[PATCH RFC 0/3] Reflect MAC change in live domain XML
These are RFC patches. I'd like to start a discussion on the following problem: A mgmt application has info tied to an <interface/> (stored elsewhere, not important right now). And they use basically the only piece of information that's visible in both host and guest: MAC address. No, user aliases are not visible in the guest. Therefore, when they query the guest-agent (e.g. via 'virsh domifaddr --source agent') they can reconstruct their knowledge on NICs. But there's a catch - if user decides to change MAC address form inside of the VM. Then the only link between host and guest is broken. Now, we could make the guest-agent report both current and permanent MAC address. But unfortunately, libvirt's virDomainInterfaceAddresses() is not prepared for that. Now, I don't recall why we decided to not update MAC address in the live XML on change, but maybe somebody else does. Or we can pass the event from QEMU to the mgmt application so that it can update its state. Michal Prívozník (3): qemu: Reflect MAC address change in live domain XML Introduce NIC_MAC_CHANGE event qemu: Emit NIC_MAC_CHANGE event examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 34 ++++++++++- src/qemu/qemu_domain.h | 3 +- src/qemu/qemu_driver.c | 11 ++-- src/qemu/qemu_process.c | 2 +- src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 13 files changed, 294 insertions(+), 8 deletions(-) -- 2.39.3
If a guest changes MAC address on its vNIC, then QEMU emits NIC_RX_FILTER_CHANGED event (the event is emitted in other cases too, but that's not important right now). Now, domain XML allows users to chose whether to trust these events or not: <interface trustGuestRxFilters='yes|no'/> For the 'no' case no action is performed and the event is ignored. But for the 'yes' case, some host side features of corresponding vNIC (well tap/macvtap device) are tweaked to reflect changed MAC address. But what is missing is reflecting this new MAC address in domain XML. Basically, what happens is: the host sees traffic with new MAC address, all tools inside the guest see the new MAC address (including 'virsh domifaddr --source agent') which makes it harder to match device in the guest with the one in the domain XML. NB, we should relay this event to clients, but that is covered in next commits. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 18 ++++++++++++++++++ src/qemu/qemu_driver.c | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 94587638c3..5e5789a28c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -12482,6 +12482,19 @@ syncNicRxFilterMulticast(char *ifname, } +/** + * qemuDomainSyncRxFilter: + * @vm: domain object + * @def: domain interface definition + * @asyncJob: async job type + * + * Fetch new state of RX Filter and set host side of the interface + * accordingly (e.g. reflect MAC address change on macvtap). + * + * Reflect changed MAC address in the domain definition. + * + * Returns: 0 on success, -1 on error. + */ int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, @@ -12535,6 +12548,11 @@ qemuDomainSyncRxFilter(virDomainObj *vm, return -1; } + /* Reflect changed MAC address in the domain XML. */ + if (virMacAddrCmp(&def->mac, &guestFilter->mac)) { + virMacAddrSet(&def->mac, &guestFilter->mac); + } + return 0; } diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f20544590d..ccf653d201 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3712,7 +3712,7 @@ processNicRxFilterChangedEvent(virDomainObj *vm, "from domain %p %s", devAlias, vm, vm->def->name); - if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0) + if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0) return; if (!virDomainObjIsActive(vm)) { -- 2.39.3
On Wed, Jun 28, 2023 at 12:53:35PM +0200, Michal Privoznik wrote:
If a guest changes MAC address on its vNIC, then QEMU emits NIC_RX_FILTER_CHANGED event (the event is emitted in other cases too, but that's not important right now). Now, domain XML allows users to chose whether to trust these events or not:
<interface trustGuestRxFilters='yes|no'/>
For the 'no' case no action is performed and the event is ignored. But for the 'yes' case, some host side features of corresponding vNIC (well tap/macvtap device) are tweaked to reflect changed MAC address. But what is missing is reflecting this new MAC address in domain XML.
Basically, what happens is: the host sees traffic with new MAC address, all tools inside the guest see the new MAC address (including 'virsh domifaddr --source agent') which makes it harder to match device in the guest with the one in the domain XML.
