April 2010 - Devel - Libvirt List Archives

[libvirt] qemu smbios options in domain xml format

by vincent

Still no support for the smbios arg ? any other way to pass this arg to qemu (and continue to use libvirt)? Vincent On 12/09/2009 10:47 PM, Phillip Balli wrote: Hello, I could not find any explicit mention of support for the -smbios options which are present in qemu 0.10.5+ in the domain xml format or the qemu/kvm hypervisor driver pages. Is there some way to specify commands and options which are not described in the xml config by adjusting something in the way libvirt processes the xml? Or is providing smbios options just not supported currently? No, it's currently not supported. Paolo

14 years, 7 months

1
0
0 / 0

[libvirt] [PATCH] qemu_driver.c: don't close an arbitrary file descriptor

by Jim Meyering

clang spotted this: An early failure makes us "goto" the cleanup code that tests (and probably closes) the "logfile" fd. >From 49e46a427832681b686b712fbfbc24a312c286c1 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering(a)redhat.com> Date: Wed, 7 Apr 2010 09:17:27 +0200 Subject: [PATCH] qemu_driver.c: don't close an arbitrary file descriptor * src/qemu/qemu_driver.c (qemudStartVMDaemon): Initialize "logfile" to ensure that we don't use it uninitialized -- thus closing an arbitrary file descriptor -- in the cleanup block. --- src/qemu/qemu_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ce43fd3..60fa95a 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3159,7 +3159,7 @@ static int qemudStartVMDaemon(virConnectPtr conn, int pos = -1; char ebuf[1024]; char *pidfile = NULL; - int logfile; + int logfile = -1; qemuDomainObjPrivatePtr priv = vm->privateData; struct qemudHookData hookData; -- 1.7.0.4.552.gc303

14 years, 7 months

2
1
0 / 0

[libvirt] [Fwd: Re: virsh dump blocking problem]

by Gui Jianfeng

Hi all, I think this is the right place to post the problem here. :) So I forward this mail. =========== On Tue, 06 Apr 2010 09:35:09 +0800 Gui Jianfeng <guijianfeng(a)cn.fujitsu.com> wrote: > Hi all, > > I'm not sure whether it's appropriate to post the problem here. > I played with "virsh" under Fedora 12, and started a KVM fedora12 guest > by "virsh start" command. The fedora12 guest is successfully started. > Than I run the following command to dump the guest core: > #virsh dump 1 mycoredump (domain id is 1) > > This command seemed blocking and not return. According to he strace > output, virsh dump seems that it's blocking at poll() call. I think > the following should be the call trace of virsh. > > cmdDump() > -> virDomainCoreDump() > -> remoteDomainCoreDump() > -> call() > -> remoteIO() > -> remoteIOEventLoop() > -> poll(fds, ARRAY_CARDINALITY(fds), -1) > > > Any one encounters this problem also, any thoughts? > I met and it seems qemu-kvm continues to counting the number of dirty pages and does no answer to libvirt. Guest never work and I have to kill it. I met this with 2.6.32+ qemu-0.12.3+ libvirt 0.7.7.1. When I updated the host kernel to 2.6.33, qemu-kvm never work. So, I moved back to fedora12's latest qemu-kvm. Now, 2.6.34-rc3+ qemu-0.11.0-13.fc12.x86_64 + libvirt 0.7.7.1 # virsh dump xxxx xxxx hangs. In most case, I see following 2 back trace.(with gdb) (gdb) bt #0 ram_save_remaining () at /usr/src/debug/qemu-kvm-0.11.0/vl.c:3104 #1 ram_bytes_remaining () at /usr/src/debug/qemu-kvm-0.11.0/vl.c:3112 #2 0x00000000004ab2cf in do_info_migrate (mon=0x16b7970) at migration.c:150 #3 0x0000000000414b1a in monitor_handle_command (mon=<value optimized out>, cmdline=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/monitor.c:2870 #4 0x0000000000414c6a in monitor_command_cb (mon=0x16b7970, cmdline=<value optimized out>, opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/monitor.c:3160 #5 0x000000000048b71b in readline_handle_byte (rs=0x208d6a0, ch=<value optimized out>) at readline.c:369 #6 0x0000000000414cdc in monitor_read (opaque=<value optimized out>, buf=0x7fff1b1104b0 "info migrate\r", size=13) at /usr/src/debug/qemu-kvm-0.11.0/monitor.c:3146 #7 0x00000000004b2a53 in tcp_chr_read (opaque=0x1614c30) at qemu-char.c:2006 #8 0x000000000040a6c7 in main_loop_wait (timeout=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/vl.c:4188 #9 0x000000000040eed5 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/vl.c:4414 #10 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/vl.c:6263 (gdb) bt #0 0x0000003c2680e0bd in write () at ../sysdeps/unix/syscall-template.S:82 #1 0x00000000004b304a in unix_write (fd=11, buf=<value optimized out>, len1=40) at qemu-char.c:512 #2 send_all (fd=11, buf=<value optimized out>, len1=40) at qemu-char.c:528 #3 0x0000000000411201 in monitor_flush (mon=0x16b7970) at /usr/src/debug/qemu-kvm-0.11.0/monitor.c:131 #4 0x0000000000414cdc in monitor_read (opaque=<value optimized out>, buf=0x7fff1b1104b0 "info migrate\r", size=13) at /usr/src/debug/qemu-kvm-0.11.0/monitor.c:3146 #5 0x00000000004b2a53 in tcp_chr_read (opaque=0x1614c30) at qemu-char.c:2006 #6 0x000000000040a6c7 in main_loop_wait (timeout=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/vl.c:4188 #7 0x000000000040eed5 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/vl.c:4414 #8 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.11.0/vl.c:6263 And see no dump progress. I'm sorry if this is not a hang but just verrrrry slow. I don't see any progress at lease for 15 minutes and qemu-kvm continues to use 75% of cpus. I'm not sure why "dump" command trigger migration code... How long it takes to do "virsh dump xxx xxxx", an idle VM with 2G memory ? I'm sorry if I ask wrong mailing list. Thanks, -Kame

