1. 02 8月, 2010 1 次提交
    • L
      Add iptables rule to fixup DHCP response checksum. · fd5b15ff
      Laine Stump 提交于
      This patch attempts to take advantage of a newly added netfilter
      module to correct for a problem with some guest DHCP client
      implementations when used in conjunction with a DHCP server run on the
      host systems with packet checksum offloading enabled.
      
      The problem is that, when the guest uses a RAW socket to read the DHCP
      response packets, the checksum hasn't yet been fixed by the IP stack,
      so it is incorrect.
      
      The fix implemented here is to add a rule to the POSTROUTING chain of
      the mangle table in iptables that fixes up the checksum for packets on
      the virtual network's bridge that are destined for the bootpc port (ie
      "dhcpc", ie port 68) port on the guest.
      
      Only very new versions of iptables will have this support (it will be
      in the next upstream release), so a failure to add this rule only
      results in a warning message. The iptables patch is here:
      
        http://patchwork.ozlabs.org/patch/58525/
      
      A corresponding kernel module patch is also required (the backend of
      the iptables patch) and that will be in the next release of the
      kernel.
      fd5b15ff
  2. 29 7月, 2010 1 次提交
  3. 24 7月, 2010 1 次提交
    • C
      Qemu Monitor API entry point. · 21adf03c
      Chris Lalancette 提交于
      Add the library entry point for the new virDomainQemuMonitorCommand()
      entry point.  Because this is not part of the "normal" libvirt API,
      it gets its own header file, library file, and will eventually
      get its own over-the-wire protocol later in the series.
      
      Changes since v1:
       - Go back to using the virDriver table for qemuDomainMonitorCommand, due to
         linking issues
       - Added versioning information to the libvirt-qemu.so
      
      Changes since v2:
       - None
      
      Changes since v3:
       - Add LGPL header to libvirt-qemu.c
       - Make virLibConnError and virLibDomainError macros instead of function calls
      
      Changes since v4:
       - Move exported symbols to libvirt_qemu.syms
      Signed-off-by: NChris Lalancette <clalance@redhat.com>
      21adf03c
  4. 21 7月, 2010 1 次提交
    • D
      Explicitly represent balloon device in XML and handle PCI address · b2f18635
      Daniel P. Berrange 提交于
      To allow compatibility with older QEMU PCI device slot assignment
      it is necessary to explicitly track the balloon device in the
      XML. This introduces a new device
      
         <memballoon model='virtio|xen'/>
      
      It can also have a PCI address, auto-assigned if necessary.
      
      The memballoon will be automatically added to all Xen and QEMU
      guests by default.
      
      * docs/schemas/domain.rng: Add <memballoon> element
      * src/conf/domain_conf.c, src/conf/domain_conf.h: parsing
        and formatting for memballoon device. Always add a memory
        balloon device to Xen/QEMU if none exists in XML
      * src/libvirt_private.syms: Export memballoon model APIs
      * src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Honour the
        PCI device address in memory balloon device
      * tests/*: Update to test new functionality
      b2f18635
  5. 20 7月, 2010 1 次提交
    • D
      Add an API for iterating over disk paths · 9d0a630f
      Daniel P. Berrange 提交于
      There is duplicated code which iterates over disk backing stores
      performing some action. Provide a convenient helper for doing
      this to eliminate duplication & risk of mistakes with disk format
      probing
      
      * src/conf/domain_conf.c, src/conf/domain_conf.h,
        src/libvirt_private.syms: Add virDomainDiskDefForeachPath()
      9d0a630f
  6. 19 7月, 2010 1 次提交
    • D
      Refactor virStorageFileGetMetadataFromFD to separate functionality · c70cb0f4
      Daniel P. Berrange 提交于
      The virStorageFileGetMetadataFromFD did two jobs in one. First
      it probed for storage type, then it extracted metadata for the
      type. It is desirable to be able to separate these jobs, allowing
      probing without querying metadata, and querying metadata without
      probing.
      
      To prepare for this, split out probing code into a new pair of
      methods
      
        virStorageFileProbeFormatFromFD
        virStorageFileProbeFormat
      
      * src/util/storage_file.c, src/util/storage_file.h,
        src/libvirt_private.syms: Introduce virStorageFileProbeFormat
        and virStorageFileProbeFormatFromFD
      c70cb0f4
  7. 25 6月, 2010 1 次提交
    • D
      Add API for iterating over all character devices · bf1f3f7a
      Daniel P. Berrange 提交于
      The parallel, serial, console and channel devices are all just
      character devices. A lot of code needs todo the same thing to
      all these devices. This provides an convenient API for iterating
      over all of them.
      
