[libvirt] [PATCH] bootstrap.conf: add check for flex
by Pavel Hrdina
We need the flex to generate new xen_xl_disk parser.
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
Pushed under trivial rule.
bootstrap.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/bootstrap.conf b/bootstrap.conf
index c06ee4c..22c1c06 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -1,6 +1,6 @@
# Bootstrap configuration.
-# Copyright (C) 2010-2014 Red Hat, Inc.
+# Copyright (C) 2010-2015 Red Hat, Inc.
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -204,6 +204,7 @@ buildreq="\
autoconf 2.59
automake 1.9.6
autopoint -
+flex -
gettext 0.17
git 1.5.5
gzip -
--
2.0.5
9 years, 9 months
[libvirt] [PATCH v3] Makefile: Fix parallel build after Xen-xl parser introduction
by Pavel Hrdina
Well, the parallel build doesn't work as there are not dependencies
set correctly. When running 'make -j' I see this error:
make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src'
GEN util/virkeymaps.h
GEN locking/lock_protocol.h
make[2]: *** No rule to make target 'xenconfig/xen_xl_disk.h', needed by 'all'. Stop.
make[2]: *** Waiting for unfinished jobs....
GEN lxc/lxc_controller_dispatch.h
The fix is to correctly set dependencies by letting make know that .c
and .h are to be generated from .l. Moreover, the section is moved
closer to the other section which uses it.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
src/Makefile.am | 44 +++++++++++++++++++++++++++-----------------
1 file changed, 27 insertions(+), 17 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index c6d736e..6e5f9c3 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1000,23 +1000,6 @@ CPU_SOURCES = \
VMX_SOURCES = \
vmx/vmx.c vmx/vmx.h
-AM_LFLAGS = -Pxl_disk_ --header-file=../$*.h
-LEX_OUTPUT_ROOT = lex.xl_disk_
-BUILT_SOURCES += xenconfig/xen_xl_disk.c xenconfig/xen_xl_disk.h
-# Generated header file is not implicitly added to dist
-EXTRA_DIST += xenconfig/xen_xl_disk.h
-CLEANFILES += xenconfig/xen_xl_disk.h xenconfig/xen_xl_disk.c
-
-XENXLDISKPARSER_SOURCES = xenconfig/xen_xl_disk.l
-
-XENCONFIG_SOURCES = \
- xenconfig/xenxs_private.h \
- xenconfig/xen_common.c xenconfig/xen_common.h \
- xenconfig/xen_sxpr.c xenconfig/xen_sxpr.h \
- xenconfig/xen_xm.c xenconfig/xen_xm.h \
- xenconfig/xen_xl.c xenconfig/xen_xl.h \
- xenconfig/xen_xl_disk.h
-
pkgdata_DATA = cpu/cpu_map.xml
EXTRA_DIST += $(pkgdata_DATA)
@@ -1070,6 +1053,31 @@ libvirt_vmx_la_SOURCES = $(VMX_SOURCES)
endif WITH_VMX
if WITH_XENCONFIG
+# Disable the default rule for lex files because we need to generete the
+# xen_xl_disk files into srcdir instread of builddir.