14 years, 7 months

1
0
0 / 0

[libvirt] Linux-vServer Support in libvirt

by Walter Stanish

Hi libvir-list (cc: vserver list), I am another Linux-vServer user who would like to see support in libvirt. >From a very brief look back through the archives it appears that there may have been some architectural concerns re: libvirt's assumptions about what kind of network stack a virtualisation platform provides, in that Linux-vServer doesn't use a traditional approach to networking and thus may break previously valid assumptions. I found 2007 posts and a post last year (2009). Would it be possible for someone with a good overall understanding of previous integration attempts and the results thereof to summarise what issues were encountered and how difficult it would be to overcome these, so that users can understand what's going on. Thanks! - Walter

14 years, 7 months

3
2
0 / 0

[libvirt] Release schedule ... 0.8.0 coming

by Daniel Veillard

Okay, since the snapshot API is in I suggest to start the freeze toward the 0.8.0 release. There is still 3 things I think we should look at and allow: 1/ the very large cleanup patch set from Matthias, as this should not break anything (isn't it :-) 2/ the nwfilter IP detection code, it still need a review, I didn't do it, libpcap intimidates me a bit, but I think I can be convinced. 3/ an ESX snapshot support if Matthias (or someone else !) manage to write one in the next days 2/ and 3/ sound fairly contained and about a new functionalitry in this release so the risk of breaking an existing feature is very limited. So hopefully we can ship 0.8.0 by the end of the week-end, now we need testing testing testing :-) Thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