      * src/conf/domain_conf.c, src/conf/domain_conf.c,
        src/libvirt_private.syms: Add virDomainChrDefForeach
      bf1f3f7a
  8. 22 6月, 2010 1 次提交
    • S
      nwfilter: fix loadable module support · cab5a52a
      Stefan Berger 提交于
      Following Daniel Berrange's multiple helpful suggestions for improving
      this patch and introducing another driver interface, I now wrote the
      below patch where the nwfilter driver registers the functions to
      instantiate and teardown the nwfilters with a function in
      conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous
      helper functions that were called from qemu_driver.c and qemu_conf.c
      were move into conf/domain_nwfilter.h with slight renaming done for
      consistency. Those functions now call the function expored by
      domain_nwfilter.c, which in turn call the functions of the new driver
      interface, if available.
      cab5a52a
  9. 08 6月, 2010 2 次提交
    • D
      Network duplicate UUID/name checking · 3bb37439
      Daniel P. Berrange 提交于
      The network driver is not doing correct checking for
      duplicate UUID/name values. This introduces a new method
      virNetworkObjIsDuplicate, based on the previously
      written virDomainObjIsDuplicate.
      
      * src/conf/network_conf.c, src/conf/network_conf.c,
        src/libvirt_private.syms: Add virNetworkObjIsDuplicate,
      * src/network/bridge_driver.c: Call virNetworkObjIsDuplicate
        for checking uniqueness of uuid/names
      3bb37439
    • D
      Storage pool duplicate UUID/name checking · e9364d9f
      Daniel P. Berrange 提交于
      The storage pool driver is not doing correct checking for
      duplicate UUID/name values. This introduces a new method
      virStoragePoolObjIsDuplicate, based on the previously
      written virDomainObjIsDuplicate.
      
      * src/conf/storage_conf.c, src/conf/storage_conf.c,
        src/libvirt_private.syms: Add virStoragePoolObjIsDuplicate,
      * src/storage/storage_driver.c: Call virStoragePoolObjIsDuplicate
        for checking uniqueness of uuid/names
      e9364d9f
  10. 03 6月, 2010 1 次提交
    • S
      add 802.1Qbh and 802.1Qbg handling · ca3b22bb
      Stefan Berger 提交于
      This patch that adds support for configuring 802.1Qbg and 802.1Qbh
      switches. The 802.1Qbh part has been successfully tested with real
      hardware. The 802.1Qbg part has only been tested with a (dummy)
      server that 'behaves' similarly to how we expect lldpad to 'behave'.
      
      The following changes were made during the development of this patch:
      
       - Merging Scott's v13-pre1 patch
       - Fixing endptr related bug while using virStrToLong_ui() pointed out
         by Jim Meyering
       - Addressing Jim Meyering's comments to v11
       - requiring mac address to the vpDisassociateProfileId() function to
         pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched)
       - determining pid of lldpad daemon by reading it from /var/run/libvirt.pid
         (hardcode as is hardcode alson in lldpad sources)
       - merging netlink send code for kernel target and user space target
         (lldpad) using one function nlComm() to send the messages
       - adding a select() after the sending and before the reading of the
         netlink response in case lldpad doesn't respond and so we don't hang
       - when reading the port status, in case of 802.1Qbg, no status may be
         received while things are 'in progress' and only at the end a status
         will be there.
       - when reading the port status, use the given instanceId and vf to pick
         the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS.
       - never sending nor parsing IFLA_PORT_SELF type of messages in the
         802.1Qbg case
       - iterating over the elements in a IFLA_VF_PORTS to pick the right
         IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId
         (802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg)
         and reading the current status in IFLA_PORT_RESPONSE.
       - recycling a previous patch that adds functionality to interface.c to
         - get the vlan identifier on an interface
         - get the flags of an interface and some convenience function to
           check whether an interface is 'up' or not (not currently used here)
       - adding function to determine the root physical interface of an
         interface. For example if a macvtap is linked to eth0.100, it will
         find eth0. Also adding a function that finds the vlan on the 'way to
         the root physical interface'
       - conveying the root physical interface name and index in case of 802.1Qbg
       - conveying mac address of macvlan device and vlan identifier in
         IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ]
         to (future) lldpad via netlink
        - To enable build with --without-macvtap rename the
          [dis|]associatePortProfileId functions, prepend 'vp' before their
          name and make them non-static functions.
        - Renaming variable multicast to nltarget_kernel and inverting
          the logic
        - Addressing Jim Meyering's comments; this also touches existing
          code for example for correcting indentation of break statements or
          simplification of switch statements.
        - Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses
        - 802.1Qbg part prepared for sending a RTM_SETLINK and getting
          processing status back plus a subsequent RTM_GETLINK to
          get IFLA_PORT_RESPONSE.
          Note: This interface for 802.1Qbg may still change
        - [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid
      compiler
          warning when latest if_link.h isn't available
        - move from Stefan's 802.1Qb{g|h} XML v8 to v9
        - move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh
        - remove debug fprintfs
        - use virGetHostUUID (thanks Stefan!)
        - fix compile issue when latest if_link.h isn't available
        - change poll timeout to 10s, at 1/8 intervals
           - if polling times out, log msg and return -ETIMEDOUT
        - Add Stefan's code for getPortProfileStatus
        - Poll for up to 2 secs for port-profile status, at 1/8 sec intervals:
           - if status indicates error, abort openMacvtapTap
           - if status indicates success, exit polling
           - if status is "in-progress" after 2 secs of polling, exit
             polling loop silently, without error
      
