[libvirt] [PATCH 0/3] Add tests for network update XML parsing
by Ján Tomko
Ján Tomko (3):
Add space before the slash in dns srv entries
Reverse logic allowing partial DHCP host XML
Test network XML update
src/conf/network_conf.h | 9 +
src/libvirt_private.syms | 1 +
src/conf/network_conf.c | 25 +-
tests/Makefile.am | 9 +-
tests/networkxml2xmltest.c | 3 +
tests/networkxml2xmlupdatetest.c | 372 +++++++++++++++++++++
.../nat-network-dns-srv-records.xml | 27 ++
.../nat-network-dns-srv-records.xml | 27 ++
.../networkxml2xmlupdatein/dhcp-range-existing.xml | 1 +
tests/networkxml2xmlupdatein/dhcp-range.xml | 1 +
.../dns-host-gateway-incomplete.xml | 3 +
tests/networkxml2xmlupdatein/dns-host-pudding.xml | 3 +
.../dns-txt-record-example.xml | 1 +
.../dns-txt-record-snowman.xml | 1 +
tests/networkxml2xmlupdatein/host-existing.xml | 1 +
tests/networkxml2xmlupdatein/host-incomplete.xml | 1 +
.../networkxml2xmlupdatein/host-new-incomplete.xml | 1 +
tests/networkxml2xmlupdatein/host-new.xml | 1 +
tests/networkxml2xmlupdatein/host-updated.xml | 1 +
tests/networkxml2xmlupdatein/interface-eth1.xml | 1 +
tests/networkxml2xmlupdatein/interface-eth47.xml | 1 +
.../networkxml2xmlupdatein/portgroup-alice-new.xml | 10 +
tests/networkxml2xmlupdatein/portgroup-alison.xml | 11 +
tests/networkxml2xmlupdatein/srv-record-donkey.xml | 1 +
.../networkxml2xmlupdatein/srv-record-invalid.xml | 1 +
.../networkxml2xmlupdatein/srv-record-protocol.xml | 1 +
.../networkxml2xmlupdatein/srv-record-service.xml | 1 +
tests/networkxml2xmlupdatein/srv-record.xml | 1 +
.../networkxml2xmlupdatein/unparsable-dns-host.xml | 1 +
.../dhcp6host-routed-network-another-range.xml | 27 ++
.../dhcp6host-routed-network-range.xml | 27 ++
.../nat-network-dns-more-hosts.xml | 19 ++
.../nat-network-dns-srv-record.xml | 26 ++
.../nat-network-dns-srv-records.xml | 27 ++
.../nat-network-dns-txt-none.xml | 23 ++
.../nat-network-dns-txt-records.xml | 27 ++
.../nat-network-forward-ifaces.xml | 27 ++
.../nat-network-host-updated.xml | 23 ++
.../networkxml2xmlupdateout/nat-network-hosts.xml | 24 ++
.../nat-network-no-forward-ifaces.xml | 24 ++
.../nat-network-no-hosts.xml | 10 +
.../nat-network-no-range.xml | 22 ++
.../nat-network-one-host.xml | 22 ++
tests/networkxml2xmlupdateout/nat-network.xml | 23 ++
.../openvswitch-net-modified.xml | 33 ++
.../openvswitch-net-more-portgroups.xml | 44 +++
.../openvswitch-net-without-alice.xml | 23 ++
47 files changed, 949 insertions(+), 19 deletions(-)
create mode 100644 tests/networkxml2xmlupdatetest.c
create mode 100644 tests/networkxml2xmlin/nat-network-dns-srv-records.xml
create mode 100644 tests/networkxml2xmlout/nat-network-dns-srv-records.xml
create mode 100644 tests/networkxml2xmlupdatein/dhcp-range-existing.xml
create mode 100644 tests/networkxml2xmlupdatein/dhcp-range.xml
create mode 100644 tests/networkxml2xmlupdatein/dns-host-gateway-incomplete.xml
create mode 100644 tests/networkxml2xmlupdatein/dns-host-pudding.xml
create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-example.xml
create mode 100644 tests/networkxml2xmlupdatein/dns-txt-record-snowman.xml
create mode 100644 tests/networkxml2xmlupdatein/host-existing.xml
create mode 100644 tests/networkxml2xmlupdatein/host-incomplete.xml
create mode 100644 tests/networkxml2xmlupdatein/host-new-incomplete.xml
create mode 100644 tests/networkxml2xmlupdatein/host-new.xml