+.l.c:
+
+$(XENXLDISKPARSER_GENERATED): $(XENXLDISKPARSER_SOURCES)
+ $(AM_V_LEX) $(SHELL) $(YLWRAP) $< lex.xl_disk_.c \
+ $(abs_srcdir)/xenconfig/xen_xl_disk.c -- $(LEXCOMPILE)
+
+AM_LFLAGS = -Pxl_disk_ --header-file=$(abs_srcdir)/xenconfig/xen_xl_disk.h
+XENXLDISKPARSER_GENERATED = xenconfig/xen_xl_disk.c xenconfig/xen_xl_disk.h
+
+BUILT_SOURCES += $(XENXLDISKPARSER_GENERATED)
+EXTRA_DIST += $(XENXLDISKPARSER_GENERATED)
+MAINTAINERCLEANFILES += $(XENXLDISKPARSER_GENERATED)
+
+XENXLDISKPARSER_SOURCES = xenconfig/xen_xl_disk.l
+
+XENCONFIG_SOURCES = \
+ xenconfig/xenxs_private.h \
+ xenconfig/xen_common.c xenconfig/xen_common.h \
+ xenconfig/xen_sxpr.c xenconfig/xen_sxpr.h \
+ xenconfig/xen_xm.c xenconfig/xen_xm.h \
+ xenconfig/xen_xl.c xenconfig/xen_xl.h \
+ xenconfig/xen_xl_disk_i.h
+
# Flex generated XL disk parser needs to be compiled without WARN_FLAGS
# Add the generated object to its own library to control CFLAGS
noinst_LTLIBRARIES += libvirt_xenxldiskparser.la
@@ -1077,6 +1085,8 @@ libvirt_xenxldiskparser_la_CFLAGS = \
-I$(top_srcdir)/src/conf $(AM_CFLAGS) -Wno-unused-parameter
libvirt_xenxldiskparser_la_SOURCES = \
$(XENXLDISKPARSER_SOURCES)
+libvirt_xenxldiskparser_la_DEPENDENCIES = \
+ $(XENXLDISKPARSER_GENERATED)
noinst_LTLIBRARIES += libvirt_xenconfig.la
libvirt_la_BUILT_LIBADD += libvirt_xenconfig.la
--
2.0.5
9 years, 9 months
[libvirt] [libvirt-test-API][PATCH] Remove redundant colon in inteface list
by jiahu
The interface list should be:
['em1', 'lo', 'virbr0', 'wlp3s0']
rather than below:
['em1:', 'lo:', 'virbr0:', 'wlp3s0:']
---
repos/interface/iface_list.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/repos/interface/iface_list.py b/repos/interface/iface_list.py
index 49f0c05..7041535 100644
--- a/repos/interface/iface_list.py
+++ b/repos/interface/iface_list.py
@@ -10,7 +10,8 @@ optional_params = {}
VIRSH_QUIET_IFACE_LIST = "virsh --quiet iface-list %s | awk '{print ""$%s""}'"
NETWORK_CONFIG = "/etc/sysconfig/network-scripts/"
-IFCONFIG_DRIVER = "ifconfig %s | sed 's/[ \t].*//;/^$/d'"
+IFCONFIG_DRIVER = "ifconfig %s | sed 's/[ \t].*//;/^$/d'\
+|awk -F\":\" '{print $1}'"
GET_MAC = "ip link show %s |sed -n '2p'| awk '{print $2}'"
VIRSH_IFACE_LIST = "virsh iface-list %s"
--
1.8.3.1
9 years, 9 months
[libvirt] [PATCH] conf: Don't use the current state in def->data.network.actual when migrate
by Luyao Huang
https://bugzilla.redhat.com/show_bug.cgi?id=1177194
When migrate a vm, we will generate a xml via qemuDomainDefFormatLive and
pass this xml to target libvirtd. Libvirt will use the current network
state in def->data.network.actual to generate the xml, this will make
migrate failed when we set a network type guest interface use a macvtap
network as a source in a vm then migrate vm to another host(which has the
different macvtap network settings: different interface name, bridge name...)
Add a flag check in virDomainNetDefFormat, if we set a VIR_DOMAIN_XML_MIGRATABLE
flag when call virDomainNetDefFormat, we won't get the current vm interface
state.
Signed-off-by: Luyao Huang <lhuang(a)redhat.com>
---
src/conf/domain_conf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index aafc05e..fffd6cd 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -17436,7 +17436,9 @@ virDomainNetDefFormat(virBufferPtr buf,
unsigned int actualType = virDomainNetGetActualType(def);
bool publicActual
= (def->type == VIR_DOMAIN_NET_TYPE_NETWORK && def->data.network.actual &&
- !(flags & (VIR_DOMAIN_XML_INACTIVE | VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET)));
+ !(flags & (VIR_DOMAIN_XML_INACTIVE |
+ VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET |
+ VIR_DOMAIN_XML_MIGRATABLE)));
const char *typeStr;
virDomainHostdevDefPtr hostdef = NULL;
char macstr[VIR_MAC_STRING_BUFLEN];
--
1.8.3.1
9 years, 9 months
[libvirt] [PATCH] vmx: Fix a VMX parsing problem.
by Geoff Hickey
VMware ESX does not always set the "serialX.fileType" tag in VMX files. The
default value for this tag is "device", and when adding a new serial port
of this type VMware will omit the fileType tag. This caused libvirt to
fail to parse the VMX file. Fixed by making this tag optional and using
"device" as a default value. Also updated vmx2xmltest to test for this
case.
