[libvirt] [PATCH] nwfilter: Tear down temp. filters when tearing all filters
by Stefan Berger
From: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
Refactor the ebiptablesTearNewRules function so that the teardown of temporary
filters can also be called by the ebiptablesAllTeardown function.
This fixes a problem that leaves temporary filters behind when a VM shuts down
while its filters are modified.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
src/nwfilter/nwfilter_ebiptables_driver.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index de07faa..307c153 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -3544,14 +3544,9 @@ ebiptablesApplyNewRules(const char *ifname,
}
-static int
-ebiptablesTearNewRules(const char *ifname)
+static void
+ebiptablesTearNewRulesFW(virFirewallPtr fw, const char *ifname)
{
- virFirewallPtr fw = virFirewallNew();
- int ret = -1;
-
- virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
-
iptablesUnlinkTmpRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
iptablesRemoveTmpRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
@@ -3563,13 +3558,24 @@ ebiptablesTearNewRules(const char *ifname)
ebtablesRemoveTmpSubChainsFW(fw, ifname);
ebtablesRemoveTmpRootChainFW(fw, true, ifname);
ebtablesRemoveTmpRootChainFW(fw, false, ifname);
+}
+
+
+static int
+ebiptablesTearNewRules(const char *ifname)
+{
+ virFirewallPtr fw = virFirewallNew();
+ int ret = -1;
+
+ virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
+
+ ebiptablesTearNewRulesFW(fw, ifname);
ret = virFirewallApply(fw);
virFirewallFree(fw);
return ret;
}
-
static int
ebiptablesTearOldRules(const char *ifname)
{
@@ -3616,6 +3622,8 @@ ebiptablesAllTeardown(const char *ifname)
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
+ ebiptablesTearNewRulesFW(fw, ifname);
+
iptablesUnlinkRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
iptablesClearVirtInPostFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
iptablesRemoveRootChainsFW(fw, VIR_FIREWALL_LAYER_IPV4, ifname);
--
1.8.1.4
10 years, 7 months
[libvirt] [PATCH] Set mknod permission in device ACL for LXC USB devices
by Daniel P. Berrange
The LXC controller itself needs to mknod the USB device
node in /dev/bus/usb, so we can't block mknod permission
from the cgroup.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/lxc/lxc_cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 1ae3906..c641132 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -325,7 +325,7 @@ virLXCSetupHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
VIR_DEBUG("Process path '%s' for USB device", path);
if (virCgroupAllowDevicePath(cgroup, path,
- VIR_CGROUP_DEVICE_RW) < 0)
+ VIR_CGROUP_DEVICE_RWM) < 0)
return -1;
return 0;
@@ -341,7 +341,7 @@ virLXCTeardownHostUSBDeviceCgroup(virUSBDevicePtr dev ATTRIBUTE_UNUSED,
VIR_DEBUG("Process path '%s' for USB device", path);
if (virCgroupDenyDevicePath(cgroup, path,
- VIR_CGROUP_DEVICE_RW) < 0)
+ VIR_CGROUP_DEVICE_RWM) < 0)
return -1;
return 0;
--
1.9.0
10 years, 7 months
[libvirt] [PATCH v2] nwfilter: Validate rule after parsing
by Stefan Berger
From: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
An IP or IPv6 rule with port specification but without protocol
specification cannot be instantiated by ebtables. The documentation
points to 'protocol' being required but implementation does not
enforce it to be given.
Implement a rule validation function that checks whether the rule is
valid when it is defined. This for example prevents the definition
of rules like:
<ip dstportstart='53'>
where a protocol attribute would be required for it to be valid and for
ebtables to be able to instantiate it. A valid rule then is:
<ip protocol='udp' dstportstart='53'>
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
Changes:
v1->v2:
- fixed access to ipv6 structures
---
src/conf/nwfilter_conf.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 62 insertions(+)
diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index f5a75e4..69b1d97 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -2093,6 +2093,66 @@ virNWFilterRuleDefFixupIPSet(ipHdrDataDefPtr ipHdr)
}
}
+
+/*
+ * virNWFilterRuleValidate
+ *
+ * Perform some basic rule validation to prevent rules from being
+ * defined that cannot be instantiated.
+ */
+static int
+virNWFilterRuleValidate(virNWFilterRuleDefPtr rule)
+{
+ int ret = 0;
+ portDataDefPtr portData = NULL;
+ nwItemDescPtr dataProtocolID;
+ const char *protocol;
+
+ switch (rule->prtclType) {
+ case VIR_NWFILTER_RULE_PROTOCOL_IP:
+ portData = &rule->p.ipHdrFilter.portData;
+ protocol = "IP";
+ dataProtocolID = &rule->p.ipHdrFilter.ipHdr.dataProtocolID;
+ /* fall through */
+ case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
+ if (portData == NULL) {
+ portData = &rule->p.ipv6HdrFilter.portData;
+ protocol = "IPv6";
+ dataProtocolID = &rule->p.ipv6HdrFilter.ipHdr.dataProtocolID;
+ }
+ if (HAS_ENTRY_ITEM(&portData->dataSrcPortStart) ||
+ HAS_ENTRY_ITEM(&portData->dataDstPortStart) ||
+ HAS_ENTRY_ITEM(&portData->dataSrcPortEnd) ||
+ HAS_ENTRY_ITEM(&portData->dataDstPortEnd)) {
+ if (HAS_ENTRY_ITEM(dataProtocolID)) {
+ switch (dataProtocolID->u.u8) {
+ case 6: /* tcp */
+ case 17: /* udp */
+ case 33: /* dccp */
+ case 132: /* sctp */
+ break;
+ default:
+ ret = -1;
+ }
+ } else {
+ ret = -1;
+ }
+ if (ret < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("%s rule with port specification requires "
+ "protocol specification with protocol to be "
+ "either one of tcp(6), udp(17), dccp(33), or "
+ "sctp(132)"), protocol);
+ }
+ }
+ break;
+ default:
+ break;
+ }
+
+ return ret;
+}
+
static void
virNWFilterRuleDefFixup(virNWFilterRuleDefPtr rule)
{
@@ -2389,6 +2449,8 @@ virNWFilterRuleParse(xmlNodePtr node)
virAttr[i].att) < 0) {
goto err_exit;
}
+ if (virNWFilterRuleValidate(ret) < 0)
+ goto err_exit;
break;
}
if (!found) {
--
1.8.1.4
10 years, 7 months
[libvirt] [PATCH] bhyve: implement domainGetCPUStats
by Roman Bogorodskiy
For per CPU stats, implement virBhyveGetDomainPercpuStats() that
uses bhyvectl tool to obtain the guest's vcpu stats.
For total CPU stats, add virBhyveGetDomainTotalCpuStats() that
gets the hypervisor process CPU stats using kvm (kernel
memory interface).
