[libvirt] Using callback under Windows compiling of libvirt library
Hi, I have compiled LibVirt 0.7.4 under mingw, and I want to use it with domain callback. Here is a a code sample of my situation (I'm using visual studio) : static int domain_event(virConnectPtr conn, virDomainPtr dom, int evt, int detail, void *opaque) { bool test = true; return 0; } int _tmain(int argc, _TCHAR* argv[]) { virConnectPtr conn = virConnectOpen(qemu+tcp://192.168.220.198/session); // Set Callback int cbresult = virConnectDomainEventRegister(conn, domain_event, NULL, NULL); // Lookup Domain virDomainPtr dom = virDomainLookupByName(conn, Test1); if (virDomainIsActive(dom) == 1) { // Start Domain int startDom = virDomainCreate(dom); if (startDom != 0) { virErrorPtr e = virGetLastError(); bool test = true; } } else { // Stop Domain int StopDom = virDomainDestroy(dom); if (StopDom != 0) { virErrorPtr e = virGetLastError(); bool test = true; } } return 0; } This code works well when I did'nt use callbacks, but when I use it, it throw an error at the virDomainCreate or virDomainDestroy call. In the application windows (console) I have an unmarshaling msg, I have study the case it comme from the call of xdr_string method in the xdr_remote_nonull_string method (remote_protocol.c). I think, the xdr_string method is unable to marshall strings from the XDR* object to a char**. I've tried with dynamic linking or static linking of libvirt lib. Have you any clue to have work callbacks ? Best Regards, Arnaud Champion-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Assigning Static IP through libvirt.
Hi, I want to assign a static IP address to one of the interfaces created through libvirt. Can anyone please let me know the network XML format? I explored lot of sites on this, but I only found assigning IP address through DHCP rather than Static. Can u please help me. Regards, Srikanth. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] virStoragePoolGetXMLDesc - how to specify format type
Hi, I'm trying to write virStoragePoolGetXMLDesc() for XenAPI remote storage. I'd like to produce an XML similar to this pool type=netfs name/name uuid/uuid source format type=nfs/ host name=telos/ dir path=/images/ /source /pool I'm trying to fill in the virStoragePoolDefPtr for this. I need to know if struct _virStoragePoolSource-format Is the one to fill for format type=nfs. It's seemingly an integer. Is there any enum for format types for Nfs and ext3? I couldn't find any in storage_conf.h My next query is, when would I have to fill in device path? What is it used for And which pool types use it for remote storage? Could someone explain? Regards, Sharadha -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Network XML for static IP address.
On Wed, Mar 17, 2010 at 01:00:06PM +0530, Kumar L Srikanth-B22348 wrote: Hi, I want to assign a static IP address to one of the interfaces created through libvirt. Can anyone please let me know the network XML format? I explored lot of sites on this, but I only found assigning IP address through DHCP rather than Static. As you say, the network XML lets you setup static DHCP IP- Mac address mappings. If you want static IP without DHCP, then you just configure that directly in your guest OS as you would on any physical machine Regards, Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Using callback under Windows compiling of libvirt library
2010/3/18 Dev.Atom arnaud.champ...@devatom.fr: Hi, I have compiled LibVirt 0.7.4 under mingw, and I want to use it with domain callback. Here is a a code sample of my situation (I'm using visual studio) Did you compile it on Windows, or cross-compile it from Linux? static int domain_event(virConnectPtr conn, virDomainPtr dom, int evt, int detail, void *opaque) { bool test = true; return 0; } int _tmain(int argc, _TCHAR* argv[]) { virConnectPtr conn = virConnectOpen( qemu+tcp://192.168.220.198/session); // Set Callback int cbresult = virConnectDomainEventRegister(conn, domain_event, NULL, NULL); // Lookup Domain virDomainPtr dom = virDomainLookupByName(conn, Test1); if (virDomainIsActive(dom) == 1) { // Start Domain int startDom = virDomainCreate(dom); if (startDom != 0) { virErrorPtr e = virGetLastError(); bool test = true; } } else { // Stop Domain int StopDom = virDomainDestroy(dom); if (StopDom != 0) { virErrorPtr e = virGetLastError(); bool test = true; } } return 0; } This code is incomplete, you're missing the event-handling, see the virEventRegisterImpl function. Have you tried the domain-event example yet? See examples/domain-events/events-c/event-test.c in the libvirt codebase. This code works well when I did'nt use callbacks, but when I use it, it throw an error at the virDomainCreate or virDomainDestroy call. In the application windows (console) I have an unmarshaling msg, I have study the case it comme from the call of xdr_string method in the xdr_remote_nonull_string method (remote_protocol.c). I think, the xdr_string method is unable to marshall strings from the XDR* object to a char**. Where did you get your XDR lib from? I'm using libportablexdr [1] version 4.9.1 on Windows, but had to patch it to get it compile correctly with MinGW. This may be a bug in your XDR lib, or may be a problem in the way libvirt uses XDR, or it's just a symptom of that fact that you try to use domain events without registering event-handling first. [1] http://people.redhat.com/~rjones/portablexdr/ Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 0/13] [RFC] Network filtering (ACL) extensions for libvirt
Daniel P. Berrange berra...@redhat.com wrote on 03/17/2010 11:00:26 AM: I hadn't thought about calling that function... I would want to call a function that can handle something like bash scripts, i.e., multiple concatenated fragments as those shown above just to be more 'efficient'. Is it really more efficient ? If you need to run 20 ebtables commands, then using bash does 1 fork/exec for bash bash then does another 20 fork/exec for ebtables. Alternatively just use virRun() for each ebtables command you just still have 20 fork/execs, without using bash. I converted some of the code to use virRun() rather than writing the script and running it. This works with the ebtables level code but on iptables I do have some fragments that are real scripts testing for example whether jumps into user define iptables chains exists in the FORWARD table and only create the jump entries if they don't exist and take other corrective actions. Those scripts use pipes with grep and gawk and also use grep'ed return values. So I am not sure what to do about those, but would prefer to keep them as they are... Stefan If virRun() can handle that and $? for example would be treated there as the return value (which I think is bash-dependent), I'd be happy to call it as well. I'd think just call virRun once for each ebtables command - virRun gives you back the exit status of the command Regards, Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/:| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org:| |: http://autobuild.org-o- http://search.cpan.org/~danberr/:| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add --downtime option to virsh migrate command
@@ -2794,6 +2799,19 @@ cmdMigrate (vshControl *ctl, const vshCmd *cmd) if (vshCommandOptBool (cmd, suspend)) flags |= VIR_MIGRATE_PAUSED; +downtime = vshCommandOptFloat(cmd, downtime, found); +if (found) { +unsigned long long nanoseconds = downtime * 1e9; + +if (nanoseconds = 0) { +vshError(ctl, %s, _(migrate: Invalid downtime)); +goto done; +} You are only detecting negative time. But what about overflow, or if downtime was NaN or inf? Yeah, the test is completely wrong. It's effectively detecting only 0 time, unsigned cannot really be negative ;) +else if (opt-type == VSH_OT_FLOAT) +/* xgettext:c-format */ +fmt = _([--%s decimal]); decimal reminds me of base-10 integers, not floating point. It looks like this is the first time we are accepting floating point; should we use float or floating-point instead as the terminology? That's probably better but this part will be removed completely in the new version so we don't have to worry about the terminology. +res = strtod(arg-data, end_p); Should we be using the gnulib strtod module here? Why? It doesn't seem to be any better than C89 strtod. Or did I miss anything? Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] Using callback under Windows compiling of libvirt library
