[PATCH 0/3] Reflect MAC change in live domain XML
Original RFC: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/U274M... Changes since: 1) instead of overwriting the original `address` attribute, new attribute (`guestAddress`) is invented so that both new and old MAC addresses can be shown, eventually. 2) rebase, libvirt version change, ... Michal Prívozník (3): qemu: Reflect MAC address change in live domain XML Introduce NIC_MAC_CHANGE event qemu: Emit NIC_MAC_CHANGE event docs/formatdomain.rst | 5 ++ examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_conf.c | 6 ++ src/conf/domain_conf.h | 3 + src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/conf/schemas/domaincommon.rng | 5 ++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 48 ++++++++++++++- src/qemu/qemu_domain.h | 3 +- src/qemu/qemu_driver.c | 11 ++-- src/qemu/qemu_process.c | 2 +- src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 17 files changed, 327 insertions(+), 8 deletions(-) -- 2.48.1
If a guest changes MAC address on its vNIC, then QEMU emits NIC_RX_FILTER_CHANGED event (the event is emitted in other cases too, but that's not important right now). Now, domain XML allows users to chose whether to trust these events or not: <interface trustGuestRxFilters='yes|no'/> For the 'no' case no action is performed and the event is ignored. But for the 'yes' case, some host side features of corresponding vNIC (well tap/macvtap device) are tweaked to reflect changed MAC address. But what is missing is reflecting this new MAC address in domain XML. Basically, what happens is: the host sees traffic with new MAC address, all tools inside the guest see the new MAC address (including 'virsh domifaddr --source agent') which makes it harder to match device in the guest with the one in the domain XML. Therefore, report this new MAC address as another attribute of the <mac/> element: <mac address="52:54:00:a4:6f:91" guestAddress="00:11:22:33:44:55"/> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- docs/formatdomain.rst | 5 +++++ src/conf/domain_conf.c | 6 ++++++ src/conf/domain_conf.h | 3 +++ src/conf/schemas/domaincommon.rng | 5 +++++ src/qemu/qemu_domain.c | 32 +++++++++++++++++++++++++++++++ src/qemu/qemu_driver.c | 2 +- 6 files changed, 52 insertions(+), 1 deletion(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index c1876ad467..08e49c1da9 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -4966,6 +4966,11 @@ when it's in the reserved VMware range by adding a ``type="static"`` attribute to the ``<mac/>`` element. Note that this attribute is useless if the provided MAC address is outside of the reserved VMWare ranges. +:since:`Since 11.2.0`, the ``<mac/>`` element can optionally contain +``guestAddress`` attribute (output only), which contains new MAC address if the +guest changed it. This is currently implemented only for QEMU/KVM and requires +setting ``trustGuestRxFilters`` to ``yes``. + :since:`Since 7.3.0`, one can set the ACPI index against network interfaces. With some operating systems (eg Linux with systemd), the ACPI index is used to provide network interface device naming, that is stable across changes diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index dedcf76511..7c68fd6f2a 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -2840,6 +2840,7 @@ virDomainNetDefFree(virDomainNetDef *def) if (!def) return; + g_free(def->guestAddress); g_free(def->modelstr); switch (def->type) { @@ -24586,6 +24587,11 @@ virDomainNetDefFormat(virBuffer *buf, virBufferAsprintf(&macAttrBuf, " type='%s'", virDomainNetMacTypeTypeToString(def->mac_type)); if (def->mac_check != VIR_TRISTATE_BOOL_ABSENT) virBufferAsprintf(&macAttrBuf, " check='%s'", virTristateBoolTypeToString(def->mac_check)); + if (def->guestAddress && + !