This patch adds build support for the network filtering framework.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
---
configure.ac | 12 ++++++++++++
daemon/Makefile.am | 4 ++++
src/Makefile.am | 34 +++++++++++++++++++++++++++++++++-
src/libvirt_private.syms | 39 +++++++++++++++++++++++++++++++++++++++
src/libvirt_public.syms | 15 +++++++++++++++
5 files changed, 103 insertions(+), 1 deletion(-)
Index: libvirt-acl/src/Makefile.am
===================================================================
--- libvirt-acl.orig/src/Makefile.am
+++ libvirt-acl/src/Makefile.am
@@ -97,9 +97,17 @@ DOMAIN_EVENT_SOURCES = \
conf/domain_event.c conf/domain_event.h
# Network driver generic impl APIs
-NETWORK_CONF_SOURCES = \
+NETWORK_CONF_SOURCES = \
conf/network_conf.c conf/network_conf.h
+# Network filter driver generic impl APIs
+NWFILTER_PARAM_CONF_SOURCES = \
+ conf/nwfilter_params.c conf/nwfilter_conf.h
+
+NWFILTER_CONF_SOURCES = \
+ $(NWFILTER_PARAM_CONF_SOURCES) \
+ conf/nwfilter_conf.c conf/nwfilter_conf.h
+
# Storage driver generic impl APIs
STORAGE_CONF_SOURCES = \
conf/storage_conf.h conf/storage_conf.c
@@ -126,6 +134,7 @@ CONF_SOURCES = \
$(DOMAIN_CONF_SOURCES) \
$(DOMAIN_EVENT_SOURCES) \
$(NETWORK_CONF_SOURCES) \
+ $(NWFILTER_CONF_SOURCES) \
$(NODE_DEVICE_CONF_SOURCES) \
$(STORAGE_CONF_SOURCES) \
$(ENCRYPTION_CONF_SOURCES) \
@@ -275,6 +284,11 @@ STORAGE_DRIVER_DISK_SOURCES = \
STORAGE_HELPER_DISK_SOURCES = \
storage/parthelper.c
+# Network filters
+NWFILTER_DRIVER_SOURCES = \
+ nwfilter/nwfilter_driver.h nwfilter/nwfilter_driver.c \
+ nwfilter/nwfilter_gentech_driver.c \
+ nwfilter/nwfilter_ebiptables_driver.c
# Security framework and drivers for various models
SECURITY_DRIVER_SOURCES = \
@@ -718,6 +732,22 @@ endif
endif
+if WITH_NWFILTER
+if WITH_DRIVER_MODULES
+mod_LTLIBRARIES += libvirt_driver_nwfilter.la
+else
+libvirt_la_LIBADD += libvirt_driver_nwfilter.la
+noinst_LTLIBRARIES += libvirt_driver_nwfilter.la
+endif
+libvirt_driver_nwfilter_la_CFLAGS = \
+ -I@top_srcdir@/src/conf
+if WITH_DRIVER_MODULES
+libvirt_driver_nwfilter_la_LDFLAGS = -module -avoid-version ../gnulib/lib/libgnu.la
+endif
+libvirt_driver_nwfilter_la_SOURCES = $(NWFILTER_DRIVER_SOURCES)
+endif
+
+
libvirt_driver_security_la_SOURCES = $(SECURITY_DRIVER_SOURCES)
noinst_LTLIBRARIES += libvirt_driver_security.la
libvirt_la_LIBADD += libvirt_driver_security.la
@@ -761,6 +791,7 @@ EXTRA_DIST += \
$(NODE_DEVICE_DRIVER_SOURCES) \
$(NODE_DEVICE_DRIVER_HAL_SOURCES) \
$(NODE_DEVICE_DRIVER_UDEV_SOURCES) \
+ $(NWFILTER_DRIVER_SOURCES) \
$(SECURITY_DRIVER_SELINUX_SOURCES) \
$(SECURITY_DRIVER_APPARMOR_SOURCES) \
$(SECRET_DRIVER_SOURCES) \
@@ -900,6 +931,7 @@ libvirt_lxc_SOURCES = \
$(NODE_INFO_SOURCES) \
$(ENCRYPTION_CONF_SOURCES) \
$(DOMAIN_CONF_SOURCES) \
+ $(NWFILTER_PARAM_CONF_SOURCES) \
$(CPU_CONF_SOURCES)
libvirt_lxc_LDFLAGS = $(WARN_CFLAGS) $(COVERAGE_LDCFLAGS) $(CAPNG_LIBS) $(YAJL_LIBS)
libvirt_lxc_LDADD = $(LIBXML_LIBS) $(NUMACTL_LIBS) ../gnulib/lib/libgnu.la
Index: libvirt-acl/src/libvirt_private.syms
===================================================================
--- libvirt-acl.orig/src/libvirt_private.syms
+++ libvirt-acl/src/libvirt_private.syms
@@ -105,6 +105,8 @@ virUnrefConnect;
virUnrefSecret;
virGetStream;
virUnrefStream;
+virGetNWFilter;
+virUnrefNWFiler;
# domain_conf.h
@@ -294,6 +296,7 @@ virRegisterNetworkDriver;
