[libvirt] [PATCH] Don't ignore guest CPU selection when unsupported by HV
by Jiri Denemark
When qemu libvirt driver doesn't support guest CPU selection with given
qemu binary, guests requiring specific CPU should fail to start instead
of being silently supplied with a default CPU.
---
src/qemu/qemu_conf.c | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 592360f..3fb0074 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -3249,9 +3249,16 @@ qemuBuildCpuArgStr(const struct qemud_driver *driver,
virBuffer buf = VIR_BUFFER_INITIALIZER;
int i;
- if (def->cpu && def->cpu->model
- && qemudProbeCPUModels(emulator, ut->machine, &ncpus, &cpus) < 0)
- goto cleanup;
+ if (def->cpu && def->cpu->model) {
+ if (qemudProbeCPUModels(emulator, ut->machine, &ncpus, &cpus) < 0)
+ goto cleanup;
+
+ if (!ncpus || !host) {
+ qemuReportError(VIR_ERR_NO_SUPPORT, "%s",
+ _("CPU specification not supported by hypervisor"));
+ goto cleanup;
+ }
+ }
if (ncpus > 0 && host) {
virCPUCompareResult cmp;
--
1.7.0.4
14 years, 7 months
[libvirt] [PATCH] Document all options of virsh dumpxml
by Jiri Denemark
---
tools/virsh.pod | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/tools/virsh.pod b/tools/virsh.pod
index a59e9b0..9e9f4e0 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -342,10 +342,15 @@ configuration format named by I<format>.
Dumps the core of a domain to a file for analysis.
-=item B<dumpxml> I<domain-id>
-
-Output the domain information as an XML dump to stdout, this format
-can be used by the B<create> command.
+=item B<dumpxml> I<domain-id> optional I<--inactive> I<--security-info> I<--update-cpu>
+
+Output the domain information as an XML dump to stdout, this format can be used
+by the B<create> command. Additional options affecting the XML dump may be
+used. I<--inactive> tells virsh to dump domain configuration that will be used
+on next start of the domain as opposed to the current domain configuration.
+Using I<--security-info> security sensitive information will also be included
+in the XML dump. I<--update-cpu> updates domain CPU requirements according to
+host CPU.
=item B<edit> I<domain-id>
--
1.7.0.4
14 years, 7 months
[libvirt] [PATCH] createRawFileOpHook: avoid dead stores
by Jim Meyering
Here are two more dead stores.
>From 7c3d498d8572556d72d4633e9b39f89a08a0a682 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Wed, 7 Apr 2010 18:30:55 +0200
Subject: [PATCH] createRawFileOpHook: avoid dead stores
* src/storage/storage_backend.c (createRawFileOpHook): Remove dead
stores and declaration of each stored-to variable.
---
src/storage/storage_backend.c | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 7294a00..f0074ed 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -308,12 +308,11 @@ static int createRawFileOpHook(int fd, void *data) {
* update every 9s is a fair-enough trade-off
*/
unsigned long long bytes = 512 * 1024 * 1024;
- int r;
if (bytes > remain)
bytes = remain;
- if ((r = safezero(fd, 0, hdata->vol->allocation - remain,
- bytes)) != 0) {
+ if (safezero(fd, 0, hdata->vol->allocation - remain,
+ bytes) != 0) {
ret = errno;
virReportSystemError(errno, _("cannot fill file '%s'"),
hdata->vol->target.path);
@@ -322,9 +321,7 @@ static int createRawFileOpHook(int fd, void *data) {
remain -= bytes;
}
} else { /* No progress bars to be shown */
- int r;
-
- if ((r = safezero(fd, 0, 0, remain)) != 0) {
+ if (safezero(fd, 0, 0, remain) != 0) {
ret = errno;
virReportSystemError(errno, _("cannot fill file '%s'"),
hdata->vol->target.path);
--
1.7.1.rc0.212.gbd88f
14 years, 7 months
[libvirt] [PATCH] xenXMDomainDefineXML: remove dead store and useless/leaky virGetDomain
by Jim Meyering
clang complained about the dead store.
Dan Berrange confirmed that this code has been useless-looking for ages.
>From e6315e0b0d4b83b744cff86529b6b9e3144e2012 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Wed, 7 Apr 2010 20:17:44 +0200
Subject: [PATCH] xenXMDomainDefineXML: remove dead store and useless/leaky virGetDomain
* src/xen/xm_internal.c (xenXMDomainDefineXML): Remove useless and
leak-inducing call to virGetDomain, as well as decl of now-unused local.
