[libvirt] [PATCH 0/2] virsh: honor VISUAL
by Eric Blake
On IRC yesterday, the comment came up that 'virsh edit' is
over-protective, because it prevented me from editing in-terminal
using my favorite editor, even after I worked around the fact that
sudo sanitizes EDITOR. Besides, historically, VISUAL is used in
situations where opening a new window is okay, while EDITOR is used
when editing should reuse the current terminal; so we should honor
that convention.
14 years, 8 months
[libvirt] [PATCH] esx: Allow 'lsisas1068' as SCSI controller type
by Matthias Bolte
Extend tests to cover all SCSI controller types and document the new type.
---
docs/drvesx.html.in | 4 +++
src/esx/esx_vmx.c | 14 +++++++-----
tests/vmx2xmldata/vmx2xml-scsi-buslogic.vmx | 7 ------
tests/vmx2xmldata/vmx2xml-scsi-buslogic.xml | 20 ------------------
tests/vmx2xmldata/vmx2xml-scsi-driver.vmx | 17 +++++++++++++++
tests/vmx2xmldata/vmx2xml-scsi-driver.xml | 30 +++++++++++++++++++++++++++
tests/vmx2xmltest.c | 2 +-
tests/xml2vmxdata/xml2vmx-scsi-buslogic.vmx | 12 ----------
tests/xml2vmxdata/xml2vmx-scsi-buslogic.xml | 15 -------------
tests/xml2vmxdata/xml2vmx-scsi-driver.vmx | 22 +++++++++++++++++++
tests/xml2vmxdata/xml2vmx-scsi-driver.xml | 25 ++++++++++++++++++++++
tests/xml2vmxtest.c | 2 +-
12 files changed, 108 insertions(+), 62 deletions(-)
delete mode 100644 tests/vmx2xmldata/vmx2xml-scsi-buslogic.vmx
delete mode 100644 tests/vmx2xmldata/vmx2xml-scsi-buslogic.xml
create mode 100644 tests/vmx2xmldata/vmx2xml-scsi-driver.vmx
create mode 100644 tests/vmx2xmldata/vmx2xml-scsi-driver.xml
delete mode 100644 tests/xml2vmxdata/xml2vmx-scsi-buslogic.vmx
delete mode 100644 tests/xml2vmxdata/xml2vmx-scsi-buslogic.xml
create mode 100644 tests/xml2vmxdata/xml2vmx-scsi-driver.vmx
create mode 100644 tests/xml2vmxdata/xml2vmx-scsi-driver.xml
diff --git a/docs/drvesx.html.in b/docs/drvesx.html.in
index 44a144f..9b413ab 100644
--- a/docs/drvesx.html.in
+++ b/docs/drvesx.html.in
@@ -275,6 +275,10 @@ ethernet0.checkMACAddress = "false"
<dd>
LSI Logic SCSI controller for recent guests.
</dd>
+ <dt><code>lsisas1068</code></dt>
+ <dd>
+ LSI Logic SAS 1068 controller.
+ </dd>
</dl>
<p>
Here a domain XML snippet:
diff --git a/src/esx/esx_vmx.c b/src/esx/esx_vmx.c
index ba4c608..6c1d56e 100644
--- a/src/esx/esx_vmx.c
+++ b/src/esx/esx_vmx.c
@@ -557,10 +557,11 @@ esxVMX_GatherSCSIControllers(virDomainDefPtr def, char *virtualDev[4],
if (disk->driverName != NULL &&
STRCASENEQ(disk->driverName, "buslogic") &&
- STRCASENEQ(disk->driverName, "lsilogic")) {
+ STRCASENEQ(disk->driverName, "lsilogic") &&
+ STRCASENEQ(disk->driverName, "lsisas1068")) {
ESX_ERROR(VIR_ERR_INTERNAL_ERROR,
"Expecting domain XML entry 'devices/disk/target' to be "
- "'buslogic' or 'lsilogic' but found '%s'",
+ "'buslogic' or 'lsilogic' or 'lsisas1068' but found '%s'",
disk->driverName);
return -1;
}
@@ -1269,10 +1270,11 @@ esxVMX_ParseSCSIController(virConfPtr conf, int controller, int *present,
if (*virtualDev != NULL &&
STRCASENEQ(*virtualDev, "buslogic") &&
- STRCASENEQ(*virtualDev, "lsilogic")) {
+ STRCASENEQ(*virtualDev, "lsilogic") &&
+ STRCASENEQ(*virtualDev, "lsisas1068")) {
ESX_ERROR(VIR_ERR_INTERNAL_ERROR,
- "Expecting VMX entry '%s' to be 'buslogic' or 'lsilogic' "
- "but found '%s'", virtualDev_name, *virtualDev);
+ "Expecting VMX entry '%s' to be 'buslogic' or 'lsilogic' or "
+ "'lsisas1068' but found '%s'", virtualDev_name, *virtualDev);
goto failure;
}
@@ -1312,7 +1314,7 @@ esxVMX_ParseDisk(esxVI_Context *ctx, virConfPtr conf, int device, int bus,
* bus = VIR_DOMAIN_DISK_BUS_SCSI
* controller = [0..3]
* id = [0..6,8..15]
- * virtualDev = {'buslogic', 'lsilogic'}
+ * virtualDev = {'buslogic', 'lsilogic', 'lsisas1068'}
*