14 years, 7 months

3
3
0 / 0

[libvirt] [PATCH] nwfilter: Add filter schema for nwfilter XML, extend domain XML schema

by Stefan Berger

This patch adds a relaxng nwfilter schema along with a test that verifies all the test output XML against the schema. The input XMLs contain a lot of intentional out-of-range values that make them fail the schema verification, so I am not verifying against those. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com> Signed-off-by: Gerhard Stenzel <gerhard.stenzel(a)de.ibm.com> --- docs/schemas/Makefile.am | 3 docs/schemas/domain.rng | 31 + docs/schemas/nwfilter.rng | 783 ++++++++++++++++++++++++++++++++++++++++++++++ libvirt.spec.in | 1 tests/Makefile.am | 4 tests/nwfilterschematest | 11 6 files changed, 831 insertions(+), 2 deletions(-) Index: libvirt-acl/docs/schemas/Makefile.am =================================================================== --- libvirt-acl.orig/docs/schemas/Makefile.am +++ libvirt-acl/docs/schemas/Makefile.am @@ -10,6 +10,7 @@ schema_DATA = \ storagepool.rng \ storagevol.rng \ nodedev.rng \ - capability.rng + capability.rng \ + nwfilter.rng EXTRA_DIST = $(schema_DATA) Index: libvirt-acl/libvirt.spec.in =================================================================== --- libvirt-acl.orig/libvirt.spec.in +++ libvirt-acl/libvirt.spec.in @@ -785,6 +785,7 @@ fi %{_datadir}/libvirt/schemas/interface.rng %{_datadir}/libvirt/schemas/secret.rng %{_datadir}/libvirt/schemas/storageencryption.rng +%{_datadir}/libvirt/schemas/filter.rng %{_datadir}/libvirt/cpu_map.xml Index: libvirt-acl/docs/schemas/nwfilter.rng =================================================================== --- /dev/null +++ libvirt-acl/docs/schemas/nwfilter.rng @@ -0,0 +1,783 @@ +<?xml version="1.0" encoding="UTF-8"?> +<grammar ns="" xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes"> + <start> + <ref name="filter"/> + </start> + <define name="filter"> + <element name="filter"> + <ref name="filter-node-attributes"/> + <zeroOrMore> + <choice> + <element name="filterref"> + <ref name="filterref-node-attributes"/> + </element> + <element name="uuid"> + <ref name="UUID"/> + </element> + </choice> + </zeroOrMore> + <zeroOrMore> + <element name="rule"> + <ref name="rule-node-attributes"/> + <optional> + <zeroOrMore> + <element name="mac"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="mac-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="arp"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="arp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ip"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + <ref name="dscp-attribute"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ipv6"> + <ref name="match-attribute"/> + <ref name="common-l2-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-port-attributes"/> + <ref name="ip-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="igmp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ip-attributes-p1"/> + <ref name="common-ip-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="tcp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="sctp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-port-attributes"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="icmpv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + <ref name="icmp-attributes"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="all-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="esp-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="ah-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + <optional> + <zeroOrMore> + <element name="udplite-ipv6"> + <ref name="match-attribute"/> + <ref name="srcmac-attribute"/> + <ref name="common-ipv6-attributes-p1"/> + <ref name="common-ipv6-attributes-p2"/> + </element> + </zeroOrMore> + </optional> + </element> + </zeroOrMore> + </element> + </define> + +  + + <define name="filter-node-attributes"> + <attribute name="name"> + <data type="NCName"/> + </attribute> + <optional> + <attribute name="chain"> + <choice> + <value>root</value> + <value>arp</value> + <value>ipv4</value> + <value>ipv6</value> + </choice> + </attribute> + </optional> + </define> + + <define name="filterref-node-attributes"> + <attribute name="filter"> + <data type="NCName"/> + </attribute> + <optional> + <element name="parameter"> + <attribute name="name"> + <ref name="parameter-name"/> + </attribute> + <attribute name="value"> + <ref name="parameter-value"/> + </attribute> + </element> + </optional> + </define> + + <define name="rule-node-attributes"> + <attribute name="action"> + <ref name='action-type'/> + </attribute> + <attribute name="direction"> + <ref name='direction-type'/> + </attribute> + <optional> + <attribute name="priority"> + <ref name='priority-type'/> + </attribute> + </optional> + </define> + + <define