Conflicts:
src/vmx/vmx.c
---
src/vmx/vmx.c | 10 +++++++---
tests/vmx2xmldata/vmx2xml-serial-device.vmx | 2 ++
tests/vmx2xmldata/vmx2xml-serial-device.xml | 4 ++++
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
index e6bf5c3..2a794c7 100644
--- a/src/vmx/vmx.c
+++ b/src/vmx/vmx.c
@@ -2697,7 +2697,7 @@ virVMXParseSerial(virVMXContext *ctx, virConfPtr conf, int port,
goto ignore;
/* vmx:fileType -> def:type */
- if (virVMXGetConfigString(conf, fileType_name, &fileType, false) < 0)
+ if (virVMXGetConfigString(conf, fileType_name, &fileType, true) < 0)
goto cleanup;
/* vmx:fileName -> def:data.file.path */
@@ -2710,8 +2710,12 @@ virVMXParseSerial(virVMXContext *ctx, virConfPtr conf, int port,
goto cleanup;
}
- /* Setup virDomainChrDef */
- if (STRCASEEQ(fileType, "device")) {
+ /*
+ * Setup virDomainChrDef. The default fileType is "device", and vmware
+ * will sometimes omit this tag when adding a new serial port of this
+ * type.
+ */
+ if (!fileType || STRCASEEQ(fileType, "device")) {
(*def)->target.port = port;
(*def)->source.type = VIR_DOMAIN_CHR_TYPE_DEV;
(*def)->source.data.file.path = fileName;
diff --git a/tests/vmx2xmldata/vmx2xml-serial-device.vmx b/tests/vmx2xmldata/vmx2xml-serial-device.vmx
index 8c101e3..927f408 100644
--- a/tests/vmx2xmldata/vmx2xml-serial-device.vmx
+++ b/tests/vmx2xmldata/vmx2xml-serial-device.vmx
@@ -3,3 +3,5 @@ virtualHW.version = "4"
serial0.present = "true"
serial0.fileType = "device"
serial0.fileName = "/dev/ttyS0"
+serial1.present = "true"
+serial1.fileName = "/dev/ttyS1"
diff --git a/tests/vmx2xmldata/vmx2xml-serial-device.xml b/tests/vmx2xmldata/vmx2xml-serial-device.xml
index 9ecd867..cc45c07 100644
--- a/tests/vmx2xmldata/vmx2xml-serial-device.xml
+++ b/tests/vmx2xmldata/vmx2xml-serial-device.xml
@@ -15,6 +15,10 @@
<source path='/dev/ttyS0'/>
<target port='0'/>
</serial>
+ <serial type='dev'>
+ <source path='/dev/ttyS1'/>
+ <target port='1'/>
+ </serial>
<console type='dev'>
<source path='/dev/ttyS0'/>
<target type='serial' port='0'/>
--
1.9.1
9 years, 9 months
[libvirt] [PATCH RFC] libxl: fix paths in capability string
by Wei Liu
Currently libxl driver hardcodes some paths in its capability string,
which might not be the correct paths.
This patch introduces --with-libxl-prefix, so that user can specify the
prefix used to build Xen tools. The default value is /usr/local which is
the default --prefix for Xen tools.
Change emualtor from qemu-dm to qemu-system-i386 because libxl (in Xen)
use this as the default emulator.
No need to check hostarch to determine whether to use lib or lib64
anymore because we now always use lib.
Signed-off-by: Wei Liu <wei.liu2(a)citrix.com>
---
This patch is RFC because I introduce --with-libxl-prefix and I don't know
whether it's acceptable.
Right now libvirt's driver doesn't seem to use these default paths so
everything just works. But it would be nice for libvirt to report the
correct paths instead of hardcoded (and possibly wrong) ones.