I use libportablexdr 4.9.1 from the web site you indicate. I have compile it without any problem using the mingwin fedora environment (I have compile all under this environment), I haven't modified anything in the source, a simple configure like this : ./configure --host=i686-pc-mingw32 --prefix=/usr/i686-pc-mingw32/sys-root/mingw/ then, make and make install, nothing else. Can explain me or point me on an explaination for registering event-handling please ? -- From: Matthias Bolte matthias.bo...@googlemail.com Sent: Thursday, March 18, 2010 11:39 AM To: Dev.Atom arnaud.champ...@devatom.fr Cc: libvir-list@redhat.com Subject: Re: [libvirt] Using callback under Windows compiling of libvirt library 2010/3/18 Dev.Atom arnaud.champ...@devatom.fr: Hi, I have compiled LibVirt 0.7.4 under mingw, and I want to use it with domain callback. Here is a a code sample of my situation (I'm using visual studio) Did you compile it on Windows, or cross-compile it from Linux? static int domain_event(virConnectPtr conn, virDomainPtr dom, int evt, int detail, void *opaque) { bool test = true; return 0; } int _tmain(int argc, _TCHAR* argv[]) { virConnectPtr conn = virConnectOpen( qemu+tcp://192.168.220.198/session); // Set Callback int cbresult = virConnectDomainEventRegister(conn, domain_event, NULL, NULL); // Lookup Domain virDomainPtr dom = virDomainLookupByName(conn, Test1); if (virDomainIsActive(dom) == 1) { // Start Domain int startDom = virDomainCreate(dom); if (startDom != 0) { virErrorPtr e = virGetLastError(); bool test = true; } } else { // Stop Domain int StopDom = virDomainDestroy(dom); if (StopDom != 0) { virErrorPtr e = virGetLastError(); bool test = true; } } return 0; } This code is incomplete, you're missing the event-handling, see the virEventRegisterImpl function. Have you tried the domain-event example yet? See examples/domain-events/events-c/event-test.c in the libvirt codebase. This code works well when I did'nt use callbacks, but when I use it, it throw an error at the virDomainCreate or virDomainDestroy call. In the application windows (console) I have an unmarshaling msg, I have study the case it comme from the call of xdr_string method in the xdr_remote_nonull_string method (remote_protocol.c). I think, the xdr_string method is unable to marshall strings from the XDR* object to a char**. Where did you get your XDR lib from? I'm using libportablexdr [1] version 4.9.1 on Windows, but had to patch it to get it compile correctly with MinGW. This may be a bug in your XDR lib, or may be a problem in the way libvirt uses XDR, or it's just a symptom of that fact that you try to use domain events without registering event-handling first. [1] http://people.redhat.com/~rjones/portablexdr/ Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Small fix for LSB compilance of init script
On Wed, Mar 03, 2010 at 11:58:51AM +0100, Daniel Veillard wrote: A trivial small fix: Fix LSB compliance of init script https://bugzilla.redhat.com/show_bug.cgi?id=538701 * daemon/libvirtd.init.in: daemon/libvirtd.init.in were not mentionned in the usage message and if a missing or wrong argument is given it should return 2, not 1 diff --git a/daemon/libvirtd.init.in b/daemon/libvirtd.init.in index b808ab3..4c8821b 100644 --- a/daemon/libvirtd.init.in +++ b/daemon/libvirtd.init.in @@ -106,8 +106,8 @@ case $1 in [ -f @localstatedir@/lock/subsys/$SERVICE ] restart || : ;; *) -echo $Usage: $0 {start|stop|status|restart|condrestart|reload} - exit 1 +echo $Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload|try-restart} + exit 2 ;; esac exit $RETVAL Okay, that's trivial, so I pushed it, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Change logrotate to be per-hypervisor logs
On Thu, Mar 04, 2010 at 03:36:26PM +0100, Daniel Veillard wrote: Original bug is: https://bugzilla.redhat.com/show_bug.cgi?id=547514 maybe this could be done in slightly different way, possibly more generic, but I think doing a simple split is good enough for now. Change logrotate to be per-hypervisor logs Having a single logrotate configuration file for all hypervisors did not work as logrotate would get confused if an hypervisor not supported on that platform was still listed. Simplest is to split the logrotate as separate per hypervisor files and change the spec file to only install the ones compiled in. * daemon/libvirtd.lxc.logrotate.in daemon/libvirtd.qemu.logrotate.in daemon/libvirtd.uml.logrotate.in: copy and split the original daemon/libvirtd.logrotate.in file * daemon/Makefile.am: update to support the different files * libvirt.spec.in: only install the relevant logrotate configs Actually that last change was not sufficient, for rpms where qemu lxc or uml are not compiled in we also must remove the associated logrotate conf files from the installed tree to avoid rpm build failures Since it's an rpm build breaker I pushed that trivial fix, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ diff --git a/libvirt.spec.in b/libvirt.spec.in index a54d546..05ded0a 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -592,10 +592,16 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/libvirt-%{version} %if ! %{with_qemu} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu.conf +rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu %endif %if ! %{with_lxc} rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/lxc.conf +rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.qemu %endif +%if ! %{with_uml} +rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.uml +%endif + %if %{with_libvirtd} chmod 0644 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/libvirtd -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: enforce recent N_ usage
On Wed, Mar 17, 2010 at 05:22:03PM -0600, Eric Blake wrote: * cfg.mk (sc_prohibit_gettext_noop): New rule. --- cfg.mk |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/cfg.mk b/cfg.mk index 3fd9f7b..5b4d6ed 100644 --- a/cfg.mk +++ b/cfg.mk @@ -105,6 +105,11 @@ sc_prohibit_gethostname: msg='use virGetHostname, not gethostname' \ $(_prohibit_regexp) +sc_prohibit_gettext_noop: + @re='gettext_noop *\(' \ + msg='use _N, not gettext_noop' \ + $(_prohibit_regexp) + sc_prohibit_VIR_ERR_NO_MEMORY: @re='\V''IR_ERR_NO_MEMORY\' \ msg='use virReportOOMError, not V'IR_ERR_NO_MEMORY \ ACK, pushed, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Fix FD leak in qemudStartVMDaemon
On Wed, Mar 17, 2010 at 10:35:51PM +0100, Matthias Bolte wrote: The logfile FD is dup2'ed in __virExec in the child. The FD needs to be closed in the parent, otherwise it leaks. --- src/qemu/qemu_driver.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c8f3a15..fbb1275 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2963,6 +2963,9 @@ static int qemudStartVMDaemon(virConnectPtr conn, if (virDomainSaveStatus(driver-caps, driver-stateDir, vm) 0) goto abort; +if (logfile != -1) +close(logfile); + return 0; cleanup: ACK, but we test if ((logfile = ...) 0) goto cleanup; so the logical counterpart would be if (logfile = 0) close(logfile); Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] website: Remove old repos from download section
On Wed, Mar 17, 2010 at 03:32:56PM -0400, Cole Robinson wrote: We haven't been using CVS for quite a while now, so I think we can safely drop the reference to the old server and git mirror. Signed-off-by: Cole Robinson crobi...@redhat.com --- docs/downloads.html.in | 33 - 1 files changed, 0 insertions(+), 33 deletions(-) diff --git a/docs/downloads.html.in b/docs/downloads.html.in index 493923c..2bfb459 100644 --- a/docs/downloads.html.in +++ b/docs/downloads.html.in @@ -43,18 +43,6 @@ a href=http://libvirt.org/git/?p=libvirt.git;a=summary;http://libvirt.org/git/?p=libvirt.git;a=summary/a /pre -h2CVS repository access (Deprecated) /h2 -p - The master source repository used to be under a href=http://ximbiot.com/cvs/cvshome/docs/;CVS/a - with anonymous access at: - /p -pre - - # cvs -d :pserver:anon...@libvirt.org:2401/data/cvs co libvirt -/pre - p The server is maintainened temporarilly for existing uses, but all - changes are only commited to git now and we expect to deprecate the CVS - server during summer 2009. /p h2Building from a source code checkout/h2 p The libvirt build process uses GNU autotools, so after obtaining a @@ -69,26 +57,5 @@ make install /pre -h2GIT repository mirror/h2 - -p - Jim Mereying was maintaining a CVS to git mirror on - a href=http://git.et.redhat.com/?p=libvirt.git;git.et.redhat.com/a. - Existing users should migrate to the new libvirt.org git server, as the - old one is now deprecated. For the sake of old links including now- - rewritten SHA1s, we'll leave the old repository on-line for some time. - It is available as: -/p -pre - - git clone git://git.et.redhat.com/libvirt.git -/pre -p - It can also be browsed at -/p -pre - a href=http://git.et.redhat.com/?p=libvirt.git;a=summary;http://git.et.redhat.com/?p=libvirt.git;a=summary/a -/pre - /body /html -- 1.6.6.1 ACK, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] website: Drop static FAQ, point to http://wiki.libvirt.org/page/FAQ
On Wed, Mar 17, 2010 at 03:32:55PM -0400, Cole Robinson wrote: The static FAQ was from the days before even QEMU support. I added a few questions to the wiki FAQ about the software license and how to download and install (basically just pointing to downloads.html). The remaining questions on the static page aren't anything that I think is really 'frequently asked' (changing socket perms for regular user xen access, and issues building against libvirt). I would like to keep the basic build instructions and rpm rebuild ones as part of the static docs which are distributed with the sources, and not have to rely on web + wiki working. So I'm fine removing this only if we put the informations in another places in the static documetnation, I don't want them just removed. Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] View graphical desktop of linux distribution through libvirt.