NB, we should relay this event to clients, but that is covered in next commits.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 18 ++++++++++++++++++ src/qemu/qemu_driver.c | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 94587638c3..5e5789a28c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -12482,6 +12482,19 @@ syncNicRxFilterMulticast(char *ifname, }
+/** + * qemuDomainSyncRxFilter: + * @vm: domain object + * @def: domain interface definition + * @asyncJob: async job type + * + * Fetch new state of RX Filter and set host side of the interface + * accordingly (e.g. reflect MAC address change on macvtap). + * + * Reflect changed MAC address in the domain definition. + * + * Returns: 0 on success, -1 on error. + */ int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, @@ -12535,6 +12548,11 @@ qemuDomainSyncRxFilter(virDomainObj *vm, return -1; }
+ /* Reflect changed MAC address in the domain XML. */ + if (virMacAddrCmp(&def->mac, &guestFilter->mac)) { + virMacAddrSet(&def->mac, &guestFilter->mac); + } +
If we go with the idea I suggested this needs to be done even when we're not updating the filters.
return 0; }
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index f20544590d..ccf653d201 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3712,7 +3712,7 @@ processNicRxFilterChangedEvent(virDomainObj *vm, "from domain %p %s", devAlias, vm, vm->def->name);
- if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0) + if (virDomainObjBeginJob(vm, VIR_JOB_MODIFY) < 0) return;
if (!virDomainObjIsActive(vm)) { -- 2.39.3
On 7/26/23 16:45, Martin Kletzander wrote:
On Wed, Jun 28, 2023 at 12:53:35PM +0200, Michal Privoznik wrote:
If a guest changes MAC address on its vNIC, then QEMU emits NIC_RX_FILTER_CHANGED event (the event is emitted in other cases too, but that's not important right now). Now, domain XML allows users to chose whether to trust these events or not:
<interface trustGuestRxFilters='yes|no'/>
For the 'no' case no action is performed and the event is ignored. But for the 'yes' case, some host side features of corresponding vNIC (well tap/macvtap device) are tweaked to reflect changed MAC address. But what is missing is reflecting this new MAC address in domain XML.
Basically, what happens is: the host sees traffic with new MAC address, all tools inside the guest see the new MAC address (including 'virsh domifaddr --source agent') which makes it harder to match device in the guest with the one in the domain XML.
NB, we should relay this event to clients, but that is covered in next commits.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 18 ++++++++++++++++++ src/qemu/qemu_driver.c | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 94587638c3..5e5789a28c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -12482,6 +12482,19 @@ syncNicRxFilterMulticast(char *ifname, }
+/** + * qemuDomainSyncRxFilter: + * @vm: domain object + * @def: domain interface definition + * @asyncJob: async job type + * + * Fetch new state of RX Filter and set host side of the interface + * accordingly (e.g. reflect MAC address change on macvtap). + * + * Reflect changed MAC address in the domain definition. + * + * Returns: 0 on success, -1 on error. + */ int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, @@ -12535,6 +12548,11 @@ qemuDomainSyncRxFilter(virDomainObj *vm, return -1; }
+ /* Reflect changed MAC address in the domain XML. */ + if (virMacAddrCmp(&def->mac, &guestFilter->mac)) { + virMacAddrSet(&def->mac, &guestFilter->mac); + } +
If we go with the idea I suggested this needs to be done even when we're not updating the filters.
You mean, even when this qemuDomainSyncRxFilter() function is not called, i.e. update MAC addr from processNicRxFilterChangedEvent()? We could do that, but this RX_FILTER_CHANGED event is a bit special. To avoid flooding libvirt with this event, there's a antispam mechanism implemented - after QEMU emits the event it awaits 'query-rx-filter' monitor cmd. No other RX_FILTER_CHANGED event is emitted until the monitor cmd is issued. IOW, if we want to refresh MAC address on each event, we must (unconditionally) issue the command and then (based on trustGuestRxFilters) sync RX filters. What I can't decide is whether it's better to reflect MAC change in domain XML iff trustGuestRxFilters is set, or regardless. Michal
On Wed, Aug 02, 2023 at 09:15:43AM +0200, Michal Prívozník wrote:
On 7/26/23 16:45, Martin Kletzander wrote:
On Wed, Jun 28, 2023 at 12:53:35PM +0200, Michal Privoznik wrote:
If a guest changes MAC address on its vNIC, then QEMU emits NIC_RX_FILTER_CHANGED event (the event is emitted in other cases too, but that's not important right now). Now, domain XML allows users to chose whether to trust these events or not:
<interface trustGuestRxFilters='yes|no'/>
For the 'no' case no action is performed and the event is ignored. But for the 'yes' case, some host side features of corresponding vNIC (well tap/macvtap device) are tweaked to reflect changed MAC address. But what is missing is reflecting this new MAC address in domain XML.