name="match-attribute"> + <interleave> + <optional> + <attribute name="match"> + <choice> + <value>yes</value> + <value>no</value> + </choice> + </attribute> + </optional> + </interleave> + </define> + + <define name="srcmac-attribute"> + <interleave> + <optional> + <attribute name="srcmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-l2-attributes"> + <interleave> + <ref name="srcmac-attribute"/> + <optional> + <attribute name="srcmacmask"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="dstmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="dstmacmask"> + <ref name="addrMAC"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ip-attributes-p1"> + <interleave> + <optional> + <attribute name="srcipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="srcipmask"> + <ref name="addrMask"/> + </attribute> + </optional> + <optional> + <attribute name="dstipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dstipmask"> + <ref name="addrMask"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ip-attributes-p2"> + <interleave> + <optional> + <attribute name="srcipfrom"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="srcipto"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dstipfrom"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dstipto"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="dscp"> + <ref name="sixbitrange"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ipv6-attributes-p1"> + <interleave> + <optional> + <attribute name="srcipaddr"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="srcipmask"> + <ref name="addrMaskv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipaddr"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipmask"> + <ref name="addrMaskv6"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-ipv6-attributes-p2"> + <interleave> + <optional> + <attribute name="srcipfrom"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="srcipto"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipfrom"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dstipto"> + <ref name="addrIPv6"/> + </attribute> + </optional> + <optional> + <attribute name="dscp"> + <ref name="sixbitrange"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="common-port-attributes"> + <interleave> + <optional> + <attribute name="srcportstart"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="srcportend"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="dstportstart"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="dstportend"> + <ref name="uint16range"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="icmp-attributes"> + <interleave> + <optional> + <attribute name="type"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="code"> + <ref name="uint8range"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="mac-attributes"> + <interleave> + <optional> + <attribute name="protocolid"> + <ref name="mac-protocolid"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="arp-attributes"> + <interleave> + <optional> + <attribute name="arpsrcmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="arpsrcipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="arpdstmacaddr"> + <ref name="addrMAC"/> + </attribute> + </optional> + <optional> + <attribute name="arpdstipaddr"> + <ref name="addrIP"/> + </attribute> + </optional> + <optional> + <attribute name="hwtype"> + <ref name="uint16range"/> + </attribute> + </optional> + <optional> + <attribute name="opcode"> + <ref name="arpOpcodeType"/> + </attribute> + </optional> + <optional> + <attribute name="protocoltype"> + <ref name="uint16range"/> + </attribute> + </optional> + </interleave> + </define> + + <define name="ip-attributes"> + <optional> + <attribute name="protocol"> + <ref name="ipProtocolType"/> + </attribute> + </optional> + </define> + + <define name="dscp-attribute"> + <optional> + <attribute name="dscp"> + <ref name="sixbitrange"/> + </attribute> + </optional> + </define> + +  + + <define name="UUID"> + <choice> + <data type="string"> + <param name="pattern">[a-fA-F0-9]{32}</param> + </data> + + <data type="string"> + <param name="pattern">[a-fA-F0-9]{8}\-([a-fA-F0-9]{4}\-){3}[a-fA-F0-9]{12}</param> + </data> + </choice> + </define> + + <define name="addrMAC"> + <choice> +  + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param> + </data> + </choice> + </define> + + <define name="addrIP"> + <choice> +  + <data type="string"> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param> + </data> + + <data type="string"> + <param name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param> + </data> + </choice> + </define> + + <define name="addrIPv6"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)(([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9])?