Devel
Threads by month
- ----- 2026 -----
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- 27 participants
- 40116 discussions
[libvirt] [PATCHv2] docs: Document hypervisor drivers that support certain timer models
by Peter Krempa 02 Jul '13
by Peter Krempa 02 Jul '13
02 Jul '13
Not every timer model is supported with each hypervisor. Explicitly
mention the driver supporting each timer model.
---
Notes:
Version 2:
- corrected the support of HPET (xen, libxl, qemu) and KVMCLOCK (just qemu) timers
docs/formatdomain.html.in | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index cc4c5ea..47d91ab 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1310,8 +1310,10 @@
<dt><code>name</code></dt>
<dd>
The <code>name</code> attribute selects which timer is
- being modified, and can be one of "platform", "hpet",
- "kvmclock", "pit", "rtc", or "tsc".
+ being modified, and can be one of
+ "platform" (currently unsupported),
+ "hpet" (libxl, xen, qemu), "kvmclock" (qemu),
+ "pit" (qemu), "rtc" (qemu), or "tsc" (libxl).
</dd>
<dt><code>track</code></dt>
<dd>
--
1.8.2.1
2
2
https://bugzilla.redhat.com/show_bug.cgi?id=977678
Ján Tomko (2):
qemu: fix return value of qemuDomainBlockPivot on errors
blockjob: make PIVOT and ASYNC flags mutually exclusive
src/qemu/qemu_driver.c | 15 +++++++++++----
tools/virsh-domain.c | 9 ++++++---
2 files changed, 17 insertions(+), 7 deletions(-)
--
1.8.1.5
3
8
[libvirt] Biweekly upstream qemu-kvm test report - July 1st, 2013
by chandrashekar shastri 02 Jul '13
by chandrashekar shastri 02 Jul '13
02 Jul '13
Adding Libvirt list.
Thanks,
Shastri
-------- Original Message --------
Subject: Biweekly upstream qemu-kvm test report - July 1st, 2013
Date: Mon, 01 Jul 2013 19:45:32 +0530
From: chandrashekar shastri <cshastri(a)linux.vnet.ibm.com>
To: qemu-devel(a)nongnu.org, ltc-kvm(a)lists.linux.ibm.com,
virt-test-devel(a)redhat.com
Hi,
Please find the status of the upstream testing:
Kernel : 3.10.0-rc5+
Qemu : 1.5.50
Libvirt : 1.0.6
Total number of bugs filed : 6
Bugs filed in this week : 5
Qemu Bugs in Launchpad :
1) 1192499 - virsh migration copy-storage-all fails with "Unable to
read from monitor: Connection reset by peer"
2) 1192847 - NMI watchdog fails to increment the NMI counter in
/proc/interrupts
3) 1195170 - cpu hot-add doesn't work with upstream qemu 1.5.50
Libvirt Bugs Redhat Bugzilla:
1) 979260 - cpu hot-add doesn't work with upstream libvirt 1.0.6 + qemu
1.5.50
2) 979360 - Libvirt fails to Bootstrap fails for local gnulib with 1.0.
Features tested in this week:
1. NMI Watchdog
2. Live Migration (with and without shared Storage)
3. CPU hotplug
4. QMP with latest qemu
Features that will be taken up in the next cycle:
1. Chardev hotplug
2. VirtIO-scsi
3. Virt Guest Suspend Hibernate
Thanks,
Shastri
1
0
02 Jul '13
On mingw, configure sets the name of the lxc symfile to
libvirt_lxc.defs rather than libvirt_lxc.syms. But tarballs
must be arch-independent, regardless of the configure options
used for the tree where we ran 'make dist'. This led to the
following failure in autobuild.sh:
CCLD libvirt-lxc.la
CCLD libvirt-qemu.la
/usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory
collect2: error: ld returned 1 exit status
make[3]: *** [libvirt-lxc.la] Error 1
make[3]: *** Waiting for unfinished jobs....
We were already doing the right thing with libvirt_qemu.syms.
* src/Makefile.am (EXTRA_DIST): Don't ship a built file which
depends on configure for its final name.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
Pushing under the build-breaker rule.
src/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 042bcba..1a64855 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1861,7 +1861,6 @@ libvirt_lxc_la_LDFLAGS = \
$(NULL)
libvirt_lxc_la_CFLAGS = $(AM_CFLAGS)
libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD)
-EXTRA_DIST += $(LIBVIRT_LXC_SYMBOL_FILE)
lockdriverdir = $(libdir)/libvirt/lock-driver
lockdriver_LTLIBRARIES =
--
1.8.1.4
1
0
Found while trying to cross-compile to mingw:
CC libvirt_driver_remote_la-remote_driver.lo
../../src/remote/remote_driver.c: In function 'doRemoteOpen':
../../src/remote/remote_driver.c:487:23: error: variable 'verify' set but not used [-Werror=unused-but-set-variable]
* src/remote/remote_driver.c (doRemoteOpen): Also ignore 'verify'.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
Pushing under the build-breaker rule.
I also had a report that libvirt fails to compile for mingw on
Fedora 19; it looks like a gnulib submodule update will fix
part of that issue, so I'm working on that now...
https://lists.fedoraproject.org/pipermail/mingw/2013-June/007006.html
http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=86725346
src/remote/remote_driver.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 7a0c1f6..7f3e833 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -609,6 +609,7 @@ doRemoteOpen(virConnectPtr conn,
priv->is_secure = 1;
#else
(void)sanity;
+ (void)verify;
virReportError(VIR_ERR_INVALID_ARG, "%s",
_("GNUTLS support not available in this build"));
goto failed;
--
1.8.1.4
1
0
iptablesContext holds only 4 pairs of iptables
(table, chain) and there's no need to pass
it around.
This is a first step towards separating bridge_driver.c
in platform-specific parts.
---
src/libvirt_private.syms | 2 -
src/network/bridge_driver.c | 253 +++++++++++++++++--------------------------
src/util/viriptables.c | 257 +++++++++++---------------------------------
src/util/viriptables.h | 65 ++++-------
4 files changed, 183 insertions(+), 394 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 795e011..062c7fb 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1417,8 +1417,6 @@ iptablesAddForwardRejectOut;
iptablesAddOutputFixUdpChecksum;
iptablesAddTcpInput;
iptablesAddUdpInput;
-iptablesContextFree;
-iptablesContextNew;
iptablesRemoveForwardAllowCross;
iptablesRemoveForwardAllowIn;
iptablesRemoveForwardAllowOut;
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 2cf49bb..062ec85 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -75,7 +75,6 @@ struct network_driver {
virNetworkObjList networks;
- iptablesContext *iptables;
char *networkConfigDir;
char *networkAutostartDir;
char *stateDir;
@@ -106,8 +105,7 @@ static int networkShutdownNetwork(struct network_driver *driver,
static int networkStartNetworkVirtual(struct network_driver *driver,
virNetworkObjPtr network);
-static int networkShutdownNetworkVirtual(struct network_driver *driver,
- virNetworkObjPtr network);
+static int networkShutdownNetworkVirtual(virNetworkObjPtr network);
static int networkStartNetworkExternal(struct network_driver *driver,
virNetworkObjPtr network);
@@ -420,10 +418,6 @@ networkStateInitialize(bool privileged,
}
}
- if (!(driverState->iptables = iptablesContextNew())) {
- goto out_of_memory;
- }
-
/* if this fails now, it will be retried later with dnsmasqCapsRefresh() */
driverState->dnsmasqCaps = dnsmasqCapsNewFromBinary(DNSMASQ);
@@ -531,9 +525,6 @@ networkStateCleanup(void) {
VIR_FREE(driverState->dnsmasqStateDir);
VIR_FREE(driverState->radvdStateDir);
- if (driverState->iptables)
- iptablesContextFree(driverState->iptables);
-
virObjectUnref(driverState->dnsmasqCaps);
networkDriverUnlock(driverState);
@@ -1544,8 +1535,7 @@ networkRefreshDaemons(struct network_driver *driver)
}
static int
-networkAddMasqueradingIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network,
+networkAddMasqueradingIptablesRules(virNetworkObjPtr network,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
@@ -1559,8 +1549,7 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
}
/* allow forwarding packets from the bridge interface */
- if (iptablesAddForwardAllowOut(driver->iptables,
- &ipdef->address,
+ if (iptablesAddForwardAllowOut(&ipdef->address,
prefix,
network->def->bridge,
forwardIf) < 0) {
@@ -1573,8 +1562,7 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
/* allow forwarding packets to the bridge interface if they are
* part of an existing connection
*/
- if (iptablesAddForwardAllowRelatedIn(driver->iptables,
- &ipdef->address,
+ if (iptablesAddForwardAllowRelatedIn(&ipdef->address,
prefix,
network->def->bridge,
forwardIf) < 0) {
@@ -1608,8 +1596,7 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
*/
/* First the generic masquerade rule for other protocols */
- if (iptablesAddForwardMasquerade(driver->iptables,
- &ipdef->address,
+ if (iptablesAddForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
@@ -1626,8 +1613,7 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
}
/* UDP with a source port restriction */
- if (iptablesAddForwardMasquerade(driver->iptables,
- &ipdef->address,
+ if (iptablesAddForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
@@ -1644,8 +1630,7 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
}
/* TCP with a source port restriction */
- if (iptablesAddForwardMasquerade(driver->iptables,
- &ipdef->address,
+ if (iptablesAddForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
@@ -1664,30 +1649,26 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
return 0;
masqerr5:
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
"udp");
masqerr4:
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
NULL);
masqerr3:
- iptablesRemoveForwardAllowRelatedIn(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardAllowRelatedIn(&ipdef->address,
prefix,
network->def->bridge,
forwardIf);
masqerr2:
- iptablesRemoveForwardAllowOut(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardAllowOut(&ipdef->address,
prefix,
network->def->bridge,
forwardIf);
@@ -1696,43 +1677,37 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
}
static void
-networkRemoveMasqueradingIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network,
+networkRemoveMasqueradingIptablesRules(virNetworkObjPtr network,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
const char *forwardIf = virNetworkDefForwardIf(network->def, 0);
if (prefix >= 0) {
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
"tcp");
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
"udp");
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardMasquerade(&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
NULL);
- iptablesRemoveForwardAllowRelatedIn(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardAllowRelatedIn(&ipdef->address,
prefix,
network->def->bridge,
forwardIf);
- iptablesRemoveForwardAllowOut(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardAllowOut(&ipdef->address,
prefix,
network->def->bridge,
forwardIf);
@@ -1740,8 +1715,7 @@ networkRemoveMasqueradingIptablesRules(struct network_driver *driver,
}
static int
-networkAddRoutingIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network,
+networkAddRoutingIptablesRules(virNetworkObjPtr network,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
@@ -1755,8 +1729,7 @@ networkAddRoutingIptablesRules(struct network_driver *driver,
}
/* allow routing packets from the bridge interface */
- if (iptablesAddForwardAllowOut(driver->iptables,
- &ipdef->address,
+ if (iptablesAddForwardAllowOut(&ipdef->address,
prefix,
network->def->bridge,
forwardIf) < 0) {
@@ -1767,8 +1740,7 @@ networkAddRoutingIptablesRules(struct network_driver *driver,
}
/* allow routing packets to the bridge interface */
- if (iptablesAddForwardAllowIn(driver->iptables,
- &ipdef->address,
+ if (iptablesAddForwardAllowIn(&ipdef->address,
prefix,
network->def->bridge,
forwardIf) < 0) {
@@ -1781,8 +1753,7 @@ networkAddRoutingIptablesRules(struct network_driver *driver,
return 0;
routeerr2:
- iptablesRemoveForwardAllowOut(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardAllowOut(&ipdef->address,
prefix,
network->def->bridge,
forwardIf);
@@ -1791,22 +1762,19 @@ routeerr1:
}
static void
-networkRemoveRoutingIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network,
+networkRemoveRoutingIptablesRules(virNetworkObjPtr network,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
const char *forwardIf = virNetworkDefForwardIf(network->def, 0);
if (prefix >= 0) {
- iptablesRemoveForwardAllowIn(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardAllowIn(&ipdef->address,
prefix,
network->def->bridge,
forwardIf);
- iptablesRemoveForwardAllowOut(driver->iptables,
- &ipdef->address,
+ iptablesRemoveForwardAllowOut(&ipdef->address,
prefix,
network->def->bridge,
forwardIf);
@@ -1819,8 +1787,7 @@ networkRemoveRoutingIptablesRules(struct network_driver *driver,
* If any IPv6 addresses are defined, then add the rules for regular operation.
