[libvirt] [PATCH] Allow use of file images for LXC container filesystems
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
A previous commit gave the LXC driver the ability to mount
block devices for the container filesystem. Through use of
the loopback device functionality, we can build on this to
support use of plain file images for LXC filesytems.
By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that
the loop device automatically disappears when the container
dies / shuts down
* src/lxc/lxc_container.c: Raise error if we see a file
based filesystem, since it should have been turned into
a loopback device already
* src/lxc/lxc_controller.c: Rewrite any filesystems of
type=file, into type=block, by binding the file image
to a free loop device
---
src/lxc/lxc_container.c | 5 ++
src/lxc/lxc_controller.c | 176 +++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 179 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index f6ab407..bf772e5 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -797,6 +797,11 @@ static int lxcContainerMountFS(virDomainFSDefPtr fs,
if (lxcContainerMountFSBlock(fs, srcprefix) < 0)
return -1;
break;
+ case VIR_DOMAIN_FS_TYPE_FILE:
+ lxcError(VIR_ERR_INTERNAL_ERROR,
+ _("Unexpected filesystem type %s"),
+ virDomainFSTypeToString(fs->type));
+ break;
default:
lxcError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Cannot mount filesystem type %s"),
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 8848ae2..45b4c70 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -39,6 +39,8 @@
#include <getopt.h>
#include <sys/mount.h>
#include <locale.h>
+#include <linux/loop.h>
+#include <dirent.h>
#if HAVE_CAPNG
# include <cap-ng.h>
@@ -63,6 +65,160 @@ struct cgroup_device_policy {
int minor;
};
+
+static int lxcGetLoopFD(char **devname)
+{
+ int fd = -1;
+ DIR *dh = NULL;
+ struct dirent *de;
+ char *looppath;
+ struct loop_info64 lo;
+
+ VIR_DEBUG("Looking for loop devices in /dev");
+
+ if (!(dh = opendir("/dev"))) {
+ virReportSystemError(errno, "%s",
+ _("Unable to read /dev"));
+ goto cleanup;
+ }
+
+ while ((de = readdir(dh)) != NULL) {
+ if (!STRPREFIX(de->d_name, "loop"))
+ continue;
+
+ if (virAsprintf(&looppath, "/dev/%s", de->d_name) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
+
+ VIR_DEBUG("Checking up on device %s", looppath);
+ if ((fd = open(looppath, O_RDWR)) < 0) {
+ virReportSystemError(errno,
+ _("Unable to open %s"), looppath);
+ goto cleanup;
+ }
+
+ if (ioctl(fd, LOOP_GET_STATUS64, &lo) < 0) {
+ /* Got a free device, return the fd */
+ if (errno == ENXIO)
+ goto cleanup;
+
+ VIR_FORCE_CLOSE(fd);
+ virReportSystemError(errno,
+ _("Unable to get loop status on %s"),
+ looppath);
+ goto cleanup;
+ }
+
+ /* Oh well, try the next device */
+ VIR_FORCE_CLOSE(fd);
+ VIR_FREE(looppath);
+ }
+
+ lxcError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Unable to find a free loop device in /dev"));
+
+cleanup:
+ if (fd != -1) {
+ VIR_DEBUG("Got free loop device %s %d", looppath, fd);
+ *devname = looppath;
+ } else {
+ VIR_DEBUG("No free loop devices available");
+ VIR_FREE(looppath);
+ }
+ if (dh)
+ closedir(dh);
+ return fd;
+}
+
+static int lxcSetupLoopDevice(virDomainFSDefPtr fs)