(flags & VIR_DOMAIN_DEF_FORMAT_INACTIVE)) { + virBufferAsprintf(&macAttrBuf, " guestAddress='%s'", + virMacAddrFormat(def->guestAddress, macstr)); + } virXMLFormatElement(buf, "mac", &macAttrBuf, NULL); if (publicActual) { diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 3a97fd866c..3368921d6d 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1078,6 +1078,9 @@ struct _virDomainNetDef { bool mac_generated; /* true if mac was *just now* auto-generated by libvirt */ virDomainNetMacType mac_type; virTristateBool mac_check; + virMacAddr *guestAddress; /* MAC address from query-rx-filter (as reported + by guest). Not parsed from domain XML. Output + only. */ int model; /* virDomainNetModelType */ char *modelstr; union { diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng index 3276569325..ad6b889a93 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -3837,6 +3837,11 @@ <ref name="virYesNo"/> </attribute> </optional> + <optional> + <attribute name="guestAddress"> + <ref name="uniMacAddr"/> + </attribute> + </optional> <empty/> </element> </optional> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 29fac0034e..47ae59d408 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11002,6 +11002,19 @@ syncNicRxFilterMulticast(char *ifname, } +/** + * qemuDomainSyncRxFilter: + * @vm: domain object + * @def: domain interface definition + * @asyncJob: async job type + * + * Fetch new state of RX Filter and set host side of the interface + * accordingly (e.g. reflect MAC address change on macvtap). + * + * Reflect changed MAC address in the domain definition. + * + * Returns: 0 on success, -1 on error. + */ int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, @@ -11010,6 +11023,7 @@ qemuDomainSyncRxFilter(virDomainObj *vm, qemuDomainObjPrivate *priv = vm->privateData; g_autoptr(virNetDevRxFilter) guestFilter = NULL; g_autoptr(virNetDevRxFilter) hostFilter = NULL; + virMacAddr *oldMac = NULL; int rc; if (qemuDomainObjEnterMonitorAsync(vm, asyncJob) < 0) @@ -11055,6 +11069,24 @@ qemuDomainSyncRxFilter(virDomainObj *vm, return -1; } + if (def->guestAddress) + oldMac = def->guestAddress; + else + oldMac = &def->mac; + + if (virMacAddrCmp(oldMac, &guestFilter->mac)) { + /* Reflect changed MAC address in the domain XML. */ + if (virMacAddrCmp(&def->mac, &guestFilter->mac)) { + if (!def->guestAddress) { + def->guestAddress = g_new0(virMacAddr, 1); + } + + virMacAddrSet(def->guestAddress, &guestFilter->mac); + } else { + VIR_FREE(def->guestAddress); + } + } + return 0; } diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f0e9681161..a4866450fc 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3677,7 +3677,7 @@ processNicRxFilterChangedEvent(virDomainObj *vm, "from domain %p %s", devAlias, vm, vm->def->name); - if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0) + if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0) return; if (!virDomainObjIsActive(vm)) { -- 2.48.1
On Mon, Mar 17, 2025 at 12:28:48PM +0100, Michal Privoznik via Devel wrote:
If a guest changes MAC address on its vNIC, then QEMU emits NIC_RX_FILTER_CHANGED event (the event is emitted in other cases too, but that's not important right now). Now, domain XML allows users to chose whether to trust these events or not:
<interface trustGuestRxFilters='yes|no'/>
For the 'no' case no action is performed and the event is ignored. But for the 'yes' case, some host side features of corresponding vNIC (well tap/macvtap device) are tweaked to reflect changed MAC address. But what is missing is reflecting this new MAC address in domain XML.
Basically, what happens is: the host sees traffic with new MAC address, all tools inside the guest see the new MAC address (including 'virsh domifaddr --source agent') which makes it harder to match device in the guest with the one in the domain XML.