Hi Daniel, Is it possible to view the graphical desktop(startx) of any linux distribution in libvirt through Linux Container(LXC)? If it is possible, what are the necessary dependents we need to take care in the Domain XML or in the minimal Root file system of the linux distribution. Can you please let me know. Regards, Srikanth. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Fix FD leak in qemudStartVMDaemon
2010/3/18 Daniel Veillard veill...@redhat.com: On Wed, Mar 17, 2010 at 10:35:51PM +0100, Matthias Bolte wrote: The logfile FD is dup2'ed in __virExec in the child. The FD needs to be closed in the parent, otherwise it leaks. --- src/qemu/qemu_driver.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c8f3a15..fbb1275 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2963,6 +2963,9 @@ static int qemudStartVMDaemon(virConnectPtr conn, if (virDomainSaveStatus(driver-caps, driver-stateDir, vm) 0) goto abort; + if (logfile != -1) + close(logfile); + return 0; cleanup: ACK, but we test if ((logfile = ...) 0) goto cleanup; so the logical counterpart would be if (logfile = 0) close(logfile); Daniel True. I just copied the the close call from the cleanup block. Both blocks (cleanup and abort) check for != 1, so one could argue to change them to = 0 too. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Fix FD leak in qemudStartVMDaemon
On Thu, Mar 18, 2010 at 02:31:56PM +0100, Matthias Bolte wrote: 2010/3/18 Daniel Veillard veill...@redhat.com: On Wed, Mar 17, 2010 at 10:35:51PM +0100, Matthias Bolte wrote: The logfile FD is dup2'ed in __virExec in the child. The FD needs to be closed in the parent, otherwise it leaks. --- src/qemu/qemu_driver.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c8f3a15..fbb1275 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2963,6 +2963,9 @@ static int qemudStartVMDaemon(virConnectPtr conn, if (virDomainSaveStatus(driver-caps, driver-stateDir, vm) 0) goto abort; + if (logfile != -1) + close(logfile); + return 0; cleanup: ACK, but we test if ((logfile = ...) 0) goto cleanup; so the logical counterpart would be if (logfile = 0) close(logfile); Daniel True. I just copied the the close call from the cleanup block. Both blocks (cleanup and abort) check for != 1, so one could argue to change them to = 0 too. Either way, let's plug the leak :-) thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] dont't crash in virsh dominfo domain
On Wed, Mar 17, 2010 at 09:11:07PM +0100, Guido Günther wrote: Hi, virsh dominfo domain crashes with: #0 strlen () at ../sysdeps/i386/i486/strlen.S:69 #1 0x080891c9 in qemudNodeGetSecurityModel (conn=0x8133940, secmodel=0xb5676ede) at qemu/qemu_driver.c:4911 #2 0xb7eb5623 in virNodeGetSecurityModel (conn=0x8133940, secmodel=0x0) at libvirt.c:5118 #3 0x0806767a in remoteDispatchNodeGetSecurityModel (server=0x811, client=0x8134080, conn=0x8133940, hdr=0x81a8388, rerr=0xb56771d8, args=0xb56771a0, ret=0xb5677144) at remote.c:1306 #4 0x08068acc in remoteDispatchClientCall (server=0x811, client=0x8134080, msg=0x8168378) at dispatch.c:506 #5 0x08068ee3 in remoteDispatchClientRequest (server=0x811, client=0x8134080, msg=0x8168378) at dispatch.c:388 #6 0x0805baba in qemudWorker (data=0x811de2c) at libvirtd.c:1528 #7 0xb7bb8585 in start_thread (arg=0xb5677b70) at pthread_create.c:300 #8 0xb7b3a29e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 if there's no primary security driver set since we only intialize the secmodel.model and secmodel.doi if we have one. Attached patch checks for primarySecurityDriver instead of securityDriver since the later is always set in qemudSecurityInit(). Cheers, -- Guido From 1d26ec760739b0ea17d1b29730dbdb5632d3565c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= a...@sigxcpu.org Date: Wed, 17 Mar 2010 21:04:11 +0100 Subject: [PATCH] Don't crash without a security driver virsh dominfo vm crashes if there's no primary security driver set since we only intialize the secmodel.model and secmodel.doi if we have one. Attached patch checks for securityPrimaryDriver instead of securityDriver since the later is always set in qemudSecurityInit(). Closes: http://bugs.debian.org/574359 --- src/qemu/qemu_driver.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 67d9ade..e26c591 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -4956,7 +4956,7 @@ static int qemudNodeGetSecurityModel(virConnectPtr conn, int ret = 0; qemuDriverLock(driver); -if (!driver-securityDriver) { +if (!driver-securityPrimaryDriver) { memset(secmodel, 0, sizeof (*secmodel)); goto cleanup; } -- 1.7.0 That looks fine to me, but I would prefer if Dan can double check :-) Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ dan...@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add --downtime option to virsh migrate command
On 03/18/2010 05:17 AM, Jiri Denemark wrote: +res = strtod(arg-data, end_p); Should we be using the gnulib strtod module here? Why? It doesn't seem to be any better than C89 strtod. Or did I miss anything? strtod is broken on a number of platforms in various ways; most of them related to parsing the new formats required by C99, but there are some other bugs even with C89 parsing as well: http://git.sv.gnu.org/cgit/gnulib.git/tree/doc/posix-functions/strtod.texi -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] * cfg.mk (sc_prohibit_gettext_noop): Fix typo
--- Phooey - I didn't notice my typo until too late. Would you mind pushing this trivial followup? cfg.mk |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/cfg.mk b/cfg.mk index 5b4d6ed..9fc2d66 100644 --- a/cfg.mk +++ b/cfg.mk @@ -107,7 +107,7 @@ sc_prohibit_gethostname: sc_prohibit_gettext_noop: @re='gettext_noop *\(' \ - msg='use _N, not gettext_noop' \ + msg='use N_, not gettext_noop' \ $(_prohibit_regexp) sc_prohibit_VIR_ERR_NO_MEMORY: -- 1.6.6.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] Add --downtime option to virsh migrate command
On Thu, Mar 18, 2010 at 08:35:18AM -0600, Eric Blake wrote: On 03/18/2010 05:17 AM, Jiri Denemark wrote: +res = strtod(arg-data, end_p); Should we be using the gnulib strtod module here? Why? It doesn't seem to be any better than C89 strtod. Or did I miss anything? strtod is broken on a number of platforms in various ways; most of them related to parsing the new formats required by C99, but there are some other bugs even with C89 parsing as well: http://git.sv.gnu.org/cgit/gnulib.git/tree/doc/posix-functions/strtod.texi Actually, virsh should be using virStrToDouble(). If there are issues with strtod(),then virStrToDouble is the place to fix them, using gnulib for it if applicable Regards Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] website: Increase text size
On 03/18/2010 07:11 AM, Daniel Veillard wrote: On Wed, Mar 17, 2010 at 03:32:54PM -0400, Cole Robinson wrote: Personally I find the text so small it is difficult to read, especially in the documentation pages where we can have a large wall of text. Here is a before and after shot of the main page on my machine (scaled down): http://fedorapeople.org/~crobinso/tmp/libvirt-web-before-after.png Hum, looking at the png, assuming you didn't scale the images, obviously you either have a problem with your set of installed fonts or your font rendering options, or your browser is doing something to reduce page screen estate. When I look at the png I find both completely unreadable, the 'after' being more or less the same size as my normal rendering, just very fuzzed ! Can you check against my current rendering enclosed which I find perfectly legible, if your normal rendring is different could you check your fonts rendering options and firefox zoom rendering option, there is something weird going on, The image was scaled down, sorry. That's not how it really looks on my comp. Just trying to give an idea of the relative change in text size. - Cole -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 3/14] Add public API