create mode 100644 tests/networkxml2xmlupdatein/host-updated.xml
create mode 100644 tests/networkxml2xmlupdatein/interface-eth1.xml
create mode 100644 tests/networkxml2xmlupdatein/interface-eth47.xml
create mode 100644 tests/networkxml2xmlupdatein/portgroup-alice-new.xml
create mode 100644 tests/networkxml2xmlupdatein/portgroup-alison.xml
create mode 100644 tests/networkxml2xmlupdatein/srv-record-donkey.xml
create mode 100644 tests/networkxml2xmlupdatein/srv-record-invalid.xml
create mode 100644 tests/networkxml2xmlupdatein/srv-record-protocol.xml
create mode 100644 tests/networkxml2xmlupdatein/srv-record-service.xml
create mode 100644 tests/networkxml2xmlupdatein/srv-record.xml
create mode 100644 tests/networkxml2xmlupdatein/unparsable-dns-host.xml
create mode 100644 tests/networkxml2xmlupdateout/dhcp6host-routed-network-another-range.xml
create mode 100644 tests/networkxml2xmlupdateout/dhcp6host-routed-network-range.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-more-hosts.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-record.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-srv-records.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-txt-none.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-dns-txt-records.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-forward-ifaces.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-host-updated.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-hosts.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-forward-ifaces.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-hosts.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-no-range.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network-one-host.xml
create mode 100644 tests/networkxml2xmlupdateout/nat-network.xml
create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-modified.xml
create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-more-portgroups.xml
create mode 100644 tests/networkxml2xmlupdateout/openvswitch-net-without-alice.xml
--
1.8.1.5
11 years, 3 months
[libvirt] [sandbox][PATCH] Fix delete of running containers
by Wayne Sun
The stop function is removed since 0.5.0, update delete function
using virsh destroy to stop container.
Signed-off-by: Wayne Sun <gsun(a)redhat.com>
---
bin/virt-sandbox-service | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
index 550d46c..926d1d5 100755
--- a/bin/virt-sandbox-service
+++ b/bin/virt-sandbox-service
@@ -254,9 +254,11 @@ class Container:
def delete(self):
self.connect()
- # Stop service if it is running
+ # Stop container if it is running
try:
- self.stop()
+ p = Popen(["/usr/bin/virsh", "-c", self.uri, "destroy", self.name],
+ stdout=PIPE, stderr=PIPE)
+ p.communicate()
except:
pass
--
1.7.1
11 years, 3 months
[libvirt] [PATCH v5 0/2] add startupPolicy support for harddisks
by Guannan Ren
These patches are based on code
https://www.redhat.com/archives/libvir-list/2013-July/msg01741.html
The set of patches is trying to add 'startupPolicy' support for guest
hard disks.
For the 'optional' policy, there is a little difference from CDROM and
Floppy which only drop its source path, for disks, if missing, the
checking function will drop their definitions, because qemu doesn't
allow missing source path for hard disk. migration is not supported yet.