Therefore, report this new MAC address as another attribute of the <mac/> element:
<mac address="52:54:00:a4:6f:91" guestAddress="00:11:22:33:44:55"/>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
The aim off this event is to notify management application that guest changed MAC address on one of its vNICs so the app can update its internal records, e.g. for finding match between guest/host view of vNICs. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 9 files changed, 251 insertions(+), 1 deletion(-) diff --git a/examples/c/misc/event-test.c b/examples/c/misc/event-test.c index 88d99dff56..a61dbf4529 100644 --- a/examples/c/misc/event-test.c +++ b/examples/c/misc/event-test.c @@ -1102,6 +1102,19 @@ myNetworkEventMetadataChangeCallback(virConnectPtr conn G_GNUC_UNUSED, } +static int +myDomainEventNICMACChangeCallback(virConnectPtr conn G_GNUC_UNUSED, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque G_GNUC_UNUSED) +{ + printf("%s EVENT: Domain %s(%d) NIC MAC changed: alias: '%s' oldMAC: '%s' newMAC: '%s'\n", + __func__, virDomainGetName(dom), virDomainGetID(dom), alias, oldMAC, newMAC); + return 0; +} + static void myFreeFunc(void *opaque) @@ -1160,6 +1173,7 @@ struct domainEventData domainEvents[] = { DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD, myDomainEventBlockThresholdCallback), DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_MEMORY_FAILURE, myDomainEventMemoryFailureCallback), DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_MEMORY_DEVICE_SIZE_CHANGE, myDomainEventMemoryDeviceSizeChangeCallback), + DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE, myDomainEventNICMACChangeCallback), }; struct storagePoolEventData { diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h index 8c86bd8f94..c4f8baea77 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -6979,6 +6979,33 @@ typedef void (*virConnectDomainEventMemoryDeviceSizeChangeCallback)(virConnectPt void *opaque); +/** + * virConnectDomainEventNICMACChangeCallback: + * @conn: connection object + * @dom: domain on which the event occurred + * @alias: network interface device alias + * @oldMAC: the old value of network interface MAC address + * @newMAC: the new value of network interface MAC address + * @opaque: application specified data + * + * The callback occurs when the guest changes MAC address on one of + * its virtual network interfaces, for QEMU domains this is emitted + * only for vNICs of model virtio. The event is not emitted for + * other types (e.g. PCI device passthrough). + * + * The callback signature to use when registering for an event of + * type VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE with + * virConnectDomainEventRegisterAny(). + * + * Since: 11.2.0 + */ +typedef void (*virConnectDomainEventNICMACChangeCallback)(virConnectPtr conn, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque); + /** * VIR_DOMAIN_EVENT_CALLBACK: * @@ -7027,6 +7054,7 @@ typedef enum { VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD = 24, /* virConnectDomainEventBlockThresholdCallback (Since: 3.2.0) */ VIR_DOMAIN_EVENT_ID_MEMORY_FAILURE = 25, /* virConnectDomainEventMemoryFailureCallback (Since: 6.9.0) */ VIR_DOMAIN_EVENT_ID_MEMORY_DEVICE_SIZE_CHANGE = 26, /* virConnectDomainEventMemoryDeviceSizeChangeCallback (Since: 7.9.0) */ + VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE = 27, /* virConnectDomainEventNICMACChangeCallback (Since: 11.2.0) */ # ifdef VIR_ENUM_SENTINELS VIR_DOMAIN_EVENT_ID_LAST diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c index 09f3368064..88087bad4f 100644 --- a/src/conf/domain_event.c +++ b/src/conf/domain_event.c @@ -57,6 +57,7 @@ static virClass *virDomainEventMetadataChangeClass; static virClass *virDomainEventBlockThresholdClass; static virClass *virDomainEventMemoryFailureClass; static virClass *virDomainEventMemoryDeviceSizeChangeClass; +static virClass *virDomainEventNICMACChangeClass; static void virDomainEventDispose(void *obj); static void virDomainEventLifecycleDispose(void *obj); @@ -81,6 +82,7 @@ static void virDomainEventMetadataChangeDispose(void *obj); static void virDomainEventBlockThresholdDispose(void *obj); static void virDomainEventMemoryFailureDispose(void *obj); static void virDomainEventMemoryDeviceSizeChangeDispose(void *obj); +static void virDomainEventNICMACChangeDispose(void *obj); static void virDomainEventDispatchDefaultFunc(virConnectPtr conn, @@ -285,6 +287,15 @@ struct _virDomainEventMemoryDeviceSizeChange { }; typedef struct _virDomainEventMemoryDeviceSizeChange virDomainEventMemoryDeviceSizeChange; +struct _virDomainEventNICMACChange { + virDomainEvent parent; + + char *alias; + char *oldMAC; + char *newMAC; +}; +typedef struct _virDomainEventNICMACChange virDomainEventNICMACChange; + static int virDomainEventsOnceInit(void) { @@ -334,6 +345,8 @@ virDomainEventsOnceInit(void) return -1; if (!VIR_CLASS_NEW(virDomainEventMemoryDeviceSizeChange, virDomainEventClass)) return -1; + if (!VIR_CLASS_NEW(virDomainEventNICMACChange, virDomainEventClass)) + return -1; return 0; } @@ -559,6 +572,16 @@ virDomainEventMemoryDeviceSizeChangeDispose(void *obj) g_free(event->alias); } +static void +virDomainEventNICMACChangeDispose(void *obj) +{ + virDomainEventNICMACChange *event = obj; + + g_free(event->alias); + g_free(event->oldMAC); + g_free(event->newMAC); +} + static void * virDomainEventNew(virClass *klass, int eventID, @@ -1733,6 +1756,62 @@ virDomainEventMemoryDeviceSizeChangeNewFromDom(virDomainPtr dom, } +static virObjectEvent * +virDomainEventNICMACChangeNew(int id, + const char *name, + unsigned char *uuid, + const char *alias, + const char *oldMAC, + const char *newMAC) + +{ + virDomainEventNICMACChange *ev; + + if (virDomainEventsInitialize() < 0) + return NULL; + + if (!(ev = virDomainEventNew(virDomainEventNICMACChangeClass, + VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE, + id, name, uuid))) + return NULL; + + ev->alias = g_strdup(alias); + ev->oldMAC = g_strdup(oldMAC); + ev->newMAC = g_strdup(newMAC); + + return (virObjectEvent *)ev; +} + + +virObjectEvent * +virDomainEventNICMACChangeNewFromObj(virDomainObj *obj, + const char *alias, + const char *oldMAC, + const char *newMAC) +{ + return virDomainEventNICMACChangeNew(obj->def->id, + obj->def->name, + obj->def->uuid, + alias, + oldMAC, + newMAC); +} + +virObjectEvent * +virDomainEventNICMACChangeNewFromDom(virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC) +{ + return virDomainEventNICMACChangeNew(dom->id, + dom->name, + dom->uuid, + alias, + oldMAC, + newMAC); + +} + static void virDomainEventDispatchDefaultFunc(virConnectPtr conn, virObjectEvent *event, @@ -2041,6 +2120,20 @@ virDomainEventDispatchDefaultFunc(virConnectPtr conn, goto cleanup; } + case VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE: + { + virDomainEventNICMACChange *nicMacChangeEvent; + + nicMacChangeEvent = (virDomainEventNICMACChange *)event; + ((virConnectDomainEventNICMACChangeCallback)cb)(conn, dom, + nicMacChangeEvent->alias, + nicMacChangeEvent->oldMAC, + nicMacChangeEvent->newMAC, + cbopaque); + + goto cleanup; + } + case VIR_DOMAIN_EVENT_ID_LAST: break; } diff --git a/src/conf/domain_event.h b/src/conf/domain_event.h index f4016dc1e9..f31cfb9e42 100644 --- a/src/conf/domain_event.h +++ b/src/conf/domain_event.h @@ -277,6 +277,18 @@ virDomainEventMemoryDeviceSizeChangeNewFromDom(virDomainPtr dom, const char *alias, unsigned long long size); +virObjectEvent * +virDomainEventNICMACChangeNewFromObj(virDomainObj *obj, + const char *alias, + const char *oldMAC, + const char *newMAC); + +virObjectEvent * +virDomainEventNICMACChangeNewFromDom(virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC); + int