+{
+ int lofd = -1;
+ int fsfd = -1;
+ struct loop_info64 lo;
+ char *loname = NULL;
+ int ret = -1;
+
+ if ((lofd = lxcGetLoopFD(&loname)) < 0)
+ return -1;
+
+ memset(&lo, 0, sizeof(lo));
+ lo.lo_flags = LO_FLAGS_AUTOCLEAR;
+
+ if ((fsfd = open(fs->src, O_RDWR)) < 0) {
+ virReportSystemError(errno,
+ _("Unable to open %s"), fs->src);
+ goto cleanup;
+ }
+
+ if (ioctl(lofd, LOOP_SET_FD, fsfd) < 0) {
+ virReportSystemError(errno,
+ _("Unable to attach %s to loop device"),
+ fs->src);
+ goto cleanup;
+ }
+
+ if (ioctl(lofd, LOOP_SET_STATUS64, &lo) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Unable to mark loop device as autoclear"));
+
+ if (ioctl(lofd, LOOP_CLR_FD, 0) < 0)
+ VIR_WARN("Unable to detach %s from loop device", fs->src);
+ goto cleanup;
+ }
+
+ VIR_DEBUG("Attached loop device %s %d to %s", fs->src, lofd, loname);
+ /*
+ * We now change it into a block device type, so that
+ * the rest of container setup 'just works'
+ */
+ fs->type = VIR_DOMAIN_FS_TYPE_BLOCK;
+ VIR_FREE(fs->src);
+ fs->src = loname;
+ loname = NULL;
+
+ ret = 0;
+
+cleanup:
+ VIR_FREE(loname);
+ VIR_FORCE_CLOSE(fsfd);
+ if (ret == -1)
+ VIR_FORCE_CLOSE(lofd);
+ return lofd;
+}
+
+
+static int lxcSetupLoopDevices(virDomainDefPtr def, size_t *nloopDevs, int **loopDevs)
+{
+ size_t i;
+ int ret = -1;
+
+ for (i = 0 ; i < def->nfss ; i++) {
+ int fd;
+
+ if (def->fss[i]->type != VIR_DOMAIN_FS_TYPE_FILE)
+ continue;
+
+ fd = lxcSetupLoopDevice(def->fss[i]);
+ if (fd < 0)
+ goto cleanup;
+
+ VIR_DEBUG("Saving loop fd %d", fd);
+ if (VIR_REALLOC_N(*loopDevs, *nloopDevs+1) < 0) {
+ VIR_FORCE_CLOSE(fd);
+ virReportOOMError();
+ goto cleanup;
+ }
+ (*loopDevs)[*nloopDevs++] = fd;
+ }
+
+ VIR_DEBUG("Setup all loop devices");
+ ret = 0;
+
+cleanup:
+ return ret;
+}
+
/**
* lxcSetContainerResources
* @def: pointer to virtual machine structure
@@ -641,6 +797,9 @@ lxcControllerRun(virDomainDefPtr def,
virDomainFSDefPtr root;
char *devpts = NULL;
char *devptmx = NULL;
+ size_t nloopDevs = 0;
+ int *loopDevs = NULL;
+ size_t i;
if (socketpair(PF_UNIX, SOCK_STREAM, 0, control) < 0) {
virReportSystemError(errno, "%s",
@@ -654,6 +813,9 @@ lxcControllerRun(virDomainDefPtr def,
goto cleanup;
}
+ if (lxcSetupLoopDevices(def, &nloopDevs, &loopDevs) < 0)
+ goto cleanup;
+
root = virDomainGetRootFilesystem(def);
if (lxcSetContainerResources(def) < 0)
@@ -778,8 +940,14 @@ lxcControllerRun(virDomainDefPtr def,
goto cleanup;
}
- /* Now the container is running, there's no need for us to keep
- any elevated capabilities */
+ /* Now the container is fully setup... */
+
+ /* ...we can close the loop devices... */
+
+ for (i = 0 ; i < nloopDevs ; i++)
+ VIR_FORCE_CLOSE(loopDevs[i]);
+
+ /* ...and reduce our privileges */
if (lxcControllerClearCapabilities() < 0)
goto cleanup;
@@ -803,6 +971,10 @@ cleanup:
VIR_FORCE_CLOSE(containerhandshake[0]);
VIR_FORCE_CLOSE(containerhandshake[1]);
+ for (i = 0 ; i < nloopDevs ; i++)
+ VIR_FORCE_CLOSE(loopDevs[i]);
+ VIR_FREE(loopDevs);
+
if (container > 1) {
int status;
kill(container, SIGTERM);
--
1.7.6
13 years, 1 month
[libvirt] [PATCH] startupPolicy: Change event argument
by Michal Privoznik
As this is on yet unreleased API this change is possible.