Basically, what happens is: the host sees traffic with new MAC address, all tools inside the guest see the new MAC address (including 'virsh domifaddr --source agent') which makes it harder to match device in the guest with the one in the domain XML.
NB, we should relay this event to clients, but that is covered in next commits.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 18 ++++++++++++++++++ src/qemu/qemu_driver.c | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 94587638c3..5e5789a28c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -12482,6 +12482,19 @@ syncNicRxFilterMulticast(char *ifname, }
+/** + * qemuDomainSyncRxFilter: + * @vm: domain object + * @def: domain interface definition + * @asyncJob: async job type + * + * Fetch new state of RX Filter and set host side of the interface + * accordingly (e.g. reflect MAC address change on macvtap). + * + * Reflect changed MAC address in the domain definition. + * + * Returns: 0 on success, -1 on error. + */ int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, @@ -12535,6 +12548,11 @@ qemuDomainSyncRxFilter(virDomainObj *vm, return -1; }
+ /* Reflect changed MAC address in the domain XML. */ + if (virMacAddrCmp(&def->mac, &guestFilter->mac)) { + virMacAddrSet(&def->mac, &guestFilter->mac); + } +
If we go with the idea I suggested this needs to be done even when we're not updating the filters.
You mean, even when this qemuDomainSyncRxFilter() function is not called, i.e. update MAC addr from processNicRxFilterChangedEvent()?
We could do that, but this RX_FILTER_CHANGED event is a bit special. To avoid flooding libvirt with this event, there's a antispam mechanism implemented - after QEMU emits the event it awaits 'query-rx-filter' monitor cmd. No other RX_FILTER_CHANGED event is emitted until the monitor cmd is issued.
IOW, if we want to refresh MAC address on each event, we must (unconditionally) issue the command and then (based on trustGuestRxFilters) sync RX filters.
What I can't decide is whether it's better to reflect MAC change in domain XML iff trustGuestRxFilters is set, or regardless.
I meant this if we go with the idea of reporting both the HW MAC address and the guest's set MAC address in the live XML. That way we do not break existing use cases where they rely on the MAC address not changing and on top of that we allow for checking what the guest's MAC really is. I think this is a win-win, but feel free to disagree.
Michal
The aim off this event is to notify management application that guest changed MAC address on one of its vNICs so the app can update its internal records, e.g. for finding match between guest/host view of vNICs. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 9 files changed, 251 insertions(+), 1 deletion(-) diff --git a/examples/c/misc/event-test.c b/examples/c/misc/event-test.c index 64652b0153..1d6c47474d 100644 --- a/examples/c/misc/event-test.c +++ b/examples/c/misc/event-test.c @@ -1065,6 +1065,19 @@ myDomainEventMetadataChangeCallback(virConnectPtr conn G_GNUC_UNUSED, } +static int +myDomainEventNICMACChangeCallback(virConnectPtr conn G_GNUC_UNUSED, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque G_GNUC_UNUSED) +{ + printf("%s EVENT: Domain %s(%d) NIC MAC changed: alias: '%s' oldMAC: '%s' newMAC: '%s'\n", + __func__, virDomainGetName(dom), virDomainGetID(dom), alias, oldMAC, newMAC); + return 0; +} + static void myFreeFunc(void *opaque) @@ -1123,6 +1136,7 @@ struct domainEventData domainEvents[] = { DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD, myDomainEventBlockThresholdCallback), DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_MEMORY_FAILURE, myDomainEventMemoryFailureCallback), DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_MEMORY_DEVICE_SIZE_CHANGE, myDomainEventMemoryDeviceSizeChangeCallback), + DOMAIN_EVENT(VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE, myDomainEventNICMACChangeCallback), }; struct storagePoolEventData { diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h index a1902546bb..d39f2d2395 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -5756,6 +5756,33 @@ typedef void (*virConnectDomainEventMemoryDeviceSizeChangeCallback)(virConnectPt void *opaque); +/** + * virConnectDomainEventNICMACChangeCallback: + * @conn: connection object + * @dom: domain on which the event occurred + * @alias: network interface device alias + * @oldMAC: the old value of network interface MAC address + * @newMAC: the new value of network interface MAC address + * @opaque: application specified data + * + * The callback occurs when the guest changes MAC address on one of + * its virtual network interfaces, for QEMU domains this is emitted + * only for vNICs of model virtio. The event is not emitted for + * other types (e.g. PCI device passthrough). + * + * The callback signature to use when registering for an event of + * type VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE with + * virConnectDomainEventRegisterAny(). + * + * Since: 9.6.0 + */ +typedef void (*virConnectDomainEventNICMACChangeCallback)(virConnectPtr conn, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque); + /** * VIR_DOMAIN_EVENT_CALLBACK: * @@ -5804,6 +5831,7 @@ typedef enum { VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD = 24, /* virConnectDomainEventBlockThresholdCallback (Since: 3.2.0) */ VIR_DOMAIN_EVENT_ID_MEMORY_FAILURE = 25, /* virConnectDomainEventMemoryFailureCallback (Since: 6.9.0) */ VIR_DOMAIN_EVENT_ID_MEMORY_DEVICE_SIZE_CHANGE = 26, /* virConnectDomainEventMemoryDeviceSizeChangeCallback (Since: 7.9.0) */ + VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE = 27, /* virConnectDomainEventNICMACChangeCallback (Since: 9.6.0) */ # ifdef VIR_ENUM_SENTINELS VIR_DOMAIN_EVENT_ID_LAST diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c index 75603a933a..4d544f2d2f 100644 --- a/src/conf/domain_event.c +++ b/src/conf/domain_event.c @@ -57,6 +57,7 @@ static virClass *virDomainEventMetadataChangeClass; static virClass *virDomainEventBlockThresholdClass; static virClass *virDomainEventMemoryFailureClass; static virClass *virDomainEventMemoryDeviceSizeChangeClass; +static virClass *virDomainEventNICMACChangeClass; static void virDomainEventDispose(void *obj); static void virDomainEventLifecycleDispose(void *obj); @@ -81,6 +82,7 @@ static void virDomainEventMetadataChangeDispose(void *obj); static void virDomainEventBlockThresholdDispose(void *obj); static void virDomainEventMemoryFailureDispose(void *obj); static void virDomainEventMemoryDeviceSizeChangeDispose(void *obj); +static void virDomainEventNICMACChangeDispose(void *obj); static void virDomainEventDispatchDefaultFunc(virConnectPtr conn, @@ -285,6 +287,15 @@ struct _virDomainEventMemoryDeviceSizeChange { }; typedef struct _virDomainEventMemoryDeviceSizeChange virDomainEventMemoryDeviceSizeChange; +struct _virDomainEventNICMACChange { + virDomainEvent parent; + + char *alias; + char *oldMAC; + char *newMAC; +}; +typedef struct _virDomainEventNICMACChange virDomainEventNICMACChange; + static int virDomainEventsOnceInit(void) { @@ -334,6 +345,8 @@ virDomainEventsOnceInit(void) return -1; if (!VIR_CLASS_NEW(virDomainEventMemoryDeviceSizeChange, virDomainEventClass)) return -1; + if (!VIR_CLASS_NEW(virDomainEventNICMACChange, virDomainEventClass)) + return -1; return 0; } @@ -559,6 +572,16 @@ virDomainEventMemoryDeviceSizeChangeDispose(void *obj) g_free(event->alias); } +static void +virDomainEventNICMACChangeDispose(void *obj) +{ + virDomainEventNICMACChange *event = obj; + + g_free(event->alias); + g_free(event->oldMAC); + g_free(event->newMAC); +} + static void * virDomainEventNew(virClass *klass, int eventID, @@ -1734,6 +1757,62 @@ virDomainEventMemoryDeviceSizeChangeNewFromDom(virDomainPtr dom, } +static virObjectEvent * +virDomainEventNICMACChangeNew(int id, + const char *name, + unsigned char *uuid, + const char *alias, + const char *oldMAC, + const char *newMAC) + +{ + virDomainEventNICMACChange *ev; + + if (virDomainEventsInitialize() < 0) + return NULL; + + if (!