---
configure.ac | 7 +++
src/bhyve/bhyve_driver.c | 38 +++++++++++++
src/bhyve/bhyve_process.c | 136 ++++++++++++++++++++++++++++++++++++++++++++++
src/bhyve/bhyve_process.h | 10 ++++
4 files changed, 191 insertions(+)
diff --git a/configure.ac b/configure.ac
index ea85851..dbfada2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2678,6 +2678,13 @@ AC_CHECK_DECLS([cpuset_getaffinity],
#include <sys/cpuset.h>
])
+# Check for BSD kvm (kernel memory interface)
+if test $with_freebsd = yes; then
+ AC_CHECK_LIB([kvm], [kvm_getprocs], [],
+ [AC_MSG_ERROR([BSD kernel memory interface library is required to build on FreeBSD])]
+ )
+fi
+
# Check if we need to look for ifconfig
if test "$want_ifconfig" = "yes"; then
AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])
diff --git a/src/bhyve/bhyve_driver.c b/src/bhyve/bhyve_driver.c
index 0cafe4c..25b0dce 100644
--- a/src/bhyve/bhyve_driver.c
+++ b/src/bhyve/bhyve_driver.c
@@ -930,6 +930,43 @@ bhyveDomainGetMetadata(virDomainPtr dom,
}
static int
+bhyveDomainGetCPUStats(virDomainPtr dom,
+ virTypedParameterPtr params ATTRIBUTE_UNUSED,
+ unsigned int nparams,
+ int start_cpu,
+ unsigned int ncpus,
+ unsigned int flags)
+{
+ virDomainObjPtr vm = NULL;
+ int ret = -1;
+
+ virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1);
+
+ if (!(vm = bhyveDomObjFromDomain(dom)))
+ return ret;
+
+ if (virDomainGetCPUStatsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("domain is not running"));
+ goto cleanup;
+ }
+
+ if (start_cpu == -1)
+ ret = virBhyveGetDomainTotalCpuStats(vm, params, nparams);
+ else
+ ret = virBhyveGetDomainPercpuStats(vm, params, nparams,
+ start_cpu, ncpus);
+
+ cleanup:
+ if (vm)
+ virObjectUnlock(vm);
+ return ret;
+}
+
+static int
bhyveNodeGetCPUStats(virConnectPtr conn,
int cpuNum,
virNodeCPUStatsPtr params,
@@ -1198,6 +1235,7 @@ static virDriver bhyveDriver = {
.domainOpenConsole = bhyveDomainOpenConsole, /* 1.2.4 */
.domainSetMetadata = bhyveDomainSetMetadata, /* 1.2.4 */
.domainGetMetadata = bhyveDomainGetMetadata, /* 1.2.4 */
+ .domainGetCPUStats = bhyveDomainGetCPUStats, /* 1.2.4 */
.nodeGetCPUStats = bhyveNodeGetCPUStats, /* 1.2.2 */
.nodeGetMemoryStats = bhyveNodeGetMemoryStats, /* 1.2.2 */
.nodeGetInfo = bhyveNodeGetInfo, /* 1.2.3 */
diff --git a/src/bhyve/bhyve_process.c b/src/bhyve/bhyve_process.c
index a557bc5..e1f4324 100644
--- a/src/bhyve/bhyve_process.c
+++ b/src/bhyve/bhyve_process.c
@@ -22,7 +22,11 @@
#include <config.h>
#include <fcntl.h>
+#include <kvm.h>
+#include <sys/param.h>
#include <sys/types.h>
+#include <sys/sysctl.h>
+#include <sys/user.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <net/if_tap.h>
@@ -41,11 +45,15 @@
#include "virnetdev.h"
#include "virnetdevbridge.h"
#include "virnetdevtap.h"
+#include "virtypedparam.h"
#define VIR_FROM_THIS VIR_FROM_BHYVE
VIR_LOG_INIT("bhyve.bhyve_process");
+#define BHYVE_TOTAL_CPU_STAT_PARAM 1
+#define BHYVE_PER_CPU_STAT_PARAM 1
+
static virDomainObjPtr
bhyveProcessAutoDestroy(virDomainObjPtr vm,
virConnectPtr conn ATTRIBUTE_UNUSED,
@@ -246,3 +254,131 @@ virBhyveProcessStop(bhyveConnPtr driver,
virCommandFree(cmd);
return ret;
}
+
+static int
+virBhyveExtractCpuTotal(char **const groups,
+ void *opaque)
+{
+ return virStrToLong_ull(groups[0], NULL, 10, opaque);
+}
+
+int
+virBhyveGetDomainTotalCpuStats(virDomainObjPtr vm,
+ virTypedParameterPtr params ATTRIBUTE_UNUSED,
+ unsigned int nparams)
+{
+ struct kinfo_proc* kp;
+ kvm_t* kd;
+ char errbuf[_POSIX2_LINE_MAX];
+ int nprocs;
+ int ret = -1;
+
+ if (nparams == 0)
+ return BHYVE_TOTAL_CPU_STAT_PARAM;
+
+ if ((kd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf)) == NULL) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ _("Unable to get kvm descriptor: %s"),
+ errbuf);
+ return -1;
+
+ }
+
+ kp = kvm_getprocs(kd, KERN_PROC_PID, vm->pid, &nprocs);
+ if (kp == NULL || nprocs != 1) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ _("Unable to obtain information about pid: %d"),
+ (int)vm->pid);
+ goto cleanup;
+ }
+
+ if (virTypedParameterAssign(¶ms[0], VIR_DOMAIN_CPU_STATS_CPUTIME,
+ VIR_TYPED_PARAM_ULLONG,
+ kp->ki_runtime * 1000ul) < 0)
+ goto cleanup;
+
+ ret = nparams;
+
+ cleanup:
+ kvm_close(kd);
+
+ return ret;
+}
+
+#define TSC_TO_NSEC(x) (unsigned long long)((double)x * (1000.0 * 1000.0 * 1000.0 / (double)tsc_freq))
+
+int
+virBhyveGetDomainPercpuStats(virDomainObjPtr vm,
+ virTypedParameterPtr params,
+ unsigned int nparams,
+ int start_cpu,
+ unsigned int ncpus)
+{
+ virCommandPtr cmd = NULL;
+ int need_cpus, ret = -1;
+ size_t i, tsc_freq_size;
+ unsigned long long tsc_freq;
+
+ if (nparams == 0 && ncpus != 0)
+ return BHYVE_PER_CPU_STAT_PARAM;
+
+ if (ncpus == 0)
+ return vm->def->vcpus;
+
+ if (start_cpu >= vm->def->vcpus) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("start_cpu %d larger than maximum of %d"),
+ start_cpu, vm->def->vcpus - 1);
+ goto cleanup;
+ }
+
+ need_cpus = MIN(vm->def->vcpus, start_cpu + ncpus);
+
+ tsc_freq_size = sizeof(tsc_freq);
+ if (sysctlbyname("machdep.tsc_freq", &tsc_freq, &tsc_freq_size, NULL, 0) < 0) {
+ virReportSystemError(errno,
+ _("sysctl failed for '%s'"),
+ "machdep.tsc_freq");
+ return -1;
+ }
+
+ for (i = start_cpu; i < need_cpus; i++) {
+ unsigned long long cpu_stats;
+
+ const char *regexes[] = {
+ "^vcpu total runtime\\s+([0-9]+)$"
+ };
+ int vars[] = {
+ 1,
+ };
+
+ cmd = virCommandNew(BHYVECTL);
+ virCommandAddArgPair(cmd, "--vm", vm->def->name);
+ virCommandAddArg(cmd, "--get-stats");
+ virCommandAddArgFormat(cmd, "--cpu=%zu", i);
+
+ if (virCommandRunRegex(cmd,
+ 1,
+ regexes,
+ vars,
+ virBhyveExtractCpuTotal,
+ &cpu_stats,
+ NULL) < 0)
+ goto cleanup;
+
+ if (virTypedParameterAssign(¶ms[(i - start_cpu) * nparams],
+ VIR_DOMAIN_CPU_STATS_VCPUTIME,
+ VIR_TYPED_PARAM_ULLONG,
+ TSC_TO_NSEC(cpu_stats)) < 0)
+ goto cleanup;
+
+ virCommandFree(cmd);
+ cmd = NULL;
+ }
+
+ ret = nparams;
+
+ cleanup:
+ virCommandFree(cmd);
+ return ret;
+}
diff --git a/src/bhyve/bhyve_process.h b/src/bhyve/bhyve_process.h
index f91504e..2cc577a 100644
--- a/src/bhyve/bhyve_process.h
+++ b/src/bhyve/bhyve_process.h
@@ -34,6 +34,16 @@ int virBhyveProcessStop(bhyveConnPtr driver,
virDomainObjPtr vm,
virDomainShutoffReason reason);
+int virBhyveGetDomainTotalCpuStats(virDomainObjPtr vm,
+ virTypedParameterPtr params,
+ unsigned int nparams);
+
+int virBhyveGetDomainPercpuStats(virDomainObjPtr vm,
+ virTypedParameterPtr params,
+ unsigned int nparams,
+ int start_cpu,
+ unsigned int ncpus);
+
typedef enum {
VIR_BHYVE_PROCESS_START_AUTODESTROY = 1 << 0,
} bhyveProcessStartFlags;
--
1.9.0
10 years, 7 months
[libvirt] [PATCH V5] libxl: add migration support
by Jim Fehlig
This patch adds initial migration support to the libxl driver,
using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
functions.
Signed-off-by: Jim Fehlig <jfehlig(a)suse.com>
---
V4 here
https://www.redhat.com/archives/libvir-list/2014-April/msg01070.html
In V5:
Use libvirt's V3 migration protocol for handshake and control instead
of duplicating that in the libxl driver.