      My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete.
      I've tested using the recent kernel updates for VF_PORT netlink msgs and
      enic for Cisco's 10G Ethernet NIC.  I tested many VMs, each with several
      direct interfaces, each configured with a port-profile per the XML.  VM-to-VM,
      and VM-to-external work as expected.  VM-to-VM on same host (using same NIC)
      works same as VM-to-VM where VMs are on diff hosts.  I'm able to change
      settings on the port-profile while the VM is running to change the virtual
      port behaviour.  For example, adjusting a QoS setting like rate limit.  All
      VMs with interfaces using that port-profile immediatly see the effect of the
      change to the port-profile.
      
      I don't have a SR-IOV device to test so source dev is a non-SR-IOV device,
      but most of the code paths include support for specifing the source dev and
      VF index.  We'll need to complete this by discovering the PF given the VF
      linkdev.  Once we have the PF, we'll also have the VF index.  All this info-
      mation is available from sysfs.
      ca3b22bb
  11. 26 5月, 2010 3 次提交
    • C
      Fix failing virGetHostname. · 0117b7da
      Chris Lalancette 提交于
      We've been running into a lot of situations where
      virGetHostname() is returning "localhost", where a plain
      gethostname() would have returned the correct thing.  This
      is because virGetHostname() is *always* trying to canonicalize
      the name returned from gethostname(), even when it doesn't
      have to.
      
      This patch changes virGetHostname so that if the value returned
      from gethostname() is already FQDN or localhost, it returns
      that string directly.  If the value returned from gethostname()
      is a shortened hostname, then we try to canonicalize it.  If
      that succeeds, we returned the canonicalized hostname.  If
      that fails, and/or returns "localhost", then we just return
      the original string we got from gethostname() and hope for
      the best.
      
      Note that after this patch it is up to clients to check whether
      "localhost" is an allowed return value.  The only place
      where it's currently not is in qemu migration.
      Signed-off-by: NChris Lalancette <clalance@redhat.com>
      0117b7da
    • C
      storage: Sanitize pool target paths · a7fb2258
      Cole Robinson 提交于
      Spurious / in a pool target path makes life difficult for apps using the
      GetVolByPath, and doing other path based comparisons with pools. This
      has caused a few issues for virt-manager users:
      
      https://bugzilla.redhat.com/show_bug.cgi?id=494005
      https://bugzilla.redhat.com/show_bug.cgi?id=593565
      
      Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
      target paths when parsing pool XML, and for paths passed to GetVolByPath.
      
      v2: Leading // must be preserved, properly sanitize path=/, sanitize
          away /./ -> /
      
      v3: Properly handle starting ./ and ending /.
      
      v4: Drop all '.' handling, just sanitize / for now.
      a7fb2258
    • D
      Expose a host UUID in the capabilities XML · 60881161
      Daniel P. Berrange 提交于
      Allow for a host UUID in the capabilities XML. Local drivers
      will initialize this from the SMBIOS data. If a sanity check
      shows SMBIOS uuid is invalid, allow an override from the
      libvirtd.conf configuration file
      
      * daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
        configuration option
      * docs/schemas/capability.rng: Add optional host uuid field
      * src/conf/capabilities.c, src/conf/capabilities.h: Include
        host UUID in XML
      * src/libvirt_private.syms: Export new uuid.h functions
      * src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
        src/uml/uml_conf.c: Set host UUID in capabilities
      * src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
      * src/node_device/node_device_udev.c: Use the host UUID functions
      * tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
        new host_uuid config option to test
      60881161
  12. 22 5月, 2010 1 次提交
    • J
      Add simple bitmap operations to utils · 2f32d7af
      Jim Fehlig 提交于
      V2:
        - Move bitmap impl to src/util/bitmap.[ch]
        - Use CHAR_BIT instead of explicit '8'
        - Use size_t instead of unsigned int
        - Fix calculation of bitmap size in virBitmapAlloc
        - Ensure bit is within range of map in the set, clear, and get
          operations
        - Use bool in virBitmapGetBit
        - Add virBitmapFree to free-like funcs in cfg.mk
      
      V3:
        - Check for overflow in virBitmapAlloc
        - Fix copy and paste bug in virBitmapAlloc
        - Use size_t in prototypes
        - Add ATTRIBUTE_NONNULL in prototypes where appropriate
          and remove NULL check from impl
      
      V4:
        - Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate.
      2f32d7af
  13. 21 5月, 2010 1 次提交
  14. 14 5月, 2010 1 次提交
    • D
      Don't reset user/group/security label on shared filesystems during migrate · 02ddaddf
      Daniel P. Berrange 提交于
      When QEMU runs with its disk on NFS, and as a non-root user, the
      disk is chownd to that non-root user. When migration completes
      the last step is shutting down the QEMU on the source host. THis
      normally resets user/group/security label. This is bad when the
      VM was just migrated because the file is still in use on the dest
      host. It is thus neccessary to skip the reset step for any files
      found to be on a shared filesystem
      
      * src/libvirt_private.syms: Export virStorageFileIsSharedFS
      * src/util/storage_file.c, src/util/storage_file.h: Add a new
        method virStorageFileIsSharedFS() to determine if a file is
        on a shared filesystem (NFS, GFS, OCFS2, etc)
      * src/qemu/qemu_driver.c: Tell security driver not to reset
        disk labels on migration completion
      * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
        src/security/security_selinux.c, src/security/security_driver.h,
        src/security/security_apparmor.c: Add ability to skip disk
        restore step for files on shared filesystems.
      02ddaddf
  15. 30 4月, 2010 1 次提交
    • D
      Add support for another explicit IO error event · 34dcbbb4
      Daniel P. Berrange 提交于
      This introduces a new event type
      
         VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON
      
      This event is the same as the previous VIR_DOMAIN_ID_IO_ERROR
      event, but also includes a string describing the cause of
      the event.
      
      Thus there is a new callback definition for this event type
      
      typedef void (*virConnectDomainEventIOErrorReasonCallback)(virConnectPtr conn,
                                                                 virDomainPtr dom,
                                                                 const char *srcPath,
                                                                 const char *devAlias,
                                                                 int action,
                                                                 const char *reason,
                                                                 void *opaque);
      
      This is currently wired up to the QEMU block IO error events
      
      * daemon/remote.c: Dispatch IO error events to client
      * examples/domain-events/events-c/event-test.c: Watch for
        IO error events
      * include/libvirt/libvirt.h.in: Define new IO error event ID
        and callback signature
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Extend API to handle IO error events
      * src/qemu/qemu_driver.c: Connect to the QEMU monitor event
        for block IO errors and emit a libvirt IO error event
      * src/remote/remote_driver.c: Receive and dispatch IO error
        events to application
      * src/remote/remote_protocol.x: Wire protocol definition for
        IO error events
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
        src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
        from QEMU monitor
      34dcbbb4
  16. 26 4月, 2010 1 次提交
    • S
      Add build support for dnsmasq module · 51d203c6
      Satoru SATOH 提交于
      * po/POTFILES.in: the new module contains translatable strings
      * src/Makefile.am: include the files in the utils set
      * src/libvirt_private.syms: exports the symbols internally
      51d203c6
  17. 24 4月, 2010 1 次提交
  18. 13 4月, 2010 1 次提交
    • S
      Consolidate interface related functions in interface.c · 5174b02f
      Stefan Berger 提交于
      Changes from v1 to v2:
      - changed function name prefixes to 'iface' from previous 'Iface'
      