(ev = virDomainEventNew(virDomainEventNICMACChangeClass, + VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE, + id, name, uuid))) + return NULL; + + ev->alias = g_strdup(alias); + ev->oldMAC = g_strdup(oldMAC); + ev->newMAC = g_strdup(newMAC); + + return (virObjectEvent *)ev; +} + + +virObjectEvent * +virDomainEventNICMACChangeNewFromObj(virDomainObj *obj, + const char *alias, + const char *oldMAC, + const char *newMAC) +{ + return virDomainEventNICMACChangeNew(obj->def->id, + obj->def->name, + obj->def->uuid, + alias, + oldMAC, + newMAC); +} + +virObjectEvent * +virDomainEventNICMACChangeNewFromDom(virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC) +{ + return virDomainEventNICMACChangeNew(dom->id, + dom->name, + dom->uuid, + alias, + oldMAC, + newMAC); + +} + static void virDomainEventDispatchDefaultFunc(virConnectPtr conn, virObjectEvent *event, @@ -2042,6 +2121,20 @@ virDomainEventDispatchDefaultFunc(virConnectPtr conn, goto cleanup; } + case VIR_DOMAIN_EVENT_ID_NIC_MAC_CHANGE: + { + virDomainEventNICMACChange *nicMacChangeEvent; + + nicMacChangeEvent = (virDomainEventNICMACChange *)event; + ((virConnectDomainEventNICMACChangeCallback)cb)(conn, dom, + nicMacChangeEvent->alias, + nicMacChangeEvent->oldMAC, + nicMacChangeEvent->newMAC, + cbopaque); + + goto cleanup; + } + case VIR_DOMAIN_EVENT_ID_LAST: break; } diff --git a/src/conf/domain_event.h b/src/conf/domain_event.h index f4016dc1e9..f31cfb9e42 100644 --- a/src/conf/domain_event.h +++ b/src/conf/domain_event.h @@ -277,6 +277,18 @@ virDomainEventMemoryDeviceSizeChangeNewFromDom(virDomainPtr dom, const char *alias, unsigned long long size); +virObjectEvent * +virDomainEventNICMACChangeNewFromObj(virDomainObj *obj, + const char *alias, + const char *oldMAC, + const char *newMAC); + +virObjectEvent * +virDomainEventNICMACChangeNewFromDom(virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC); + int virDomainEventStateRegister(virConnectPtr conn, virObjectEventState *state, diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index fb7ad9c855..d5e9f321b9 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -754,6 +754,8 @@ virDomainEventMetadataChangeNewFromDom; virDomainEventMetadataChangeNewFromObj; virDomainEventMigrationIterationNewFromDom; virDomainEventMigrationIterationNewFromObj; +virDomainEventNICMACChangeNewFromDom; +virDomainEventNICMACChangeNewFromObj; virDomainEventPMSuspendDiskNewFromDom; virDomainEventPMSuspendDiskNewFromObj; virDomainEventPMSuspendNewFromDom; diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 7144e9e7ca..f347e7bcce 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -1357,6 +1357,37 @@ remoteRelayDomainEventMemoryDeviceSizeChange(virConnectPtr conn, } +static int +remoteRelayDomainEventNICMACChange(virConnectPtr conn, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque) +{ + daemonClientEventCallback *callback = opaque; + remote_domain_event_nic_mac_change_msg data; + + if (callback->callbackID < 0 || + !remoteRelayDomainEventCheckACL(callback->client, conn, dom)) + return -1; + + /* build return data */ + memset(&data, 0, sizeof(data)); + data.callbackID = callback->callbackID; + data.alias = g_strdup(alias); + data.oldMAC = g_strdup(oldMAC); + data.newMAC = g_strdup(newMAC); + make_nonnull_domain(&data.dom, dom); + + remoteDispatchObjectEventSend(callback->client, remoteProgram, + REMOTE_PROC_DOMAIN_EVENT_NIC_MAC_CHANGE, + (xdrproc_t)xdr_remote_domain_event_nic_mac_change_msg, + &data); + return 0; +} + + static virConnectDomainEventGenericCallback domainEventCallbacks[] = { VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventLifecycle), VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventReboot), @@ -1385,6 +1416,7 @@ static virConnectDomainEventGenericCallback domainEventCallbacks[] = { VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventBlockThreshold), VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventMemoryFailure), VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventMemoryDeviceSizeChange), + VIR_DOMAIN_EVENT_CALLBACK(remoteRelayDomainEventNICMACChange), }; G_STATIC_ASSERT(G_N_ELEMENTS(domainEventCallbacks) == VIR_DOMAIN_EVENT_ID_LAST); diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 65ec239fb7..43f61321dc 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -427,6 +427,11 @@ remoteConnectNotifyEventConnectionClosed(virNetClientProgram *prog G_GNUC_UNUSED virNetClient *client G_GNUC_UNUSED, void *evdata, void *opaque); +static void +remoteDomainBuildEventNICMACChange(virNetClientProgram *prog, + virNetClient *client, + void *evdata, void *opaque); + static virNetClientProgramEvent remoteEvents[] = { { REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE, remoteDomainBuildEventLifecycle, @@ -641,6 +646,10 @@ static virNetClientProgramEvent remoteEvents[] = { remoteDomainBuildEventMemoryDeviceSizeChange, sizeof(remote_domain_event_memory_device_size_change_msg), (xdrproc_t)xdr_remote_domain_event_memory_device_size_change_msg }, + { REMOTE_PROC_DOMAIN_EVENT_NIC_MAC_CHANGE, + remoteDomainBuildEventNICMACChange, + sizeof(remote_domain_event_nic_mac_change_msg), + (xdrproc_t)xdr_remote_domain_event_nic_mac_change_msg }, }; static void @@ -5198,6 +5207,31 @@ remoteDomainBuildEventMemoryDeviceSizeChange(virNetClientProgram *prog G_GNUC_UN } +static void +remoteDomainBuildEventNICMACChange(virNetClientProgram *prog G_GNUC_UNUSED, + virNetClient *client G_GNUC_UNUSED, + void *evdata, void *opaque) +{ + virConnectPtr conn = opaque; + remote_domain_event_nic_mac_change_msg *msg = evdata; + struct private_data *priv = conn->privateData; + virDomainPtr dom; + virObjectEvent *event = NULL; + + if (!(dom = get_nonnull_domain(conn, msg->dom))) + return; + + event = virDomainEventNICMACChangeNewFromDom(dom, + msg->alias, + msg->oldMAC, + msg->newMAC); + + virObjectUnref(dom); + + virObjectEventStateQueueRemote(priv->eventState, event, msg->callbackID); +} + + static int remoteStreamSend(virStreamPtr st, const char *data, diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 5d86a51116..af19846668 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -3935,6 +3935,15 @@ struct remote_domain_fd_associate_args { remote_nonnull_string name; unsigned int flags; }; + +struct remote_domain_event_nic_mac_change_msg { + int callbackID; + remote_nonnull_domain dom; + remote_nonnull_string alias; + remote_nonnull_string oldMAC; + remote_nonnull_string newMAC; +}; + /*----- Protocol. -----*/ /* Define the program number, protocol version and procedure numbers here. */ @@ -6974,5 +6983,11 @@ enum remote_procedure { * @generate: none * @acl: domain:write */ - REMOTE_PROC_DOMAIN_FD_ASSOCIATE = 443 + REMOTE_PROC_DOMAIN_FD_ASSOCIATE = 443, + + /** + * @generate: both + * @acl: none + */ + REMOTE_PROC_DOMAIN_EVENT_NIC_MAC_CHANGE = 444 }; diff --git a/tools/virsh-domain-event.c b/tools/virsh-domain-event.c index 2969c22a91..2467fa00a8 100644 --- a/tools/virsh-domain-event.c +++ b/tools/virsh-domain-event.c @@ -788,6 +788,24 @@ virshEventMemoryDeviceSizeChangePrint(virConnectPtr conn G_GNUC_UNUSED, } +static void +virshEventNICMACChangePrint(virConnectPtr conn G_GNUC_UNUSED, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque) +{ + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + + virBufferAsprintf(&buf, + _("event 'nic-mac-change' for domain '%1$s':\nalias: %2$s\noldMAC: %3$s\nnewMAC: %4$s\n"), + virDomainGetName(dom), alias, oldMAC, newMAC); + + virshEventPrint(opaque, &buf); +} + + virshDomainEventCallback virshDomainEventCallbacks[] = { { "lifecycle", VIR_DOMAIN_EVENT_CALLBACK(virshEventLifecyclePrint), }, @@ -841,6 +859,8 @@ virshDomainEventCallback virshDomainEventCallbacks[] = { VIR_DOMAIN_EVENT_CALLBACK(virshEventMemoryFailurePrint), }, { "memory-device-size-change", VIR_DOMAIN_EVENT_CALLBACK(virshEventMemoryDeviceSizeChangePrint), }, + { "nic-mac-change", + VIR_DOMAIN_EVENT_CALLBACK(virshEventNICMACChangePrint), }, }; G_STATIC_ASSERT(VIR_DOMAIN_EVENT_ID_LAST == G_N_ELEMENTS(virshDomainEventCallbacks)); -- 2.39.3
On Wed, Jun 28, 2023 at 12:53:36PM +0200, Michal Privoznik wrote:
The aim off this event is to notify management application that guest changed MAC address on one of its vNICs so the app can update its internal records, e.g. for finding match between guest/host view of vNICs.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 9 files changed, 251 insertions(+), 1 deletion(-)
[...]
