On 11/10/2011 06:28 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange"<berrange(a)redhat.com>
Support creation of macvlan devices for LXC containers. Do not
allow setting of network filters, bandwidth controls or vport
profiles due to the complication that there is no host side
visible device to work with.
* src/lxc/lxc_driver.c: Support type=direct interfaces
---
src/lxc/lxc_driver.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 105 insertions(+), 1 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 4f6807b..09752a3 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1230,6 +1230,102 @@ cleanup:
return ret;
}
+
+static int lxcSetupInterfaceDirect(virConnectPtr conn,
+ virDomainDefPtr def,
+ virDomainNetDefPtr net,
+ unsigned int *nveths,
+ char ***veths)
+{
+ int ret = 0;
+ char *res_ifname = NULL;
+ lxc_driver_t *driver = conn->privateData;
+ virNetDevBandwidthPtr bw;
+ virNetDevVPortProfilePtr prof;
+
+ /* XXX how todo filtering ?
+ * Since the 'net-ifname' is about to be moved to a different
+ * namespace& renamed, there will be no host side visible
+ * interface for the container to attach rules to
+ */
Afaik, filtering doesn't work on the direct interfaces anyway due to
missing hooks in their kernel implementation. At least I have been told
so about the macvtap type of device.
+ if (net->filter) {
+ lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Unable to set network filters on direct interfaces"));
+ return -1;
+ }
+
+ /* XXX how todo bandwidth controls ?
+ * Since the 'net-ifname' is about to be moved to a different
+ * namespace& renamed, there will be no host side visible
+ * interface for the container to attach rules to
+ */
+ bw = virDomainNetGetActualBandwidth(net);
+ if (bw) {
+ lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Unable to set network bandwidth on direct interfaces"));
+ return -1;
+ }
+
+ /* XXX how todo port profiles ?
+ * Although we can do the association during container
+ * startup, at shutdown we are unable to disassociate
+ * because the macvlan device was moved to the container
+ * and automagically dies when the container dies. So
+ * we have no dev to perform disassociation with.
+ */
+ prof = virDomainNetGetActualDirectVirtPortProfile(net);
+ if (prof) {
+ lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Unable to set port profile on direct interfaces"));
+ return -1;
+ }
+
+ if (VIR_REALLOC_N(*veths, (*nveths)+1)< 0) {
+ virReportOOMError();
+ return -1;
+ }
+ (*veths)[(*nveths)] = NULL;
+
+ if (virNetDevMacVLanCreateWithVPortProfile(
+ net->ifname, net->mac,
+ virDomainNetGetActualDirectDev(net),
+ virDomainNetGetActualDirectMode(net),
+ false, false, def->uuid,
+ virDomainNetGetActualDirectVirtPortProfile(net),
+&res_ifname,
+ VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
+ driver->stateDir,
+ virDomainNetGetActualBandwidth(net))< 0)
+ goto cleanup;
+
+ (*veths)[(*nveths)] = res_ifname;
+ (*nveths)++;
+
+#if 0
+ if (rc>= 0) {
+ if ((net->filter)&& (net->ifname)) {
+ err = virDomainConfNWFilterInstantiate(conn, net);
+ if (err) {
+ VIR_FORCE_CLOSE(rc);
+ ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
+ net->ifname, net->mac,
+ virDomainNetGetActualDirectDev(net),
+ virDomainNetGetActualDirectMode(net),
+ virDomainNetGetActualDirectVirtPortProfile(net),
+ driver->stateDir));
+ VIR_FREE(net->ifname);
+ }
+ }
+ }
+#endif
I think you can remove this block.
+
+ ret = 0;
+
+cleanup:
+ return ret;
+}
+
+
/**
* lxcSetupInterfaces:
* @conn: pointer to connection
@@ -1299,13 +1395,21 @@ static int lxcSetupInterfaces(virConnectPtr conn,
goto cleanup;
} break;
+ case VIR_DOMAIN_NET_TYPE_DIRECT:
+ if (lxcSetupInterfaceDirect(conn,
+ def,
+ def->nets[i],
+ nveths,
+ veths)< 0)
+ goto cleanup;
+ break;
+
case VIR_DOMAIN_NET_TYPE_USER:
case VIR_DOMAIN_NET_TYPE_ETHERNET:
case VIR_DOMAIN_NET_TYPE_SERVER:
case VIR_DOMAIN_NET_TYPE_CLIENT:
case VIR_DOMAIN_NET_TYPE_MCAST:
case VIR_DOMAIN_NET_TYPE_INTERNAL:
- case VIR_DOMAIN_NET_TYPE_DIRECT:
case VIR_DOMAIN_NET_TYPE_LAST:
lxcError(VIR_ERR_INTERNAL_ERROR,
_("Unsupported network type %s"),
ACK , but see nits above.