[libvirt] [PATCH] storage: remove a redundant NULL assignment
by Chen Hanxiao
We already did this in virSecretDefFree.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
src/storage/storage_backend.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 98720f6..440f8b1 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -558,7 +558,6 @@ virStorageGenerateQcowEncryption(virConnectPtr conn,
goto cleanup;
xml = virSecretDefFormat(def);
virSecretDefFree(def);
- def = NULL;
if (xml == NULL)
goto cleanup;
--
1.9.3
9 years, 12 months
[libvirt] [PATCH RFC] storage: perform btrfs clone if possible
by Chen Hanxiao
We already had nocow flags in virStorageSource.
But when creating RAW file, we don't take advantage
of clone of btrfs.
This file introduce btrfs_clone_file function,
and try to use it when !nocow.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
src/storage/storage_backend.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 98720f6..f5ea34c 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -156,6 +156,27 @@ enum {
#define READ_BLOCK_SIZE_DEFAULT (1024 * 1024)
#define WRITE_BLOCK_SIZE_DEFAULT (4 * 1024)
+/*
+ * Perform the O(1) btrfs clone operation, if possible.
+ * Upon success, return 0. Otherwise, return -1 and set errno.
+ */
+static inline int
+btrfs_clone_file(int dest_fd, int src_fd)
+{
+#ifdef __linux__
+# undef BTRFS_IOCTL_MAGICi
+# define BTRFS_IOCTL_MAGIC 0x94
+# undef BTRFS_IOC_CLONE
+# define BTRFS_IOC_CLONE _IOW (BTRFS_IOCTL_MAGIC, 9, int)
+ return ioctl(dest_fd, BTRFS_IOC_CLONE, src_fd);
+#else
+ (void) dest_fd;
+ (void) src_fd;
+ errno = ENOTSUP;
+ return -1;
+#endif
+}
+
static int ATTRIBUTE_NONNULL(2)
virStorageBackendCopyToFD(virStorageVolDefPtr vol,
virStorageVolDefPtr inputvol,
@@ -200,6 +221,16 @@ virStorageBackendCopyToFD(virStorageVolDefPtr vol,
goto cleanup;
}
+ if (!vol->target.nocow) {
+ if (btrfs_clone_file(fd, inputfd) == -1) {
+ if (errno == ENOTSUP)
+ VIR_DEBUG("btrfs clone not supported, try another way.");
+ } else {
+ VIR_DEBUG("btrfs clone findished.");
+ goto cleanup;
+ }
+ }
+
while (amtread != 0) {
int amtleft;
--
1.9.3
9 years, 12 months
[libvirt] [sandbox][PATCH 0/2] AppArmor support
by Cédric Bosdonnat
Hi all,
Here are 2 patches: one to get apparmor support for virt-sandbox and virt-sandbox-service
and 1 to get services with disk image actually start.
The AppArmor support doesn't add any parameter to the user, virt-sandbox, just uses either
apparmor or selinux depending on the one available... as those can't be running at the same
time.
Cédric Bosdonnat (2):
AppArmor support
virt-sandbox-service: mount /var after all other file systems
bin/virt-sandbox-service | 21 ++++++++++++--------
libvirt-sandbox/libvirt-sandbox-builder.c | 32 +++++++++++++++++++++++++++++++
2 files changed, 45 insertions(+), 8 deletions(-)
--
2.1.2
9 years, 12 months
[libvirt] [PATCH v3 repost] network: Bring netdevs online later
by Matthew Rosato
Repost of a patch that got lost in the shuffle. The last version
(v3) was based on review comments from Martin Kletzander but needs
additional review.
Here's a link back to the v2 post, which was the last to receive
comments:
http://www.redhat.com/archives/libvir-list/2014-August/msg01332.html
This repost is identical in content to the previous v3 submission,
save for retrofit needed.
Associated bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1081461
Changes for v3:
* Some minor formatting fixes.
* in qemuNetworkIfaceConnect, set VIR_NETDEV_TAP_CREATE_IFUP
unconditionally.