*/
static int
-networkAddGeneralIp6tablesRules(struct network_driver *driver,
- virNetworkObjPtr network)
+networkAddGeneralIp6tablesRules(virNetworkObjPtr network)
{
if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0) &&
@@ -1830,16 +1797,14 @@ networkAddGeneralIp6tablesRules(struct network_driver *driver,
/* Catch all rules to block forwarding to/from bridges */
- if (iptablesAddForwardRejectOut(driver->iptables, AF_INET6,
- network->def->bridge) < 0) {
+ if (iptablesAddForwardRejectOut(AF_INET6, network->def->bridge) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add ip6tables rule to block outbound traffic from '%s'"),
network->def->bridge);
goto err1;
}
- if (iptablesAddForwardRejectIn(driver->iptables, AF_INET6,
- network->def->bridge) < 0) {
+ if (iptablesAddForwardRejectIn(AF_INET6, network->def->bridge) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add ip6tables rule to block inbound traffic to '%s'"),
network->def->bridge);
@@ -1847,8 +1812,7 @@ networkAddGeneralIp6tablesRules(struct network_driver *driver,
}
/* Allow traffic between guests on the same bridge */
- if (iptablesAddForwardAllowCross(driver->iptables, AF_INET6,
- network->def->bridge) < 0) {
+ if (iptablesAddForwardAllowCross(AF_INET6, network->def->bridge) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add ip6tables rule to allow cross bridge traffic on '%s'"),
network->def->bridge);
@@ -1860,24 +1824,21 @@ networkAddGeneralIp6tablesRules(struct network_driver *driver,
return 0;
/* allow DNS over IPv6 */
- if (iptablesAddTcpInput(driver->iptables, AF_INET6,
- network->def->bridge, 53) < 0) {
+ if (iptablesAddTcpInput(AF_INET6, network->def->bridge, 53) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add ip6tables rule to allow DNS requests from '%s'"),
network->def->bridge);
goto err4;
}
- if (iptablesAddUdpInput(driver->iptables, AF_INET6,
- network->def->bridge, 53) < 0) {
+ if (iptablesAddUdpInput(AF_INET6, network->def->bridge, 53) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add ip6tables rule to allow DNS requests from '%s'"),
network->def->bridge);
goto err5;
}
- if (iptablesAddUdpInput(driver->iptables, AF_INET6,
- network->def->bridge, 547) < 0) {
+ if (iptablesAddUdpInput(AF_INET6, network->def->bridge, 547) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add ip6tables rule to allow DHCP6 requests from '%s'"),
network->def->bridge);
@@ -1888,44 +1849,42 @@ networkAddGeneralIp6tablesRules(struct network_driver *driver,
/* unwind in reverse order from the point of failure */
err6:
- iptablesRemoveUdpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
+ iptablesRemoveUdpInput(AF_INET6, network->def->bridge, 53);
err5:
- iptablesRemoveTcpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
+ iptablesRemoveTcpInput(AF_INET6, network->def->bridge, 53);
err4:
- iptablesRemoveForwardAllowCross(driver->iptables, AF_INET6, network->def->bridge);
+ iptablesRemoveForwardAllowCross(AF_INET6, network->def->bridge);
err3:
- iptablesRemoveForwardRejectIn(driver->iptables, AF_INET6, network->def->bridge);
+ iptablesRemoveForwardRejectIn(AF_INET6, network->def->bridge);
err2:
- iptablesRemoveForwardRejectOut(driver->iptables, AF_INET6, network->def->bridge);
+ iptablesRemoveForwardRejectOut(AF_INET6, network->def->bridge);
err1:
return -1;
}
static void
-networkRemoveGeneralIp6tablesRules(struct network_driver *driver,
- virNetworkObjPtr network)
+networkRemoveGeneralIp6tablesRules(virNetworkObjPtr network)
{
if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0) &&
!network->def->ipv6nogw) {
return;
}
if (virNetworkDefGetIpByIndex(network->def, AF_INET6, 0)) {
- iptablesRemoveUdpInput(driver->iptables, AF_INET6, network->def->bridge, 547);
- iptablesRemoveUdpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
- iptablesRemoveTcpInput(driver->iptables, AF_INET6, network->def->bridge, 53);
+ iptablesRemoveUdpInput(AF_INET6, network->def->bridge, 547);
+ iptablesRemoveUdpInput(AF_INET6, network->def->bridge, 53);
+ iptablesRemoveTcpInput(AF_INET6, network->def->bridge, 53);
}
/* the following rules are there if no IPv6 address has been defined
* but network->def->ipv6nogw == true
*/
- iptablesRemoveForwardAllowCross(driver->iptables, AF_INET6, network->def->bridge);
- iptablesRemoveForwardRejectIn(driver->iptables, AF_INET6, network->def->bridge);
- iptablesRemoveForwardRejectOut(driver->iptables, AF_INET6, network->def->bridge);
+ iptablesRemoveForwardAllowCross(AF_INET6, network->def->bridge);
+ iptablesRemoveForwardRejectIn(AF_INET6, network->def->bridge);
+ iptablesRemoveForwardRejectOut(AF_INET6, network->def->bridge);
}
static int
-networkAddGeneralIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network)
+networkAddGeneralIptablesRules(virNetworkObjPtr network)
{
int ii;
virNetworkIpDefPtr ipv4def;
@@ -1941,16 +1900,14 @@ networkAddGeneralIptablesRules(struct network_driver *driver,
/* allow DHCP requests through to dnsmasq */
- if (iptablesAddTcpInput(driver->iptables, AF_INET,
- network->def->bridge, 67) < 0) {
+ if (iptablesAddTcpInput(AF_INET, network->def->bridge, 67) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to allow DHCP requests from '%s'"),
network->def->bridge);
goto err1;
}
- if (iptablesAddUdpInput(driver->iptables, AF_INET,
- network->def->bridge, 67) < 0) {
+ if (iptablesAddUdpInput(AF_INET, network->def->bridge, 67) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to allow DHCP requests from '%s'"),
network->def->bridge);
@@ -1964,24 +1921,21 @@ networkAddGeneralIptablesRules(struct network_driver *driver,
*/
if (ipv4def && (ipv4def->nranges || ipv4def->nhosts) &&
- (iptablesAddOutputFixUdpChecksum(driver->iptables,
- network->def->bridge, 68) < 0)) {
+ (iptablesAddOutputFixUdpChecksum(network->def->bridge, 68) < 0)) {
VIR_WARN("Could not add rule to fixup DHCP response checksums "
"on network '%s'.", network->def->name);
VIR_WARN("May need to update iptables package & kernel to support CHECKSUM rule.");
}
/* allow DNS requests through to dnsmasq */
- if (iptablesAddTcpInput(driver->iptables, AF_INET,
- network->def->bridge, 53) < 0) {
+ if (iptablesAddTcpInput(AF_INET, network->def->bridge, 53) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to allow DNS requests from '%s'"),
network->def->bridge);
goto err3;
}
- if (iptablesAddUdpInput(driver->iptables, AF_INET,
- network->def->bridge, 53) < 0) {
+ if (iptablesAddUdpInput(AF_INET, network->def->bridge, 53) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to allow DNS requests from '%s'"),
network->def->bridge);
@@ -1990,8 +1944,7 @@ networkAddGeneralIptablesRules(struct network_driver *driver,
/* allow TFTP requests through to dnsmasq if necessary */
if (ipv4def && ipv4def->tftproot &&
- iptablesAddUdpInput(driver->iptables, AF_INET,
- network->def->bridge, 69) < 0) {
+ iptablesAddUdpInput(AF_INET, network->def->bridge, 69) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to allow TFTP requests from '%s'"),
network->def->bridge);
@@ -2000,16 +1953,14 @@ networkAddGeneralIptablesRules(struct network_driver *driver,
/* Catch all rules to block forwarding to/from bridges */
- if (iptablesAddForwardRejectOut(driver->iptables, AF_INET,
- network->def->bridge) < 0) {
+ if (iptablesAddForwardRejectOut(AF_INET, network->def->bridge) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to block outbound traffic from '%s'"),
network->def->bridge);
goto err6;
}
- if (iptablesAddForwardRejectIn(driver->iptables, AF_INET,
- network->def->bridge) < 0) {
+ if (iptablesAddForwardRejectIn(AF_INET, network->def->bridge) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to block inbound traffic to '%s'"),
network->def->bridge);
@@ -2017,8 +1968,7 @@ networkAddGeneralIptablesRules(struct network_driver *driver,
}
/* Allow traffic between guests on the same bridge */
- if (iptablesAddForwardAllowCross(driver->iptables, AF_INET,
- network->def->bridge) < 0) {
+ if (iptablesAddForwardAllowCross(AF_INET, network->def->bridge) < 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("failed to add iptables rule to allow cross bridge traffic on '%s'"),
network->def->bridge);
@@ -2026,7 +1976,7 @@ networkAddGeneralIptablesRules(struct network_driver *driver,
}
/* add IPv6 general rules, if needed */
- if (networkAddGeneralIp6tablesRules(driver, network) < 0) {
+ if (networkAddGeneralIp6tablesRules(network) < 0) {
goto err9;
}
@@ -2034,35 +1984,34 @@ networkAddGeneralIptablesRules(struct network_driver *driver,
/* unwind in reverse order from the point of failure */
err9:
- iptablesRemoveForwardAllowCross(driver->iptables, AF_INET, network->def->bridge);
+ iptablesRemoveForwardAllowCross(AF_INET, network->def->bridge);
err8:
- iptablesRemoveForwardRejectIn(driver->iptables, AF_INET, network->def->bridge);
+ iptablesRemoveForwardRejectIn(AF_INET, network->def->bridge);
err7:
- iptablesRemoveForwardRejectOut(driver->iptables, AF_INET, network->def->bridge);
+ iptablesRemoveForwardRejectOut(AF_INET, network->def->bridge);
err6:
if (ipv4def && ipv4def->tftproot) {
- iptablesRemoveUdpInput(driver->iptables, AF_INET, network->def->bridge, 69);
+ iptablesRemoveUdpInput(AF_INET, network->def->bridge, 69);
}
err5:
- iptablesRemoveUdpInput(driver->iptables, AF_INET, network->def->bridge, 53);
+ iptablesRemoveUdpInput(AF_INET, network->def->bridge, 53);
err4:
- iptablesRemoveTcpInput(driver->iptables, AF_INET, network->def->bridge, 53);
+ iptablesRemoveTcpInput(AF_INET, network->def->bridge, 53);
err3:
- iptablesRemoveUdpInput(driver->iptables, AF_INET, network->def->bridge, 67);
