[libvirt PATCH 04/10] util: query/set BR_ISOLATED flag on netdevs attached to bridge
When this flag is set for an interface attached to a bridge, traffic
to/from the specified interface can only enter/exit the bridge via
another attached interface that *doesn't* have the BR_ISOLATED flag
set. This can be used to permit guests to communicate with the rest of
the network, but not with each other.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/libvirt_private.syms | 2 ++
src/util/virnetdevbridge.c | 46 ++++++++++++++++++++++++++++++++++++++
src/util/virnetdevbridge.h | 9 ++++++++
3 files changed, 57 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index dc0449d1d8..5d043041e0 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2552,8 +2552,10 @@ virNetDevBridgeFDBDel;
virNetDevBridgeGetSTP;
virNetDevBridgeGetSTPDelay;
virNetDevBridgeGetVlanFiltering;
+virNetDevBridgePortGetIsolated;
virNetDevBridgePortGetLearning;
virNetDevBridgePortGetUnicastFlood;
+virNetDevBridgePortSetIsolated;
virNetDevBridgePortSetLearning;
virNetDevBridgePortSetUnicastFlood;
virNetDevBridgeRemovePort;
diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c
index 769289ae0b..d15e81daeb 100644
--- a/src/util/virnetdevbridge.c
+++ b/src/util/virnetdevbridge.c
@@ -311,6 +311,30 @@ virNetDevBridgePortSetUnicastFlood(const char *brname,
}
+int
+virNetDevBridgePortGetIsolated(const char *brname,
+ const char *ifname,
+ bool *enable)
+{
+ unsigned long value;
+
+ if (virNetDevBridgePortGet(brname, ifname, "isolated", &value) < 0)
+ return -1;
+
+ *enable = !!value;
+ return 0;
+}
+
+
+int
+virNetDevBridgePortSetIsolated(const char *brname,
+ const char *ifname,
+ bool enable)
+{
+ return virNetDevBridgePortSet(brname, ifname, "isolated", enable ? 1 : 0);
+}
+
+
#else
int
virNetDevBridgePortGetLearning(const char *brname G_GNUC_UNUSED,
@@ -354,6 +378,28 @@ virNetDevBridgePortSetUnicastFlood(const char *brname G_GNUC_UNUSED,
_("Unable to set bridge port unicast_flood on this
platform"));
return -1;
}
+
+
+int
+virNetDevBridgePortGetIsolated(const char *brname G_GNUC_UNUSED,
+ const char *ifname G_GNUC_UNUSED,
+ bool *enable G_GNUC_UNUSED)
+{
+ virReportSystemError(ENOSYS, "%s",
+ _("Unable to get bridge port isolated on this
platform"));
+ return -1;
+}
+
+
+int
+virNetDevBridgePortSetIsolated(const char *brname G_GNUC_UNUSED,
+ const char *ifname G_GNUC_UNUSED,
+ bool enable G_GNUC_UNUSED)
+{
+ virReportSystemError(ENOSYS, "%s",
+ _("Unable to set bridge port isolated on this
platform"));
+ return -1;
+}
#endif
diff --git a/src/util/virnetdevbridge.h b/src/util/virnetdevbridge.h
index 8137914da8..db4099bf0b 100644
--- a/src/util/virnetdevbridge.h
+++ b/src/util/virnetdevbridge.h
@@ -73,6 +73,15 @@ int virNetDevBridgePortSetUnicastFlood(const char *brname,
const char *ifname,
bool enable)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
+int virNetDevBridgePortGetIsolated(const char *brname,
+ const char *ifname,
+ bool *enable)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+ G_GNUC_WARN_UNUSED_RESULT;
+int virNetDevBridgePortSetIsolated(const char *brname,
+ const char *ifname,
+ bool enable)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
typedef enum {
VIR_NETDEVBRIDGE_FDB_FLAG_ROUTER = (1 << 0),
--
2.24.1