      - Further to make make syntax-check pass:
       - indentation fix in interface.h
       - added entry to POTFILES.in
      
      I am consolidating network interface related functions used in nwfilter
      and macvtap code in utils/interface.c. All function names are prefixed
      with 'Iface'. The following functions are now available through
      interface.h:
      
      int ifaceCtrl(const char *name, bool up);
      int ifaceUp(const char *name);
      int ifaceDown(const char *name);
      
      int ifaceCheck(bool reportError, const char *ifname,
                     const unsigned char *macaddr, int ifindex);
      
      int ifaceGetIndex(bool reportError, const char *ifname, int *ifindex);
      
      I added 'int ifindex' as parameter to ifaceCheck to the original
      function and modified the code accordingly.
      5174b02f
  19. 09 4月, 2010 1 次提交
  20. 08 4月, 2010 1 次提交
    • S
      nwfilter: Support for learning a VM's IP address · 3bf24abc
      Stefan Berger 提交于
      This patch implements support for learning a VM's IP address. It uses
      the pcap library to listen on the VM's backend network interface (tap)
      or the physical ethernet device (macvtap) and tries to capture packets
      with source or destination MAC address of the VM and learn from DHCP
      Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
      the VM's interface is. This then allows to instantiate the network
      traffic filtering rules without the user having to provide the IP
      parameter somewhere in the filter description or in the interface
      description as a parameter. This only supports to detect the parameter
      IP, which is for the assumed single IPv4 address of a VM. There is not
      support for interfaces that may have multiple  IP addresses (IP
      aliasing) or IPv6 that may then require more than one valid IP address
      to be detected. A VM can have multiple independent interfaces that each
      uses a different IP address and in that case it will be attempted to
      detect each one of the address independently.
      
      So, when for example an interface description in the domain XML has
      looked like this up to now:
      
          <interface type='bridge'>
            <source bridge='mybridge'/>
            <model type='virtio'/>
            <filterref filter='clean-traffic'>
              <parameter name='IP' value='10.2.3.4'/>
            </filterref>
          </interface>
      
      you may omit the IP parameter:
      
          <interface type='bridge'>
            <source bridge='mybridge'/>
            <model type='virtio'/>
            <filterref filter='clean-traffic'/>
          </interface>
      
      Internally I am walking the 'tree' of a VM's referenced network filters
      and determine with the given variables which variables are missing. Now,
      the above IP parameter may be missing and this causes a libvirt-internal
      thread to be started that uses the pcap library's API to listen to the
      backend interface  (in case of macvtap to the physical interface) in an
      attempt to determine the missing IP parameter. If the backend interface
      disappears the thread terminates assuming the VM was brought down. In
      case of a macvtap device a timeout is being used to wait for packets
      from the given VM (filtering by VM's interface MAC address). If the VM's
      macvtap device disappeared the thread also terminates. In all other
      cases it tries to determine the IP address of the VM and will then apply
      the rules late on the given interface, which would have happened
      immediately if the IP parameter had been explicitly given. In case an
      error happens while the firewall rules are applied, the VM's backend
      interface is 'down'ed preventing it to communicate. Reasons for failure
      for applying the network firewall rules may that an ebtables/iptables
      command failes or OOM errors. Essentially the same failure reasons may
      occur as when the firewall rules are applied immediately on VM start,
      except that due to the late application of the filtering rules the VM
      now is already running and cannot be hindered anymore from starting.
      Bringing down the whole VM would probably be considered too drastic.
      While a VM's IP address is attempted to be determined only limited
      updates to network filters are allowed. In particular it is prevented
      that filters are modified in such a way that they would introduce new
      variables.
      
      A caveat: The algorithm does not know which one is the appropriate IP
      address of a VM. If the VM spoofs an IP address in its first ARP traffic
      or IPv4 packets its filtering rules will be instantiated for this IP
      address, thus 'locking' it to the found IP address. So, it's still
      'safer' to explicitly provide the IP address of a VM's interface in the
      filter description if it is known beforehand.
      
      * configure.ac: detect libpcap
      * libvirt.spec.in: require libpcap[-devel] if qemu is built
      * src/internal.h: add the new ATTRIBUTE_PACKED define
      * src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
      * src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
      * src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
        src/nwfilter/nwfilter_ebiptables_driver.[ch]
        src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
      * tests/nwfilterxml2xmltest: extend testing
      3bf24abc
  21. 05 4月, 2010 2 次提交
  22. 02 4月, 2010 1 次提交
    • L
      Changes to clock timer XML to match final design. · 4ee2b318
      Laine Stump 提交于
      The clock timer XML is being updated in the following ways (based on
      further off-list discussion that was missed during the initial
      implementation):
      
      1) 'wallclock' is changed to 'track', and the possible values are 'boot'
       (corresponds to old 'host'), 'guest', and 'wall'.
      