+ iptablesRemoveUdpInput(AF_INET, network->def->bridge, 67);
err2:
- iptablesRemoveTcpInput(driver->iptables, AF_INET, network->def->bridge, 67);
+ iptablesRemoveTcpInput(AF_INET, network->def->bridge, 67);
err1:
return -1;
}
static void
-networkRemoveGeneralIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network)
+networkRemoveGeneralIptablesRules(virNetworkObjPtr network)
{
int ii;
virNetworkIpDefPtr ipv4def;
- networkRemoveGeneralIp6tablesRules(driver, network);
+ networkRemoveGeneralIp6tablesRules(network);
for (ii = 0;
(ipv4def = virNetworkDefGetIpByIndex(network->def, AF_INET, ii));
@@ -2071,25 +2020,23 @@ networkRemoveGeneralIptablesRules(struct network_driver *driver,
break;
}
- iptablesRemoveForwardAllowCross(driver->iptables, AF_INET, network->def->bridge);
- iptablesRemoveForwardRejectIn(driver->iptables, AF_INET, network->def->bridge);
- iptablesRemoveForwardRejectOut(driver->iptables, AF_INET, network->def->bridge);
+ iptablesRemoveForwardAllowCross(AF_INET, network->def->bridge);
+ iptablesRemoveForwardRejectIn(AF_INET, network->def->bridge);
+ iptablesRemoveForwardRejectOut(AF_INET, network->def->bridge);
if (ipv4def && ipv4def->tftproot) {
- iptablesRemoveUdpInput(driver->iptables, AF_INET, network->def->bridge, 69);
+ iptablesRemoveUdpInput(AF_INET, network->def->bridge, 69);
}
- iptablesRemoveUdpInput(driver->iptables, AF_INET, network->def->bridge, 53);
- iptablesRemoveTcpInput(driver->iptables, AF_INET, network->def->bridge, 53);
+ iptablesRemoveUdpInput(AF_INET, network->def->bridge, 53);
+ iptablesRemoveTcpInput(AF_INET, network->def->bridge, 53);
if (ipv4def && (ipv4def->nranges || ipv4def->nhosts)) {
- iptablesRemoveOutputFixUdpChecksum(driver->iptables,
- network->def->bridge, 68);
+ iptablesRemoveOutputFixUdpChecksum(network->def->bridge, 68);
}
- iptablesRemoveUdpInput(driver->iptables, AF_INET, network->def->bridge, 67);
- iptablesRemoveTcpInput(driver->iptables, AF_INET, network->def->bridge, 67);
+ iptablesRemoveUdpInput(AF_INET, network->def->bridge, 67);
+ iptablesRemoveTcpInput(AF_INET, network->def->bridge, 67);
}
static int
-networkAddIpSpecificIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network,
+networkAddIpSpecificIptablesRules(virNetworkObjPtr network,
virNetworkIpDefPtr ipdef)
{
/* NB: in the case of IPv6, routing rules are added when the
@@ -2098,48 +2045,46 @@ networkAddIpSpecificIptablesRules(struct network_driver *driver,
if (network->def->forward.type == VIR_NETWORK_FORWARD_NAT) {
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET))
- return networkAddMasqueradingIptablesRules(driver, network, ipdef);
+ return networkAddMasqueradingIptablesRules(network, ipdef);
else if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6))
- return networkAddRoutingIptablesRules(driver, network, ipdef);
+ return networkAddRoutingIptablesRules(network, ipdef);
} else if (network->def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
- return networkAddRoutingIptablesRules(driver, network, ipdef);
+ return networkAddRoutingIptablesRules(network, ipdef);
}
return 0;
}
static void
-networkRemoveIpSpecificIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network,
+networkRemoveIpSpecificIptablesRules(virNetworkObjPtr network,
virNetworkIpDefPtr ipdef)
{
if (network->def->forward.type == VIR_NETWORK_FORWARD_NAT) {
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET))
- networkRemoveMasqueradingIptablesRules(driver, network, ipdef);
+ networkRemoveMasqueradingIptablesRules(network, ipdef);
else if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6))
- networkRemoveRoutingIptablesRules(driver, network, ipdef);
+ networkRemoveRoutingIptablesRules(network, ipdef);
} else if (network->def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
- networkRemoveRoutingIptablesRules(driver, network, ipdef);
+ networkRemoveRoutingIptablesRules(network, ipdef);
}
}
/* Add all rules for all ip addresses (and general rules) on a network */
static int
-networkAddIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network)
+networkAddIptablesRules(virNetworkObjPtr network)
{
int ii;
virNetworkIpDefPtr ipdef;
virErrorPtr orig_error;
/* Add "once per network" rules */
- if (networkAddGeneralIptablesRules(driver, network) < 0)
+ if (networkAddGeneralIptablesRules(network) < 0)
return -1;
for (ii = 0;
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
ii++) {
/* Add address-specific iptables rules */
- if (networkAddIpSpecificIptablesRules(driver, network, ipdef) < 0) {
+ if (networkAddIpSpecificIptablesRules(network, ipdef) < 0) {
goto err;
}
}
@@ -2155,9 +2100,9 @@ err:
*/
while ((--ii >= 0) &&
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii))) {
- networkRemoveIpSpecificIptablesRules(driver, network, ipdef);
+ networkRemoveIpSpecificIptablesRules(network, ipdef);
}
- networkRemoveGeneralIptablesRules(driver, network);
+ networkRemoveGeneralIptablesRules(network);
/* return the original error */
virSetError(orig_error);
@@ -2167,8 +2112,7 @@ err:
/* Remove all rules for all ip addresses (and general rules) on a network */
static void
-networkRemoveIptablesRules(struct network_driver *driver,
- virNetworkObjPtr network)
+networkRemoveIptablesRules(virNetworkObjPtr network)
{
int ii;
virNetworkIpDefPtr ipdef;
@@ -2176,9 +2120,9 @@ networkRemoveIptablesRules(struct network_driver *driver,
for (ii = 0;
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, ii));
ii++) {
- networkRemoveIpSpecificIptablesRules(driver, network, ipdef);
+ networkRemoveIpSpecificIptablesRules(network, ipdef);
}
- networkRemoveGeneralIptablesRules(driver, network);
+ networkRemoveGeneralIptablesRules(network);
}
static void
@@ -2199,8 +2143,8 @@ networkReloadIptablesRules(struct network_driver *driver)
/* Only the three L3 network types that are configured by libvirt
* need to have iptables rules reloaded.
*/
- networkRemoveIptablesRules(driver, network);
- if (networkAddIptablesRules(driver, network) < 0) {
+ networkRemoveIptablesRules(network);
+ if (networkAddIptablesRules(network) < 0) {
/* failed to add but already logged */
}
}
@@ -2526,7 +2470,7 @@ networkStartNetworkVirtual(struct network_driver *driver,
goto err1;
/* Add "once per network" rules */
- if (networkAddIptablesRules(driver, network) < 0)
+ if (networkAddIptablesRules(network) < 0)
goto err1;
for (ii = 0;
@@ -2619,7 +2563,7 @@ networkStartNetworkVirtual(struct network_driver *driver,
err2:
if (!save_err)
save_err = virSaveLastError();
- networkRemoveIptablesRules(driver, network);
+ networkRemoveIptablesRules(network);
err1:
if (!save_err)
@@ -2644,8 +2588,7 @@ networkStartNetworkVirtual(struct network_driver *driver,
return -1;
}
-static int networkShutdownNetworkVirtual(struct network_driver *driver,
- virNetworkObjPtr network)
+static int networkShutdownNetworkVirtual(virNetworkObjPtr network)
{
virNetDevBandwidthClear(network->def->bridge);
@@ -2677,7 +2620,7 @@ static int networkShutdownNetworkVirtual(struct network_driver *driver,
ignore_value(virNetDevSetOnline(network->def->bridge, 0));
- networkRemoveIptablesRules(driver, network);
+ networkRemoveIptablesRules(network);
ignore_value(virNetDevBridgeDelete(network->def->bridge));
@@ -2802,7 +2745,7 @@ static int networkShutdownNetwork(struct network_driver *driver,
case VIR_NETWORK_FORWARD_NONE:
case VIR_NETWORK_FORWARD_NAT:
case VIR_NETWORK_FORWARD_ROUTE:
- ret = networkShutdownNetworkVirtual(driver, network);
+ ret = networkShutdownNetworkVirtual(network);
break;
case VIR_NETWORK_FORWARD_BRIDGE:
@@ -3490,8 +3433,8 @@ networkUpdate(virNetworkPtr net,
network->def->forward.type == VIR_NETWORK_FORWARD_NAT ||
network->def->forward.type == VIR_NETWORK_FORWARD_ROUTE)) {
/* these could affect the iptables rules */
- networkRemoveIptablesRules(driver, network);
- if (networkAddIptablesRules(driver, network) < 0)
+ networkRemoveIptablesRules(network);
+ if (networkAddIptablesRules(network) < 0)
goto cleanup;
}
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 16fbe9c..63a8031 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -88,52 +88,8 @@ enum {
REMOVE
};
-typedef struct
-{
- char *table;
- char *chain;
-} iptRules;
-
-struct _iptablesContext
-{
- iptRules *input_filter;
- iptRules *forward_filter;
- iptRules *nat_postrouting;
- iptRules *mangle_postrouting;
-};
-
-static void
-iptRulesFree(iptRules *rules)
-{
- VIR_FREE(rules->table);
- VIR_FREE(rules->chain);
- VIR_FREE(rules);
-}
-
-static iptRules *
-iptRulesNew(const char *table,
- const char *chain)
-{
- iptRules *rules;
-
- if (VIR_ALLOC(rules) < 0)
- return NULL;
-
- if (VIR_STRDUP(rules->table, table) < 0)
- goto error;
-
- if (VIR_STRDUP(rules->chain, chain) < 0)
- goto error;
-
- return rules;
-
- error:
- iptRulesFree(rules);
- return NULL;
-}
-
static virCommandPtr
-iptablesCommandNew(iptRules *rules, int family, int action)
+iptablesCommandNew(const char *table, const char *chain, int family, int action)
{
virCommandPtr cmd = NULL;
#if HAVE_FIREWALLD
@@ -150,9 +106,9 @@ iptablesCommandNew(iptRules *rules, int family, int action)
? IP6TABLES_PATH : IPTABLES_PATH);
}
- virCommandAddArgList(cmd, "--table", rules->table,
+ virCommandAddArgList(cmd, "--table", table,
action == ADD ? "--insert" : "--delete",
- rules->chain, NULL);
+ chain, NULL);
return cmd;
}
@@ -166,14 +122,14 @@ iptablesCommandRunAndFree(virCommandPtr cmd)
}
static int ATTRIBUTE_SENTINEL
-iptablesAddRemoveRule(iptRules *rules, int family, int action,
+iptablesAddRemoveRule(const char *table, const char *chain, int family, int action,
const char *arg, ...)