This patch changes devAlias parameter in event callback to
disk target as mgmt application is more likely to know target
(it's required on domain definition) but aliases are generated
by the daemon. So we can say this spares mgmt application at least
one subsequent call of dumpxml on incoming event.
---
daemon/remote.c | 6 +++---
examples/domain-events/events-c/event-test.c | 6 +++---
examples/domain-events/events-python/event-test.py | 6 +++---
include/libvirt/libvirt.h.in | 3 ++-
python/libvirt-override-virConnect.py | 4 ++--
python/libvirt-override.c | 4 ++--
src/conf/domain_event.c | 18 +++++++++---------
src/conf/domain_event.h | 4 ++--
src/qemu/qemu_domain.c | 2 +-
src/remote/remote_driver.c | 2 +-
src/remote/remote_protocol.x | 2 +-
src/remote_protocol-structs | 2 +-
12 files changed, 30 insertions(+), 29 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 9d70163..c1441d1 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -455,7 +455,7 @@ static int remoteRelayDomainEventDiskChange(virConnectPtr conn ATTRIBUTE_UNUSED,
virDomainPtr dom,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason,
void *opaque)
{
@@ -467,7 +467,7 @@ static int remoteRelayDomainEventDiskChange(virConnectPtr conn ATTRIBUTE_UNUSED,
return -1;
VIR_DEBUG("Relaying domain %s %d disk change %s %s %s %d",
- dom->name, dom->id, oldSrcPath, newSrcPath, devAlias, reason);
+ dom->name, dom->id, oldSrcPath, newSrcPath, target, reason);
/* build return data */
memset(&data, 0, sizeof data);
@@ -483,7 +483,7 @@ static int remoteRelayDomainEventDiskChange(virConnectPtr conn ATTRIBUTE_UNUSED,
data.oldSrcPath = oldSrcPath_p;
data.newSrcPath = newSrcPath_p;
- if (!(data.devAlias = strdup(devAlias)))
+ if (!(data.target = strdup(target)))
goto mem_error;
data.reason = reason;
diff --git a/examples/domain-events/events-c/event-test.c b/examples/domain-events/events-c/event-test.c
index 7c99222..adc6d7c 100644
--- a/examples/domain-events/events-c/event-test.c
+++ b/examples/domain-events/events-c/event-test.c
@@ -293,13 +293,13 @@ static int myDomainEventDiskChangeCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
virDomainPtr dom,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason,
void *opaque ATTRIBUTE_UNUSED)
{
- printf("%s EVENT: Domain %s(%d) disk change oldSrcPath: %s newSrcPath: %s devAlias: %s reason: %s\n",
+ printf("%s EVENT: Domain %s(%d) disk change oldSrcPath: %s newSrcPath: %s target: %s reason: %s\n",
__func__, virDomainGetName(dom), virDomainGetID(dom),
- oldSrcPath, newSrcPath, devAlias, diskChangeReasonStrings[reason]);
+ oldSrcPath, newSrcPath, target, diskChangeReasonStrings[reason]);
return 0;
}
diff --git a/examples/domain-events/events-python/event-test.py b/examples/domain-events/events-python/event-test.py
index 9628f6e..5dd6eaa 100644
--- a/examples/domain-events/events-python/event-test.py
+++ b/examples/domain-events/events-python/event-test.py
@@ -469,9 +469,9 @@ def myDomainEventIOErrorCallback(conn, dom, srcpath, devalias, action, opaque):
def myDomainEventGraphicsCallback(conn, dom, phase, localAddr, remoteAddr, authScheme, subject, opaque):
print "myDomainEventGraphicsCallback: Domain %s(%s) %d %s" % (dom.name(), dom.ID(), phase, authScheme)
-def myDomainEventDiskChangeCallback(conn, dom, oldSrcPath, newSrcPath, devAlias, reason, opaque):
- print "myDomainEventDiskChangeCallback: Domain %s(%s) disk change oldSrcPath: %s newSrcPath: %s devAlias: %s reason: %s" % (
- dom.name(), dom.ID(), oldSrcPath, newSrcPath, devAlias, reason)
+def myDomainEventDiskChangeCallback(conn, dom, oldSrcPath, newSrcPath, target, reason, opaque):
