward. A fix for this is in upstream commit b7e92024. While the NULLing of newDef was a legitimate fix, newDef should have already been empty (NULL) anyway (as indicated in the comment that was deleted by that commit). The reason that newDef had a non-NULL value (i.e. the root cause) was that networkStartNetwork() had failed after populating network->newDef, but then neglected to free/NULL newDef in the cleanup. (A bit of background here: network->newDef should contain the persistent config of a network when a network is active (and of course only when it is persisten), and NULL at all other times. There is also a network->def which should contain the persistent definition of the network when it is inactive, and the current live state at all other times. The idea is that you can make changes to network->newDef which will take effect the next time the network is restarted, but won't mess with the current state of the network (virDomainObj has a similar pair of virDomainDefs that behave in the same fashion). Personally I think there should be a network->live and network->config, and the location of the persistent config should *always* be in network->config, but that's for a later cleanup). Since I love things to be symmetric, I created a new function called virNetworkObjUnsetDefTransient(), which reverses the effects of virNetworkObjSetDefTransient(). I don't really like the name of the new function, but then I also didn't really like the name of the old one either (it's just named that way to match a similar function in the domain conf code).
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 18 9月, 2012 2 次提交
-
-
由 Laine Stump 提交于
virNetworkObjUpdate takes care of all virNetworkUpdate-related changes to the data stored in the in-memory virNetworkObj list. It should be called by network drivers that use this in-memory list. virNetworkObjUpdate *does not* take care of updating any disk-based copies of the config, nor does it perform any other operations necessary to have the new config data take effect (e.g. it won't re-write dnsmasq host files, nor will it send a SIGHUP to dnsmasq) - those things should all be taken care of in the network driver function that calls virNetworkObjUpdate (assuming that it returns success).
-
由 Laine Stump 提交于
These new functions are highly inspired by those in domain_conf.c (but not identical), and are intended to make it simpler to update the various combinations of live/persistent network configs. The network driver wasn't previously as careful about the separation between the live "status" in network->def and the persistent "config" in network->newDef (or sometimes in network->def). This series attempts to remedy some of that, but probably doesn't go all the way (enough to get these functions working and enable continued work on virNetworkUpdate though). bridge_driver.c and test_driver.c were updated in a few places to take advantage of the new functions and/or account for changes in argument lists.
-
- 11 9月, 2012 1 次提交
-
-
由 Osier Yang 提交于
src/conf/network_conf.c: Add virNetworkMatch to filter the networks; and virNetworkList to iterate over all the networks with the filter. src/conf/network_conf.h: Declare virNetworkList and define the macros for filters. src/libvirt_private.syms: Export virNetworkList.
-
- 18 8月, 2012 1 次提交
-
-
由 Shradha Shah 提交于
This patch introduces the new forward mode='hostdev' along with attribute managed. Includes updates to the network RNG and new xml parser/formatter code. Signed-off-by: NShradha Shah <sshah@solarflare.com>
-
- 16 8月, 2012 1 次提交
-
-
由 Laine Stump 提交于
The following config elements now support a <vlan> subelements: within a domain: <interface>, and the <actual> subelement of <interface> within a network: the toplevel, as well as any <portgroup> Each vlan element must have one or more <tag id='n'/> subelements. If there is more than one tag, it is assumed that vlan trunking is being requested. If trunking is required with only a single tag, the attribute "trunk='yes'" should be added to the toplevel <vlan> element. Some examples: <interface type='hostdev'/> <vlan> <tag id='42'/> </vlan> <mac address='52:54:00:12:34:56'/> ... </interface> <network> <name>vlan-net</name> <vlan trunk='yes'> <tag id='30'/> </vlan> <virtualport type='openvswitch'/> </network> <interface type='network'/> <source network='vlan-net'/> ... </interface> <network> <name>trunk-vlan</name> <vlan> <tag id='42'/> <tag id='43'/> </vlan> ... </network> <network> <name>multi</name> ... <portgroup name='production'/> <vlan> <tag id='42'/> </vlan> </portgroup> <portgroup name='test'/> <vlan> <tag id='666'/> </vlan> </portgroup> </network> <interface type='network'/> <source network='multi' portgroup='test'/> ... </interface> IMPORTANT NOTE: As of this patch there is no backend support for the vlan element for *any* network device type. When support is added in later patches, it will only be for those select network types that support setting up a vlan on the host side, without the guest's involvement. (For example, it will be possible to configure a vlan for a guest connected to an openvswitch bridge, but it won't be possible to do that for one that is connected to a standard Linux host bridge.)