virDomainEventStateRegister(virConnectPtr conn, virObjectEventState *state, diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index e78abdad15..10e7346b94 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -771,6 +771,8 @@ virDomainEventMetadataChangeNewFromDom; virDomainEventMetadataChangeNewFromObj; virDomainEventMigrationIterationNewFromDom; virDomainEventMigrationIterationNewFromObj; +virDomainEventNICMACChangeNewFromDom; +virDomainEventNICMACChangeNewFromObj; virDomainEventPMSuspendDiskNewFromDom; virDomainEventPMSuspendDiskNewFromObj; virDomainEventPMSuspendNewFromDom; diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index e812f5c3e9..5dfed7ceef 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -1323,6 +1323,37 @@ remoteRelayDomainEventMemoryDeviceSizeChange(virConnectPtr conn, } +static int +remoteRelayDomainEventNICMACChange(virConnectPtr conn, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque) +{ + daemonClientEventCallback *callback = opaque; + remote_domain_event_nic_mac_change_msg data; + + if (callback->callbackID < 0 || + !remoteRelayDomainEventCheckACL(callback->client, conn, dom)) + return -1; + + /* build return data */ + memset(&data, 0, sizeof(data)); + data.callbackID = callback->callbackID; + data.alias = g_strdup(alias); + data.oldMAC = g_strdup(oldMAC); + data.newMAC = g_strdup(newMAC); + make_nonnull_domain(&data.dom, dom); + + remoteDispatchObjectEventSend(callback->client, remoteProgram, + REMOTE_PROC_DOMAIN_EVENT_NIC_MAC_CHANGE, + (xdrproc_t)xdr_remote_domain_event_nic_mac_change_msg, + &data); + return 0; +} + + static virConnectDomainEventGenericCallback domainEventCallbacks[] = { VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventLifecycle), VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventReboot), @@ -1351,6 +1382,7 @@ static virConnectDomainEventGenericCallback domainEventCallbacks[] = { VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventBlockThreshold), VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventMemoryFailure), VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventMemoryDeviceSizeChange), + VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventNICMACChange), }; G_STATIC_ASSERT(G_N_ELEMENTS(domainEventCallbacks) == VIR_DOMAIN_EVENT_ID_LAST); diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 307f9ca945..90545c0cc1 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -432,6 +432,11 @@ remoteConnectNotifyEventConnectionClosed(virNetClientProgram *prog G_GNUC_UNUSED virNetClient *client G_GNUC_UNUSED, void *evdata, void *opaque); +static void +remoteDomainBuildEventNICMACChange(virNetClientProgram *prog, + virNetClient *client, + void *evdata, void *opaque); + static virNetClientProgramEvent remoteEvents[] = { { REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE, remoteDomainBuildEventLifecycle, @@ -650,6 +655,10 @@ static virNetClientProgramEvent remoteEvents[] = { remoteDomainBuildEventMemoryDeviceSizeChange, sizeof(remote_domain_event_memory_device_size_change_msg), (xdrproc_t)xdr_remote_domain_event_memory_device_size_change_msg }, + { REMOTE_PROC_DOMAIN_EVENT_NIC_MAC_CHANGE, + remoteDomainBuildEventNICMACChange, + sizeof(remote_domain_event_nic_mac_change_msg), + (xdrproc_t)xdr_remote_domain_event_nic_mac_change_msg }, }; static void @@ -5068,6 +5077,31 @@ remoteDomainBuildEventMemoryDeviceSizeChange(virNetClientProgram *prog G_GNUC_UN } +static void +remoteDomainBuildEventNICMACChange(virNetClientProgram *prog G_GNUC_UNUSED, + virNetClient *client G_GNUC_UNUSED, + void *evdata, void *opaque) +{ + virConnectPtr conn = opaque; + remote_domain_event_nic_mac_change_msg *msg = evdata; + struct private_data *priv = conn->privateData; + virDomainPtr dom; + virObjectEvent *event = NULL; + + if (!