November 2011 - Devel - Libvirt List Archives

[libvirt] nwfilter: Enable detection of multiple IP addresses

by Stefan Berger

In preparation of DHCP Snooping and the detection of multiple IP addresses per interface: The hash table that is used to collect the detected IP address of an interface can so far only handle one IP address per interface. With this patch we extend this to allow it to handle a list of IP addresses. Above changes the returned variable type of virNWFilterGetIpAddrForIfname() from char * to virNWFilterVarValuePtr; adapt all existing functions calling this function. --- src/conf/nwfilter_params.c | 62 ++++++++++++++++++-- src/conf/nwfilter_params.h | 7 +- src/libvirt_private.syms | 5 + src/nwfilter/nwfilter_gentech_driver.c | 21 ++----- src/nwfilter/nwfilter_gentech_driver.h | 2 src/nwfilter/nwfilter_learnipaddr.c | 98 +++++++++++++++++++++++++-------- src/nwfilter/nwfilter_learnipaddr.h | 6 +- 7 files changed, 155 insertions(+), 46 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c @@ -310,41 +310,97 @@ virNWFilterDeregisterLearnReq(int ifinde return res; } - - +/* Add an IP address to the list of IP addresses an interface is + * known to use. This function feeds the per-interface cache that + * is used to instantiate filters with variable '$IP'. + * + * @ifname: The name of the (tap) interface + * @addr: An IPv4 address in dotted decimal format that the (tap) + * interface is known to use. + * + * This function returns 0 on success, -1 otherwise + */ static int -virNWFilterAddIpAddrForIfname(const char *ifname, char *addr) { +virNWFilterAddIpAddrForIfname(const char *ifname, char *addr) +{ int ret; - virNWFilterVarValuePtr val = virNWFilterVarValueCreateSimple(addr); - - if (!val) - return 1; + virNWFilterVarValuePtr val; virMutexLock(&ipAddressMapLock); - ret = virNWFilterHashTablePut(ipAddressMap, ifname, val, 1); + val = virHashLookup(ipAddressMap->hashTable, ifname); + if (!val) { + val = virNWFilterVarValueCreateSimple(addr); + if (!val) { + virReportOOMError(); + ret = -1; + goto err_exit; + } + ret = virNWFilterHashTablePut(ipAddressMap, ifname, val, 1); + } else { + if (virNWFilterVarValueAddValue(val, addr) < 0) + ret = -1; + } +err_exit: virMutexUnlock(&ipAddressMapLock); return ret; } #endif - -void -virNWFilterDelIpAddrForIfname(const char *ifname) { +/* Delete all or a specific IP address from an interface. + * + * @ifname: The name of the (tap) interface + * @addr: An IPv4 address in dotted decimal format that the (tap) + * interface is not using anymore; provide NULL to remove all IP + * addresses associated with the given interface + * + * This function returns the number of IP addresses that are still + * known to be associated with this interface, in case of an error + * -1 is returned. Error conditions are: + * - no IP addresses is known to be associated with an interface + */ +int +virNWFilterDelIpAddrForIfname(const char *ifname, const char *ipaddr) +{ + int ret = -1; + virNWFilterVarValuePtr val = NULL; virMutexLock(&ipAddressMapLock); - if (virHashLookup(ipAddressMap->hashTable, ifname)) - virNWFilterHashTableRemoveEntry(ipAddressMap, ifname); + if (ipaddr != NULL) { + val = virHashLookup(ipAddressMap->hashTable, ifname); + if (val) { + if (virNWFilterVarValueGetCardinality(val) == 1) + goto remove_entry; + virNWFilterVarValueDelValue(val, ipaddr); + ret = virNWFilterVarValueGetCardinality(val); + } + } else { +remove_entry: + /* remove whole entry */ + val = virNWFilterHashTableRemoveEntry(ipAddressMap, ifname); + if (val) { + ret = 0; + virNWFilterVarValueFree(val); + } + } virMutexUnlock(&ipAddressMapLock); -} + return ret; +} -const char * -virNWFilterGetIpAddrForIfname(const char *ifname) { +/* Get the list of IP addresses known to be in use by an interface + * + * This function returns NULL in case no IP address is known to be + * associated with the interface, a virNWFilterVarValuePtr otherwise + * that then can contain one or multiple entries. + */ +virNWFilterVarValuePtr +virNWFilterGetIpAddrForIfname(const char *ifname) +{ virNWFilterVarValuePtr res; virMutexLock(&ipAddressMapLock); @@ -353,10 +409,7 @@ virNWFilterGetIpAddrForIfname(const char virMutexUnlock(&ipAddressMapLock); - if (res) - return virNWFilterVarValueGetSimple(res); - - return NULL; + return res; } @@ -642,7 +695,10 @@ learnIPAddressThread(void *arg) char *inetaddr; if ((inetaddr = virSocketAddrFormat(&sa))!= NULL) { - virNWFilterAddIpAddrForIfname(req->ifname, inetaddr); + if (virNWFilterAddIpAddrForIfname(req->ifname, inetaddr) < 0) { + VIR_ERROR("Failed to add IP address %s to IP address cache " + "for interface %s", inetaddr, req->ifname); + } ret = virNWFilterInstantiateFilterLate(NULL, req->ifname, Index: libvirt-acl/src/libvirt_private.syms =================================================================== --- libvirt-acl.orig/src/libvirt_private.syms +++ libvirt-acl/src/libvirt_private.syms @@ -846,9 +846,14 @@ virNWFilterVarCombIterCreate; virNWFilterVarCombIterFree; virNWFilterVarCombIterGetVarValue; virNWFilterVarCombIterNext; +virNWFilterVarValueAddValue; +virNWFilterVarValueCopy; virNWFilterVarValueCreateSimple; virNWFilterVarValueCreateSimpleCopyValue; +virNWFilterVarValueDelValue; +virNWFilterVarValueFree; virNWFilterVarValueGetSimple; +virNWFilterVarValueGetCardinality; # pci.h Index: libvirt-acl/src/conf/nwfilter_params.c =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_params.c +++ libvirt-acl/src/conf/nwfilter_params.c @@ -37,7 +37,7 @@ static bool isValidVarValue(const char *value); -static void +void virNWFilterVarValueFree(virNWFilterVarValuePtr val) { unsigned i; @@ -60,7 +60,7 @@ virNWFilterVarValueFree(virNWFilterVarVa VIR_FREE(val); } -static virNWFilterVarValuePtr +virNWFilterVarValuePtr virNWFilterVarValueCopy(const virNWFilterVarValuePtr val) { virNWFilterVarValuePtr res; @@ -222,6 +222,56 @@ virNWFilterVarValueAddValue(virNWFilterV return rc; } +static int +virNWFilterVarValueDelNthValue(virNWFilterVarValuePtr val, unsigned int pos) +{ + switch (val->valType) { + case NWFILTER_VALUE_TYPE_SIMPLE: + return -1; + + case NWFILTER_VALUE_TYPE_ARRAY: + if (pos < val->u.array.nValues) { + VIR_FREE(val->u.array.values[pos]); + val->u.array.nValues--; + + if (pos < val->u.array.nValues) + memmove(&val->u.array.values[pos], + &val->u.array.values[pos + 1], + sizeof(val->u.array.values[0]) * + (val->u.array.nValues - pos)); + return 0; + } + break; + + case NWFILTER_VALUE_TYPE_LAST: + break; + } + + return -1; +} + +int +virNWFilterVarValueDelValue(virNWFilterVarValuePtr val, const char *value) +{ + unsigned int i; + + switch (val->valType) { + case NWFILTER_VALUE_TYPE_SIMPLE: + return -1; + + case NWFILTER_VALUE_TYPE_ARRAY: + for (i = 0; i < val->u.array.nValues; i++) + if (STREQ(value, val->u.array.values[i])) + return virNWFilterVarValueDelNthValue(val, i); + break; + + case NWFILTER_VALUE_TYPE_LAST: + break; + } + + return -1; +} + void virNWFilterVarCombIterFree(virNWFilterVarCombIterPtr ci) { @@ -521,14 +571,14 @@ virNWFilterHashTableCreate(int n) { } -int +void * virNWFilterHashTableRemoveEntry(virNWFilterHashTablePtr ht, const char *entry) { int i; - int rc = virHashRemoveEntry(ht->hashTable, entry); + void *value = virHashSteal(ht->hashTable, entry); - if (rc == 0) { + if (value) { for (i = 0; i < ht->nNames; i++) { if (STREQ(ht->names[i], entry)) { VIR_FREE(ht->names[i]); @@ -538,7 +588,7 @@ virNWFilterHashTableRemoveEntry(virNWFil } } } - return rc; + return value; } Index: libvirt-acl/src/conf/nwfilter_params.h =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_params.h +++ libvirt-acl/src/conf/nwfilter_params.h @@ -50,11 +50,14 @@ struct _virNWFilterVarValue { virNWFilterVarValuePtr virNWFilterVarValueCreateSimple(char *); virNWFilterVarValuePtr virNWFilterVarValueCreateSimpleCopyValue(const char *); +virNWFilterVarValuePtr virNWFilterVarValueCopy(const virNWFilterVarValuePtr); +void virNWFilterVarValueFree(virNWFilterVarValuePtr val); const char *virNWFilterVarValueGetSimple(const virNWFilterVarValuePtr val); const char *virNWFilterVarValueGetNthValue(virNWFilterVarValuePtr val, unsigned int idx); unsigned int virNWFilterVarValueGetCardinality(const virNWFilterVarValuePtr); int virNWFilterVarValueAddValue(virNWFilterVarValuePtr val, char *value); +int virNWFilterVarValueDelValue(virNWFilterVarValuePtr val, const char *value); typedef struct _virNWFilterHashTable virNWFilterHashTable; typedef virNWFilterHashTable *virNWFilterHashTablePtr; @@ -77,8 +80,8 @@ int virNWFilterHashTablePut(virNWFilterH const char *name, virNWFilterVarValuePtr val, int freeName); -int virNWFilterHashTableRemoveEntry(virNWFilterHashTablePtr table, - const char *name); +void *virNWFilterHashTableRemoveEntry(virNWFilterHashTablePtr table, + const char *name); int virNWFilterHashTablePutAll(virNWFilterHashTablePtr src, virNWFilterHashTablePtr dest); Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.h +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h @@ -61,7 +61,7 @@ int virNWFilterInstantiateFilterLate(vir int virNWFilterTeardownFilter(const virDomainNetDefPtr net); virNWFilterHashTablePtr virNWFilterCreateVarHashmap(char *macaddr, - char *ipaddr); + const virNWFilterVarValuePtr); void virNWFilterDomainFWUpdateCB(void *payload, const void *name, Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c @@ -145,7 +145,7 @@ virNWFilterRuleInstFree(virNWFilterRuleI static int virNWFilterVarHashmapAddStdValues(virNWFilterHashTablePtr table, char *macaddr, - char *ipaddr) + const virNWFilterVarValuePtr ipaddr) { virNWFilterVarValue *val; @@ -164,7 +164,7 @@ virNWFilterVarHashmapAddStdValues(virNWF } if (ipaddr) { - val = virNWFilterVarValueCreateSimple(ipaddr); + val = virNWFilterVarValueCopy(ipaddr); if (!val) return 1; @@ -194,7 +194,8 @@ virNWFilterVarHashmapAddStdValues(virNWF * is attached to the virConnect object. */ virNWFilterHashTablePtr -virNWFilterCreateVarHashmap(char *macaddr, char *ipaddr) { +virNWFilterCreateVarHashmap(char *macaddr, + const virNWFilterVarValuePtr ipaddr) { virNWFilterHashTablePtr table = virNWFilterHashTableCreate(0); if (!table) { virReportOOMError(); @@ -796,7 +797,7 @@ __virNWFilterInstantiateFilter(virConnec virNWFilterDefPtr filter; char vmmacaddr[VIR_MAC_STRING_BUFLEN] = {0}; char *str_macaddr = NULL; - const char *ipaddr; + virNWFilterVarValuePtr ipaddr; char *str_ipaddr = NULL; techdriver = virNWFilterTechDriverForName(drvname); @@ -836,16 +837,8 @@ __virNWFilterInstantiateFilter(virConnec } ipaddr = virNWFilterGetIpAddrForIfname(ifname); - if (ipaddr) { - str_ipaddr = strdup(ipaddr); - if (!str_ipaddr) { - virReportOOMError(); - rc = 1; - goto err_exit; - } - } - vars1 = virNWFilterCreateVarHashmap(str_macaddr, str_ipaddr); + vars1 = virNWFilterCreateVarHashmap(str_macaddr, ipaddr); if (!vars1) { rc = 1; goto err_exit; @@ -1101,7 +1094,7 @@ _virNWFilterTeardownFilter(const char *i techdriver->allTeardown(ifname); - virNWFilterDelIpAddrForIfname(ifname); + virNWFilterDelIpAddrForIfname(ifname, NULL); virNWFilterUnlockIface(ifname); Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.h =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.h +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.h @@ -25,6 +25,8 @@ #ifndef __NWFILTER_LEARNIPADDR_H # define __NWFILTER_LEARNIPADDR_H +# include "conf/nwfilter_params.h" + enum howDetect { DETECT_DHCP = 1, DETECT_STATIC = 2, @@ -63,8 +65,8 @@ int virNWFilterLearnIPAddress(virNWFilte virNWFilterIPAddrLearnReqPtr virNWFilterLookupLearnReq(int ifindex); int virNWFilterTerminateLearnReq(const char *ifname); -void virNWFilterDelIpAddrForIfname(const char *ifname); -const char *virNWFilterGetIpAddrForIfname(const char *ifname); +int virNWFilterDelIpAddrForIfname(const char *ifname, const char *ipaddr); +virNWFilterVarValuePtr virNWFilterGetIpAddrForIfname(const char *ifname); int virNWFilterLockIface(const char *ifname) ATTRIBUTE_RETURN_CHECK; void virNWFilterUnlockIface(const char *ifname);