-
- 15 8月, 2012 3 次提交
-
-
由 Laine Stump 提交于
Just as each physical device used by a network has a connections counter, now each network has a connections counter which is incremented once for each guest interface that connects using this network. The count is output in the live network XML, like this: <network connections='20'> ... </network> It is read-only, and for informational purposes only - it isn't used internally anywhere by libvirt.
-
由 Laine Stump 提交于
I want to include this count in the xml output of networks, but calling it "connections" in the XML sounds better than "usageCount", and it would be better if the name in the XML matched the variable name. In a few places, usageCount was being initialized to 0, but this is unnecessary, because VIR_ALLOC_N zero-fills everything anyway.
-
由 Laine Stump 提交于
This array was originally defined using the existing virNetworkForwardIfDef, but that struct has a UsageCount field that isn't used in the case of PFs. This patch just copies that struct and removes UsageCount. It ends up being a struct with a single field, but I left it as a struct in case we need to add other fields to it in the future.
-
- 10 8月, 2012 1 次提交
-
-
由 Matthias Bolte 提交于
An ESX server has one or more PhysicalNics that represent the actual hardware NICs. Those can be listed via the interface driver. A libvirt virtual network is mapped to a HostVirtualSwitch. On the physical side a HostVirtualSwitch can be connected to PhysicalNics. On the virtual side a HostVirtualSwitch has HostPortGroups that are mapped to libvirt virtual network's portgroups. Typically there is HostPortGroups named 'VM Network' that is used to connect virtual machines to a HostVirtualSwitch. A second HostPortGroup typically named 'Management Network' is used to connect the hypervisor itself to the HostVirtualSwitch. This one is not mapped to a libvirt virtual network's portgroup. There can be more HostPortGroups than those typical two on a HostVirtualSwitch. +---------------+-------------------+ ...---| | | +-------------+ | HostPortGroup | |---| PhysicalNic | | VM Network | | | vmnic0 | ...---| | | +-------------+ +---------------+ HostVirtualSwitch | | vSwitch0 | +---------------+ | | HostPortGroup | | ...---| Management | | | Network | | +---------------+-------------------+ The virtual counterparts of the PhysicalNic is the HostVirtualNic for the hypervisor and the VirtualEthernetCard for the virtual machines that are grouped into HostPortGroups. +---------------------+ +---------------+---... | VirtualEthernetCard |---| | +---------------------+ | HostPortGroup | +---------------------+ | VM Network | | VirtualEthernetCard |---| | +---------------------+ +---------------+ | +---------------+ +---------------------+ | HostPortGroup | | HostVirtualNic |---| Management | +---------------------+ | Network | +---------------+---... The currently implemented network driver can list, define and undefine HostVirtualSwitches including HostPortGroups for virtual machines. Existing HostVirtualSwitches cannot be edited yet. This will be added in a followup patch.
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 17 7月, 2012 1 次提交
-
-
由 Stefan Berger 提交于
Introduce new members in the virMacAddr 'class' - virMacAddrSet: set virMacAddr from a virMacAddr - virMacAddrSetRaw: setting virMacAddr from raw 6 byte MAC address buffer - virMacAddrGetRaw: writing virMacAddr into raw 6 byte MAC address buffer - virMacAddrCmp: comparing two virMacAddr - virMacAddrCmpRaw: comparing a virMacAddr with a raw 6 byte MAC address buffer then replace raw MAC addresses by replacing - 'unsigned char *' with virMacAddrPtr - 'unsigned char ... [VIR_MAC_BUFLEN]' with virMacAddr and introduce usage of above functions where necessary.
-
- 28 1月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Move the virMacAddrXXX functions out of util.[ch] and into a new dedicate file virmacaddr.[ch]
-
- 12 1月, 2012 2 次提交
-
-
由 Shradha Shah 提交于
The above option helps to differentiate between implicit and explicit interface pools.
-
由 Shradha Shah 提交于
This element will help the user to just specify the SR-IOV physical function in order to access all the Virtual functions attached to it.
-
- 03 1月, 2012 1 次提交
-
-
由 Peter Krempa 提交于
-
- 02 1月, 2012 1 次提交
-
-
由 Michal Novotny 提交于
Hi, this is the fifth version of my SRV record for DNSMasq patch rebased for the current codebase to the bridge driver and libvirt XML file to include support for the SRV records in the DNS. The syntax is based on DNSMasq man page and tests for both xml2xml and xml2argv were added as well. There are some things written a better way in comparison with version 4, mainly there's no hack in tests/networkxml2argvtest.c and also the xPath context is changed to use a simpler query using the virXPathInt() function relative to the current node. Also, the patch is also fixing the networkxml2argv test to pass both checks, i.e. both unit tests and also syntax check. Please review, Michal Signed-off-by: NMichal Novotny <minovotn@redhat.com>
-