April 2011 - Devel - libvirt List Archives

[libvirt] [PATCH] do not build libvirt_iohelper when building without libvirtd
by Wen Congyang 08 Apr '11

08 Apr '11

The libexec program libvirt_iohelper is only for libvirtd. If we build rpm without libvirtd, we will receive the following messages: Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/wency/rpmbuild/BUILDROOT/libvirt-0.9.0-1.el6.x86_64 error: Installed (but unpackaged) file(s) found: /usr/libexec/libvirt_iohelper --- src/Makefile.am | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 3649106..dce866e 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1183,6 +1183,7 @@ EXTRA_DIST += $(LIBVIRT_QEMU_SYMBOL_FILE) libexec_PROGRAMS = +if WITH_LIBVIRTD libexec_PROGRAMS += libvirt_iohelper libvirt_iohelper_SOURCES = $(UTIL_IO_HELPER_SOURCES) libvirt_iohelper_LDFLAGS = $(WARN_LDFLAGS) $(AM_LDFLAGS) @@ -1191,6 +1192,7 @@ libvirt_iohelper_LDADD = \ ../gnulib/lib/libgnu.la libvirt_iohelper_CFLAGS = $(AM_CFLAGS) +endif if WITH_STORAGE_DISK if WITH_LIBVIRTD -- 1.7.1

3 2

[libvirt] [PATCH] libxl: missing directory creation for logs
by Daniel Veillard 08 Apr '11

08 Apr '11

Libvirt-0.9.0 wasn't building for Fedora 16, the spec file referenced a log directory missing in teh install tree. After checking that the code actually needed that directory, the following patch solves the problem, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

1 1

[libvirt] [PATCH] build: Install libxenlight log dir
by Jim Fehlig 08 Apr '11

08 Apr '11

Add $localstatedir/log/libvirt/libxl when building libxenlight driver --- src/Makefile.am | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 9b54679..3649106 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1275,6 +1275,7 @@ endif if WITH_LIBXL $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/libxl" $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run/libvirt/libxl" + $(MKDIR_P) "$(DESTDIR)$(localstatedir)/log/libvirt/libxl" endif if WITH_UML $(MKDIR_P) "$(DESTDIR)$(localstatedir)/lib/libvirt/uml" @@ -1316,6 +1317,7 @@ endif if WITH_LIBXL rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/libxl" ||: rmdir "$(DESTDIR)$(localstatedir)/run/libvirt/libxl" ||: + rmdir "$(DESTDIR)$(localstatedir)/log/libvirt/libxl" ||: endif if WITH_UML rmdir "$(DESTDIR)$(localstatedir)/lib/libvirt/uml" ||: -- 1.7.3.1

3 3

[libvirt] Using Restore in another host.
by Marcela Castro León 08 Apr '11

08 Apr '11

Hello: I need to know if I can use the restore operation (virsh o the equivalent in libvirt) to recover a previous state of a guest, but recovered previously in another host. I did a test, but I got an error: The exactly sequence using virsh I testes is: On [HOST SOURCE]: Using virsh 1) save [domain] [file] 2) restore file 3) destroy [domain] On [HOST SOURCE] using ubuntu sh 4) cp [guest.img] [guest.xml] [file] to HOST2 On [HOST TARGET] using virsh 5) define [guest.xml] (using image on destination in HOST2) 6) restore [file] The restore troughs the following message: *virsh # restore sv-chubut-2011-04-01-09:58 error: Failed to restore domain from sv-chubut-2011-04-01-09:58 error: monitor socket did not show up.: Connection refused* Thank you very much. Marcela.