{
va_list args;
virCommandPtr cmd = NULL;
const char *s;
- cmd = iptablesCommandNew(rules, family, action);
+ cmd = iptablesCommandNew(table, chain, family, action);
virCommandAddArg(cmd, arg);
va_start(args, arg);
@@ -184,63 +140,8 @@ iptablesAddRemoveRule(iptRules *rules, int family, int action,
return iptablesCommandRunAndFree(cmd);
}
-/**
- * iptablesContextNew:
- *
- * Create a new IPtable context
- *
- * Returns a pointer to the new structure or NULL in case of error
- */
-iptablesContext *
-iptablesContextNew(void)
-{
- iptablesContext *ctx;
-
- if (VIR_ALLOC(ctx) < 0)
- return NULL;
-
- if (!(ctx->input_filter = iptRulesNew("filter", "INPUT")))
- goto error;
-
- if (!(ctx->forward_filter = iptRulesNew("filter", "FORWARD")))
- goto error;
-
- if (!(ctx->nat_postrouting = iptRulesNew("nat", "POSTROUTING")))
- goto error;
-
- if (!(ctx->mangle_postrouting = iptRulesNew("mangle", "POSTROUTING")))
- goto error;
-
- return ctx;
-
- error:
- iptablesContextFree(ctx);
- return NULL;
-}
-
-/**
- * iptablesContextFree:
- * @ctx: pointer to the IP table context
- *
- * Free the resources associated with an IP table context
- */
-void
-iptablesContextFree(iptablesContext *ctx)
-{
- if (ctx->input_filter)
- iptRulesFree(ctx->input_filter);
- if (ctx->forward_filter)
- iptRulesFree(ctx->forward_filter);
- if (ctx->nat_postrouting)
- iptRulesFree(ctx->nat_postrouting);
- if (ctx->mangle_postrouting)
- iptRulesFree(ctx->mangle_postrouting);
- VIR_FREE(ctx);
-}
-
static int
-iptablesInput(iptablesContext *ctx,
- int family,
+iptablesInput(int family,
const char *iface,
int port,
int action,
@@ -251,7 +152,7 @@ iptablesInput(iptablesContext *ctx,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- return iptablesAddRemoveRule(ctx->input_filter,
+ return iptablesAddRemoveRule("filter", "INPUT",
family,
action,
"--in-interface", iface,
@@ -274,12 +175,11 @@ iptablesInput(iptablesContext *ctx,
*/
int
-iptablesAddTcpInput(iptablesContext *ctx,
- int family,
+iptablesAddTcpInput(int family,
const char *iface,
int port)
{
- return iptablesInput(ctx, family, iface, port, ADD, 1);
+ return iptablesInput(family, iface, port, ADD, 1);
}
/**
@@ -294,12 +194,11 @@ iptablesAddTcpInput(iptablesContext *ctx,
* Returns 0 in case of success or an error code in case of error
*/
int
-iptablesRemoveTcpInput(iptablesContext *ctx,
- int family,
+iptablesRemoveTcpInput(int family,
const char *iface,
int port)
{
- return iptablesInput(ctx, family, iface, port, REMOVE, 1);
+ return iptablesInput(family, iface, port, REMOVE, 1);
}
/**
@@ -315,12 +214,11 @@ iptablesRemoveTcpInput(iptablesContext *ctx,
*/
int
-iptablesAddUdpInput(iptablesContext *ctx,
- int family,
+iptablesAddUdpInput(int family,
const char *iface,
int port)
{
- return iptablesInput(ctx, family, iface, port, ADD, 0);
+ return iptablesInput(family, iface, port, ADD, 0);
}
/**
@@ -335,12 +233,11 @@ iptablesAddUdpInput(iptablesContext *ctx,
* Returns 0 in case of success or an error code in case of error
*/
int
-iptablesRemoveUdpInput(iptablesContext *ctx,
- int family,
+iptablesRemoveUdpInput(int family,
const char *iface,
int port)
{
- return iptablesInput(ctx, family, iface, port, REMOVE, 0);
+ return iptablesInput(family, iface, port, REMOVE, 0);
}
@@ -381,8 +278,7 @@ static char *iptablesFormatNetwork(virSocketAddr *netaddr,
* to proceed to WAN
*/
static int
-iptablesForwardAllowOut(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesForwardAllowOut(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev,
@@ -395,7 +291,7 @@ iptablesForwardAllowOut(iptablesContext *ctx,
if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
return -1;
- cmd = iptablesCommandNew(ctx->forward_filter,
+ cmd = iptablesCommandNew("filter", "FORWARD",
VIR_SOCKET_ADDR_FAMILY(netaddr),
action);
virCommandAddArgList(cmd,
@@ -426,13 +322,12 @@ iptablesForwardAllowOut(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardAllowOut(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesAddForwardAllowOut(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
{
- return iptablesForwardAllowOut(ctx, netaddr, prefix, iface, physdev, ADD);
+ return iptablesForwardAllowOut(netaddr, prefix, iface, physdev, ADD);
}
/**
@@ -449,13 +344,12 @@ iptablesAddForwardAllowOut(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardAllowOut(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesRemoveForwardAllowOut(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
{
- return iptablesForwardAllowOut(ctx, netaddr, prefix, iface, physdev, REMOVE);
+ return iptablesForwardAllowOut(netaddr, prefix, iface, physdev, REMOVE);
}
@@ -463,8 +357,7 @@ iptablesRemoveForwardAllowOut(iptablesContext *ctx,
* and associated with an existing connection
*/
static int
-iptablesForwardAllowRelatedIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesForwardAllowRelatedIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev,
@@ -477,7 +370,7 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
return -1;
if (physdev && physdev[0]) {
- ret = iptablesAddRemoveRule(ctx->forward_filter,
+ ret = iptablesAddRemoveRule("filter", "FORWARD",
VIR_SOCKET_ADDR_FAMILY(netaddr),
action,
"--destination", networkstr,
@@ -488,7 +381,7 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
"--jump", "ACCEPT",
NULL);
} else {
- ret = iptablesAddRemoveRule(ctx->forward_filter,
+ ret = iptablesAddRemoveRule("filter", "FORWARD",
VIR_SOCKET_ADDR_FAMILY(netaddr),
action,
"--destination", networkstr,
@@ -516,13 +409,12 @@ iptablesForwardAllowRelatedIn(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardAllowRelatedIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesAddForwardAllowRelatedIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
{
- return iptablesForwardAllowRelatedIn(ctx, netaddr, prefix, iface, physdev, ADD);
+ return iptablesForwardAllowRelatedIn(netaddr, prefix, iface, physdev, ADD);
}
/**
@@ -539,20 +431,18 @@ iptablesAddForwardAllowRelatedIn(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardAllowRelatedIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesRemoveForwardAllowRelatedIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
{
- return iptablesForwardAllowRelatedIn(ctx, netaddr, prefix, iface, physdev, REMOVE);
+ return iptablesForwardAllowRelatedIn(netaddr, prefix, iface, physdev, REMOVE);
}
/* Allow all traffic destined to the bridge, with a valid network address
*/
static int
-iptablesForwardAllowIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesForwardAllowIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev,
@@ -565,7 +455,7 @@ iptablesForwardAllowIn(iptablesContext *ctx,
return -1;
if (physdev && physdev[0]) {
- ret = iptablesAddRemoveRule(ctx->forward_filter,
+ ret = iptablesAddRemoveRule("filter", "FORWARD",
VIR_SOCKET_ADDR_FAMILY(netaddr),
action,
"--destination", networkstr,
@@ -574,7 +464,7 @@ iptablesForwardAllowIn(iptablesContext *ctx,
"--jump", "ACCEPT",
NULL);
} else {
- ret = iptablesAddRemoveRule(ctx->forward_filter,
+ ret = iptablesAddRemoveRule("filter", "FORWARD",
VIR_SOCKET_ADDR_FAMILY(netaddr),
action,
"--destination", networkstr,
@@ -600,13 +490,12 @@ iptablesForwardAllowIn(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardAllowIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesAddForwardAllowIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
{
- return iptablesForwardAllowIn(ctx, netaddr, prefix, iface, physdev, ADD);
+ return iptablesForwardAllowIn(netaddr, prefix, iface, physdev, ADD);
}
/**
@@ -623,13 +512,12 @@ iptablesAddForwardAllowIn(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardAllowIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesRemoveForwardAllowIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
{
- return iptablesForwardAllowIn(ctx, netaddr, prefix, iface, physdev, REMOVE);
+ return iptablesForwardAllowIn(netaddr, prefix, iface, physdev, REMOVE);
}
@@ -637,12 +525,11 @@ iptablesRemoveForwardAllowIn(iptablesContext *ctx,
* with a valid network address
*/
static int
-iptablesForwardAllowCross(iptablesContext *ctx,
- int family,
+iptablesForwardAllowCross(int family,
const char *iface,
int action)
{
- return iptablesAddRemoveRule(ctx->forward_filter,
+ return iptablesAddRemoveRule("filter", "FORWARD",
family,
action,
"--in-interface", iface,
@@ -663,11 +550,10 @@ iptablesForwardAllowCross(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardAllowCross(iptablesContext *ctx,
- int family,
+iptablesAddForwardAllowCross(int family,
const char *iface)
{
- return iptablesForwardAllowCross(ctx, family, iface, ADD);
+ return iptablesForwardAllowCross(family, iface, ADD);
}
/**
@@ -682,11 +568,10 @@ iptablesAddForwardAllowCross(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardAllowCross(iptablesContext *ctx,
- int family,
+iptablesRemoveForwardAllowCross(int family,
const char *iface)
{
- return iptablesForwardAllowCross(ctx, family, iface, REMOVE);
+ return iptablesForwardAllowCross(family, iface, REMOVE);
}
@@ -694,12 +579,11 @@ iptablesRemoveForwardAllowCross(iptablesContext *ctx,
* ie the bridge is the in interface
*/
static int
-iptablesForwardRejectOut(iptablesContext *ctx,
- int family,
+iptablesForwardRejectOut(int family,
const char *iface,
