[libvirt] [PATCH v4 0/2] don't masquerade local broadcast/multicast packets
by Laszlo Ersek
v2->v4 changes (v3 went in a different direction):
- Rename iptables(Add|Remove)ForwardDontMasquerade to
iptables(Add|Remove)DontMasquerade [Laine].
Masquerading local broadcast breaks DHCP replies for some clients.
There has been a report about broken local multicast too.
(See references in the patches.)
Testing:
Chain POSTROUTING (policy ACCEPT 2 packets, 134 bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
+ make check, make syntax-check, virsh net-start / net-destroy.
Laszlo Ersek (2):
util/viriptables: add/remove rules that short-circuit masquerading
bridge driver: don't masquerade local subnet broadcast/multicast
packets
src/util/viriptables.h | 8 ++++
src/network/bridge_driver_linux.c | 70 +++++++++++++++++++++++++++++--
src/util/viriptables.c | 88 +++++++++++++++++++++++++++++++++++++++
src/libvirt_private.syms | 2 +
4 files changed, 164 insertions(+), 4 deletions(-)
--
1.8.3.1
11 years, 7 months
[libvirt] [PATCH]util: Helper function for checking existence of hook files for specific driver
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
We refresh the status of hook scripts
only when start/restart libvirt or reloads its configuration.
But hooks scripts may be changed.
This function will help to check its existence.
And we do not need to start/restart libvirt if
we add/remove hook files.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
src/util/virhook.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/util/virhook.c b/src/util/virhook.c
index 159efdb..c4a1a15 100644
--- a/src/util/virhook.c
+++ b/src/util/virhook.c
@@ -129,6 +129,12 @@ virHookCheck(int no, const char *driver) {
return ret;
}
+static int
+virHookDriverCheck(int driver) {
+ return virHookCheck(driver,
+ virHookDriverTypeToString(driver));
+}
+
/*
* virHookInitialize:
*
@@ -170,11 +176,12 @@ virHookPresent(int driver) {
if ((driver < VIR_HOOK_DRIVER_DAEMON) ||
(driver >= VIR_HOOK_DRIVER_LAST))
return 0;
- if (virHooksFound == -1)
+ if (virHookDriverCheck(driver) != 1) {
+ VIR_DEBUG("Driver %s hooks files not found",
+ virHookDriverTypeToString(driver));
return 0;
+ }
- if ((virHooksFound & (1 << driver)) == 0)
- return 0;
return 1;
}
--
1.8.2.1
11 years, 7 months
[libvirt] [PATCH v3 0/4] don't masquerade local broadcast/multicast packets
by Laszlo Ersek
Masquerading local broadcast breaks DHCP replies for some clients.
There has been a report about broken local multicast too.
(See references in the patches.)
Regarding multicast, right now the series disables masquerading for the
most restrictive local multicast range only.
v2->v3 changes:
- Rename iptables(Add|Remove)ForwardDontMasquerade to
iptables(Add|Remove)DontMasquerade [Laine].
- Pass (address, prefix) pairs as both source and destination parameters
to these functions.
- Introduce virPfxSocketAddr structure for simpler handling of said
(address, prefix) pairs.
- Also prevent masquerading of directed broadcast [Laine].
- Start to get serious about pointers-to-const.
Testing:
- "make check" and "make syntax-check" pass,
- thanks to the great docs on libvirt.org (compiling & deployment) I
even managed to test this on my RHEL-6 laptop, with repeated net-start
/ net-destroy commands.
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 192.168.122.0/24 192.168.122.255
0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
Laszlo Ersek (4):
iptablesFormatNetwork(): constify target of "netaddr" parameter
util/viriptables: add/remove rules that short-circuit masquerading
virSocketAddrBroadcastByPrefix(): constify target of "addr" parameter
bridge driver: don't masquerade local subnet broadcast/multicast
packets
src/util/viriptables.h | 11 +++
src/util/virsocketaddr.h | 8 +-
src/network/bridge_driver_linux.c | 151 +++++++++++++++++++++++++++++++++++++-
src/util/viriptables.c | 84 ++++++++++++++++++++-
src/util/virsocketaddr.c | 8 +-
src/libvirt_private.syms | 2 +
6 files changed, 251 insertions(+), 13 deletions(-)
--
1.8.3.1
11 years, 7 months
[libvirt] [PATCH]util: Refresh virHook before checking its existence
by Chen Hanxiao
From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
We refresh the status of hook scripts
only when start/stop libvirt, or reload its configuration.