po/POTFILES.in | 1 +
src/Makefile.am | 3 +-
src/libxl/libxl_conf.h | 6 +
src/libxl/libxl_domain.h | 1 +
src/libxl/libxl_driver.c | 235 +++++++++++++++++++
src/libxl/libxl_migration.c | 544 ++++++++++++++++++++++++++++++++++++++++++++
src/libxl/libxl_migration.h | 78 +++++++
7 files changed, 867 insertions(+), 1 deletion(-)
diff --git a/po/POTFILES.in b/po/POTFILES.in
index e35eb82..a72dc1e 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -73,6 +73,7 @@ src/lxc/lxc_process.c
src/libxl/libxl_domain.c
src/libxl/libxl_driver.c
src/libxl/libxl_conf.c
+src/libxl/libxl_migration.c
src/network/bridge_driver.c
src/network/bridge_driver_linux.c
src/node_device/node_device_driver.c
diff --git a/src/Makefile.am b/src/Makefile.am
index e9dc9e0..0dbda7f 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -706,7 +706,8 @@ XENAPI_DRIVER_SOURCES = \
LIBXL_DRIVER_SOURCES = \
libxl/libxl_conf.c libxl/libxl_conf.h \
libxl/libxl_domain.c libxl/libxl_domain.h \
- libxl/libxl_driver.c libxl/libxl_driver.h
+ libxl/libxl_driver.c libxl/libxl_driver.h \
+ libxl/libxl_migration.c libxl/libxl_migration.h
UML_DRIVER_SOURCES = \
uml/uml_conf.c uml/uml_conf.h \
diff --git a/src/libxl/libxl_conf.h b/src/libxl/libxl_conf.h
index 24e1720..b798567 100644
--- a/src/libxl/libxl_conf.h
+++ b/src/libxl/libxl_conf.h
@@ -43,6 +43,9 @@
# define LIBXL_VNC_PORT_MIN 5900
# define LIBXL_VNC_PORT_MAX 65535
+# define LIBXL_MIGRATION_PORT_MIN 49152
+# define LIBXL_MIGRATION_PORT_MAX 49216
+
# define LIBXL_CONFIG_DIR SYSCONFDIR "/libvirt/libxl"
# define LIBXL_AUTOSTART_DIR LIBXL_CONFIG_DIR "/autostart"
# define LIBXL_STATE_DIR LOCALSTATEDIR "/run/libvirt/libxl"
@@ -115,6 +118,9 @@ struct _libxlDriverPrivate {
/* Immutable pointer, self-locking APIs */
virPortAllocatorPtr reservedVNCPorts;
+ /* Immutable pointer, self-locking APIs */
+ virPortAllocatorPtr migrationPorts;
+
/* Immutable pointer, lockless APIs*/
virSysinfoDefPtr hostsysinfo;
};
diff --git a/src/libxl/libxl_domain.h b/src/libxl/libxl_domain.h
index 979ce2a..9d48049 100644
--- a/src/libxl/libxl_domain.h
+++ b/src/libxl/libxl_domain.h
@@ -69,6 +69,7 @@ struct _libxlDomainObjPrivate {
virChrdevsPtr devs;
libxl_evgen_domain_death *deathW;
libxlDriverPrivatePtr driver;
+ unsigned short migrationPort;
struct libxlDomainJobObj job;
};
diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index dcc3ac2..77f860c 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -45,6 +45,7 @@
#include "libxl_domain.h"
#include "libxl_driver.h"
#include "libxl_conf.h"
+#include "libxl_migration.h"
#include "xen_xm.h"
#include "xen_sxpr.h"
#include "virtypedparam.h"
@@ -209,6 +210,7 @@ libxlStateCleanup(void)
virObjectUnref(libxl_driver->xmlopt);
virObjectUnref(libxl_driver->domains);
virObjectUnref(libxl_driver->reservedVNCPorts);
+ virObjectUnref(libxl_driver->migrationPorts);
virObjectEventStateFree(libxl_driver->domainEventState);
virSysinfoDefFree(libxl_driver->hostsysinfo);
@@ -301,6 +303,13 @@ libxlStateInitialize(bool privileged,
LIBXL_VNC_PORT_MAX)))
goto error;
+ /* Allocate bitmap for migration port reservation */
+ if (!(libxl_driver->migrationPorts =
+ virPortAllocatorNew(_("migration"),
+ LIBXL_MIGRATION_PORT_MIN,
+ LIBXL_MIGRATION_PORT_MAX)))
+ goto error;
+
if (!(libxl_driver->domains = virDomainObjListNew()))
goto error;
@@ -4131,6 +4140,7 @@ libxlConnectSupportsFeature(virConnectPtr conn, int feature)
switch (feature) {
case VIR_DRV_FEATURE_TYPED_PARAM_STRING:
+ case VIR_DRV_FEATURE_MIGRATION_PARAMS:
return 1;
default:
return 0;
@@ -4309,6 +4319,226 @@ libxlNodeDeviceReset(virNodeDevicePtr dev)
return ret;
}
+static char *
+libxlDomainMigrateBegin3Params(virDomainPtr domain,
+ virTypedParameterPtr params,
+ int nparams,
+ char **cookieout ATTRIBUTE_UNUSED,
+ int *cookieoutlen ATTRIBUTE_UNUSED,
+ unsigned int flags)
+{
+ const char *xmlin = NULL;
+ virDomainObjPtr vm = NULL;
+
+ virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL);
+ if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
+ return NULL;
+
+ if (virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_DEST_XML,
+ &xmlin) < 0)
+ return NULL;
+
+ if (!(vm = libxlDomObjFromDomain(domain)))
+ return NULL;
+
+ if (virDomainMigrateBegin3ParamsEnsureACL(domain->conn, vm->def) < 0) {
+ virObjectUnlock(vm);
+ return NULL;
+ }
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("domain is not running"));
+ virObjectUnlock(vm);
+ return NULL;
+ }
+
+ return libxlDomainMigrationBegin(domain->conn, vm, xmlin);
+}
+
+static int
+libxlDomainMigratePrepare3Params(virConnectPtr dconn,
+ virTypedParameterPtr params,
+ int nparams,
+ const char *cookiein ATTRIBUTE_UNUSED,
+ int cookieinlen ATTRIBUTE_UNUSED,
+ char **cookieout ATTRIBUTE_UNUSED,
+ int *cookieoutlen ATTRIBUTE_UNUSED,
+ char **uri_out,
+ unsigned int flags)
+{
+ libxlDriverPrivatePtr driver = dconn->privateData;
+ virDomainDefPtr def = NULL;
+ const char *dom_xml = NULL;
+ const char *dname = NULL;
+ const char *uri_in = NULL;
+
+ virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
+ if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
+ goto error;
+
+ if (virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_DEST_XML,
+ &dom_xml) < 0 ||
+ virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_DEST_NAME,
+ &dname) < 0 ||
+ virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_URI,
+ &uri_in) < 0)
+
+ goto error;
+
+ if (!(def = libxlDomainMigrationPrepareDef(driver, dom_xml, dname)))
+ goto error;
+
+ if (virDomainMigratePrepare3ParamsEnsureACL(dconn, def) < 0)
+ goto error;
+
+ if (libxlDomainMigrationPrepare(dconn, def, uri_in, uri_out) < 0)
+ goto error;
+
+ return 0;
+
+ error:
+ virDomainDefFree(def);
+ return -1;
+}
+
+static int
+libxlDomainMigratePerform3Params(virDomainPtr dom,
+ const char *dconnuri,
+ virTypedParameterPtr params,
+ int nparams,
+ const char *cookiein ATTRIBUTE_UNUSED,
+ int cookieinlen ATTRIBUTE_UNUSED,
+ char **cookieout ATTRIBUTE_UNUSED,
+ int *cookieoutlen ATTRIBUTE_UNUSED,
+ unsigned int flags)
+{
+ libxlDriverPrivatePtr driver = dom->conn->privateData;
+ virDomainObjPtr vm = NULL;
+ const char *dom_xml = NULL;
+ const char *dname = NULL;
+ const char *uri = NULL;
+ int ret = -1;
+
+ virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
+ if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
+ goto cleanup;
+
+ if (virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_DEST_XML,
+ &dom_xml) < 0 ||
+ virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_DEST_NAME,
+ &dname) < 0 ||
+ virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_URI,
+ &uri) < 0)
+
+ goto cleanup;
+
+ if (!(vm = libxlDomObjFromDomain(dom)))
+ goto cleanup;
+
+ if (virDomainMigratePerform3ParamsEnsureACL(dom->conn, vm->def) < 0)
+ goto cleanup;
+
+ if (libxlDomainMigrationPerform(driver, vm, dom_xml, dconnuri,
+ uri, dname, flags) < 0) {
+ /* Job terminated and vm unlocked if MigrationPerform failed */
+ vm = NULL;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ if (vm)
+ virObjectUnlock(vm);
+ return ret;
+}
+
+static virDomainPtr
+libxlDomainMigrateFinish3Params(virConnectPtr dconn,
+ virTypedParameterPtr params,
+ int nparams,
+ const char *cookiein ATTRIBUTE_UNUSED,
+ int cookieinlen ATTRIBUTE_UNUSED,
+ char **cookieout ATTRIBUTE_UNUSED,
+ int *cookieoutlen ATTRIBUTE_UNUSED,
+ unsigned int flags,
+ int cancelled)
+{
+ libxlDriverPrivatePtr driver = dconn->privateData;
+ virDomainObjPtr vm = NULL;
+ const char *dname = NULL;
+
+ virCheckFlags(LIBXL_MIGRATION_FLAGS, NULL);
+ if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
+ return NULL;
+
+ if (virTypedParamsGetString(params, nparams,
+ VIR_MIGRATE_PARAM_DEST_NAME,
+ &dname) < 0)
+ return NULL;
+
+ if (!dname ||
+ !(vm = virDomainObjListFindByName(driver->domains, dname))) {
+ /* Migration obviously failed if the domain doesn't exist */
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ _("Migration failed. No domain on destination host "
+ "with matching name '%s'"),
+ NULLSTR(dname));
+ return NULL;
+ }
+
+ if (virDomainMigrateFinish3ParamsEnsureACL(dconn, vm->def) < 0) {
+ virObjectUnlock(vm);
+ return NULL;
+ }
+
+ if (!virDomainObjIsActive(vm)) {
+ /* Migration failed if domain is inactive */
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ "%s", _("Migration failed. Domain is not running "