13 years

2
2
0 / 0

[libvirt] [PATCH] nwfilter: Pass additional parameter into applyDHCPOnly function

by Stefan Berger

In preparation for the DHCP Snooping code: Pass an additional parameter into the applyDHCPOnly function of the 'techdriver'. --- src/conf/nwfilter_conf.h | 3 ++- src/nwfilter/nwfilter_ebiptables_driver.c | 13 ++++++++++--- src/nwfilter/nwfilter_learnipaddr.c | 2 +- 3 files changed, 13 insertions(+), 5 deletions(-) Index: libvirt-acl/src/conf/nwfilter_conf.h =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.h +++ libvirt-acl/src/conf/nwfilter_conf.h @@ -630,7 +630,8 @@ typedef int (*virNWFilterApplyBasicRules typedef int (*virNWFilterApplyDHCPOnlyRules)(const char *ifname, const unsigned char *macaddr, - const char *dhcpserver); + const char *dhcpserver, + bool leaveTemporary); typedef int (*virNWFilterRemoveBasicRules)(const char *ifname); Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3191,6 +3191,9 @@ tear_down_tmpebchains: * interface * @dhcpserver: The DHCP server from which the VM may receive traffic * from; may be NULL + * @leaveTemporary: Whether to leave the table names with their temporary + * names (true) or also perform the renaming to their final names as + * part of this call (false) * * Returns 0 on success, 1 on failure with the rules removed * @@ -3200,7 +3203,8 @@ tear_down_tmpebchains: static int ebtablesApplyDHCPOnlyRules(const char *ifname, const unsigned char *macaddr, - const char *dhcpserver) + const char *dhcpserver, + bool leaveTemporary) { virBuffer buf = VIR_BUFFER_INITIALIZER; char chain_in [MAX_CHAINNAME_LENGTH], @@ -3281,8 +3285,11 @@ ebtablesApplyDHCPOnlyRules(const char *i ebtablesLinkTmpRootChain(&buf, 1, ifname, 1); ebtablesLinkTmpRootChain(&buf, 0, ifname, 1); - ebtablesRenameTmpRootChain(&buf, 1, ifname); - ebtablesRenameTmpRootChain(&buf, 0, ifname); + + if (!leaveTemporary) { + ebtablesRenameTmpRootChain(&buf, 1, ifname); + ebtablesRenameTmpRootChain(&buf, 0, ifname); + } if (ebiptablesExecCLI(&buf, NULL, NULL) < 0) goto tear_down_tmpebchains; Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c @@ -460,7 +460,7 @@ learnIPAddressThread(void *arg) case DETECT_DHCP: if (techdriver->applyDHCPOnlyRules(req->ifname, req->macaddr, - NULL)) { + NULL, false)) { req->status = EINVAL; goto done; }

13 years

2
1
0 / 0

[libvirt] [PATCH V2 0/5] NWFilter: Filter more protocols and other extensions

by Stefan Berger

This patch series adds: - support for a 'mac' chain - filtering support for STP (spanning tree protocol) - better error reporting if ebtables/ip(6)table commands fail v2: - shortened series since VLAN patches have been pushed - addressed Eric Blake's comments Regards, Stefan

13 years

2
12
0 / 0

[libvirt] [PATCH v2 2/2] nwfilter: use shell variable to invoke 'ip(6)tables' command

