1. 30 3月, 2010 21 次提交
    • S
      Add ip6tables support for IPv6 filtering · bc210210
      Stefan Berger 提交于
      This patch adds IPv6 filtering support for the following protocols:
      - tcp-ipv6
      - udp-ipv6
      - udplite-ipv6
      - esp-ipv6
      - ah-ipv6
      - sctp-ipv6
      - all-ipv6
      - icmpv6
      
      Many of the IPv4 data structure could be re-used for IPv6 support.
      Since ip6tables also supports pretty much the same command line parameters
      as iptables does, also much of the code could be re-used and now
      command lines are invoked with the ip(6)tables tool parameter passed
      through the functions as a parameter.
      bc210210
    • S
      Remove driver dependency from nwfilter_conf.c · 0af0ded0
      Stefan Berger 提交于
      This patch removes the driver dependency from nwfilter_conf.c and moves
      a callback function calling into the driver into
      nwfilter_gentech_driver.c and passes a pointer to that callback function
      upon initialization of nwfilter_conf.c.
      0af0ded0
    • S
      Add support for so-far missing protocols for iptables filtering · 285d3893
      Stefan Berger 提交于
      This patch adds filtering support for the so-far missing protocols 'ah',
      'esp' and 'udplite'.
      285d3893
    • D
      Fix daemon hook script initialization · 0ec5cd07
      Daniel Veillard 提交于
      * daemon/libvirtd.c: we should error out only if virHookInitialize()
        return value is negative
      0ec5cd07
    • L
      Implement the qemu-kvm backend of clock timer elements · 8bf6799b
      Laine Stump 提交于
      Since the timers are defined to cover all possible config cases for
      several different hypervisors, many of these possibilities generate an
      error on qemu. Here is what is currently supported:
      
      RTC: If the -rtc commandline option is available, allow setting
      "clock=host"
           or "clock=vm" based on the rtc timer clock='host|guest' value. Also
           add "driftfix=slew" if the tickpolicy is 'catchup', or add nothing
      if
           tickpolicy is 'delay'. (Other tickpolicies will raise an error).
      
           If -rtc isn't available, but -rtc-td-hack is, add that option
           if the tickpolicy is 'catchup', add -rtc-td-hack, if it is 'delay'
           add nothing, and if it's anything else, raise an error.
      
      PIT: If -no-kvm-pit-reinjection is available, and tickpolicy is
           'delay', add that option. if tickpolicy is 'catchup', do
           nothing. Anything else --> raise an error.
      
           If -no-kvm-pit-reinjection *isn't* available, but -tdf is, when
           tickpolicy is 'catchup' add -tdf. If it's 'delay', do
           nothing. Anything else --> raise an error.
      
           If neither of those commandline options is available, and
           tickpolicy is anything other than 'delay' (or unspecified), raise
           an error.
      
      HPET: If -no-hpet flag is available and present='no', add -no-hpet.
            If -no-hpet is not available, and present='yes', raise an error.
            If present is unspecified, the default is to do whatever this
            particular qemu does by default, so don't raise an error.
      
      All other timer types are unsupported by QEMU, so they will raise an
      error.
      
      * src/qemu/qemu_conf.c: extend qemuBuildClockArgStr() to generate the
        command line arguments for the new options
      8bf6799b
    • L
      Add flags to indicate presence of timekeeping-related qemu options · 0fdf6496
      Laine Stump 提交于
      * src/qemu/qemu_conf.h: define 4 new flags
      * src/qemu/qemu_conf.c: check the help text of qemu for presence of
                              features indicated by each flag.
      * tests/qemuhelptest.c: add appropriate flags into the masks for each test
      0fdf6496
    • L
      Add timer element to domain schema · 188af565
      Laine Stump 提交于
      timers are sub-elements of clocks. A clock can have zero or more
      instances of timer. Within the timer, only the name attribute is
      required; all other attributes are optional.
      