int action)
{
- return iptablesAddRemoveRule(ctx->forward_filter,
+ return iptablesAddRemoveRule("filter", "FORWARD",
family,
action,
"--in-interface", iface,
@@ -718,11 +602,10 @@ iptablesForwardRejectOut(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardRejectOut(iptablesContext *ctx,
- int family,
+iptablesAddForwardRejectOut(int family,
const char *iface)
{
- return iptablesForwardRejectOut(ctx, family, iface, ADD);
+ return iptablesForwardRejectOut(family, iface, ADD);
}
/**
@@ -736,11 +619,10 @@ iptablesAddForwardRejectOut(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardRejectOut(iptablesContext *ctx,
- int family,
+iptablesRemoveForwardRejectOut(int family,
const char *iface)
{
- return iptablesForwardRejectOut(ctx, family, iface, REMOVE);
+ return iptablesForwardRejectOut(family, iface, REMOVE);
}
@@ -750,12 +632,11 @@ iptablesRemoveForwardRejectOut(iptablesContext *ctx,
* ie the bridge is the out interface
*/
static int
-iptablesForwardRejectIn(iptablesContext *ctx,
- int family,
+iptablesForwardRejectIn(int family,
const char *iface,
int action)
{
- return iptablesAddRemoveRule(ctx->forward_filter,
+ return iptablesAddRemoveRule("filter", "FORWARD",
family,
action,
"--out-interface", iface,
@@ -774,11 +655,10 @@ iptablesForwardRejectIn(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardRejectIn(iptablesContext *ctx,
- int family,
+iptablesAddForwardRejectIn(int family,
const char *iface)
{
- return iptablesForwardRejectIn(ctx, family, iface, ADD);
+ return iptablesForwardRejectIn(family, iface, ADD);
}
/**
@@ -792,11 +672,10 @@ iptablesAddForwardRejectIn(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardRejectIn(iptablesContext *ctx,
- int family,
+iptablesRemoveForwardRejectIn(int family,
const char *iface)
{
- return iptablesForwardRejectIn(ctx, family, iface, REMOVE);
+ return iptablesForwardRejectIn(family, iface, REMOVE);
}
@@ -804,8 +683,7 @@ iptablesRemoveForwardRejectIn(iptablesContext *ctx,
* with the bridge
*/
static int
-iptablesForwardMasquerade(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesForwardMasquerade(virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
virSocketAddrRangePtr addr,
@@ -841,7 +719,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
}
}
- cmd = iptablesCommandNew(ctx->nat_postrouting, AF_INET, action);
+ cmd = iptablesCommandNew("nat", "POSTROUTING", AF_INET, action);
virCommandAddArgList(cmd, "--source", networkstr, NULL);
if (protocol && protocol[0])
@@ -922,15 +800,14 @@ cleanup:
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardMasquerade(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesAddForwardMasquerade(virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
virSocketAddrRangePtr addr,
virPortRangePtr port,
const char *protocol)
{
- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, addr, port,
+ return iptablesForwardMasquerade(netaddr, prefix, physdev, addr, port,
protocol, ADD);
}
@@ -948,22 +825,20 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardMasquerade(iptablesContext *ctx,
- virSocketAddr *netaddr,
+iptablesRemoveForwardMasquerade(virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
virSocketAddrRangePtr addr,
virPortRangePtr port,
const char *protocol)
{
- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, addr, port,
+ return iptablesForwardMasquerade(netaddr, prefix, physdev, addr, port,
protocol, REMOVE);
}
static int
-iptablesOutputFixUdpChecksum(iptablesContext *ctx,
- const char *iface,
+iptablesOutputFixUdpChecksum(const char *iface,
int port,
int action)
{
@@ -972,7 +847,7 @@ iptablesOutputFixUdpChecksum(iptablesContext *ctx,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- return iptablesAddRemoveRule(ctx->mangle_postrouting,
+ return iptablesAddRemoveRule("mangle", "POSTROUTING",
AF_INET,
action,
"--out-interface", iface,
@@ -998,11 +873,10 @@ iptablesOutputFixUdpChecksum(iptablesContext *ctx,
*/
int
-iptablesAddOutputFixUdpChecksum(iptablesContext *ctx,
- const char *iface,
+iptablesAddOutputFixUdpChecksum(const char *iface,
int port)
{
- return iptablesOutputFixUdpChecksum(ctx, iface, port, ADD);
+ return iptablesOutputFixUdpChecksum(iface, port, ADD);
}
/**
@@ -1019,9 +893,8 @@ iptablesAddOutputFixUdpChecksum(iptablesContext *ctx,
* return an error, which should be ignored)
*/
int
-iptablesRemoveOutputFixUdpChecksum(iptablesContext *ctx,
- const char *iface,
+iptablesRemoveOutputFixUdpChecksum(const char *iface,
int port)
{
- return iptablesOutputFixUdpChecksum(ctx, iface, port, REMOVE);
+ return iptablesOutputFixUdpChecksum(iface, port, REMOVE);
}
diff --git a/src/util/viriptables.h b/src/util/viriptables.h
index b7ce59b..447f4a8 100644
--- a/src/util/viriptables.h
+++ b/src/util/viriptables.h
@@ -26,102 +26,77 @@
# include "virsocketaddr.h"
-typedef struct _iptablesContext iptablesContext;
-
-iptablesContext *iptablesContextNew (void);
-void iptablesContextFree (iptablesContext *ctx);
-
-int iptablesAddTcpInput (iptablesContext *ctx,
- int family,
+int iptablesAddTcpInput (int family,
const char *iface,
int port);
-int iptablesRemoveTcpInput (iptablesContext *ctx,
- int family,
+int iptablesRemoveTcpInput (int family,
const char *iface,
int port);
-int iptablesAddUdpInput (iptablesContext *ctx,
- int family,
+int iptablesAddUdpInput (int family,
const char *iface,
int port);
-int iptablesRemoveUdpInput (iptablesContext *ctx,
- int family,
+int iptablesRemoveUdpInput (int family,
const char *iface,
int port);
-int iptablesAddForwardAllowOut (iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesAddForwardAllowOut (virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
-int iptablesRemoveForwardAllowOut (iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesRemoveForwardAllowOut (virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
-int iptablesAddForwardAllowRelatedIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesAddForwardAllowRelatedIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
-int iptablesRemoveForwardAllowRelatedIn(iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesRemoveForwardAllowRelatedIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
-int iptablesAddForwardAllowIn (iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesAddForwardAllowIn (virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
-int iptablesRemoveForwardAllowIn (iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesRemoveForwardAllowIn (virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
-int iptablesAddForwardAllowCross (iptablesContext *ctx,
- int family,
+int iptablesAddForwardAllowCross (int family,
const char *iface);
-int iptablesRemoveForwardAllowCross (iptablesContext *ctx,
- int family,
+int iptablesRemoveForwardAllowCross (int family,
const char *iface);
-int iptablesAddForwardRejectOut (iptablesContext *ctx,
- int family,
+int iptablesAddForwardRejectOut (int family,
const char *iface);
-int iptablesRemoveForwardRejectOut (iptablesContext *ctx,
- int family,
+int iptablesRemoveForwardRejectOut (int family,
const char *iface);
-int iptablesAddForwardRejectIn (iptablesContext *ctx,
- int family,
+int iptablesAddForwardRejectIn (int family,
const char *iface);
-int iptablesRemoveForwardRejectIn (iptablesContext *ctx,
- int family,
+int iptablesRemoveForwardRejectIn (int family,
const char *iface);
-int iptablesAddForwardMasquerade (iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesAddForwardMasquerade (virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
virSocketAddrRangePtr addr,
virPortRangePtr port,
const char *protocol);
-int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
- virSocketAddr *netaddr,
+int iptablesRemoveForwardMasquerade (virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
virSocketAddrRangePtr addr,
virPortRangePtr port,
const char *protocol);
-int iptablesAddOutputFixUdpChecksum (iptablesContext *ctx,
- const char *iface,
+int iptablesAddOutputFixUdpChecksum (const char *iface,
int port);
-int iptablesRemoveOutputFixUdpChecksum (iptablesContext *ctx,
- const char *iface,
+int iptablesRemoveOutputFixUdpChecksum (const char *iface,
int port);
#endif /* __QEMUD_IPTABLES_H__ */
--
1.8.1.4
3
3
---
Pushed as trivial.
src/qemu/qemu_command.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4d70004..ba93233 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7003,7 +7003,7 @@ qemuBuildCommandLine(virConnectPtr conn,
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unsupported rtc tickpolicy '%s'"),
virDomainTimerTickpolicyTypeToString(def->clock.timers[i]->tickpolicy));
- goto error;
+ goto error;
}
} else if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RTC)
&& (def->clock.timers[i]->tickpolicy
--
1.8.1.5
1
0
As planned I released libvirt-1.1.0 a couple of hours ago after
a couple more patches and a fix for CVE-2013-2218 were applied. It
should be available on the server along with the rpms:
ftp://libvirt.org/libvirt/
The biggest feature leading to the bump in medium release number is
the adition of ACL for individual access control of each API, until now
there was only two classes of access read-only and read write, this
feature is a big enhancement we have been thinking about for years!