by Stefan Berger

Introduce a shell variable 'IBT' to invoke the ip(6)tables command. Tested with libvirt-tck. --- v2: - rebased --- src/nwfilter/nwfilter_ebiptables_driver.c | 313 ++++++++++++++---------------- 1 file changed, 155 insertions(+), 158 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -147,6 +147,10 @@ static const char ebiptables_script_set_ #define NWFILTER_SET_EBTABLES_SHELLVAR(BUFPTR) \ virBufferAsprintf(BUFPTR, "EBT=%s\n", ebtables_cmd_path); +#define NWFILTER_SET_IPTABLES_SHELLVAR(BUFPTR) \ + virBufferAsprintf(BUFPTR, "IPT=%s\n", iptables_cmd_path); +#define NWFILTER_SET_IP6TABLES_SHELLVAR(BUFPTR) \ + virBufferAsprintf(BUFPTR, "IPT=%s\n", ip6tables_cmd_path); #define VIRT_IN_CHAIN "libvirt-in" #define VIRT_OUT_CHAIN "libvirt-out" @@ -494,66 +498,60 @@ ebtablesHandleEthHdr(virBufferPtr buf, /************************ iptables support ************************/ -static int iptablesLinkIPTablesBaseChain(const char *iptables_cmd, - virBufferPtr buf, +static int iptablesLinkIPTablesBaseChain(virBufferPtr buf, const char *udchain, const char *syschain, unsigned int pos, int stopOnError) { virBufferAsprintf(buf, - "res=$(%s -L %s -n --line-number | " + "res=$($IPT -L %s -n --line-number | " "%s \" %s \")\n" "if [ $? -ne 0 ]; then\n" - " %s -I %s %d -j %s\n" + " $IPT -I %s %d -j %s\n" "else\n" " r=$(echo $res | %s '{print $1}')\n" " if [ \"${r}\" != \"%d\" ]; then\n" - " " CMD_DEF("%s -I %s %d -j %s") CMD_SEPARATOR + " " CMD_DEF("$IPT -I %s %d -j %s") CMD_SEPARATOR " " CMD_EXEC " %s" " r=$(( $r + 1 ))\n" - " " CMD_DEF("%s -D %s ${r}") CMD_SEPARATOR + " " CMD_DEF("$IPT -D %s ${r}") CMD_SEPARATOR " " CMD_EXEC " %s" " fi\n" "fi\n", - iptables_cmd, syschain, + syschain, grep_cmd_path, udchain, - iptables_cmd, syschain, pos, udchain, + syschain, pos, udchain, gawk_cmd_path, pos, - iptables_cmd, syschain, pos, udchain, + syschain, pos, udchain, CMD_STOPONERR(stopOnError), - iptables_cmd, syschain, + syschain, CMD_STOPONERR(stopOnError)); return 0; } -static int iptablesCreateBaseChains(const char *iptables_cmd, - virBufferPtr buf) +static int iptablesCreateBaseChains(virBufferPtr buf) { - virBufferAsprintf(buf,"%s -N " VIRT_IN_CHAIN CMD_SEPARATOR - "%s -N " VIRT_OUT_CHAIN CMD_SEPARATOR - "%s -N " VIRT_IN_POST_CHAIN CMD_SEPARATOR - "%s -N " HOST_IN_CHAIN CMD_SEPARATOR, - iptables_cmd, - iptables_cmd, - iptables_cmd, - iptables_cmd); - iptablesLinkIPTablesBaseChain(iptables_cmd, buf, + virBufferAddLit(buf, "$IPT -N " VIRT_IN_CHAIN CMD_SEPARATOR + "$IPT -N " VIRT_OUT_CHAIN CMD_SEPARATOR + "$IPT -N " VIRT_IN_POST_CHAIN CMD_SEPARATOR + "$IPT -N " HOST_IN_CHAIN CMD_SEPARATOR); + iptablesLinkIPTablesBaseChain(buf, VIRT_IN_CHAIN , "FORWARD", 1, 1); - iptablesLinkIPTablesBaseChain(iptables_cmd, buf, + iptablesLinkIPTablesBaseChain(buf, VIRT_OUT_CHAIN , "FORWARD", 2, 1); - iptablesLinkIPTablesBaseChain(iptables_cmd, buf, + iptablesLinkIPTablesBaseChain(buf, VIRT_IN_POST_CHAIN, "FORWARD", 3, 1); - iptablesLinkIPTablesBaseChain(iptables_cmd, buf, + iptablesLinkIPTablesBaseChain(buf, HOST_IN_CHAIN , "INPUT" , 1, 1); return 0; @@ -561,8 +559,7 @@ static int iptablesCreateBaseChains(cons static int -iptablesCreateTmpRootChain(const char *iptables_cmd, - virBufferPtr buf, +iptablesCreateTmpRootChain(virBufferPtr buf, char prefix, int incoming, const char *ifname, int stopOnError) @@ -577,10 +574,9 @@ iptablesCreateTmpRootChain(const char *i PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - CMD_DEF("%s -N %s") CMD_SEPARATOR + CMD_DEF("$IPT -N %s") CMD_SEPARATOR CMD_EXEC "%s", - iptables_cmd, chain, CMD_STOPONERR(stopOnError)); @@ -589,20 +585,18 @@ iptablesCreateTmpRootChain(const char *i static int -iptablesCreateTmpRootChains(const char *iptables_cmd, - virBufferPtr buf, +iptablesCreateTmpRootChains(virBufferPtr buf, const char *ifname) { - iptablesCreateTmpRootChain(iptables_cmd, buf, 'F', 0, ifname, 1); - iptablesCreateTmpRootChain(iptables_cmd, buf, 'F', 1, ifname, 1); - iptablesCreateTmpRootChain(iptables_cmd, buf, 'H', 1, ifname, 1); + iptablesCreateTmpRootChain(buf, 'F', 0, ifname, 1); + iptablesCreateTmpRootChain(buf, 'F', 1, ifname, 1); + iptablesCreateTmpRootChain(buf, 'H', 1, ifname, 1); return 0; } static int -_iptablesRemoveRootChain(const char *iptables_cmd, - virBufferPtr buf, +_iptablesRemoveRootChain(virBufferPtr buf, char prefix, int incoming, const char *ifname, int isTempChain) @@ -622,66 +616,60 @@ _iptablesRemoveRootChain(const char *ipt PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - "%s -F %s" CMD_SEPARATOR - "%s -X %s" CMD_SEPARATOR, - iptables_cmd, chain, - iptables_cmd, chain); + "$IPT -F %s" CMD_SEPARATOR + "$IPT -X %s" CMD_SEPARATOR, + chain, + chain); return 0; } static int -iptablesRemoveRootChain(const char *iptables_cmd, - virBufferPtr buf, +iptablesRemoveRootChain(virBufferPtr buf, char prefix, int incoming, const char *ifname) { - return _iptablesRemoveRootChain(iptables_cmd, - buf, prefix, incoming, ifname, 0); + return _iptablesRemoveRootChain(buf, prefix, incoming, ifname, 0); } static int -iptablesRemoveTmpRootChain(const char *iptables_cmd, - virBufferPtr buf, +iptablesRemoveTmpRootChain(virBufferPtr buf, char prefix, int incoming, const char *ifname) { - return _iptablesRemoveRootChain(iptables_cmd, buf, prefix, + return _iptablesRemoveRootChain(buf, prefix, incoming, ifname, 1); } static int -iptablesRemoveTmpRootChains(const char *iptables_cmd, - virBufferPtr buf, +iptablesRemoveTmpRootChains(virBufferPtr buf, const char *ifname) { - iptablesRemoveTmpRootChain(iptables_cmd, buf, 'F', 0, ifname); - iptablesRemoveTmpRootChain(iptables_cmd, buf, 'F', 1, ifname); - iptablesRemoveTmpRootChain(iptables_cmd, buf, 'H', 1, ifname); + iptablesRemoveTmpRootChain(buf, 'F', 0, ifname); + iptablesRemoveTmpRootChain(buf, 'F', 1, ifname); + iptablesRemoveTmpRootChain(buf, 'H', 1, ifname); return 0; } static int -iptablesRemoveRootChains(const char *iptables_cmd, - virBufferPtr buf, +iptablesRemoveRootChains(virBufferPtr buf, const char *ifname) { - iptablesRemoveRootChain(iptables_cmd, buf, 'F', 0, ifname); - iptablesRemoveRootChain(iptables_cmd, buf, 'F', 1, ifname); - iptablesRemoveRootChain(iptables_cmd, buf, 'H', 1, ifname); + iptablesRemoveRootChain(buf, 'F', 0, ifname); + iptablesRemoveRootChain(buf, 'F', 1, ifname); + iptablesRemoveRootChain(buf, 'H', 1, ifname); return 0; } static int -iptablesLinkTmpRootChain(const char *iptables_cmd, - virBufferPtr buf, +iptablesLinkTmpRootChain(virBufferPtr buf, const char *basechain, char prefix, int incoming, const char *ifname, @@ -699,11 +687,10 @@ iptablesLinkTmpRootChain(const char *ipt PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - CMD_DEF("%s -A %s " + CMD_DEF("$IPT -A %s " "%s %s -g %s") CMD_SEPARATOR CMD_EXEC "%s", - iptables_cmd, basechain, match, ifname, chain, @@ -714,37 +701,33 @@ iptablesLinkTmpRootChain(const char *ipt static int -iptablesLinkTmpRootChains(const char *cmd, - virBufferPtr buf, +iptablesLinkTmpRootChains(virBufferPtr buf, const char *ifname) { - iptablesLinkTmpRootChain(cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname, 1); - iptablesLinkTmpRootChain(cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname, 1); - iptablesLinkTmpRootChain(cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname, 1); + iptablesLinkTmpRootChain(buf, VIRT_OUT_CHAIN, 'F', 0, ifname, 1); + iptablesLinkTmpRootChain(buf, VIRT_IN_CHAIN , 'F', 1, ifname, 1); + iptablesLinkTmpRootChain(buf, HOST_IN_CHAIN , 'H', 1, ifname, 1); return 0; } static int -iptablesSetupVirtInPost(const char *iptables_cmd, - virBufferPtr buf, +iptablesSetupVirtInPost(virBufferPtr buf, const char *ifname) { const char *match = MATCH_PHYSDEV_IN; virBufferAsprintf(buf, - "res=$(%s -n -L " VIRT_IN_POST_CHAIN + "res=$($IPT -n -L " VIRT_IN_POST_CHAIN " | grep \"\\%s %s\")\n" "if [ \"${res}\" = \"\" ]; then " - CMD_DEF("%s" + CMD_DEF("$IPT" " -A " VIRT_IN_POST_CHAIN " %s %s -j ACCEPT") CMD_SEPARATOR CMD_EXEC "%s" "fi\n", - iptables_cmd, PHYSDEV_IN, ifname, - iptables_cmd, match, ifname, CMD_STOPONERR(1)); return 0; @@ -752,22 +735,19 @@ iptablesSetupVirtInPost(const char *ipta static int -iptablesClearVirtInPost(const char *iptables_cmd, - virBufferPtr buf, +iptablesClearVirtInPost(virBufferPtr buf, const char *ifname) { const char *match = MATCH_PHYSDEV_IN; virBufferAsprintf(buf, - "%s -D " VIRT_IN_POST_CHAIN + "$IPT -D " VIRT_IN_POST_CHAIN " %s %s -j ACCEPT" CMD_SEPARATOR, - iptables_cmd, match, ifname); return 0; } static int -_iptablesUnlinkRootChain(const char *iptables_cmd, - virBufferPtr buf, +_iptablesUnlinkRootChain(virBufferPtr buf, const char *basechain, char prefix, int incoming, const char *ifname, @@ -789,9 +769,8 @@ _iptablesUnlinkRootChain(const char *ipt PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - "%s -D %s " + "$IPT -D %s " "%s %s -g %s" CMD_SEPARATOR, - iptables_cmd, basechain, match, ifname, chain); @@ -800,57 +779,52 @@ _iptablesUnlinkRootChain(const char *ipt static int -iptablesUnlinkRootChain(const char *iptables_cmd, - virBufferPtr buf, +iptablesUnlinkRootChain(virBufferPtr buf, const char *basechain, char prefix, int incoming, const char *ifname) { - return _iptablesUnlinkRootChain(iptables_cmd, buf, + return _iptablesUnlinkRootChain(buf, basechain, prefix, incoming, ifname, 0); } static int -iptablesUnlinkTmpRootChain(const char *iptables_cmd, - virBufferPtr buf, +iptablesUnlinkTmpRootChain(virBufferPtr buf, const char *basechain, char prefix, int incoming, const char *ifname) { - return _iptablesUnlinkRootChain(iptables_cmd, buf, + return _iptablesUnlinkRootChain(buf, basechain, prefix, incoming, ifname, 1); } static int -iptablesUnlinkRootChains(const char *cmd, - virBufferPtr buf, +iptablesUnlinkRootChains(virBufferPtr buf, const char *ifname) { - iptablesUnlinkRootChain(cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname); - iptablesUnlinkRootChain(cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname); - iptablesUnlinkRootChain(cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname); + iptablesUnlinkRootChain(buf, VIRT_OUT_CHAIN, 