December 2014 - Devel - Libvirt List Archives

[libvirt] [PATCH v2] virsh: Emit error for VSH_OT_DATA without VSH_OFLAG_REQ

by Hao Liu

Commit 6b9964 enforces checking invalid use of VSH_OT_STRING with VSH_OFLAG_REQ. This commit tries to do the same thing to stop using VSH_OT_DATA without VSH_OFLAG_REQ and also fix existing misuse. Signed-off-by: Hao Liu <hliu(a)redhat.com> --- V2: Add missing fix of dommemstat --period option. tools/virsh-domain-monitor.c | 4 +-- tools/virsh-domain.c | 68 ++++++++++++++++++++++---------------------- tools/virsh-network.c | 6 ++-- tools/virsh-pool.c | 18 ++++++------ tools/virsh-snapshot.c | 20 ++++++------- tools/virsh.c | 13 +++++++-- 6 files changed, 68 insertions(+), 61 deletions(-) diff --git a/tools/virsh-domain-monitor.c b/tools/virsh-domain-monitor.c index 259400f..ace2c4a 100644 --- a/tools/virsh-domain-monitor.c +++ b/tools/virsh-domain-monitor.c @@ -271,7 +271,7 @@ static const vshCmdOptDef opts_dommemstat[] = { .help = N_("domain name, id or uuid") }, {.name = "period", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .flags = VSH_OFLAG_REQ_OPT, .help = N_("period in seconds to set collection") }, @@ -845,7 +845,7 @@ static const vshCmdOptDef opts_domblkstat[] = { .help = N_("domain name, id or uuid") }, {.name = "device", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .flags = VSH_OFLAG_EMPTY_OK, .help = N_("block device") }, diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 750411b..6733cfa 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -755,27 +755,27 @@ static const vshCmdOptDef opts_attach_interface[] = { .help = N_("source of network interface") }, {.name = "target", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("target network name") }, {.name = "mac", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("MAC address") }, {.name = "script", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("script used to bridge network interface") }, {.name = "model", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("model type") }, {.name = "inbound", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("control domain's incoming traffics") }, {.name = "outbound", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("control domain's outgoing traffics") }, {.name = "persistent", @@ -1749,7 +1749,7 @@ static const vshCmdOptDef opts_block_commit[] = { .help = N_("bandwidth limit in MiB/s") }, {.name = "base", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("path of base file to commit into (default bottom of chain)") }, {.name = "shallow", @@ -1757,7 +1757,7 @@ static const vshCmdOptDef opts_block_commit[] = { .help = N_("use backing file of top as base") }, {.name = "top", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("path of top file to commit from (default top of chain)") }, {.name = "active", @@ -1977,7 +1977,7 @@ static const vshCmdOptDef opts_block_copy[] = { .help = N_("fully-qualified path of source disk") }, {.name = "dest", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("path of the copy to create") }, {.name = "bandwidth", @@ -2025,11 +2025,11 @@ static const vshCmdOptDef opts_block_copy[] = { .help = N_("with --wait, don't wait for cancel to finish") }, {.name = "xml", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("filename containing XML description of the copy destination") }, {.name = "format", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("format of the destination file") }, {.name = "granularity", @@ -2519,7 +2519,7 @@ static const vshCmdOptDef opts_block_pull[] = { .help = N_("bandwidth limit in MiB/s") }, {.name = "base", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("path of backing file in chain for a partial pull") }, {.name = "wait", @@ -3046,11 +3046,11 @@ static const vshCmdOptDef opts_domiftune[] = { .help = N_("interface device (MAC Address)") }, {.name = "inbound", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("control domain's incoming traffics") }, {.name = "outbound", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("control domain's outgoing traffics") }, {.name = "config", @@ -3425,7 +3425,7 @@ static const vshCmdOptDef opts_undefine[] = { .help = N_("remove domain managed state file") }, {.name = "storage", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("remove associated storage volumes (comma separated list of " "targets or source paths) (see domblklist)") }, @@ -5019,7 +5019,7 @@ static const vshCmdOptDef opts_dump[] = { .help = N_("dump domain's memory only") }, {.name = "format", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("specify the format of memory-only dump") }, {.name = NULL} @@ -5173,7 +5173,7 @@ static const vshCmdOptDef opts_screenshot[] = { .help = N_("domain name, id or uuid") }, {.name = "file", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("where to store the screenshot") }, {.name = "screen", @@ -6217,7 +6217,7 @@ static const vshCmdOptDef opts_vcpupin[] = { .help = N_("vcpu number") }, {.name = "cpulist", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .flags = VSH_OFLAG_EMPTY_OK, .help = N_("host cpu number(s) to set, or omit option to query") }, @@ -6498,7 +6498,7 @@ static const vshCmdOptDef opts_emulatorpin[] = { .help = N_("domain name, id or uuid") }, {.name = "cpulist", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .flags = VSH_OFLAG_EMPTY_OK, .help = N_("host cpu number(s) to set, or omit option to query") }, @@ -7537,11 +7537,11 @@ static const vshCmdOptDef opts_metadata[] = { .help = N_("use an editor to change the metadata") }, {.name = "key", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("key to be used as a namespace identifier"), }, {.name = "set", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("new metadata to set"), }, {.name = "remove", @@ -8326,12 +8326,12 @@ static const vshCmdOptDef opts_numatune[] = { .help = N_("domain name, id or uuid") }, {.name = "mode", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("NUMA mode, one of strict, preferred and interleave \n" "or a number from the virDomainNumatuneMemMode enum") }, {.name = "nodeset", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("NUMA node selections to set") }, {.name = "config", @@ -8602,11 +8602,11 @@ static const vshCmdInfo info_qemu_monitor_event[] = { static const vshCmdOptDef opts_qemu_monitor_event[] = { {.name = "domain", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("filter by domain name, id or uuid") }, {.name = "event", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("filter by event name") }, {.name = "pretty", @@ -9416,19 +9416,19 @@ static const vshCmdOptDef opts_migrate[] = { .help = N_("abort on soft errors during migration") }, {.name = "migrateuri", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("migration URI, usually can be omitted") }, {.name = "graphicsuri", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("graphics URI to be used for seamless graphics migration") }, {.name = "listen-address", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("listen address that destination should bind to for incoming migration") }, {.name = "dname", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("rename to new name during migration (if supported)") }, {.name = "timeout", @@ -9914,7 +9914,7 @@ static const vshCmdOptDef opts_domdisplay[] = { .help = N_("includes the password into the connection URI if available") }, {.name = "type", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("select particular graphical display " "(e.g. \"vnc\", \"spice\", \"rdp\")") }, @@ -11761,11 +11761,11 @@ static const vshCmdInfo info_event[] = { static const vshCmdOptDef opts_event[] = { {.name = "domain", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("filter by domain name, id, or uuid") }, {.name = "event", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("which event type to wait for") }, {.name = "all", @@ -11923,7 +11923,7 @@ static const vshCmdOptDef opts_change_media[] = { .help = N_("Fully-qualified path or target of disk device") }, {.name = "source", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("source of the media") }, {.name = "eject", @@ -12074,7 +12074,7 @@ static const vshCmdOptDef opts_domfstrim[] = { "free ranges smaller than this (Bytes)") }, {.name = "mountpoint", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("which mount point to trim") }, {.name = NULL} diff --git a/tools/virsh-network.c b/tools/virsh-network.c index 9dc52e5..5f8743c 100644 --- a/tools/virsh-network.c +++ b/tools/virsh-network.c @@ -1191,11 +1191,11 @@ static const vshCmdInfo info_network_event[] = { static const vshCmdOptDef opts_network_event[] = { {.name = "network", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("filter by network name or uuid") }, {.name = "event", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("which event type to wait for") }, {.name = "loop", @@ -1305,7 +1305,7 @@ static const vshCmdOptDef opts_network_dhcp_leases[] = { .help = N_("network name or uuid") }, {.name = "mac", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .flags = VSH_OFLAG_NONE, .help = N_("MAC address") }, diff --git a/tools/virsh-pool.c b/tools/virsh-pool.c index a9482c4..addbccc 100644 --- a/tools/virsh-pool.c +++ b/tools/virsh-pool.c @@ -200,23 +200,23 @@ static const vshCmdOptDef opts_pool_X_as[] = { .help = N_("print XML document, but don't define/create") }, {.name = "source-host", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("source-host for underlying storage") }, {.name = "source-path", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("source path for underlying storage") }, {.name = "source-dev", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("source device for underlying storage") }, {.name = "source-name", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("source name for underlying storage") }, {.name = "target", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("target for underlying storage") }, {.name = "source-format", @@ -1399,15 +1399,15 @@ static const vshCmdOptDef opts_find_storage_pool_sources_as[] = { .help = N_("type of storage pool sources to find") }, {.name = "host", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("optional host to query") }, {.name = "port", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("optional port to query") }, {.name = "initiator", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("optional initiator IQN to use for query") }, {.name = NULL} @@ -1489,7 +1489,7 @@ static const vshCmdOptDef opts_find_storage_pool_sources[] = { .help = N_("type of storage pool sources to discover") }, {.name = "srcSpec", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("optional file of source xml to query for pools") }, {.name = NULL} diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c index 9fe7751..1bb74a6 100644 --- a/tools/virsh-snapshot.c +++ b/tools/virsh-snapshot.c @@ -128,7 +128,7 @@ static const vshCmdOptDef opts_snapshot_create[] = { .help = N_("domain name, id or uuid") }, {.name = "xmlfile", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("domain snapshot XML") }, {.name = "redefine", @@ -333,11 +333,11 @@ static const vshCmdOptDef opts_snapshot_create_as[] = { .help = N_("domain name, id or uuid") }, {.name = "name", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("name of snapshot") }, {.name = "description", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("description of snapshot") }, {.name = "print-xml", @@ -529,7 +529,7 @@ static const vshCmdOptDef opts_snapshot_edit[] = { .help = N_("domain name, id or uuid") }, {.name = "snapshotname", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("snapshot name") }, {.name = "current", @@ -658,7 +658,7 @@ static const vshCmdOptDef opts_snapshot_current[] = { .help = N_("include security sensitive information in XML dump") }, {.name = "snapshotname", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("name of existing snapshot to make current") }, {.name = NULL} @@ -886,7 +886,7 @@ static const vshCmdOptDef opts_snapshot_info[] = { .help = N_("domain name, id or uuid") }, {.name = "snapshotname", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("snapshot name") }, {.name = "current", @@ -1491,7 +1491,7 @@ static const vshCmdOptDef opts_snapshot_list[] = { .help = N_("list snapshots in a tree") }, {.name = "from", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("limit list to children of given snapshot") }, {.name = "current", @@ -1775,7 +1775,7 @@ static const vshCmdOptDef opts_snapshot_parent[] = { .help = N_("domain name, id or uuid") }, {.name = "snapshotname", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("find parent of snapshot name") }, {.name = "current", @@ -1843,7 +1843,7 @@ static const vshCmdOptDef opts_snapshot_revert[] = { .help = N_("domain name, id or uuid") }, {.name = "snapshotname", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("snapshot name") }, {.name = "current", @@ -1936,7 +1936,7 @@ static const vshCmdOptDef opts_snapshot_delete[] = { .help = N_("domain name, id or uuid") }, {.name = "snapshotname", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("snapshot name") }, {.name = "current", diff --git a/tools/virsh.c b/tools/virsh.c index 0ead9ae..aba34ce 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -435,7 +435,7 @@ static const vshCmdInfo info_connect[] = { static const vshCmdOptDef opts_connect[] = { {.name = "name", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .flags = VSH_OFLAG_EMPTY_OK, .help = N_("hypervisor connection URI") }, @@ -594,7 +594,7 @@ static const vshCmdInfo info_help[] = { static const vshCmdOptDef opts_help[] = { {.name = "command", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("Prints global help, command specific help, or help for a group of related commands") }, {.name = NULL} @@ -854,7 +854,7 @@ static const vshCmdInfo info_cd[] = { static const vshCmdOptDef opts_cd[] = { {.name = "dir", - .type = VSH_OT_DATA, + .type = VSH_OT_STRING, .help = N_("directory to switch to (default: home or else root)") }, {.name = NULL} @@ -1392,6 +1392,13 @@ vshCmddefHelp(vshControl *ctl, const char *cmdname) snprintf(buf, sizeof(buf), _("--%s <string>"), opt->name); break; case VSH_OT_DATA: + /* OT_DATA should always be VSH_OFLAG_REQ */ + if (!(opt->flags & VSH_OFLAG_REQ)) { + vshError(ctl, + _("internal error: bad options in command: '%s'"), + def->name); + return false; + } snprintf(buf, sizeof(buf), _("[--%s] <string>"), opt->name); break; -- 1.8.3.1