+ "on destination host"));
+ virObjectUnlock(vm);
+ return NULL;
+ }
+
+ return libxlDomainMigrationFinish(dconn, vm, flags, cancelled);
+}
+
+static int
+libxlDomainMigrateConfirm3Params(virDomainPtr domain,
+ virTypedParameterPtr params,
+ int nparams,
+ const char *cookiein ATTRIBUTE_UNUSED,
+ int cookieinlen ATTRIBUTE_UNUSED,
+ unsigned int flags,
+ int cancelled)
+{
+ libxlDriverPrivatePtr driver = domain->conn->privateData;
+ virDomainObjPtr vm = NULL;
+
+ virCheckFlags(LIBXL_MIGRATION_FLAGS, -1);
+ if (virTypedParamsValidate(params, nparams, LIBXL_MIGRATION_PARAMETERS) < 0)
+ return -1;
+
+ if (!(vm = libxlDomObjFromDomain(domain)))
+ return -1;
+
+ if (virDomainMigrateConfirm3ParamsEnsureACL(domain->conn, vm->def) < 0) {
+ virObjectUnlock(vm);
+ return -1;
+ }
+
+ return libxlDomainMigrationConfirm(driver, vm, flags, cancelled);
+}
+
static virDriver libxlDriver = {
.no = VIR_DRV_LIBXL,
@@ -4399,6 +4629,11 @@ static virDriver libxlDriver = {
.nodeDeviceDetachFlags = libxlNodeDeviceDetachFlags, /* 1.2.3 */
.nodeDeviceReAttach = libxlNodeDeviceReAttach, /* 1.2.3 */
.nodeDeviceReset = libxlNodeDeviceReset, /* 1.2.3 */
+ .domainMigrateBegin3Params = libxlDomainMigrateBegin3Params, /* 1.2.3 */
+ .domainMigratePrepare3Params = libxlDomainMigratePrepare3Params, /* 1.2.3 */
+ .domainMigratePerform3Params = libxlDomainMigratePerform3Params, /* 1.2.3 */
+ .domainMigrateFinish3Params = libxlDomainMigrateFinish3Params, /* 1.2.3 */
+ .domainMigrateConfirm3Params = libxlDomainMigrateConfirm3Params, /* 1.2.3 */
};
static virStateDriver libxlStateDriver = {
diff --git a/src/libxl/libxl_migration.c b/src/libxl/libxl_migration.c
new file mode 100644
index 0000000..04ae48d
--- /dev/null
+++ b/src/libxl/libxl_migration.c
@@ -0,0 +1,544 @@
+/*
+ * libxl_migration.c: methods for handling migration with libxenlight
+ *
+ * Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ * Jim Fehlig <jfehlig(a)suse.com>
+ * Chunyan Liu <cyliu(a)suse.com>
+ */
+
+#include <config.h>
+
+#include "internal.h"
+#include "virlog.h"
+#include "virerror.h"
+#include "virconf.h"
+#include "datatypes.h"
+#include "virfile.h"
+#include "viralloc.h"
+#include "viruuid.h"
+#include "vircommand.h"
+#include "virstring.h"
+#include "rpc/virnetsocket.h"
+#include "libxl_domain.h"
+#include "libxl_driver.h"
+#include "libxl_conf.h"
+#include "libxl_migration.h"
+
+#define VIR_FROM_THIS VIR_FROM_LIBXL
+
+VIR_LOG_INIT("libxl.libxl_migration");
+
+typedef struct _libxlMigrateReceiveArgs {
+ virConnectPtr conn;
+ virDomainObjPtr vm;
+
+ /* for freeing listen sockets */
+ virNetSocketPtr *socks;
+ size_t nsocks;
+} libxlMigrateReceiveArgs;
+
+
+static void
+libxlDoMigrateReceive(virNetSocketPtr sock,
+ int events ATTRIBUTE_UNUSED,
+ void *opaque)
+{
+ libxlMigrateReceiveArgs *data = opaque;
+ virConnectPtr conn = data->conn;
+ virDomainObjPtr vm = data->vm;
+ virNetSocketPtr *socks = data->socks;
+ size_t nsocks = data->nsocks;
+ libxlDriverPrivatePtr driver = conn->privateData;
+ virNetSocketPtr client_sock;
+ int recvfd;
+ size_t i;
+ int ret;
+
+ virNetSocketAccept(sock, &client_sock);
+ if (client_sock == NULL) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("Fail to accept migration connection"));
+ goto cleanup;
+ }
+ VIR_DEBUG("Accepted migration connection\n");
+ recvfd = virNetSocketDupFD(client_sock, true);
+ virObjectUnref(client_sock);
+
+ virObjectLock(vm);
+ ret = libxlDomainStart(driver, vm, false, recvfd);
+ virObjectUnlock(vm);
+
+ if (ret < 0 && !vm->persistent)
+ virDomainObjListRemove(driver->domains, vm);
+
+ cleanup:
+ /* Remove all listen socks from event handler, and close them. */
+ for (i = 0; i < nsocks; i++) {
+ virNetSocketUpdateIOCallback(socks[i], 0);
+ virNetSocketRemoveIOCallback(socks[i]);
+ virNetSocketClose(socks[i]);
+ virObjectUnref(socks[i]);
+ }
+ VIR_FREE(socks);
+
+ VIR_FORCE_CLOSE(recvfd);
+ VIR_FREE(opaque);
+ return;
+}
+
+static int
+libxlDoMigrateSend(libxlDriverPrivatePtr driver,
+ virDomainObjPtr vm,
+ unsigned long flags,
+ int sockfd)
+{
+ libxlDomainObjPrivatePtr priv;
+ libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
+ virObjectEventPtr event = NULL;
+ int xl_flags = 0;
+ int ret;
+
+ if (flags & VIR_MIGRATE_LIVE)
+ xl_flags = LIBXL_SUSPEND_LIVE;
+
+ priv = vm->privateData;
+ ret = libxl_domain_suspend(priv->ctx, vm->def->id, sockfd,
+ xl_flags, NULL);
+ if (ret != 0) {
+ /* attempt to resume the domain on failure */
+ if (libxl_domain_resume(priv->ctx, vm->def->id, 0, 0) != 0) {
+ VIR_DEBUG("Failed to resume domain following failed migration");
+ virDomainObjSetState(vm, VIR_DOMAIN_PAUSED,
+ VIR_DOMAIN_PAUSED_MIGRATION);
+ event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_SUSPENDED,
+ VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED);
+ ignore_value(virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm));
+ }
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to send migration data to destination host"));
+ ret = -1;
+ goto cleanup;
+ }
+
+ cleanup:
+ if (event)
+ libxlDomainEventQueue(driver, event);
+ virObjectUnref(cfg);
+ return ret;
+}
+
+static bool
+libxlDomainMigrationIsAllowed(virDomainDefPtr def)
+{
+ /* Migration is not allowed if definition contains any hostdevs */
+ if (def->nhostdevs > 0) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("domain has assigned host devices"));
+ return false;
+ }
+
+ return true;
+}
+
+char *
+libxlDomainMigrationBegin(virConnectPtr conn,
+ virDomainObjPtr vm,
+ const char *xmlin)
+{
+ libxlDriverPrivatePtr driver = conn->privateData;
+ libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
+ virDomainDefPtr tmpdef = NULL;
+ virDomainDefPtr def;
+ char *xml = NULL;
+
+ if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (xmlin) {
+ if (!(tmpdef = virDomainDefParseString(xmlin, cfg->caps,
+ driver->xmlopt,
+ 1 << VIR_DOMAIN_VIRT_XEN,
+ VIR_DOMAIN_XML_INACTIVE)))
+ goto endjob;
+
+ def = tmpdef;
+ } else {
+ def = vm->def;
+ }
+
+ if (!libxlDomainMigrationIsAllowed(def))
+ goto endjob;
+
+ xml = virDomainDefFormat(def, VIR_DOMAIN_XML_SECURE);
+
+ cleanup:
+ if (vm)
+ virObjectUnlock(vm);
+
+ virDomainDefFree(tmpdef);
+ virObjectUnref(cfg);
+ return xml;
+
+ endjob:
+ if (!libxlDomainObjEndJob(driver, vm))
+ vm = NULL;
+ goto cleanup;
+}
+
+virDomainDefPtr
+libxlDomainMigrationPrepareDef(libxlDriverPrivatePtr driver,
+ const char *dom_xml,
+ const char *dname)
+{
+ libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
+ virDomainDefPtr def;
+ char *name = NULL;
+
+ if (!dom_xml) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("no domain XML passed"));
+ return NULL;
+ }
+
+ if (!(def = virDomainDefParseString(dom_xml, cfg->caps, driver->xmlopt,
+ 1 << VIR_DOMAIN_VIRT_XEN,
+ VIR_DOMAIN_XML_INACTIVE)))
+ goto cleanup;
+
+ if (dname) {
+ name = def->name;
+ if (VIR_STRDUP(def->name, dname) < 0) {
+ virDomainDefFree(def);
+ def = NULL;
+ }
+ }
+
+ cleanup:
+ virObjectUnref(cfg);
+ VIR_FREE(name);
+ return def;
+}
+
+int
+libxlDomainMigrationPrepare(virConnectPtr dconn,
+ virDomainDefPtr def,
+ const char *uri_in,
+ char **uri_out)
+{
+ libxlDriverPrivatePtr driver = dconn->privateData;
+ virDomainObjPtr vm = NULL;
+ char *hostname = NULL;
+ unsigned short port;
+ char portstr[100];
+ virURIPtr uri = NULL;
+ virNetSocketPtr *socks = NULL;
+ size_t nsocks = 0;
+ int nsocks_listen = 0;
+ libxlMigrateReceiveArgs *args;
+ size_t i;
+ int ret = -1;
+
+ if (!(vm = virDomainObjListAdd(driver->domains, def,
+ driver->xmlopt,
+ VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
+ VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
+ NULL)))
+ goto cleanup;
+
+ /* Create socket connection to receive migration data */
+ if (!uri_in) {
+ if ((hostname = virGetHostname()) == NULL)
+ goto cleanup;
+
+ if (STRPREFIX(hostname, "localhost")) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("hostname on destination resolved to localhost,"
+ " but migration requires an FQDN"));
+ goto cleanup;
+ }
+
+ if (virPortAllocatorAcquire(driver->migrationPorts, &port) < 0)
+ goto cleanup;
+
+ if (virAsprintf(uri_out, "tcp://%s:%d", hostname, port) < 0)
+ goto cleanup;
+ } else {
+ if (!(STRPREFIX(uri_in, "tcp://"))) {
+ /* not full URI, add prefix tcp:// */
+ char *tmp;
+ if (virAsprintf(&tmp, "tcp://%s", uri_in) < 0)