'F', 0, ifname); + iptablesUnlinkRootChain(buf, VIRT_IN_CHAIN , 'F', 1, ifname); + iptablesUnlinkRootChain(buf, HOST_IN_CHAIN , 'H', 1, ifname); return 0; } static int -iptablesUnlinkTmpRootChains(const char *cmd, - virBufferPtr buf, +iptablesUnlinkTmpRootChains(virBufferPtr buf, const char *ifname) { - iptablesUnlinkTmpRootChain(cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname); - iptablesUnlinkTmpRootChain(cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname); - iptablesUnlinkTmpRootChain(cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname); + iptablesUnlinkTmpRootChain(buf, VIRT_OUT_CHAIN, 'F', 0, ifname); + iptablesUnlinkTmpRootChain(buf, VIRT_IN_CHAIN , 'F', 1, ifname); + iptablesUnlinkTmpRootChain(buf, HOST_IN_CHAIN , 'H', 1, ifname); return 0; } static int -iptablesRenameTmpRootChain(const char *iptables_cmd, - virBufferPtr buf, +iptablesRenameTmpRootChain(virBufferPtr buf, char prefix, int incoming, const char *ifname) @@ -871,8 +845,7 @@ iptablesRenameTmpRootChain(const char *i PRINT_IPT_ROOT_CHAIN( chain, chainPrefix, ifname); virBufferAsprintf(buf, - "%s -E %s %s" CMD_SEPARATOR, - iptables_cmd, + "$IPT -E %s %s" CMD_SEPARATOR, tmpchain, chain); return 0; @@ -880,13 +853,12 @@ iptablesRenameTmpRootChain(const char *i static int -iptablesRenameTmpRootChains(const char *iptables_cmd, - virBufferPtr buf, +iptablesRenameTmpRootChains(virBufferPtr buf, const char *ifname) { - iptablesRenameTmpRootChain(iptables_cmd, buf, 'F', 0, ifname); - iptablesRenameTmpRootChain(iptables_cmd, buf, 'F', 1, ifname); - iptablesRenameTmpRootChain(iptables_cmd, buf, 'H', 1, ifname); + iptablesRenameTmpRootChain(buf, 'F', 0, ifname); + iptablesRenameTmpRootChain(buf, 'F', 1, ifname); + iptablesRenameTmpRootChain(buf, 'H', 1, ifname); return 0; } @@ -1260,8 +1232,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_TCP: case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p tcp"); @@ -1316,8 +1287,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_UDP: case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p udp"); @@ -1350,8 +1320,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE: case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p udplite"); @@ -1379,8 +1348,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_ESP: case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p esp"); @@ -1408,8 +1376,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_AH: case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p ah"); @@ -1437,8 +1404,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_SCTP: case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p sctp"); @@ -1471,8 +1437,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_ICMP: case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); if (rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP) @@ -1537,8 +1502,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_IGMP: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p igmp"); @@ -1566,8 +1530,7 @@ _iptablesCreateRuleInstance(int directio case VIR_NWFILTER_RULE_PROTOCOL_ALL: case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -%%c %s %%s", - iptables_cmd, + CMD_DEF_PRE "$IPT -%%c %s %%s", chain); virBufferAddLit(&buf, " -p all"); @@ -3692,24 +3655,32 @@ ebiptablesApplyNewRules(virConnectPtr co goto tear_down_tmpebchains; if (haveIptables) { - iptablesUnlinkTmpRootChains(iptables_cmd_path, &buf, ifname); - iptablesRemoveTmpRootChains(iptables_cmd_path, &buf, ifname); + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + iptablesUnlinkTmpRootChains(&buf, ifname); + iptablesRemoveTmpRootChains(&buf, ifname); - iptablesCreateBaseChains(iptables_cmd_path, &buf); + iptablesCreateBaseChains(&buf); if (ebiptablesExecCLI(&buf, NULL, &errmsg) < 0) goto tear_down_tmpebchains; - iptablesCreateTmpRootChains(iptables_cmd_path, &buf, ifname); + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + iptablesCreateTmpRootChains(&buf, ifname); if (ebiptablesExecCLI(&buf, NULL, &errmsg) < 0) goto tear_down_tmpiptchains; - iptablesLinkTmpRootChains(iptables_cmd_path, &buf, ifname); - iptablesSetupVirtInPost(iptables_cmd_path, &buf, ifname); + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + iptablesLinkTmpRootChains(&buf, ifname); + iptablesSetupVirtInPost(&buf, ifname); if (ebiptablesExecCLI(&buf, NULL, &errmsg) < 0) goto tear_down_tmpiptchains; + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + for (i = 0; i < nruleInstances; i++) { sa_assert (inst); if (inst[i]->ruleType == RT_IPTABLES) @@ -3725,24 +3696,32 @@ ebiptablesApplyNewRules(virConnectPtr co } if (haveIp6tables) { - iptablesUnlinkTmpRootChains(ip6tables_cmd_path, &buf, ifname); - iptablesRemoveTmpRootChains(ip6tables_cmd_path, &buf, ifname); + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + + iptablesUnlinkTmpRootChains(&buf, ifname); + iptablesRemoveTmpRootChains(&buf, ifname); - iptablesCreateBaseChains(ip6tables_cmd_path, &buf); + iptablesCreateBaseChains(&buf); if (ebiptablesExecCLI(&buf, NULL, &errmsg) < 0) goto tear_down_tmpiptchains; - iptablesCreateTmpRootChains(ip6tables_cmd_path, &buf, ifname); + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + + iptablesCreateTmpRootChains(&buf, ifname); if (ebiptablesExecCLI(&buf, NULL, &errmsg) < 0) goto tear_down_tmpip6tchains; - iptablesLinkTmpRootChains(ip6tables_cmd_path, &buf, ifname); - iptablesSetupVirtInPost(ip6tables_cmd_path, &buf, ifname); + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + + iptablesLinkTmpRootChains(&buf, ifname); + iptablesSetupVirtInPost(&buf, ifname); if (ebiptablesExecCLI(&buf, NULL, &errmsg) < 0) goto tear_down_tmpip6tchains; + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + for (i = 0; i < nruleInstances; i++) { if (inst[i]->ruleType == RT_IP6TABLES) iptablesInstCommand(&buf, @@ -3787,14 +3766,18 @@ tear_down_ebsubchains_and_unlink: tear_down_tmpip6tchains: if (haveIp6tables) { - iptablesUnlinkTmpRootChains(ip6tables_cmd_path, &buf, ifname); - iptablesRemoveTmpRootChains(ip6tables_cmd_path, &buf, ifname); + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + + iptablesUnlinkTmpRootChains(&buf, ifname); + iptablesRemoveTmpRootChains(&buf, ifname); } tear_down_tmpiptchains: if (haveIptables) { - iptablesUnlinkTmpRootChains(iptables_cmd_path, &buf, ifname); - iptablesRemoveTmpRootChains(iptables_cmd_path, &buf, ifname); + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + iptablesUnlinkTmpRootChains(&buf, ifname); + iptablesRemoveTmpRootChains(&buf, ifname); } tear_down_tmpebchains: @@ -3837,13 +3820,17 @@ ebiptablesTearNewRules(virConnectPtr con virBuffer buf = VIR_BUFFER_INITIALIZER; if (iptables_cmd_path) { - iptablesUnlinkTmpRootChains(iptables_cmd_path, &buf, ifname); - iptablesRemoveTmpRootChains(iptables_cmd_path, &buf, ifname); + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + iptablesUnlinkTmpRootChains(&buf, ifname); + iptablesRemoveTmpRootChains(&buf, ifname); } if (ip6tables_cmd_path) { - iptablesUnlinkTmpRootChains(ip6tables_cmd_path, &buf, ifname); - iptablesRemoveTmpRootChains(ip6tables_cmd_path, &buf, ifname); + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + + iptablesUnlinkTmpRootChains(&buf, ifname); + iptablesRemoveTmpRootChains(&buf, ifname); } if (ebtables_cmd_path) { @@ -3872,18 +3859,22 @@ ebiptablesTearOldRules(virConnectPtr con /* switch to new iptables user defined chains */ if (iptables_cmd_path) { - iptablesUnlinkRootChains(iptables_cmd_path, &buf, ifname); - iptablesRemoveRootChains(iptables_cmd_path, &buf, ifname); + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + iptablesUnlinkRootChains(&buf, ifname); + iptablesRemoveRootChains(&buf, ifname); - iptablesRenameTmpRootChains(iptables_cmd_path, &buf, ifname); + iptablesRenameTmpRootChains(&buf, ifname); ebiptablesExecCLI(&buf, &cli_status, NULL); } if (ip6tables_cmd_path) { - iptablesUnlinkRootChains(ip6tables_cmd_path, &buf, ifname); - iptablesRemoveRootChains(ip6tables_cmd_path, &buf, ifname); + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); - iptablesRenameTmpRootChains(ip6tables_cmd_path, &buf, ifname); + iptablesUnlinkRootChains(&buf, ifname); + iptablesRemoveRootChains(&buf, ifname); + + iptablesRenameTmpRootChains(&buf, ifname); ebiptablesExecCLI(&buf, &cli_status, NULL); } @@ -3970,15 +3961,19 @@ ebiptablesAllTeardown(const char *ifname int cli_status; if (iptables_cmd_path) { - iptablesUnlinkRootChains(iptables_cmd_path, &buf, ifname); - iptablesClearVirtInPost (iptables_cmd_path, &buf, ifname); - iptablesRemoveRootChains(iptables_cmd_path, &buf, ifname); + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + + iptablesUnlinkRootChains(&buf, ifname); + iptablesClearVirtInPost (&buf, ifname); + iptablesRemoveRootChains(&buf, ifname); } if (ip6tables_cmd_path) { - iptablesUnlinkRootChains(ip6tables_cmd_path, &buf, ifname); - iptablesClearVirtInPost (ip6tables_cmd_path, &buf, ifname); - iptablesRemoveRootChains(ip6tables_cmd_path, &buf, ifname); + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + + iptablesUnlinkRootChains(&buf, ifname); + iptablesClearVirtInPost (&buf, ifname); + iptablesRemoveRootChains(&buf, ifname); } if (ebtables_cmd_path) { @@ -4052,11 +4047,12 @@ ebiptablesDriverInit(bool privileged) iptables_cmd_path = virFindFileInPath("iptables"); if (iptables_cmd_path) { + NWFILTER_SET_IPTABLES_SHELLVAR(&buf); + virBufferAsprintf(&buf, - CMD_DEF("%s -n -L FORWARD") CMD_SEPARATOR + CMD_DEF("$IPT -n -L FORWARD") CMD_SEPARATOR CMD_EXEC "%s", - iptables_cmd_path, CMD_STOPONERR(1)); if (ebiptablesExecCLI(&buf, NULL, NULL) < 0) @@ -4065,11 +4061,12 @@ ebiptablesDriverInit(bool privileged) ip6tables_cmd_path = virFindFileInPath("ip6tables"); if (ip6tables_cmd_path) { + NWFILTER_SET_IP6TABLES_SHELLVAR(&buf); + virBufferAsprintf(&buf, - CMD_DEF("%s -n -L FORWARD") CMD_SEPARATOR + CMD_DEF("$IPT -n -L FORWARD") CMD_SEPARATOR CMD_EXEC "%s", - ip6tables_cmd_path, CMD_STOPONERR(1)); if (ebiptablesExecCLI(&buf, NULL, NULL) < 0)