This patch adds extensions to libvirt's public API necessary for controlling the new functionality from remote for example. Signed-off-by: Stefan Berger stef...@us.ibm.com --- include/libvirt/libvirt.h.in | 63 +++ 1 file changed, 63 insertions(+) Index: libvirt-acl/include/libvirt/libvirt.h.in === --- libvirt-acl.orig/include/libvirt/libvirt.h.in +++ libvirt-acl/include/libvirt/libvirt.h.in @@ -1841,4 +1841,67 @@ int virDomainAbortJob(virDomainPtr dom); } #endif + +/** + * virNWFilter: + * + * a virNWFilter is a private structure representing a network filter + */ +typedef struct _virNWFilter virNWFilter; + +/** + * virNWFilterPtr: + * + * a virNWFilterPtr is pointer to a virNWFilter private structure, + * this is the type used to reference a network filter in the API. + */ +typedef virNWFilter *virNWFilterPtr; + + +/* + * List NWFilters + */ +int virConnectNumOfNWFilters (virConnectPtr conn); +int virConnectListNWFilters (virConnectPtr conn, + char **const names, + int maxnames); + +/* + * Lookup nwfilter by name or uuid + */ +virNWFilterPtr virNWFilterLookupByName (virConnectPtr conn, + const char *name); +virNWFilterPtr virNWFilterLookupByUUID (virConnectPtr conn, + const unsigned char *uuid); +virNWFilterPtr virNWFilterLookupByUUIDString (virConnectPtr conn, + const char *uuid); + +/* + * Define persistent nwfilter + */ +virNWFilterPtr virNWFilterDefineXML(virConnectPtr conn, + const char *xmlDesc); + +/* + * Delete persistent nwfilter + */ +int virNWFilterUndefine (virNWFilterPtr nwfilter); + +/* + * NWFilter destroy/free + */ +int virNWFilterRef (virNWFilterPtr nwfilter); +int virNWFilterFree (virNWFilterPtr nwfilter); + +/* + * NWFilter information + */ +const char* virNWFilterGetName (virNWFilterPtr nwfilter); +int virNWFilterGetUUID (virNWFilterPtr nwfilter, + unsigned char *uuid); +int virNWFilterGetUUIDString (virNWFilterPtr nwfilter, + char *buf); +char * virNWFilterGetXMLDesc(virNWFilterPtr nwfilter, + int flags); + #endif /* __VIR_VIRLIB_H__ */ -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 1/14] Adding recursive locks
This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. --- src/util/threads-pthread.c | 13 + src/util/threads-win32.c |5 + src/util/threads.h |1 + 3 files changed, 19 insertions(+) Index: libvirt-acl/src/util/threads-pthread.c === --- libvirt-acl.orig/src/util/threads-pthread.c +++ libvirt-acl/src/util/threads-pthread.c @@ -43,6 +43,19 @@ int virMutexInit(virMutexPtr m) return 0; } +int virMutexInitRecursive(virMutexPtr m) +{ +int ret; +pthread_mutexattr_t attr; +pthread_mutexattr_init(attr); +pthread_mutexattr_settype(attr, PTHREAD_MUTEX_RECURSIVE); +if ((ret = pthread_mutex_init(m-lock, attr)) != 0) { +errno = ret; +return -1; +} +return 0; +} + void virMutexDestroy(virMutexPtr m) { pthread_mutex_destroy(m-lock); Index: libvirt-acl/src/util/threads.h === --- libvirt-acl.orig/src/util/threads.h +++ libvirt-acl/src/util/threads.h @@ -38,6 +38,7 @@ int virThreadInitialize(void) ATTRIBUTE_ void virThreadOnExit(void); int virMutexInit(virMutexPtr m) ATTRIBUTE_RETURN_CHECK; +int virMutexInitRecursive(virMutexPtr m) ATTRIBUTE_RETURN_CHECK; void virMutexDestroy(virMutexPtr m); void virMutexLock(virMutexPtr m); Index: libvirt-acl/src/util/threads-win32.c === --- libvirt-acl.orig/src/util/threads-win32.c +++ libvirt-acl/src/util/threads-win32.c @@ -76,6 +76,11 @@ int virMutexInit(virMutexPtr m) return 0; } +int virMutexInitRecursive(virMutexPtr m) +{ +return virMutexInit(m); +} + void virMutexDestroy(virMutexPtr m) { CloseHandle(m-lock); -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 6/14] Definition of the wire format
This patch adds the definition of the wire format for RPC calls for the new network filtering (ACL) functionality added to libvirt. Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/remote/remote_protocol.x | 72 ++- 1 file changed, 71 insertions(+), 1 deletion(-) Index: libvirt-acl/src/remote/remote_protocol.x === --- libvirt-acl.orig/src/remote/remote_protocol.x +++ libvirt-acl/src/remote/remote_protocol.x @@ -103,6 +103,9 @@ const REMOTE_NODE_DEVICE_NAME_LIST_MAX = /* Upper limit on lists of node device capabilities. */ const REMOTE_NODE_DEVICE_CAPS_LIST_MAX = 16384; +/* Upper limit on lists of network filter names. */ +const REMOTE_NWFILTER_NAME_LIST_MAX = 1024; + /* Upper limit on list of scheduler parameters. */ const REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX = 16; @@ -176,6 +179,12 @@ struct remote_nonnull_network { remote_uuid uuid; }; +/* A network filter which may not be NULL. */ +struct remote_nonnull_nwfilter { +remote_nonnull_string name; +remote_uuid uuid; +}; + /* An interface which may not be NULL. */ struct remote_nonnull_interface { remote_nonnull_string name; @@ -210,6 +219,7 @@ struct remote_nonnull_secret { /* A domain or network which may be NULL. */ typedef remote_nonnull_domain *remote_domain; typedef remote_nonnull_network *remote_network; +typedef remote_nonnull_nwfilter *remote_nwfilter; typedef remote_nonnull_storage_pool *remote_storage_pool; typedef remote_nonnull_storage_vol *remote_storage_vol; typedef remote_nonnull_node_device *remote_node_device; @@ -234,6 +244,7 @@ struct remote_error { int int1; int int2; remote_network net; +remote_nwfilter nwfilter; }; /* Authentication types available thus far */ @@ -843,6 +854,57 @@ struct remote_network_set_autostart_args int autostart; }; +/* network filter calls */ + +struct remote_num_of_nwfilters_ret { +int num; +}; + +struct remote_list_nwfilters_args { +int maxnames; +}; + +struct remote_list_nwfilters_ret { +remote_nonnull_string namesREMOTE_NWFILTER_NAME_LIST_MAX; +}; + +struct remote_nwfilter_lookup_by_uuid_args { +remote_uuid uuid; +}; + +struct remote_nwfilter_lookup_by_uuid_ret { +remote_nonnull_nwfilter nwfilter; +}; + +struct remote_nwfilter_lookup_by_name_args { +remote_nonnull_string name; +}; + +struct remote_nwfilter_lookup_by_name_ret { +remote_nonnull_nwfilter nwfilter; +}; + +struct remote_nwfilter_define_xml_args { +remote_nonnull_string xml; +}; + +struct remote_nwfilter_define_xml_ret { +remote_nonnull_nwfilter nwfilter; +}; + +struct remote_nwfilter_undefine_args { +remote_nonnull_nwfilter nwfilter; +}; + +struct remote_nwfilter_get_xml_desc_args { +remote_nonnull_nwfilter nwfilter; +int flags; +}; + +struct remote_nwfilter_get_xml_desc_ret { +remote_nonnull_string xml; +}; + /* Interface calls: */ @@ -1703,7 +1765,15 @@ enum remote_procedure { REMOTE_PROC_DOMAIN_DETACH_DEVICE_FLAGS = 161, REMOTE_PROC_CPU_BASELINE = 162, REMOTE_PROC_DOMAIN_GET_JOB_INFO = 163, -REMOTE_PROC_DOMAIN_ABORT_JOB = 164 +REMOTE_PROC_DOMAIN_ABORT_JOB = 164, + +REMOTE_PROC_NWFILTER_LOOKUP_BY_NAME = 165, +REMOTE_PROC_NWFILTER_LOOKUP_BY_UUID = 166, +REMOTE_PROC_NWFILTER_GET_XML_DESC = 167, +REMOTE_PROC_NUM_OF_NWFILTERS = 168, +REMOTE_PROC_LIST_NWFILTERS = 169, +REMOTE_PROC_NWFILTER_DEFINE_XML = 170, +REMOTE_PROC_NWFILTER_UNDEFINE = 171 /* * Notice how the entries are grouped in sets of 10 ? -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 4/14] Add internal API
This patch adds the internal API extensions for network filtering (ACL) support. Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/driver.h | 53 + 1 file changed, 53 insertions(+) Index: libvirt-acl/src/driver.h === --- libvirt-acl.orig/src/driver.h +++ libvirt-acl/src/driver.h @@ -983,6 +983,58 @@ struct _virStreamDriver { }; +typedef int +(*virDrvConnectNumOfNWFilters)(virConnectPtr conn); +typedef int +(*virDrvConnectListNWFilters) (virConnectPtr conn, + char **const names, + int maxnames); +typedef virNWFilterPtr +(*virDrvNWFilterLookupByName) (virConnectPtr conn, + const char *name); +typedef virNWFilterPtr +(*virDrvNWFilterLookupByUUID) (virConnectPtr conn, + const unsigned char *uuid); +typedef virNWFilterPtr +(*virDrvNWFilterDefineXML)(virConnectPtr conn, + const char *xmlDesc, + unsigned int flags); +typedef int +(*virDrvNWFilterUndefine) (virNWFilterPtr pool); + +typedef char * +(*virDrvNWFilterGetXMLDesc) (virNWFilterPtr pool, + unsigned int flags); + + +typedef struct _virNWFilterDriver virNWFilterDriver; +typedef virNWFilterDriver *virNWFilterDriverPtr; + +/** + * _virNWFilterDriver: + * + * Structure associated to a network filter driver, defining the various + * entry points for it. + * + * All drivers must support the following fields/methods: + * - open + * - close + */ +struct _virNWFilterDriver { +const char * name;/* the name of the driver */ +virDrvOpenopen; +virDrvClose close; + +virDrvConnectNumOfNWFilters numOfNWFilters; +virDrvConnectListNWFilters listNWFilters; +virDrvNWFilterLookupByName nwfilterLookupByName; +virDrvNWFilterLookupByUUID nwfilterLookupByUUID; +virDrvNWFilterDefineXML defineXML; +virDrvNWFilterUndefine undefine; +virDrvNWFilterGetXMLDesc getXMLDesc; +}; + + /* * Registration * TODO: also need ways to (des)activate a given driver @@ -994,6 +1046,7 @@ int virRegisterInterfaceDriver(virInterf int virRegisterStorageDriver(virStorageDriverPtr); int virRegisterDeviceMonitor(virDeviceMonitorPtr); int virRegisterSecretDriver(virSecretDriverPtr); +int virRegisterNWFilterDriver(virNWFilterDriverPtr); # ifdef WITH_LIBVIRTD int virRegisterStateDriver(virStateDriverPtr); # endif -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 0/14 [RFC] Network filtering (ACL) extensions for libvirt