9 years, 10 months

2
1
0 / 0

[libvirt] [PATCH V3 0/4] Xen-xl parser

by Jim Fehlig

This is V3 of David's series to add support for parsing and formating Xen's xl config format https://www.redhat.com/archives/libvir-list/2014-September/msg00587.html Patch 1 has been rebased, but otherwise unchanged. In patch 2, I was able to get automake and flex play together using LEX_OUTPUT_ROOT and AM_LFLAGS. Files generated from flex are placed in a separate convenience lib to avoid compilation with WARN_FLAGS. The generated files are also excluded from syntax-check. I switched the order of patches 3 and 4 since config parsing/ formating tests should come right after the implementation. I also added more diskspecs to the test configs. Kiarie Kahurani (4): src/xenconfig: Export helper functions src/xenconfig: Xen-xl parser tests: Tests for the xen-xl parser libxl: Add support for parsing/formating Xen XL config .gitignore | 1 + cfg.mk | 3 +- configure.ac | 1 + po/POTFILES.in | 1 + src/Makefile.am | 25 +- src/libvirt_xenconfig.syms | 4 + src/libxl/libxl_driver.c | 32 ++- src/xenconfig/xen_common.c | 149 +++++------ src/xenconfig/xen_common.h | 24 +- src/xenconfig/xen_xl.c | 499 +++++++++++++++++++++++++++++++++++ src/xenconfig/xen_xl.h | 33 +++ src/xenconfig/xen_xl_disk.l | 256 ++++++++++++++++++ src/xenconfig/xen_xl_disk_i.h | 39 +++ tests/Makefile.am | 9 +- tests/testutilsxen.c | 50 ++++ tests/testutilsxen.h | 9 +- tests/xlconfigdata/test-new-disk.cfg | 26 ++ tests/xlconfigdata/test-new-disk.xml | 51 ++++ tests/xlconfigdata/test-spice.cfg | 32 +++ tests/xlconfigdata/test-spice.xml | 45 ++++ tests/xlconfigtest.c | 224 ++++++++++++++++ 21 files changed, 1421 insertions(+), 92 deletions(-) create mode 100644 src/xenconfig/xen_xl.c create mode 100644 src/xenconfig/xen_xl.h create mode 100644 src/xenconfig/xen_xl_disk.l create mode 100644 src/xenconfig/xen_xl_disk_i.h create mode 100644 tests/xlconfigdata/test-new-disk.cfg create mode 100644 tests/xlconfigdata/test-new-disk.xml create mode 100644 tests/xlconfigdata/test-spice.cfg create mode 100644 tests/xlconfigdata/test-spice.xml create mode 100644 tests/xlconfigtest.c -- 1.8.4.5