4 22

[libvirt] [PATCH 0/4] Another set of functions for the libxl driver
by Markus Groß 08 Apr '11

08 Apr '11

This patch set adds some more functions to the libxl driver. Best regards Markus Markus Groß (4): Add domainIsUpdated to libxl driver Add domainSet/GetSchedulerParameters to libxl driver Add cputune support to libxl driver Add domainSave/Restore to libxl driver src/libxl/libxl_conf.h | 10 + src/libxl/libxl_driver.c | 517 ++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 485 insertions(+), 42 deletions(-) -- 1.7.4.3

3 9

[libvirt] [TCK][PATCH] nwfilter: test support for TCP flags evaluation
by Stefan Berger 08 Apr '11

08 Apr '11

This patch extends an existing test with test cases for the TCP flags. Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> --- scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall | 4 ++++ scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml | 12 ++++++++++++ 2 files changed, 16 insertions(+) Index: libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall +++ libvirt-tck/scripts/nwfilter/nwfilterxml2fwallout/tcp-test.fwall @@ -10,6 +10,10 @@ target prot opt source ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21tcp spts:20:21 dpts:100:1111 ACCEPT tcp -- 10.1.2.3 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x3ftcp spts:255:256 dpt:65535 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x3F +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x02/0x12 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x00 +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x08/0x00 #iptables -L HI-vnet0 -n Chain HI-vnet0 (1 references) target prot opt source destination Index: libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml =================================================================== --- libvirt-tck.orig/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml +++ libvirt-tck/scripts/nwfilter/nwfilterxml2xmlin/tcp-test.xml @@ -19,4 +19,16 @@ srcportstart='255' srcportend='256' dstportstart='65535' dstportend='65536'/> </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/ALL'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/SYN,ACK'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='RST/NONE'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='PSH/'/> + </rule> </filter>

2 2

[libvirt] [PATCH v2] nwfilters: support for TCP flags evaluation
by Stefan Berger 08 Apr '11