* in qemuDomainAttachNetDevice, call qemuInterfaceStartDevice on for
VIR_DOMAIN_NET_TYPE_DIRECT, _BRIDGE and _NETWORK.
* in qemuProcessStartCPUs, use 'reason' to determine whether or not
qemuInterfaceStartDevices needs to be called. Basically, it needs
to be called for any reason that the system would be initializing,
as well as potentially after a failed migration.
Matthew Rosato (1):
network: Bring netdevs online later
src/Makefile.am | 3 +-
src/conf/domain_conf.h | 2 ++
src/lxc/lxc_process.c | 4 ++-
src/qemu/qemu_command.c | 3 ++
src/qemu/qemu_hotplug.c | 8 +++++
src/qemu/qemu_interface.c | 76 +++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_interface.h | 32 ++++++++++++++++++
src/qemu/qemu_process.c | 7 ++++
src/util/virnetdevmacvlan.c | 8 +++--
src/util/virnetdevmacvlan.h | 2 ++
10 files changed, 140 insertions(+), 5 deletions(-)
create mode 100644 src/qemu/qemu_interface.c
create mode 100644 src/qemu/qemu_interface.h
--
1.7.9.5
9 years, 12 months
[libvirt] [PATCH 0/2] prep for backing chain stat reporting
by Eric Blake
I'm still working on more patches to expose the allocation watermark
of backing images during a block commit, but want to get these
preliminary patches posted now.
Eric Blake (2):
virsh: document block.n.allocation stat
getstats: add block.n.source stat
src/libvirt-domain.c | 16 +++++++++++++---
src/qemu/qemu_driver.c | 36 ++++++++++++++++++++----------------
tools/virsh.pod | 10 +++++++---
3 files changed, 40 insertions(+), 22 deletions(-)
--
1.9.3
9 years, 12 months
[libvirt] [python PATCH] event: Add bindings for agent lifecycle event
by Peter Krempa
Also add the example.
---
examples/event-test.py | 13 +++++++++++
libvirt-override.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 73 insertions(+)
mode change 100644 => 100755 examples/event-test.py
diff --git a/examples/event-test.py b/examples/event-test.py
old mode 100644
new mode 100755
index be7a7d4..acc7f20
--- a/examples/event-test.py
+++ b/examples/event-test.py
@@ -464,6 +464,15 @@ def blockJobStatusToString(status):
blockJobStatus = ( "Completed", "Failed", "Canceled", "Ready", )
return blockJobStatus[status]
+
+def agentLifecycleStateToString(state):
+ agentStates = ( "unknown", "connected", "disconnected", )
+ return agentStates[state]
+
+def agentLifecycleReasonToString(reason):
+ agentReasons = ( "unknown", "domain booted", "channel event", )
+ return agentReasons[reason]
+
def myDomainEventCallback1 (conn, dom, event, detail, opaque):
print("myDomainEventCallback1 EVENT: Domain %s(%s) %s %s" % (dom.name(), dom.ID(),
domEventToString(event),
@@ -517,6 +526,9 @@ def myDomainEventBlockJob2Callback(conn, dom, disk, type, status, opaque):
print("myDomainEventBlockJob2Callback: Domain %s(%s) %s on disk %s %s" % (dom.name(), dom.ID(), blockJobTypeToString(type), disk, blockJobStatusToString(status)))
def myDomainEventTunableCallback(conn, dom, params, opaque):
print("myDomainEventTunableCallback: Domain %s(%s) %s" % (dom.name(), dom.ID(), params))
+def myDomainEventAgentLifecycleCallback(conn, dom, state, reason, opaque):
+ print("myDomainEventAgentLifecycleCallback: Domain %s(%s) %s %s" % (dom.name(), dom.ID, agentLifecycleStateToString(state), agentLifecycleReasonToString(reason)))
+
##########################################################################
# Network events
@@ -627,6 +639,7 @@ def main():
vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED, myDomainEventDeviceRemovedCallback, None)
vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_BLOCK_JOB_2, myDomainEventBlockJob2Callback, None)
vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_TUNABLE, myDomainEventTunableCallback, None)
+ vc.domainEventRegisterAny(None, libvirt.VIR_DOMAIN_EVENT_ID_AGENT_LIFECYCLE, myDomainEventAgentLifecycleCallback, None)
vc.networkEventRegisterAny(None, libvirt.VIR_NETWORK_EVENT_ID_LIFECYCLE, myNetworkEventLifecycleCallback, None)
diff --git a/libvirt-override.c b/libvirt-override.c
index a53b46f..af4f386 100644
--- a/libvirt-override.c
+++ b/libvirt-override.c
@@ -6566,6 +6566,61 @@ libvirt_virConnectDomainEventTunableCallback(virConnectPtr conn ATTRIBUTE_UNUSED
}
#endif /* LIBVIR_CHECK_VERSION(1, 2, 9) */
+#if LIBVIR_CHECK_VERSION(1, 2, 11)
+static int
+libvirt_virConnectDomainEventAgentLifecycleCallback(virConnectPtr conn ATTRIBUTE_UNUSED,
+ virDomainPtr dom,
+ int state,
+ int reason,
+ void *opaque)
+{
+ PyObject *pyobj_cbData = (PyObject*)opaque;
+ PyObject *pyobj_dom;
+ PyObject *pyobj_ret = NULL;
+ PyObject *pyobj_conn;
+ PyObject *dictKey;
+ int ret = -1;
+
+ LIBVIRT_ENSURE_THREAD_STATE;
+
+ if (!(dictKey = libvirt_constcharPtrWrap("conn")))
+ goto cleanup;
+ pyobj_conn = PyDict_GetItem(pyobj_cbData, dictKey);
+ Py_DECREF(dictKey);
+
+ /* Create a python instance of this virDomainPtr */
+ virDomainRef(dom);
+ if (!(pyobj_dom = libvirt_virDomainPtrWrap(dom))) {
+ virDomainFree(dom);
+ goto cleanup;
+ }
+ Py_INCREF(pyobj_cbData);
+
+ /* Call the Callback Dispatcher */
+ pyobj_ret = PyObject_CallMethod(pyobj_conn,
+ (char*)"_dispatchDomainEventTunableCallback",
+ (char*)"OiiO",
+ pyobj_dom, state, reason, pyobj_cbData);
+
+ Py_DECREF(pyobj_cbData);
+ Py_DECREF(pyobj_dom);
+
+ cleanup:
+ if (!pyobj_ret) {
+ DEBUG("%s - ret:%p\n", __FUNCTION__, pyobj_ret);
+ PyErr_Print();
+ } else {
+ Py_DECREF(pyobj_ret);
+ ret = 0;
+ }
+
+ LIBVIRT_RELEASE_THREAD_STATE;
+ return ret;
+
+}
+#endif /* LIBVIR_CHECK_VERSION(1, 2, 11) */
+
+
static PyObject *
libvirt_virConnectDomainEventRegisterAny(ATTRIBUTE_UNUSED PyObject *self,
PyObject *args)
@@ -6658,6 +6713,11 @@ libvirt_virConnectDomainEventRegisterAny(ATTRIBUTE_UNUSED PyObject *self,
cb = VIR_DOMAIN_EVENT_CALLBACK(libvirt_virConnectDomainEventTunableCallback);
break;
#endif /* LIBVIR_CHECK_VERSION(1, 2, 9) */
+#if LIBVIR_CHECK_VERSION(1, 2, 11)
+ case VIR_DOMAIN_EVENT_ID_AGENT_LIFECYCLE:
+ cb = VIR_DOMAIN_EVENT_CALLBACK(libvirt_virConnectDomainEventAgentLifecycleCallback);
+ break;
+#endif /* LIBVIR_CHECK_VERSION(1, 2, 11) */
case VIR_DOMAIN_EVENT_ID_LAST:
break;
}
--
2.1.0
9 years, 12 months
[libvirt] [PATCH] dbus: fix arrays of bools
by Eric Blake
Commit 2aa167ca tried to fix the DBus interaction code to allow
callers to use native types instead of 4-byte bools. But in
fixing the issue, I missed the case of an arrayref; Conrad Meyer
shows the following valid complaint issued by clang:
CC util/libvirt_util_la-virdbus.lo
util/virdbus.c:956:13: error: cast from 'bool *' to 'dbus_bool_t *' (aka 'unsigned int *') increases required alignment from 1 to 4 [-Werror,-Wcast-align]
GET_NEXT_VAL(dbus_bool_t, bool_val, bool, "%d");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
util/virdbus.c:858:17: note: expanded from macro 'GET_NEXT_VAL'
x = (dbustype *)(*xptrptr + (*narrayptr - 1)); \
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 error generated.