+ goto cleanup;
+ uri = virURIParse(tmp);
+ VIR_FREE(tmp);
+ } else {
+ uri = virURIParse(uri_in);
+ }
+
+ if (uri == NULL) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("unable to parse URI: %s"),
+ uri_in);
+ goto cleanup;
+ }
+
+ if (uri->server == NULL) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("missing host in migration URI: %s"),
+ uri_in);
+ goto cleanup;
+ } else {
+ hostname = uri->server;
+ }
+
+ if (uri->port == 0) {
+ if (virPortAllocatorAcquire(driver->migrationPorts, &port) < 0)
+ goto cleanup;
+
+ } else {
+ port = uri->port;
+ }
+
+ if (virAsprintf(uri_out, "tcp://%s:%d", hostname, port) < 0)
+ goto cleanup;
+ }
+
+ snprintf(portstr, sizeof(portstr), "%d", port);
+
+ if (virNetSocketNewListenTCP(hostname, portstr, &socks, &nsocks) < 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+ _("Fail to create socket for incoming migration"));
+ goto cleanup;
+ }
+
+ if (VIR_ALLOC(args) < 0)
+ goto cleanup;
+
+ args->conn = dconn;
+ args->vm = vm;
+ args->socks = socks;
+ args->nsocks = nsocks;
+
+ for (i = 0; i < nsocks; i++) {
+ if (virNetSocketSetBlocking(socks[i], true) < 0)
+ continue;
+
+ if (virNetSocketListen(socks[i], 1) < 0)
+ continue;
+
+ if (virNetSocketAddIOCallback(socks[i],
+ 0,
+ libxlDoMigrateReceive,
+ args,
+ NULL) < 0) {
+ continue;
+ }
+
+ virNetSocketUpdateIOCallback(socks[i], VIR_EVENT_HANDLE_READABLE);
+ nsocks_listen++;
+ }
+
+ if (!nsocks_listen)
+ goto cleanup;
+
+ ret = 0;
+ goto done;
+
+ cleanup:
+ for (i = 0; i < nsocks; i++) {
+ virNetSocketClose(socks[i]);
+ virObjectUnref(socks[i]);
+ }
+ VIR_FREE(socks);
+
+ done:
+ virURIFree(uri);
+ if (vm)
+ virObjectUnlock(vm);
+ return ret;
+}
+
+int
+libxlDomainMigrationPerform(libxlDriverPrivatePtr driver,
+ virDomainObjPtr vm,
+ const char *dom_xml ATTRIBUTE_UNUSED,
+ const char *dconnuri ATTRIBUTE_UNUSED,
+ const char *uri_str,
+ const char *dname ATTRIBUTE_UNUSED,
+ unsigned int flags)
+{
+ char *hostname = NULL;
+ unsigned short port = 0;
+ char portstr[100];
+ virURIPtr uri = NULL;
+ virNetSocketPtr sock;
+ int sockfd = -1;
+ int saved_errno = EINVAL;
+ int ret = -1;
+
+ /* parse dst host:port from uri */
+ uri = virURIParse(uri_str);
+ if (uri == NULL || uri->server == NULL || uri->port == 0)
+ goto cleanup;
+
+ hostname = uri->server;
+ port = uri->port;
+ snprintf(portstr, sizeof(portstr), "%d", port);
+
+ /* socket connect to dst host:port */
+ if (virNetSocketNewConnectTCP(hostname, portstr, &sock) < 0) {
+ virReportSystemError(saved_errno,
+ _("unable to connect to '%s:%s'"),
+ hostname, portstr);
+ goto cleanup;
+ }
+
+ if (virNetSocketSetBlocking(sock, true) < 0) {
+ virObjectUnref(sock);
+ goto cleanup;
+ }
+
+ sockfd = virNetSocketDupFD(sock, true);
+ virObjectUnref(sock);
+
+ /* suspend vm and send saved data to dst through socket fd */
+ virObjectUnlock(vm);
+ ret = libxlDoMigrateSend(driver, vm, flags, sockfd);
+ virObjectLock(vm);
+
+ cleanup:
+ /* If failure, terminate the job started in MigrationBegin */
+ if (ret == -1) {
+ if (libxlDomainObjEndJob(driver, vm))
+ virObjectUnlock(vm);
+ }
+ VIR_FORCE_CLOSE(sockfd);
+ virURIFree(uri);
+ return ret;
+}
+
+virDomainPtr
+libxlDomainMigrationFinish(virConnectPtr dconn,
+ virDomainObjPtr vm,
+ unsigned int flags,
+ int cancelled)
+{
+ libxlDriverPrivatePtr driver = dconn->privateData;
+ libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
+ libxlDomainObjPrivatePtr priv = vm->privateData;
+ virObjectEventPtr event = NULL;
+ virDomainPtr dom = NULL;
+
+ virPortAllocatorRelease(driver->migrationPorts, priv->migrationPort);
+ priv->migrationPort = 0;
+
+ if (cancelled)
+ goto cleanup;
+
+ if (!(flags & VIR_MIGRATE_PAUSED)) {
+ if (libxl_domain_unpause(priv->ctx, vm->def->id) != 0) {
+ virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+ _("Failed to unpause domain"));
+ goto cleanup;
+ }
+
+ virDomainObjSetState(vm, VIR_DOMAIN_RUNNING,
+ VIR_DOMAIN_RUNNING_MIGRATED);
+ event = virDomainEventLifecycleNewFromObj(vm,
+ VIR_DOMAIN_EVENT_RESUMED,
+ VIR_DOMAIN_EVENT_RESUMED_MIGRATED);
+ } else {
+ virDomainObjSetState(vm, VIR_DOMAIN_PAUSED, VIR_DOMAIN_PAUSED_USER);
+ event = virDomainEventLifecycleNewFromObj(vm,
+ VIR_DOMAIN_EVENT_SUSPENDED,
+ VIR_DOMAIN_EVENT_SUSPENDED_PAUSED);
+ }
+
+ if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm) < 0)
+ goto cleanup;
+
+ dom = virGetDomain(dconn, vm->def->name, vm->def->uuid);
+
+ if (dom == NULL) {
+ libxl_domain_destroy(priv->ctx, vm->def->id, NULL);
+ libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_FAILED);
+ event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED,
+ VIR_DOMAIN_EVENT_STOPPED_FAILED);
+ libxlDomainEventQueue(driver, event);
+ }
+
+ cleanup:
+ if (event)
+ libxlDomainEventQueue(driver, event);
+ if (vm)
+ virObjectUnlock(vm);
+ virObjectUnref(cfg);
+ return dom;
+}
+
+int
+libxlDomainMigrationConfirm(libxlDriverPrivatePtr driver,
+ virDomainObjPtr vm,
+ unsigned int flags,
+ int cancelled)
+{
+ libxlDriverConfigPtr cfg = libxlDriverConfigGet(driver);
+ libxlDomainObjPrivatePtr priv = vm->privateData;
+ virObjectEventPtr event = NULL;
+ int ret = -1;
+
+ if (cancelled) {
+ if (libxl_domain_resume(priv->ctx, vm->def->id, 1, 0) == 0) {
+ ret = 0;
+ } else {
+ VIR_DEBUG("Unable to resume domain '%s' after failed migration",
+ vm->def->name);
+ virDomainObjSetState(vm, VIR_DOMAIN_PAUSED,
+ VIR_DOMAIN_PAUSED_MIGRATION);
+ event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_SUSPENDED,
+ VIR_DOMAIN_EVENT_SUSPENDED_MIGRATED);
+ ignore_value(virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm));
+ }
+ goto cleanup;
+ }
+
+ libxl_domain_destroy(priv->ctx, vm->def->id, NULL);
+ libxlDomainCleanup(driver, vm, VIR_DOMAIN_SHUTOFF_MIGRATED);
+ event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED,
+ VIR_DOMAIN_EVENT_STOPPED_MIGRATED);
+
+ VIR_DEBUG("Domain '%s' successfully migrated", vm->def->name);
+
+ if (flags & VIR_MIGRATE_UNDEFINE_SOURCE)
+ virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm);
+
+ if (!vm->persistent || (flags & VIR_MIGRATE_UNDEFINE_SOURCE))
+ virDomainObjListRemove(driver->domains, vm);
+
+ ret = 0;
+
+ cleanup:
+ if (!libxlDomainObjEndJob(driver, vm))
+ vm = NULL;
+ if (event)
+ libxlDomainEventQueue(driver, event);
+ if (vm)
+ virObjectUnlock(vm);
+ virObjectUnref(cfg);
+ return ret;
+}
diff --git a/src/libxl/libxl_migration.h b/src/libxl/libxl_migration.h
new file mode 100644
index 0000000..63d8bdc
--- /dev/null
+++ b/src/libxl/libxl_migration.h
@@ -0,0 +1,78 @@
+/*
+ * libxl_migration.h: methods for handling migration with libxenlight
+ *
+ * Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Authors:
+ * Jim Fehlig <jfehlig(a)suse.com>
+ */
+
+#ifndef LIBXL_MIGRATION_H
+# define LIBXL_MIGRATION_H
+
+# include "libxl_conf.h"
+
+# define LIBXL_MIGRATION_FLAGS \
+ (VIR_MIGRATE_LIVE | \
+ VIR_MIGRATE_UNDEFINE_SOURCE | \
+ VIR_MIGRATE_PAUSED)
+
+/* All supported migration parameters and their types. */
+# define LIBXL_MIGRATION_PARAMETERS \
+ VIR_MIGRATE_PARAM_URI, VIR_TYPED_PARAM_STRING, \
+ VIR_MIGRATE_PARAM_DEST_NAME, VIR_TYPED_PARAM_STRING, \
+ VIR_MIGRATE_PARAM_DEST_XML, VIR_TYPED_PARAM_STRING, \
+ NULL
+
+char *
+libxlDomainMigrationBegin(virConnectPtr conn,
+ virDomainObjPtr vm,
+ const char *xmlin);
+
+virDomainDefPtr
+libxlDomainMigrationPrepareDef(libxlDriverPrivatePtr driver,
+ const char *dom_xml,
+ const char *dname);
+
+int
+libxlDomainMigrationPrepare(virConnectPtr dconn,
+ virDomainDefPtr def,
+ const char *uri_in,
+ char **uri_out);
+
+int
+libxlDomainMigrationPerform(libxlDriverPrivatePtr driver,
+ virDomainObjPtr vm,
+ const char *dom_xml,
+ const char *dconnuri,
+ const char *uri_str,
+ const char *dname,
+ unsigned int flags);
+
+virDomainPtr
+libxlDomainMigrationFinish(virConnectPtr dconn,
+ virDomainObjPtr vm,
+ unsigned int flags,
+ int cancelled);
+
+int
+libxlDomainMigrationConfirm(libxlDriverPrivatePtr driver,
+ virDomainObjPtr vm,
+ unsigned int flags,
+ int cancelled);
+
+#endif /* LIBXL_DRIVER_H */
--
1.8.1.4
10 years, 7 months
[libvirt] [PATCH 0/2] Add support of SASL authentication for QEMU migration
by Sahid Orentino Ferdjaoui
This is a first contribution, I have tried to follow the most as possible rules
marked in HACKING. I hope this commit will be conform with the specifications.