</param> + </data> + </choice> + </define> + + <define name="addrMask"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">32</param> + </data> + + <data type="string"> + <param name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param> + </data> + </choice> + </define> + + <define name="addrMaskv6"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">128</param> + </data> + + <data type="string"> + <param name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)</param> + </data> + </choice> + </define> + + <define name="sixbitrange"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">63</param> + </data> + </choice> + </define> + + <define name="mac-protocolid"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">1536</param> + <param name="maxInclusive">65535</param> + </data> + + <choice> + <value>arp</value> + <value>ipv4</value> + <value>ipv6</value> + </choice> + </choice> + </define> + + <define name="uint8range"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">255</param> + </data> + </choice> + </define> + + <define name="uint16range"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">65535</param> + </data> + </choice> + </define> + + <define name="arpOpcodeType"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">65535</param> + </data> + + <data type="string"> + <param name="pattern">([Rr]eply|[Rr]equest|[Rr]equest_[Rr]everse|[Rr]eply_[Rr]everse|DRARP_[Rr]equest|DRARP_[Rr]eply|DRARP_[Ee]rror|InARP_[Rr]equest|ARP_NAK)</param> + </data> + + </choice> + </define> + + <define name="ipProtocolType"> + <choice> +  + <data type="string"> + <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param> + </data> + + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">255</param> + </data> + + <choice> + <value>tcp</value> + <value>udp</value> + <value>udplite</value> + <value>esp</value> + <value>ah</value> + <value>icmp</value> + <value>igmp</value> + <value>sctp</value> + <value>icmpv6</value> + </choice> + </choice> + </define> + + <define name="parameter-name"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_]+</param> + </data> + </define> + + <define name="parameter-value"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_\.:]+</param> + </data> + </define> + + <define name='action-type'> + <choice> + <value>drop</value> + <value>accept</value> + </choice> + </define> + + <define name='direction-type'> + <choice> + <value>in</value> + <value>out</value> + <value>inout</value> + </choice> + </define> + + <define name='priority-type'> + <data type="int"> + <param name="minInclusive">0</param> + <param name="maxInclusive">1000</param> + </data> + </define> +</grammar> Index: libvirt-acl/tests/Makefile.am =================================================================== --- libvirt-acl.orig/tests/Makefile.am +++ libvirt-acl/tests/Makefile.am @@ -74,6 +74,7 @@ EXTRA_DIST = \ xml2vmxdata \ nwfilterxml2xmlout \ nwfilterxml2xmlin \ + nwfilterschematest \ $(patsubst %,qemuhelpdata/%,$(qemuhelpdata)) noinst_PROGRAMS = virshtest conftest \ @@ -120,7 +121,8 @@ test_scripts = \ storagepoolschematest \ storagevolschematest \ domainschematest \ - nodedevschematest + nodedevschematest \ + nwfilterschematest if WITH_LIBVIRTD test_scripts += \ Index: libvirt-acl/tests/nwfilterschematest =================================================================== --- /dev/null +++ libvirt-acl/tests/nwfilterschematest @@ -0,0 +1,11 @@ +#!/bin/sh + +: ${srcdir=.} +. $srcdir/test-lib.sh +. $abs_srcdir/schematestutils.sh + +DIRS="nwfilterxml2xmlout" +SCHEMA="nwfilter.rng" + +check_schema "$DIRS" "$SCHEMA" + Index: libvirt-acl/docs/schemas/domain.rng =================================================================== --- libvirt-acl.orig/docs/schemas/domain.rng +++ libvirt-acl/docs/schemas/domain.rng @@ -894,6 +894,11 @@ <optional> <ref name="address"/> </optional> + <optional> + <element name="filterref"> + <ref name="filterref-node-attributes"/> + </element> + </optional> </interleave> </define> <!-- @@ -1577,6 +1582,22 @@ </element> </define> + <define name="filterref-node-attributes"> + <attribute name="filter"> + <data type="NCName"/> + </attribute> + <optional> + <element name="parameter"> + <attribute name="name"> + <ref name="parameter-name"/> + </attribute> + <attribute name="value"> + <ref name="parameter-value"/> + </attribute> + </element> + </optional> + </define> + <!-- Type library @@ -1737,4 +1758,14 @@ <param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param> </data> </define> + <define name="parameter-name"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_]+</param> + </data> + </define> + <define name="parameter-value"> + <data type="string"> + <param name="pattern">[a-zA-Z0-9_\.:]+</param> + </data> + </define> </grammar>