Guannan Ren(2)
[PATCH v5 1/2] conf: add startupPolicy attribute for harddisk
[PATCH v5 2/2] qemu: support to drop disk with 'optional' startupPolicy
docs/formatdomain.html.in | 8 ++++++--
docs/schemas/domaincommon.rng | 6 ++++++
include/libvirt/libvirt.h.in | 1 +
src/conf/domain_conf.c | 31 +++++++++++++++++++++++--------
src/qemu/qemu_domain.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------
5 files changed, 97 insertions(+), 26 deletions(-)
11 years, 3 months
[libvirt] [PATCH v2] nwfilter: Use -m conntrack rather than -m state
by Stefan Berger
Since iptables version 1.4.16 '-m state --state NEW' is converted to
'-m conntrack --ctstate NEW'. Therefore, when encountering this or later
versions of iptables use '-m conntrack --ctstate'.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
v1->v2:
- Fixed a logic bug and adjusted version comparison to use '>='
rather than '>'
---
src/nwfilter/nwfilter_ebiptables_driver.c | 50 +++++++++++++++++++++++++++++-
1 file changed, 49 insertions(+), 1 deletion(-)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -188,6 +188,9 @@ static const char ebiptables_script_set_
static const char *m_state_out_str = "-m state --state NEW,ESTABLISHED";
static const char *m_state_in_str = "-m state --state ESTABLISHED";
+static const char *m_state_out_str_new = "-m conntrack --ctstate NEW,ESTABLISHED";
+static const char *m_state_in_str_new = "-m conntrack --ctstate ESTABLISHED";
+
static const char *m_physdev_in_str = "-m physdev " PHYSDEV_IN;
static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT;
static const char *m_physdev_out_old_str = "-m physdev " PHYSDEV_OUT_OLD;
@@ -4353,6 +4356,49 @@ ebiptablesDriverProbeCtdir(void)
iptables_ctdir_corrected = CTDIR_STATUS_OLD;
}
+static void
+ebiptablesDriverProbeStateMatch(void)
+{
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ char *cmdout = NULL, *version;
+ unsigned long thisversion;
+
+ NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
+
+ virBufferAsprintf(&buf,
+ "$IPT --version");
+
+ if (ebiptablesExecCLI(&buf, NULL, &cmdout) < 0) {
+ VIR_ERROR(_("Testing of iptables command failed: %s"),
+ cmdout);
+ return;
+ }
+
+ /*
+ * we expect output in the format
+ * iptables v1.4.16
+ */
+ if (!(version = strchr(cmdout, 'v')) ||
+ virParseVersionString(version + 1, &thisversion, true) < 0) {
+ VIR_ERROR(_("Could not determine iptables version from string %s"),
+ cmdout);
+ goto cleanup;
+ }
+
+ /*
+ * since version 1.4.16 '-m state --state ...' will be converted to
+ * '-m conntrack --ctstate ...'
+ */
+ if (thisversion >= 1 * 1000000 + 4 * 1000 + 16) {
+ m_state_out_str = m_state_out_str_new;
+ m_state_in_str = m_state_in_str_new;
+ }
+
+cleanup:
+ VIR_FREE(cmdout);
+ return;
+}
+
static int
ebiptablesDriverInit(bool privileged)
{
@@ -4390,8 +4436,10 @@ ebiptablesDriverInit(bool privileged)
return -ENOTSUP;
}
- if (iptables_cmd_path)
+ if (iptables_cmd_path) {
ebiptablesDriverProbeCtdir();
+ ebiptablesDriverProbeStateMatch();
+ }
ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;
11 years, 3 months
[libvirt] [PATCH] nwfilter: Use -m conntrack rather than -m state
by Stefan Berger
Since iptables version 1.4.16 '-m state --state NEW' is converted to
'-m conntrack --ctstate NEW'. Therefore, when encountering this or later
versions of iptables use '-m conntrack --ctstate'.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
src/nwfilter/nwfilter_ebiptables_driver.c | 50 +++++++++++++++++++++++++++++-
1 file changed, 49 insertions(+), 1 deletion(-)
Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -188,6 +188,9 @@ static const char ebiptables_script_set_
static const char *m_state_out_str = "-m state --state NEW,ESTABLISHED";
static const char *m_state_in_str = "-m state --state ESTABLISHED";
+static const char *m_state_out_str_new = "-m conntrack --ctstate NEW,ESTABLISHED";
+static const char *m_state_in_str_new = "-m conntrack --ctstate ESTABLISHED";
+
static const char *m_physdev_in_str = "-m physdev " PHYSDEV_IN;
static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT;
static const char *m_physdev_out_old_str = "-m physdev " PHYSDEV_OUT_OLD;
@@ -4353,6 +4356,49 @@ ebiptablesDriverProbeCtdir(void)
iptables_ctdir_corrected = CTDIR_STATUS_OLD;
}
+static void
+ebiptablesDriverProbeStateMatch(void)
+{
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+ char *cmdout = NULL, *version;
+ unsigned long thisversion;
+
+ NWFILTER_SET_IPTABLES_SHELLVAR(&buf);
+
+ virBufferAsprintf(&buf,
+ "$IPT --version");
+
+ if (ebiptablesExecCLI(&buf, NULL, &cmdout) < 0) {
+ VIR_ERROR(_("Testing of iptables command failed: %s"),
+ cmdout);
+ return;
+ }
+
+ /*
+ * we expect output in the format
+ * iptables v1.4.16
+ */
+ if (!(version = strchr(cmdout, 'v')) &&
+ virParseVersionString(version + 1, &thisversion, true) < 0) {
+ VIR_ERROR(_("Could not determine iptables version from string %s"),
+ cmdout);
+ goto cleanup;
+ }
+
+ /*
+ * since version 1.4.16 '-m state --state ...' will be converted to
+ * '-m conntrack --ctstate ...'