* device = {VIR_DOMAIN_DISK_DEVICE_DISK, VIR_DOMAIN_DISK_DEVICE_CDROM}
* bus = VIR_DOMAIN_DISK_BUS_IDE
diff --git a/tests/vmx2xmldata/vmx2xml-scsi-buslogic.vmx b/tests/vmx2xmldata/vmx2xml-scsi-buslogic.vmx
deleted file mode 100644
index 1725051..0000000
--- a/tests/vmx2xmldata/vmx2xml-scsi-buslogic.vmx
+++ /dev/null
@@ -1,7 +0,0 @@
-config.version = "8"
-virtualHW.version = "4"
-scsi0.present = "true"
-scsi0.virtualDev = "buslogic"
-scsi0:0.present = "true"
-scsi0:0.deviceType = "scsi-hardDisk"
-scsi0:0.fileName = "harddisk.vmdk"
diff --git a/tests/vmx2xmldata/vmx2xml-scsi-buslogic.xml b/tests/vmx2xmldata/vmx2xml-scsi-buslogic.xml
deleted file mode 100644
index 2ffb866..0000000
--- a/tests/vmx2xmldata/vmx2xml-scsi-buslogic.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<domain type='vmware'>
- <uuid>00000000-0000-0000-0000-000000000000</uuid>
- <memory>32768</memory>
- <currentMemory>32768</currentMemory>
- <vcpu>1</vcpu>
- <os>
- <type arch='i686'>hvm</type>
- </os>
- <clock offset='utc'/>
- <on_poweroff>destroy</on_poweroff>
- <on_reboot>restart</on_reboot>
- <on_crash>destroy</on_crash>
- <devices>
- <disk type='file' device='disk'>
- <driver name='buslogic'/>
- <source file='[datastore] directory/harddisk.vmdk'/>
- <target dev='sda' bus='scsi'/>
- </disk>
- </devices>
-</domain>
diff --git a/tests/vmx2xmldata/vmx2xml-scsi-driver.vmx b/tests/vmx2xmldata/vmx2xml-scsi-driver.vmx
new file mode 100644
index 0000000..cb055f6
--- /dev/null
+++ b/tests/vmx2xmldata/vmx2xml-scsi-driver.vmx
@@ -0,0 +1,17 @@
+config.version = "8"
+virtualHW.version = "4"
+scsi0.present = "true"
+scsi0.virtualDev = "buslogic"
+scsi1.present = "true"
+scsi1.virtualDev = "lsilogic"
+scsi2.present = "true"
+scsi2.virtualDev = "lsisas1068"
+scsi0:0.present = "true"
+scsi0:0.deviceType = "scsi-hardDisk"
+scsi0:0.fileName = "harddisk1.vmdk"
+scsi1:0.present = "true"
+scsi1:0.deviceType = "scsi-hardDisk"
+scsi1:0.fileName = "harddisk2.vmdk"
+scsi2:0.present = "true"
+scsi2:0.deviceType = "scsi-hardDisk"
+scsi2:0.fileName = "harddisk3.vmdk"
diff --git a/tests/vmx2xmldata/vmx2xml-scsi-driver.xml b/tests/vmx2xmldata/vmx2xml-scsi-driver.xml
new file mode 100644
index 0000000..1fa9ac4
--- /dev/null
+++ b/tests/vmx2xmldata/vmx2xml-scsi-driver.xml
@@ -0,0 +1,30 @@
+<domain type='vmware'>
+ <uuid>00000000-0000-0000-0000-000000000000</uuid>
+ <memory>32768</memory>
+ <currentMemory>32768</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch='i686'>hvm</type>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <disk type='file' device='disk'>
+ <driver name='buslogic'/>
+ <source file='[datastore] directory/harddisk1.vmdk'/>
+ <target dev='sda' bus='scsi'/>
+ </disk>
+ <disk type='file' device='disk'>
+ <driver name='lsilogic'/>
+ <source file='[datastore] directory/harddisk2.vmdk'/>
+ <target dev='sdp' bus='scsi'/>
+ </disk>
+ <disk type='file' device='disk'>
+ <driver name='lsisas1068'/>
+ <source file='[datastore] directory/harddisk3.vmdk'/>
+ <target dev='sdae' bus='scsi'/>
+ </disk>
+ </devices>
+</domain>
diff --git a/tests/vmx2xmltest.c b/tests/vmx2xmltest.c
index b4eb5d5..e75def4 100644
--- a/tests/vmx2xmltest.c
+++ b/tests/vmx2xmltest.c
@@ -122,7 +122,7 @@ mymain(int argc, char **argv)
DO_TEST("graphics-vnc", "graphics-vnc", esxVI_APIVersion_25);
- DO_TEST("scsi-buslogic", "scsi-buslogic", esxVI_APIVersion_25);
+ DO_TEST("scsi-driver", "scsi-driver", esxVI_APIVersion_25);
DO_TEST("scsi-writethrough", "scsi-writethrough", esxVI_APIVersion_25);
DO_TEST("harddisk-scsi-file", "harddisk-scsi-file", esxVI_APIVersion_25);
diff --git a/tests/xml2vmxdata/xml2vmx-scsi-buslogic.vmx b/tests/xml2vmxdata/xml2vmx-scsi-buslogic.vmx
deleted file mode 100644
index 2f98da3..0000000
--- a/tests/xml2vmxdata/xml2vmx-scsi-buslogic.vmx
+++ /dev/null