+ print "myDomainEventDiskChangeCallback: Domain %s(%s) disk change oldSrcPath: %s newSrcPath: %s target %s reason: %s" % (
+ dom.name(), dom.ID(), oldSrcPath, newSrcPath, target, reason)
def usage(out=sys.stderr):
print >>out, "usage: "+os.path.basename(sys.argv[0])+" [-hdl] [uri]"
print >>out, " uri will default to qemu:///system"
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index 7102bce..7bcbae6 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -3010,6 +3010,7 @@ typedef enum {
* @dom: domain on which the event occurred
* @oldSrcPath: old source path
* @newSrcPath: new source path
+ * @target: disk target where event occurred
* @reason: reason why this callback was called; any of
* virConnectDomainEventDiskChangeReason
* @opaque: application specified data
@@ -3026,7 +3027,7 @@ typedef void (*virConnectDomainEventDiskChangeCallback)(virConnectPtr conn,
virDomainPtr dom,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason,
void *opaque);
diff --git a/python/libvirt-override-virConnect.py b/python/libvirt-override-virConnect.py
index b908b32..75058d9 100644
--- a/python/libvirt-override-virConnect.py
+++ b/python/libvirt-override-virConnect.py
@@ -125,13 +125,13 @@
except AttributeError:
pass
- def _dispatchDomainEventDiskChangeCallback(self, dom, oldSrcPath, newSrcPath, devAlias, reason, cbData):
+ def _dispatchDomainEventDiskChangeCallback(self, dom, oldSrcPath, newSrcPath, target, reason, cbData):
"""Dispatches event to python user domain diskChange event callbacks
"""
cb = cbData["cb"]
opaque = cbData["opaque"]
- cb(self, virDomain(self, _obj=dom), oldSrcPath, newSrcPath, devAlias, reason, opaque)
+ cb(self, virDomain(self, _obj=dom), oldSrcPath, newSrcPath, target, reason, opaque)
return 0;
def domainEventDeregisterAny(self, callbackID):
diff --git a/python/libvirt-override.c b/python/libvirt-override.c
index 1759bae..310bc00 100644
--- a/python/libvirt-override.c
+++ b/python/libvirt-override.c
@@ -4379,7 +4379,7 @@ libvirt_virConnectDomainEventDiskChangeCallback(virConnectPtr conn ATTRIBUTE_UNU
virDomainPtr dom,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason,
void *opaque)
{
@@ -4407,7 +4407,7 @@ libvirt_virConnectDomainEventDiskChangeCallback(virConnectPtr conn ATTRIBUTE_UNU
(char*)"OsssiO",
pyobj_dom,
oldSrcPath, newSrcPath,
- devAlias, reason, pyobj_cbData);
+ target, reason, pyobj_cbData);
Py_DECREF(pyobj_cbData);
Py_DECREF(pyobj_dom);
diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index a04b9d0..2ab68dc 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -91,7 +91,7 @@ struct _virDomainEvent {
struct {
char *oldSrcPath;
char *newSrcPath;
- char *devAlias;
+ char *target;
int reason;
} diskChange;
} data;
@@ -519,7 +519,7 @@ void virDomainEventFree(virDomainEventPtr event)
case VIR_DOMAIN_EVENT_ID_DISK_CHANGE:
VIR_FREE(event->data.diskChange.oldSrcPath);
VIR_FREE(event->data.diskChange.newSrcPath);
- VIR_FREE(event->data.diskChange.devAlias);
+ VIR_FREE(event->data.diskChange.target);
break;
}
@@ -978,14 +978,14 @@ virDomainEventDiskChangeNew(int id, const char *name,
unsigned char *uuid,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias, int reason)
+ const char *target, int reason)
{
virDomainEventPtr ev =
virDomainEventNewInternal(VIR_DOMAIN_EVENT_ID_DISK_CHANGE,
id, name, uuid);
if (ev) {
- if (!(ev->data.diskChange.devAlias = strdup(devAlias)))
+ if (!(ev->data.diskChange.target = strdup(target)))
goto error;
if (oldSrcPath &&
@@ -1010,23 +1010,23 @@ error:
virDomainEventPtr virDomainEventDiskChangeNewFromObj(virDomainObjPtr obj,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason)
{
