8:48 a.m.
This patch adds MAC address based port filtering support to libvirt.
Signed-off-by: Gerhard Stenzel <gerhard.stenzel(a)de.ibm.com>
---
include/libvirt/libvirt.h.in | 16 ++++++
src/driver.h | 16 ++++++
src/libvirt.c | 121 ++++++++++++++++++++++++++++++++++++++++++
src/libvirt_public.syms | 3 +
src/test/test_driver.c | 3 +
5 files changed, 159 insertions(+), 0 deletions(-)
diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index 4e63e48..78e5cce 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -884,6 +884,22 @@ int virNetworkSetAutostart (virNetworkPtr
network,
int autostart);
/*
+ * MAC address based filtering
+ */
+
+int virNetworkDisableAllFrames(virConnectPtr conn);
+
+int virNetworkAllowMacOnPort(virNetworkPtr network,
+ char * brname,
+ char * ifname,
+ unsigned char * mac);
+
+int virNetworkDisallowMacOnPort(virNetworkPtr network,
+ char * brname,
+ char * ifname,
+ unsigned char * mac);
+
+/*
* Physical host interface configuration API
*/
diff --git a/src/driver.h b/src/driver.h
index 6a3dcc2..fea6247 100644
--- a/src/driver.h
+++ b/src/driver.h
@@ -470,6 +470,19 @@ typedef int
typedef int
(*virDrvNetworkSetAutostart) (virNetworkPtr network,
int autostart);
+typedef int
+ (*virDrvNetworkAllowMacOnPort) (virConnectPtr conn,
+ char * brname,
+ char * ifname,
+ unsigned char * mac);
+typedef int
+ (*virDrvNetworkDisableAllFrames) (virConnectPtr conn);
+
+typedef int
+ (*virDrvNetworkDisallowMacOnPort) (virConnectPtr conn,
+ char * brname,
+ char * ifname,
+ unsigned char * mac);
typedef struct _virNetworkDriver virNetworkDriver;
@@ -504,6 +517,9 @@ struct _virNetworkDriver {
virDrvNetworkGetBridgeName networkGetBridgeName;
virDrvNetworkGetAutostart networkGetAutostart;
virDrvNetworkSetAutostart networkSetAutostart;
+ virDrvNetworkAllowMacOnPort networkAllowMacOnPort;
+ virDrvNetworkDisallowMacOnPort networkDisallowMacOnPort;
+ virDrvNetworkDisableAllFrames networkDisableAllFrames;
};
/*-------*/
diff --git a/src/libvirt.c b/src/libvirt.c
index 4cc19ec..ca65beb 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -5456,6 +5456,127 @@ error:
}
/**
+ * virNetworkDisableAllFrames:
+ * @network: a network object
+ *
+ * Provides a bridge interface name to which a domain may connect
+ * a network interface in order to join the network.
+ *
+ * Returns -1 in case of error, 0 in case of success
+ */
+
+int
+virNetworkDisableAllFrames(virConnectPtr conn) {
+
+ virResetLastError();
+
+ if (conn->networkDriver &&
conn->networkDriver->networkDisableAllFrames) {
+ int ret;
+ ret = conn->networkDriver->networkDisableAllFrames(conn);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ return -1;
+}
+
+
+/**
+ * virNetworkDisallowMacOnPort:
+ * @network: a network object
+ *
+ * Provides a bridge interface name to which a domain may connect
+ * a network interface in order to join the network.
+ *
+ * Returns -1 in case of error, 0 in case of success
+ */
+
+int
+virNetworkDisallowMacOnPort(virNetworkPtr network,
+ char * brname,
+ char * ifname,
+ unsigned char * mac) {
+
+ virConnectPtr conn;
+ DEBUG("network=%p", network);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECTED_NETWORK(network)) {
+ virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+ return (-1);
+ }
+
+ conn = network->conn;
+
+ if (conn->networkDriver &&
conn->networkDriver->networkDisallowMacOnPort) {
+ int ret;
+ ret = conn->networkDriver->networkDisallowMacOnPort (conn, brname, ifname,
mac);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(network->conn);
+ return -1;
+}
+
+/**
+ * virNetworkAllowMacOnPort:
+ * @network: a network object
+ *
+ * Provides a bridge interface name to which a domain may connect
+ * a network interface in order to join the network.
+ *
+ * Returns -1 in case of error, 0 in case of success
+ */
+
+int
+virNetworkAllowMacOnPort(virNetworkPtr network,
+ char * brname,
+ char * ifname,
+ unsigned char * mac) {
+
+ virConnectPtr conn;
+ DEBUG("network=%p", network);
+ DEBUG("%s: ifname=%s", __FILE__, ifname);
+ DEBUG("%s: mac=%s", __FILE__, mac);
+
+ virResetLastError();
+
+ if (!VIR_IS_CONNECTED_NETWORK(network)) {
+ virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+ return (-1);
+ }
+
+ conn = network->conn;
+
+ if (conn->networkDriver &&
conn->networkDriver->networkAllowMacOnPort) {
+ int ret;
+ ret = conn->networkDriver->networkAllowMacOnPort (conn, brname, ifname,
mac);
+ if (ret < 0)
+ goto error;
+ return ret;
+ }
+
+ virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+ /* Copy to connection error object for back compatability */
+ virSetConnError(network->conn);
+ return -1;
+}
+
+/**
* virNetworkGetBridgeName:
* @network: a network object
*
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 7226e88..6ec6fa6 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -326,6 +326,9 @@ LIBVIRT_0.7.2 {
virStreamFinish;
virStreamAbort;
virStreamFree;
+ virNetworkDisableAllFrames;
+ virNetworkAllowMacOnPort;
+ virNetworkDisallowMacOnPort;
} LIBVIRT_0.7.1;
# .... define new API here using predicted next version number ....
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index cb48f64..d72c453 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -4288,6 +4288,9 @@ static virNetworkDriver testNetworkDriver = {
testNetworkGetBridgeName, /* networkGetBridgeName */
testNetworkGetAutostart, /* networkGetAutostart */
testNetworkSetAutostart, /* networkSetAutostart */
+ NULL, /* */
+ NULL, /* */
+ NULL, /* */
};
static virInterfaceDriver testInterfaceDriver = {