08 Apr '11

This patch adds support for the evaluation of TCP flags in nwfilters. It adds documentation to the web page and extends the tests as well. Also, the nwfilter schema is extended. The following are some example for rules using the tcp flags: <rule action='accept' direction='in'> <tcp state='NONE' flags='SYN/ALL' dsptportstart='80'/> </rule> <rule action='drop' direction='in'> <tcp state='NONE' flags='SYN/ALL'/> </rule> Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com> --- docs/formatnwfilter.html.in | 10 ++ docs/schemas/nwfilter.rng | 16 ++++ src/conf/nwfilter_conf.c | 115 +++++++++++++++++++++++++++--- src/conf/nwfilter_conf.h | 9 ++ src/libvirt_private.syms | 1 src/nwfilter/nwfilter_ebiptables_driver.c | 9 ++ tests/nwfilterxml2xmlin/tcp-test.xml | 12 +++ tests/nwfilterxml2xmlout/tcp-test.xml | 12 +++ 8 files changed, 174 insertions(+), 10 deletions(-) Index: libvirt-acl/src/conf/nwfilter_conf.c =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.c +++ libvirt-acl/src/conf/nwfilter_conf.c @@ -5,7 +5,8 @@ * Copyright (C) 2006-2011 Red Hat, Inc. * Copyright (C) 2006-2008 Daniel P. Berrange * - * Copyright (C) 2010 IBM Corporation + * Copyright (C) 2010-2011 IBM Corporation + * Copyright (C) 2010-2011 Stefan Berger * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -726,17 +727,23 @@ printStringItems(virBufferPtr buf, const int32_t flags, const char *sep) { unsigned int i, c = 0; - int32_t last_attr = 0; + int32_t mask = 0x1; - for (i = 0; int_map[i].val; i++) { - if (last_attr != int_map[i].attr && - flags & int_map[i].attr) { - if (c >= 1) - virBufferVSprintf(buf, "%s", sep); - virBufferVSprintf(buf, "%s", int_map[i].val); - c++; + while (mask) { + if ((mask & flags)) { + for (i = 0; int_map[i].val; i++) { + if (mask == int_map[i].attr) { + if (c >= 1) + virBufferVSprintf(buf, "%s", sep); + virBufferVSprintf(buf, "%s", int_map[i].val); + c++; + } + } + flags ^= mask; + if (!flags) + break; } - last_attr = int_map[i].attr; + mask <<= 1; } return 0; @@ -799,6 +806,87 @@ stateFormatter(virBufferPtr buf, } + +static const struct int_map tcpFlags[] = { + INTMAP_ENTRY(0x1 , "FIN"), + INTMAP_ENTRY(0x2 , "SYN"), + INTMAP_ENTRY(0x4 , "RST"), + INTMAP_ENTRY(0x8 , "PSH"), + INTMAP_ENTRY(0x10, "ACK"), + INTMAP_ENTRY(0x20, "URG"), + INTMAP_ENTRY(0x3F, "ALL"), + INTMAP_ENTRY(0x0 , "NONE"), + INTMAP_ENTRY_LAST +}; + + +static bool +tcpFlagsValidator(enum attrDatatype datatype ATTRIBUTE_UNUSED, union data *val, + virNWFilterRuleDefPtr nwf ATTRIBUTE_UNUSED, + nwItemDesc *item) +{ + bool rc = false; + char *s_mask = val->c; + char *sep = strchr(val->c, '/'); + char *s_flags; + int32_t mask = 0, flags = 0; + + if (!sep) + return false; + + s_flags = sep + 1; + + *sep = '\0'; + + if (!parseStringItems(tcpFlags, s_mask , &mask , ',') && + !parseStringItems(tcpFlags, s_flags, &flags, ',')) { + item->u.tcpFlags.mask = mask & 0x3f; + item->u.tcpFlags.flags = flags & 0x3f; + rc = true; + } + + *sep = '/'; + + return rc; +} + + +static void +printTCPFlags(virBufferPtr buf, uint8_t flags) +{ + if (flags == 0) + virBufferAddLit(buf, "NONE"); + else if (flags == 0x3f) + virBufferAddLit(buf, "ALL"); + else + printStringItems(buf, tcpFlags, flags, ","); +} + + +void +virNWFilterPrintTCPFlags(virBufferPtr buf, + uint8_t mask, char sep, uint8_t flags) +{ + printTCPFlags(buf, mask); + virBufferAddChar(buf, sep); + printTCPFlags(buf, flags); +} + + +static bool +tcpFlagsFormatter(virBufferPtr buf, + virNWFilterRuleDefPtr nwf ATTRIBUTE_UNUSED, + nwItemDesc *item) +{ + virNWFilterPrintTCPFlags(buf, + item->u.tcpFlags.mask, + '/', + item->u.tcpFlags.flags); + + return true; +} + + #define COMMON_MAC_PROPS(STRUCT) \ {\ .name = SRCMACADDR,\ @@ -1104,6 +1192,13 @@ static const virXMLAttr2Struct tcpAttrib .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX, .dataIdx = offsetof(virNWFilterRuleDef, p.tcpHdrFilter.dataTCPOption), }, + { + .name = "flags", + .datatype = DATATYPE_STRING, + .dataIdx = offsetof(virNWFilterRuleDef, p.tcpHdrFilter.dataTCPFlags), + .validator = tcpFlagsValidator, + .formatter = tcpFlagsFormatter, + }, COMMENT_PROP_IPHDR(tcpHdrFilter), { .name = NULL, Index: libvirt-acl/src/conf/nwfilter_conf.h =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.h +++ libvirt-acl/src/conf/nwfilter_conf.h @@ -122,6 +122,10 @@ struct _nwItemDesc { uint16_t u16; char protocolID[10]; char *string; + struct { + uint8_t mask; + uint8_t flags; + } tcpFlags; } u; }; @@ -242,6 +246,7 @@ struct _tcpHdrFilterDef { ipHdrDataDef ipHdr; portDataDef portData; nwItemDesc dataTCPOption; + nwItemDesc dataTCPFlags; }; @@ -667,6 +672,10 @@ void virNWFilterCallbackDriversLock(void void