But fixing that points out that we have NEVER supported arrayrefs
of sub-int types (byte, i16, u16, and now bool). Again, while raw
types promote, arrays do not; so the macros HAVE to deal with both
size possibilities rather than assuming that an arrayref uses the
same sizing as the promoted raw type.
Obviously, our testsuite wasn't covering as much as it should have.
* src/util/virdbus.c (GET_NEXT_VAL): Also fix array cases.
(SET_NEXT_VAL): Fix uses of sub-int arrays.
* tests/virdbustest.c (testMessageArray, testMessageArrayRef):
Test it.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
Although this fixes a build-breaker, it is not trivial, and
therefore I will wait for a full review.
src/util/virdbus.c | 39 +++++++++++++++++++++------------------
tests/virdbustest.c | 29 +++++++++++++++++++++++++----
2 files changed, 46 insertions(+), 22 deletions(-)
diff --git a/src/util/virdbus.c b/src/util/virdbus.c
index f27fce7..ee8732c 100644
--- a/src/util/virdbus.c
+++ b/src/util/virdbus.c
@@ -574,11 +574,11 @@ virDBusIsAllowedRefType(const char *sig)
}
-# define SET_NEXT_VAL(dbustype, vargtype, sigtype, fmt) \
+# define SET_NEXT_VAL(dbustype, vargtype, arrtype, sigtype, fmt) \
do { \
dbustype x; \
if (arrayref) { \
- vargtype *valarray = arrayptr; \
+ arrtype valarray = arrayptr; \
x = (dbustype)*valarray; \
valarray++; \
arrayptr = valarray; \
@@ -666,45 +666,48 @@ virDBusMessageIterEncode(DBusMessageIter *rootiter,
switch (*t) {
case DBUS_TYPE_BYTE:
- SET_NEXT_VAL(unsigned char, int, *t, "%d");
+ SET_NEXT_VAL(unsigned char, int, unsigned char *, *t, "%d");
break;
case DBUS_TYPE_BOOLEAN:
- SET_NEXT_VAL(dbus_bool_t, int, *t, "%d");
+ SET_NEXT_VAL(dbus_bool_t, int, bool *, *t, "%d");
break;
case DBUS_TYPE_INT16:
- SET_NEXT_VAL(dbus_int16_t, int, *t, "%d");
+ SET_NEXT_VAL(dbus_int16_t, int, short *, *t, "%d");
break;
case DBUS_TYPE_UINT16:
- SET_NEXT_VAL(dbus_uint16_t, unsigned int, *t, "%d");
+ SET_NEXT_VAL(dbus_uint16_t, unsigned int, unsigned short *,
+ *t, "%d");
break;
case DBUS_TYPE_INT32:
- SET_NEXT_VAL(dbus_int32_t, int, *t, "%d");
+ SET_NEXT_VAL(dbus_int32_t, int, int *, *t, "%d");
break;
case DBUS_TYPE_UINT32:
- SET_NEXT_VAL(dbus_uint32_t, unsigned int, *t, "%u");
+ SET_NEXT_VAL(dbus_uint32_t, unsigned int, unsigned int *,
+ *t, "%u");
break;
case DBUS_TYPE_INT64:
- SET_NEXT_VAL(dbus_int64_t, long long, *t, "%lld");
+ SET_NEXT_VAL(dbus_int64_t, long long, long long *, *t, "%lld");
break;
case DBUS_TYPE_UINT64:
- SET_NEXT_VAL(dbus_uint64_t, unsigned long long, *t, "%llu");
+ SET_NEXT_VAL(dbus_uint64_t, unsigned long long,
+ unsigned long long *, *t, "%llu");
break;
case DBUS_TYPE_DOUBLE:
- SET_NEXT_VAL(double, double, *t, "%lf");
+ SET_NEXT_VAL(double, double, double *, *t, "%lf");
break;
case DBUS_TYPE_STRING:
case DBUS_TYPE_OBJECT_PATH:
case DBUS_TYPE_SIGNATURE:
- SET_NEXT_VAL(char *, char *, *t, "%s");
+ SET_NEXT_VAL(char *, char *, char **, *t, "%s");
break;
case DBUS_TYPE_ARRAY:
@@ -848,23 +851,23 @@ virDBusMessageIterEncode(DBusMessageIter *rootiter,
# define GET_NEXT_VAL(dbustype, member, vargtype, fmt) \
do { \
- dbustype *x; \
DBusBasicValue v; \
+ dbustype *x = (dbustype *)&v.member; \
+ vargtype *y; \
if (arrayref) { \
VIR_DEBUG("Use arrayref"); \
vargtype **xptrptr = arrayptr; \
if (VIR_EXPAND_N(*xptrptr, *narrayptr, 1) < 0) \
goto cleanup; \
- x = (dbustype *)(*xptrptr + (*narrayptr - 1)); \
+ y = (*xptrptr + (*narrayptr - 1)); \
VIR_DEBUG("Expanded to %zu", *narrayptr); \
} else { \
- x = (dbustype *)&(v.member); \
+ y = va_arg(args, vargtype *); \
} \
dbus_message_iter_get_basic(iter, x); \
- if (!arrayref) \
- *va_arg(args, vargtype *) = v.member; \
+ *y = *x; \
VIR_DEBUG("Read basic type '" #dbustype "' varg '" #vargtype \
- "' val '" fmt "'", (vargtype)*x); \
+ "' val '" fmt "'", (vargtype)*y); \
} while (0)
diff --git a/tests/virdbustest.c b/tests/virdbustest.c
index 98b4bf6..4ec3c0d 100644
--- a/tests/virdbustest.c
+++ b/tests/virdbustest.c
@@ -183,6 +183,7 @@ static int testMessageArray(const void *args ATTRIBUTE_UNUSED)
int in_int32a = 1000000000, out_int32a = 0;
int in_int32b = 2000000000, out_int32b = 0;
int in_int32c = -2000000000, out_int32c = 0;
+ bool in_bool[] = { true, false, true }, out_bool[] = { false, true, false};
const char *in_str2 = "World";
char *out_str1 = NULL, *out_str2 = NULL;
@@ -195,18 +196,20 @@ static int testMessageArray(const void *args ATTRIBUTE_UNUSED)
}
if (virDBusMessageEncode(msg,
- "sais",
+ "saiabs",
in_str1,
3, in_int32a, in_int32b, in_int32c,
+ 3, in_bool[0], in_bool[1], in_bool[2],
in_str2) < 0) {
VIR_DEBUG("Failed to encode arguments");
goto cleanup;
}
if (virDBusMessageDecode(msg,
- "sais",
+ "saiabs",
&out_str1,
3, &out_int32a, &out_int32b, &out_int32c,
+ 3, &out_bool[0], &out_bool[1], &out_bool[2],
&out_str2) < 0) {
VIR_DEBUG("Failed to decode arguments");
goto cleanup;
@@ -217,6 +220,9 @@ static int testMessageArray(const void *args ATTRIBUTE_UNUSED)
VERIFY("int32a", in_int32a, out_int32a, "%d");
VERIFY("int32b", in_int32b, out_int32b, "%d");
VERIFY("int32c", in_int32c, out_int32c, "%d");
+ VERIFY("bool[0]", in_bool[0], out_bool[0], "%d");
+ VERIFY("bool[1]", in_bool[1], out_bool[1], "%d");
+ VERIFY("bool[2]", in_bool[2], out_bool[2], "%d");
VERIFY_STR("str2", in_str2, out_str2, "%s");
ret = 0;