@@ -1,12 +0,0 @@
-config.version = "8"
-virtualHW.version = "4"
-guestOS = "other"
-uuid.bios = "56 4d 9b ef ac d9 b4 e0-c8 f0 ae a8 b9 10 35 15"
-displayName = "scsi-buslogic"
-memsize = "4"
-numvcpus = "1"
-scsi0.present = "true"
-scsi0.virtualDev = "buslogic"
-scsi0:0.present = "true"
-scsi0:0.deviceType = "scsi-hardDisk"
-scsi0:0.fileName = "/vmfs/volumes/datastore/directory/harddisk.vmdk"
diff --git a/tests/xml2vmxdata/xml2vmx-scsi-buslogic.xml b/tests/xml2vmxdata/xml2vmx-scsi-buslogic.xml
deleted file mode 100644
index 5d52c54..0000000
--- a/tests/xml2vmxdata/xml2vmx-scsi-buslogic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<domain type='vmware'>
- <name>scsi-buslogic</name>
- <uuid>564d9bef-acd9-b4e0-c8f0-aea8b9103515</uuid>
- <memory>4096</memory>
- <os>
- <type>hvm</type>
- </os>
- <devices>
- <disk type='file' device='disk'>
- <driver name='buslogic'/>
- <source file='[datastore] directory/harddisk.vmdk'/>
- <target dev='sda' bus='scsi'/>
- </disk>
- </devices>
-</domain>
diff --git a/tests/xml2vmxdata/xml2vmx-scsi-driver.vmx b/tests/xml2vmxdata/xml2vmx-scsi-driver.vmx
new file mode 100644
index 0000000..7cceca0
--- /dev/null
+++ b/tests/xml2vmxdata/xml2vmx-scsi-driver.vmx
@@ -0,0 +1,22 @@
+config.version = "8"
+virtualHW.version = "4"
+guestOS = "other"
+uuid.bios = "56 4d 9b ef ac d9 b4 e0-c8 f0 ae a8 b9 10 35 15"
+displayName = "scsi-buslogic"
+memsize = "4"
+numvcpus = "1"
+scsi0.present = "true"
+scsi0.virtualDev = "buslogic"
+scsi1.present = "true"
+scsi1.virtualDev = "lsilogic"
+scsi2.present = "true"
+scsi2.virtualDev = "lsisas1068"
+scsi0:0.present = "true"
+scsi0:0.deviceType = "scsi-hardDisk"
+scsi0:0.fileName = "/vmfs/volumes/datastore/directory/harddisk1.vmdk"
+scsi1:0.present = "true"
+scsi1:0.deviceType = "scsi-hardDisk"
+scsi1:0.fileName = "/vmfs/volumes/datastore/directory/harddisk2.vmdk"
+scsi2:0.present = "true"
+scsi2:0.deviceType = "scsi-hardDisk"
+scsi2:0.fileName = "/vmfs/volumes/datastore/directory/harddisk3.vmdk"
diff --git a/tests/xml2vmxdata/xml2vmx-scsi-driver.xml b/tests/xml2vmxdata/xml2vmx-scsi-driver.xml
new file mode 100644
index 0000000..797a26e
--- /dev/null
+++ b/tests/xml2vmxdata/xml2vmx-scsi-driver.xml
@@ -0,0 +1,25 @@
+<domain type='vmware'>
+ <name>scsi-buslogic</name>
+ <uuid>564d9bef-acd9-b4e0-c8f0-aea8b9103515</uuid>
+ <memory>4096</memory>
+ <os>
+ <type>hvm</type>
+ </os>
+ <devices>
+ <disk type='file' device='disk'>
+ <driver name='buslogic'/>
+ <source file='[datastore] directory/harddisk1.vmdk'/>
+ <target dev='sda' bus='scsi'/>
+ </disk>
+ <disk type='file' device='disk'>
+ <driver name='lsilogic'/>
+ <source file='[datastore] directory/harddisk2.vmdk'/>
+ <target dev='sdp' bus='scsi'/>
+ </disk>
+ <disk type='file' device='disk'>
+ <driver name='lsisas1068'/>
+ <source file='[datastore] directory/harddisk3.vmdk'/>
+ <target dev='sdae' bus='scsi'/>
+ </disk>
+ </devices>
+</domain>
diff --git a/tests/xml2vmxtest.c b/tests/xml2vmxtest.c
index b8b9d6f..f9c4730 100644
--- a/tests/xml2vmxtest.c
+++ b/tests/xml2vmxtest.c
@@ -175,7 +175,7 @@ mymain(int argc, char **argv)
DO_TEST("graphics-vnc", "graphics-vnc", esxVI_APIVersion_25);
- DO_TEST("scsi-buslogic", "scsi-buslogic", esxVI_APIVersion_25);
+ DO_TEST("scsi-driver", "scsi-driver", esxVI_APIVersion_25);
DO_TEST("scsi-writethrough", "scsi-writethrough", esxVI_APIVersion_25);
DO_TEST("harddisk-scsi-file", "harddisk-scsi-file", esxVI_APIVersion_25);
--
1.6.3.3
14 years, 8 months
[libvirt] 0.7.8 schedule
by Daniel Veillard
So clearly we are a bit late we didn't freezed this week-end,
hopefully we can push the last bits for the release tomorrow.
I would be tempted to actually name the release 0.8.0 if we get
the snapshot API in (which I expect), then start freeze on Wed,