9 years, 10 months

4
12
0 / 0

[libvirt] [PATCH] Firewall : let libvirtd proceed after verifying locking args

by Prerna Saxena

I recently encountered a situation where an unclean ebtables shutdown caused /var/lib/ebtables/lock to be left behind. When libvirtd was started on such a system, it caused libvirtd to "hang". Reason: While probing to check if locking was supported, libvirt runs this command synchronously : # /usr/sbin/ebtables --concurrent -L And this seemed to go on with msgs like : Trying to obtain lock /var/lib/ebtables/lock Trying to obtain lock /var/lib/ebtables/lock Trying to obtain lock /var/lib/ebtables/lock Result: Libvirtd never recovered from this scenario, and the system was essentially unable to start any VMs. The following patch fixes this scenario: ----------------------------------------------------------- >From ec245eccc03e8a69dc2c2e6edbf30a7b34eb74d0 Mon Sep 17 00:00:00 2001 From: Prerna Saxena <prerna(a)linux.vnet.ibm.com> Date: Fri, 26 Dec 2014 15:24:45 -0500 Subject: [PATCH] Firewall : let libvirtd proceed after verifying valid locking args. Commit dc33e6e4a5a5d42 introduces locking args to be run with [eb/ip]tables to determine whether locking is supported. However, this command needs to be run asynchronously ( as against its present synchronous run), and needs to be gracefully terminated once the job is done. Else it can potentially stall libvirtd with messages like : "Trying to acquire lock ..." Signed-off-by: Prerna Saxena <prerna(a)linux.vnet.ibm.com> --- src/util/virfirewall.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index b536912..c120717 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -121,12 +121,16 @@ virFirewallCheckUpdateLock(bool *lockflag, { int status; /* Ignore failed commands without logging them */ virCommandPtr cmd = virCommandNewArgs(args); - if (virCommandRun(cmd, &status) < 0 || status) { + status = virCommandRunAsync(cmd, NULL); + if (status < 0) { VIR_INFO("locking not supported by %s", args[0]); + goto cleanup; } else { VIR_INFO("using locking for %s", args[0]); *lockflag = true; } +cleanup: + virCommandAbort(cmd); virCommandFree(cmd); } -- 1.8.4.2 Regards, ---------- Prerna Saxena, IBM Systems & technology Labs, Bangalore

9 years, 10 months

2
2
0 / 0

[libvirt] [PATCH] conf: Don't use the current state in def->data.network.actual when migrate

by Luyao Huang

https://bugzilla.redhat.com/show_bug.cgi?id=1177194 When migrate a vm, we will generate a xml via qemuDomainDefFormatLive and pass this xml to target libvirtd. Libvirt will use the current network state in def->data.network.actual to generate the xml, this will make migrate failed when we set a network type guest interface use a macvtap network as a source in a vm then migrate vm to another host(which has the different macvtap network settings: different interface name, bridge name...) Add a flag check in virDomainNetDefFormat, if we set a VIR_DOMAIN_XML_MIGRATABLE flag when call virDomainNetDefFormat, we won't get the current vm interface state. Signed-off-by: Luyao Huang <lhuang(a)redhat.com> --- src/conf/domain_conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index aafc05e..fffd6cd 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -17436,7 +17436,9 @@ virDomainNetDefFormat(virBufferPtr buf, unsigned int actualType = virDomainNetGetActualType(def); bool publicActual = (def->type == VIR_DOMAIN_NET_TYPE_NETWORK && def->data.network.actual && - !(flags & (VIR_DOMAIN_XML_INACTIVE | VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET))); + !(flags & (VIR_DOMAIN_XML_INACTIVE | + VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET | + VIR_DOMAIN_XML_MIGRATABLE))); const char *typeStr; virDomainHostdevDefPtr hostdef = NULL; char macstr[VIR_MAC_STRING_BUFLEN]; -- 1.8.3.1