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 7144e9e7ca..f347e7bcce 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -1357,6 +1357,37 @@ remoteRelayDomainEventMemoryDeviceSizeChange(virConnectPtr conn, }
+static int +remoteRelayDomainEventNICMACChange(virConnectPtr conn, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque) +{ + daemonClientEventCallback *callback = opaque; + remote_domain_event_nic_mac_change_msg data; + + if (callback->callbackID < 0 || + !remoteRelayDomainEventCheckACL(callback->client, conn, dom)) + return -1; + + /* build return data */ + memset(&data, 0, sizeof(data));
Just a nit pick, but instead of this you should be able to do: remote_domain_event_nic_mac_change_msg data = {0}; above.
On 7/26/23 16:47, Martin Kletzander wrote:
On Wed, Jun 28, 2023 at 12:53:36PM +0200, Michal Privoznik wrote:
The aim off this event is to notify management application that guest changed MAC address on one of its vNICs so the app can update its internal records, e.g. for finding match between guest/host view of vNICs.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 9 files changed, 251 insertions(+), 1 deletion(-)
[...]
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 7144e9e7ca..f347e7bcce 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -1357,6 +1357,37 @@ remoteRelayDomainEventMemoryDeviceSizeChange(virConnectPtr conn, }
+static int +remoteRelayDomainEventNICMACChange(virConnectPtr conn, + virDomainPtr dom, + const char *alias, + const char *oldMAC, + const char *newMAC, + void *opaque) +{ + daemonClientEventCallback *callback = opaque; + remote_domain_event_nic_mac_change_msg data; + + if (callback->callbackID < 0 || + !remoteRelayDomainEventCheckACL(callback->client, conn, dom)) + return -1; + + /* build return data */ + memset(&data, 0, sizeof(data));
Just a nit pick, but instead of this you should be able to do:
remote_domain_event_nic_mac_change_msg data = {0};
Yep, you're right. This is what you get when you copy code from an event introduced earlier :-) Fixed locally. Michal
So far, we only process NIC_RX_FILTER_CHANGED event when the corresponding device has 'trustGuestRxFilters' enabled. And the event is emitted only for virtio model. IOW, this is fairly limited situation and other scenarios don't emit any event (e.g. change of MAC address on a PCI passthrough device). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2025303 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_domain.c | 16 +++++++++++++++- src/qemu/qemu_domain.h | 3 ++- src/qemu/qemu_driver.c | 9 ++++++--- src/qemu/qemu_process.c | 2 +- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 5e5789a28c..51e5db6631 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -12498,7 +12498,8 @@ syncNicRxFilterMulticast(char *ifname, int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, - virDomainAsyncJob asyncJob) + virDomainAsyncJob asyncJob, + virObjectEvent **event) { qemuDomainObjPrivate *priv = vm->privateData; g_autoptr(virNetDevRxFilter) guestFilter = NULL; @@ -12550,6 +12551,19 @@ qemuDomainSyncRxFilter(virDomainObj *vm, /* Reflect changed MAC address in the domain XML. */ if (virMacAddrCmp(&def->mac, &guestFilter->mac)) { + if (event) { + char oldMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + char newMAC[VIR_MAC_STRING_BUFLEN] = { 0 }; + + virMacAddrFormat(&def->mac, oldMAC); + virMacAddrFormat(&guestFilter->mac, newMAC); + + *event = virDomainEventNICMACChangeNewFromObj(vm, + def->info.alias, + oldMAC, + newMAC); + } + virMacAddrSet(&def->mac, &guestFilter->mac); } diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 999190e381..3021208c4c 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -1127,7 +1127,8 @@ qemuDomainRefreshStatsSchema(virDomainObj *dom); int qemuDomainSyncRxFilter(virDomainObj *vm, virDomainNetDef *def, - virDomainAsyncJob asyncJob); + virDomainAsyncJob asyncJob, + virObjectEvent **event); int qemuDomainSchedCoreStart(virQEMUDriverConfig *cfg, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ccf653d201..f713bff6ab 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3702,9 +3702,11 @@ processNetdevStreamDisconnectedEvent(virDomainObj *vm, static void -processNicRxFilterChangedEvent(virDomainObj *vm, +processNicRxFilterChangedEvent(virQEMUDriver *driver, + virDomainObj *vm, const char *devAlias) { + virObjectEvent *event = NULL; virDomainDeviceDef dev; virDomainNetDef *def; @@ -3749,11 +3751,12 @@ processNicRxFilterChangedEvent(virDomainObj *vm, VIR_DEBUG("process NIC_RX_FILTER_CHANGED event for network " "device %s in domain %s", def->info.alias, vm->def->name); - if (qemuDomainSyncRxFilter(vm, def, VIR_ASYNC_JOB_NONE) < 0) + if (qemuDomainSyncRxFilter(vm, def, VIR_ASYNC_JOB_NONE, &event) < 0) goto endjob; endjob: virDomainObjEndJob(vm); + virObjectEventStateQueue(driver->domainEventState, event); } @@ -4054,7 +4057,7 @@ static void qemuProcessEventHandler(void *data, void *opaque) processNetdevStreamDisconnectedEvent(vm, processEvent->data); break; case QEMU_PROCESS_EVENT_NIC_RX_FILTER_CHANGED: - processNicRxFilterChangedEvent(vm, processEvent->data); + processNicRxFilterChangedEvent(driver, vm, processEvent->data); break; case QEMU_PROCESS_EVENT_SERIAL_CHANGED: processSerialChangedEvent(driver, vm, processEvent->data, diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index db06991450..61c1a75639 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -7925,7 +7925,7 @@ qemuProcessRefreshRxFilters(virDomainObj *vm, if (!virDomainNetGetActualTrustGuestRxFilters(def)) continue; - if (qemuDomainSyncRxFilter(vm, def, asyncJob) < 0) + if (qemuDomainSyncRxFilter(vm, def, asyncJob, NULL) < 0) return -1; } -- 2.39.3
On Wed, Jun 28, 2023 at 12:53:34PM +0200, Michal Privoznik wrote:
These are RFC patches. I'd like to start a discussion on the following problem:
We need to decide if we want to inform users in the live XML that the MAC changed (no matter the setting of trustGuestRxFilters), idea below. We could then add a flag to virDomainInterfaceAddresses() that switches to the other MAC address.
A mgmt application has info tied to an <interface/> (stored elsewhere, not important right now). And they use basically the only piece of information that's visible in both host and guest: MAC address. No, user aliases are not visible in the guest. Therefore, when they query the guest-agent (e.g. via 'virsh domifaddr --source agent') they can reconstruct their knowledge on NICs.
But there's a catch - if user decides to change MAC address form inside of the VM. Then the only link between host and guest is broken.
Now, we could make the guest-agent report both current and permanent MAC address. But unfortunately, libvirt's virDomainInterfaceAddresses() is not prepared for that.
Now, I don't recall why we decided to not update MAC address in the live XML on change, but maybe somebody else does. Or we can pass the event from QEMU to the mgmt application so that it can update its state.
Could that be that referring to the interface would be troublesome? Can we add something like "current MAC address" in case it was changed?
Michal Prívozník (3): qemu: Reflect MAC address change in live domain XML Introduce NIC_MAC_CHANGE event qemu: Emit NIC_MAC_CHANGE event
examples/c/misc/event-test.c | 14 +++++ include/libvirt/libvirt-domain.h | 28 +++++++++ src/conf/domain_event.c | 93 +++++++++++++++++++++++++++++ src/conf/domain_event.h | 12 ++++ src/libvirt_private.syms | 2 + src/qemu/qemu_domain.c | 34 ++++++++++- src/qemu/qemu_domain.h | 3 +- src/qemu/qemu_driver.c | 11 ++-- src/qemu/qemu_process.c | 2 +- src/remote/remote_daemon_dispatch.c | 32 ++++++++++ src/remote/remote_driver.c | 34 +++++++++++ src/remote/remote_protocol.x | 17 +++++- tools/virsh-domain-event.c | 20 +++++++ 13 files changed, 294 insertions(+), 8 deletions(-)
-- 2.39.3
participants (3)
-
Martin Kletzander -
Michal Privoznik -
Michal Prívozník