and make the official release early next week. There is still a few
things to clean up left and right, some patches for bug fixes need
ACKs, so I still expect some work before being able to declare the
new release ready !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
14 years, 8 months
[libvirt] [PATCH] nwfilter_ebiptables_driver.c: avoid NULL dereference
by Jim Meyering
Another one caught by clang:
Note the first test to see if "inst" may be NULL.
Then, in the following loop, "inst" is unconditionally
dereferenced via "inst[i]". There are other unprotected
used of "inst[i]" below, too.
Rather than trying to protect all uses, one by one, I chose
to return "success" when given an empty list of rules.
In addition, not only does it appear to be possible to call
this function with a NULL "inst" pointer, but it may even
be undefined. At least one caller is virNWFilterInstantiate,
where "inst" maps to the caller's "ptrs" variable. There,
ptrs is initialized (or not, in some cases) by
virNWFilterRuleInstancesToArray. Fortunately, at least
this one caller (virNWFilterRuleInstancesToArray) does
initialize "ptrs" to NULL, so in actuality, it cannot currently
be used undefined. But the fact that a function like
virNWFilterRuleInstancesToArray can return "successfully"
without defining that output parameter is a little risky.
>From f2d1a49095ed6f7caa3d5ee67409ac561c55ba77 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 29 Mar 2010 18:27:26 +0200
Subject: [PATCH] nwfilter_ebiptables_driver.c: avoid NULL dereference
* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules):
Don't dereference a NULL or uninitialized pointer when given
an empty list of rules
---
src/nwfilter/nwfilter_ebiptables_driver.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 7871926..3932b44 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -2378,31 +2378,32 @@ ebiptablesRuleOrderSort(const void *a, const void *b)
static int
ebiptablesApplyNewRules(virConnectPtr conn,
const char *ifname,
int nruleInstances,
void **_inst)
{
int i;
int cli_status;
ebiptablesRuleInstPtr *inst = (ebiptablesRuleInstPtr *)_inst;
int chains_in = 0, chains_out = 0;
virBuffer buf = VIR_BUFFER_INITIALIZER;
int haveIptables = 0;
- if (inst)
- qsort(inst, nruleInstances, sizeof(inst[0]),
- ebiptablesRuleOrderSort);
+ if (nruleInstances == 0 || inst == NULL)
+ return 0;
+
+ qsort(inst, nruleInstances, sizeof(inst[0]), ebiptablesRuleOrderSort);
for (i = 0; i < nruleInstances; i++) {
if (inst[i]->ruleType == RT_EBTABLES) {
if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP)
chains_in |= (1 << inst[i]->neededProtocolChain);
else
chains_out |= (1 << inst[i]->neededProtocolChain);
}
}
ebtablesUnlinkTmpRootChain(conn, &buf, 1, ifname);
ebtablesUnlinkTmpRootChain(conn, &buf, 0, ifname);
ebtablesRemoveTmpSubChains(conn, &buf, ifname);
ebtablesRemoveTmpRootChain(conn, &buf, 1, ifname);
--
1.7.0.3.448.g82eeb
14 years, 8 months
[libvirt] [PATCH] Make int-overflow test case pass
by Stefan Berger
This fix makes the int-overflow test case pass.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
Index: libvirt/tests/int-overflow
===================================================================
--- libvirt.orig/tests/int-overflow
+++ libvirt/tests/int-overflow
@@ -14,6 +14,7 @@ fi
. "$srcdir/test-lib.sh"
echo "error: failed to get domain '4294967298'" > exp || fail=1
+echo "error: Failed to start the nwfilter driver: Is the daemon running ?" >> exp || fail=1
echo domname 4294967298 | $abs_top_builddir/tools/virsh --quiet \
--connect test://$abs_top_srcdir/examples/xml/test/testnode.xml \
> /dev/null 2> err || fail=1
14 years, 8 months
[libvirt] [PATCH v4 00/15] Network filtering (ACL) extensions for libvirt
by Stefan Berger
Hi!