But the status of hooks scripts may be changed.
We need to refresh its status before checking its existence.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
src/util/virhook.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/util/virhook.c b/src/util/virhook.c
index 159efdb..5500f62 100644
--- a/src/util/virhook.c
+++ b/src/util/virhook.c
@@ -170,11 +170,15 @@ virHookPresent(int driver) {
if ((driver < VIR_HOOK_DRIVER_DAEMON) ||
(driver >= VIR_HOOK_DRIVER_LAST))
return 0;
- if (virHooksFound == -1)
- return 0;
+ if (virHookInitialize() > 0) {
+ if (virHooksFound == -1)
+ return 0;
- if ((virHooksFound & (1 << driver)) == 0)
+ if ((virHooksFound & (1 << driver)) == 0)
+ return 0;
+ } else {
return 0;
+ }
return 1;
}
--
1.8.2.1
11 years, 7 months
Re: [libvirt] virDomainGetInfo() returns wrong domain state
by Panday Ritesh Sharma (rpanday)
Hi Libvirt support team,
Could you please help me with below query.
Regards
Ritesh Sharma
From: Panday Ritesh Sharma (rpanday)
Sent: Tuesday, September 24, 2013 8:22 PM
To: 'libvir-list(a)redhat.com'; 'libvirt-users(a)redhat.com'; Vinay Shankarkumar (vinays)
Cc: Basavaraj Bendigeri (bbendige); q-se-dev(mailer list)
Subject: virDomainGetInfo() returns wrong domain state
Hi Team,
I have written below code to get the VM state at run time. I found, though the VM is in shut-off state, when I use the function virDomainGetInfo(); I get state as running. Could you please let me know what wrong I am doing. To know the actual VM state I used 'virsh list' and it clearly shows the VM is in shut-off state. Please find the log and code snippet below.
Log from virsh:
=================
[host:~]$ virsh list --all
Id Name State
----------------------------------------------------
1 calvados running
2 LCXR running
3 default-sdr--1 running
- test--2 shut off
Out put:
=========
04.03.06.698923264:INFO: vm_libvirt_state_to_vmm_state: state returned is 1
Note : Here 1 is actually running.
Code snippet:
===============
enum cidl_vmm_vm_state
vm_libvirt_state_to_vmm_state(unsigned char libvirt_state)
{
enum cidl_vmm_vm_state state;
INFO("%s: state returned is %u\n",__FUNCTION__, libvirt_state); <<<<<<<<<<<<<<<<<<
if (libvirt_state == VIR_DOMAIN_RUNNING) {
state = cidl_vm_state_running;
} else if ((libvirt_state == VIR_DOMAIN_PAUSED) ||
(libvirt_state == VIR_DOMAIN_BLOCKED)) {
state = cidl_vm_state_paused;
} else if (libvirt_state == VIR_DOMAIN_SHUTOFF) {
state = cidl_vm_state_defined;
} else {
state = cidl_vm_state_not_defined;
}
return state;
}
virDomainInfo res_util;
virDomainPtr dom = virDomainLookupByName(virt,
private_names[vm_idx]);
res = virDomainGetInfo(dom, &res_util);
vminfo[vm_idx].vm_state =
vm_libvirt_state_to_vmm_state(res_util.state);
Regards
Ritesh Sharma
11 years, 7 months
[libvirt] bug. libvirt related to selinux.
by yue
hi,all
when 'virsh start testname-1' failed, but i can start it throught commandline which is copy from libvirtd.log.
selinux is disabled now.
----------------
libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/3
qemu-kvm: -drive file=/rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9,if=none,id=drive-ide0-0-0,format=qcow2,serial=ac025dc1-4e25-4b71-8c56-88dcb61b9f09,cache=none,werror=stop,rerror=stop,aio=native: could not open disk image /rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9: Operation not permitted
audit.log
type=VIRT_CONTROL msg=audit(1379810795.213:41569): user pid=1637 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="testname-1" uuid=24f7e975-9aa5-4a14-b0f0-590add14c8b5 vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed'
11 years, 7 months
[libvirt] [PATCH v2 0/2] don't masquerade local broadcast/multicast packets
by Laszlo Ersek
Masquerading local broadcast breaks DHCP replies for some clients.