(dom = get_nonnull_domain(conn, msg->dom))) + return; + + event = virDomainEventNICMACChangeNewFromDom(dom, + msg->alias, + msg->oldMAC, + msg->newMAC); + + virObjectUnref(dom); + + virObjectEventStateQueueRemote(priv->eventState, event, msg->callbackID); +} + + static int remoteStreamSend(virStreamPtr st, const char *data, diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 41c045ff78..b18ac43f7f 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -3973,6 +3973,15 @@ struct remote_domain_fd_associate_args { remote_nonnull_string name; unsigned int flags; }; + +struct remote_domain_event_nic_mac_change_msg { + int callbackID; + remote_nonnull_domain dom; + remote_nonnull_string alias; + remote_nonnull_string oldMAC; + remote_nonnull_string newMAC; +}; + /*----- Protocol. -----*/ /* Define the program number, protocol version and procedure numbers here. */ @@ -7048,5 +7057,11 @@ enum remote_procedure { * @generate: both * @acl: domain:write */ - REMOTE_PROC_DOMAIN_GRAPHICS_RELOAD = 448 + REMOTE_PROC_DOMAIN_GRAPHICS_RELOAD = 448, + + /** + * @generate: both + * @acl: none + */ + REMOTE_PROC_DOMAIN_EVENT_NIC_MAC_CHANGE = 449 }; diff --git a/tools/virsh-domain-event.c b/tools/virsh-domain-event.c index cd33d4d938..69a68d857d 100644 --- a/tools/virsh-domain-event.c +++ b/tools/virsh-domain-event.c @@ -783,6 +783,24 @@ virshEventMemoryDeviceSizeChangePrint(virConnectPtr conn G_GNUC_UNUSED, } +static void +virshEventNICMACChangePrint(virConnectPtr conn G_GNUC_UNUSED, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque) +{ + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + + virBufferAsprintf(&buf, + _("event 'nic-mac-change' for domain '%1$s':\nalias: %2$s\noldMAC: %3$s\nnewMAC: %4$s\n"), + virDomainGetName(dom), alias, oldMAC, newMAC); + + virshEventPrint(opaque, &buf); +} + + virshDomainEventCallback virshDomainEventCallbacks[] = { { "lifecycle", VIR_DOMAIN_EVENT_CALLBACK(virshEventLifecyclePrint), }, @@ -836,6 +854,8 @@ virshDomainEventCallback virshDomainEventCallbacks[] = { VIR_DOMAIN_EVENT_CALLBACK(virshEventMemoryFailurePrint), }, { "memory-device-size-change", VIR_DOMAIN_EVENT_CALLBACK(virshEventMemoryDeviceSizeChangePrint), }, + { "nic-mac-change", + VIR_DOMAIN_EVENT_CALLBACK(virshEventNICMACChangePrint), }, }; G_STATIC_ASSERT(VIR_DOMAIN_EVENT_ID_LAST == G_N_ELEMENTS(virshDomainEventCallbacks)); -- 2.48.1
On Mon, Mar 17, 2025 at 12:28:49PM +0100, Michal Privoznik via Devel wrote:
The aim off this event is to notify management application that guest changed MAC address on one of its vNICs so the app can update its internal records, e.g. for finding match between guest/host view of vNICs.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 9 files changed, 251 insertions(+), 1 deletion(-)
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 41c045ff78..b18ac43f7f 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -3973,6 +3973,15 @@ struct remote_domain_fd_associate_args { remote_nonnull_string name; unsigned int flags; }; + +struct remote_domain_event_nic_mac_change_msg { + int callbackID; + remote_nonnull_domain dom; + remote_nonnull_string alias; + remote_nonnull_string oldMAC; + remote_nonnull_string newMAC; +}; + /*----- Protocol. -----*/
/* Define the program number, protocol version and procedure numbers here. */ @@ -7048,5 +7057,11 @@ enum remote_procedure { * @generate: both * @acl: domain:write */ - REMOTE_PROC_DOMAIN_GRAPHICS_RELOAD = 448 + REMOTE_PROC_DOMAIN_GRAPHICS_RELOAD = 448, + + /** + * @generate: both + * @acl: none + */ + REMOTE_PROC_DOMAIN_EVENT_NIC_MAC_CHANGE = 449
This is fine, and done with all the events, but I was just wondering, are we doing acl: none because the registration APIs already have e.g. acl: domain:read or is that for some other reason? Anyway, you might want to regenerate the protocol files with: ninja -C build regen-remote_protocol otherwise the build fails. With that fixed, Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