13 years

2
2
0 / 0

[libvirt] [PATCH v2 1/2] nwfilter: use shell variable to invoke 'ebtables' command

by Stefan Berger

Introduce a shell variable 'EBT' to invoke the ebtables command. Hard-code the used ebtables table to '-t nat'. Tested with libvirt-tck. --- v2: - rebased --- src/nwfilter/nwfilter_ebiptables_driver.c | 170 +++++++++++++++++------------- 1 file changed, 97 insertions(+), 73 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -47,7 +47,6 @@ #define VIR_FROM_THIS VIR_FROM_NWFILTER -#define EBTABLES_DEFAULT_TABLE "nat" #define EBTABLES_CHAIN_INCOMING "PREROUTING" #define EBTABLES_CHAIN_OUTGOING "POSTROUTING" @@ -87,7 +86,6 @@ static char *ip6tables_cmd_path; static char *grep_cmd_path; static char *gawk_cmd_path; - #define PRINT_ROOT_CHAIN(buf, prefix, ifname) \ snprintf(buf, sizeof(buf), "libvirt-%c-%s", prefix, ifname) #define PRINT_CHAIN(buf, prefix, ifname, suffix) \ @@ -111,7 +109,7 @@ static const char ebtables_script_func_c "collect_chains()\n" "{\n" " for tmp2 in $*; do\n" - " for tmp in $(%s -t %s -L $tmp2 | \\\n" + " for tmp in $($EBT -t nat -L $tmp2 | \\\n" " sed -n \"/Bridge chain/,\\$ s/.*-j \\\$[%s]-.*\\\$/\\\\1/p\");\n" " do\n" " echo $tmp\n" @@ -123,8 +121,8 @@ static const char ebtables_script_func_c static const char ebiptables_script_func_rm_chains[] = "rm_chains()\n" "{\n" - " for tmp in $*; do %s -t %s -F $tmp; done\n" - " for tmp in $*; do %s -t %s -X $tmp; done\n" + " for tmp in $*; do $EBT -t nat -F $tmp; done\n" + " for tmp in $*; do $EBT -t nat -X $tmp; done\n" "}\n"; static const char ebiptables_script_func_rename_chains[] = @@ -132,8 +130,8 @@ static const char ebiptables_script_func "{\n" " for tmp in $*; do\n" " case $tmp in\n" - " %c*) %s -t %s -E $tmp %c${tmp#?} ;;\n" - " %c*) %s -t %s -E $tmp %c${tmp#?} ;;\n" + " %c*) $EBT -t nat -E $tmp %c${tmp#?} ;;\n" + " %c*) $EBT -t nat -E $tmp %c${tmp#?} ;;\n" " esac\n" " done\n" "}\n"; @@ -147,6 +145,9 @@ static const char ebiptables_script_set_ #define NWFILTER_FUNC_RENAME_CHAINS ebiptables_script_func_rename_chains #define NWFILTER_FUNC_SET_IFS ebiptables_script_set_ifs +#define NWFILTER_SET_EBTABLES_SHELLVAR(BUFPTR) \ + virBufferAsprintf(BUFPTR, "EBT=%s\n", ebtables_cmd_path); + #define VIRT_IN_CHAIN "libvirt-in" #define VIRT_OUT_CHAIN "libvirt-out" #define VIRT_IN_POST_CHAIN "libvirt-in-post" @@ -1992,9 +1993,8 @@ ebtablesCreateRuleInstance(char chainPre case VIR_NWFILTER_RULE_PROTOCOL_MAC: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -t %s -%%c %s %%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); - + CMD_DEF_PRE "$EBT -t nat -%%c %s %%s", + chain); if (ebtablesHandleEthHdr(&buf, vars, @@ -2017,8 +2017,8 @@ ebtablesCreateRuleInstance(char chainPre case VIR_NWFILTER_RULE_PROTOCOL_VLAN: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -t %s -%%c %s %%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); + CMD_DEF_PRE "$EBT -t nat -%%c %s %%s", + chain); if (ebtablesHandleEthHdr(&buf, @@ -2084,8 +2084,8 @@ ebtablesCreateRuleInstance(char chainPre } virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -t %s -%%c %s %%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); + CMD_DEF_PRE "$EBT -t nat -%%c %s %%s", + chain); if (ebtablesHandleEthHdr(&buf, @@ -2122,8 +2122,8 @@ ebtablesCreateRuleInstance(char chainPre case VIR_NWFILTER_RULE_PROTOCOL_RARP: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -t %s -%%c %s %%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); + CMD_DEF_PRE "$EBT -t nat -%%c %s %%s", + chain); if (ebtablesHandleEthHdr(&buf, vars, @@ -2231,8 +2231,8 @@ ebtablesCreateRuleInstance(char chainPre case VIR_NWFILTER_RULE_PROTOCOL_IP: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -t %s -%%c %s %%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); + CMD_DEF_PRE "$EBT -t nat -%%c %s %%s", + chain); if (ebtablesHandleEthHdr(&buf, vars, @@ -2367,8 +2367,8 @@ ebtablesCreateRuleInstance(char chainPre case VIR_NWFILTER_RULE_PROTOCOL_IPV6: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -t %s -%%c %s %%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); + CMD_DEF_PRE "$EBT -t nat -%%c %s %%s", + chain); if (ebtablesHandleEthHdr(&buf, vars, @@ -2491,8 +2491,8 @@ ebtablesCreateRuleInstance(char chainPre case VIR_NWFILTER_RULE_PROTOCOL_NONE: virBufferAsprintf(&buf, - CMD_DEF_PRE "%s -t %s -%%c %s %%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); + CMD_DEF_PRE "$EBT -t nat -%%c %s %%s", + chain); break; default: @@ -2765,10 +2765,10 @@ ebtablesCreateTmpRootChain(virBufferPtr PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - CMD_DEF("%s -t %s -N %s") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -N %s") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, + chain, CMD_STOPONERR(stopOnError)); return 0; @@ -2788,10 +2788,9 @@ ebtablesLinkTmpRootChain(virBufferPtr bu PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - CMD_DEF("%s -t %s -A %s -%c %s -j %s") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -%c %s -j %s") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, (incoming) ? EBTABLES_CHAIN_INCOMING : EBTABLES_CHAIN_OUTGOING, iodev, ifname, chain, @@ -2819,10 +2818,10 @@ _ebtablesRemoveRootChain(virBufferPtr bu PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - "%s -t %s -F %s" CMD_SEPARATOR - "%s -t %s -X %s" CMD_SEPARATOR, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain); + "$EBT -t nat -F %s" CMD_SEPARATOR + "$EBT -t nat -X %s" CMD_SEPARATOR, + chain, + chain); return 0; } @@ -2864,8 +2863,7 @@ _ebtablesUnlinkRootChain(virBufferPtr bu PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(buf, - "%s -t %s -D %s -%c %s -j %s" CMD_SEPARATOR, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, + "$EBT -t nat -D %s -%c %s -j %s" CMD_SEPARATOR, (incoming) ? EBTABLES_CHAIN_INCOMING : EBTABLES_CHAIN_OUTGOING, iodev, ifname, chain); @@ -2929,25 +2927,24 @@ ebtablesCreateTmpSubChain(ebiptablesRule } virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -F %s") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -F %s") CMD_SEPARATOR CMD_EXEC - CMD_DEF("%s -t %s -X %s") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -X %s") CMD_SEPARATOR CMD_EXEC - CMD_DEF("%s -t %s -N %s") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -N %s") CMD_SEPARATOR CMD_EXEC "%s" - CMD_DEF("%s -t %s -%%c %s %%s %s -j %s") + CMD_DEF("$EBT -t nat -%%c %s %%s %s -j %s") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, + chain, + chain, + chain, CMD_STOPONERR(stopOnError), - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, rootchain, protostr, chain, CMD_STOPONERR(stopOnError)); @@ -2981,11 +2978,11 @@ _ebtablesRemoveSubChains(virBufferPtr bu char rootchain[MAX_CHAINNAME_LENGTH]; unsigned i; + NWFILTER_SET_EBTABLES_SHELLVAR(buf); + virBufferAsprintf(buf, NWFILTER_FUNC_COLLECT_CHAINS, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chains); - virBufferAsprintf(buf, NWFILTER_FUNC_RM_CHAINS, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE); + chains); + virBufferAdd(buf, NWFILTER_FUNC_RM_CHAINS, -1); virBufferAsprintf(buf, NWFILTER_FUNC_SET_IFS); virBufferAddLit(buf, "chains=\"$(collect_chains"); @@ -2998,8 +2995,7 @@ _ebtablesRemoveSubChains(virBufferPtr bu for (i = 0; chains[i] != 0; i++) { PRINT_ROOT_CHAIN(rootchain, chains[i], ifname); virBufferAsprintf(buf, - "%s -t %s -F %s\n", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, + "$EBT -t nat -F %s\n", rootchain); } virBufferAddLit(buf, "rm_chains $chains\n"); @@ -3054,8 +3050,8 @@ ebtablesRenameTmpSubChain(virBufferPtr b } virBufferAsprintf(buf, - "%s -t %s -E %s %s" CMD_SEPARATOR, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, tmpchain, chain); + "$EBT -t nat -E %s %s" CMD_SEPARATOR, + tmpchain, chain); return 0; } @@ -3078,14 +3074,14 @@ ebtablesRenameTmpSubAndRootChains(virBuf CHAINPREFIX_HOST_OUT_TEMP, 0}; + NWFILTER_SET_EBTABLES_SHELLVAR(buf); + virBufferAsprintf(buf, NWFILTER_FUNC_COLLECT_CHAINS, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chains); + chains); virBufferAsprintf(buf, NWFILTER_FUNC_RENAME_CHAINS, CHAINPREFIX_HOST_IN_TEMP, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, CHAINPREFIX_HOST_IN, CHAINPREFIX_HOST_OUT_TEMP, - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, CHAINPREFIX_HOST_OUT); virBufferAsprintf(buf, NWFILTER_FUNC_SET_IFS); @@ -3164,40 +3160,41 @@ ebtablesApplyBasicRules(const char *ifna ebiptablesAllTeardown(ifname); + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesCreateTmpRootChain(&buf, 1, ifname, 1); PRINT_ROOT_CHAIN(chain, chainPrefix, ifname); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -s ! %s -j DROP") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -s ! %s -j DROP") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, macaddr_str, CMD_STOPONERR(1)); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -p IPv4 -j ACCEPT") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -p IPv4 -j ACCEPT") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, + chain, CMD_STOPONERR(1)); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -p ARP -j ACCEPT") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -p ARP -j ACCEPT") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, + chain, CMD_STOPONERR(1)); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -j DROP") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -j DROP") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain, + chain, CMD_STOPONERR(1)); ebtablesLinkTmpRootChain(&buf, 1, ifname, 1); @@ -3262,6 +3259,8 @@ ebtablesApplyDHCPOnlyRules(const char *i ebiptablesAllTeardown(ifname); + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesCreateTmpRootChain(&buf, 1, ifname, 1); ebtablesCreateTmpRootChain(&buf, 0, ifname, 1); @@ -3269,7 +3268,7 @@ ebtablesApplyDHCPOnlyRules(const char *i PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s" + CMD_DEF("$EBT -t nat -A %s" " -s %s -d Broadcast " " -p ipv4 --ip-protocol udp" " --ip-src 0.0.0.0 --ip-dst 255.255.255.255" @@ -3278,20 +3277,20 @@ ebtablesApplyDHCPOnlyRules(const char *i CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain_in, + chain_in, macaddr_str, CMD_STOPONERR(1)); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -j DROP") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -j DROP") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain_in, + chain_in, CMD_STOPONERR(1)); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s" + CMD_DEF("$EBT -t nat -A %s" " -d %s" " -p ipv4 --ip-protocol udp" " %s" @@ -3300,17 +3299,17 @@ ebtablesApplyDHCPOnlyRules(const char *i CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain_out, + chain_out, macaddr_str, srcIPParam != NULL ? srcIPParam : "", CMD_STOPONERR(1)); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -j DROP") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -j DROP") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain_out, + chain_out, CMD_STOPONERR(1)); ebtablesLinkTmpRootChain(&buf, 1, ifname, 1); @@ -3363,6 +3362,8 @@ ebtablesApplyDropAllRules(const char *if ebiptablesAllTeardown(ifname); + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesCreateTmpRootChain(&buf, 1, ifname, 1); ebtablesCreateTmpRootChain(&buf, 0, ifname, 1); @@ -3370,19 +3371,19 @@ ebtablesApplyDropAllRules(const char *if PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -j DROP") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -j DROP") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain_in, + chain_in, CMD_STOPONERR(1)); virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -A %s -j DROP") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -A %s -j DROP") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, chain_out, + chain_out, CMD_STOPONERR(1)); ebtablesLinkTmpRootChain(&buf, 1, ifname, 1); @@ -3421,6 +3422,8 @@ static int ebtablesCleanAll(const char * if (!ebtables_cmd_path) return 0; + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesUnlinkRootChain(&buf, 1, ifname); ebtablesUnlinkRootChain(&buf, 0, ifname); ebtablesRemoveSubChains(&buf, ifname); @@ -3622,8 +3625,11 @@ ebiptablesApplyNewRules(virConnectPtr co } } + /* cleanup whatever may exist */ if (ebtables_cmd_path) { + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesUnlinkTmpRootChain(&buf, 1, ifname); ebtablesUnlinkTmpRootChain(&buf, 0, ifname); ebtablesRemoveTmpSubChains(&buf, ifname); @@ -3632,6 +3638,8 @@ ebiptablesApplyNewRules(virConnectPtr co ebiptablesExecCLI(&buf, &cli_status, NULL); } + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + /* create needed chains */ if (ebtablesCreateTmpRootAndSubChains(&buf, ifname, chains_in_set , 1, &ebtChains, &nEbtChains) || @@ -3647,6 +3655,8 @@ ebiptablesApplyNewRules(virConnectPtr co if (ebiptablesExecCLI(&buf, NULL, &errmsg) < 0) goto tear_down_tmpebchains; + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + /* process ebtables commands; interleave commands from filters with commands for creating and connecting ebtables chains */ j = 0; @@ -3746,6 +3756,8 @@ ebiptablesApplyNewRules(virConnectPtr co iptablesCheckBridgeNFCallEnabled(true); } + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + if (virHashSize(chains_in_set) != 0) ebtablesLinkTmpRootChain(&buf, 1, ifname, 1); if (virHashSize(chains_out_set) != 0) @@ -3767,6 +3779,8 @@ ebiptablesApplyNewRules(virConnectPtr co tear_down_ebsubchains_and_unlink: if (ebtables_cmd_path) { + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesUnlinkTmpRootChain(&buf, 1, ifname); ebtablesUnlinkTmpRootChain(&buf, 0, ifname); } @@ -3785,6 +3799,8 @@ tear_down_tmpiptchains: tear_down_tmpebchains: if (ebtables_cmd_path) { + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesRemoveTmpSubChains(&buf, ifname); ebtablesRemoveTmpRootChain(&buf, 1, ifname); ebtablesRemoveTmpRootChain(&buf, 0, ifname); @@ -3831,6 +3847,8 @@ ebiptablesTearNewRules(virConnectPtr con } if (ebtables_cmd_path) { + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesUnlinkTmpRootChain(&buf, 1, ifname); ebtablesUnlinkTmpRootChain(&buf, 0, ifname); @@ -3870,6 +3888,8 @@ ebiptablesTearOldRules(virConnectPtr con } if (ebtables_cmd_path) { + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesUnlinkRootChain(&buf, 1, ifname); ebtablesUnlinkRootChain(&buf, 0, ifname); @@ -3911,6 +3931,8 @@ ebiptablesRemoveRules(virConnectPtr conn virBuffer buf = VIR_BUFFER_INITIALIZER; ebiptablesRuleInstPtr *inst = (ebiptablesRuleInstPtr *)_inst; + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + for (i = 0; i < nruleInstances; i++) ebiptablesInstCommand(&buf, inst[i]->commandTemplate, @@ -3960,6 +3982,8 @@ ebiptablesAllTeardown(const char *ifname } if (ebtables_cmd_path) { + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); + ebtablesUnlinkRootChain(&buf, 1, ifname); ebtablesUnlinkRootChain(&buf, 0, ifname); @@ -4014,12 +4038,12 @@ ebiptablesDriverInit(bool privileged) ebtables_cmd_path = virFindFileInPath("ebtables"); if (ebtables_cmd_path) { + NWFILTER_SET_EBTABLES_SHELLVAR(&buf); /* basic probing */ virBufferAsprintf(&buf, - CMD_DEF("%s -t %s -L") CMD_SEPARATOR + CMD_DEF("$EBT -t nat -L") CMD_SEPARATOR CMD_EXEC "%s", - ebtables_cmd_path, EBTABLES_DEFAULT_TABLE, CMD_STOPONERR(1)); if (ebiptablesExecCLI(&buf, NULL, NULL) < 0)