This is a repost of this set of patches with some of the suggested fixes
applied and ipv6 support on the ebtables layer added.
Between V3 and V4 of this patch series the following changes were made:
- occurrences of typo 'scp' were changed to 'sctp'
- the root ebtables chain for each interface now has the previx of 'libvirt-'
- additional calls into tear-down functions in case something goes wrong
while starting the qemu/kvm VM in 2nd level error paths
- additional functions in the driver interface to split up the application
of firewall rules into
- creation of new firewall rules 'tree'
- switch-over to new firewall rules 'tree', tear down of old one and
renaming of new firewall 'tree'
- tear down of new firewall rules 'tree' in case an error happend
during update of several VMs.
- additional patch with example filters
The following set of patches add network filtering (ACL) extensions to
libvirt and enable network traffic filtering for VMs using ebtables and,
depending on the networking technology being used (tap, but not
macvtap), also iptables. Usage of either is optional and controlled
through filters that a VM is referencing.
The ebtables-level filtering is based on the XML derived from the CIM
network slide 10 (filtering) from the DMTF website
(http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf).
The XML we derived from this was discussed on the list before. On the
ebtables level we currently handle filtering of IPv4 and ARP traffic.
The iptables-level filtering is based on similar XML where XML nodes
described the particular protocol to filter for. Its extensions enable
the filtering of traffic using iptables for tcp, udp, icmp, igmp, sctp
and 'all' types of traffic. This list of protocols maps to the features
supported by iptables and only excludes protocols like 'esp', 'ah' and
'udplite'. Currently only bridging mode is supported and based on
availability of the physdev match.
The filtering framework adds new libvirt virsh commands for managing
the filters. The 5 new commands are:
- virsh nwfilter-list
- virsh nwfilter-dumpxml <name of filter>
- virsh nwfilter-define <name of file containing filter desc.>
- virsh nwfilter-undefine <name of filter>
- virsh nwfilter-edit <name of filter>
Above commands are similar to commands for already existing pools and as
such much of the code directly related to the above commands could be
borrowed from other drivers.
The network filters can either contain rules using the above mentioned
XML or contain references to other filters in order to build more
complex filters that form some sort of filter tree or can contain both.
An example for a filter referencing other filters would be this one
here:
<filter name='demofilter4' chain='root'>
<uuid>66f62d1d-34c1-1421-824f-c62d5ee5e8b6</uuid>
<filterref filter='no-mac-spoofing'/>
<filterref filter='no-mac-broadcast'/>
<filterref filter='no-arp-spoofing'/>
<filterref filter='allow-dhcp'>
<parameter name='DHCPSERVER' value='10.0.0.1'/>
</filterref>
<filterref filter='no-other-l2-traffic'/>
<filterref filter='recv-only-vm-ipaddress'/>
<filterref filter='recv-only-vm-macaddress'/>
<filterref filter='l3-test'/>
<filterref filter='ipv6test'/>
</filter>
A filter containing actual rules would look like this:
<filter name='no-mac-broadcast' chain='ipv4'>
<uuid>ffe2ccd6-edec-7360-1852-6b5ccb553234</uuid>
<rule action='drop' direction='out' priority='500'>
<mac dstmacaddr='ff:ff:ff:ff:ff:ff'/>
</rule>
</filter>
The filter XML now also holds a priority attribute in the rule. This
provides control over the ordering of the applied ebtables/iptables
rules beyond their appearance in the XML.