---
src/xen/xm_internal.c | 5 -----
1 files changed, 0 insertions(+), 5 deletions(-)
diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c
index d1265ba..a7a09a0 100644
--- a/src/xen/xm_internal.c
+++ b/src/xen/xm_internal.c
@@ -2622,7 +2622,6 @@ cleanup:
*/
virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml) {
virDomainPtr ret;
- virDomainPtr olddomain;
char filename[PATH_MAX];
const char * oldfilename;
virDomainDefPtr def = NULL;
@@ -2688,10 +2687,6 @@ virDomainPtr xenXMDomainDefineXML(virConnectPtr conn, const char *xml) {
goto error;
}
- /* XXX wtf.com is this line for - it appears to be amemory leak */
- if (!(olddomain = virGetDomain(conn, def->name, entry->def->uuid)))
- goto error;
-
/* Remove the name -> filename mapping */
if (virHashRemoveEntry(priv->nameConfigMap, def->name, NULL) < 0) {
xenXMError(VIR_ERR_INTERNAL_ERROR,
--
1.7.1.rc0.212.gbd88f
14 years, 7 months
[libvirt] qemuDomainSnapshotLoad leak
by Jim Meyering
clang reports that the assignment to "snap" below is a dead store.
Actually it's also a leak, and it seems like it deserves a diagnostic
if/when that function returns NULL.
It looks to me like this function should return
something other than "void", so that it can inform
its caller of such a failure.
No?
This is from qemu_driver.c:
static void qemuDomainSnapshotLoad(void *payload,
const char *name ATTRIBUTE_UNUSED,
void *data)
{
...
virDomainSnapshotObjPtr snap = NULL;
...
while ((entry = readdir(dir))) {
...
def = virDomainSnapshotDefParseString(xmlStr, 0);
if (def == NULL) {
/* Nothing we can do here, skip this one */
VIR_ERROR("Failed to parse snapshot XML from file '%s'", fullpath);
VIR_FREE(xmlStr);
continue;
}
snap = virDomainSnapshotAssignDef(&vm->snapshots, def);
VIR_FREE(xmlStr);
}
/* FIXME: qemu keeps internal track of snapshots. We can get access
* to this info via the "info snapshots" monitor command for running
* domains, or via "qemu-img snapshot -l" for shutoff domains. It would
* be nice to update our internal state based on that, but there is a
* a problem. qemu doesn't track all of the same metadata that we do.
* In particular we wouldn't be able to fill in the <parent>, which is
* pretty important in our metadata.
*/
virResetLastError();
cleanup:
if (dir)
closedir(dir);
VIR_FREE(snapDir);
virDomainObjUnlock(vm);
}
14 years, 7 months
[libvirt] [PATCH] maint: s/initialis/initializ/
by Eric Blake
git grep found 12 of the former but 100 of the latter in src/.
* src/remote/remote_driver.c (initialise_gnutls): Rename...
(initialize_gnutls): ...to this.
(doRemoteOpen): Adjust caller.
* src/xen/xen_driver.c (xenUnifiedOpen): Adjust output string.
* src/util/network.c: Adjust comments.
Suggested by Matthias Bolte.
---
Should be a pretty trivial conversion from British to American
English for a single word. Is it worth adding a rule to cfg.mk
to have 'make syntax-check' diagnose future introductions of
'initialis.*'?
src/remote/remote_driver.c | 14 +++++++-------
src/util/network.c | 8 ++++----
src/xen/xen_driver.c | 4 ++--
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 20ad6c8..d5b68dd 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -271,7 +271,7 @@ void remoteDomainEventQueueFlush(int timer, void *opaque);
static char *get_transport_from_scheme (char *scheme);
/* GnuTLS functions used by remoteOpen. */
-static int initialise_gnutls (virConnectPtr conn);
+static int initialize_gnutls (virConnectPtr conn);
static gnutls_session_t negotiate_gnutls_on_connection (virConnectPtr conn, struct private_data *priv, int no_verify);
#ifdef WITH_LIBVIRTD
@@ -425,7 +425,7 @@ doRemoteOpen (virConnectPtr conn,
transport = trans_unix;
}
- /* Local variables which we will initialise. These can
+ /* Local variables which we will initialize. These can
* get freed in the failed: path.