@@ -329,6 +335,7 @@ static int testMessageArrayRef(const void *args ATTRIBUTE_UNUSED)
int in_int32[] = {
100000000, 2000000000, -2000000000
};
+ bool in_bool[] = { true, false, true };
const char *in_strv1[] = {
"Fishfood",
};
@@ -337,6 +344,8 @@ static int testMessageArrayRef(const void *args ATTRIBUTE_UNUSED)
};
int *out_int32 = NULL;
size_t out_nint32 = 0;
+ bool *out_bool = NULL;
+ size_t out_nbool = 0;
char **out_strv1 = NULL;
char **out_strv2 = NULL;
size_t out_nstrv1 = 0;
@@ -354,10 +363,11 @@ static int testMessageArrayRef(const void *args ATTRIBUTE_UNUSED)
}
if (virDBusMessageEncode(msg,
- "sa&sa&ia&ss",
+ "sa&sa&ia&ba&ss",
in_str1,
1, in_strv1,
3, in_int32,
+ 3, in_bool,
2, in_strv2,
in_str2) < 0) {
VIR_DEBUG("Failed to encode arguments");
@@ -365,10 +375,11 @@ static int testMessageArrayRef(const void *args ATTRIBUTE_UNUSED)
}
if (virDBusMessageDecode(msg,
- "sa&sa&ia&ss",
+ "sa&sa&ia&ba&ss",
&out_str1,
&out_nstrv1, &out_strv1,
&out_nint32, &out_int32,
+ &out_nbool, &out_bool,
&out_nstrv2, &out_strv2,
&out_str2) < 0) {
VIR_DEBUG("Failed to decode arguments");
@@ -393,6 +404,15 @@ static int testMessageArrayRef(const void *args ATTRIBUTE_UNUSED)
VERIFY("int32b", in_int32[1], out_int32[1], "%d");
VERIFY("int32c", in_int32[2], out_int32[2], "%d");
+ if (out_nbool != 3) {
+ fprintf(stderr, "Expected 3 bools, but got %zu\n",
+ out_nbool);
+ goto cleanup;
+ }
+ VERIFY("bool[0]", in_bool[0], out_bool[0], "%d");
+ VERIFY("bool[1]", in_bool[1], out_bool[1], "%d");
+ VERIFY("bool[2]", in_bool[2], out_bool[2], "%d");
+
if (out_nstrv2 != 2) {
fprintf(stderr, "Expected 2 strings, but got %zu\n",
out_nstrv2);
@@ -407,6 +427,7 @@ static int testMessageArrayRef(const void *args ATTRIBUTE_UNUSED)
cleanup:
VIR_FREE(out_int32);
+ VIR_FREE(out_bool);
VIR_FREE(out_str1);
VIR_FREE(out_str2);
for (i = 0; i < out_nstrv1; i++)
--
1.9.3
9 years, 12 months
[libvirt] [PATCH] Re-add use of locking with iptables/ip6tables/ebtables
by Daniel P. Berrange
A previous commit introduced use of locking with invocation
of iptables in the viriptables.c module
commit ba95426d6f39aec1da6e069dd7222f7a8c6a5862
Author: Serge Hallyn <serge.hallyn(a)ubuntu.com>
Date: Fri Nov 1 12:36:59 2013 -0500
util: use -w flag when calling iptables
This only ever had effect with the virtual network driver,
as it was not wired up into the nwfilter driver. Unfortunately
in the firewall refactoring the use of the -w flag was
accidentally lost.
This patch introduces it to the virfirewall.c module so that
both the virtual network and nwfilter drivers will be using
it. It also ensures that the equivalent --concurrent flag
to ebtables is used.