      2) 'mode' has an additional value 'smpsafe'
      
      3) when tickpolicy='catchup', there can be an optional sub-element of
         timer called 'catchup':
      
         <catchup threshold=123 slew=120 limit=10000/>
      
      Those three values are all longs, always optional, and if they are present,
      they are positive. Internally, 0 indicates "unspecified".
      
      * docs/schemas/domain.rng: updated RNG definition to account for changes
      
      * src/conf/domain_conf.h: change the C struct and enums to match changes.
      
      * src/conf/domain_conf.c: timer parse and format functions changed to
                                handle the new selections and new element.
      
      * src/libvirt_private.syms: *TimerWallclock* changes to *TimerTrack*
      
      * src/qemu/qemu_conf.c: again, account for Wallclock --> Track change.
      4ee2b318
  23. 01 4月, 2010 1 次提交
  24. 30 3月, 2010 3 次提交
    • L
      Implement XML parser/formatter for "timer" subelement of domain clock · 92a9e5df
      Laine Stump 提交于
      This extension is described in
      
      http://www.redhat.com/archives/libvir-list/2010-March/msg00304.html
      
      Currently all attributes are optional, except name.
      
      * src/conf/domain_conf.h: add data definition for virDomainTimerDef
        and add a list of them to virDomainClockDef
      * src/conf/domain_conf.c: XML parser and formatter for a timer inside a clock
      * src/libvirt_private.syms: add new Timer enum helper functions to symbols
      92a9e5df
    • D
      Add hook utilities · 2b4e3531
      Daniel Veillard 提交于
      This exports 3 basic routines:
        - virHookInitialize() initializing the hook support by looking for
          scripts availability
        - virHookPresent() used to test if there is a hook for a given driver
        - virHookCall() which actually calls a synchronous script hook with
          the needed parameters
      Note that this doesn't expose any public API except for the locations
      and arguments passed to the scripts
      
      * src/Makefile.am: add the 2 new files
      * src/util/hooks.h src/util/hooks.c: implements the 3 functions
      * src/libvirt_private.syms: export the 3 symbols internally
      * po/POTFILES.in: add src/util/hooks.c to translatables modules
      2b4e3531
    • D
      Export virPipeReadUntilEOF internally · b3bff954
      Daniel Veillard 提交于
      used to read the data from virExec stdout/err file descriptors
      
      * src/util/util.c src/util/util.h: not static anymore and export it
      * src/libvirt_private.syms: allow access internally
      b3bff954
  25. 27 3月, 2010 6 次提交
    • J
      Helper function for making a copy of virCPUDefPtr · 284805e6
      Jiri Denemark 提交于
      284805e6
    • J
      cpuUpdate() for updating guest CPU according to host CPU · 661ae104
      Jiri Denemark 提交于
      Useful mainly for migration. cpuUpdate changes guest CPU requirements in
      the following way:
      
      - match == "strict" || match == "exact"
          - optional features which are supported by host CPU are changed into
            required features
          - optional features which are not supported by host CPU are disabled
          - all other features remain untouched
      - match == "minimum"
          - match is changed into "exact"
          - optional features and all features not mentioned in guest CPU
            specification which are supported by host CPU become required
            features
          - other optional features are disabled
          - all other features remain untouched
      
      This ensures that no feature will suddenly disappear from the guest
      after migration.
      661ae104
    • D
      Add disk error policy to domain XML · 447c586a
      David Allan 提交于
      * Fixes per feedback from Dan and Daniel
      * Added test datafiles
      * Re-disabled JSON flags
      * Added code to print the error policy attribute when generating XML
      * Re-add empty tag
      447c586a
    • S
      Extensions for iptables rules · 1130085c
      Stefan Berger 提交于
      This patch adds support for L3/L4 filtering using iptables. This adds
      support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering.
      