*/
char *name = NULL, *command = NULL, *sockname = NULL, *netcat = NULL;
@@ -579,7 +579,7 @@ doRemoteOpen (virConnectPtr conn,
/* Connect to the remote service. */
switch (transport) {
case trans_tls:
- if (initialise_gnutls (conn) == -1) goto failed;
+ if (initialize_gnutls (conn) == -1) goto failed;
priv->uses_tls = 1;
priv->is_secure = 1;
@@ -1140,12 +1140,12 @@ check_cert_file(const char *type, const char *file)
static int
-initialise_gnutls (virConnectPtr conn)
+initialize_gnutls (virConnectPtr conn)
{
- static int initialised = 0;
+ static int initialized = 0;
int err;
- if (initialised) return 0;
+ if (initialized) return 0;
gnutls_global_init ();
@@ -1193,7 +1193,7 @@ initialise_gnutls (virConnectPtr conn)
return -1;
}
- initialised = 1;
+ initialized = 1;
return 0;
}
diff --git a/src/util/network.c b/src/util/network.c
index 76f2791..6e24792 100644
--- a/src/util/network.c
+++ b/src/util/network.c
@@ -1,7 +1,7 @@
/*
* network.c: network helper APIs for libvirt
*
- * Copyright (C) 2009-2009 Red Hat, Inc.
+ * Copyright (C) 2009-2010 Red Hat, Inc.
*
* See COPYING.LIB for the License of this software
*
@@ -116,7 +116,7 @@ virSocketParseIpv6Addr(const char *val, virSocketAddrPtr addr) {
/*
* virSocketFormatAddr:
- * @addr: an initialised virSocketAddrPtr
+ * @addr: an initialized virSocketAddrPtr
*
* Returns a string representation of the given address
* Returns NULL on any error
@@ -158,7 +158,7 @@ virSocketFormatAddr(virSocketAddrPtr addr) {
/*
* virSocketSetPort:
- * @addr: an initialised virSocketAddrPtr
+ * @addr: an initialized virSocketAddrPtr
* @port: the port number to set
*
* Set the transport layer port of the given virtSocketAddr
@@ -189,7 +189,7 @@ virSocketSetPort(virSocketAddrPtr addr, int port) {
/*
* virSocketGetPort:
- * @addr: an initialised virSocketAddrPtr
+ * @addr: an initialized virSocketAddrPtr
*
* Returns the transport layer port of the given virtSocketAddr
* Returns -1 if @addr is invalid
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 68b627a..5ab169d 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -297,7 +297,7 @@ xenUnifiedOpen (virConnectPtr conn, virConnectAuthPtr auth, int flags)
}
if (virMutexInit(&priv->lock) < 0) {
xenUnifiedError(VIR_ERR_INTERNAL_ERROR,
- "%s", _("cannot initialise mutex"));
+ "%s", _("cannot initialize mutex"));
VIR_FREE(priv);
return VIR_DRV_OPEN_ERROR;
}
@@ -1892,7 +1892,7 @@ out:
}
-/*----- Register with libvirt.c, and initialise Xen drivers. -----*/
+/*----- Register with libvirt.c, and initialize Xen drivers. -----*/
/* The interface which we export upwards to libvirt.c. */
static virDriver xenUnifiedDriver = {
--
1.6.6.1
14 years, 7 months
[libvirt] [PATCH] domain_event.c: don't deref NULL on an OOM error path
by Jim Meyering
This fixes a pair of potential segfault-inducing bugs:
>From 7ca7e9cd366b17e41da9207b68de7e9166a88da2 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 29 Mar 2010 17:43:01 +0200
Subject: [PATCH] domain_event.c: don't deref NULL on an OOM error path
* src/conf/domain_event.c (virDomainEventGraphicsNewFromDom):
Return NULL when handling out-of-memory error, rather than
falling through with ev=NULL and then assigning to ev->member.
(virDomainEventGraphicsNewFromObj): Likewise.