+ */
+ if (thisversion > 1 * 1000000 + 4 * 1000 + 16) {
+ m_state_out_str = m_state_out_str_new;
+ m_state_in_str = m_state_in_str_new;
+ }
+
+cleanup:
+ VIR_FREE(cmdout);
+ return;
+}
+
static int
ebiptablesDriverInit(bool privileged)
{
@@ -4390,8 +4436,10 @@ ebiptablesDriverInit(bool privileged)
return -ENOTSUP;
}
- if (iptables_cmd_path)
+ if (iptables_cmd_path) {
ebiptablesDriverProbeCtdir();
+ ebiptablesDriverProbeStateMatch();
+ }
ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;
11 years, 3 months
[libvirt] [TCK][PATCH v2] nwfilter: convert ctstate to state
by Stefan Berger
iptables version 1.4.16 and later automatically convert -m state --state ...
to -m conntrack --ctstate ... In the test cases we will then only see 'ctstate'
and convert that back to the older 'state'.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
scripts/nwfilter/nwfilter2vmtest.sh | 5 +++++
1 file changed, 5 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -181,6 +181,11 @@ checkExpectedOutput() {
sed -i "s/ctdir _REPLY/ctdir REPLY/" ${tmpfile}
fi
+ #iptables >= v1.4.16 converts -m state --state ... to
+ #-m conntrack --ctstate ... We now change ctstate back to
+ #state
+ sed -i "s/ctstate/state/" ${tmpfile}
+
diff -w ${tmpfile} ${tmpfile2} >/dev/null
if [ $? -ne 0 ]; then
11 years, 3 months
[libvirt] [PATCH] virGetGroupList: always include the primary group
by Guido Günther
The change from initgroups to virGetGroupList/setgroups in
cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from
processes group list iff the passed in group to virGetGroupList differs
from the user's primary group.
So always include the primary group to bring back the old behaviour.
Debian has the kvm group as primary group but uses
libvirt-qemu:libvirt-qemu as user:group to run the kvm process so
without this change the /dev/kvm is inaccesible.
---
src/util/virutil.c | 30 +++++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/src/util/virutil.c b/src/util/virutil.c
index 3abcd53..12e1467 100644
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -983,29 +983,41 @@ virGetGroupID(const char *group, gid_t *gid)
}
-/* Compute the list of supplementary groups associated with @uid, and
- * including @gid in the list (unless it is -1), storing a malloc'd
- * result into @list. Return the size of the list on success, or -1
- * on failure with error reported and errno set. May not be called
- * between fork and exec. */
+/* Compute the list of primary and supplementary groups associated
+ * with @uid, and including @gid in the list (unless it is -1),
+ * storing a malloc'd result into @list. Return the size of the list
+ * on success, or -1 on failure with error reported and errno set. May
+ * not be called between fork and exec. */
int
virGetGroupList(uid_t uid, gid_t gid, gid_t **list)
{
int ret = -1;
char *user = NULL;
+ gid_t primary;
*list = NULL;
if (uid == (uid_t)-1)
return 0;
- if (virGetUserEnt(uid, &user,
- gid == (gid_t)-1 ? &gid : NULL, NULL) < 0)
+ if (virGetUserEnt(uid, &user, &primary, NULL) < 0)
return -1;
- ret = mgetgroups(user, gid, list);
- if (ret < 0)
+ ret = mgetgroups(user, primary, list);
+ if (ret < 0) {
virReportSystemError(errno,
_("cannot get group list for '%s'"), user);
+ goto cleanup;
+ }
+
+ if (gid != (gid_t)-1) {
+ if (VIR_REALLOC_N(*list, ++ret) < 0) {
+ VIR_FREE(*list);
+ goto cleanup;
+ }
+ (*list)[ret-1] = gid;
+ }
+
+cleanup:
VIR_FREE(user);
return ret;
}
--
1.8.3.2
11 years, 3 months
[libvirt] [PATCHv3 0/2] RESEND - remaining 2 q35 patches
by Laine Stump
Just to make it easier to keep straight what has been pushed, I'm
resending the last two patches that still need an ACK. Doug had
reviewed 1/2, but didn't ACK because he wanted to get more opinions on
whether it's better to a) have a special case that doesn't specify any
id for the primary sata controller (relying on qemu to imply the
proper controller) or b) have a special case that uses "ide.0" for the
primary sata controller (which we've been told will work by qemu
people).