      A simpler representation of a timer element is:
      
        <timer name='platform|pit|rtc|hpet|tsc'
               wallclock='host|guest'
               tickpolicy='delay|catchup|merge|discard'
               frequency='123'
               mode='auto|native|emulate|paravirt'
               present='yes|no'/>
      
      frequency is a ulong. All other attributes are simple enums.
      188af565
    • L
      Implement XML parser/formatter for "timer" subelement of domain clock · 92a9e5df
      Laine Stump 提交于
      This extension is described in
      
      http://www.redhat.com/archives/libvir-list/2010-March/msg00304.html
      
      Currently all attributes are optional, except name.
      
      * src/conf/domain_conf.h: add data definition for virDomainTimerDef
        and add a list of them to virDomainClockDef
      * src/conf/domain_conf.c: XML parser and formatter for a timer inside a clock
      * src/libvirt_private.syms: add new Timer enum helper functions to symbols
      92a9e5df
    • D
      Fix QEMU cpu affinity at startup to include all threads · 99123ba0
      Daniel P. Berrange 提交于
      The QEMU cpu affinity is used in NUMA scenarios to ensure that
      guest memory is allocated from a specific node. Normally memory
      is allocate on demand in vCPU threads, but when using hugepages
      the initial thread leader allocates memory upfront. libvirt was
      not setting affinity of the thread leader, or I/O threads. This
      patch changes the code to set the process affinity in between
      the fork()/exec() of QEMU. This ensures that every single QEMU
      thread gets the affinity
      
      * src/qemu/qemu_driver.c: Set affinity on entire QEMU process
        at startup
      99123ba0
    • D
      Updating the commiters list · 05e15ff8
      Daniel Veillard 提交于
      Laine Stump, Stefan Berger, Eric Blake now have commit rights !
      05e15ff8
    • E
      virsh: support VISUAL, and allow metacharacters in EDITOR · f3661756
      Eric Blake 提交于
      Common Unix practice is to prefer VISUAL over EDITOR, particularly if
      the editor of choice spawns a new window.  Thus, it is also common to
      see settings like EDITOR='emacs -nw', with the expectation that the
      shell will parse this as an argument to 'emacs' and not try to invoke
      a file containing a space.
      
      If a user puts junk in EDITOR, they deserve what they get (much more
      than virsh will misbehave); furthermore, sudo scrubs EDITOR by
      default.  So the blind use of metacharacters in EDITOR should not be
      considered too much of a security issue.
      
      * tools/virsh.c (editFile): Prefer VISUAL over EDITOR.  Don't
      reject shell metacharacters in EDITOR.
      * tools/virsh.pod (edit, net-edit, ENVIRONMENT): Document VISUAL.
      Fixes https://bugzilla.redhat.com/show_bug.cgi?id=487738.
      f3661756
    • E
      virsh: improve man page · b522264b
      Eric Blake 提交于
      * tools/virsh.pod: (DESCRIPTION): Improve grammar.  Mention other drivers.
      (ENVIRONMENT): Document EDITOR.
      (COPYRIGHT): Bump.
      b522264b
    • S
      Add dummy nwfilter driver to test driver · 7fb3e43d
      Stefan Berger 提交于
      This patch adds a dummy nwfilter driver to the test driver so that the
      int-overflow test passes without modifications.
      7fb3e43d
    • S
      Fix "make check" run requesting authentication · ad8bf13f
      Stefan Berger 提交于
      This patch fixes the 'make check' runs for me which, under certain
      circumstances and login configurations, did invoke popups requesting
      authentication. I removed the parameter conn from being passed into the
      error reporting function.
      
      * src/conf/nwfilter_conf.h src/conf/nwfilter_conf.c: remove conn from
        error reporting parameters.
      ad8bf13f
    • D
      Fix a merge error leftover · 5bbde877
      Daniel Veillard 提交于
      5bbde877
    • D
      Add script hook support to the LXC driver · 86415b2d
      Daniel Veillard 提交于
      Right now this implements only 2 basic hooks:
      - before the lxc control process is being launched
      - after the lxc control process is terminated
      the XML description of the domain is passed to the hook script stdin
      /etc/libvirt/hook/lxc
      