---
configure.ac | 4 ++++
src/libxl/libxl_conf.c | 6 ++----
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 167b875..8d10361 100644
--- a/configure.ac
+++ b/configure.ac
@@ -533,6 +533,9 @@ AC_ARG_WITH([libxl],
[AS_HELP_STRING([--with-libxl],
[add libxenlight support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_libxl=check])
+AC_ARG_WITH([libxl-prefix], [AS_HELP_STRING([--with-libxl-prefix=path],
+ [prefix used to build libxl, default /usr/local])],
+ [LIBXL_PREFIX=$withval], [LIBXL_PREFIX="/usr/local"])
AC_ARG_WITH([vbox],
[AS_HELP_STRING([--with-vbox=@<:@PFX@:>@],
[VirtualBox XPCOMC location @<:@default=yes@:>@])])
@@ -893,6 +896,7 @@ fi
if test "$with_libxl" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_LIBXL], 1, [whether libxenlight driver is enabled])
+ AC_DEFINE_UNQUOTED([LIBXL_PREFIX], ["$LIBXL_PREFIX"], [libxl prefix])
fi
AM_CONDITIONAL([WITH_LIBXL], [test "$with_libxl" = "yes"])
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 0555b91..fbb4e29 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -428,11 +428,9 @@ libxlCapsInitGuests(libxl_ctx *ctx, virCapsPtr caps)
if ((guest = virCapabilitiesAddGuest(caps,
guest_archs[i].hvm ? "hvm" : "xen",
guest_archs[i].arch,
- ((hostarch == VIR_ARCH_X86_64) ?
- "/usr/lib64/xen/bin/qemu-dm" :
- "/usr/lib/xen/bin/qemu-dm"),
+ LIBXL_PREFIX "/lib/xen/bin/qemu-system-i386",
(guest_archs[i].hvm ?
- "/usr/lib/xen/boot/hvmloader" :
+ LIBXL_PREFIX "/lib/xen/boot/hvmloader" :
NULL),
1,
machines)) == NULL) {
--
1.7.10.4
9 years, 9 months
[libvirt] [PATCH v2] nwfilter: Add support for icmpv6 filtering
by Stefan Berger
Make use of the ebtables functionality to be able to filter certain
parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
type ranges, codes, and code ranges. Extend the nwfilter documentation,
schema, and test cases.
Being able to filter icmpv6 types and codes helps extending the DHCP
snooper for IPv6 and filtering at least some parameters of IPv6's NDP
(Neighbor Discovery Protocol) packets. However, the filtering will not
be as good as the filtering of ARP packets since we cannot
check on IP addresses in the payload of the NDP packets.
Signed-off-by: Stefan Berger stefanb(a)linux.vnet.ibm.com
---
docs/formatnwfilter.html.in | 20 +++++++
docs/schemas/nwfilter.rng | 26 +++++++++
src/conf/nwfilter_conf.c | 26 +++++++++
src/conf/nwfilter_conf.h | 4 ++
src/nwfilter/nwfilter_ebiptables_driver.c | 80 ++++++++++++++++++++++++++
tests/nwfilterxml2firewalldata/ipv6-linux.args | 16 ++++++
tests/nwfilterxml2firewalldata/ipv6.xml | 38 ++++++++++++
tests/nwfilterxml2xmlin/ipv6-test.xml | 38 ++++++++++++
tests/nwfilterxml2xmlout/ipv6-test.xml | 12 ++++
9 files changed, 260 insertions(+)
diff --git a/docs/formatnwfilter.html.in b/docs/formatnwfilter.html.in
index 073b852..e403e33 100644
--- a/docs/formatnwfilter.html.in
+++ b/docs/formatnwfilter.html.in
@@ -1197,6 +1197,26 @@
<td>End of range of valid destination ports; requires <code>protocol</code></td>
</tr>
<tr>
+ <td>type<span class="since">(Since 1.2.11)</span></td>
+ <td>UINT8</td>
+ <td>ICMPv6 type; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
+ </tr>
+ <tr>
+ <td>typeend<span class="since">(Since 1.2.11)</span></td>
+ <td>UINT8</td>
+ <td>ICMPv6 type end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
+ </tr>
+ <tr>
+ <td>code<span class="since">(Since 1.2.11)</span></td>
+ <td>UINT8</td>
+ <td>ICMPv6 code; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
+ </tr>
+ <tr>
+ <td>code<span class="since">(Since 1.2.11)</span></td>
+ <td>UINT8</td>
+ <td>ICMPv6 code end of range; requires <code>protocol</code> to be set to <code>icmpv6</code></td>
+ </tr>
+ <tr>
<td>comment <span class="since">(Since 0.8.5)</span></td>
<td>STRING</td>
<td>text with max. 256 characters</td>
diff --git a/docs/schemas/nwfilter.rng b/docs/schemas/nwfilter.rng
index 2b54fd5..9df39c0 100644
--- a/docs/schemas/nwfilter.rng
+++ b/docs/schemas/nwfilter.rng
@@ -90,6 +90,7 @@
<ref name="common-ipv6-attributes-p1"/>
<ref name="common-port-attributes"/>
<ref name="ip-attributes"/>
+ <ref name="icmp-attribute-ranges"/>
<ref name="comment-attribute"/>
</element>
</zeroOrMore>
@@ -588,6 +589,31 @@
</interleave>
</define>
+ <define name="icmp-attribute-ranges">
+ <interleave>
+ <optional>
+ <attribute name="type">