return virDomainEventDiskChangeNew(obj->def->id, obj->def->name,
obj->def->uuid, oldSrcPath,
- newSrcPath, devAlias, reason);
+ newSrcPath, target, reason);
}
virDomainEventPtr virDomainEventDiskChangeNewFromDom(virDomainPtr dom,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason)
{
return virDomainEventDiskChangeNew(dom->id, dom->name, dom->uuid,
oldSrcPath, newSrcPath,
- devAlias, reason);
+ target, reason);
}
/**
@@ -1175,7 +1175,7 @@ void virDomainEventDispatchDefaultFunc(virConnectPtr conn,
((virConnectDomainEventDiskChangeCallback)cb)(conn, dom,
event->data.diskChange.oldSrcPath,
event->data.diskChange.newSrcPath,
- event->data.diskChange.devAlias,
+ event->data.diskChange.target,
event->data.diskChange.reason,
cbopaque);
break;
diff --git a/src/conf/domain_event.h b/src/conf/domain_event.h
index 3ba418e..6c56fbd 100644
--- a/src/conf/domain_event.h
+++ b/src/conf/domain_event.h
@@ -182,12 +182,12 @@ virDomainEventPtr virDomainEventBlockJobNewFromDom(virDomainPtr dom,
virDomainEventPtr virDomainEventDiskChangeNewFromObj(virDomainObjPtr obj,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason);
virDomainEventPtr virDomainEventDiskChangeNewFromDom(virDomainPtr dom,
const char *oldSrcPath,
const char *newSrcPath,
- const char *devAlias,
+ const char *target,
int reason);
int virDomainEventQueuePush(virDomainEventQueuePtr evtQueue,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 198ebcc..82e2d70 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1668,7 +1668,7 @@ qemuDomainCheckDiskPresence(struct qemud_driver *driver,
"due to not accessible source '%s'",
disk->dst, vm->def->name, uuid, disk->src);
- event = virDomainEventDiskChangeNewFromObj(vm, disk->src, NULL, disk->info.alias,
+ event = virDomainEventDiskChangeNewFromObj(vm, disk->src, NULL, disk->dst,
VIR_DOMAIN_DISK_CHANGE_MISSING_ON_START);
if (event)
qemuDomainEventQueue(driver, event);
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index e98ebd7..8726112 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -3354,7 +3354,7 @@ remoteDomainBuildEventDiskChange(virNetClientProgramPtr prog ATTRIBUTE_UNUSED,
event = virDomainEventDiskChangeNewFromDom(dom,
msg->oldSrcPath ? *msg->oldSrcPath : NULL,
msg->newSrcPath ? *msg->newSrcPath : NULL,
- msg->devAlias,
+ msg->target,
msg->reason);
virDomainFree(dom);
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index d135653..8f8c55b 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -2014,7 +2014,7 @@ struct remote_domain_event_disk_change_msg {
remote_nonnull_domain dom;
remote_string oldSrcPath;
remote_string newSrcPath;
- remote_nonnull_string devAlias;
+ remote_nonnull_string target;
int reason;
};
diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs
index 569fcb3..fe347fa 100644
--- a/src/remote_protocol-structs
+++ b/src/remote_protocol-structs
@@ -1513,7 +1513,7 @@ struct remote_domain_event_disk_change_msg {
remote_nonnull_domain dom;
remote_string oldSrcPath;
remote_string newSrcPath;
- remote_nonnull_string devAlias;
+ remote_nonnull_string target;
int reason;
};
struct remote_domain_managed_save_args {
--
1.7.3.4
13 years, 1 month
[libvirt] [PATCH] nwfilter: extend schema to support new targets
by Stefan Berger
Extend the nwfilter schema to support the continue and return targets.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
docs/schemas/nwfilter.rng | 2 ++
1 file changed, 2 insertions(+)
Index: libvirt-acl/docs/schemas/nwfilter.rng
===================================================================
--- libvirt-acl.orig/docs/schemas/nwfilter.rng
+++ libvirt-acl/docs/schemas/nwfilter.rng
