- 08 4月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
This patch implements support for learning a VM's IP address. It uses the pcap library to listen on the VM's backend network interface (tap) or the physical ethernet device (macvtap) and tries to capture packets with source or destination MAC address of the VM and learn from DHCP Offers, ARP traffic, or first-sent IPv4 packet what the IP address of the VM's interface is. This then allows to instantiate the network traffic filtering rules without the user having to provide the IP parameter somewhere in the filter description or in the interface description as a parameter. This only supports to detect the parameter IP, which is for the assumed single IPv4 address of a VM. There is not support for interfaces that may have multiple IP addresses (IP aliasing) or IPv6 that may then require more than one valid IP address to be detected. A VM can have multiple independent interfaces that each uses a different IP address and in that case it will be attempted to detect each one of the address independently. So, when for example an interface description in the domain XML has looked like this up to now: <interface type='bridge'> <source bridge='mybridge'/> <model type='virtio'/> <filterref filter='clean-traffic'> <parameter name='IP' value='10.2.3.4'/> </filterref> </interface> you may omit the IP parameter: <interface type='bridge'> <source bridge='mybridge'/> <model type='virtio'/> <filterref filter='clean-traffic'/> </interface> Internally I am walking the 'tree' of a VM's referenced network filters and determine with the given variables which variables are missing. Now, the above IP parameter may be missing and this causes a libvirt-internal thread to be started that uses the pcap library's API to listen to the backend interface (in case of macvtap to the physical interface) in an attempt to determine the missing IP parameter. If the backend interface disappears the thread terminates assuming the VM was brought down. In case of a macvtap device a timeout is being used to wait for packets from the given VM (filtering by VM's interface MAC address). If the VM's macvtap device disappeared the thread also terminates. In all other cases it tries to determine the IP address of the VM and will then apply the rules late on the given interface, which would have happened immediately if the IP parameter had been explicitly given. In case an error happens while the firewall rules are applied, the VM's backend interface is 'down'ed preventing it to communicate. Reasons for failure for applying the network firewall rules may that an ebtables/iptables command failes or OOM errors. Essentially the same failure reasons may occur as when the firewall rules are applied immediately on VM start, except that due to the late application of the filtering rules the VM now is already running and cannot be hindered anymore from starting. Bringing down the whole VM would probably be considered too drastic. While a VM's IP address is attempted to be determined only limited updates to network filters are allowed. In particular it is prevented that filters are modified in such a way that they would introduce new variables. A caveat: The algorithm does not know which one is the appropriate IP address of a VM. If the VM spoofs an IP address in its first ARP traffic or IPv4 packets its filtering rules will be instantiated for this IP address, thus 'locking' it to the found IP address. So, it's still 'safer' to explicitly provide the IP address of a VM's interface in the filter description if it is known beforehand. * configure.ac: detect libpcap * libvirt.spec.in: require libpcap[-devel] if qemu is built * src/internal.h: add the new ATTRIBUTE_PACKED define * src/Makefile.am src/libvirt_private.syms: add the new modules and symbols * src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added * src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch] src/nwfilter/nwfilter_ebiptables_driver.[ch] src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in * tests/nwfilterxml2xmltest: extend testing
-
- 01 4月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
virParseVersionString uses virStrToLong_ui instead of sscanf. This also fixes a bug in the UML driver, that always returned 0 as version number. Introduce STRSKIP to check if a string has a certain prefix and to skip this prefix.
-
- 26 3月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
Use the new virDomainUpdateDeviceFlags API to allow the VNC password to be changed on the fly * src/internal.h: Define STREQ_NULLABLE() which is like STREQ() but does not crash if either argument is NULL, and treats two NULLs as equal. * src/libvirt_private.syms: Export virDomainGraphicsTypeToString * src/qemu/qemu_driver.c: Support VNC password change on a live machine * src/qemu/qemu_monitor.c: Disable crazy debugging info. Treat a NULL password as "" (empty string), allowing passwords to be disabled in the monitor
-
- 10 3月, 2010 2 次提交
-
-
由 Eric Blake 提交于
* global: patch created by running: for f in $(git ls-files '*.[ch]') ; do cppi $f > $f.t && mv $f.t $f done
-
由 Eric Blake 提交于
It is a bad idea to call gettext on an already-translated string. In cases where a string must be translated separately from where it is exposed to xgettext, the gettext manual recommends the idiom of N_() wrapping gettext_noop for marking the string. * src/internal.h (N_): Fix definition to match gettext manual. * tools/virsh.c: (cmdHelp, cmdList, cmdDomstate, cmdDominfo) (cmdVcpuinfo, vshUsage): Replace incorrect use of N_ with _. (vshCmddefHelp): Likewise. Mark C format strings appropriately.