There was a 3rd patch that we've decided not to patch, waiting for a
qemu fix to be pushed instead - the patch that changed all
i82801b11-bridge controllers into pci-bridge controllers to work
around a qemu bug.
Laine Stump (2):
qemu: enable using implicit sata controller in q35 machines
qemu: improve error reporting during PCI address validation
src/qemu/qemu_command.c | 247 +++++++++++++++---------
tests/qemuxml2argvdata/qemuxml2argv-q35.args | 2 +
tests/qemuxml2argvdata/qemuxml2argv-q35.xml | 5 +
tests/qemuxml2argvtest.c | 2 +-
tests/qemuxml2xmloutdata/qemuxml2xmlout-q35.xml | 5 +
5 files changed, 171 insertions(+), 90 deletions(-)
--
1.7.11.7
11 years, 3 months
[libvirt] [PATCH] xen: Use internal interfaces in xenDomainUsedCpus
by Stefan Bader
Based on Daniel's feedback I did a split for public/private functions
for those that cause the lockup when getting XML. Maybe not complete
but at least seems to allow basic usage again (through virt-manager).
-Stefan
---
>From f406c6891fb92a45dc5d5a4d794c5d667965d096 Mon Sep 17 00:00:00 2001
From: Stefan Bader <stefan.bader(a)canonical.com>
Date: Mon, 15 Jul 2013 16:03:58 +0200
Subject: [PATCH] xen: Use internal interfaces in xenDomainUsedCpus
Since commit 95e18efd most public interfaces (xenUnified...) obtain
a virDomainDefPtr via xenGetDomainDefFor...() which take the unified
lock.
This is already taken before calling xenDomainUsedCpus(), so we get
a deadlock for active guests. Avoid this by splitting up
xenUnifiedDomainGetVcpusFlags() and xenUnifiedDomainGetVcpus() into
public and private function calls (which get the virDomainDefPtr passed)
and use those in xenDomainUsedCpus().
xenDomainUsedCpus
...
nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom);
return xenUnifiedDomainGetVcpusFlags(...)
...
if (!(def = xenGetDomainDefForDom(dom)))
return xenGetDomainDefForUUID(dom->conn, dom->uuid);
...
ret = xenHypervisorLookupDomainByUUID(conn, uuid);
...
xenUnifiedLock(priv);
name = xenStoreDomainGetName(conn, id);
xenUnifiedUnlock(priv);
...
if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu,
...
if (!(def = xenGetDomainDefForDom(dom)))
[again like above]
Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com>
---
src/xen/xen_driver.c | 94 +++++++++++++++++++++++++++++++++-----------------
src/xen/xen_driver.h | 2 +-
2 files changed, 64 insertions(+), 32 deletions(-)
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 39334b7..9ae728e 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -73,12 +73,14 @@
static int
xenUnifiedNodeGetInfo(virConnectPtr conn, virNodeInfoPtr info);
+
static int
-xenUnifiedDomainGetMaxVcpus(virDomainPtr dom);
+__xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, virDomainDefPtr def,
+ unsigned int flags);
static int
-xenUnifiedDomainGetVcpus(virDomainPtr dom,
- virVcpuInfoPtr info, int maxinfo,
- unsigned char *cpumaps, int maplen);
+__xenUnifiedDomainGetVcpus(virDomainPtr dom, virDomainDefPtr def,
+ virVcpuInfoPtr info, int maxinfo,
+ unsigned char *cpumaps, int maplen);
static bool is_privileged = false;
@@ -173,6 +175,7 @@ xenNumaInit(virConnectPtr conn) {
/**
* xenDomainUsedCpus:
* @dom: the domain
+ * @def: the domain definition
*
* Analyze which set of CPUs are used by the domain and
* return a string providing the ranges.
@@ -181,7 +184,7 @@ xenNumaInit(virConnectPtr conn) {
* NULL if the domain uses all CPU or in case of error.