      * src/lxc/lxc_driver.c: implement synchronous script hooks for LXC
        at domain startup and end
      86415b2d
    • D
      Add script hook support to the QEmu driver · 668150fc
      Daniel Veillard 提交于
      Right now this implements only 2 basic hooks:
      - before the qemu process is being launched
      - after the qemu process is terminated
      the XML description of the domain is passed to the hook script stdin
      /etc/libvirt/hook/qemu
      
      * src/qemu/qemu_driver.c: implement synchronous script hooks for QEmu
        at domain startup and end
      668150fc
    • D
      Add the script hook support to the libvirt daemon · 53456e62
      Daniel Veillard 提交于
      It supports 3 kind of probing times, at daemon startup, when the
      daemon reloads its drivers on SIGHUP and when the daemon exits
      
      * daemon/libvirtd.c: daemon hooks for startup, reload and exit
      53456e62
    • D
      Add hook utilities · 2b4e3531
      Daniel Veillard 提交于
      This exports 3 basic routines:
        - virHookInitialize() initializing the hook support by looking for
          scripts availability
        - virHookPresent() used to test if there is a hook for a given driver
        - virHookCall() which actually calls a synchronous script hook with
          the needed parameters
      Note that this doesn't expose any public API except for the locations
      and arguments passed to the scripts
      
      * src/Makefile.am: add the 2 new files
      * src/util/hooks.h src/util/hooks.c: implements the 3 functions
      * src/libvirt_private.syms: export the 3 symbols internally
      * po/POTFILES.in: add src/util/hooks.c to translatables modules
      2b4e3531
    • D
      Add an error module and message for the hooks subsystem · bf735407
      Daniel Veillard 提交于
      * include/libvirt/virterror.h: add VIR_FROM_HOOK and VIR_ERR_HOOK_SCRIPT_FAILED
      * src/util/virterror.c: associated strings
      bf735407
    • D
      Export virPipeReadUntilEOF internally · b3bff954
      Daniel Veillard 提交于
      used to read the data from virExec stdout/err file descriptors
      
      * src/util/util.c src/util/util.h: not static anymore and export it
      * src/libvirt_private.syms: allow access internally
      b3bff954
  2. 27 3月, 2010 19 次提交
    • J
      Introduce UPDATE_CPU flag for virDomainGetXMLDesc · e455b221
      Jiri Denemark 提交于
      This flag is used in migration prepare step to send updated XML
      definition of a guest.
      
      Also ``virsh dumpxml --update-cpu [--inactive] guest'' command can be
      used to see the updated CPU requirements.
      e455b221
    • J
      Helper function for making a copy of virCPUDefPtr · 284805e6
      Jiri Denemark 提交于
      284805e6
    • J
      cpuUpdate() for updating guest CPU according to host CPU · 661ae104
      Jiri Denemark 提交于
      Useful mainly for migration. cpuUpdate changes guest CPU requirements in
      the following way:
      
      - match == "strict" || match == "exact"
          - optional features which are supported by host CPU are changed into
            required features
          - optional features which are not supported by host CPU are disabled
          - all other features remain untouched
      - match == "minimum"
          - match is changed into "exact"
          - optional features and all features not mentioned in guest CPU
            specification which are supported by host CPU become required
            features
          - other optional features are disabled
          - all other features remain untouched
      
      This ensures that no feature will suddenly disappear from the guest
      after migration.
      661ae104
    • J
      Don't replace persistent domain config with migrated config · 59821682
      Jiri Denemark 提交于
      When a domain is defined on host1, migrated to host2 and then migrated
      back to host1, its current configuration would overwrite the libvirtd's
      in-memory copy of persistent configuration of that domain. This is not
      desired as we want to preserve the persistent configuration untouched.
      
      This patch introduces new 'live' parameter to virDomainAssignDef.
      Passing 'true' for 'live' means the configuration passed to
      virDomainAssignDef describes a configuration of live instance of the
      domain. This applies for saved domains which are being restored or for
      incoming domains during migration.
      
