10:55 a.m.
Hi,
I am trying to update the network filters on running guest machines (qemu
backend) without having to restart the domain.
Say I have a running domain "test" with this interface:
<interface type='bridge'>
<mac address='52:54:00:84:6d:6d'/>
<source bridge='virbr1'/>
<model type='virtio'/>
<filterref filter='clean-traffic-with-v6'>
<parameter name='IP' value='172.18.1.9'/>
<parameter name='IPV6' value='fe80::5054:ff:fe84:6d6d'/>
<parameter name='MAC' value='52:54:00:84:6d:6d'/>
</filterref>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
</interface>
Now I want that domain to be able to use an additional IP address for some
reason, so I write a file uppdevice.xml with this content:
<interface type='bridge'>
<mac address='52:54:00:84:6d:6d'/>
<source bridge='virbr1'/>
<model type='virtio'/>
<filterref filter='clean-traffic-with-v6'>
<parameter name='IP' value='172.18.1.9'/>
<parameter name='IP' value='172.18.1.10'/>
<parameter name='IPV6' value='fe80::5054:ff:fe84:6d6d'/>
<parameter name='MAC' value='52:54:00:84:6d:6d'/>
</filterref>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
</interface>
and run
update-device test-cpu-restrict2 upddevice.xml
in virsh.
This appears to work without problems and produces no error messages (it
prints "Device updated successfully"), except the ebtables script on the host
machine does not get updated after that and consequently, the new IP address
is not usable.
Regards,
Guido