So far, we only process NIC_RX_FILTER_CHANGED event when the corresponding device has 'trustGuestRxFilters' enabled. And the event is emitted only for virtio model. IOW, this is fairly limited situation and other scenarios don't emit any event (e.g. change of MAC address on a PCI passthrough device). Resolves: https://issues.redhat.com/browse/RHEL-7035 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 16 +++++++++++++++- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c | 9 ++++++--- src/qemu/qemu_process.c | 2 +- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 47ae59d408..9dc0a03849 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11018,7 +11018,8 @@ syncNicRxFilterMulticast(char *ifname, int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, - virDomainAsyncJob asyncJob) + virDomainAsyncJob asyncJob, + virObjectEvent **event) { qemuDomainObjPrivate *priv = vm->privateData; g_autoptr(virNetDevRxFilter) guestFilter = NULL; @@ -11085,6 +11086,19 @@ qemuDomainSyncRxFilter(virDomainObj *vm, } else { VIR_FREE(def->guestAddress); } + + if (event) { + char oldMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + char newMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + + virMacAddrFormat(&def->mac, oldMAC); + virMacAddrFormat(&guestFilter->mac, newMAC); + + *event = virDomainEventNICMACChangeNewFromObj(vm, + def->info.alias, + oldMAC, + newMAC); + } } return 0; diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 8e53a270a7..f3cff49e96 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -1128,7 +1128,8 @@ qemuDomainRefreshStatsSchema(virDomainObj *dom); int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, - virDomainAsyncJob asyncJob); + virDomainAsyncJob asyncJob, + virObjectEvent **event); int qemuDomainSchedCoreStart(virQEMUDriverConfig *cfg, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a4866450fc..ab1e63a46a 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3667,9 +3667,11 @@ processNetdevStreamDisconnectedEvent(virDomainObj *vm, static void -processNicRxFilterChangedEvent(virDomainObj *vm, +processNicRxFilterChangedEvent(virQEMUDriver *driver, + virDomainObj *vm, const char *devAlias) { + virObjectEvent *event = NULL; virDomainDeviceDef dev; virDomainNetDef *def; @@ -3714,11 +3716,12 @@ processNicRxFilterChangedEvent(virDomainObj *vm, VIR_DEBUG("process NIC_RX_FILTER_CHANGED event for network " "device %s in domain %s", def->info.alias, vm->def->name); - if (qemuDomainSyncRxFilter(vm, def, VIR_ASYNC_JOB_NONE) < 0) + if (qemuDomainSyncRxFilter(vm, def, VIR_ASYNC_JOB_NONE, &event) < 0) goto endjob; endjob: virDomainObjEndJob(vm); + virObjectEventStateQueue(driver->domainEventState, event); } @@ -4062,7 +4065,7 @@ static void qemuProcessEventHandler(void *data, void *opaque) processNetdevStreamDisconnectedEvent(vm, processEvent->data); break; case QEMU_PROCESS_EVENT_NIC_RX_FILTER_CHANGED: - processNicRxFilterChangedEvent(vm, processEvent->data); + processNicRxFilterChangedEvent(driver, vm, processEvent->data); break; case QEMU_PROCESS_EVENT_SERIAL_CHANGED: processSerialChangedEvent(driver, vm, processEvent->data, diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 0173fbe3be..1d7579509a 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -8199,7 +8199,7 @@ qemuProcessRefreshRxFilters(virDomainObj *vm, continue; } - if (qemuDomainSyncRxFilter(vm, def, asyncJob) < 0) + if (qemuDomainSyncRxFilter(vm, def, asyncJob, NULL) < 0) return -1; } -- 2.48.1
On Mon, Mar 17, 2025 at 12:28:50PM +0100, Michal Privoznik via Devel wrote:
So far, we only process NIC_RX_FILTER_CHANGED event when the corresponding device has 'trustGuestRxFilters' enabled. And the event is emitted only for virtio model. IOW, this is fairly limited situation and other scenarios don't emit any event (e.g. change of MAC address on a PCI passthrough device).