*/
char *
-xenDomainUsedCpus(virDomainPtr dom)
+xenDomainUsedCpus(virDomainPtr dom, virDomainDefPtr def)
{
char *res = NULL;
int ncpus;
@@ -202,9 +205,14 @@ xenDomainUsedCpus(virDomainPtr dom)
if (priv->nbNodeCpus <= 0)
return NULL;
- nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom);
+ nb_vcpu = __xenUnifiedDomainGetVcpusFlags(dom, def,
+ (VIR_DOMAIN_VCPU_LIVE |
+ VIR_DOMAIN_VCPU_MAXIMUM));
if (nb_vcpu <= 0)
return NULL;
+ /* FIXME: To be consistent this should map to an internal interface, too.
+ * Currently it actually does map straight to xenDaemonNodeGetInfo().
+ */
if (xenUnifiedNodeGetInfo(dom->conn, &nodeinfo) < 0)
return NULL;
@@ -217,8 +225,8 @@ xenDomainUsedCpus(virDomainPtr dom)
VIR_ALLOC_N(cpumap, nb_vcpu * cpumaplen) < 0)
goto done;
- if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu,
- cpumap, cpumaplen)) >= 0) {
+ if ((ncpus = __xenUnifiedDomainGetVcpus(dom, def, cpuinfo, nb_vcpu,
+ cpumap, cpumaplen)) >= 0) {
for (n = 0; n < ncpus; n++) {
for (m = 0; m < priv->nbNodeCpus; m++) {
bool used;
@@ -1410,54 +1418,57 @@ cleanup:
}
static int
-xenUnifiedDomainGetVcpus(virDomainPtr dom,
- virVcpuInfoPtr info, int maxinfo,
- unsigned char *cpumaps, int maplen)
+__xenUnifiedDomainGetVcpus(virDomainPtr dom, virDomainDefPtr def,
+ virVcpuInfoPtr info, int maxinfo,
+ unsigned char *cpumaps, int maplen)
{
xenUnifiedPrivatePtr priv = dom->conn->privateData;
- virDomainDefPtr def = NULL;
int ret = -1;
- if (!(def = xenGetDomainDefForDom(dom)))
- goto cleanup;
-
- if (virDomainGetVcpusEnsureACL(dom->conn, def) < 0)
- goto cleanup;
-
if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Cannot get VCPUs of inactive domain"));
- goto cleanup;
} else {
- ret = xenDaemonDomainGetVcpus(dom->conn, def, info, maxinfo, cpumaps, maplen);
+ ret = xenDaemonDomainGetVcpus(dom->conn, def, info, maxinfo,
+ cpumaps, maplen);
}
} else {
- ret = xenHypervisorGetVcpus(dom->conn, def, info, maxinfo, cpumaps, maplen);
+ ret = xenHypervisorGetVcpus(dom->conn, def, info, maxinfo, cpumaps,
+ maplen);
}
-cleanup:
- virDomainDefFree(def);
return ret;
}
static int
-xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+xenUnifiedDomainGetVcpus(virDomainPtr dom,
+ virVcpuInfoPtr info, int maxinfo,
+ unsigned char *cpumaps, int maplen)
{
- xenUnifiedPrivatePtr priv = dom->conn->privateData;
virDomainDefPtr def = NULL;
int ret = -1;
- virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
- VIR_DOMAIN_VCPU_CONFIG |
- VIR_DOMAIN_VCPU_MAXIMUM, -1);
-
if (!(def = xenGetDomainDefForDom(dom)))
goto cleanup;
- if (virDomainGetVcpusFlagsEnsureACL(dom->conn, def) < 0)
+ if (virDomainGetVcpusEnsureACL(dom->conn, def) < 0)
goto cleanup;
+ ret = __xenUnifiedDomainGetVcpus(dom, def, info, maxinfo, cpumaps, maplen);
+
+cleanup:
+ virDomainDefFree(def);
+ return ret;
+}
+
+static int
+__xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, virDomainDefPtr def,
+ unsigned int flags)
+{
+ xenUnifiedPrivatePtr priv = dom->conn->privateData;
+ int ret = -1;
+
if (dom->id < 0) {
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4)
ret = xenXMDomainGetVcpusFlags(dom->conn, def, flags);