virRegisterStorageDriver;
virRegisterDeviceMonitor;
virRegisterSecretDriver;
+virRegisterNWFilterDriver;
# json.h
@@ -429,6 +432,42 @@ virNodeDeviceGetWWNs;
virNodeDeviceGetParentHost;
+# nwfilter_conf.h
+virNWFilterPoolLoadAllConfigs;
+virNWFilterPoolObjAssignDef;
+virNWFilterPoolObjSaveDef;
+virNWFilterPoolObjFindByName;
+virNWFilterPoolObjFindByUUID;
+virNWFilterPoolObjLock;
+virNWFilterPoolObjUnlock;
+virNWFilterPoolObjRemove;
+virNWFilterDefFree;
+virNWFilterDefParseString;
+virNWFilterPoolObjDeleteDef;
+virNWFilterPoolObjListFree;
+virNWFilterDefFormat;
+virNWFilterChainSuffixTypeToString;
+virNWFilterRuleActionTypeToString;
+virNWFilterJumpTargetTypeToString;
+virNWFilterRegisterCallbackDriver;
+virNWFilterTestUnassignDef;
+virNWFilterConfLayerInit;
+virNWFilterConfLayerShutdown;
+
+
+#nwfilter_params.h
+virNWFilterHashTableCreate;
+virNWFilterHashTableFree;
+virNWFilterHashTablePut;
+virNWFilterHashTablePutAll;
+virNWFilterHashTableRemoveEntry;
+
+
+# nwfilter_gentech_driver.h
+virNWFilterInstantiateFilter;
+virNWFilterTeardownFilter;
+
+
# pci.h
pciGetDevice;
pciFreeDevice;
Index: libvirt-acl/daemon/Makefile.am
===================================================================
--- libvirt-acl.orig/daemon/Makefile.am
+++ libvirt-acl/daemon/Makefile.am
@@ -116,6 +116,10 @@ endif
if WITH_SECRETS
libvirtd_LDADD += ../src/libvirt_driver_secret.la
endif
+
+if WITH_NWFILTER
+ libvirtd_LDADD += ../src/libvirt_driver_nwfilter.la
+endif
endif
libvirtd_LDADD += ../src/libvirt.la
Index: libvirt-acl/configure.ac
===================================================================
--- libvirt-acl.orig/configure.ac
+++ libvirt-acl/configure.ac
@@ -294,6 +294,9 @@ if test x"$with_rhel5_api" = x"yes"; the
AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API])
fi
+AC_PATH_PROG([BASH_PATH], [bash], /bin/bash, [/bin:$PATH])
+AC_DEFINE_UNQUOTED([BASH_PATH], "$BASH_PATH", [path to bash binary])
+
AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH])
AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables
binary])
@@ -1268,6 +1271,15 @@ if test "$with_secrets" = "yes" ; then
fi
AM_CONDITIONAL([WITH_SECRETS], [test "$with_secrets" = "yes"])
+with_nwfilter=yes
+if test "$with_libvirtd" = "no"; then
+ with_nwfilter=no
+fi
+if test "$with_nwfilter" = "yes" ; then
+ AC_DEFINE([WITH_NWFILTER], 1, [whether local network filter management driver is
available])
+fi
+AM_CONDITIONAL([WITH_NWFILTER], [test "$with_nwfilter" = "yes"])
+
AC_ARG_WITH([storage-fs],
AC_HELP_STRING([--with-storage-fs], [with FileSystem backend for the storage driver
@<:@default=check@:>@]),[],[with_storage_fs=check])
Index: libvirt-acl/src/libvirt_public.syms
===================================================================
--- libvirt-acl.orig/src/libvirt_public.syms
+++ libvirt-acl/src/libvirt_public.syms
@@ -362,6 +362,21 @@ LIBVIRT_0.7.8 {
global:
virStorageVolWipe;
virDomainMigrateSetMaxDowntime;
+ virConnectListNWFilters;
+ virConnectNumOfNWFilters;
+ virNWFilterLookupByName;
+ virNWFilterLookupByUUID;
+ virNWFilterLookupByUUIDString;
+ virNWFilterFree;
+ virNWFilterGetName;
+ virNWFilterGetUUID;
+ virNWFilterGetUUIDString;
+ virNWFilterGetXMLDesc;
+ virNWFilterRef;
+ virNWFilterTest;
+ virNWFilterDefineXML;
+ virNWFilterUndefine;
} LIBVIRT_0.7.7;
+
# .... define new API here using predicted next version number ....