make check OK
make syntax-check OK
make -C tests valgrind OK
Currently with peer to peer migration provided by virDomainMigrateToURI, QEMU
migration code uses virConnectOpen() which means that all authentication
callbacks are disabled. Since no auth callback is present, SASL doesn't find
any mechanisms and thus auth fails with the error:
"authentication failed: Failed to start SASL negotiation: -4 (SASL(-4):
no mechanism available: No worthy mechs found)"
The PATCH 1/2 adds a new example to illustrate how to use peer to peer
migration. This patch is not necessary to fix the problem and can be removed.
It is provided to help reviewers by avoiding the necessary to create code
that use this feature. Also as it demonstrates the performance of libvirt I have
thought it could be interesting to keep it for new users.
The PATCH 2/2 fixes the problem by configuring QEMU migration code to
use virConnectOpenAuth instead of virConnectOpen. Indeed this function will call
if necessary a callback responsible to fetching credentials.
Sahid Orentino Ferdjaoui (2):
Add a new example to illustrate domain migration
Add support for QEMU migration to use SASL authentication
.gitignore | 1 +
Makefile.am | 2 +-
configure.ac | 1 +
examples/dommigrate/Makefile.am | 26 ++++++++++++++
examples/dommigrate/dommigrate.c | 78 ++++++++++++++++++++++++++++++++++++++++
libvirt.spec.in | 3 +-
src/qemu/qemu_migration.c | 14 +++++++-
7 files changed, 122 insertions(+), 3 deletions(-)
create mode 100644 examples/dommigrate/Makefile.am
create mode 100644 examples/dommigrate/dommigrate.c
--
1.9.0
10 years, 7 months
[libvirt] [PATCH] virstoragetest: Don't run the test on 32 bit arches
by Michal Privoznik
Currently, there's an issue with virStrToLong_* APIs that they turn
"-1" into UINT_MAX. While this is not acceptable, it works on 64 bit
architectures and doesn't work on 32 bit ones. I know that much
cleaner solution is required, but given that we are in the freeze we
may as well just skip the test on 32 bits.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
tests/virstoragetest.c | 54 ++++++++++++++++++++++++++++++++------------------
1 file changed, 35 insertions(+), 19 deletions(-)
diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
index 018469a..9e81782 100644
--- a/tests/virstoragetest.c
+++ b/tests/virstoragetest.c
@@ -23,19 +23,26 @@
#include <stdlib.h>
#include "testutils.h"
-#include "vircommand.h"
-#include "virerror.h"
-#include "virfile.h"
-#include "virlog.h"
-#include "virstoragefile.h"
-#include "virstring.h"
-#include "dirname.h"
-#define VIR_FROM_THIS VIR_FROM_NONE
+/*
+ * XXX An awful workaround as this test doesn't run
+ * cleanly on 32 bit architectures.
+ */
+#ifdef __LP64__
+
+# include "vircommand.h"
+# include "virerror.h"
+# include "virfile.h"
+# include "virlog.h"
+# include "virstoragefile.h"
+# include "virstring.h"
+# include "dirname.h"
+
+# define VIR_FROM_THIS VIR_FROM_NONE
VIR_LOG_INIT("tests.storagetest");
-#define datadir abs_builddir "/virstoragedata"
+# define datadir abs_builddir "/virstoragedata"
/* This test creates the following files, all in datadir:
@@ -239,14 +246,14 @@ testPrepImages(void)
goto cleanup;
}
-#ifdef HAVE_SYMLINK
+# ifdef HAVE_SYMLINK
/* Create some symlinks in a sub-directory. */
if (symlink("../qcow2", datadir "/sub/link1") < 0 ||
symlink("../wrap", datadir "/sub/link2") < 0) {
fprintf(stderr, "unable to create symlink");
goto cleanup;
}
-#endif
+# endif
ret = 0;
cleanup:
@@ -513,7 +520,7 @@ mymain(void)
if ((ret = testPrepImages()) != 0)
return ret;
-#define TEST_ONE_CHAIN(id, start, format, flags, ...) \
+# define TEST_ONE_CHAIN(id, start, format, flags, ...) \
do { \
size_t i; \
memset(&data, 0, sizeof(data)); \
@@ -528,10 +535,10 @@ mymain(void)
ret = -1; \
} while (0)
-#define VIR_FLATTEN_2(...) __VA_ARGS__
-#define VIR_FLATTEN_1(_1) VIR_FLATTEN_2 _1
+# define VIR_FLATTEN_2(...) __VA_ARGS__
+# define VIR_FLATTEN_1(_1) VIR_FLATTEN_2 _1
-#define TEST_CHAIN(id, relstart, absstart, format, chain1, flags1, \
+# define TEST_CHAIN(id, relstart, absstart, format, chain1, flags1, \
chain2, flags2, chain3, flags3, chain4, flags4) \
do { \
TEST_ONE_CHAIN(#id "a", relstart, format, flags1, \
@@ -788,7 +795,7 @@ mymain(void)
(&dir), EXP_PASS,
(&dir), ALLOW_PROBE | EXP_PASS);
-#ifdef HAVE_SYMLINK
+# ifdef HAVE_SYMLINK
/* Rewrite qcow2 and wrap file to use backing names relative to a
* symlink from a different directory */
virCommandFree(cmd);
@@ -838,7 +845,7 @@ mymain(void)
(&link2, &link1, &raw), ALLOW_PROBE | EXP_PASS,
(&link2, &link1, &raw), EXP_PASS,
(&link2, &link1, &raw), ALLOW_PROBE | EXP_PASS);
-#endif
+# endif
/* Rewrite qcow2 to be a self-referential loop */
virCommandFree(cmd);
@@ -894,7 +901,7 @@ mymain(void)
goto cleanup;
}
-#define TEST_LOOKUP_TARGET(id, target, name, index, result, meta, parent) \
+# define TEST_LOOKUP_TARGET(id, target, name, index, result, meta, parent) \
do { \
struct testLookupData data2 = { chain, target, name, index, \
result, meta, parent, }; \
@@ -902,7 +909,7 @@ mymain(void)
testStorageLookup, &data2) < 0) \
ret = -1; \
} while (0)
-#define TEST_LOOKUP(id, name, result, meta, parent) \
+# define TEST_LOOKUP(id, name, result, meta, parent) \
TEST_LOOKUP_TARGET(id, NULL, name, 0, result, meta, parent)
TEST_LOOKUP(0, "bogus", NULL, NULL, NULL);
@@ -1012,3 +1019,12 @@ mymain(void)
}
VIRT_TEST_MAIN(mymain)
+
+#else
+
+int main(void)
+{
+ return EXIT_AM_SKIP;
+}
+
+#endif /* __LP64___ */
--
1.9.0
10 years, 7 months
[libvirt] [PATCH 0/2] fix build failures on freebsd
by Pavel Hrdina
Pavel Hrdina (2):
virfirewall: fix build on freebsd
networkxml2firewalltest: fix build failure on freebsd
src/util/virfirewall.c | 4 ++--
tests/networkxml2firewalltest.c | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
--
1.8.3.2
10 years, 7 months
[libvirt] Entering freeze for libvirt-1.2.4
by Daniel Veillard
As planned on Friday, I tagged the tree earlier today for Release
Candidate 1, the tarball and rpms are available from the usual place:
ftp://libvirt.org/libvirt/
Seems to work fine in my limited testing, but distcheck failed
with xsltproc being unable to access ../../ . I don't think anything
changed there on my side so it smells like a new problem.