---
src/util/virfirewall.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++---
src/util/viriptables.c | 2 --
2 files changed, 63 insertions(+), 6 deletions(-)
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index bab1634..c83fdc6 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -104,6 +104,44 @@ virFirewallOnceInit(void)
VIR_ONCE_GLOBAL_INIT(virFirewall)
+static bool iptablesUseLock;
+static bool ip6tablesUseLock;
+static bool ebtablesUseLock;
+
+static void
+virFirewallCheckUpdateLock(bool *lockflag,
+ const char *const*args)
+{
+ virCommandPtr cmd = virCommandNewArgs(args);
+ if (virCommandRun(cmd, NULL) < 0) {
+ VIR_INFO("locking not supported by %s", args[0]);
+ } else {
+ VIR_INFO("using locking for %s", args[0]);
+ *lockflag = true;
+ }
+ virCommandFree(cmd);
+}
+
+static void
+virFirewallCheckUpdateLocking(void)
+{
+ const char *iptablesArgs[] = {
+ IPTABLES_PATH, "-w", "-L", "-n", NULL,
+ };
+ const char *ip6tablesArgs[] = {
+ IP6TABLES_PATH, "-w", "-L", "-n", NULL,
+ };
+ const char *ebtablesArgs[] = {
+ EBTABLES_PATH, "--concurrent", "-L", NULL,
+ };
+ virFirewallCheckUpdateLock(&iptablesUseLock,
+ iptablesArgs);
+ virFirewallCheckUpdateLock(&ip6tablesUseLock,
+ ip6tablesArgs);
+ virFirewallCheckUpdateLock(&ebtablesUseLock,
+ ebtablesArgs);
+}
+
static int
virFirewallValidateBackend(virFirewallBackend backend)
{
@@ -161,6 +199,9 @@ virFirewallValidateBackend(virFirewallBackend backend)
}
currentBackend = backend;
+
+ virFirewallCheckUpdateLocking();
+
return 0;
}
@@ -201,6 +242,9 @@ virFirewallPtr virFirewallNew(void)
{
virFirewallPtr firewall;
+ if (virFirewallInitialize() < 0)
+ return NULL;
+
if (VIR_ALLOC(firewall) < 0)
return NULL;
@@ -321,6 +365,23 @@ virFirewallAddRuleFullV(virFirewallPtr firewall,
rule->queryOpaque = opaque;
rule->ignoreErrors = ignoreErrors;
+ switch (rule->layer) {
+ case VIR_FIREWALL_LAYER_ETHERNET:
+ if (ebtablesUseLock)
+ ADD_ARG(rule, "--concurrent");
+ break;
+ case VIR_FIREWALL_LAYER_IPV4:
+ if (iptablesUseLock)
+ ADD_ARG(rule, "-w");
+ break;
+ case VIR_FIREWALL_LAYER_IPV6:
+ if (ip6tablesUseLock)
+ ADD_ARG(rule, "-w");
+ break;
+ case VIR_FIREWALL_LAYER_LAST:
+ break;
+ }
+
while ((str = va_arg(args, char *)) != NULL) {
ADD_ARG(rule, str);
}
@@ -840,8 +901,8 @@ virFirewallApplyGroup(virFirewallPtr firewall,
bool ignoreErrors = (group->actionFlags & VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
size_t i;
- VIR_INFO("Starting transaction for %p flags=%x",
- group, group->actionFlags);
+ VIR_INFO("Starting transaction for firewall=%p group=%p flags=%x",
+ firewall, group, group->actionFlags);
firewall->currentGroup = idx;
group->addingRollback = false;
for (i = 0; i < group->naction; i++) {
@@ -879,8 +940,6 @@ virFirewallApply(virFirewallPtr firewall)
int ret = -1;
virMutexLock(&ruleLock);
- if (virFirewallInitialize() < 0)
- goto cleanup;
if (!firewall || firewall->err == ENOMEM) {
virReportOOMError();
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 4f3ac9c..46b4017 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -52,8 +52,6 @@
VIR_LOG_INIT("util.iptables");
-bool iptables_supports_xlock = false;
-
#define VIR_FROM_THIS VIR_FROM_NONE
enum {
--
2.1.0
9 years, 12 months
[libvirt] [PATCH 0/9] Let libvirt manage a bridge's FDB
by Laine Stump
The idea behind these patches is the following:
1) most virtual machines only have a single MAC address behind each
interface, and that MAC address is known by libvirt.