Hi! This is a repost of this set of patches with some of the fixes recommended by Daniel Berrange applied and ipv6 support on the ebtables layer added. The following set of patches add network filtering (ACL) extensions to libvirt and enable network traffic filtering for VMs using ebtables and, depending on the networking technology being used (tap, but not macvtap), also iptables. Usage of either is optional and controlled through filters that a VM is referencing. The ebtables-level filtering is based on the XML derived from the CIM network slide 10 (filtering) from the DMTF website (http://www.dmtf.org/standards/cim/cim_schema_v2230/CIM_Network.pdf). The XML we derived from this was discussed on the list before. On the ebtables level we currently handle filtering of IPv4 and ARP traffic. The iptables-level filtering is based on similar XML where XML nodes described the particular protocol to filter for. Its extensions enable the filtering of traffic using iptables for tcp, udp, icmp, igmp, sctp and 'all' types of traffic. This list of protocols maps to the features supported by iptables and only excludes protocols like 'esp', 'ah' and 'udplite'. Currently only bridging mode is supported and based on availability of the physdev match. The filtering framework adds new libvirt virsh commands for managing the filters. The 5 new commands are: - virsh nwfilter-list - virsh nwfilter-dumpxml name of filter - virsh nwfilter-define name of file containing filter desc. - virsh nwfilter-undefine name of filter - virsh nwfilter-edit name of filter Above commands are similar to commands for already existing pools and as such much of the code directly related to the above commands could be borrowed from other drivers. The network filters can either contain rules using the above mentioned XML or contain references to other filters in order to build more complex filters that form some sort of filter tree or can contain both. An example for a filter referencing other filters would be this one here: filter name='demofilter4' chain='root' uuid66f62d1d-34c1-1421-824f-c62d5ee5e8b6/uuid filterref filter='no-mac-spoofing'/ filterref filter='no-mac-broadcast'/ filterref filter='no-arp-spoofing'/ filterref filter='allow-dhcp' parameter name='DHCPSERVER' value='10.0.0.1'/ /filterref filterref filter='no-other-l2-traffic'/ filterref filter='recv-only-vm-ipaddress'/ filterref filter='recv-only-vm-macaddress'/ filterref filter='l3-test'/ filterref filter='ipv6test'/ /filter A filter containing actual rules would look like this: filter name='no-mac-broadcast' chain='ipv4' uuidffe2ccd6-edec-7360-1852-6b5ccb553234/uuid rule action='drop' direction='out' priority='500' mac dstmacaddr='ff:ff:ff:ff:ff:ff'/ /rule /filter The filter XML now also holds a priority attribute in the rule. This provides control over the ordering of the applied ebtables/iptables rules beyond their appearance in the XML. The domain XML has been extended to reference a top level filter from within each interface XML node. A valid reference to such a top level filter looks like this: interface type='bridge' source bridge='static'/ filterref filter='demofilter4' parameter name='IP' value='9.59.241.151'/ /filterref /interface In this XML a parameter IP is passed for instantiation of the referenced filters, that may require the availability of this parameter. In the above case the IP parameter's value describes the value of the IP address of the VM and allows to enable those filters to be instantiated that require this 'IP' variable. If a filter requires a parameter that is not provided, the VM will not start or the interface will not attach to a running VM. Any names of parameters can be provided for instantiation of filters and their names and values only need to pass a regular expression test. In a subsequent patch we will be adding capability to allow users to omit the IP parameter (only) and enable libvirt to learn the IP address of the VM and have it instantiate the filter once it knows it. While virtual machines are running, it is possible to update their filters. For that all running VMs' filter 'trees' are traversed to detect whether the updated filter is referenced by the VM. If so, its ebtables/iptable rules are applied. If one of the VMs' update fails allupdates are rolled back and the filter XML update is rejected. One comment about the instantiation of the rules: Since the XML allows to create nearly any possible combination of parameters to ebtables or iptables commands, I haven't used the ebtables or iptables wrappers. Instead, I am writing ebtables/iptables command into a buffer, add command line options to each one of them as described in the rule's XML, write the buffer into a file and run it as a script. For those commands that are not allowed to fail I am using the following format to run them: cmd=ebtables some options r=`${cmd}` if [ $? -ne 0 ]; then echo Failure in
[libvirt] [PATCH 2/14] Add build support
This patch adds build support for the network filtering framework. Signed-off-by: Stefan Berger stef...@us.ibm.com --- configure.ac |9 + daemon/Makefile.am |4 src/Makefile.am | 32 src/libvirt_private.syms | 39 +++ src/libvirt_public.syms | 19 +++ 5 files changed, 103 insertions(+) Index: libvirt-acl/src/Makefile.am === --- libvirt-acl.orig/src/Makefile.am +++ libvirt-acl/src/Makefile.am @@ -98,6 +98,14 @@ DOMAIN_EVENT_SOURCES = \ NETWORK_CONF_SOURCES = \ conf/network_conf.c conf/network_conf.h +# Network filter driver generic impl APIs +NWFILTER_PARAM_CONF_SOURCES = \ + conf/nwfilter_params.c conf/nwfilter_conf.h + +NWFILTER_CONF_SOURCES = \ + $(NWFILTER_PARAM_CONF_SOURCES) \ + conf/nwfilter_conf.c conf/nwfilter_conf.h + # Storage driver generic impl APIs STORAGE_CONF_SOURCES = \ conf/storage_conf.h conf/storage_conf.c @@ -124,6 +132,7 @@ CONF_SOURCES = \ $(DOMAIN_CONF_SOURCES)\ $(DOMAIN_EVENT_SOURCES)\ $(NETWORK_CONF_SOURCES)\ + $(NWFILTER_CONF_SOURCES) \ $(NODE_DEVICE_CONF_SOURCES) \ $(STORAGE_CONF_SOURCES)\ $(ENCRYPTION_CONF_SOURCES) \ @@ -273,6 +282,11 @@ STORAGE_DRIVER_DISK_SOURCES = \ STORAGE_HELPER_DISK_SOURCES = \ storage/parthelper.c +# Network filters +NWFILTER_DRIVER_SOURCES = \ + nwfilter/nwfilter_driver.h nwfilter/nwfilter_driver.c \ + nwfilter/nwfilter_gentech_driver.c \ + nwfilter/nwfilter_ebiptables_driver.c # Security framework and drivers for various models SECURITY_DRIVER_SOURCES = \ @@ -716,6 +730,22 @@ endif endif +if WITH_NWFILTER +if WITH_DRIVER_MODULES +mod_LTLIBRARIES += libvirt_driver_nwfilter.la +else +libvirt_la_LIBADD += libvirt_driver_nwfilter.la +noinst_LTLIBRARIES += libvirt_driver_nwfilter.la +endif +libvirt_driver_nwfilter_la_CFLAGS = \ + -...@top_srcdir@/src/conf +if WITH_DRIVER_MODULES +libvirt_driver_nwfilter_la_LDFLAGS = -module -avoid-version ../gnulib/lib/libgnu.la +endif +libvirt_driver_nwfilter_la_SOURCES = $(NWFILTER_DRIVER_SOURCES) +endif + + libvirt_driver_security_la_SOURCES = $(SECURITY_DRIVER_SOURCES) noinst_LTLIBRARIES += libvirt_driver_security.la libvirt_la_LIBADD += libvirt_driver_security.la @@ -759,6 +789,7 @@ EXTRA_DIST += \ $(NODE_DEVICE_DRIVER_SOURCES) \ $(NODE_DEVICE_DRIVER_HAL_SOURCES) \ $(NODE_DEVICE_DRIVER_UDEV_SOURCES) \ + $(NWFILTER_DRIVER_SOURCES) \ $(SECURITY_DRIVER_SELINUX_SOURCES) \ $(SECURITY_DRIVER_APPARMOR_SOURCES) \ $(SECRET_DRIVER_SOURCES) \ @@ -893,6 +924,7 @@ libvirt_lxc_SOURCES = \ $(NODE_INFO_SOURCES)\ $(ENCRYPTION_CONF_SOURCES) \ $(DOMAIN_CONF_SOURCES)\ + $(NWFILTER_PARAM_CONF_SOURCES) \ $(CPU_CONF_SOURCES) libvirt_lxc_LDFLAGS = $(WARN_CFLAGS) $(COVERAGE_LDCFLAGS) $(CAPNG_LIBS) $(YAJL_LIBS) libvirt_lxc_LDADD = $(LIBXML_LIBS) $(NUMACTL_LIBS) ../gnulib/lib/libgnu.la Index: libvirt-acl/src/libvirt_private.syms === --- libvirt-acl.orig/src/libvirt_private.syms +++ libvirt-acl/src/libvirt_private.syms @@ -105,6 +105,8 @@ virUnrefConnect; virUnrefSecret; virGetStream; virUnrefStream; +virGetNWFilter; +virUnrefNWFiler; # domain_conf.h @@ -303,6 +305,7 @@ virRegisterStateDriver; virRegisterStorageDriver; virRegisterDeviceMonitor; virRegisterSecretDriver; +virRegisterNWFilterDriver; # json.h @@ -438,6 +441,42 @@ virNodeDeviceGetWWNs; virNodeDeviceGetParentHost; +# nwfilter_conf.h +virNWFilterPoolLoadAllConfigs; +virNWFilterPoolObjAssignDef; +virNWFilterPoolObjSaveDef; +virNWFilterPoolObjFindByName; +virNWFilterPoolObjFindByUUID; +virNWFilterPoolObjLock; +virNWFilterPoolObjUnlock; +virNWFilterPoolObjRemove; +virNWFilterDefFree; +virNWFilterDefParseString; +virNWFilterPoolObjDeleteDef; +virNWFilterPoolObjListFree; +virNWFilterDefFormat; +virNWFilterChainSuffixTypeToString; +virNWFilterRuleActionTypeToString; +virNWFilterJumpTargetTypeToString; +virNWFilterRegisterCallbackDriver; +virNWFilterTestUnassignDef; +virNWFilterConfLayerInit; +virNWFilterConfLayerShutdown; + + +#nwfilter_params.h +virNWFilterHashTableCreate; +virNWFilterHashTableFree; +virNWFilterHashTablePut; +virNWFilterHashTablePutAll; +virNWFilterHashTableRemoveEntry; + + +# nwfilter_gentech_driver.h +virNWFilterInstantiateFilter; +virNWFilterTeardownFilter; + + # pci.h pciGetDevice; pciFreeDevice; Index: libvirt-acl/daemon/Makefile.am === --- libvirt-acl.orig/daemon/Makefile.am +++ libvirt-acl/daemon/Makefile.am @@ -116,6 +116,10 @@ endif if WITH_SECRETS libvirtd_LDADD += ../src/libvirt_driver_secret.la
[libvirt] [PATCH 5/14] Implementation of the public API