9 years, 10 months

3
2
0 / 0

[libvirt] [PATCH v2] nwfilter: Add support for icmpv6 filtering

by Stefan Berger

Make use of the ebtables functionality to be able to filter certain parameters of icmpv6 packets. Extend the XML parser for icmpv6 types, type ranges, codes, and code ranges. Extend the nwfilter documentation, schema, and test cases. Being able to filter icmpv6 types and codes helps extending the DHCP snooper for IPv6 and filtering at least some parameters of IPv6's NDP (Neighbor Discovery Protocol) packets. However, the filtering will not be as good as the filtering of ARP packets since we cannot check on IP addresses in the payload of the NDP packets. Signed-off-by: Stefan Berger stefanb(a)linux.vnet.ibm.com --- docs/formatnwfilter.html.in | 20 +++++++ docs/schemas/nwfilter.rng | 26 +++++++++ src/conf/nwfilter_conf.c | 26 +++++++++ src/conf/nwfilter_conf.h | 4 ++ src/nwfilter/nwfilter_ebiptables_driver.c | 80 ++++++++++++++++++++++++++ tests/nwfilterxml2firewalldata/ipv6-linux.args | 16 ++++++ tests/nwfilterxml2firewalldata/ipv6.xml | 38 ++++++++++++ tests/nwfilterxml2xmlin/ipv6-test.xml | 38 ++++++++++++ tests/nwfilterxml2xmlout/ipv6-test.xml | 12 ++++ 9 files changed, 260 insertions(+) diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in index 073b852..e403e33 100644 --- a/docs/formatnwfilter.html.in +++ b/docs/formatnwfilter.html.in @@ -1197,6 +1197,26 @@ <td>End of range of valid destination ports; requires <code>protocol</code></td> </tr> <tr> + <td>type(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 type; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> + <td>typeend(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 type end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> + <td>code(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 code; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> + <td>code(Since 1.2.11)</td> + <td>UINT8</td> + <td>ICMPv6 code end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td> + </tr> + <tr> <td>comment (Since 0.8.5)</td> <td>STRING</td> <td>text with max. 256 characters</td> diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng index 2b54fd5..9df39c0 100644 --- a/docs/schemas/nwfilter.rng +++ b/docs/schemas/nwfilter.rng @@ -90,6 +90,7 @@ <ref name="common-ipv6-attributes-p1"/> <ref name="common-port-attributes"/> <ref name="ip-attributes"/> + <ref name="icmp-attribute-ranges"/> <ref name="comment-attribute"/> </element> </zeroOrMore> @@ -588,6 +589,31 @@ </interleave> </define> + <define name="icmp-attribute-ranges"> + <interleave> + <optional> + <attribute name="type"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="typeend"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="code"> + <ref name="uint8range"/> + </attribute> + </optional> + <optional> + <attribute name="codeend"> + <ref name="uint8range"/> + </attribute> + </optional> + </interleave> + </define> + <define name="mac-attributes"> <interleave> <optional> diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index 317792e..aed82ad 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -1445,6 +1445,26 @@ static const virXMLAttr2Struct ipv6Attributes[] = { .datatype = DATATYPE_UINT16 | DATATYPE_UINT16_HEX, .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.portData.dataDstPortEnd), }, + { + .name = "type", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPTypeStart), + }, + { + .name = "typeend", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPTypeEnd), + }, + { + .name = "code", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPCodeStart), + }, + { + .name = "codeend", + .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, + .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPCodeEnd), + }, COMMENT_PROP_IPHDR(ipv6HdrFilter), { .name = NULL, @@ -2219,6 +2239,12 @@ virNWFilterRuleDefFixup(virNWFilterRuleDefPtr rule) rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr); COPY_NEG_SIGN(rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask, rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr); + COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPTypeEnd, + rule->p.ipv6HdrFilter.dataICMPTypeStart); + COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPCodeStart, + rule->p.ipv6HdrFilter.dataICMPTypeStart); + COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPCodeEnd, + rule->p.ipv6HdrFilter.dataICMPTypeStart); virNWFilterRuleDefFixupIPSet(&rule->p.ipv6HdrFilter.ipHdr); break; diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index f81df60..6e68ecc 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -265,6 +265,10 @@ struct _ipv6HdrFilterDef { ethHdrDataDef ethHdr; ipHdrDataDef ipHdr; portDataDef portData; + nwItemDesc dataICMPTypeStart; + nwItemDesc dataICMPTypeEnd; + nwItemDesc dataICMPCodeStart; + nwItemDesc dataICMPCodeEnd; }; diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 377b59b..423d069 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -1826,6 +1826,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, bool hasMask = false; virFirewallRulePtr fwrule; int ret = -1; + virBuffer buf = VIR_BUFFER_INITIALIZER; if (STREQ(chainSuffix, virNWFilterChainSuffixTypeToString( @@ -2342,6 +2343,83 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, virFirewallRuleAddArg(fw, fwrule, number); } } + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeStart) || + HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeEnd) || + HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart) || + HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) { + bool lo = false; + char *r; + + virFirewallRuleAddArg(fw, fwrule, + "--ip6-icmp-type"); + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeStart)) { + if (printDataType(vars, + number, sizeof(number), + &rule->p.ipv6HdrFilter.dataICMPTypeStart) < 0) + goto cleanup; + lo = true; + } else { + ignore_value(virStrcpyStatic(number, "0")); + } + + virBufferStrcat(&buf, number, ":", NULL); + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeEnd)) { + if (printDataType(vars, + numberalt, sizeof(numberalt), + &rule->p.ipv6HdrFilter.dataICMPTypeEnd) < 0) + goto cleanup; + } else { + if (lo) + ignore_value(virStrcpyStatic(numberalt, number)); + else + ignore_value(virStrcpyStatic(numberalt, "255")); + } + + virBufferStrcat(&buf, numberalt, "/", NULL); + + lo = false; + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart)) { + if (printDataType(vars, + number, sizeof(number), + &rule->p.ipv6HdrFilter.dataICMPCodeStart) < 0) + goto cleanup; + lo = true; + } else { + ignore_value(virStrcpyStatic(number, "0")); + } + + virBufferStrcat(&buf, number, ":", NULL); + + if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) { + if (printDataType(vars, + numberalt, sizeof(numberalt), + &rule->p.ipv6HdrFilter.dataICMPCodeEnd) < 0) + goto cleanup; + } else { + if (lo) + ignore_value(virStrcpyStatic(numberalt, number)); + else + ignore_value(virStrcpyStatic(numberalt, "255")); + } + + virBufferStrcat(&buf, numberalt, NULL); + + if (ENTRY_WANT_NEG_SIGN(&rule->p.ipv6HdrFilter.dataICMPTypeStart)) + virFirewallRuleAddArg(fw, fwrule, "!"); + + if (virBufferCheckError(&buf) < 0) + goto cleanup; + + r = virBufferContentAndReset(&buf); + + virFirewallRuleAddArg(fw, fwrule, r); + + VIR_FREE(r); + } break; case VIR_NWFILTER_RULE_PROTOCOL_NONE: @@ -2376,6 +2454,8 @@ ebtablesCreateRuleInstance(virFirewallPtr fw, ret = 0; cleanup: + virBufferFreeAndReset(&buf); + return ret; } diff --git a/tests/nwfilterxml2firewalldata/ipv6-linux.args b/tests/nwfilterxml2firewalldata/ipv6-linux.args index a42566c..735f663 100644 --- a/tests/nwfilterxml2firewalldata/ipv6-linux.args +++ b/tests/nwfilterxml2firewalldata/ipv6-linux.args @@ -18,3 +18,19 @@ ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ --ip6-source a:b:c::/65 --ip6-protocol 18 -j ACCEPT ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ --ip6-destination a:b:c::/65 --ip6-protocol 18 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT +ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \ +--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT +ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \ +--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT diff --git a/tests/nwfilterxml2firewalldata/ipv6.xml b/tests/nwfilterxml2firewalldata/ipv6.xml index 9f67bea..2400958 100644 --- a/tests/nwfilterxml2firewalldata/ipv6.xml +++ b/tests/nwfilterxml2firewalldata/ipv6.xml @@ -40,4 +40,42 @@ /> </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' typeend='11' + code='10' codeend='11' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + /> + </rule> + </filter> diff --git a/tests/nwfilterxml2xmlin/ipv6-test.xml b/tests/nwfilterxml2xmlin/ipv6-test.xml index 556796f..2daa3b9 100644 --- a/tests/nwfilterxml2xmlin/ipv6-test.xml +++ b/tests/nwfilterxml2xmlin/ipv6-test.xml @@ -40,4 +40,42 @@ /> </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' typeend='11' + code='10' codeend='11' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + code='10' + /> + </rule> + + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' + dstipaddr='a:b:c::' + dstipmask='ffff:ffff:ffff:ffff:8000::' + protocol='icmpv6' + type='1' + /> + </rule> + </filter> diff --git a/tests/nwfilterxml2xmlout/ipv6-test.xml b/tests/nwfilterxml2xmlout/ipv6-test.xml index fcc5c0d..ce9dd06 100644 --- a/tests/nwfilterxml2xmlout/ipv6-test.xml +++ b/tests/nwfilterxml2xmlout/ipv6-test.xml @@ -12,4 +12,16 @@ <rule action='accept' direction='inout' priority='500'> <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='18'/> </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1' typeend='11' code='10' codeend='11'/> + </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1' code='10'/> + </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' code='10'/> + </rule> + <rule action='accept' direction='inout'> + <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1'/> + </rule> </filter> -- 1.9.3