+ <ref name="uint8range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="typeend">
+ <ref name="uint8range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="code">
+ <ref name="uint8range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="codeend">
+ <ref name="uint8range"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
<define name="mac-attributes">
<interleave>
<optional>
diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index 317792e..aed82ad 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -1445,6 +1445,26 @@ static const virXMLAttr2Struct ipv6Attributes[] = {
.datatype = DATATYPE_UINT16 | DATATYPE_UINT16_HEX,
.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.portData.dataDstPortEnd),
},
+ {
+ .name = "type",
+ .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX,
+ .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPTypeStart),
+ },
+ {
+ .name = "typeend",
+ .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX,
+ .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPTypeEnd),
+ },
+ {
+ .name = "code",
+ .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX,
+ .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPCodeStart),
+ },
+ {
+ .name = "codeend",
+ .datatype = DATATYPE_UINT8 | DATATYPE_UINT8_HEX,
+ .dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.dataICMPCodeEnd),
+ },
COMMENT_PROP_IPHDR(ipv6HdrFilter),
{
.name = NULL,
@@ -2219,6 +2239,12 @@ virNWFilterRuleDefFixup(virNWFilterRuleDefPtr rule)
rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr);
COPY_NEG_SIGN(rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask,
rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr);
+ COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPTypeEnd,
+ rule->p.ipv6HdrFilter.dataICMPTypeStart);
+ COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPCodeStart,
+ rule->p.ipv6HdrFilter.dataICMPTypeStart);
+ COPY_NEG_SIGN(rule->p.ipv6HdrFilter.dataICMPCodeEnd,
+ rule->p.ipv6HdrFilter.dataICMPTypeStart);
virNWFilterRuleDefFixupIPSet(&rule->p.ipv6HdrFilter.ipHdr);
break;
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index f81df60..6e68ecc 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -265,6 +265,10 @@ struct _ipv6HdrFilterDef {
ethHdrDataDef ethHdr;
ipHdrDataDef ipHdr;
portDataDef portData;
+ nwItemDesc dataICMPTypeStart;
+ nwItemDesc dataICMPTypeEnd;
+ nwItemDesc dataICMPCodeStart;
+ nwItemDesc dataICMPCodeEnd;
};
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 377b59b..423d069 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -1826,6 +1826,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
bool hasMask = false;
virFirewallRulePtr fwrule;
int ret = -1;
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
if (STREQ(chainSuffix,
virNWFilterChainSuffixTypeToString(
@@ -2342,6 +2343,83 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
virFirewallRuleAddArg(fw, fwrule, number);
}
}
+
+ if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeStart) ||
+ HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeEnd) ||
+ HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart) ||
+ HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) {
+ bool lo = false;
+ char *r;
+
+ virFirewallRuleAddArg(fw, fwrule,
+ "--ip6-icmp-type");
+
+ if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeStart)) {
+ if (printDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.dataICMPTypeStart) < 0)
+ goto cleanup;
+ lo = true;
+ } else {
+ ignore_value(virStrcpyStatic(number, "0"));
+ }
+
+ virBufferStrcat(&buf, number, ":", NULL);
+
+ if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeEnd)) {
+ if (printDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipv6HdrFilter.dataICMPTypeEnd) < 0)
+ goto cleanup;
+ } else {
+ if (lo)
+ ignore_value(virStrcpyStatic(numberalt, number));
+ else
+ ignore_value(virStrcpyStatic(numberalt, "255"));
+ }
+
+ virBufferStrcat(&buf, numberalt, "/", NULL);
+
+ lo = false;
+
+ if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart)) {
+ if (printDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.dataICMPCodeStart) < 0)
+ goto cleanup;
+ lo = true;
+ } else {
+ ignore_value(virStrcpyStatic(number, "0"));
+ }
+
+ virBufferStrcat(&buf, number, ":", NULL);
+
+ if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) {
+ if (printDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipv6HdrFilter.dataICMPCodeEnd) < 0)