This patch adds the implementation of the public API for the network filtering (ACL) extensions to libvirt.c . Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/libvirt.c | 586 ++ 1 file changed, 586 insertions(+) Index: libvirt-acl/src/libvirt.c === --- libvirt-acl.orig/src/libvirt.c +++ libvirt-acl/src/libvirt.c @@ -91,6 +91,8 @@ static virDeviceMonitorPtr virDeviceMoni static int virDeviceMonitorTabCount = 0; static virSecretDriverPtr virSecretDriverTab[MAX_DRIVERS]; static int virSecretDriverTabCount = 0; +static virNWFilterDriverPtr virNWFilterDriverTab[MAX_DRIVERS]; +static int virNWFilterDriverTabCount = 0; #ifdef WITH_LIBVIRTD static virStateDriverPtr virStateDriverTab[MAX_DRIVERS]; static int virStateDriverTabCount = 0; @@ -655,6 +657,32 @@ virLibSecretError(virSecretPtr secret, v } /** + * virLibNWFilterError: + * @conn: the connection if available + * @error: the error number + * @info: extra information string + * + * Handle an error at the connection level + */ +static void +virLibNWFilterError(virNWFilterPtr pool, virErrorNumber error, +const char *info) +{ +virConnectPtr conn = NULL; +const char *errmsg; + +if (error == VIR_ERR_OK) +return; + +errmsg = virErrorMsg(error, info); +if (error != VIR_ERR_INVALID_NWFILTER) +conn = pool-conn; + +virRaiseError(conn, NULL, NULL, VIR_FROM_NWFILTER, error, VIR_ERR_ERROR, + errmsg, info, NULL, 0, 0, errmsg, info); +} + +/** * virRegisterNetworkDriver: * @driver: pointer to a network driver block * @@ -810,6 +838,38 @@ virRegisterSecretDriver(virSecretDriverP } /** + * virRegisterNWFilterDriver: + * @driver: pointer to a network filter driver block + * + * Register a network filter virtualization driver + * + * Returns the driver priority or -1 in case of error. + */ +int +virRegisterNWFilterDriver(virNWFilterDriverPtr driver) +{ +if (virInitialize() 0) + return -1; + +if (driver == NULL) { +virLibConnError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__); +return(-1); +} + +if (virNWFilterDriverTabCount = MAX_DRIVERS) { +virLibConnError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__); +return(-1); +} + +DEBUG (registering %s as network filter driver %d, + driver-name, virNWFilterDriverTabCount); + +virNWFilterDriverTab[virNWFilterDriverTabCount] = driver; +return virNWFilterDriverTabCount++; +} + + +/** * virRegisterDriver: * @driver: pointer to a driver block * @@ -1253,6 +1313,26 @@ do_open (const char *name, } } +/* Network filter driver. Optional */ +for (i = 0; i virNWFilterDriverTabCount; i++) { +res = virNWFilterDriverTab[i]-open (ret, auth, flags); +DEBUG(nwfilter driver %d %s returned %s, + i, virNWFilterDriverTab[i]-name, + res == VIR_DRV_OPEN_SUCCESS ? SUCCESS : + (res == VIR_DRV_OPEN_DECLINED ? DECLINED : + (res == VIR_DRV_OPEN_ERROR ? ERROR : unknown status))); +if (res == VIR_DRV_OPEN_ERROR) { +if (STREQ(virNWFilterDriverTab[i]-name, remote)) { +virLibConnWarning (NULL, VIR_WAR_NO_NWFILTER, + Is the daemon running ?); +} +break; + } else if (res == VIR_DRV_OPEN_SUCCESS) { +ret-nwfilterDriver = virNWFilterDriverTab[i]; +break; +} +} + return ret; failed: @@ -10964,6 +11044,512 @@ error: } + +/** + * virConnectNumOfNWFilters: + * @conn: pointer to the hypervisor connection + * + * Provides the number of nwfilters. + * + * Returns the number of nwfilters found or -1 in case of error + */ +int +virConnectNumOfNWFilters(virConnectPtr conn) +{ +DEBUG(conn=%p, conn); + +virResetLastError(); + +if (!VIR_IS_CONNECT(conn)) { +virLibConnError(NULL, VIR_ERR_INVALID_CONN, __FUNCTION__); +virDispatchError(NULL); +return (-1); +} + +if (conn-nwfilterDriver conn-nwfilterDriver-numOfNWFilters) { +int ret; +ret = conn-nwfilterDriver-numOfNWFilters (conn); +if (ret 0) +goto error; +return ret; +} + +virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__); + +error: +virDispatchError(conn); +return -1; +} + + +/** + * virConnectListNWFilters: + * @conn: pointer to the hypervisor connection + * @names: array to collect the list of names of network filters + * @maxnames: size of @names + * + * Collect the list of network filters, and store their names in @names + * + * Returns the number of network filters found or -1 in case of error + */ +int +virConnectListNWFilters(virConnectPtr conn, char **const names, int maxnames) +{ +DEBUG(conn=%p, names=%p, maxnames=%d, conn, names, maxnames); + +virResetLastError();
[libvirt] [PATCH 7/14] Implementation of the RPC client
This patch extends the RPC client for the new network filtering (ACL) functionality. Signed-off-by: Stefan Berger stef...@us.ibm.com --- daemon/remote.c | 194 1 file changed, 194 insertions(+) Index: libvirt-acl/daemon/remote.c === --- libvirt-acl.orig/daemon/remote.c +++ libvirt-acl/daemon/remote.c @@ -66,6 +66,7 @@ static virInterfacePtr get_nonnull_inter static virStoragePoolPtr get_nonnull_storage_pool (virConnectPtr conn, remote_nonnull_storage_pool pool); static virStorageVolPtr get_nonnull_storage_vol (virConnectPtr conn, remote_nonnull_storage_vol vol); static virSecretPtr get_nonnull_secret (virConnectPtr conn, remote_nonnull_secret secret); +static virNWFilterPtr get_nonnull_nwfilter (virConnectPtr conn, remote_nonnull_nwfilter nwfilter); static void make_nonnull_domain (remote_nonnull_domain *dom_dst, virDomainPtr dom_src); static void make_nonnull_network (remote_nonnull_network *net_dst, virNetworkPtr net_src); static void make_nonnull_interface (remote_nonnull_interface *interface_dst, virInterfacePtr interface_src); @@ -73,6 +74,7 @@ static void make_nonnull_storage_pool (r static void make_nonnull_storage_vol (remote_nonnull_storage_vol *vol_dst, virStorageVolPtr vol_src); static void make_nonnull_node_device (remote_nonnull_node_device *dev_dst, virNodeDevicePtr dev_src); static void make_nonnull_secret (remote_nonnull_secret *secret_dst, virSecretPtr secret_src); +static void make_nonnull_nwfilter (remote_nonnull_nwfilter *net_dst, virNWFilterPtr nwfilter_src); #include remote_dispatch_prototypes.h @@ -5463,6 +5465,185 @@ remoteDispatchDomainAbortJob (struct qem } + +static int +remoteDispatchNwfilterLookupByName (struct qemud_server *server ATTRIBUTE_UNUSED, +struct qemud_client *client ATTRIBUTE_UNUSED, +virConnectPtr conn, +remote_message_header *hdr ATTRIBUTE_UNUSED, +remote_error *rerr, +remote_nwfilter_lookup_by_name_args *args, +remote_nwfilter_lookup_by_name_ret *ret) +{ +virNWFilterPtr nwfilter; + +nwfilter = virNWFilterLookupByName (conn, args-name); +if (nwfilter == NULL) { +remoteDispatchConnError(rerr, conn); +return -1; +} + +make_nonnull_nwfilter (ret-nwfilter, nwfilter); +virNWFilterFree(nwfilter); +return 0; +} + +static int +remoteDispatchNwfilterLookupByUuid (struct qemud_server *server ATTRIBUTE_UNUSED, +struct qemud_client *client ATTRIBUTE_UNUSED, +virConnectPtr conn, +remote_message_header *hdr ATTRIBUTE_UNUSED, +remote_error *rerr, +remote_nwfilter_lookup_by_uuid_args *args, +remote_nwfilter_lookup_by_uuid_ret *ret) +{ +virNWFilterPtr nwfilter; + +nwfilter = virNWFilterLookupByUUID (conn, (unsigned char *) args-uuid); +if (nwfilter == NULL) { +remoteDispatchConnError(rerr, conn); +return -1; +} + +make_nonnull_nwfilter (ret-nwfilter, nwfilter); +virNWFilterFree(nwfilter); +return 0; +} + + +static int +remoteDispatchNwfilterDefineXml (struct qemud_server *server ATTRIBUTE_UNUSED, + struct qemud_client *client ATTRIBUTE_UNUSED, + virConnectPtr conn, + remote_message_header *hdr ATTRIBUTE_UNUSED, + remote_error *rerr, + remote_nwfilter_define_xml_args *args, + remote_nwfilter_define_xml_ret *ret) +{ +virNWFilterPtr nwfilter; + +nwfilter = virNWFilterDefineXML (conn, args-xml); +if (nwfilter == NULL) { +remoteDispatchConnError(rerr, conn); +return -1; +} + +make_nonnull_nwfilter (ret-nwfilter, nwfilter); +virNWFilterFree(nwfilter); +return 0; +} + + +static int +remoteDispatchNwfilterUndefine (struct qemud_server *server ATTRIBUTE_UNUSED, +struct qemud_client *client ATTRIBUTE_UNUSED, +virConnectPtr conn, +remote_message_header *hdr ATTRIBUTE_UNUSED, +remote_error *rerr, +remote_nwfilter_undefine_args *args, +void *ret ATTRIBUTE_UNUSED) +{ +virNWFilterPtr nwfilter; + +nwfilter = get_nonnull_nwfilter (conn, args-nwfilter); +if (nwfilter == NULL) { +remoteDispatchConnError(rerr, conn); +return -1; +} + +if (virNWFilterUndefine (nwfilter) == -1) { +
[libvirt] [PATCH 9/14] Add virsh support for new CLI commands