      All callers have been changed to pass the appropriate value.
      59821682
    • J
      filter new files through cppi, so syntax-check passes once again · 19a863c4
      Jim Meyering 提交于
      * src/conf/nwfilter_conf.h: Indent cpp directives.
      * src/conf/nwfilter_params.h: Likewise.
      * src/datatypes.h: Likewise.
      * src/nwfilter/nwfilter_driver.h: Likewise.
      * src/nwfilter/nwfilter_ebiptables_driver.h: Likewise.
      * src/nwfilter/nwfilter_gentech_driver.h: Likewise.
      19a863c4
    • D
      Add disk error policy to domain XML · 447c586a
      David Allan 提交于
      * Fixes per feedback from Dan and Daniel
      * Added test datafiles
      * Re-disabled JSON flags
      * Added code to print the error policy attribute when generating XML
      * Re-add empty tag
      447c586a
    • E
      build: don't lose prior configure args on autogen.sh · 508da563
      Eric Blake 提交于
      My prior patch forced an autogen.sh run, and I was surprised that the
      suggested './autogen.sh' lost the fact that I had previously used
      './autogen.sh -C' for speed.
      
      * autogen.sh: Use config.status, if present and there were no arguments.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      508da563
    • E
      build: update gnulib · f0dc84d8
      Eric Blake 提交于
      Picks up fixes for gethostname compilation problems on mingw.
      
      * .gnulib: Update to latest.
      * build-aux/.gitignore: Regenerate.
      * cfg.mk (local-checks-to-skip): Avoid new test not relevent to
      libvirt.
      f0dc84d8
    • S
      Add some examples filters · e3a7137a
      Stefan Berger 提交于
      This patch adds some example filters to libvirt. They are automatically
      installed into the proper directory for libvirt to pick them up.
      e3a7137a
    • S
      Extensions for iptables rules · 1130085c
      Stefan Berger 提交于
      This patch adds support for L3/L4 filtering using iptables. This adds
      support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering.
      
      As mentioned in the introduction, a .c file provided by this patch
      is #include'd into a .c file. This will need work, but should be alright
      for review.
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      1130085c
    • S
      Add IPv6 support for the ebtables layer · f85208ee
      Stefan Berger 提交于
      This patch adds IPv6 support for the ebtables layer. Since the parser
      etc. are all parameterized, it was fairly easy to add this...
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      f85208ee
    • S
      Add qemu support · d498175a
      Stefan Berger 提交于
      Add support for Qemu to have firewall rules applied and removed on VM
      startup and shutdown respectively. This  patch also provides support for
      the updating of a filter that causes all VMs that reference the filter
      to have their ebtables/iptables rules updated.
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      d498175a
    • S
      Core driver implementation with ebtables support · 065b6571
      Stefan Berger 提交于
      This patch implements the core driver and provides
      - management functionality for managing the filter XMLs
      - compiling the internal filter representation into ebtables rules
      - applying ebtables rules on a network (tap,macvtap) interface
      - tearing down ebtables rules that were applied on behalf of an
      interface
      - updating of filters while VMs are running and causing the firewalls to
      be rebuilt
      - other bits and pieces
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      065b6571
    • S
      Add XML parser extensions for network filtering · e4e20423
      Stefan Berger 提交于
      This patch adds XML processing for the network filter schema
      and extends the domain XML processing to parse the top level
      referenced filter along with potentially provided parameters
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      Signed-off-by: NGerhard Stenzel <gerhard.stenzel@de.ibm.com>
      e4e20423
    • S
      Add virsh support for new CLI commands · 92956038
      Stefan Berger 提交于
      This patch adds virsh support for the five new CLI commands to manage
      network filters.
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      92956038
    • S
      Definition of the wire format, RPC client & server · 965466c1
      Stefan Berger 提交于
      This patch adds the definition of the wire format for RPC calls
      and implementation of the RPC client & server code
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      965466c1
    • S
      Implementation of the public API · 46e9b0fb
      Stefan Berger 提交于
      This patch adds the implementation of the public API for the network
      filtering (ACL) extensions to libvirt.c .
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      46e9b0fb
    • S
      Add internal API · f0c1c3f8
      Stefan Berger 提交于
      This patch adds the internal API extensions for network filtering (ACL) support.
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      f0c1c3f8
    • S
      Add public API · c71a2100
      Stefan Berger 提交于
      This patch adds extensions to libvirt's public API necessary for
      controlling the new functionality from remote for example.
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      c71a2100