+ goto cleanup;
+ } else {
+ if (lo)
+ ignore_value(virStrcpyStatic(numberalt, number));
+ else
+ ignore_value(virStrcpyStatic(numberalt, "255"));
+ }
+
+ virBufferStrcat(&buf, numberalt, NULL);
+
+ if (ENTRY_WANT_NEG_SIGN(&rule->p.ipv6HdrFilter.dataICMPTypeStart))
+ virFirewallRuleAddArg(fw, fwrule, "!");
+
+ if (virBufferCheckError(&buf) < 0)
+ goto cleanup;
+
+ r = virBufferContentAndReset(&buf);
+
+ virFirewallRuleAddArg(fw, fwrule, r);
+
+ VIR_FREE(r);
+ }
break;
case VIR_NWFILTER_RULE_PROTOCOL_NONE:
@@ -2376,6 +2454,8 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
ret = 0;
cleanup:
+ virBufferFreeAndReset(&buf);
+
return ret;
}
diff --git a/tests/nwfilterxml2firewalldata/ipv6-linux.args b/tests/nwfilterxml2firewalldata/ipv6-linux.args
index a42566c..735f663 100644
--- a/tests/nwfilterxml2firewalldata/ipv6-linux.args
+++ b/tests/nwfilterxml2firewalldata/ipv6-linux.args
@@ -18,3 +18,19 @@ ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
--ip6-source a:b:c::/65 --ip6-protocol 18 -j ACCEPT
ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
--ip6-destination a:b:c::/65 --ip6-protocol 18 -j ACCEPT
+ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
+--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT
+ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
+--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:11/10:11 -j ACCEPT
+ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
+--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT
+ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
+--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/10:10 -j ACCEPT
+ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
+--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT
+ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
+--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 0:255/10:10 -j ACCEPT
+ebtables -t nat -A libvirt-J-vnet0 -p ipv6 --ip6-destination 1::2/128 \
+--ip6-source a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT
+ebtables -t nat -A libvirt-P-vnet0 -p ipv6 --ip6-source 1::2/128 \
+--ip6-destination a:b:c::/65 --ip6-protocol 58 --ip6-icmp-type 1:1/0:255 -j ACCEPT
diff --git a/tests/nwfilterxml2firewalldata/ipv6.xml b/tests/nwfilterxml2firewalldata/ipv6.xml
index 9f67bea..2400958 100644
--- a/tests/nwfilterxml2firewalldata/ipv6.xml
+++ b/tests/nwfilterxml2firewalldata/ipv6.xml
@@ -40,4 +40,42 @@
/>
</rule>
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ type='1' typeend='11'
+ code='10' codeend='11'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ type='1'
+ code='10'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ code='10'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ type='1'
+ />
+ </rule>
+
</filter>
diff --git a/tests/nwfilterxml2xmlin/ipv6-test.xml b/tests/nwfilterxml2xmlin/ipv6-test.xml
index 556796f..2daa3b9 100644
--- a/tests/nwfilterxml2xmlin/ipv6-test.xml
+++ b/tests/nwfilterxml2xmlin/ipv6-test.xml
@@ -40,4 +40,42 @@
/>
</rule>
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ type='1' typeend='11'
+ code='10' codeend='11'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ type='1'
+ code='10'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ code='10'
+ />
+ </rule>
+
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128'
+ dstipaddr='a:b:c::'
+ dstipmask='ffff:ffff:ffff:ffff:8000::'
+ protocol='icmpv6'
+ type='1'
+ />
+ </rule>
+
</filter>
diff --git a/tests/nwfilterxml2xmlout/ipv6-test.xml b/tests/nwfilterxml2xmlout/ipv6-test.xml
index fcc5c0d..ce9dd06 100644
--- a/tests/nwfilterxml2xmlout/ipv6-test.xml
+++ b/tests/nwfilterxml2xmlout/ipv6-test.xml
@@ -12,4 +12,16 @@
<rule action='accept' direction='inout' priority='500'>
<ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='18'/>
</rule>
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1' typeend='11' code='10' codeend='11'/>
+ </rule>
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1' code='10'/>
+ </rule>
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' code='10'/>
+ </rule>
+ <rule action='accept' direction='inout'>
+ <ipv6 srcipaddr='1::2' srcipmask='128' dstipaddr='a:b:c::' dstipmask='65' protocol='icmpv6' type='1'/>
+ </rule>
</filter>
--
1.9.3
9 years, 9 months
[libvirt] [PATCH] Indentation
by Ján Tomko
---
Pushed as trivial.