13 years

2
1
0 / 0

[libvirt] [PATCH 0/4] Small fixes to non-blocking I/O in client

by Jiri Denemark

I missed these when reviewing the series... Jiri Denemark (4): rpc: Pass the buck only to the first available thread rpc: Fix a typo in virNetClientSendNonBlock documentation rpc: Fix handling of non-blocking calls that could not be sent rpc: Add some debug messages to virNetClient src/rpc/virnetclient.c | 15 ++++++++++++--- 1 files changed, 12 insertions(+), 3 deletions(-) -- 1.7.8.rc3

13 years

2
8
0 / 0

[libvirt] [PATCH] docs: fix grammar of capabilities

by Eric Blake

* docs/formatcaps.html.in: Avoid run-on sentence, wrap lines. --- Pushing under the trivial rule. docs/formatcaps.html.in | 45 ++++++++++++++++++++++++++------------------- 1 files changed, 26 insertions(+), 19 deletions(-) diff --git a/docs/formatcaps.html.in b/docs/formatcaps.html.in index ce6f9a6..423bc48 100644 --- a/docs/formatcaps.html.in +++ b/docs/formatcaps.html.in @@ -64,25 +64,32 @@ BIOS you will see </guest> ... </capabilities></pre> - The first block (in red) indicates the host hardware capabilities, currently -it is limited to the CPU properties and the power management features of -the host platform, but other information may be available, it shows the CPU architecture, -topology, model name, and additional features which are not included in the model but the -CPU provides them. Features of the chip are shown within the feature block (the block is -similar to what you will find in a Xen fully virtualized domain description). Further, -the power management features supported by the host are shown, such as Suspend-to-RAM (S3) -and Suspend-to-Disk (S4). In case the query for power management features succeeded but the -host does not support any such feature, then an empty <power_management/> -tag will be shown. Otherwise, if the query itself failed, no such tag will -be displayed (i.e., there will not be any power_management block or empty tag in the XML). - The second block (in blue) indicates the paravirtualization support of the -Xen support, you will see the os_type of xen to indicate a paravirtual -kernel, then architecture information and potential features. - The third block (in green) gives similar information but when running a -32 bit OS fully virtualized with Xen using the hvm support. - This section is likely to be updated and augmented in the future, see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the -discussion</a> which led to the capabilities format in the mailing-list -archives. + The first block (in red) indicates the host hardware + capabilities, such as CPU properties and the power + management features of the host platform. CPU models are + shown as additional features relative to the closest base + model, within a feature block (the block is similar to what + you will find in a Xen fully virtualized domain + description). Further, the power management features + supported by the host are shown, such as Suspend-to-RAM (S3) + and Suspend-to-Disk (S4). In case the query for power + management features succeeded but the host does not support + any such feature, then an empty <power_management/> + tag will be shown. Otherwise, if the query itself failed, no + such tag will be displayed (i.e., there will not be any + power_management block or empty tag in the XML). + The second block (in blue) indicates the paravirtualization + support of the Xen support, you will see the os_type of xen + to indicate a paravirtual kernel, then architecture + information and potential features. + The third block (in green) gives similar information but + when running a 32 bit OS fully virtualized with Xen using + the hvm support. + This section is likely to be updated and augmented in the + future, + see <a href="https://www.redhat.com/archives/libvir-list/2007-March/msg00215.html">the + discussion</a> which led to the capabilities format in the + mailing-list archives. </body> </html> -- 1.7.7.3