This patch adds virsh support for the five new CLI commands to manage network filters. Signed-off-by: Stefan Berger stef...@us.ibm.com --- tools/virsh.c | 349 ++ 1 file changed, 349 insertions(+) Index: libvirt-acl/tools/virsh.c === --- libvirt-acl.orig/tools/virsh.c +++ libvirt-acl/tools/virsh.c @@ -252,6 +252,14 @@ static virNetworkPtr vshCommandOptNetwor vshCommandOptNetworkBy(_ctl, _cmd, _name, \ VSH_BYUUID|VSH_BYNAME) +static virNWFilterPtr vshCommandOptNWFilterBy(vshControl *ctl, const vshCmd *cmd, + char **name, int flag); + +/* default is lookup by Name and UUID */ +#define vshCommandOptNWFilter(_ctl, _cmd, _name)\ +vshCommandOptNWFilterBy(_ctl, _cmd, _name, \ +VSH_BYUUID|VSH_BYNAME) + static virInterfacePtr vshCommandOptInterfaceBy(vshControl *ctl, const vshCmd *cmd, char **name, int flag); @@ -3803,6 +3811,300 @@ cmdInterfaceDestroy(vshControl *ctl, con return ret; } + +/* + * nwfilter-define command + */ +static const vshCmdInfo info_nwfilter_define[] = { +{help, N_(define or update a network filter from an XML file)}, +{desc, N_(Define a new network filter or update an existing one.)}, +{NULL, NULL} +}; + +static const vshCmdOptDef opts_nwfilter_define[] = { +{file, VSH_OT_DATA, VSH_OFLAG_REQ, N_(file containing an XML network filter description)}, +{NULL, 0, 0, NULL} +}; + +static int +cmdNWFilterDefine(vshControl *ctl, const vshCmd *cmd) +{ +virNWFilterPtr nwfilter; +char *from; +int found; +int ret = TRUE; +char *buffer; + +if (!vshConnectionUsability(ctl, ctl-conn, TRUE)) +return FALSE; + +from = vshCommandOptString(cmd, file, found); +if (!found) +return FALSE; + +if (virFileReadAll(from, VIRSH_MAX_XML_FILE, buffer) 0) +return FALSE; + +nwfilter = virNWFilterDefineXML(ctl-conn, buffer); +VIR_FREE(buffer); + +if (nwfilter != NULL) { +vshPrint(ctl, _(Network filter %s defined from %s\n), + virNWFilterGetName(nwfilter), from); +virNWFilterFree(nwfilter); +} else { +vshError(ctl, _(Failed to define network filter from %s), from); +ret = FALSE; +} +return ret; +} + + +/* + * nwfilter-undefine command + */ +static const vshCmdInfo info_nwfilter_undefine[] = { +{help, N_(undefine a network filter)}, +{desc, N_(Undefine a given network filter.)}, +{NULL, NULL} +}; + +static const vshCmdOptDef opts_nwfilter_undefine[] = { +{nwfilter, VSH_OT_DATA, VSH_OFLAG_REQ, N_(network filter name or uuid)}, +{NULL, 0, 0, NULL} +}; + +static int +cmdNWFilterUndefine(vshControl *ctl, const vshCmd *cmd) +{ +virNWFilterPtr nwfilter; +int ret = TRUE; +char *name; + +if (!vshConnectionUsability(ctl, ctl-conn, TRUE)) +return FALSE; + +if (!(nwfilter = vshCommandOptNWFilter(ctl, cmd, name))) +return FALSE; + +if (virNWFilterUndefine(nwfilter) == 0) { +vshPrint(ctl, _(Network filter %s undefined\n), name); +} else { +vshError(ctl, _(Failed to undefine network filter %s), name); +ret = FALSE; +} + +virNWFilterFree(nwfilter); +return ret; +} + + +/* + * nwfilter-dumpxml command + */ +static const vshCmdInfo info_nwfilter_dumpxml[] = { +{help, N_(network filter information in XML)}, +{desc, N_(Output the network filter information as an XML dump to stdout.)}, +{NULL, NULL} +}; + +static const vshCmdOptDef opts_nwfilter_dumpxml[] = { +{nwfilter, VSH_OT_DATA, VSH_OFLAG_REQ, N_(network filter name or uuid)}, +{NULL, 0, 0, NULL} +}; + +static int +cmdNWFilterDumpXML(vshControl *ctl, const vshCmd *cmd) +{ +virNWFilterPtr nwfilter; +int ret = TRUE; +char *dump; + +if (!vshConnectionUsability(ctl, ctl-conn, TRUE)) +return FALSE; + +if (!(nwfilter = vshCommandOptNWFilter(ctl, cmd, NULL))) +return FALSE; + +dump = virNWFilterGetXMLDesc(nwfilter, 0); +if (dump != NULL) { +printf(%s, dump); +VIR_FREE(dump); +} else { +ret = FALSE; +} + +virNWFilterFree(nwfilter); +return ret; +} + +/* + * nwfilter-list command + */ +static const vshCmdInfo info_nwfilter_list[] = { +{help, N_(list network filters)}, +{desc, N_(Returns list of network filters.)}, +{NULL, NULL} +}; + +static const vshCmdOptDef opts_nwfilter_list[] = { +{NULL, 0, 0, NULL} +}; + +static int +cmdNWFilterList(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED) +{ +int numfilters, i; +char **names; +unsigned char uuid[VIR_UUID_STRING_BUFLEN]; + +if (!vshConnectionUsability(ctl, ctl-conn, TRUE)) +return FALSE; + +
[libvirt] [PATCH 8/14] Implementation of the RPC call dispatch
This patch extends the RPC dispatcher to support the newly added RPC calls for network filtering (ACL) support. Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/remote/remote_driver.c | 311 + 1 file changed, 311 insertions(+) Index: libvirt-acl/src/remote/remote_driver.c === --- libvirt-acl.orig/src/remote/remote_driver.c +++ libvirt-acl/src/remote/remote_driver.c @@ -248,6 +248,7 @@ static int remoteAuthPolkit (virConnectP static virDomainPtr get_nonnull_domain (virConnectPtr conn, remote_nonnull_domain domain); static virNetworkPtr get_nonnull_network (virConnectPtr conn, remote_nonnull_network network); +static virNWFilterPtr get_nonnull_nwfilter (virConnectPtr conn, remote_nonnull_nwfilter nwfilter); static virInterfacePtr get_nonnull_interface (virConnectPtr conn, remote_nonnull_interface iface); static virStoragePoolPtr get_nonnull_storage_pool (virConnectPtr conn, remote_nonnull_storage_pool pool); static virStorageVolPtr get_nonnull_storage_vol (virConnectPtr conn, remote_nonnull_storage_vol vol); @@ -259,6 +260,7 @@ static void make_nonnull_interface (remo static void make_nonnull_storage_pool (remote_nonnull_storage_pool *pool_dst, virStoragePoolPtr vol_src); static void make_nonnull_storage_vol (remote_nonnull_storage_vol *vol_dst, virStorageVolPtr vol_src); static void make_nonnull_secret (remote_nonnull_secret *secret_dst, virSecretPtr secret_src); +static void make_nonnull_nwfilter (remote_nonnull_nwfilter *nwfilter_dst, virNWFilterPtr nwfilter_src); void remoteDomainEventFired(int watch, int fd, int event, void *data); static void remoteDomainQueueEvent(virConnectPtr conn, XDR *xdr); void remoteDomainEventQueueFlush(int timer, void *opaque); @@ -6060,6 +6062,287 @@ done: return rv; } +/* - */ + +static virDrvOpenStatus ATTRIBUTE_NONNULL (1) +remoteNWFilterOpen (virConnectPtr conn, +virConnectAuthPtr auth, +int flags) +{ +if (inside_daemon) +return VIR_DRV_OPEN_DECLINED; + +if (conn-driver +STREQ (conn-driver-name, remote)) { +struct private_data *priv; + + /* If we're here, the remote driver is already + * in use due to a) a QEMU uri, or b) a remote + * URI. So we can re-use existing connection + */ +priv = conn-privateData; +remoteDriverLock(priv); +priv-localUses++; +conn-nwfilterPrivateData = priv; +remoteDriverUnlock(priv); +return VIR_DRV_OPEN_SUCCESS; +} else { +/* Using a non-remote driver, so we need to open a + * new connection for network filtering APIs, forcing it to + * use the UNIX transport. This handles Xen driver + * which doesn't have its own impl of the network filtering APIs. + */ +struct private_data *priv; +int ret; +ret = remoteOpenSecondaryDriver(conn, +auth, +flags, +priv); +if (ret == VIR_DRV_OPEN_SUCCESS) +conn-nwfilterPrivateData = priv; +return ret; +} +} + +static int +remoteNWFilterClose (virConnectPtr conn) +{ +int rv = 0; +struct private_data *priv = conn-nwfilterPrivateData; + +remoteDriverLock(priv); +priv-localUses--; +if (!priv-localUses) { +rv = doRemoteClose(conn, priv); +conn-nwfilterPrivateData = NULL; +remoteDriverUnlock(priv); +virMutexDestroy(priv-lock); +VIR_FREE(priv); +} +if (priv) +remoteDriverUnlock(priv); +return rv; +} + + +static int +remoteNumOfNWFilters (virConnectPtr conn) +{ +int rv = -1; +remote_num_of_nwfilters_ret ret; +struct private_data *priv = conn-nwfilterPrivateData; + +remoteDriverLock(priv); + +memset (ret, 0, sizeof ret); +if (call (conn, priv, 0, REMOTE_PROC_NUM_OF_NWFILTERS, + (xdrproc_t) xdr_void, (char *) NULL, + (xdrproc_t) xdr_remote_num_of_nwfilters_ret, (char *) ret) == -1) +goto done; + +rv = ret.num; + +done: +remoteDriverUnlock(priv); +return rv; +} + + +static virNWFilterPtr +remoteNWFilterDefineXML (virConnectPtr conn, const char *xmlDesc, + unsigned int flags ATTRIBUTE_UNUSED) +{ +virNWFilterPtr net = NULL; +remote_nwfilter_define_xml_args args; +remote_nwfilter_define_xml_ret ret; +struct private_data *priv = conn-nwfilterPrivateData; + +remoteDriverLock(priv); + +args.xml = (char *) xmlDesc; + +memset (ret, 0, sizeof ret); +if (call (conn, priv, 0, REMOTE_PROC_NWFILTER_DEFINE_XML, + (xdrproc_t) xdr_remote_nwfilter_define_xml_args, (char *) args, + (xdrproc_t) xdr_remote_nwfilter_define_xml_ret, (char *) ret) ==
[libvirt] [PATCH 11/14] Add qemu support