14 years, 7 months

2
7
0 / 0

[libvirt] [PATCH] Fix 'avialable' typo

by Matthias Bolte

Reported by Paul Jenner --- I just pushed this patch. src/util/util.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/util/util.c b/src/util/util.c index 28a3c7e..405c5f3 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -2682,7 +2682,7 @@ char * virGetUserDirectory(uid_t uid ATTRIBUTE_UNUSED) { virUtilError(VIR_ERR_INTERNAL_ERROR, - "%s", _("virGetUserDirectory is not avialable")); + "%s", _("virGetUserDirectory is not available")); return NULL; } @@ -2691,7 +2691,7 @@ char * virGetUserName(uid_t uid ATTRIBUTE_UNUSED) { virUtilError(VIR_ERR_INTERNAL_ERROR, - "%s", _("virGetUserName is not avialable")); + "%s", _("virGetUserName is not available")); return NULL; } @@ -2700,7 +2700,7 @@ int virGetUserID(const char *name ATTRIBUTE_UNUSED, uid_t *uid ATTRIBUTE_UNUSED) { virUtilError(VIR_ERR_INTERNAL_ERROR, - "%s", _("virGetUserID is not avialable")); + "%s", _("virGetUserID is not available")); return 0; } @@ -2710,7 +2710,7 @@ int virGetGroupID(const char *name ATTRIBUTE_UNUSED, gid_t *gid ATTRIBUTE_UNUSED) { virUtilError(VIR_ERR_INTERNAL_ERROR, - "%s", _("virGetGroupID is not avialable")); + "%s", _("virGetGroupID is not available")); return 0; } -- 1.6.3.3

14 years, 7 months

1
0
0 / 0

[libvirt] [PATCH] build: avoid autogen on 'make clean'

by Eric Blake

Tested by running 'git submodule foreach git pull origin master', then seeing that 'make clean' skips autogen although 'make' properly runs it. * cfg.mk (_clean_requested): New check, to speed up 'make clean' even if gnulib submodule is outdated. Suggested by Daniel P. Berrange. --- cfg.mk | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/cfg.mk b/cfg.mk index 70465c3..f422a53 100644 --- a/cfg.mk +++ b/cfg.mk @@ -301,7 +301,8 @@ ifeq (0,$(MAKELEVEL)) git diff .gnulib); \ stamp="$$($(_submodule_hash) $(_curr_status) 2>/dev/null)"; \ test "$$stamp" = "$$actual"; echo $$?) - ifeq (1,$(_update_required)) + _clean_requested = $(filter %clean,$(MAKECMDGOALS)) + ifeq (1,$(_update_required)$(_clean_requested)) $(info INFO: gnulib update required; running ./autogen.sh first) Makefile: _autogen endif -- 1.6.6.1

14 years, 7 months

2
2
0 / 0

[libvirt] [PATCH] virterror.c: avoid erroneous case "fall-through"

by Jim Meyering

IMHO, this qualifies as an "obvious" fix, but I'll wait for an ACK. >From 0c9eb193ccb0ad507c7dd6dbfe944bb9a0c8ff93 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering(a)redhat.com> Date: Tue, 6 Apr 2010 19:07:14 +0200 Subject: [PATCH] virterror.c: avoid erroneous case "fall-through" * src/util/virterror.c (virErrorMsg): Insert missing "break;" --- src/util/virterror.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/util/virterror.c b/src/util/virterror.c index d29f95b..96dd1e7 100644 --- a/src/util/virterror.c +++ b/src/util/virterror.c @@ -1,10 +1,10 @@ /* * virterror.c: implements error handling and reporting code for libvirt * - * Copy: Copyright (C) 2006, 2008, 2009 Red Hat, Inc. + * Copy: Copyright (C) 2006, 2008-2010 Red Hat, Inc. * * See COPYING.LIB for the License of this software * * Author: Daniel Veillard <veillard(a)redhat.com> */ @@ -1147,12 +1147,13 @@ virErrorMsg(virErrorNumber error, const char *info) break; case VIR_ERR_MIGRATE_PERSIST_FAILED: if (info == NULL) errmsg = _("Failed to make domain persistent after migration"); else errmsg = _("Failed to make domain persistent after migration: %s"); + break; case VIR_ERR_HOOK_SCRIPT_FAILED: if (info == NULL) errmsg = _("Hook script execution failed"); else errmsg = _("Hook script execution failed: %s"); break; -- 1.7.0.4.552.gc303