Otherwise looks good to me so far, with a bit of luck we can push
1.2.4 end of Friday or sometime next week-end,
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
10 years, 7 months
[libvirt] [PATCH 00/26] Rewrite firewall code to use formal API
by Daniel P. Berrange
Currently we have three places which interact with the firewall
- util/virebtables - simple MAC filtering used by QEMU driver
- util/viriptables - used by network driver
- nwfilter - general purpose guest filtering
All of these have been hacked to support firewalld by re-directing
them via the 'firewall-cmd' command line tool. Unfortunately talking
to firewalld via this CLI tool is incredibly inefficient.
eg timing the network driver
$ for i in `seq 1 10` ; do virsh net-start default; virsh net-destroy default ; done
Direct iptables: 3 seconds
Via firewall-cmd: 42 seconds
Or timing the nwfilter driver via libvirt-tck/scripts/nwfilter/050-apply-verify-host.t
Direct iptables: 28 seconds
Via firewall-cmd: 479 seconds
IOW it is more than x10 slower to use firewall-cmd.
Testing revealed that this performance penalty is entirely due to the
'firewall-cmd' command line tool. If you talk directly to firewalld
over DBus then the performance is near native.
Unfortunately switching to use the DBus API is non-trivial since all
the code we have for interacting with the firewall is just constructing
virCommand instances directly (viriptables) or constructing gross shell
scripts (nwfilter).
Thus to enable use of the DBus API this series introduces the concept of
a new object and APIs for interacting with the firewall "virFirewall".
This API is designed to be a fairly generic basis for interacting with
any firewall. It just has a concept of a level (ethernet, ipv4 or ipv6)
and lists of rules, where each rule is just a string array of args. The
idea is that the mechanism for interacting with the firewall can be
generic and portable, even though the actual rules will be different on
Linux vs FreeBSD vs other OS.
The initial virFirewall implementation supports direct iptables/ebtables
invocation or the DBus firewalld API. Use of firewall-cmd has been killed
completely.
Adapting code to use virFirewall has been a pretty horrific job, so is
split up into as many patches as is practical. By far the worst/hardest
patch is the one for nwfilter applyNewRules method (patch 23). Fortunately
the libvirt-tck has a large set of XML data files and corresponding
expected iptables/ebtables rules. This series passes the libvirt-tck 100%
before and after, so I'm fairly confident that all the core functionality is
working correctly.
I also introduced new unit tests, that re-use the XML files from the
libvirt-tck to validate the actual iptables/ebtables commands that libvirt
tests. I've run this unit test under valgrind and under the OOM simulator
to identify and fix any crashes / leaks that the refactoring introduced.
With this series applied the performance is vastly improved for firewalld
eg timing the network driver
$ for i in `seq 1 10` ; do virsh net-start default; virsh net-destroy default ; done
Direct iptables: 3 seconds
Via firewall-cmd: 3 seconds
Or timing the nwfilter driver via libvirt-tck/scripts/nwfilter/050-apply-verify-host.t
Direct iptables: 29 seconds
Via firewall-cmd: 37 seconds
IOW firewalld is only marginly slower than direct iptables usage now.
Regards,
Daniel
Daniel P. Berrange (26):
Move virNWFilterTechDriver struct out of nwfilter_conf.h
Remove virDomainNetType parameter from nwfilter drivers
Remove pointless storage of var names in virNWFilterHashTable
Remove nwfilter tech driver 'removeRules' callback
Remove nwfilter tech driver 'displayRuleInstance' callback
Add helper methods for determining what protocol layer is used
Push virNWFilterRuleInstPtr out of (eb|ip)tablesCreateRuleInstance
Merge nwfilter createRuleInstance driver into applyNewRules
Remove two-stage construction of commands in nwfilter
Preserve error when tearing down nwfilter rules
Introduce an object for managing firewall rulesets
Convert bridge driver over to use new firewall APIs
Replace virNetworkObjPtr with virNetworkDefPtr in network platform
APIs
Add test for converting network XML to iptables rules
Convert ebtables code over to use firewall APIs
Convert nwfilter ebiptablesAllTeardown to virFirewall
Convert nwfilter ebiptablesTearOldRules to virFirewall
Convert nwfilter ebtablesRemoveBasicRules to virFirewall
Convert nwfilter ebiptablesTearNewRules to virFirewall
Convert nwfilter ebtablesApplyBasicRules to virFirewall
Convert nwfilter ebtablesApplyDHCPOnlyRules to virFirewall
Convert nwfilter ebtablesApplyDropAllRules to virFirewall
Convert nwfilter ebiptablesApplyNewRules to virFirewall
Convert ebiptablesDriverProbeStateMatch to virFirewall
Remove last trace of direct firewall command exection
Add a test suite for nwfilter ebiptables tech driver
include/libvirt/virterror.h | 1 +
po/POTFILES.in | 1 +
src/Makefile.am | 21 +-
src/conf/nwfilter_conf.c | 49 +-
src/conf/nwfilter_conf.h | 107 +-
src/conf/nwfilter_ipaddrmap.c | 2 +-
src/conf/nwfilter_params.c | 63 +-
src/conf/nwfilter_params.h | 7 +-
src/libvirt_private.syms | 22 +
src/network/bridge_driver.c | 18 +-
src/network/bridge_driver_linux.c | 757 ++--
src/network/bridge_driver_nop.c | 6 +-
src/network/bridge_driver_platform.h | 7 +-
src/nwfilter/nwfilter_dhcpsnoop.c | 6 -
src/nwfilter/nwfilter_dhcpsnoop.h | 3 +-
src/nwfilter/nwfilter_ebiptables_driver.c | 3867 ++++++++------------
src/nwfilter/nwfilter_ebiptables_driver.h | 19 +-
src/nwfilter/nwfilter_gentech_driver.c | 415 +--
src/nwfilter/nwfilter_gentech_driver.h | 2 +-
src/nwfilter/nwfilter_learnipaddr.c | 5 -
src/nwfilter/nwfilter_learnipaddr.h | 3 +-
src/nwfilter/nwfilter_tech_driver.h | 96 +
src/qemu/qemu_command.c | 6 +-
src/util/virebtables.c | 185 +-
src/util/virerror.c | 1 +
src/util/virfirewall.c | 922 +++++
src/util/virfirewall.h | 109 +
src/util/virfirewallpriv.h | 45 +
src/util/viriptables.c | 632 ++--
src/util/viriptables.h | 114 +-
tests/Makefile.am | 42 +-
.../networkxml2firewalldata/nat-default-linux.args | 30 +
tests/networkxml2firewalldata/nat-default.xml | 10 +
tests/networkxml2firewalldata/nat-ipv6-linux.args | 44 +
tests/networkxml2firewalldata/nat-ipv6.xml | 15 +
.../nat-many-ips-linux.args | 58 +
tests/networkxml2firewalldata/nat-many-ips.xml | 12 +
.../networkxml2firewalldata/nat-no-dhcp-linux.args | 42 +
tests/networkxml2firewalldata/nat-no-dhcp.xml | 7 +
tests/networkxml2firewalldata/nat-tftp-linux.args | 32 +
tests/networkxml2firewalldata/nat-tftp.xml | 11 +
.../route-default-linux.args | 20 +
tests/networkxml2firewalldata/route-default.xml | 10 +
tests/networkxml2firewalltest.c | 162 +
tests/nwfilterebiptablestest.c | 548 +++
tests/nwfilterxml2firewalldata/ah-ipv6-linux.args | 20 +
tests/nwfilterxml2firewalldata/ah-ipv6.xml | 19 +
tests/nwfilterxml2firewalldata/ah-linux.args | 18 +
tests/nwfilterxml2firewalldata/ah.xml | 18 +
tests/nwfilterxml2firewalldata/all-ipv6-linux.args | 20 +
tests/nwfilterxml2firewalldata/all-ipv6.xml | 19 +
tests/nwfilterxml2firewalldata/all-linux.args | 18 +
tests/nwfilterxml2firewalldata/all.xml | 18 +
tests/nwfilterxml2firewalldata/arp-linux.args | 11 +
tests/nwfilterxml2firewalldata/arp.xml | 32 +
tests/nwfilterxml2firewalldata/comment-linux.args | 49 +
tests/nwfilterxml2firewalldata/comment.xml | 71 +
.../nwfilterxml2firewalldata/conntrack-linux.args | 7 +
tests/nwfilterxml2firewalldata/conntrack.xml | 12 +
tests/nwfilterxml2firewalldata/esp-ipv6-linux.args | 20 +
tests/nwfilterxml2firewalldata/esp-ipv6.xml | 19 +
tests/nwfilterxml2firewalldata/esp-linux.args | 18 +
tests/nwfilterxml2firewalldata/esp.xml | 18 +
.../nwfilterxml2firewalldata/example-1-linux.args | 13 +
tests/nwfilterxml2firewalldata/example-1.xml | 24 +
.../nwfilterxml2firewalldata/example-2-linux.args | 20 +
tests/nwfilterxml2firewalldata/example-2.xml | 37 +
tests/nwfilterxml2firewalldata/hex-data-linux.args | 28 +
tests/nwfilterxml2firewalldata/hex-data.xml | 56 +
.../icmp-direction-linux.args | 9 +
tests/nwfilterxml2firewalldata/icmp-direction.xml | 15 +
.../icmp-direction2-linux.args | 9 +
tests/nwfilterxml2firewalldata/icmp-direction2.xml | 15 +
.../icmp-direction3-linux.args | 6 +
tests/nwfilterxml2firewalldata/icmp-direction3.xml | 10 +
tests/nwfilterxml2firewalldata/icmp-linux.args | 9 +
tests/nwfilterxml2firewalldata/icmp.xml | 13 +
tests/nwfilterxml2firewalldata/icmpv6-linux.args | 12 +
tests/nwfilterxml2firewalldata/icmpv6.xml | 19 +
tests/nwfilterxml2firewalldata/igmp-linux.args | 18 +