-
- 02 2月, 2010 1 次提交
-
-
由 Eric Blake 提交于
* src/internal.h (STREQ, STRCASEEQ, STRNEQ, STRCASENEQ, STREQLEN) (STRCASEEQLEN, STRNEQLEN, STRCASENEQLEN, STRPREFIX): Avoid redundant parenthesis. * examples/domain-events/events-c/event-test.c (STREQ): Likewise. * src/storage/parthelper.c (STREQ): Likewise.
-
- 22 12月, 2009 1 次提交
-
-
由 Matthias Bolte 提交于
ATTRIBUTE_SENTINEL was defined for GCC >= 4.0 only, resulting in compile errors when using GCC < 4.0.
-
- 06 11月, 2009 1 次提交
-
-
由 Paolo Bonzini 提交于
* src/internal.h (ATTRIBUTE_SENTINEL): New, it's a ggc feature and protected as such * src/util/buf.c (virBufferStrcat): Use it. * src/util/ebtables.c (ebtablesAddRemoveRule): Use it. * src/util/iptables.c (iptableAddRemoveRule: Use it. * src/util/qparams.h (new_qparam_set, append_qparams): Use it. * docs/apibuild.py: avoid breaking the API generator with that new internal keyword macro
-
- 09 10月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
Move the VIR_DRV_FEATURE* constants into libvirt_internal.h since these flags are indicating whether APIs in the libvirt_internal.h file are supported by a driver * src/driver.h: Remove VIR_DRV_FEATURE* constants * src/libvirt_internal.h: Add VIR_DRV_FEATURE* constants, using an enum instead of #define * src/internal.h: pull in libvirt_internal.h
-
- 04 9月, 2009 1 次提交
-
-
由 Jim Meyering 提交于
* src/internal.h (ATTRIBUTE_NONNULL): Define.
-
- 05 8月, 2009 1 次提交
-
-
由 Maximilian Wilhelm 提交于
* src/storage_conf.c src/internal.h: move previous check in internal.h and add a workaround for a GCC bug in Debian Etch on limit definitions
-
- 23 7月, 2009 1 次提交
-
-
由 Daniel P. Berrange 提交于
GCC >= 4.4 assumes the 'printf' attribute refers to the native runtime libraries format specifiers. Thanks to gnulib, libvirt has GNU format specifiers everywhere. This means we need to use 'gnu_printf' with GCC >= 4.4 to get correct compiler checking of printf format specifiers. * HACKING: Document new rules for ATTRIBUTE_FMT_PRINTF * autobuild.sh, mingw32-libvirt.spec.in: Disable OpenNebula driver on mingw32 builds * qemud/dispatch.h, qemud/qemu.h, src/buf.h src/internal.h, src/logging.h, src/security.h, src/sexpr.h, src/util.h, src/virterror_internal.h, src/xend_internal.c: Change over to ATTRIBUTE_FMT_PRINTF. * src/virsh.c: Disable 'cd' and 'pwd' commands on Win32 since they don't compile * src/threads-win32.c: Add missing return value check
-
- 16 1月, 2009 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 John Levon 提交于
-
- 07 11月, 2008 1 次提交
-
-
由 Daniel Veillard 提交于
* src/logging.c src/logging.h proxy/Makefile.am proxy/libvirt_proxy.c src/Makefile.am src/cgroup.c src/datatypes.c src/domain_event.c src/internal.h src/libvirt.c src/lxc_container.c src/lxc_controller.c src/lxc_driver.c src/proxy_internal.c src/qemu_driver.c src/remote_internal.c src/storage_backend_disk.c src/util.c src/veth.c src/xen_internal.c src/xen_unified.c src/xend_internal.c: add new logging module, and move existing definitions there Daniel
-
- 05 11月, 2008 5 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 23 10月, 2008 1 次提交
-
-
由 Daniel Veillard 提交于
* include/libvirt/libvirt.h include/libvirt/libvirt.h.in src/libvirt.c src/libvirt_sym.version: new libvirt event entry points, big patch provided by Ben Guthro * Makefile.am configure.in src/driver.h src/event.c src/event.h src/internal.h src/libvirt.c src/libvirt_sym.version src/lxc_driver.c src/openvz_driver.c src/qemu_conf.h src/qemu_driver.c src/remote_internal.c src/storage_backend_fs.c src/test.c qemud/event.c qemud/event.h qemud/mdns.c qemud/qemud.c qemud/qemud.h qemud/remote.c qemud/remote_dispatch_localvars.h qemud/remote_dispatch_proc_switch.h qemud/remote_dispatch_prototypes.h qemud/remote_protocol.c qemud/remote_protocol.h qemud/remote_protocol.x proxy/Makefile.am python/generator.py: Not much is left untouched by the patch adding the events support * docs/libvirt-api.xml docs/libvirt-refs.xml docs/html/libvirt-libvirt.html: regenerated the docs * examples/domain-events/events-c/Makefile.am examples/domain-events/events-c/event-test.c: a test example * AUTHORS: added Ben Guthro daniel
-
- 09 10月, 2008 1 次提交
-
-
由 Cole Robinson 提交于
-
- 07 10月, 2008 1 次提交
-
-
由 Cole Robinson 提交于
-
- 28 8月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 21 8月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 20 8月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 26 6月, 2008 1 次提交
-
-
由 Atsushi SAKAI 提交于
-
- 23 5月, 2008 1 次提交
-
-
由 Richard W.M. Jones 提交于
* include/libvirt/libvirt.h.in: Add VIR_DEPRECATED macro. * src/internal.h: Internal code is allowed to use deprecated features, so override VIR_DEPRECATED here. * include/libvirt/virterror.h: Deprecate the conn, dom and net fields in the _virError structure.