@@ -1470,6 +1481,27 @@ xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
ret = xenDaemonDomainGetVcpusFlags(dom->conn, def, flags);
}
+ return ret;
+}
+
+static int
+xenUnifiedDomainGetVcpusFlags(virDomainPtr dom, unsigned int flags)
+{
+ virDomainDefPtr def = NULL;
+ int ret = -1;
+
+ virCheckFlags(VIR_DOMAIN_VCPU_LIVE |
+ VIR_DOMAIN_VCPU_CONFIG |
+ VIR_DOMAIN_VCPU_MAXIMUM, -1);
+
+ if (!(def = xenGetDomainDefForDom(dom)))
+ goto cleanup;
+
+ if (virDomainGetVcpusFlagsEnsureACL(dom->conn, def) < 0)
+ goto cleanup;
+
+ ret = __xenUnifiedDomainGetVcpusFlags(dom, def, flags);
+
cleanup:
virDomainDefFree(def);
return ret;
@@ -1501,7 +1533,7 @@ xenUnifiedDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
} else {
char *cpus;
xenUnifiedLock(priv);
- cpus = xenDomainUsedCpus(dom);
+ cpus = xenDomainUsedCpus(dom, def);
xenUnifiedUnlock(priv);
def = xenDaemonDomainGetXMLDesc(dom->conn, minidef, cpus);
VIR_FREE(cpus);
diff --git a/src/xen/xen_driver.h b/src/xen/xen_driver.h
index 3c7a8cd..a363161 100644
--- a/src/xen/xen_driver.h
+++ b/src/xen/xen_driver.h
@@ -187,7 +187,7 @@ struct _xenUnifiedPrivate {
typedef struct _xenUnifiedPrivate *xenUnifiedPrivatePtr;
-char *xenDomainUsedCpus(virDomainPtr dom);
+char *xenDomainUsedCpus(virDomainPtr dom, virDomainDefPtr def);
virDomainXMLOptionPtr xenDomainXMLConfInit(void);
--
1.7.9.5
11 years, 3 months
[libvirt] [TCK][PATCH] nwfilter: convert ctstate to state
by Stefan Berger
iptables version 1.4.16 and later automatically convert -m state --state ...
to -m conntrack --ctstate ... In the test cases we will then only see 'ctstate'
and convert that back to the older 'state' before comparing actual against
expected output.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
scripts/nwfilter/nwfilter2vmtest.sh | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
Index: libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
===================================================================
--- libvirt-tck.orig/scripts/nwfilter/nwfilter2vmtest.sh
+++ libvirt-tck/scripts/nwfilter/nwfilter2vmtest.sh
@@ -32,6 +32,9 @@ FLAG_FORCE_CLEAN="$((1<<5))"
# netfilter at some point. We probe for it.
IPTABLES_CTRDIR_CORRECTED=0
+# starting with iptables v1.4.16 -m state becomes -m ctstate
+IPTABLES_USE_CTSTATE=0
+
failctr=0
passctr=0
attachfailctr=0
@@ -114,6 +117,16 @@ probeIptablesCtdir() {
fi
}
+probeIptablesCtstate() {
+ rev=$(iptables --version | \
+ sed -n 's/.*v\([[:digit:]].\)/\1/p' |
+ gawk -F. '{print $1 * 1000000 + $2 * 1000 + $3 }')
+ # 1.4.16 or later uses ctstate
+ if [ $rev -ge 1004016 ]; then
+ IPTABLES_USE_CTSTATE=1
+ fi
+}
+
checkExpectedOutput() {
xmlfile="$1"
fwallfile="$2"
@@ -181,6 +194,11 @@ checkExpectedOutput() {
sed -i "s/ctdir _REPLY/ctdir REPLY/" ${tmpfile}
fi
+ if [ $IPTABLES_USE_CTSTATE -ne 0 ]; then
+ #change ctstate tback o state
+ sed -i "s/ctstate/state/" ${tmpfile}
+ fi
+
diff -w ${tmpfile} ${tmpfile2} >/dev/null
if [ $? -ne 0 ]; then
@@ -574,6 +592,7 @@ main() {
exit 1;
else
probeIptablesCtdir
+ probeIptablesCtstate
fi
if [ $(($flags & $FLAG_TAP_TEST)) -ne 0 ]; then
11 years, 3 months