This version includes a relatively smaller amount of patches though,
around 200, with a balanced set of bug fixes and enhancements, plus
the fix for CVE-2013-2218 which is afftecting 1.0.6 release.
Features:
- Extensible migration APIs (Jiri Denemark)
- Fine grained ACL support for the API (Daniel P. Berrange)
- various improvements in the Xen driver (Jim Fehlig and Marek Marczykowski-Górecki)
- improve networking support on BSD (Roman Bogorodskiy)
- agent based vCPU hotplug support (Peter Krempa)
Security:
- CVE-2013-2218: Fix crash listing network interfaces with filters (Daniel P. Berrange)
Documentation:
- Document security reporting & handling process (Daniel P. Berrange)
- Fix reference to #elementsUSB (Philipp Hahn)
- Fix sample TPM XML (Stefan Berger)
- correct and update network vlan example (Laine Stump)
- add spaces to formatstorage.html (Ján Tomko)
Portability:
- spec: require xen-devel for libxl driver (Eric Blake)
- Conditionalize use of IF_MAXUNIT in virnetdevtap.c (Daniel P. Berrange)
- Replace use of 'in_addr_t' with 'struct in_addr' (Daniel P. Berrange)
- build: Fix VPATH build for access/* (Viktor Mihajlovski)
- util: fix build error on non-Linux systems (Laine Stump)
- conf: Swap order of AddImplicitControllers and DomainDefPostParse (Viktor Mihajlovski)
- S390: Testcase for console default target type (virtio) (Viktor Mihajlovski)
- Fix units in virNetDevBridgeSetSTPDelay on BSD (Roman Bogorodskiy)
- build: Fix check-aclrules in VPATH build (Jiri Denemark)
- build: Fix build with -Werror (Jim Fehlig)
- use net/if.h instead of linux/if.h (Roman Bogorodskiy)
- build: fix build without posix_fallocate (Eric Blake)
- spec: Explicitly require libgcrypt-devel (Jiri Denemark)
Bug Fixes:
- pci: initialize virtual_functions array pointer to avoid segfault (Laine Stump)
- node device driver: update driver name during dumpxml (Laine Stump)
- Resolve valgrind errors for nodedev cap parsing (John Ferlan)
- Resolve valgrind error in remoteConfigGetStringList() (John Ferlan)
- Resolve valgrind error in virStorageBackendCreateQemuImgCmd() (John Ferlan)
- Resolve valgrind error in virNetDevVlanParse() (John Ferlan)
- Fix vPort management: FC vHBA creation (Dennis Chen)
- bridge: don't crash on bandwidth unplug with no bandwidth (Ján Tomko)
- Plug leak in virCgroupMoveTask (Ján Tomko)
- Fix invalid read in virCgroupGetValueStr (Ján Tomko)
- qemu: fix infinite loop in OOM error path (Laine Stump)
- pci: fix dangling pointer in qemuDomainReAttachHostdevDevices (Laine Stump)
- pci: eliminate leak in OOM condition (Laine Stump)
- util: fix bug found by Coverity (Laine Stump)
- Fix possible NULL dereference during migration (Jiri Denemark)
- virsh: edit: don't leak XML string on reedit or redefine (Ján Tomko)
- qemu: don't reset PCI devices being assigned with VFIO (Laine Stump)
- pci: eliminate memory leak in virPCIDeviceReattach (Laine Stump)
- qemu: check if block I/O limits fit into long long (Ján Tomko)
- network: increase max number of routes (Laine Stump)
- lxc: Resolve issue with GetScheduler APIs for non running domain (John Ferlan)
- qemu: Resolve issue with GetScheduler APIs for non running domain (John Ferlan)
- qemu: Avoid leaking uri in qemuMigrationPrepareDirect (Jiri Denemark)
- udev: fix crash in libudev logging (Ján Tomko)
- remote: Fix client crash when URI path is empty when using ssh (Peter Krempa)
- remote: Forbid default "/session" connections when using ssh transport (Peter Krempa)
- nodedev: fix vport detection for FC HBA (Ján Tomko)
- qemu: Fix memory leak in Prepare phase (Jiri Denemark)
- virSocketAddrIsWildcard: Use IN6_IS_ADDR_UNSPECIFIED correctly (Michal Privoznik)
- Fix ordering of file open in virProcessGetNamespaces (Richard Weinberger)
- qemuDomainGetVcpusFlags: Initialize ncpuinfo (Michal Privoznik)
- virtlockd: fix socket path (Ján Tomko)
- nwfilter: grab driver lock earlier during init (bz96649) (Stefan Berger)
- Fix a invalid usage of virDomainNetDef in OpenVZ driver (Alvaro Polo)
- use virBitmapFree instead of VIR_FREE for cpumask (Ján Tomko)
- usb: don't spoil decimal addresses (Martin Kletzander)
Improvements:
- Allow RO connections to interface udev backend (Doug Goldstein)
- virsh: Add parenthesis into virsh nodedev-detach help (xuzhang)
- nodedev: add iommuGroup to node device object (Laine Stump)
- pci: new iommu_group functions (Laine Stump)
- network: allow <vlan> in type='hostdev' networks (Laine Stump)
- test: include qemuhotplugtest data files in source rpm (Laine Stump)
- pci: virPCIDeviceListAddCopy API (Laine Stump)
- pci: update stubDriver name in virPCIDeviceBindToStub (Laine Stump)
- pci: eliminate repetitive path constructions in virPCIDeviceBindToStub (Laine Stump)
- pci: rename virPCIParseDeviceAddress and make it public (Laine Stump)
- pci: rename virPCIDeviceGetVFIOGroupDev to virPCIDeviceGetIOMMUGroupDev (Laine Stump)
- pci: eliminate unused driver arg from virPCIDeviceDetach (Laine Stump)
- tests: Introduce qemuhotplugtest (Michal Privoznik)
- qemu: Implement support for VIR_MIGRATE_PARAM_GRAPHICS_URI (Jiri Denemark)
- Implement extensible migration APIs in qemu driver (Jiri Denemark)
- qemu: Move internals of Confirm phase to qemu_migration.c (Jiri Denemark)
- qemu: Move common parts of Prepare phase to qemu_migration.c (Jiri Denemark)
- qemu: Move internals of Begin phase to qemu_migration.c (Jiri Denemark)
- Use 1.1.0 everywhere in the documentation (Ján Tomko)
- Add polkit policy for API checks to rpm spec (Daniel Veillard)
- Configure native vlan modes on Open vSwitch ports (james robson)
- Introduce VIR_MIGRATE_PARAM_GRAPHICS_URI parameter (Jiri Denemark)
- virsh: Use extensible migration APIs (Jiri Denemark)
- python: Add bindings for extensible migration APIs (Jiri Denemark)
- Adapt virDomainMigratePeer2Peer for extensible migration APIs (Jiri Denemark)
- Adapt virDomainMigrateVersion3 for extensible migration APIs (Jiri Denemark)
- Implement extensible migration APIs in remote driver (Jiri Denemark)
- New internal migration APIs with extensible parameters (Jiri Denemark)
- Introduce migration parameters (Jiri Denemark)
- Introduce virTypedParamsCopy internal API (Jiri Denemark)
- Log input type parameters in API entry points (Jiri Denemark)
- Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params (Jiri Denemark)
- Introduce virTypedParamsReplaceString internal API (Jiri Denemark)
- Introduce virTypedParamsCheck internal API (Jiri Denemark)
- util: Emit proper error code in virTypedParamsValidate (Jiri Denemark)
- Rename virTypedParameterArrayValidate as virTypedParamsValidate (Jiri Denemark)
- pci: make virPCIDeviceDetach consistent in behavior (Laine Stump)
- pci: new utility functions (Laine Stump)
- pci: change stubDriver from const char* to char* (Laine Stump)
- syntax: virPCIDeviceFree is also a NOP for NULL args (Laine Stump)
- libxl: support qdisk backend (Jim Fehlig)
- libxl: Fix disk format error message (Jim Fehlig)
- Add validation that all APIs contain ACL checks (Daniel P. Berrange)
- Set process ID in system identity (Daniel P. Berrange)
- Add ACL checks into the secrets driver (Daniel P. Berrange)
- Add ACL checks into the nwfilter driver (Daniel P. Berrange)
- Add ACL checks into the node device driver (Daniel P. Berrange)
- Add ACL checks into the interface driver (Daniel P. Berrange)
- Add ACL checks into the network driver (Daniel P. Berrange)
- Add ACL checks into the storage driver (Daniel P. Berrange)
- Add ACL checks into the libxl driver (Daniel P. Berrange)
- Add ACL checks into the Xen driver (Daniel P. Berrange)
- Add ACL checks into the UML driver (Daniel P. Berrange)
- Add ACL checks into the LXC driver (Daniel P. Berrange)
- Add ACL checks into the QEMU driver (Daniel P. Berrange)
- Auto-generate helpers for checking access control rules (Daniel P. Berrange)
- Add ACL annotations to all RPC messages (Daniel P. Berrange)
- Setup default access control manager in libvirtd (Daniel P. Berrange)
- Set conn->driver before running driver connectOpen method (Daniel P. Berrange)
- Define basic internal API for access control (Daniel P. Berrange)
- netdev: accept NULL in virNetDevSetupControl (Ján Tomko)
- xen: Implement virConnectGetSysinfo (Jim Fehlig)
- libxl: Implement virConnectGetSysinfo (Jim Fehlig)
- libxl: Allow libxl to set NIC devid (Jim Fehlig)
- storage: add support for creating qcow2 images with extensions (Ján Tomko)
- conf: add features to volume target XML (Ján Tomko)
- util: add support for qcow2v3 image detection (Ján Tomko)