-
- 13 5月, 2008 1 次提交
-
-
由 David L. Leskovec 提交于
Mon May 12 23:32:21 PST 2008 David L. Leskovec <dlesko@linux.vnet.ibm.com> * qemud/qemud.c: get siginfo with signals, distribute to drivers that register a handler * src/driver.h: add sighandler function to state driver table * src/internal.h: define virStateSigDispatcher functions * src/libvirt.c: add __virStateSigDispatcher function * src/libvirt_sym.version: add __virStateSigDispatcher * src/lxc_driver.c: add sig handler function, cleanup vm when sigchld received from container process * src/qemu_driver.c: NULL for sig handler (no handler) in state driver * src/remote_internal.c: NULL for sig handler (no handler) in state driver * src/storage_driver.c: NULL for sig handler (no handler) in state driver
-
- 29 4月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 26 4月, 2008 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 18 4月, 2008 2 次提交
-
-
由 Jim Meyering 提交于
* src/internal.h (HAVE_PTHREAD_H): Test with "#ifdef", not "#if".
-
由 Richard W.M. Jones 提交于
* configure.in: Fix pkg-config detection of libxml2, add -lgcrypt to gnutls lib. * src/Makefile.am: If compiling --without-libvirtd then don't compile any part of the storage driver. * configure.in, src/hash.c, src/internal.h: Detect availability of pthread library and compile out mutex code if not available. * src/storage_driver.c, src/util.c: Ignore some missing headers on MinGW.
-
- 11 4月, 2008 2 次提交
-
-
由 Jim Meyering 提交于
Done using this command (also includes .c.in and .h.in files): for i in $(g ls-files|grep -E '\.[ch](\.in)?$'|grep -v gnulib); do expand -i $i > j && mv j $i;done
-
由 Jim Meyering 提交于
Done with these commands: git grep -l Local.variab|xargs \ perl -0x3b -pi -e 's,\n+/\*\n \* vim:(.|\n)*,\n,' git grep -l Local.variab|xargs \ perl -0x3b -pi -e 's,\n+/\*\n \* Local variables:\n(.|\n)*,\n,'
-
- 31 3月, 2008 1 次提交
-
-
由 Daniel Veillard 提交于
* src/hash.c src/internal.h src/virterror.c: remove dandling domain/net/conn pointers from error data when released. * src/lxc_driver.c: fix a NULL/0 return error mismatch Daniel
-
- 28 2月, 2008 1 次提交
-
-
由 Richard W.M. Jones 提交于
* src/util.c, src/util.h, src/libvirt_sym.version: Added virMacAddrCompare utility function for comparing MAC addresses. * src/virsh.c, src/xm_internal.c: Use virMacAddrCompare to compare addresses. (Shigeki Sakamoto and Richard Jones).
-
- 20 2月, 2008 1 次提交
-
-
由 Daniel P. Berrange 提交于
-
- 08 2月, 2008 1 次提交
-
-
由 Mark McLoughlin 提交于
* src/internal.h: move xstrol() variants from here ... * src/util.[ch]: ... to here and rename to virStrToLong() * src/libvirt_sym.version: export __virStrToLong_i() for virsh and qemud. * src/nodeinfo.c, src/stats_linux.c, src/virsh.c, src/xend_internal.c, qemud/qemud.c: replace xstrtol() calls with virStrToLong() * src/nodeinfo.h: don't include internal.h, which was only needed for xstrtol(), but instead include libvirt.h which is suffificient for the declarations in the header.
-