The domain XML has been extended to reference a top level filter from
within each <interface> XML node. A valid reference to such a top level
filter looks like this:
<interface type='bridge'>
<source bridge='static'/>
<filterref filter='demofilter4'>
<parameter name='IP' value='9.59.241.151'/>
</filterref>
</interface>
In this XML a parameter IP is passed for instantiation of the referenced
filters, that may require the availability of this parameter. In the
above case the IP parameter's value describes the value of the IP
address of the VM and allows to enable those filters to be instantiated
that require this 'IP' variable. If a filter requires a parameter that
is not provided, the VM will not start or the interface will not attach
to a running VM. Any names of parameters can be provided for
instantiation of filters and their names and values only need to pass a
regular expression test. In a subsequent patch we will be adding
capability to allow users to omit the IP parameter (only) and enable
libvirt to learn the IP address of the VM and have it instantiate the
filter once it knows it.
While virtual machines are running, it is possible to update their
filters. For that all running VMs' filter 'trees' are traversed to
detect whether the updated filter is referenced by the VM. If so, its
ebtables/iptable rules are applied. If one of the VMs' update fails
allupdates are rolled back and the filter XML update is rejected.
One comment about the instantiation of the rules: Since the XML allows
to create nearly any possible combination of parameters to ebtables or
iptables commands, I haven't used the ebtables or iptables wrappers.
Instead, I am writing ebtables/iptables command into a buffer, add
command line options to each one of them as described in the rule's XML,
write the buffer into a file and run it as a script. For those commands
that are not allowed to fail I am using the following format to run
them:
cmd="ebtables <some options>"
r=`${cmd}`
if [ $? -ne 0 ]; then
echo "Failure in command ${cmd}."
exit 1
fi
cmd="..."
[...]
If one of the command fails in such a batch, the libvirt code is going
pick up the error code '1', tear down anything previously established
and report an error back. The actual error message shown above is
currently not reported back, but can be later on with some changes to
the commands running external programs that need to read the script's
stdout.
One comment to patch 14: It currently #include's a .c file into a .c
file only for the reason so I don't have to change too much code once I
change code in the underlying patch. So this has to be changed. The
patch series works without patch 13, but then only supports ebtables.
The patches apply to the current tip. They pass 'make syntax-check' and
have been frequently run in valgrind for memory leak checks.
Looking forward to your feedback on the patches.
Thanks and regards,
Stefan and Gerhard
14 years, 8 months
[libvirt] [PATCH] nwfilter_conf.c: don't test an uninitialized local variable
by Jim Meyering
I've just run the code through clang, and it spotted a few new problems.
Here's one:
>From 4c848787c8268e37db9a1d0754b8fcd8e5774f73 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 29 Mar 2010 17:34:32 +0200
Subject: [PATCH] nwfilter_conf.c: don't test an uninitialized local variable
* src/conf/nwfilter_conf.c (virNWIPAddressFormat): Do not use "i"
uninitialized.
---
src/conf/nwfilter_conf.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index e82aae6..f673e69 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -2423,7 +2423,7 @@ virNWIPAddressFormat(virBufferPtr buf, nwIPAddressPtr ipaddr)
ipaddr->addr.ipv4Addr[2],
ipaddr->addr.ipv4Addr[3]);
} else {
- int i;
+ unsigned int i = 0;
int dcshown = 0, in_dc = 0;
unsigned short n;
while (i < 8) {
--
1.7.0.3.448.g82eeb
14 years, 8 months
[libvirt] [PATCH] Fix 'make check' runs due to usage of conn parameter in error reporting
by Stefan Berger
This patch fixes the 'make check' runs for me which, under certain
circumstances and login configurations, did invoke popups requesting
authentication. I removed the parameter conn from being passed into the
error reporting function.