src/qemu/qemu_hotplug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index bfe1bd0..1714341 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -265,8 +265,8 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver,
int
qemuDomainCheckEjectableMedia(virQEMUDriverPtr driver,
- virDomainObjPtr vm,
- qemuDomainAsyncJob asyncJob)
+ virDomainObjPtr vm,
+ qemuDomainAsyncJob asyncJob)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
virHashTablePtr table = NULL;
--
2.0.4
9 years, 9 months
[libvirt] [PATCH] qemu: Fix system pages handling in <memoryBacking/>
by Michal Privoznik
In one of my previous commits (311b4a67) I've tried to allow to pass
regular system pages to <hugepages>. However, there was a little bug
that wasn't caught. If domain has guest NUMA topology defined,
qemuBuildNumaArgStr() function takes care of generating corresponding
command line. The hugepages backing for guest NUMA nodes is handled
there too. And here comes the bug: the hugepages setting from XML is
stored in KiB internally, however, the system pages size was queried
and stored in Bytes. So the check whether these two equal was failing
even if it shouldn't.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_command.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d5679de..1930abd 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6612,7 +6612,7 @@ qemuBuildNumaArgStr(virQEMUDriverConfigPtr cfg,
char *nodemask = NULL;
char *mem_path = NULL;
int ret = -1;
- const long system_page_size = sysconf(_SC_PAGESIZE);
+ const long system_page_size = sysconf(_SC_PAGESIZE) / 1024;
if (virDomainNumatuneHasPerNodeBinding(def->numatune) &&
!(virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_MEMORY_RAM) ||
--
2.0.5
9 years, 9 months
[libvirt] [PATCH] qemu: Don't unref domain after exit from nested async job
by Peter Krempa
In commit 540c339a2535ec30d79e5ef84d8f50a17bc60723 the whole domain
reference counting was refactored in the qemu driver. Domain jobs now
don't need to reference the domain object as they now expect the
reference from the calling function.
However, the patch forgot to remove the unref call in case we exit the
monitor when we were acquiring a nested job. This caused the daemon to
crash on a subsequent access to the domain object once we've done an
operation requiring a nested job for a monitor access.
An easy reproducer case:
1) Start a vm with qcow disks
2) virsh snapshot-create-as DOMNAME
3) virsh dumpxml DOMNAME
4) daemon crashes in a semi-random spot while accessing a now-removed VM
object.
Fortunately, the commit wasn't released yet, so there are no security
implications.
Reported-by: Shanzi Yu <shyu(a)redhat.com>
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Cc: Martin Kletzander <mkletzan(a)redhat.com>
Cc: Shanzi Yu <shyu(a)redhat.com>
src/qemu/qemu_domain.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index bd64409..3d4023c 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1573,8 +1573,6 @@ qemuDomainObjExitMonitorInternal(virQEMUDriverPtr driver,
qemuDomainObjResetJob(priv);
qemuDomainObjSaveJob(driver, obj);
virCondSignal(&priv->job.cond);
-
- virObjectUnref(obj);
}
}
--
2.2.1
9 years, 9 months