@@ -866,6 +866,8 @@
<value>drop</value>
<value>accept</value>
<value>reject</value>
+ <value>continue</value>
+ <value>return</value>
</choice>
</define>
13 years, 1 month
[libvirt] [libosinfo 1/2] Set GError even if libvirt error is unknown
by Zeeshan Ali (Khattak)
From: "Zeeshan Ali (Khattak)" <zeeshanak(a)gnome.org>
---
libvirt-glib/libvirt-glib-error.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/libvirt-glib/libvirt-glib-error.c b/libvirt-glib/libvirt-glib-error.c
index f59b464..0319687 100644
--- a/libvirt-glib/libvirt-glib-error.c
+++ b/libvirt-glib/libvirt-glib-error.c
@@ -80,7 +80,10 @@ GError *gvir_error_new_literal(GQuark domain,
virErrorPtr verr = virGetLastError();
if (!verr)
- return NULL;
+ return g_error_new(domain,
+ code,
+ "%s",
+ message);
if (message)
return g_error_new(domain,
--
1.7.6.4
13 years, 1 month
[libvirt] [libvirt PATCHv3 00/10] DHCP snooping support for libvirt
by David L Stevens
This series of patches adds DHCP snooping support to libvirt. This version
saves leases on disk for restoration after a libvirtd restart and allows
selection of different ip_learning methods by setting filter parameter
"ip_learning" to one of "any" (existing IP learning code) "none" (static only
addresses) or "DHCP" (DHCP Snooping).
This code does not (yet) support passing lease information across a migration.
A migrated guest requires a DHCP ACK (e.g., via ifdown/ifup on the guest) to
send/receive traffic for DHCP-learned addresses after a migration.
Differences from v2: added support for multiple static IP addresses using
a comma-separated list.
David L Stevens (10):
support continue/return
allow required ARP packets
reverse sense of address matching
make default chain policy "DROP"
allow chain modification
support addRules
support variable value changing
add DHCP snooping
add leasefile support
support multiple static IP addresses
examples/xml/nwfilter/Makefile.am | 5 +-
examples/xml/nwfilter/allow-arp.xml | 5 +-
examples/xml/nwfilter/allow-arpip.xml | 3 +
examples/xml/nwfilter/allow-arpmac.xml | 3 +
examples/xml/nwfilter/clean-traffic.xml | 6 +-
examples/xml/nwfilter/no-arp-spoofing.xml | 38 +-
examples/xml/nwfilter/no-arpip-spoofing.xml | 10 +
examples/xml/nwfilter/no-arpmac-spoofing.xml | 5 +
examples/xml/nwfilter/no-ip-spoofing.xml | 9 +-
examples/xml/nwfilter/no-mac-spoofing.xml | 10 +-
examples/xml/nwfilter/no-other-l2-traffic.xml | 13 +-
examples/xml/nwfilter/no-other-rarp-traffic.xml | 3 -
examples/xml/nwfilter/qemu-announce-self.xml | 1 -
src/Makefile.am | 2 +
src/conf/nwfilter_conf.c | 12 +-
src/conf/nwfilter_conf.h | 16 +-
src/nwfilter/nwfilter_dhcpsnoop.c | 938 +++++++++++++++++++++++
src/nwfilter/nwfilter_dhcpsnoop.h | 36 +
src/nwfilter/nwfilter_driver.c | 5 +
src/nwfilter/nwfilter_ebiptables_driver.c | 225 +++++--
src/nwfilter/nwfilter_gentech_driver.c | 225 +++++-
src/nwfilter/nwfilter_gentech_driver.h | 11 +
22 files changed, 1445 insertions(+), 136 deletions(-)
create mode 100644 examples/xml/nwfilter/allow-arpip.xml
create mode 100644 examples/xml/nwfilter/allow-arpmac.xml
create mode 100644 examples/xml/nwfilter/no-arpip-spoofing.xml
create mode 100644 examples/xml/nwfilter/no-arpmac-spoofing.xml
delete mode 100644 examples/xml/nwfilter/no-other-rarp-traffic.xml
create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.c
create mode 100644 src/nwfilter/nwfilter_dhcpsnoop.h
--
1.7.6.4
13 years, 1 month
[libvirt] [PATCH] build: use gnulib fdatasync
by Eric Blake
Commit 1726a73 hacked around MacOS' lack of fdatasync, since
gnulib did not have it at the time. But now that we use newer
gnulib, we can avoid the hack.