---
src/conf/domain_event.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index 41c70fc..1cf03e3 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -681,19 +681,19 @@ virDomainEventPtr virDomainEventGraphicsNewFromDom(virDomainPtr dom,
{
virDomainEventPtr ev =
virDomainEventNewInternal(VIR_DOMAIN_EVENT_ID_GRAPHICS,
dom->id, dom->name, dom->uuid);
if (ev) {
ev->data.graphics.phase = phase;
if (!(ev->data.graphics.authScheme = strdup(authScheme))) {
virDomainEventFree(ev);
- ev = NULL;
+ return NULL;
}
ev->data.graphics.local = local;
ev->data.graphics.remote = remote;
ev->data.graphics.subject = subject;
}
return ev;
}
@@ -706,19 +706,19 @@ virDomainEventPtr virDomainEventGraphicsNewFromObj(virDomainObjPtr obj,
{
virDomainEventPtr ev =
virDomainEventNewInternal(VIR_DOMAIN_EVENT_ID_GRAPHICS,
obj->def->id, obj->def->name, obj->def->uuid);
if (ev) {
ev->data.graphics.phase = phase;
if (!(ev->data.graphics.authScheme = strdup(authScheme))) {
virDomainEventFree(ev);
- ev = NULL;
+ return NULL;
}
ev->data.graphics.local = local;
ev->data.graphics.remote = remote;
ev->data.graphics.subject = subject;
}
return ev;
}
--
1.7.0.3.448.g82eeb
14 years, 7 months
[libvirt] [TCK PATCH] maint: use correct Red Hat copyright
by Eric Blake
* scripts/domain/050-transient-lifecycle.t: Correct the copyright
line.
* scripts/domain/051-transient-autostart.t: Likewise.
* scripts/domain/060-persistent-lifecycle.t: Likewise.
* scripts/domain/061-persistent-autostart.t: Likewise.
* scripts/domain/065-persistent-redefine.t: Likewise.
* scripts/domain/070-transient-to-persistent.t: Likewise.
* scripts/domain/080-unique-id-define.t: Likewise.
* scripts/domain/081-unique-id-create.t: Likewise.
* scripts/domain/090-invalid-ops-when-inactive.t: Likewise.
* scripts/domain/100-transient-save-restore.t: Likewise.
* scripts/domain/101-persistent-save-restore.t: Likewise.
* scripts/domain/102-broken-save-restore.t: Likewise.
* scripts/domain/120-disks-stats.t: Likewise.
* scripts/domain/200-disk-hotplug.t: Likewise.
* scripts/domain/205-disk-hotplug-ordering.t: Likewise.
* scripts/domain/210-nic-hotplug.t: Likewise.
* scripts/domain/215-nic-hotplug-many.t: Likewise.
* scripts/domain/240-usb-host-hotplug.t: Likewise.
* scripts/domain/250-pci-host-hotplug.t: Likewise.
* scripts/qemu/100-disk-encryption.t: Likewise.
* scripts/storage/100-create-vol-dir.t: Likewise.
* scripts/storage/200-clone-vol-dir.t: Likewise.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
This probably counts as trivial, but since this is my first
libvirt-tck patch, I thought I'd ask first.
scripts/domain/050-transient-lifecycle.t | 2 +-
scripts/domain/051-transient-autostart.t | 2 +-
scripts/domain/060-persistent-lifecycle.t | 2 +-
scripts/domain/061-persistent-autostart.t | 2 +-
scripts/domain/065-persistent-redefine.t | 2 +-
scripts/domain/070-transient-to-persistent.t | 2 +-
scripts/domain/080-unique-id-define.t | 2 +-
scripts/domain/081-unique-id-create.t | 2 +-
scripts/domain/090-invalid-ops-when-inactive.t | 2 +-
scripts/domain/100-transient-save-restore.t | 2 +-
scripts/domain/101-persistent-save-restore.t | 2 +-
scripts/domain/102-broken-save-restore.t | 2 +-
scripts/domain/120-disks-stats.t | 2 +-
scripts/domain/200-disk-hotplug.t | 2 +-
scripts/domain/205-disk-hotplug-ordering.t | 2 +-
scripts/domain/210-nic-hotplug.t | 2 +-
scripts/domain/215-nic-hotplug-many.t | 2 +-
scripts/domain/240-usb-host-hotplug.t | 2 +-
scripts/domain/250-pci-host-hotplug.t | 2 +-
scripts/qemu/100-disk-encryption.t | 2 +-
scripts/storage/100-create-vol-dir.t | 2 +-
scripts/storage/200-clone-vol-dir.t | 2 +-
22 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/scripts/domain/050-transient-lifecycle.t b/scripts/domain/050-transient-lifecycle.t
index 22e5c70..89c9d1a 100644
--- a/scripts/domain/050-transient-lifecycle.t
+++ b/scripts/domain/050-transient-lifecycle.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/051-transient-autostart.t b/scripts/domain/051-transient-autostart.t
index 9114a28..d43caa1 100644
--- a/scripts/domain/051-transient-autostart.t
+++ b/scripts/domain/051-transient-autostart.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/060-persistent-lifecycle.t b/scripts/domain/060-persistent-lifecycle.t
index 55bdc6c..ddffa02 100644
--- a/scripts/domain/060-persistent-lifecycle.t
+++ b/scripts/domain/060-persistent-lifecycle.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/061-persistent-autostart.t b/scripts/domain/061-persistent-autostart.t
index c39ec72..5200454 100644
--- a/scripts/domain/061-persistent-autostart.t