9 years, 10 months

2
2
0 / 0

[libvirt] [PATCH] Parallels: Add VNC hostname setup

by Alexander Burluka

Add missing VNC setup via Parallels SDK. Parallels Cloud Server starts one VNC server per domain, so we could process only one VNC server definition. Network-based listening currently is unimplemented. Signed-off-by: Alexander Burluka <aburluka(a)parallels.com> --- src/parallels/parallels_sdk.c | 25 ++++++++++++++++++++++++- 1 files changed, 24 insertions(+), 1 deletions(-) diff --git a/src/parallels/parallels_sdk.c b/src/parallels/parallels_sdk.c index 83a28b7..8394646 100644 --- a/src/parallels/parallels_sdk.c +++ b/src/parallels/parallels_sdk.c @@ -1929,7 +1929,7 @@ static int prlsdkCheckGraphicsUnsupportedParams(virDomainDefPtr def) if (def->ngraphics == 0) return 0; - if (def->ngraphics >1) { + if (def->ngraphics > 1) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Parallels Cloud Server supports only " "one VNC per domain.")); @@ -1988,6 +1988,20 @@ static int prlsdkCheckGraphicsUnsupportedParams(virDomainDefPtr def) return -1; } + if (gr->nListens > 1) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("Parallels driver doesn't support more than " + "one listening VNC server per domain")); + return -1; + } + + if (gr->nListens == 1 && + virDomainGraphicsListenGetType(gr, 0) != VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_ADDRESS) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("Parallels driver supports only address-based VNC listening")); + return -1; + } + return 0; } @@ -2286,6 +2300,7 @@ static int prlsdkApplyGraphicsParams(PRL_HANDLE sdkdom, virDomainDefPtr def) virDomainGraphicsDefPtr gr; PRL_RESULT pret; int ret = -1; + const char *listenAddr = NULL; if (prlsdkCheckGraphicsUnsupportedParams(def)) return -1; @@ -2306,6 +2321,14 @@ static int prlsdkApplyGraphicsParams(PRL_HANDLE sdkdom, virDomainDefPtr def) prlsdkCheckRetGoto(pret, cleanup); } + if (gr->nListens == 1) { + listenAddr = virDomainGraphicsListenGetAddress(gr, 0); + if (!listenAddr) + goto cleanup; + pret = PrlVmCfg_SetVNCHostName(sdkdom, listenAddr); + prlsdkCheckRetGoto(pret, cleanup); + } + ret = 0; cleanup: return ret; -- 1.7.1

9 years, 10 months

3
2
0 / 0

[libvirt] [PATCH] lxc: fix show the wrong xml when guest start failed

by Luyao Huang

https://bugzilla.redhat.com/show_bug.cgi?id=1176503 When guest start failed, libvirt will keep the current vm->def, this will make a issue that we cannot get a right xml after guest start failed. Pass the newDef to def will make it work well. Signed-off-by: Luyao Huang <lhuang(a)redhat.com> --- src/lxc/lxc_process.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 1c0d4e5..b7171ac 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -1353,10 +1353,6 @@ int virLXCProcessStart(virConnectPtr conn, VIR_FREE(veths[i]); } if (rc != 0) { - if (vm->newDef) { - virDomainDefFree(vm->newDef); - vm->newDef = NULL; - } if (priv->monitor) { virObjectUnref(priv->monitor); priv->monitor = NULL; @@ -1373,6 +1369,12 @@ int virLXCProcessStart(virConnectPtr conn, VIR_FREE(vm->def->seclabels[0]->label); VIR_FREE(vm->def->seclabels[0]->imagelabel); } + if (vm->newDef) { + virDomainDefFree(vm->def); + vm->def = vm->newDef; + vm->def->id = -1; + vm->newDef = NULL; + } } for (i = 0; i < nttyFDs; i++) VIR_FORCE_CLOSE(ttyFDs[i]); -- 1.8.3.1

9 years, 10 months

4
4
0 / 0

[libvirt] [PATCH V3 0/5] support sending sysrq key

by Chunyan Liu

xend/libxl support sending sysrq key to guest kernel but not support sending any key sequence as virDomainSendKey is expected to do. To add equivalant sysrq functionality in libvirt for xen/libxl, add a new virDomainSendSysrq API and add related codes to virsh, remote driver, xen/libxl driver. Changes to V2: * change parameter from 'const char *key' to 'char key'. * add 'flags' parameter to virDomainSendSysrq API. * update codes to fit for above changes. V2 is here: http://www.mail-archive.com/libvir-list@redhat.com/msg106106.html Chunyan Liu (5): Add public API virDomainSendSysrq implement remote protocol for domainSendSysrq virsh: add 'sysrq' command libxl: implement .domainSendSysrq method xen: add .domainSendSysrq method include/libvirt/libvirt-domain.h | 3 +++ src/driver-hypervisor.h | 4 +++ src/libvirt-domain.c | 39 +++++++++++++++++++++++++++++ src/libvirt_public.syms | 5 ++++ src/libxl/libxl_driver.c | 25 +++++++++++++++++++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 14 ++++++++++- src/remote_protocol-structs | 6 +++++ src/rpc/gendispatch.pl | 12 +++++++++ src/xen/xen_driver.c | 21 ++++++++++++++++ src/xen/xend_internal.c | 21 ++++++++++++++++ src/xen/xend_internal.h | 1 + tools/virsh-domain.c | 54 ++++++++++++++++++++++++++++++++++++++++ 13 files changed, 205 insertions(+), 1 deletion(-) -- 1.8.4.5