      As mentioned in the introduction, a .c file provided by this patch
      is #include'd into a .c file. This will need work, but should be alright
      for review.
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      1130085c
    • S
      Core driver implementation with ebtables support · 065b6571
      Stefan Berger 提交于
      This patch implements the core driver and provides
      - management functionality for managing the filter XMLs
      - compiling the internal filter representation into ebtables rules
      - applying ebtables rules on a network (tap,macvtap) interface
      - tearing down ebtables rules that were applied on behalf of an
      interface
      - updating of filters while VMs are running and causing the firewalls to
      be rebuilt
      - other bits and pieces
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      065b6571
    • S
      Implementation of the public API · 46e9b0fb
      Stefan Berger 提交于
      This patch adds the implementation of the public API for the network
      filtering (ACL) extensions to libvirt.c .
      Signed-off-by: NStefan Berger <stefanb@us.ibm.com>
      46e9b0fb
  26. 26 3月, 2010 4 次提交
    • D
      Implement VNC password change in QEMU · ab952024
      Daniel P. Berrange 提交于
      Use the new virDomainUpdateDeviceFlags API to allow the VNC password
      to be changed on the fly
      
      * src/internal.h: Define STREQ_NULLABLE() which is like STREQ()
        but does not crash if either argument is NULL, and treats two
        NULLs as equal.
      * src/libvirt_private.syms: Export virDomainGraphicsTypeToString
      * src/qemu/qemu_driver.c: Support VNC password change on a live
        machine
      * src/qemu/qemu_monitor.c: Disable crazy debugging info. Treat a
        NULL password as "" (empty string), allowing passwords to be
        disabled in the monitor
      ab952024
    • D
      Add domain events for graphics network clients · 987e31ed
      Daniel P. Berrange 提交于
      This introduces a new event type
      
         VIR_DOMAIN_EVENT_ID_GRAPHICS
      
      The same event can be emitted in 3 scenarios
      
        typedef enum {
            VIR_DOMAIN_EVENT_GRAPHICS_CONNECT = 0,
            VIR_DOMAIN_EVENT_GRAPHICS_INITIALIZE,
            VIR_DOMAIN_EVENT_GRAPHICS_DISCONNECT,
        } virDomainEventGraphicsPhase;
      
      Connect/disconnect are triggered at socket accept/close.
      The initialize phase is immediately after the protocol
      setup and authentication has completed. ie when the
      client is authorized and about to start interacting with
      the graphical desktop
      
      This event comes with *a lot* of potential information
      
       - IP address, port & address family of client
       - IP address, port & address family of server
       - Authentication scheme (arbitrary string)
       - Authenticated subject identity. A subject may have
         multiple identities with some authentication schemes.
         For example, vencrypt+sasl results in a x509dname
         and saslUsername identities.
      
      This results in a very complicated callback :-(
      
         typedef enum {
            VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4,
            VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV6,
         } virDomainEventGraphicsAddressType;
      
         struct _virDomainEventGraphicsAddress {
             int family;
             const char *node;
             const char *service;
         };
         typedef struct _virDomainEventGraphicsAddress virDomainEventGraphicsAddress;
         typedef virDomainEventGraphicsAddress *virDomainEventGraphicsAddressPtr;
      
         struct _virDomainEventGraphicsSubject {
            int nidentity;
            struct {
                const char *type;
                const char *name;
            } *identities;
         };
         typedef struct _virDomainEventGraphicsSubject virDomainEventGraphicsSubject;
         typedef virDomainEventGraphicsSubject *virDomainEventGraphicsSubjectPtr;
      
         typedef void (*virConnectDomainEventGraphicsCallback)(virConnectPtr conn,
                                                               virDomainPtr dom,
                                                               int phase,
                                                               virDomainEventGraphicsAddressPtr local,
                                                               virDomainEventGraphicsAddressPtr remote,
                                                               const char *authScheme,
                                                               virDomainEventGraphicsSubjectPtr subject,
                                                               void *opaque);
      
      The wire protocol is similarly complex
      
         struct remote_domain_event_graphics_address {
           int family;
           remote_nonnull_string node;
           remote_nonnull_string service;
         };
      
         const REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX = 20;
      
         struct remote_domain_event_graphics_identity {
           remote_nonnull_string type;
           remote_nonnull_string name;
         };
      
         struct remote_domain_event_graphics_msg {
           remote_nonnull_domain dom;
           int phase;
           remote_domain_event_graphics_address local;
           remote_domain_event_graphics_address remote;
           remote_nonnull_string authScheme;
           remote_domain_event_graphics_identity subject<REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX>;
         };
      
      This is currently implemented in QEMU for the VNC graphics
      protocol, but designed to be usable with SPICE graphics in
      the future too.
      