Signed-off-by; Stefan Berger <stefanb(a)us.ibm.com>
---
src/conf/nwfilter_conf.c | 15 ++++++---------
src/conf/nwfilter_conf.h | 3 ++-
2 files changed, 8 insertions(+), 10 deletions(-)
Index: libvirt/src/conf/nwfilter_conf.c
===================================================================
--- libvirt.orig/src/conf/nwfilter_conf.c
+++ libvirt/src/conf/nwfilter_conf.c
@@ -44,9 +44,6 @@
#define VIR_FROM_THIS VIR_FROM_NWFILTER
-#define virNWFilterError(conn, code, fmt...) \
- virReportErrorHelper(conn, VIR_FROM_NWFILTER, code, __FILE__,\
- __FUNCTION__, __LINE__, fmt)
VIR_ENUM_IMPL(virNWFilterRuleAction, VIR_NWFILTER_RULE_ACTION_LAST,
"drop",
@@ -2248,9 +2245,9 @@ virNWFilterPoolObjLoad(virConnectPtr con
}
if (!virFileMatchesNameSuffix(file, def->name, ".xml")) {
- virNWFilterError(conn, VIR_ERR_INVALID_NWFILTER,
- "NWFilter pool config filename '%s' does not match pool name '%s'",
- path, def->name);
+ virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER,
+ _("network filter pool config filename '%s' does not match pool name '%s'"),
+ path, def->name);
virNWFilterDefFree(def);
return NULL;
}
@@ -2300,9 +2297,9 @@ virNWFilterPoolLoadAllConfigs(virConnect
if (virFileBuildPath(configDir, entry->d_name,
NULL, path, PATH_MAX) < 0) {
- virNWFilterError(conn, VIR_ERR_INTERNAL_ERROR,
- "Config filename '%s/%s' is too long",
- configDir, entry->d_name);
+ virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ _("config filename '%s/%s' is too long"),
+ configDir, entry->d_name);
continue;
}
Index: libvirt/src/conf/nwfilter_conf.h
===================================================================
--- libvirt.orig/src/conf/nwfilter_conf.h
+++ libvirt/src/conf/nwfilter_conf.h
@@ -523,7 +523,8 @@ int virNWFilterParamConfLayerInit(void);
void virNWFilterParamConfLayerShutdown(void);
# define virNWFilterReportError(conn, code, fmt...) \
- virReportErrorHelper(conn, VIR_FROM_NWFILTER, code, __FILE__, \
+ (void)conn; \
+ virReportErrorHelper(NULL, VIR_FROM_NWFILTER, code, __FILE__, \
__FUNCTION__, __LINE__, fmt)
14 years, 8 months
[libvirt] issues about Migrating with virsh and libvirt functions
by wei ma
Hi everyone
i've been trying to migrate a domain from hostA to hostB.But everytime i did
it with
"virsh --live migrate <Domain> xen+ssh://root@Destination",
it failed and told me something like
"Error Domain not found:xenUnifiedDomainLookupByName".
The same thing happened when i tried to do the same thing with libvirt API
like virDomainMigrate & virDomainMigrateToURI.
i am confused about this.
So can anybody can tell me why?Thanks a lot.
BTW,the OS is CentOS 5.4 with libvirt 0.7.7 and Xen 3.4.0.
14 years, 8 months
[libvirt] [PATCH] filter new files through cppi, so syntax-check passes once again
by Jim Meyering
FYI, just pushed (no semantic change):
>From d0e79bd5fa280a568d5b919fabd5f2f4dacf8f89 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Fri, 26 Mar 2010 19:29:54 +0100
Subject: [PATCH] filter new files through cppi, so syntax-check passes once again
* src/conf/nwfilter_conf.h: Indent cpp directives.
* src/conf/nwfilter_params.h: Likewise.
* src/datatypes.h: Likewise.
* src/nwfilter/nwfilter_driver.h: Likewise.
* src/nwfilter/nwfilter_ebiptables_driver.h: Likewise.
* src/nwfilter/nwfilter_gentech_driver.h: Likewise.
---
src/conf/nwfilter_conf.h | 24 ++++++++++++------------
src/conf/nwfilter_params.h | 4 ++--
src/datatypes.h | 6 +++---
src/nwfilter/nwfilter_driver.h | 6 +++---
src/nwfilter/nwfilter_ebiptables_driver.h | 6 +++---
src/nwfilter/nwfilter_gentech_driver.h | 2 +-
6 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 5ba2f41..9b6ca40 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -24,15 +24,15 @@
* Author: Stefan Berger <stefanb(a)us.ibm.com>
*/
#ifndef NWFILTER_CONF_H
-#define NWFILTER_CONF_H
+# define NWFILTER_CONF_H
-#include <stdint.h>
-#include <stddef.h>
+# include <stdint.h>
+# include <stddef.h>
-#include "internal.h"
-#include "util.h"
-#include "hash.h"
-#include "xml.h"
+# include "internal.h"