virNWFilterCallbackDriversUnlock(void); +void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask, + char sep, uint8_t flags); + + VIR_ENUM_DECL(virNWFilterRuleAction); VIR_ENUM_DECL(virNWFilterRuleDirection); VIR_ENUM_DECL(virNWFilterRuleProtocol); Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -1204,6 +1204,15 @@ _iptablesCreateRuleInstance(int directio &prefix)) goto err_exit; + if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPFlags)) { + virBufferVSprintf(&buf, " %s --tcp-flags ", + ENTRY_GET_NEG_SIGN(&rule->p.tcpHdrFilter.dataTCPFlags)); + virNWFilterPrintTCPFlags(&buf, + rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.mask, + ' ', + rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.flags); + } + if (iptablesHandlePortData(&buf, vars, &rule->p.tcpHdrFilter.portData, Index: libvirt-acl/docs/schemas/nwfilter.rng =================================================================== --- libvirt-acl.orig/docs/schemas/nwfilter.rng +++ libvirt-acl/docs/schemas/nwfilter.rng @@ -81,6 +81,7 @@ <ref name="common-port-attributes"/> <ref name="common-ip-attributes-p1"/> <ref name="common-ip-attributes-p2"/> + <ref name="tcp-attributes"/> <ref name="comment-attribute"/> </element> </zeroOrMore> @@ -184,6 +185,7 @@ <ref name="common-port-attributes"/> <ref name="common-ipv6-attributes-p1"/> <ref name="common-ipv6-attributes-p2"/> + <ref name="tcp-attributes"/> <ref name="comment-attribute"/> </element> </zeroOrMore> @@ -606,6 +608,14 @@ </optional> </define> + <define name="tcp-attributes"> + <optional> + <attribute name="flags"> + <ref name="tcpflags-type"/> + </attribute> + </optional> + </define> +  <define name="UUID"> @@ -872,4 +882,10 @@ <param name="pattern">((NEW|ESTABLISHED|RELATED|INVALID)(,(NEW|ESTABLISHED|RELATED|INVALID))*|NONE)</param> </data> </define> + + <define name='tcpflags-type'> + <data type="string"> + <param name="pattern">((SYN|ACK|URG|PSH|FIN|RST)(,(SYN|ACK|URG|PSH|FIN|RST))*|ALL|NONE)/((SYN|ACK|URG|PSH|FIN|RST)(,(SYN|ACK|URG|PSH|FIN|RST))*|ALL|NONE)</param> + </data> + </define> </grammar> Index: libvirt-acl/docs/formatnwfilter.html.in =================================================================== --- libvirt-acl.orig/docs/formatnwfilter.html.in +++ libvirt-acl/docs/formatnwfilter.html.in @@ -755,6 +755,11 @@ <td>STRING</td> <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td> </tr> + <tr> + <td>flags (Since 0.9.1)</td> + <td>STRING</td> + <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td> + </tr> </table> @@ -1040,6 +1045,11 @@ <td>STRING</td> <td>comma separated list of NEW,ESTABLISHED,RELATED,INVALID or NONE</td> </tr> + <tr> + <td>flags (Since 0.9.1)</td> + <td>STRING</td> + <td>TCP-only: format of mask/flags with mask and flags each being a comma separated list of SYN,ACK,URG,PSH,FIN,RST or NONE or ALL</td> + </tr> </table> Index: libvirt-acl/src/libvirt_private.syms =================================================================== --- libvirt-acl.orig/src/libvirt_private.syms +++ libvirt-acl/src/libvirt_private.syms @@ -683,6 +683,7 @@ virNWFilterObjRemove; virNWFilterObjSaveDef; virNWFilterObjUnlock; virNWFilterPrintStateMatchFlags; +virNWFilterPrintTCPFlags; virNWFilterRegisterCallbackDriver; virNWFilterRuleActionTypeToString; virNWFilterRuleProtocolTypeToString; Index: libvirt-acl/tests/nwfilterxml2xmlin/tcp-test.xml =================================================================== --- libvirt-acl.orig/tests/nwfilterxml2xmlin/tcp-test.xml +++ libvirt-acl/tests/nwfilterxml2xmlin/tcp-test.xml @@ -19,4 +19,16 @@ srcportstart='255' srcportend='256' dstportstart='65535' dstportend='65536'/> </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/ALL'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='SYN/SYN,ACK'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='RST/NONE'/> + </rule> + <rule action='accept' direction='in'> + <tcp state='NONE' flags='PSH/'/> + </rule> </filter> Index: libvirt-acl/tests/nwfilterxml2xmlout/tcp-test.xml =================================================================== --- libvirt-acl.orig/tests/nwfilterxml2xmlout/tcp-test.xml +++ libvirt-acl/tests/nwfilterxml2xmlout/tcp-test.xml @@ -9,4 +9,16 @@ <rule action='accept' direction='in' priority='500' statematch='false'> <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/> </rule> + <rule action='accept' direction='in' priority='500'> + <tcp state='NONE' flags='SYN/ALL'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <tcp state='NONE' flags='SYN/SYN,ACK'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <tcp state='NONE' flags='RST/NONE'/> + </rule> + <rule action='accept' direction='in' priority='500'> + <tcp state='NONE' flags='PSH/NONE'/> + </rule> </filter>