There has been a report about broken local multicast too.
(See references in the patches.)
Testing: build tested the upstream series. Tested the RHEL-6.4.z and
RHEL-7.0 backports with OVMF netboot on virbr0.
Changes between v1 (at
http://www.redhat.com/archives/libvir-list/2013-May/msg01872.html
) and v2:
- forward-ported to current upstream master (commit 49a5262d).
This includes conflict resolution for:
commit 477a619e1b37694e3c59c0d6c84ede6d2e28b878
Author: Roman Bogorodskiy <bogorodskiy(a)gmail.com>
Date: Fri Jun 28 00:52:30 2013 -0400
Drop iptablesContext
in both patches #1 and #2, and for
commit 4ac708f250867f65091a20b153c204862d389cb9
Author: Roman Bogorodskiy <bogorodskiy(a)gmail.com>
Date: Wed Jul 24 16:22:54 2013 +0400
bridge driver: extract platform specifics
in patch #2.
Laszlo Ersek (2):
util/viriptables: add/remove rules that short-circuit masquerading
bridge driver: don't masquerade local subnet broadcast/multicast
packets
src/util/viriptables.h | 8 ++++
src/network/bridge_driver_linux.c | 70 +++++++++++++++++++++++++++++--
src/util/viriptables.c | 88 +++++++++++++++++++++++++++++++++++++++
src/libvirt_private.syms | 2 +
4 files changed, 164 insertions(+), 4 deletions(-)
--
1.8.3.1
11 years, 7 months
[libvirt] [PATCH] Fix format specifier for OOM test fprintfs
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The testutils.c file had some fprintfs which had not been
converted from %d to %zu, when 'testCounter' change to be
a size_t. This was a build breaker if --enable-test-oom
was enabled
Pushed as a build fix
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tests/testutils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/testutils.c b/tests/testutils.c
index a215f3f..45882c5 100644
--- a/tests/testutils.c
+++ b/tests/testutils.c
@@ -717,9 +717,9 @@ int virtTestMain(int argc,
approxAlloc = virAllocTestCount();
testCounter++;
if (virTestGetDebug())
- fprintf(stderr, "%d) OOM...\n", testCounter);
+ fprintf(stderr, "%zu) OOM...\n", testCounter);
else
- fprintf(stderr, "%d) OOM of %d allocs ", testCounter, approxAlloc);
+ fprintf(stderr, "%zu) OOM of %d allocs ", testCounter, approxAlloc);
if (mp) {
size_t i;
--
1.8.3.1
11 years, 7 months
[libvirt] [PATCH 0/4] Improve passthrough of early errors from qemu log
by Peter Krempa
Upgrade error messages in some cases of early failure. See 4/4 for better
explanation.
Peter Krempa (4):
qemu_process: Make qemuProcessReadLog() more versatile and reusable
qemu: monitor: Add infrastructure to access VM logs for better err
msgs
qemu: monitor: Produce better errors on monitor hangup
qemu: Wire up better early error reporting
src/qemu/qemu_monitor.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++---
src/qemu/qemu_monitor.h | 2 +
src/qemu/qemu_process.c | 54 +++++++++++++++++++--------
src/qemu/qemu_process.h | 2 +
4 files changed, 133 insertions(+), 22 deletions(-)
--
1.8.3.2
11 years, 7 months
[libvirt] [PATCHv2 0/3] Change preference of default PCI passthrough type to VFIO
by Peter Krempa
Peter Krempa (3):
qemu: hostdev: Refactor PCI passhrough handling
qemu: hostdev: Add checks if PCI passthrough is availabe in the host
qemu: Prefer VFIO for PCI device passthrough
docs/formatdomain.html.in | 9 ++-
src/conf/domain_conf.h | 2 +-
src/qemu/qemu_command.c | 28 ++++++---
src/qemu/qemu_hostdev.c | 143 ++++++++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_hostdev.h | 5 ++
src/qemu/qemu_hotplug.c | 29 ++++++----
src/qemu/qemu_process.c | 6 ++
tests/qemuxml2argvtest.c | 11 ++++
8 files changed, 208 insertions(+), 25 deletions(-)
--
1.8.3.2
11 years, 7 months