9 years, 10 months

6
19
0 / 0

[libvirt] [PATCHv5 00/18] LXC IP configuration feature

by Cédric Bosdonnat

Hi all, It's time for offering presents, so I'm sending you my updated patch series for IP configuration in LXC containers. The changes with v4 include: * Replacing the <gateway> element by a <route> one. * Addressing the comments you guys made I didn't forbid the use of iproute2 / ifconfig in containers if built without libnl, as I'm not sure about the possible consequences. Could it introduce regressions for some use cases/distros? Cédric Bosdonnat (18): Forgot to cleanup ifname_guest* in domain network def parsing virNetDevSetIPv4Address: libnl implementation Renamed virNetDevSetIPv4Address to virNetDevSetIPAddress virNetDevAddRoute: implementation using netlink virNetDevClearIPv4Address: netlink implementation Renamed virNetDevClearIPv4Address to virNetDevClearIPAddress Domain conf: allow more than one IP address for net devices IP doc LXC: set IP addresses to veth devices in the container lxc conf2xml: convert IP addresses Allow network capabilities hostdev to configure IP addresses lxc conf2xml: convert ip addresses for hostdev NICs Domain network devices can now have a <route> element lxc conf2xml: convert lxc.network.ipv[46].gateway LXC: use the new net devices routes definition LXC: honour network devices link state Openvz --ipadd can be provided multiple times Report error if a driver can't handle multiple IP addresses docs/formatdomain.html.in | 46 +++ docs/schemas/domaincommon.rng | 75 ++++- src/conf/domain_conf.c | 320 ++++++++++++++++++-- src/conf/domain_conf.h | 29 +- src/libvirt_private.syms | 6 +- src/lxc/lxc_container.c | 56 +++- src/lxc/lxc_native.c | 202 +++++++++---- src/network/bridge_driver.c | 4 +- src/openvz/openvz_conf.c | 2 +- src/openvz/openvz_driver.c | 11 +- src/qemu/qemu_driver.c | 26 +- src/qemu/qemu_hotplug.c | 5 +- src/uml/uml_conf.c | 2 +- src/util/virnetdev.c | 332 ++++++++++++++++++--- src/util/virnetdev.h | 14 +- src/util/virnetlink.c | 38 +++ src/util/virnetlink.h | 2 + src/util/virsocketaddr.h | 4 + src/vbox/vbox_common.c | 16 +- src/xenconfig/xen_common.c | 29 +- src/xenconfig/xen_sxpr.c | 26 +- .../lxcconf2xmldata/lxcconf2xml-physnetwork.config | 4 + tests/lxcconf2xmldata/lxcconf2xml-physnetwork.xml | 4 + tests/lxcconf2xmldata/lxcconf2xml-simple.config | 4 + tests/lxcconf2xmldata/lxcconf2xml-simple.xml | 4 + tests/lxcxml2xmldata/lxc-hostdev.xml | 4 + tests/lxcxml2xmldata/lxc-idmap.xml | 4 + tests/openvzutilstest.c | 2 +- tests/sexpr2xmldata/sexpr2xml-bridge-ipaddr.xml | 2 +- tests/sexpr2xmldata/sexpr2xml-net-routed.xml | 2 +- 30 files changed, 1107 insertions(+), 168 deletions(-) -- 2.1.2

9 years, 10 months

5
40
0 / 0

[libvirt] [PATCHv2] qemu: fix tc old rules will be cleaned if set tc new rules fail

by Luyao Huang

https://bugzilla.redhat.com/show_bug.cgi?id=1177723 If tc cmd failed (maybe value too large) when we use virDomainSetInterfaceParameters , the old rules will be clean. Restore the old rules if tc failed. Signed-off-by: Luyao Huang <lhuang(a)redhat.com> --- v1 make a big mistake that i used a old libvirt src/qemu/qemu_driver.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 73a825d..650e0dd 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -10494,8 +10494,12 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom, sizeof(*newBandwidth->out)); } - if (virNetDevBandwidthSet(net->ifname, newBandwidth, false) < 0) + if (virNetDevBandwidthSet(net->ifname, newBandwidth, false) < 0) { + ignore_value(virNetDevBandwidthSet(net->ifname, + net->bandwidth, + false)); goto endjob; + } virNetDevBandwidthFree(net->bandwidth); if (newBandwidth->in || newBandwidth->out) { -- 1.8.3.1

9 years, 10 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Devel December 2014