2 2

[libvirt] [PATCH 0/3] setmem: add --current option to virsh setmem command
by Taku Izumi 08 Apr '11

08 Apr '11

Hi all, This patchset adds --current option to virsh setmem command. This is based on the discussion at http://www.redhat.com/archives/libvir-list/2011-March/msg00564.html *[PATCH 1/3] setmem: introduce VIR_DOMAIN_MEM_CURRENT flag *[PATCH 2/3] setmem: add virDomainSetMemroyFlags(,,VIR_DOMAIN_MEM_CURRENT) support to qemu driver *[PATCH 3/3] setmem: add --current option to virsh setmem command Best regards, Taku Izumi

2 6

[libvirt] [PATCH v2 0/4] configure inactive domains' maximum memory size
by Taku Izumi 08 Apr '11

08 Apr '11

Hi all, This patchset enables us to configure inactive domain's maximum memory size. I redesigned according to Daniel-san's commnet. *[PATCH 1/4] [RESEND] setmaxmem: remove the code to invoke virDomainSetMemory in cmdSetmaxmem => http://www.redhat.com/archives/libvir-list/2011-March/msg00747.html *[PATCH 2/4] maxmem: introduces VIR_DOMAIN_MEM_MAXIMUM flag *[PATCH 3/4] maxmem: implement virDomainSetMaxMemory API of the qemu driver *[PATCH 4/4] setmaxmem: add the new options to "virsh setmaxmem" command The following patchset is the prerequisite of these. => http://www.redhat.com/archives/libvir-list/2011-March/msg01057.html Best regards, Taku Izumi

2 7

[libvirt] [PATCH] setmaxmem: remove the code to invoke virDomainSetMemory in cmdSetmaxmem
by Taku Izumi 08 Apr '11

08 Apr '11

When the new maximum memory size becomes less than the current memory size, I think it is not the libvirt client but the each driver that decides the behavior (reject the operation or shrink the current memory size). Signed-off-by: Taku Izumi <izumi.taku(a)jp.fujitsu.com> --- tools/virsh.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) Index: libvirt/tools/virsh.c =================================================================== --- libvirt.orig/tools/virsh.c +++ libvirt/tools/virsh.c @@ -3030,15 +3030,7 @@ cmdSetmaxmem(vshControl *ctl, const vshC if (virDomainSetMaxMemory(dom, kilobytes) != 0) { vshError(ctl, "%s", _("Unable to change MaxMemorySize")); - virDomainFree(dom); - return FALSE; - } - - if (kilobytes < info.memory) { - if (virDomainSetMemory(dom, kilobytes) != 0) { - vshError(ctl, "%s", _("Unable to shrink current MemorySize")); - ret = FALSE; - } + ret = FALSE; } virDomainFree(dom);

3 2