13 years

1
0
0 / 0

[libvirt] [PATCH V1 0/9] NWFilter: Filter more protocols and other extensions

by Stefan Berger

This patch series adds: - filtering support for VLAN traffic - support for a 'mac' chain - filtering support for STP (spanning tree protocol) - new filters that enable filtering of multiple IP addresses per interface - better error reporting if ebtables/ip(6)table commands fail Regards, Stefan

13 years

3
25
0 / 0

[libvirt] ANNOUNCE: libvirt-glib release 0.0.2

by Daniel P. Berrange

I am pleased to announce that a new release of the libvirt-glib package, version 0.0.2 is now available from ftp://libvirt.org/libvirt/glib/ The packages are GPG signed with Key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF (4096R) New in this release: - Add API to redefine an existing domain. - Explicitly call virInitialize() to avoid connection races. - Adjust example to latest pygobject-3.0. - Add missing deps on libxml2-devel & libtool. - Add support for writing to streams - Add API for creating transient domains - Change all flags parameters to be guint - Uncomment & fix code for returning object config - Ensure pools & domains hashes are non-NULL to avoid SEGV - Don't de-reference GError instances which are NULL - Update COPYING file to have latest FSF address - Update RPM specfile to include Fedora review feedback libvirt-glib comprises three distinct libraries: - libvirt-glib - Integrate with the GLib event loop and error handling - libvirt-gconfig - Representation of libvirt XML documents as GObjects - libvirt-gobject - Mapping of libvirt APIs into the GObject type system NB: While libvirt aims to be API/ABI stable, for the first few releases, we are *NOT* guaranteeing that libvirt-glib libraries are API/ABI stable. ABI stability will only be guaranteed once the bulk of the APIs have been fleshed out and proved in non-trivial application usage. We anticipate this will be within the next 6 months in order to line up with Fedora 17. Follow up comments about libvirt-glib should be directed to the regular libvir-list(a)redhat.com development list. Thanks to all the people involved in contributing to this release. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|

13 years

1
0
0 / 0

[libvirt] [PATCH libvirt-glib] Don't reference GError **err parameter if it is NULL