      * daemon/remote.c: Dispatch graphics events to client
      * examples/domain-events/events-c/event-test.c: Watch for
        graphics events
      * include/libvirt/libvirt.h.in: Define new graphics event ID
        and callback signature
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Extend API to handle graphics events
      * src/qemu/qemu_driver.c: Connect to the QEMU monitor event
        for VNC events and emit a libvirt graphics event
      * src/remote/remote_driver.c: Receive and dispatch graphics
        events to application
      * src/remote/remote_protocol.x: Wire protocol definition for
        graphics events
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
        src/qemu/qemu_monitor_json.c: Watch for VNC_CONNECTED,
        VNC_INITIALIZED & VNC_DISCONNETED events from QEMU monitor
      987e31ed
    • D
      Add support for an explicit IO error event · 71d793fa
      Daniel P. Berrange 提交于
      This introduces a new event type
      
         VIR_DOMAIN_EVENT_ID_IO_ERROR
      
      This event includes the action that is about to be taken
      as a result of the watchdog triggering
      
        typedef enum {
           VIR_DOMAIN_EVENT_IO_ERROR_NONE = 0,
           VIR_DOMAIN_EVENT_IO_ERROR_PAUSE,
           VIR_DOMAIN_EVENT_IO_ERROR_REPORT,
        } virDomainEventIOErrorAction;
      
      In addition it has the source path of the disk that had the
      error and its unique device alias. It does not include the
      target device name (/dev/sda), since this would preclude
      triggering IO errors from other file backed devices (eg
      serial ports connected to a file)
      
      Thus there is a new callback definition for this event type
      
      typedef void (*virConnectDomainEventIOErrorCallback)(virConnectPtr conn,
                                                           virDomainPtr dom,
                                                           const char *srcPath,
                                                           const char *devAlias,
                                                           int action,
                                                           void *opaque);
      
      This is currently wired up to the QEMU block IO error events
      
      * daemon/remote.c: Dispatch IO error events to client
      * examples/domain-events/events-c/event-test.c: Watch for
        IO error events
      * include/libvirt/libvirt.h.in: Define new IO error event ID
        and callback signature
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Extend API to handle IO error events
      * src/qemu/qemu_driver.c: Connect to the QEMU monitor event
        for block IO errors and emit a libvirt IO error event
      * src/remote/remote_driver.c: Receive and dispatch IO error
        events to application
      * src/remote/remote_protocol.x: Wire protocol definition for
        IO error events
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
        src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
        from QEMU monitor
      71d793fa
    • D
      Add support for an explicit watchdog event · c5728cd6
      Daniel P. Berrange 提交于
      This introduces a new event type
      
         VIR_DOMAIN_EVENT_ID_WATCHDOG
      
      This event includes the action that is about to be taken
      as a result of the watchdog triggering
      
       typedef enum {
           VIR_DOMAIN_EVENT_WATCHDOG_NONE = 0,
           VIR_DOMAIN_EVENT_WATCHDOG_PAUSE,
           VIR_DOMAIN_EVENT_WATCHDOG_RESET,
           VIR_DOMAIN_EVENT_WATCHDOG_POWEROFF,
           VIR_DOMAIN_EVENT_WATCHDOG_SHUTDOWN,
           VIR_DOMAIN_EVENT_WATCHDOG_DEBUG,
       } virDomainEventWatchdogAction;
      
      Thus there is a new callback definition for this event type
      
       typedef void (*virConnectDomainEventWatchdogCallback)(virConnectPtr conn,
                                                             virDomainPtr dom,
                                                             int action,
                                                             void *opaque);
      
      * daemon/remote.c: Dispatch watchdog events to client
      * examples/domain-events/events-c/event-test.c: Watch for
        watchdog events
      * include/libvirt/libvirt.h.in: Define new watchdg event ID
        and callback signature
      * src/conf/domain_event.c, src/conf/domain_event.h,
        src/libvirt_private.syms: Extend API to handle watchdog events
      * src/qemu/qemu_driver.c: Connect to the QEMU monitor event
        for watchdogs and emit a libvirt watchdog event
      * src/remote/remote_driver.c: Receive and dispatch watchdog
        events to application
      * src/remote/remote_protocol.x: Wire protocol definition for
        watchdog events
      * src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
        src/qemu/qemu_monitor_json.c: Watch for WATCHDOG event
        from QEMU monitor
      c5728cd6