+++ b/scripts/domain/061-persistent-autostart.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/065-persistent-redefine.t b/scripts/domain/065-persistent-redefine.t
index 712803c..c19b292 100644
--- a/scripts/domain/065-persistent-redefine.t
+++ b/scripts/domain/065-persistent-redefine.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/070-transient-to-persistent.t b/scripts/domain/070-transient-to-persistent.t
index 346b329..7d85ef6 100644
--- a/scripts/domain/070-transient-to-persistent.t
+++ b/scripts/domain/070-transient-to-persistent.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/080-unique-id-define.t b/scripts/domain/080-unique-id-define.t
index 066c2e8..ed4a8fc 100644
--- a/scripts/domain/080-unique-id-define.t
+++ b/scripts/domain/080-unique-id-define.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/081-unique-id-create.t b/scripts/domain/081-unique-id-create.t
index c081674..425116f 100644
--- a/scripts/domain/081-unique-id-create.t
+++ b/scripts/domain/081-unique-id-create.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/090-invalid-ops-when-inactive.t b/scripts/domain/090-invalid-ops-when-inactive.t
index 28f4936..86f332b 100644
--- a/scripts/domain/090-invalid-ops-when-inactive.t
+++ b/scripts/domain/090-invalid-ops-when-inactive.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/100-transient-save-restore.t b/scripts/domain/100-transient-save-restore.t
index 314493c..bab42da 100644
--- a/scripts/domain/100-transient-save-restore.t
+++ b/scripts/domain/100-transient-save-restore.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/101-persistent-save-restore.t b/scripts/domain/101-persistent-save-restore.t
index 251aacd..f1c8d4b 100644
--- a/scripts/domain/101-persistent-save-restore.t
+++ b/scripts/domain/101-persistent-save-restore.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/102-broken-save-restore.t b/scripts/domain/102-broken-save-restore.t
index 2981d64..b93e274 100644
--- a/scripts/domain/102-broken-save-restore.t
+++ b/scripts/domain/102-broken-save-restore.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/120-disks-stats.t b/scripts/domain/120-disks-stats.t
index c8b3420..5cbaf8c 100644
--- a/scripts/domain/120-disks-stats.t
+++ b/scripts/domain/120-disks-stats.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/200-disk-hotplug.t b/scripts/domain/200-disk-hotplug.t
index 1272448..0f10dbf 100644
--- a/scripts/domain/200-disk-hotplug.t
+++ b/scripts/domain/200-disk-hotplug.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/205-disk-hotplug-ordering.t b/scripts/domain/205-disk-hotplug-ordering.t
index f41d45c..a2e3088 100644
--- a/scripts/domain/205-disk-hotplug-ordering.t
+++ b/scripts/domain/205-disk-hotplug-ordering.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/210-nic-hotplug.t b/scripts/domain/210-nic-hotplug.t
index 6451fd2..7521978 100644
--- a/scripts/domain/210-nic-hotplug.t
+++ b/scripts/domain/210-nic-hotplug.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/215-nic-hotplug-many.t b/scripts/domain/215-nic-hotplug-many.t
index 48fdfcf..7465f2c 100644
--- a/scripts/domain/215-nic-hotplug-many.t
+++ b/scripts/domain/215-nic-hotplug-many.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/240-usb-host-hotplug.t b/scripts/domain/240-usb-host-hotplug.t
index ac71e7b..6e74434 100644
--- a/scripts/domain/240-usb-host-hotplug.t
+++ b/scripts/domain/240-usb-host-hotplug.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009-2010 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009-2010 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/domain/250-pci-host-hotplug.t b/scripts/domain/250-pci-host-hotplug.t
index 5bb4fd9..a9fe422 100644
--- a/scripts/domain/250-pci-host-hotplug.t
+++ b/scripts/domain/250-pci-host-hotplug.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009-2010 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009-2010 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/qemu/100-disk-encryption.t b/scripts/qemu/100-disk-encryption.t
index 5964aa5..d594607 100644
--- a/scripts/qemu/100-disk-encryption.t
+++ b/scripts/qemu/100-disk-encryption.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/storage/100-create-vol-dir.t b/scripts/storage/100-create-vol-dir.t
index 2a09036..3a12596 100644
--- a/scripts/storage/100-create-vol-dir.t
+++ b/scripts/storage/100-create-vol-dir.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
diff --git a/scripts/storage/200-clone-vol-dir.t b/scripts/storage/200-clone-vol-dir.t
index dbc17c5..3b4d864 100644
--- a/scripts/storage/200-clone-vol-dir.t
+++ b/scripts/storage/200-clone-vol-dir.t
@@ -1,6 +1,6 @@
# -*- perl -*-
#
-# Copyright (C) 2009 Red Hat
+# Copyright (C) 2009-2010 Red Hat, Inc.