Resolves: https://issues.redhat.com/browse/RHEL-7035 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 16 +++++++++++++++- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c | 9 ++++++--- src/qemu/qemu_process.c | 2 +- 4 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 47ae59d408..9dc0a03849 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11018,7 +11018,8 @@ syncNicRxFilterMulticast(char *ifname, int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, - virDomainAsyncJob asyncJob) + virDomainAsyncJob asyncJob, + virObjectEvent **event) { qemuDomainObjPrivate *priv = vm->privateData; g_autoptr(virNetDevRxFilter) guestFilter = NULL; @@ -11085,6 +11086,19 @@ qemuDomainSyncRxFilter(virDomainObj *vm, } else { VIR_FREE(def->guestAddress);
If the mac address changed *to* the same one that is configured this is free'd, but oldMAC still points to it.
} + + if (event) { + char oldMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + char newMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + + virMacAddrFormat(&def->mac, oldMAC);
And then in such case this is use after free.
+ virMacAddrFormat(&guestFilter->mac, newMAC); + + *event = virDomainEventNICMACChangeNewFromObj(vm, + def->info.alias, + oldMAC, + newMAC); + } }
return 0;
On 3/17/25 14:57, Martin Kletzander wrote:
On Mon, Mar 17, 2025 at 12:28:50PM +0100, Michal Privoznik via Devel wrote:
So far, we only process NIC_RX_FILTER_CHANGED event when the corresponding device has 'trustGuestRxFilters' enabled. And the event is emitted only for virtio model. IOW, this is fairly limited situation and other scenarios don't emit any event (e.g. change of MAC address on a PCI passthrough device).
Resolves: https://issues.redhat.com/browse/RHEL-7035 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 16 +++++++++++++++- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c | 9 ++++++--- src/qemu/qemu_process.c | 2 +- 4 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 47ae59d408..9dc0a03849 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -11018,7 +11018,8 @@ syncNicRxFilterMulticast(char *ifname, int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, - virDomainAsyncJob asyncJob) + virDomainAsyncJob asyncJob, + virObjectEvent **event) { qemuDomainObjPrivate *priv = vm->privateData; g_autoptr(virNetDevRxFilter) guestFilter = NULL; @@ -11085,6 +11086,19 @@ qemuDomainSyncRxFilter(virDomainObj *vm, } else { VIR_FREE(def->guestAddress);
If the mac address changed *to* the same one that is configured this is free'd, but oldMAC still points to it.
} + + if (event) { + char oldMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + char newMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + + virMacAddrFormat(&def->mac, oldMAC);
And then in such case this is use after free.
Not really, there's a difference between oldMAC and oldMac O:-) But I see what you mean, and in fact, that should have been s/def->mac/oldMac/. I'll post a v2 shortly. Michal
participants (3)
-
Martin Kletzander -
Michal Privoznik -
Michal Prívozník