+# include "util.h"
+# include "hash.h"
+# include "xml.h"
/**
* Chain suffix size is:
@@ -43,7 +43,7 @@
* terminating '0' =
* 32-3-15-1-1 = 12
*/
-#define MAX_CHAIN_SUFFIX_SIZE 12
+# define MAX_CHAIN_SUFFIX_SIZE 12
enum virNWFilterEntryItemFlags {
@@ -53,10 +53,10 @@ enum virNWFilterEntryItemFlags {
};
-#define HAS_ENTRY_ITEM(data) \
+# define HAS_ENTRY_ITEM(data) \
(((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_EXISTS)
-#define ENTRY_GET_NEG_SIGN(data) \
+# define ENTRY_GET_NEG_SIGN(data) \
((((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_IS_NEG) ? "!" : "")
// datatypes appearing in rule attributes
@@ -288,7 +288,7 @@ enum virNWFilterEbtablesTableType {
};
-#define MAX_RULE_PRIORITY 1000
+# define MAX_RULE_PRIORITY 1000
typedef struct _virNWFilterRuleDef virNWFilterRuleDef;
@@ -522,7 +522,7 @@ void virNWFilterConfLayerShutdown(void);
int virNWFilterParamConfLayerInit(void);
void virNWFilterParamConfLayerShutdown(void);
-#define virNWFilterReportError(conn, code, fmt...) \
+# define virNWFilterReportError(conn, code, fmt...) \
virReportErrorHelper(conn, VIR_FROM_NWFILTER, code, __FILE__, \
__FUNCTION__, __LINE__, fmt)
diff --git a/src/conf/nwfilter_params.h b/src/conf/nwfilter_params.h
index 7a9b1ee..5b4afba 100644
--- a/src/conf/nwfilter_params.h
+++ b/src/conf/nwfilter_params.h
@@ -20,9 +20,9 @@
* Author: Stefan Berger <stefanb(a)us.ibm.com>
*/
#ifndef NWFILTER_PARAMS_H
-#define NWFILTER_PARAMS_H
+# define NWFILTER_PARAMS_H
-#include "hash.h"
+# include "hash.h"
typedef struct _virNWFilterHashTable virNWFilterHashTable;
typedef virNWFilterHashTable *virNWFilterHashTablePtr;
diff --git a/src/datatypes.h b/src/datatypes.h
index c221119..4663c9c 100644
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -126,9 +126,9 @@
* magic value used to protect the API when pointers to network filter
* pool structures are passed down by the users.
*/
-#define VIR_NWFILTER_MAGIC 0xDEAD7777
-#define VIR_IS_NWFILTER(obj) ((obj) && (obj)->magic==VIR_NWFILTER_MAGIC)
-#define VIR_IS_CONNECTED_NWFILTER(obj) (VIR_IS_NWFILTER(obj) && VIR_IS_CONNECT((obj)->conn))
+# define VIR_NWFILTER_MAGIC 0xDEAD7777
+# define VIR_IS_NWFILTER(obj) ((obj) && (obj)->magic==VIR_NWFILTER_MAGIC)
+# define VIR_IS_CONNECTED_NWFILTER(obj) (VIR_IS_NWFILTER(obj) && VIR_IS_CONNECT((obj)->conn))
/**
diff --git a/src/nwfilter/nwfilter_driver.h b/src/nwfilter/nwfilter_driver.h
index b7d8668..3f60560 100644
--- a/src/nwfilter/nwfilter_driver.h
+++ b/src/nwfilter/nwfilter_driver.h
@@ -26,10 +26,10 @@
*/
#ifndef __VIR_NWFILTER_DRIVER_H__
-#define __VIR_NWFILTER_DRIVER_H__
+# define __VIR_NWFILTER_DRIVER_H__
-#include "nwfilter_params.h"
-#include "nwfilter_conf.h"
+# include "nwfilter_params.h"
+# include "nwfilter_conf.h"
int nwfilterRegister(void);
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.h b/src/nwfilter/nwfilter_ebiptables_driver.h
index a036b99..ff22844 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.h
+++ b/src/nwfilter/nwfilter_ebiptables_driver.h
@@ -21,9 +21,9 @@
* Author: Stefan Berger <stefanb(a)us.ibm.com>
*/
#ifndef VIR_NWFILTER_EBTABLES_DRIVER_H__
-#define VIR_NWFILTER_EBTABLES_DRIVER_H__
+# define VIR_NWFILTER_EBTABLES_DRIVER_H__
-#define MAX_CHAINNAME_LENGTH 32 /* see linux/netfilter_bridge/ebtables.h */
+# define MAX_CHAINNAME_LENGTH 32 /* see linux/netfilter_bridge/ebtables.h */
enum RuleType {
RT_EBTABLES,
@@ -43,6 +43,6 @@ struct _ebiptablesRuleInst {
extern virNWFilterTechDriver ebiptables_driver;
-#define EBIPTABLES_DRIVER_ID "ebiptables"
+# define EBIPTABLES_DRIVER_ID "ebiptables"
#endif
diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
index a77d95a..6b7da71 100644
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -21,7 +21,7 @@
* Author: Stefan Berger <stefanb(a)us.ibm.com>
*/
#ifndef __NWFILTER_GENTECH_DRIVER_H
-#define __NWFILTER_GENTECH_DRIVER_H
+# define __NWFILTER_GENTECH_DRIVER_H
virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name);
--
1.7.0.3.448.g82eeb
14 years, 8 months