- qemu: add hv_vapic and hv_spinlocks support (Ján Tomko)
- conf: add vapic and spinlocks to hyperv features (Ján Tomko)
- BSD: implement bridge add/remove port and set STP (Roman Bogorodskiy)
- BSD: implement virNetDevBridgeCreate() and virNetDevBridgeDelete() (Roman Bogorodskiy)
- conf: Requires either uuid or usage of secret (Osier Yang)
- qemu: Make probing for commands declarative (Jiri Denemark)
- qemu: Make probing for events declarative (Jiri Denemark)
- libxl: support paused domain restore in virDomainRestoreFlags (Marek Marczykowski-Górecki)
- qemuDomainChangeGraphics: Check listen address change by listen type (Michal Privoznik)
- libxl: initialize device structures (Marek Marczykowski-Górecki)
- libxl: populate xenstore memory entries at startup, handle dom0_mem (Marek Marczykowski-Górecki)
- conf: split out snapshot disk XML formatting (Ján Tomko)
- storage: rework qemu-img command line generation (Ján Tomko)
- util: switch virBufferTrim to void (Ján Tomko)
- migration: Don't propagate VIR_MIGRATE_ABORT_ON_ERROR (Peter Krempa)
- migration: Make erroring out on I/O error controllable by flag (Peter Krempa)
- qemu_migration: Move waiting for SPICE migration (Michal Privoznik)
- spec: Enable KVM support on ARM (Cole Robinson)
- virsh: Support SCSI_GENERIC cap flag for nodedev-list (Osier Yang)
- nodedev: Support SCSI_GENERIC cap flag for listAllNodeDevices (Osier Yang)
- nodedev_hal: Enumerate scsi generic device (Osier Yang)
- nodedev_udev: Enumerate scsi generic device (Osier Yang)
- qemu: set QEMU_CAPS_DEVICE_VIDEO_PRIMARY cap flag in QMP detection (Guannan Ren)
- nodedev_udev: changes missed by commit 1aa0ba3cef (Osier Yang)
- nodedev_udev: Refactor udevGetDeviceType (Osier Yang)
- nodedev: Expose sysfs path of device (Osier Yang)
- Move virGetUserEnt() to where its needed (Doug Goldstein)
- BSD: implement virNetDevTapCreate() and virNetDevTapDelete() (Roman Bogorodskiy)
- Make virNetDevSetupControl() public. (Roman Bogorodskiy)
- LXC: s/chroot/chdir in lxcContainerPivotRoot() (Richard Weinberger)
- Implement dispose method for libxlDomainObjPrivate (Frediano Ziglio)
- libxl: allow only 'ethernet' and 'bridge' interfaces, allow script there (Marek Marczykowski-Górecki)
- qemu: allow restore with non-migratable XML input (Ján Tomko)
- libxl: set bootloader for PV domains if not specified (Jim Fehlig)
- libxl: Report connect type as Xen (Jim Fehlig)
- schema: simplify RNG pattern, remove superfluous <optional> (Claudio Bley)
- libvirt_private.syms: add virProcessGetStartTime (Ján Tomko)
- qemu: Forbid migration of machines with I/O errors (Peter Krempa)
- qemu: Cancel migration if guest encoutners I/O error while migrating (Peter Krempa)
- qemu_migrate: Dispose listen address if set from config (Michal Privoznik)
- selinux: assume 's0' if the range is empty (Ján Tomko)
- storage: fix description of versionOffset (Martin Kletzander)
- spec: Drop Requires: vbox (Cole Robinson)
- Prefer VIR_STRDUP over virAsprintf(&dst, "%s", str) (Michal Privoznik)
- qemu: Implement new QMP command for cpu hotplug (Peter Krempa)
- qemu: Implement support for VIR_DOMAIN_VCPU_AGENT in qemuDomainSetVcpusFlags (Peter Krempa)
- qemu: Implement request of vCPU state using the guest agent (Peter Krempa)
- API: Introduce VIR_DOMAIN_VCPU_AGENT, for agent based CPU hot(un)plug (Peter Krempa)
- qemu_agent: Introduce helpers for agent based CPU hot(un)plug (Peter Krempa)
- qemu: Use bool instead of int in qemuMonitorSetCPU APIs (Peter Krempa)
- virsh-domain-monitor: Remove ATTRIBUTE_UNUSED from a argument (Peter Krempa)
- Add support for VirtualBox 4.2 APIs (ryan woodsmall)
- qemuDomainMigrateGraphicsRelocate: Use then new virSocketAddrIsWildcard (Michal Privoznik)
- virsocket: Introduce virSocketAddrIsWildcard (Michal Privoznik)
- iscsi: pass hostnames to iscsiadm instead of resolving them (Ján Tomko)
- qemu: Report the offset from host UTC for RTC_CHANGE event (Osier Yang)
- qemu: simplify CPU command line parsing (Ján Tomko)
- qemu: change two-state int parameters to bool (Ján Tomko)
- nwfilter: change two-state int parameters to bool (Ján Tomko)
- Remove redundant two-state integers (Ján Tomko)
- Replace two-state local integers with bool (Ján Tomko)
- storage: Avoid unnecessary ternary operators and refactor the code (Peter Krempa)
- openvz: Fix code coverage issue in OpenVZ driver (Alvaro Polo)
- qemu: Reformat listen address prior to checking (Michal Privoznik)
- Ensure non-root can read /proc/meminfo file in LXC containers (Daniel P. Berrange)
- storage: Provide better error message if metadata pre-alloc is unsupported (Peter Krempa)
- storage: Clean up function header and reflow error message (Peter Krempa)
- storagevolxml2argvtest: Report better error messages on test failure (Peter Krempa)
- maint: don't use config.h in .h files (Eric Blake)
- qemu: Abstract code for the cpu controller setting into a helper (Osier Yang)
- storage: Forbid to shrink the vol's capacity if no --shrink is specified (Osier Yang)
- storage: Support preallocate the new capacity for vol-resize (Osier Yang)
- snapshot: remove mutually exclusive memory and disk-only duplicate check (Guannan Ren)
- virsh: Allow attach-disk to specify disk wwn (Osier Yang)
- tests: fix typo in securityselinuxtest (Ján Tomko)
- virsh: Obey pool-or-uuid spec when creating volumes (Jiri Denemark)
- libvirt-qemu: Dispatch errors from virDomainQemuAgentCommand() (Peter Krempa)
- qemu: Properly report guest agent errors on command passthrough (Peter Krempa)
- virsh-domain: Report errors and don't deref NULL in qemu-agent-command (Peter Krempa)
- RPC: Support up to 16384 cpus on the host and 4096 in the guest (Peter Krempa)
- virsh iface-bridge: Ignore delay if stp is turned off (Jiri Denemark)
- Fix warning about using an uninitialized next_unit value (Jiri Denemark)
- virsh-domain: Add --live, --config, --current logic to cmdAttachInterface (Peter Krempa)
- virsh-domain: Add --live, --config, --current logic to cmdAttachDisk (Peter Krempa)
- virsh-domain: Add --live, --config, --current logic to cmdAttachDevice (Peter Krempa)
Cleanups:
- Get rid of useless VIR_STORAGE_FILE_FEATURE_NONE (Ján Tomko)
- configure: Remove unused brctl check (Cole Robinson)
- storage_backend: Drop unused code (Cole Robinson)
- Remove legacy code for single-instance devpts filesystem (Daniel P. Berrange)
Thanks everybody for your contributions to this release, with ideas,
reports, patches, documentation or localizations !
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
2
1
v1: https://www.redhat.com/archives/libvir-list/2013-June/msg00573.html
v1->v2: Remove VIR_DOMAIN_SNAPSHOT_DELETE_CURRENT flag
(name == NULL) means deleting current snapshot object
Rebase work
Add a new snapshot API to delete snapshot object atomically
int virDomainSnapshotDeleteByName(virDomainPtr domain,
const char *name,
unsigned int flags);
The existing virDomainSnapshotDelete API accepts the snapshot
object being deleted as an argument that would be not API atomic.
Guannan Ren(5)
[PATCH v2 1/5] snapshot: define new API virDomainSnapshotDeleteByName
[PATCH v2 2/5] auto generate RPC calls for remoteDomainSnapshotDeleteByName
[PATCH v2 3/5] qemu: implement SnapshotDeleteByName
[PATCH v2 4/5] python: make auto-generated function name nicer
[PATCH v2 5/5] virsh: use virDomainSnapshotDeleteByName in virsh
include/libvirt/libvirt.h.in | 4 ++++
python/generator.py | 3 +++
src/driver.h | 6 ++++++
src/libvirt.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/libvirt_public.syms | 5 +++++
src/qemu/qemu_driver.c | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 14 +++++++++++++-
src/remote_protocol-structs | 6 ++++++
tools/virsh-snapshot.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++----------
10 files changed, 245 insertions(+), 33 deletions(-)
2
8
[libvirt] [PATCH v5] qemu: Implement CPUs check against machine type's cpu-max
by Michal Novotny 01 Jul '13
by Michal Novotny 01 Jul '13
01 Jul '13
Implement check whether (maximum) vCPUs doesn't exceed machine
type's cpu-max settings.
Differences between v4 and v5 (this one):
- Changed type to unsigned int
- Renamed variable to maxCpus to match previous naming
- When machines types are parsed from command line set maxCpus = 0 to don't show
Differences between v3 and v4:
- Rebased to latest libvirt version
- Capability XML output extended by maxCpus field
- Extended caps-qemu-kvm.xml test by maxCpus for one of test emulators
On older versions of QEMU the check is disabled.