14 years, 7 months

3
3
0 / 0

[libvirt] [PATCH] nwfilter: Fix instantiated layer 2 rules for 'inout' direction

by Stefan Berger

The following rule for direction 'in' <rule direction='in' action='drop'> <mac srcmacaddr='1:2:3:4:5:6'/> </rule> drops all traffic from the given mac address. The following rule for direction 'out' <rule direction='out' action='drop'> <mac dstmacaddr='1:2:3:4:5:6'/> </rule> drops all traffic to the given mac address. The following rule in direction 'inout' <rule direction='inout' action='drop'> <mac srcmacaddr='1:2:3:4:5:6'/> </rule> now drops all traffic from and to the given MAC address. So far it would have dropped traffic from the given MAC address and outgoing traffic with the given MAC address, which is not useful since the packets will always have the VM's MAC address as source MAC address. The attached patch fixes this. This is the last bug I currently know of and want to fix. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com> --- src/nwfilter/nwfilter_ebiptables_driver.c | 67 ++++++++++++++++++++---------- 1 file changed, 45 insertions(+), 22 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -294,7 +294,8 @@ ebiptablesAddRuleInst(virNWFilterRuleIns static int ebtablesHandleEthHdr(virBufferPtr buf, virNWFilterHashTablePtr vars, - ethHdrDataDefPtr ethHdr) + ethHdrDataDefPtr ethHdr, + bool reverse) { char macaddr[VIR_MAC_STRING_BUFLEN]; @@ -305,7 +306,8 @@ ebtablesHandleEthHdr(virBufferPtr buf, goto err_exit; virBufferVSprintf(buf, - " -s %s %s", + " %s %s %s", + reverse ? "-d" : "-s", ENTRY_GET_NEG_SIGN(&ethHdr->dataSrcMACAddr), macaddr); @@ -328,7 +330,8 @@ ebtablesHandleEthHdr(virBufferPtr buf, goto err_exit; virBufferVSprintf(buf, - " -d %s %s", + " %s %s %s", + reverse ? "-s" : "-d", ENTRY_GET_NEG_SIGN(&ethHdr->dataDstMACAddr), macaddr); @@ -1425,6 +1428,7 @@ iptablesCreateRuleInstance(virNWFilterDe * @ifname : The name of the interface to apply the rule to * @vars : A map containing the variables to resolve * @res : The data structure to store the result(s) into + * @reverse : Whether to reverse src and dst attributes * * Convert a single rule into its representation for later instantiation * @@ -1438,7 +1442,8 @@ ebtablesCreateRuleInstance(char chainPre virNWFilterRuleDefPtr rule, const char *ifname, virNWFilterHashTablePtr vars, - virNWFilterRuleInstPtr res) + virNWFilterRuleInstPtr res, + bool reverse) { char macaddr[VIR_MAC_STRING_BUFLEN], ipaddr[INET_ADDRSTRLEN], @@ -1464,7 +1469,8 @@ ebtablesCreateRuleInstance(char chainPre if (ebtablesHandleEthHdr(&buf, vars, - &rule->p.ethHdrFilter.ethHdr)) + &rule->p.ethHdrFilter.ethHdr, + reverse)) goto err_exit; if (HAS_ENTRY_ITEM(&rule->p.ethHdrFilter.dataProtocolID)) { @@ -1487,7 +1493,8 @@ ebtablesCreateRuleInstance(char chainPre if (ebtablesHandleEthHdr(&buf, vars, - &rule->p.arpHdrFilter.ethHdr)) + &rule->p.arpHdrFilter.ethHdr, + reverse)) goto err_exit; virBufferAddLit(&buf, " -p arp"); @@ -1532,7 +1539,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --arp-ip-src %s %s", + " %s %s %s", + reverse ? "--arp-ip-dst" : "--arp-ip-src", ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPSrcIPAddr), ipaddr); } @@ -1544,7 +1552,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --arp-ip-dst %s %s", + " %s %s %s", + reverse ? "--arp-ip-src" : "--arp-ip-dst", ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPDstIPAddr), ipaddr); } @@ -1556,7 +1565,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --arp-mac-src %s %s", + " %s %s %s", + reverse ? "--arp-mac-dst" : "--arp-mac-src", ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPSrcMACAddr), macaddr); } @@ -1568,7 +1578,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --arp-mac-dst %s %s", + " %s %s %s", + reverse ? "--arp-mac-src" : "--arp-mac-dst", ENTRY_GET_NEG_SIGN(&rule->p.arpHdrFilter.dataARPDstMACAddr), macaddr); } @@ -1581,7 +1592,8 @@ ebtablesCreateRuleInstance(char chainPre if (ebtablesHandleEthHdr(&buf, vars, - &rule->p.ipHdrFilter.ethHdr)) + &rule->p.ipHdrFilter.ethHdr, + reverse)) goto err_exit; virBufferAddLit(&buf, @@ -1594,7 +1606,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip-source %s %s", + " %s %s %s", + reverse ? "--ip-destination" : "--ip-source", ENTRY_GET_NEG_SIGN(&rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr), ipaddr); @@ -1617,7 +1630,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip-destination %s %s", + " %s %s %s", + reverse ? "--ip-source" : "--ip-destination", ENTRY_GET_NEG_SIGN(&rule->p.ipHdrFilter.ipHdr.dataDstIPAddr), ipaddr); @@ -1652,7 +1666,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip-source-port %s %s", + " %s %s %s", + reverse ? "--ip-destination-port" : "--ip-source-port", ENTRY_GET_NEG_SIGN(&rule->p.ipHdrFilter.portData.dataSrcPortStart), number); @@ -1676,7 +1691,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip-destination-port %s %s", + " %s %s %s", + reverse ? "--ip-source-port" : "--ip-destination-port", ENTRY_GET_NEG_SIGN(&rule->p.ipHdrFilter.portData.dataDstPortStart), number); @@ -1712,7 +1728,8 @@ ebtablesCreateRuleInstance(char chainPre if (ebtablesHandleEthHdr(&buf, vars, - &rule->p.ipv6HdrFilter.ethHdr)) + &rule->p.ipv6HdrFilter.ethHdr, + reverse)) goto err_exit; virBufferAddLit(&buf, @@ -1725,7 +1742,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip6-source %s %s", + " %s %s %s", + reverse ? "--ip6-destination" : "--ip6-source", ENTRY_GET_NEG_SIGN(&rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr), ipv6addr); @@ -1748,7 +1766,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip6-destination %s %s", + " %s %s %s", + reverse ? "--ip6-source" : "--ip6-destination", ENTRY_GET_NEG_SIGN(&rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr), ipv6addr); @@ -1783,7 +1802,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip6-source-port %s %s", + " %s %s %s", + (!reverse) ? "--ip6-source-port" : "--ip6-destination-port", ENTRY_GET_NEG_SIGN(&rule->p.ipv6HdrFilter.portData.dataSrcPortStart), number); @@ -1807,7 +1827,8 @@ ebtablesCreateRuleInstance(char chainPre goto err_exit; virBufferVSprintf(&buf, - " --ip6-destination-port %s %s", + " %s %s %s", + reverse ? "--ip6-source-port" : "--ip6-destination-port", ENTRY_GET_NEG_SIGN(&rule->p.ipv6HdrFilter.portData.dataDstPortStart), number); @@ -1900,7 +1921,8 @@ ebiptablesCreateRuleInstance(virConnectP rule, ifname, vars, - res); + res, + rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT); if (rc) return rc; } @@ -1912,7 +1934,8 @@ ebiptablesCreateRuleInstance(virConnectP rule, ifname, vars, - res); + res, + 0); } break;

14 years, 7 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel April 2010