2) If we (i.e. libvirt) manually add an entry to the bridge's
forwarding database (fdb) for the MAC address associated with a port
on the bridge, we can turn off learning and unicast_flooding for that
port.
3) kernels starting with 3.15 (and actually working correctly starting
in kernel 3.17) will notice that all of a bridge's ports have flood
and learning turned off, and in that case will turn off promiscuous
mode on all ports. If all but one of the ports have flood/learning
turned off, then promiscuous will be turned off on that port (and left
on for all the other ports)
4) When (4) can be done, there is a measurable performance
advantage. It can also help security, as it will prevent a guest from
doing anything useful if it changes its MAC address.
Notes:
A) Patches 1-7 are the only ones that I plan to push now, 8 & 9 are
just to simplify tangentially-related code, and I've found a problem
with these during update of a live system, so I won't be pushing
them. You can/should ignore them for now.
B) I don't like the name "promiscLinks", and will probably change it
(maybe to "fdb='managed|auto'), but want to get the other aspects of
these patches reviewed.
C) These only work with a fixed MAC address, and no vlan tags set in
the guest. Support for both of those will be coming.
Laine Stump (9):
util: new functions for setting bridge and bridge port attributes
util: functions to manage bridge fdb (forwarding database)
conf: new network bridge device attribute promiscLinks
network: save bridge name in ActualNetDef when actualType==network too
network: store network promiscLinks setting in NetDef actual object
network: setup bridge devices for promiscLinks='no'
qemu: setup tap devices for promiscLinks='no'
qemu: always use virDomainNetGetActualBridgeName to get interface's
bridge
lxc: always use virDomainNetGetActualBridgeName to get interface's
bridge
docs/formatnetwork.html.in | 36 +-
docs/schemas/network.rng | 5 +
src/conf/domain_conf.c | 129 +++++---
src/conf/domain_conf.h | 2 +
src/conf/network_conf.c | 47 ++-
src/conf/network_conf.h | 1 +
src/libvirt_private.syms | 9 +
src/lxc/lxc_driver.c | 32 +-
src/lxc/lxc_process.c | 32 +-
src/network/bridge_driver.c | 66 ++++
src/qemu/qemu_command.c | 51 ++-
src/qemu/qemu_hotplug.c | 60 +---
src/util/virnetdevbridge.c | 364 ++++++++++++++++++++-
src/util/virnetdevbridge.h | 44 ++-
tests/networkxml2xmlin/host-bridge-no-flood.xml | 6 +
.../nat-network-explicit-flood.xml | 21 ++
tests/networkxml2xmlout/host-bridge-no-flood.xml | 6 +
.../nat-network-explicit-flood.xml | 23 ++
tests/networkxml2xmltest.c | 2 +
19 files changed, 726 insertions(+), 210 deletions(-)
create mode 100644 tests/networkxml2xmlin/host-bridge-no-flood.xml
create mode 100644 tests/networkxml2xmlin/nat-network-explicit-flood.xml
create mode 100644 tests/networkxml2xmlout/host-bridge-no-flood.xml
create mode 100644 tests/networkxml2xmlout/nat-network-explicit-flood.xml
--
1.9.3
9 years, 12 months
[libvirt] [PATCH] qemu: add the missing jobinfo type in qemuDomainGetJobInfo
by Wang Rui
Commit 6fcddfcd refactored job statistics but missed the jobinfo type updated
in qemuDomainGetJobInfo. After this patch, we can use virDomainGetJobInfo to
get jobinfo type again.
Signed-off-by: Wang Rui <moon.wangrui(a)huawei.com>
---
src/qemu/qemu_domain.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 334bd40..6513c78 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -258,6 +258,7 @@ int
qemuDomainJobInfoToInfo(qemuDomainJobInfoPtr jobInfo,
virDomainJobInfoPtr info)
{
+ info->type = jobInfo->type;
info->timeElapsed = jobInfo->timeElapsed;
info->timeRemaining = jobInfo->timeRemaining;
--
1.7.12.4
9 years, 12 months