# Copyright (C) 2009 Daniel P. Berrange
#
# This program is free software; You can redistribute it and/or modify
--
1.6.6.1
14 years, 7 months
[libvirt] [PATCH] nwfiler: fix due to non-symmetric src mac address match in iptables
by Stefan Berger
The attached patch fixes a problem due to the mac match in iptables only
supporting --mac-source and no --mac-destination, thus it not being
symmetric. Therefore a rule like this one
<rule action='drop' direction='out'>
<all match='no' srcmacaddr='$MAC'/>
</rule>
should only have the MAC match on traffic leaving the VM and not test
for the same source MAC address on traffic that the VM receives.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
src/nwfilter/nwfilter_ebiptables_driver.c | 61 +++++++++++++++++++++++++-----
1 file changed, 51 insertions(+), 10 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -772,11 +772,18 @@ static int
iptablesHandleSrcMacAddr(virBufferPtr buf,
virNWFilterHashTablePtr vars,
nwItemDescPtr srcMacAddr,
- int directionIn ATTRIBUTE_UNUSED)
+ int directionIn,
+ bool *srcmacskipped)
{
char macaddr[VIR_MAC_STRING_BUFLEN];
+ *srcmacskipped = false;
if (HAS_ENTRY_ITEM(srcMacAddr)) {
+ if (directionIn) {
+ *srcmacskipped = true;
+ return 0;
+ }
+
if (printDataType(vars,
macaddr, sizeof(macaddr),
srcMacAddr))
@@ -1039,6 +1046,8 @@ _iptablesCreateRuleInstance(int directio
virBuffer buf = VIR_BUFFER_INITIALIZER;
const char *target;
const char *iptables_cmd = (isIPv6) ? IP6TABLES_CMD : IPTABLES_CMD;
+ unsigned int bufUsed;
+ bool srcMacSkipped = false;
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
@@ -1052,10 +1061,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p tcp");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.tcpHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1093,10 +1105,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p udp");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.udpHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1121,10 +1136,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p udplite");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.udpliteHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1144,10 +1162,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p esp");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.espHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1167,10 +1188,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p ah");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.ahHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1190,10 +1214,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p sctp");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.sctpHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1221,10 +1248,13 @@ _iptablesCreateRuleInstance(int directio
else
virBufferAddLit(&buf, " -p icmpv6");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.icmpHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1272,10 +1302,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p igmp");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.igmpHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1295,10 +1328,13 @@ _iptablesCreateRuleInstance(int directio
virBufferAddLit(&buf, " -p all");
+ bufUsed = virBufferUse(&buf);
+
if (iptablesHandleSrcMacAddr(&buf,
vars,
&rule->p.allHdrFilter.dataSrcMACAddr,
- directionIn))
+ directionIn,
+ &srcMacSkipped))
goto err_exit;
if (iptablesHandleIpHdr(&buf,
@@ -1313,6 +1349,11 @@ _iptablesCreateRuleInstance(int directio
return -1;
}
+ if (srcMacSkipped && bufUsed == virBufferUse(&buf)) {
+ virBufferFreeAndReset(&buf);
+ return 0;
+ }
+
if (match)
virBufferVSprintf(&buf, " %s", match);
14 years, 7 months