by Daniel P. Berrange

From: "Daniel P. Berrange" <berrange(a)redhat.com> --- libvirt-gobject/libvirt-gobject-connection.c | 104 +++++++++++++--------- libvirt-gobject/libvirt-gobject-domain.c | 70 ++++++++------ libvirt-gobject/libvirt-gobject-interface.c | 7 +- libvirt-gobject/libvirt-gobject-network-filter.c | 7 +- libvirt-gobject/libvirt-gobject-network.c | 7 +- libvirt-gobject/libvirt-gobject-node-device.c | 7 +- libvirt-gobject/libvirt-gobject-secret.c | 7 +- libvirt-gobject/libvirt-gobject-storage-pool.c | 53 +++++++----- libvirt-gobject/libvirt-gobject-storage-vol.c | 7 +- 9 files changed, 158 insertions(+), 111 deletions(-) diff --git a/libvirt-gobject/libvirt-gobject-connection.c b/libvirt-gobject/libvirt-gobject-connection.c index affb496..35be5e3 100644 --- a/libvirt-gobject/libvirt-gobject-connection.c +++ b/libvirt-gobject/libvirt-gobject-connection.c @@ -389,19 +389,21 @@ gboolean gvir_connection_open(GVirConnection *conn, g_mutex_lock(priv->lock); if (priv->conn) { - *err = g_error_new(GVIR_CONNECTION_ERROR, - 0, - "Connection %s is already open", - priv->uri); + if (err) + *err = g_error_new(GVIR_CONNECTION_ERROR, + 0, + "Connection %s is already open", + priv->uri); g_mutex_unlock(priv->lock); return FALSE; } if (!(priv->conn = virConnectOpen(priv->uri))) { - *err = gvir_error_new(GVIR_CONNECTION_ERROR, - 0, - "Unable to open %s", - priv->uri); + if (err) + *err = gvir_error_new(GVIR_CONNECTION_ERROR, + 0, + "Unable to open %s", + priv->uri); g_mutex_unlock(priv->lock); return FALSE; } @@ -540,9 +542,10 @@ static gchar ** fetch_list(virConnectPtr vconn, gint i; if ((n = count_func(vconn)) < 0) { - *err = gvir_error_new(GVIR_CONNECTION_ERROR, - 0, - "Unable to count %s", name); + if (err) + *err = gvir_error_new(GVIR_CONNECTION_ERROR, + 0, + "Unable to count %s", name); goto error; } @@ -552,9 +555,10 @@ static gchar ** fetch_list(virConnectPtr vconn, lst = g_new(gchar *, n); if ((n = list_func(vconn, lst, n)) < 0) { - *err = gvir_error_new(GVIR_CONNECTION_ERROR, - 0, - "Unable to list %s %d", name, n); + if (err) + *err = gvir_error_new(GVIR_CONNECTION_ERROR, + 0, + "Unable to list %s %d", name, n); goto error; } } @@ -587,12 +591,14 @@ gboolean gvir_connection_fetch_domains(GVirConnection *conn, gboolean ret = FALSE; gint i; virConnectPtr vconn = NULL; + GError *lerr = NULL; g_mutex_lock(priv->lock); if (!priv->conn) { - *err = g_error_new(GVIR_CONNECTION_ERROR, - 0, - "Connection is not open"); + if (err) + *err = g_error_new(GVIR_CONNECTION_ERROR, + 0, + "Connection is not open"); g_mutex_unlock(priv->lock); goto cleanup; } @@ -605,9 +611,10 @@ gboolean gvir_connection_fetch_domains(GVirConnection *conn, goto cleanup; if ((nactive = virConnectNumOfDomains(vconn)) < 0) { - *err = gvir_error_new(GVIR_CONNECTION_ERROR, - 0, - "Unable to count domains"); + if (err) + *err = gvir_error_new(GVIR_CONNECTION_ERROR, + 0, + "Unable to count domains"); goto cleanup; } if (nactive) { @@ -616,9 +623,10 @@ gboolean gvir_connection_fetch_domains(GVirConnection *conn, active = g_new(gint, nactive); if ((nactive = virConnectListDomains(vconn, active, nactive)) < 0) { - *err = gvir_error_new(GVIR_CONNECTION_ERROR, - 0, - "Unable to list domains"); + if (err) + *err = gvir_error_new(GVIR_CONNECTION_ERROR, + 0, + "Unable to list domains"); goto cleanup; } } @@ -632,9 +640,12 @@ gboolean gvir_connection_fetch_domains(GVirConnection *conn, virConnectListDefinedDomains, cancellable, &ninactive, - err); - if (*err != NULL) + &lerr); + if (lerr) { + g_propagate_error(err, lerr); + lerr = NULL; goto cleanup; + } doms = g_hash_table_new_full(g_str_hash, g_str_equal, @@ -712,12 +723,14 @@ gboolean gvir_connection_fetch_storage_pools(GVirConnection *conn, gboolean ret = FALSE; gint i; virConnectPtr vconn = NULL; + GError *lerr = NULL; g_mutex_lock(priv->lock); if (!priv->conn) { - *err = g_error_new(GVIR_CONNECTION_ERROR, - 0, - "Connection is not open"); + if (err) + *err = g_error_new(GVIR_CONNECTION_ERROR, + 0, + "Connection is not open"); g_mutex_unlock(priv->lock); goto cleanup; } @@ -735,9 +748,12 @@ gboolean gvir_connection_fetch_storage_pools(GVirConnection *conn, virConnectListStoragePools, cancellable, &nactive, - err); - if (*err != NULL) + &lerr); + if (lerr) { + g_propagate_error(err, lerr); + lerr = NULL; goto cleanup; + } if (g_cancellable_set_error_if_cancelled(cancellable, err)) goto cleanup; @@ -748,9 +764,12 @@ gboolean gvir_connection_fetch_storage_pools(GVirConnection *conn, virConnectListDefinedStoragePools, cancellable, &ninactive, - err); - if (*err != NULL) + &lerr); + if (lerr) { + g_propagate_error(err, lerr); + lerr = NULL; goto cleanup; + } pools = g_hash_table_new_full(g_str_hash, g_str_equal, @@ -1189,9 +1208,10 @@ GVirDomain *gvir_connection_create_domain(GVirConnection *conn, g_return_val_if_fail(xml != NULL, NULL); if (!(handle = virDomainDefineXML(priv->conn, xml))) { - *err = gvir_error_new_literal(GVIR_CONNECTION_ERROR, - 0, - "Failed to create domain"); + if (err) + *err = gvir_error_new_literal(GVIR_CONNECTION_ERROR, + 0, + "Failed to create domain"); return NULL; } @@ -1234,9 +1254,10 @@ GVirDomain *gvir_connection_start_domain(GVirConnection *conn, g_return_val_if_fail(xml != NULL, NULL); if (!(handle = virDomainCreateXML(priv->conn, xml, flags))) { - *err = gvir_error_new_literal(GVIR_CONNECTION_ERROR, - 0, - "Failed to create domain"); + if (err) + *err = gvir_error_new_literal(GVIR_CONNECTION_ERROR, + 0, + "Failed to create domain"); return NULL; } @@ -1278,9 +1299,10 @@ GVirStoragePool *gvir_connection_create_storage_pool g_return_val_if_fail(xml != NULL, NULL); if (!(handle = virStoragePoolDefineXML(priv->conn, xml, flags))) { - *err = gvir_error_new_literal(GVIR_CONNECTION_ERROR, - flags, - "Failed to create storage pool"); + if (err) + *err = gvir_error_new_literal(GVIR_CONNECTION_ERROR, + flags, + "Failed to create storage pool"); return NULL; } diff --git a/libvirt-gobject/libvirt-gobject-domain.c b/libvirt-gobject/libvirt-gobject-domain.c index 4a7a534..36d618c 100644 --- a/libvirt-gobject/libvirt-gobject-domain.c +++ b/libvirt-gobject/libvirt-gobject-domain.c @@ -287,9 +287,10 @@ gint gvir_domain_get_id(GVirDomain *dom, gint ret; if ((ret = virDomainGetID(priv->handle)) < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to get ID for domain"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to get ID for domain"); } return ret; } @@ -312,9 +313,10 @@ gboolean gvir_domain_start(GVirDomain *dom, else ret = virDomainCreate(priv->handle); if (ret < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to start domain"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to start domain"); return FALSE; } @@ -333,9 +335,10 @@ gboolean gvir_domain_resume(GVirDomain *dom, GVirDomainPrivate *priv = dom->priv; if (virDomainResume(priv->handle) < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to resume domain"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to resume domain"); return FALSE; } @@ -359,9 +362,10 @@ gboolean gvir_domain_stop(GVirDomain *dom, else ret = virDomainDestroy(priv->handle); if (ret < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to stop domain"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to stop domain"); return FALSE; } @@ -385,9 +389,10 @@ gboolean gvir_domain_delete(GVirDomain *dom, else ret = virDomainUndefine(priv->handle); if (ret < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to delete domain"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to delete domain"); return FALSE; } @@ -406,9 +411,10 @@ gboolean gvir_domain_shutdown(GVirDomain *dom, GVirDomainPrivate *priv = dom->priv; if (virDomainShutdown(priv->handle) < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to shutdown domain"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to shutdown domain"); return FALSE; } @@ -427,9 +433,10 @@ gboolean gvir_domain_reboot(GVirDomain *dom, GVirDomainPrivate *priv = dom->priv; if (virDomainReboot(priv->handle, flags) < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to reboot domain"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to reboot domain"); return FALSE; } @@ -450,9 +457,10 @@ GVirConfigDomain *gvir_domain_get_config(GVirDomain *dom, gchar *xml; if (!(xml = virDomainGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to get domain XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to get domain XML config"); return NULL; } @@ -546,9 +554,10 @@ GVirDomainInfo *gvir_domain_get_info(GVirDomain *dom, GVirDomainInfo *ret; if (virDomainGetInfo(priv->handle, &info) < 0) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to get domain info"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to get domain info"); return NULL; } @@ -590,9 +599,10 @@ gchar *gvir_domain_screenshot(GVirDomain *dom, st, monitor_id, flags))) { - *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, - 0, - "Unable to take a screenshot"); + if (err) + *err = gvir_error_new_literal(GVIR_DOMAIN_ERROR, + 0, + "Unable to take a screenshot"); goto end; } end: diff --git a/libvirt-gobject/libvirt-gobject-interface.c b/libvirt-gobject/libvirt-gobject-interface.c index e47395c..7af83ee 100644 --- a/libvirt-gobject/libvirt-gobject-interface.c +++ b/libvirt-gobject/libvirt-gobject-interface.c @@ -193,9 +193,10 @@ GVirConfigInterface *gvir_interface_get_config(GVirInterface *iface, gchar *xml; if (!(xml = virInterfaceGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_INTERFACE_ERROR, - 0, - "Unable to get interface XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_INTERFACE_ERROR, + 0, + "Unable to get interface XML config"); return NULL; } diff --git a/libvirt-gobject/libvirt-gobject-network-filter.c b/libvirt-gobject/libvirt-gobject-network-filter.c index bdb0e3a..7107e3b 100644 --- a/libvirt-gobject/libvirt-gobject-network-filter.c +++ b/libvirt-gobject/libvirt-gobject-network-filter.c @@ -219,9 +219,10 @@ GVirConfigNetworkFilter *gvir_network_filter_get_config gchar *xml; if (!(xml = virNWFilterGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_NETWORK_FILTER_ERROR, - 0, - "Unable to get network_filter XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_NETWORK_FILTER_ERROR, + 0, + "Unable to get network_filter XML config"); return NULL; } diff --git a/libvirt-gobject/libvirt-gobject-network.c b/libvirt-gobject/libvirt-gobject-network.c index c486561..b2cb2ec 100644 --- a/libvirt-gobject/libvirt-gobject-network.c +++ b/libvirt-gobject/libvirt-gobject-network.c @@ -215,9 +215,10 @@ GVirConfigNetwork *gvir_network_get_config(GVirNetwork *network, gchar *xml; if (!(xml = virNetworkGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_NETWORK_ERROR, - 0, - "Unable to get network XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_NETWORK_ERROR, + 0, + "Unable to get network XML config"); return NULL; } diff --git a/libvirt-gobject/libvirt-gobject-node-device.c b/libvirt-gobject/libvirt-gobject-node-device.c index 43564b6..eb19513 100644 --- a/libvirt-gobject/libvirt-gobject-node-device.c +++ b/libvirt-gobject/libvirt-gobject-node-device.c @@ -194,9 +194,10 @@ GVirConfigNodeDevice *gvir_node_device_get_config(GVirNodeDevice *device, gchar *xml; if (!(xml = virNodeDeviceGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_NODE_DEVICE_ERROR, - 0, - "Unable to get node_device XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_NODE_DEVICE_ERROR, + 0, + "Unable to get node_device XML config"); return NULL; } diff --git a/libvirt-gobject/libvirt-gobject-secret.c b/libvirt-gobject/libvirt-gobject-secret.c index 418e5aa..0365e8d 100644 --- a/libvirt-gobject/libvirt-gobject-secret.c +++ b/libvirt-gobject/libvirt-gobject-secret.c @@ -205,9 +205,10 @@ GVirConfigSecret *gvir_secret_get_config(GVirSecret *secret, gchar *xml; if (!(xml = virSecretGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_SECRET_ERROR, - 0, - "Unable to get secret XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_SECRET_ERROR, + 0, + "Unable to get secret XML config"); return NULL; } diff --git a/libvirt-gobject/libvirt-gobject-storage-pool.c b/libvirt-gobject/libvirt-gobject-storage-pool.c index 92be539..d398532 100644 --- a/libvirt-gobject/libvirt-gobject-storage-pool.c +++ b/libvirt-gobject/libvirt-gobject-storage-pool.c @@ -230,9 +230,10 @@ GVirConfigStoragePool *gvir_storage_pool_get_config(GVirStoragePool *pool, gchar *xml; if (!(xml = virStoragePoolGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, - 0, - "Unable to get storage_pool XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, + 0, + "Unable to get storage_pool XML config"); return NULL; } @@ -303,25 +304,30 @@ gboolean gvir_storage_pool_refresh(GVirStoragePool *pool, gboolean ret = FALSE; gint i; virStoragePoolPtr vpool = NULL; + GError *lerr = NULL; vpool = priv->handle; if (virStoragePoolRefresh(vpool, 0) < 0) { - *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, - 0, - "Unable to refresh storage pool"); + if (err) + *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, + 0, + "Unable to refresh storage pool"); goto cleanup; } volumes = fetch_list(vpool, - "Storage Volumes", - virStoragePoolNumOfVolumes, - virStoragePoolListVolumes, - cancellable, - &nvolumes, - err); - if (*err != NULL) + "Storage Volumes", + virStoragePoolNumOfVolumes, + virStoragePoolListVolumes, + cancellable, + &nvolumes, + &lerr); + if (lerr) { + g_propagate_error(err, lerr); + lerr = NULL; goto cleanup; + } if (g_cancellable_set_error_if_cancelled(cancellable, err)) goto cleanup; @@ -495,9 +501,10 @@ GVirStorageVol *gvir_storage_pool_create_volume g_return_val_if_fail(xml != NULL, NULL); if (!(handle = virStorageVolCreateXML(priv->handle, xml, 0))) { - *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, - 0, - "Failed to create volume"); + if (err) + *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, + 0, + "Failed to create volume"); return NULL; } @@ -529,9 +536,10 @@ gboolean gvir_storage_pool_build (GVirStoragePool *pool, GError **err) { if (virStoragePoolBuild(pool->priv->handle, flags)) { - *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, - 0, - "Failed to build storage pool"); + if (err) + *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, + 0, + "Failed to build storage pool"); return FALSE; } @@ -633,9 +641,10 @@ gboolean gvir_storage_pool_start (GVirStoragePool *pool, GError **err) { if (virStoragePoolCreate(pool->priv->handle, flags)) { - *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, - 0, - "Failed to start storage pool"); + if (err) + *err = gvir_error_new_literal(GVIR_STORAGE_POOL_ERROR, + 0, + "Failed to start storage pool"); return FALSE; } diff --git a/libvirt-gobject/libvirt-gobject-storage-vol.c b/libvirt-gobject/libvirt-gobject-storage-vol.c index 17aac36..8fea736 100644 --- a/libvirt-gobject/libvirt-gobject-storage-vol.c +++ b/libvirt-gobject/libvirt-gobject-storage-vol.c @@ -205,9 +205,10 @@ GVirConfigStorageVol *gvir_storage_vol_get_config(GVirStorageVol *vol, gchar *xml; if (!(xml = virStorageVolGetXMLDesc(priv->handle, flags))) { - *err = gvir_error_new_literal(GVIR_STORAGE_VOL_ERROR, - 0, - "Unable to get storage_vol XML config"); + if (err) + *err = gvir_error_new_literal(GVIR_STORAGE_VOL_ERROR, + 0, + "Unable to get storage_vol XML config"); return NULL; } -- 1.7.6.4

13 years

3
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel November 2011