Signed-off-by: Michal Novotny <minovotn(a)redhat.com>
---
docs/schemas/capability.rng | 5 ++++
src/conf/capabilities.c | 4 +++
src/conf/capabilities.h | 1 +
src/qemu/qemu_capabilities.c | 40 +++++++++++++++++++++++++++-
src/qemu/qemu_capabilities.h | 3 ++-
src/qemu/qemu_monitor.h | 1 +
src/qemu/qemu_monitor_json.c | 6 +++++
src/qemu/qemu_process.c | 21 +++++++++++++++
tests/capabilityschemadata/caps-qemu-kvm.xml | 16 +++++------
9 files changed, 87 insertions(+), 10 deletions(-)
diff --git a/docs/schemas/capability.rng b/docs/schemas/capability.rng
index 106ca73..65c7c72 100644
--- a/docs/schemas/capability.rng
+++ b/docs/schemas/capability.rng
@@ -290,6 +290,11 @@
<text/>
</attribute>
</optional>
+ <optional>
+ <attribute name='maxCpus'>
+ <ref name='unsignedInt'/>
+ </attribute>
+ </optional>
<text/>
</element>
</define>
diff --git a/src/conf/capabilities.c b/src/conf/capabilities.c
index da92c78..5aeb2ab 100644
--- a/src/conf/capabilities.c
+++ b/src/conf/capabilities.c
@@ -853,6 +853,8 @@ virCapabilitiesFormatXML(virCapsPtr caps)
virBufferAddLit(&xml, " <machine");
if (machine->canonical)
virBufferAsprintf(&xml, " canonical='%s'", machine->canonical);
+ if (machine->maxCpus > 0)
+ virBufferAsprintf(&xml, " maxCpus='%d'", machine->maxCpus);
virBufferAsprintf(&xml, ">%s</machine>\n", machine->name);
}
@@ -871,6 +873,8 @@ virCapabilitiesFormatXML(virCapsPtr caps)
virBufferAddLit(&xml, " <machine");
if (machine->canonical)
virBufferAsprintf(&xml, " canonical='%s'", machine->canonical);
+ if (machine->maxCpus > 0)
+ virBufferAsprintf(&xml, " maxCpus='%d'", machine->maxCpus);
virBufferAsprintf(&xml, ">%s</machine>\n", machine->name);
}
virBufferAddLit(&xml, " </domain>\n");
diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h
index abcf6de..6c7efde 100644
--- a/src/conf/capabilities.h
+++ b/src/conf/capabilities.h
@@ -46,6 +46,7 @@ typedef virCapsGuestMachine *virCapsGuestMachinePtr;
struct _virCapsGuestMachine {
char *name;
char *canonical;
+ unsigned int maxCpus;
};
typedef struct _virCapsGuestDomainInfo virCapsGuestDomainInfo;
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index c4e076a..969b001 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -256,6 +256,7 @@ struct _virQEMUCaps {
size_t nmachineTypes;
char **machineTypes;
char **machineAliases;
+ unsigned int *machineMaxCpus;
};
struct _virQEMUCapsCache {
@@ -335,6 +336,7 @@ virQEMUCapsSetDefaultMachine(virQEMUCapsPtr qemuCaps,
{
char *name = qemuCaps->machineTypes[defIdx];
char *alias = qemuCaps->machineAliases[defIdx];
+ unsigned int maxCpus = qemuCaps->machineMaxCpus[defIdx];
memmove(qemuCaps->machineTypes + 1,
qemuCaps->machineTypes,
@@ -342,8 +344,12 @@ virQEMUCapsSetDefaultMachine(virQEMUCapsPtr qemuCaps,
memmove(qemuCaps->machineAliases + 1,
qemuCaps->machineAliases,
sizeof(qemuCaps->machineAliases[0]) * defIdx);
+ memmove(qemuCaps->machineMaxCpus + 1,
+ qemuCaps->machineMaxCpus,
+ sizeof(qemuCaps->machineMaxCpus[0]) * defIdx);
qemuCaps->machineTypes[0] = name;
qemuCaps->machineAliases[0] = alias;
+ qemuCaps->machineMaxCpus[0] = maxCpus;
}
/* Format is:
@@ -390,7 +396,8 @@ virQEMUCapsParseMachineTypesStr(const char *output,
}
if (VIR_REALLOC_N(qemuCaps->machineTypes, qemuCaps->nmachineTypes + 1) < 0 ||
- VIR_REALLOC_N(qemuCaps->machineAliases, qemuCaps->nmachineTypes + 1) < 0) {
+ VIR_REALLOC_N(qemuCaps->machineAliases, qemuCaps->nmachineTypes + 1) < 0 ||
+ VIR_REALLOC_N(qemuCaps->machineMaxCpus, qemuCaps->nmachineTypes + 1) < 0) {
VIR_FREE(name);
VIR_FREE(canonical);
virReportOOMError();
@@ -404,6 +411,8 @@ virQEMUCapsParseMachineTypesStr(const char *output,
qemuCaps->machineTypes[qemuCaps->nmachineTypes-1] = name;
qemuCaps->machineAliases[qemuCaps->nmachineTypes-1] = NULL;
}
+ /* When parsing from command line we don't have information about maxCpus */
+ qemuCaps->machineMaxCpus[qemuCaps->nmachineTypes-1] = 0;
} while ((p = next));
@@ -1764,11 +1773,14 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemuCaps)
goto no_memory;
if (VIR_ALLOC_N(ret->machineAliases, qemuCaps->nmachineTypes) < 0)
goto no_memory;
+ if (VIR_ALLOC_N(ret->machineMaxCpus, qemuCaps->nmachineTypes) < 0)
+ goto no_memory;
ret->nmachineTypes = qemuCaps->nmachineTypes;
for (i = 0; i < qemuCaps->nmachineTypes; i++) {
if (VIR_STRDUP(ret->machineTypes[i], qemuCaps->machineTypes[i]) < 0 ||
VIR_STRDUP(ret->machineAliases[i], qemuCaps->machineAliases[i]) < 0)
goto error;
+ ret->machineMaxCpus[i] = qemuCaps->machineMaxCpus[i];
}
return ret;
@@ -1792,6 +1804,7 @@ void virQEMUCapsDispose(void *obj)
}
VIR_FREE(qemuCaps->machineTypes);
VIR_FREE(qemuCaps->machineAliases);
+ VIR_FREE(qemuCaps->machineMaxCpus);
for (i = 0; i < qemuCaps->ncpuDefinitions; i++) {
VIR_FREE(qemuCaps->cpuDefinitions[i]);
@@ -1932,6 +1945,7 @@ int virQEMUCapsGetMachineTypesCaps(virQEMUCapsPtr qemuCaps,
if (VIR_STRDUP(mach->name, qemuCaps->machineTypes[i]) < 0)
goto error;
}
+ mach->maxCpus = qemuCaps->machineMaxCpus[i];
(*machines)[i] = mach;
}
@@ -1966,6 +1980,25 @@ const char *virQEMUCapsGetCanonicalMachine(virQEMUCapsPtr qemuCaps,
}
+int virQEMUCapsGetMachineMaxCpus(virQEMUCapsPtr qemuCaps,
+ const char *name)
+{
+ size_t i;
+
+ if (!name)
+ return 0;
+
+ for (i = 0; i < qemuCaps->nmachineTypes; i++) {
+ if (!qemuCaps->machineMaxCpus[i])
+ continue;
+ if (STREQ(qemuCaps->machineTypes[i], name))
+ return qemuCaps->machineMaxCpus[i];
+ }
+
+ return 0;
+}
+
+
static int
virQEMUCapsProbeQMPCommands(virQEMUCapsPtr qemuCaps,
qemuMonitorPtr mon)
@@ -2083,6 +2116,10 @@ virQEMUCapsProbeQMPMachineTypes(virQEMUCapsPtr qemuCaps,
virReportOOMError();
goto cleanup;
}
+ if (VIR_ALLOC_N(qemuCaps->machineMaxCpus, nmachines) < 0) {
+ virReportOOMError();
+ goto cleanup;
+ }
for (i = 0; i < nmachines; i++) {
if (VIR_STRDUP(qemuCaps->machineAliases[i], machines[i]->alias) < 0 ||
@@ -2090,6 +2127,7 @@ virQEMUCapsProbeQMPMachineTypes(virQEMUCapsPtr qemuCaps,
goto cleanup;
if (machines[i]->isDefault)
defIdx = i;
+ qemuCaps->machineMaxCpus[i] = machines[i]->maxCpus;
}
qemuCaps->nmachineTypes = nmachines;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 64a4b1d..7088747 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -234,7 +234,8 @@ size_t virQEMUCapsGetMachineTypes(virQEMUCapsPtr qemuCaps,
char ***names);
const char *virQEMUCapsGetCanonicalMachine(virQEMUCapsPtr qemuCaps,
const char *name);
-
+int virQEMUCapsGetMachineMaxCpus(virQEMUCapsPtr qemuCaps,
+ const char *name);
int virQEMUCapsGetMachineTypesCaps(virQEMUCapsPtr qemuCaps,
size_t *nmachines,
virCapsGuestMachinePtr **machines);
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 3d9afa3..86ef635 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -654,6 +654,7 @@ struct _qemuMonitorMachineInfo {
char *name;
bool isDefault;
char *alias;
+ unsigned int maxCpus;
};
int qemuMonitorGetMachines(qemuMonitorPtr mon,
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 88a0dc9..c0d7960 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -4042,6 +4042,12 @@ int qemuMonitorJSONGetMachines(qemuMonitorPtr mon,
if (VIR_STRDUP(info->alias, tmp) < 0)
goto cleanup;
}
+ if (virJSONValueObjectHasKey(child, "cpu-max") &&
+ virJSONValueObjectGetNumberUint(child, "cpu-max", &info->maxCpus) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("query-machines reply has malformed 'cpu-max' data"));
+ goto cleanup;
+ }
}
ret = n;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 5a0f18b..ac5ffcf 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3330,6 +3330,24 @@ error:
}
+static bool
+qemuValidateCpuMax(virDomainDefPtr def, virQEMUCapsPtr qemuCaps)
+{
+ unsigned int maxCpus;
+
+ maxCpus = virQEMUCapsGetMachineMaxCpus(qemuCaps, def->os.machine);
+ if (!maxCpus)
+ return true;
+
+ if (def->maxvcpus > maxCpus) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ "%s", _("Maximum CPUs greater than specified machine type limit"));
+ return false;
+ }
+
+ return true;
+}
+
int qemuProcessStart(virConnectPtr conn,
virQEMUDriverPtr driver,
virDomainObjPtr vm,
@@ -3519,6 +3537,9 @@ int qemuProcessStart(virConnectPtr conn,
vm->def->emulator)))
goto cleanup;
+ if (!qemuValidateCpuMax(vm->def, priv->qemuCaps))
+ goto cleanup;
+
if (qemuAssignDeviceAliases(vm->def, priv->qemuCaps) < 0)
goto cleanup;
diff --git a/tests/capabilityschemadata/caps-qemu-kvm.xml b/tests/capabilityschemadata/caps-qemu-kvm.xml
index 36c4b49..1fbc22b 100644
--- a/tests/capabilityschemadata/caps-qemu-kvm.xml
+++ b/tests/capabilityschemadata/caps-qemu-kvm.xml
@@ -33,18 +33,18 @@
<arch name='i686'>
<wordsize>32</wordsize>
<emulator>/usr/bin/qemu</emulator>
- <machine>pc-0.11</machine>
- <machine canonical='pc-0.11'>pc</machine>
- <machine>pc-0.10</machine>
- <machine>isapc</machine>
+ <machine maxCpus='255'>pc-0.11</machine>
+ <machine canonical='pc-0.11' maxCpus='255'>pc</machine>
+ <machine maxCpus='255'>pc-0.10</machine>
+ <machine maxCpus='1'>isapc</machine>
<domain type='qemu'>
</domain>
<domain type='kvm'>
<emulator>/usr/bin/qemu-kvm</emulator>
- <machine>pc-0.11</machine>
- <machine canonical='pc-0.11'>pc</machine>
- <machine>pc-0.10</machine>
- <machine>isapc</machine>
+ <machine maxCpus='255'>pc-0.11</machine>
+ <machine canonical='pc-0.11' maxCpus='255'>pc</machine>
+ <machine maxCpus='255'>pc-0.10</machine>
+ <machine maxCpus='1'>isapc</machine>
</domain>
</arch>
<features>
--
1.7.11.7
2
3