* bootstrap.conf (gnulib_modules): Add fdatasync.
* configure.ac (AC_CHECK_FUNCS_ONCE): Drop our own check.
---
bootstrap.conf | 1 +
configure.ac | 5 +----
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/bootstrap.conf b/bootstrap.conf
index d029253..0faa2e2 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -40,6 +40,7 @@ environ
fclose
fcntl
fcntl-h
+fdatasync
ffs
fnmatch
fsync
diff --git a/configure.ac b/configure.ac
index df19445..6a0936a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -135,12 +135,9 @@ AC_CHECK_SIZEOF([long])
dnl Availability of various common functions (non-fatal if missing),
dnl and various less common threadsafe functions
-AC_CHECK_FUNCS_ONCE([cfmakeraw fdatasync geteuid getgid getgrnam_r getmntent_r \
+AC_CHECK_FUNCS_ONCE([cfmakeraw geteuid getgid getgrnam_r getmntent_r \
getpwuid_r getuid initgroups kill mmap posix_fallocate posix_memalign \
regexec sched_getaffinity])
-if test $ac_cv_func_fdatasync = no; then
- AC_DEFINE([fdatasync], [fsync], [Define to fsync if you lack fdatasync])
-fi
dnl Availability of pthread functions (if missing, win32 threading is
dnl assumed). Because of $LIB_PTHREAD, we cannot use AC_CHECK_FUNCS_ONCE.
--
1.7.4.4
13 years, 1 month
[libvirt] [PATCH/RFC] Introduce VIR_MIGRATE_FORCE flag to allow for risky migration
by Guido Günther
Hi,
Migration will be disallowed when the vm uses host devices or has
snapshots (qemuMigrationIsAllowed)[1]. Would it make sense to introduce
a VIR_MIGRATE_FORCE similar to VIR_REVERT_FORCE here? We could then
introduce error codes similar to the snapshot case
(VIR_ERR_MIGRATE_RISKY).
This path is just to illustrate the idea not to be applied as is.
Cheers,
-- Guido
[1] Hopefully we can make migration with snapshots safe in the future by
transfering the metadata. A current hack around is to put this onto
shared storage and reread it on the destination side after migration.
13 years, 1 month
[libvirt] [PATCH 0/4] New APIs and virsh commands to manage saved-state & core-dump files
by Hong Xiang
This patch series is a followup of "[PATCH 0/3] Restrict saved-state and
core-dump files in controlled directories". A few new APIs and virsh
commands are added to manage saved-state & core-dump files.
Hong Xiang (4):
New APIs to manage saved-state & core-dump files.
qemu driver for new APIs to manage saved-state & core-dump files
remote driver for new APIs to manage saved-state & core-dump files
New virsh commands to manage saved-state and core-dump files
include/libvirt/libvirt.h.in | 18 +++
python/generator.py | 2 +
python/libvirt-override-api.xml | 10 ++
python/libvirt-override.c | 92 ++++++++++++
src/driver.h | 34 +++++
src/libvirt.c | 314 +++++++++++++++++++++++++++++++++++++++
src/libvirt_public.syms | 12 ++
src/qemu/qemu_driver.c | 253 +++++++++++++++++++++++++++++++
src/remote/remote_driver.c | 8 +
src/remote/remote_protocol.x | 61 ++++++++-
src/rpc/gendispatch.pl | 1 +
tools/virsh.c | 309 ++++++++++++++++++++++++++++++++++++++
12 files changed, 1113 insertions(+), 1 deletions(-)
13 years, 1 month
[libvirt] [PATCH] fix compile error :undefined reference to `virFileAccessibleAs'
by taget@linux.vnet.ibm.com
From: Eli Qiao <taget(a)linux.vnet.ibm.com>
Signed-off-by: Eli Qiao <taget(a)linux.vnet.ibm.com>
---
src/libvirt_private.syms | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 3f97e23..e888204 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1154,6 +1154,7 @@ virTimeMs;
virTimestamp;
virTrimSpaces;
virVasprintf;
+virFileAccessibleAs;
# uuid.h
--
1.7.4.4
13 years, 1 month