tests/nwfilterxml2firewalldata/igmp.xml | 18 +
tests/nwfilterxml2firewalldata/ip-linux.args | 8 +
tests/nwfilterxml2firewalldata/ip.xml | 28 +
tests/nwfilterxml2firewalldata/ipset-linux.args | 36 +
tests/nwfilterxml2firewalldata/ipset.xml | 25 +
.../ipt-no-macspoof-linux.args | 2 +
tests/nwfilterxml2firewalldata/ipt-no-macspoof.xml | 14 +
tests/nwfilterxml2firewalldata/ipv6-linux.args | 20 +
tests/nwfilterxml2firewalldata/ipv6.xml | 43 +
tests/nwfilterxml2firewalldata/iter1-linux.args | 18 +
tests/nwfilterxml2firewalldata/iter1.xml | 6 +
tests/nwfilterxml2firewalldata/iter2-linux.args | 342 ++
tests/nwfilterxml2firewalldata/iter2.xml | 23 +
tests/nwfilterxml2firewalldata/iter3-linux.args | 30 +
tests/nwfilterxml2firewalldata/iter3.xml | 13 +
tests/nwfilterxml2firewalldata/mac-linux.args | 8 +
tests/nwfilterxml2firewalldata/mac.xml | 19 +
tests/nwfilterxml2firewalldata/rarp-linux.args | 12 +
tests/nwfilterxml2firewalldata/rarp.xml | 28 +
tests/nwfilterxml2firewalldata/ref-rule.xml | 18 +
tests/nwfilterxml2firewalldata/ref.xml | 4 +
.../nwfilterxml2firewalldata/sctp-ipv6-linux.args | 22 +
tests/nwfilterxml2firewalldata/sctp-ipv6.xml | 22 +
tests/nwfilterxml2firewalldata/sctp-linux.args | 20 +
tests/nwfilterxml2firewalldata/sctp.xml | 22 +
tests/nwfilterxml2firewalldata/stp-linux.args | 18 +
tests/nwfilterxml2firewalldata/stp.xml | 26 +
tests/nwfilterxml2firewalldata/target-linux.args | 75 +
tests/nwfilterxml2firewalldata/target.xml | 66 +
tests/nwfilterxml2firewalldata/target2-linux.args | 13 +
tests/nwfilterxml2firewalldata/target2.xml | 18 +
tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args | 22 +
tests/nwfilterxml2firewalldata/tcp-ipv6.xml | 22 +
tests/nwfilterxml2firewalldata/tcp-linux.args | 22 +
tests/nwfilterxml2firewalldata/tcp.xml | 34 +
tests/nwfilterxml2firewalldata/udp-ipv6-linux.args | 22 +
tests/nwfilterxml2firewalldata/udp-ipv6.xml | 22 +
tests/nwfilterxml2firewalldata/udp-linux.args | 20 +
tests/nwfilterxml2firewalldata/udp.xml | 22 +
.../udplite-ipv6-linux.args | 20 +
tests/nwfilterxml2firewalldata/udplite-ipv6.xml | 19 +
tests/nwfilterxml2firewalldata/udplite-linux.args | 18 +
tests/nwfilterxml2firewalldata/udplite.xml | 18 +
tests/nwfilterxml2firewalldata/vlan-linux.args | 14 +
tests/nwfilterxml2firewalldata/vlan.xml | 38 +
tests/nwfilterxml2firewalltest.c | 534 +++
tests/testutils.c | 18 +-
tests/virfirewalltest.c | 1186 ++++++
128 files changed, 8637 insertions(+), 3685 deletions(-)
create mode 100644 src/nwfilter/nwfilter_tech_driver.h
create mode 100644 src/util/virfirewall.c
create mode 100644 src/util/virfirewall.h
create mode 100644 src/util/virfirewallpriv.h
create mode 100644 tests/networkxml2firewalldata/nat-default-linux.args
create mode 100644 tests/networkxml2firewalldata/nat-default.xml
create mode 100644 tests/networkxml2firewalldata/nat-ipv6-linux.args
create mode 100644 tests/networkxml2firewalldata/nat-ipv6.xml
create mode 100644 tests/networkxml2firewalldata/nat-many-ips-linux.args
create mode 100644 tests/networkxml2firewalldata/nat-many-ips.xml
create mode 100644 tests/networkxml2firewalldata/nat-no-dhcp-linux.args
create mode 100644 tests/networkxml2firewalldata/nat-no-dhcp.xml
create mode 100644 tests/networkxml2firewalldata/nat-tftp-linux.args
create mode 100644 tests/networkxml2firewalldata/nat-tftp.xml
create mode 100644 tests/networkxml2firewalldata/route-default-linux.args
create mode 100644 tests/networkxml2firewalldata/route-default.xml
create mode 100644 tests/networkxml2firewalltest.c
create mode 100644 tests/nwfilterebiptablestest.c
create mode 100644 tests/nwfilterxml2firewalldata/ah-ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/ah-ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/ah-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/ah.xml
create mode 100644 tests/nwfilterxml2firewalldata/all-ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/all-ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/all-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/all.xml
create mode 100644 tests/nwfilterxml2firewalldata/arp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/arp.xml
create mode 100644 tests/nwfilterxml2firewalldata/comment-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/comment.xml
create mode 100644 tests/nwfilterxml2firewalldata/conntrack-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/conntrack.xml
create mode 100644 tests/nwfilterxml2firewalldata/esp-ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/esp-ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/esp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/esp.xml
create mode 100644 tests/nwfilterxml2firewalldata/example-1-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/example-1.xml
create mode 100644 tests/nwfilterxml2firewalldata/example-2-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/example-2.xml
create mode 100644 tests/nwfilterxml2firewalldata/hex-data-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/hex-data.xml
create mode 100644 tests/nwfilterxml2firewalldata/icmp-direction-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/icmp-direction.xml
create mode 100644 tests/nwfilterxml2firewalldata/icmp-direction2-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/icmp-direction2.xml
create mode 100644 tests/nwfilterxml2firewalldata/icmp-direction3-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/icmp-direction3.xml
create mode 100644 tests/nwfilterxml2firewalldata/icmp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/icmp.xml
create mode 100644 tests/nwfilterxml2firewalldata/icmpv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/icmpv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/igmp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/igmp.xml
create mode 100644 tests/nwfilterxml2firewalldata/ip-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/ip.xml
create mode 100644 tests/nwfilterxml2firewalldata/ipset-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/ipset.xml
create mode 100644 tests/nwfilterxml2firewalldata/ipt-no-macspoof-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/ipt-no-macspoof.xml
create mode 100644 tests/nwfilterxml2firewalldata/ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/iter1-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/iter1.xml
create mode 100644 tests/nwfilterxml2firewalldata/iter2-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/iter2.xml
create mode 100644 tests/nwfilterxml2firewalldata/iter3-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/iter3.xml
create mode 100644 tests/nwfilterxml2firewalldata/mac-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/mac.xml
create mode 100644 tests/nwfilterxml2firewalldata/rarp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/rarp.xml
create mode 100644 tests/nwfilterxml2firewalldata/ref-rule.xml
create mode 100644 tests/nwfilterxml2firewalldata/ref.xml
create mode 100644 tests/nwfilterxml2firewalldata/sctp-ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/sctp-ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/sctp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/sctp.xml
create mode 100644 tests/nwfilterxml2firewalldata/stp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/stp.xml
create mode 100644 tests/nwfilterxml2firewalldata/target-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/target.xml
create mode 100644 tests/nwfilterxml2firewalldata/target2-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/target2.xml
create mode 100644 tests/nwfilterxml2firewalldata/tcp-ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/tcp-ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/tcp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/tcp.xml
create mode 100644 tests/nwfilterxml2firewalldata/udp-ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/udp-ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/udp-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/udp.xml
create mode 100644 tests/nwfilterxml2firewalldata/udplite-ipv6-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/udplite-ipv6.xml
create mode 100644 tests/nwfilterxml2firewalldata/udplite-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/udplite.xml
create mode 100644 tests/nwfilterxml2firewalldata/vlan-linux.args
create mode 100644 tests/nwfilterxml2firewalldata/vlan.xml
create mode 100644 tests/nwfilterxml2firewalltest.c
create mode 100644 tests/virfirewalltest.c
--
1.9.0
10 years, 7 months