Add support for Qemu to have firewall rules applied and removed on VM startup and shutdown respectively. This patch also provides support for the updating of a filter that causes all VMs that reference the filter to have their ebtables/iptables rules updated. Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/qemu/qemu_conf.c | 29 + src/qemu/qemu_driver.c | 27 +++ 2 files changed, 56 insertions(+) Index: libvirt-acl/src/qemu/qemu_conf.c === --- libvirt-acl.orig/src/qemu/qemu_conf.c +++ libvirt-acl/src/qemu/qemu_conf.c @@ -54,6 +54,7 @@ #include network.h #include macvtap.h #include cpu/cpu.h +#include nwfilter/nwfilter_gentech_driver.h #define VIR_FROM_THIS VIR_FROM_QEMU @@ -1468,6 +1469,17 @@ qemudPhysIfaceConnect(virConnectPtr conn net-ifname); } } + +if (rc = 0) { +if ((net-filter) (net-ifname)) { +err = virNWFilterInstantiateFilter(conn, net); +if (err) { +close(rc); +rc = -1; +delMacvtap(net-ifname); +} +} +} #else (void)conn; (void)net; @@ -1590,6 +1602,16 @@ qemudNetworkIfaceConnect(virConnectPtr c } } +if (tapfd = 0) { +if ((net-filter) (net-ifname)) { +err = virNWFilterInstantiateFilter(conn, net); +if (err) { +close(tapfd); +tapfd = -1; +} +} +} + cleanup: VIR_FREE(brname); @@ -3271,6 +3293,7 @@ int qemudBuildCommandLine(virConnectPtr char domid[50]; char *cpu; char *smp; +int last_good_net = -1; uname_normalize(ut); @@ -3906,6 +3929,7 @@ int qemudBuildCommandLine(virConnectPtr goto error; ADD_ARG(host); } +last_good_net = i; } } @@ -4366,6 +4390,11 @@ int qemudBuildCommandLine(virConnectPtr VIR_FREE((qenv)[i]); VIR_FREE(qenv); } +for (i = 0; i = last_good_net; i++) { +virDomainNetDefPtr net = def-nets[i]; +if ((net-filter) (net-ifname)) +virNWFilterTeardownFilter(net); +} return -1; #undef ADD_ARG Index: libvirt-acl/src/qemu/qemu_driver.c === --- libvirt-acl.orig/src/qemu/qemu_driver.c +++ libvirt-acl/src/qemu/qemu_driver.c @@ -83,6 +83,7 @@ #include xml.h #include cpu/cpu.h #include macvtap.h +#include nwfilter/nwfilter_gentech_driver.h #define VIR_FROM_THIS VIR_FROM_QEMU @@ -3029,6 +3030,13 @@ static void qemudShutdownVMDaemon(struct * reporting so we don't squash a legit error. */ orig_err = virSaveLastError(); +def = vm-def; +for (i = 0 ; i def-nnets ; i++) { +virDomainNetDefPtr net = def-nets[i]; +if ((net-filter) (net-ifname)) +virNWFilterTeardownFilter(net); +} + if (driver-macFilter) { def = vm-def; for (i = 0 ; i def-nnets ; i++) { @@ -7028,6 +7036,9 @@ qemudDomainDetachNetDevice(struct qemud_ } } +if ((detach-ifname) (detach-filter)) +virNWFilterTeardownFilter(detach); + if (vm-def-nnets 1) { memmove(vm-def-nets + i, vm-def-nets + i + 1, @@ -9608,8 +9619,24 @@ static virStateDriver qemuStateDriver = .active = qemudActive, }; +static int +qemudVMFilterRebuild(virConnectPtr conn, + virHashIterator iter, void *data) +{ +(void)conn; +virHashForEach(qemu_driver-domains.objs, iter, data); +return 0; +} + + +static virNWFilterCallbackDriver qemuCallbackDriver = { +.name = QEMU, +.vmFilterRebuild = qemudVMFilterRebuild, +}; + int qemuRegister(void) { virRegisterDriver(qemuDriver); virRegisterStateDriver(qemuStateDriver); +virNWFilterRegisterCallbackDriver(qemuCallbackDriver); return 0; } -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 10/14] Add XML parser extensions to the domain XML processing
This patch extends the domain XML processing to parse the top level referenced filter along with potentially provided parameters and also converts the internal data back into XML representation. Signed-off-by: Stefan Berger stef...@us.ibm.com Signed-off-by: Gerhard Stenzel gerhard.sten...@de.ibm.com --- src/conf/domain_conf.c | 39 +++ src/conf/domain_conf.h |3 +++ 2 files changed, 42 insertions(+) Index: libvirt-acl/src/conf/domain_conf.c === --- libvirt-acl.orig/src/conf/domain_conf.c +++ libvirt-acl/src/conf/domain_conf.c @@ -42,6 +42,7 @@ #include logging.h #include network.h #include macvtap.h +#include nwfilter_conf.h #define VIR_FROM_THIS VIR_FROM_DOMAIN @@ -456,6 +457,9 @@ void virDomainNetDefFree(virDomainNetDef virDomainDeviceInfoClear(def-info); +VIR_FREE(def-filter); +virNWFilterHashTableFree(def-filterparams); + VIR_FREE(def); } @@ -1724,9 +1728,11 @@ virDomainNetDefParseXML(virCapsPtr caps, char *address = NULL; char *port = NULL; char *model = NULL; +char *filter = NULL; char *internal = NULL; char *devaddr = NULL; char *mode = NULL; +virNWFilterHashTablePtr filterparams = NULL; if (VIR_ALLOC(def) 0) { virReportOOMError(); @@ -1795,6 +1801,9 @@ virDomainNetDefParseXML(virCapsPtr caps, script = virXMLPropString(cur, path); } else if (xmlStrEqual (cur-name, BAD_CAST model)) { model = virXMLPropString(cur, type); +} else if (xmlStrEqual (cur-name, BAD_CAST filterref)) { +filter = virXMLPropString(cur, filter); +filterparams = virNWFilterParseParamAttributes(cur); } else if ((flags VIR_DOMAIN_XML_INTERNAL_STATUS) xmlStrEqual(cur-name, BAD_CAST state)) { /* Legacy back-compat. Don't add any more attributes here */ @@ -1970,6 +1979,22 @@ virDomainNetDefParseXML(virCapsPtr caps, model = NULL; } +if (filter != NULL) { +switch (def-type) { +case VIR_DOMAIN_NET_TYPE_ETHERNET: +case VIR_DOMAIN_NET_TYPE_NETWORK: +case VIR_DOMAIN_NET_TYPE_BRIDGE: +case VIR_DOMAIN_NET_TYPE_DIRECT: +def-filter = filter; +filter = NULL; +def-filterparams = filterparams; +filterparams = NULL; +break; +default: +break; +} +} + cleanup: VIR_FREE(macaddr); VIR_FREE(network); @@ -1980,10 +2005,12 @@ cleanup: VIR_FREE(script); VIR_FREE(bridge); VIR_FREE(model); +VIR_FREE(filter); VIR_FREE(type); VIR_FREE(internal); VIR_FREE(devaddr); VIR_FREE(mode); +virNWFilterHashTableFree(filterparams); return def; @@ -4878,6 +4905,7 @@ virDomainNetDefFormat(virBufferPtr buf, int flags) { const char *type = virDomainNetTypeToString(def-type); +char *attrs; if (!type) { virDomainReportError(VIR_ERR_INTERNAL_ERROR, @@ -4952,6 +4980,17 @@ virDomainNetDefFormat(virBufferPtr buf, if (def-model) virBufferEscapeString(buf, model type='%s'/\n, def-model); +if (def-filter) { +virBufferEscapeString(buf, filterref filter='%s', + def-filter); +attrs = virNWFilterFormatParamAttributes(def-filterparams, + ); +if (!attrs || strlen(attrs) = 1) +virBufferAddLit(buf, /\n); +else +virBufferVSprintf(buf, \n%s /filterref\n, attrs); +VIR_FREE(attrs); +} if (virDomainDeviceInfoFormat(buf, def-info, flags) 0) return -1; Index: libvirt-acl/src/conf/domain_conf.h === --- libvirt-acl.orig/src/conf/domain_conf.h +++ libvirt-acl/src/conf/domain_conf.h @@ -36,6 +36,8 @@ # include threads.h # include hash.h # include network.h +# include nwfilter_params.h +# include nwfilter_conf.h /* Private component of virDomainXMLFlags */ typedef enum { @@ -282,6 +284,8 @@ struct _virDomainNetDef { } data; char *ifname; virDomainDeviceInfo info; +char *filter; +virNWFilterHashTablePtr filterparams; }; enum virDomainChrTargetType { -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 13/14] Add IPv6 support for ebtables layer
This patch adds IPv6 support for the ebtables layer. Since the parser etc. are all parameterized, it was fairly easy to add this... Signed-off-by: Stefan Berger stef...@us.ibm.com --- src/conf/nwfilter_conf.c | 229 +- src/conf/nwfilter_conf.h | 18 ++ src/nwfilter/nwfilter_ebiptables_driver.c | 155 3 files changed, 398 insertions(+), 4 deletions(-) Index: libvirt-acl/src/conf/nwfilter_conf.c === --- libvirt-acl.orig/src/conf/nwfilter_conf.c +++ libvirt-acl/src/conf/nwfilter_conf.c @@ -73,7 +73,8 @@ VIR_ENUM_IMPL(virNWFilterEbtablesTable, VIR_ENUM_IMPL(virNWFilterChainSuffix, VIR_NWFILTER_CHAINSUFFIX_LAST, root, arp, - ipv4); + ipv4, + ipv6); /* @@ -366,6 +367,9 @@ static const struct int_map macProtoMap[ .attr = ETHERTYPE_IP, .val = ipv4, }, { + .attr = ETHERTYPE_IPV6, + .val = ipv6, +}, { .val = NULL, } }; @@ -449,6 +453,13 @@ checkIPv4Mask(enum attrDatatype datatype return checkValidMask(maskptr, 4); } +static bool +checkIPv6Mask(enum attrDatatype datatype ATTRIBUTE_UNUSED, void *maskptr, + virNWFilterRuleDefPtr nwf ATTRIBUTE_UNUSED) +{ +return checkValidMask(maskptr, 16); +} + static bool checkMACMask(enum attrDatatype datatype ATTRIBUTE_UNUSED, @@ -765,6 +776,61 @@ static const virXMLAttr2Struct ipAttribu }; +static const virXMLAttr2Struct ipv6Attributes[] = { +COMMON_MAC_PROPS(ipv6HdrFilter), +{ +.name = SRCIPADDR, +.datatype = DATATYPE_IPV6ADDR, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.ipHdr.dataSrcIPAddr), +}, +{ +.name = DSTIPADDR, +.datatype = DATATYPE_IPV6ADDR, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.ipHdr.dataDstIPAddr), +}, +{ +.name = SRCIPMASK, +.datatype = DATATYPE_IPV6MASK, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.ipHdr.dataSrcIPMask), +}, +{ +.name = DSTIPMASK, +.datatype = DATATYPE_IPV6MASK, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.ipHdr.dataDstIPMask), +}, +{ +.name = protocol, +.datatype = DATATYPE_STRING, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.ipHdr.dataProtocolID), +.validator= checkIPProtocolID, +.formatter= formatIPProtocolID, +}, +{ +.name = SRCPORTSTART, +.datatype = DATATYPE_UINT16, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.portData.dataSrcPortStart), +}, +{ +.name = SRCPORTEND, +.datatype = DATATYPE_UINT16, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.portData.dataSrcPortEnd), +}, +{ +.name = DSTPORTSTART, +.datatype = DATATYPE_UINT16, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.portData.dataDstPortStart), +}, +{ +.name = DSTPORTEND, +.datatype = DATATYPE_UINT16, +.dataIdx = offsetof(virNWFilterRuleDef, p.ipv6HdrFilter.portData.dataDstPortEnd), +}, +{ +.name = NULL, +} +}; + + typedef struct _virAttributes virAttributes; struct _virAttributes { const char *id; @@ -787,6 +853,10 @@ static const virAttributes virAttr[] = { .att = ipAttributes, .prtclType = VIR_NWFILTER_RULE_PROTOCOL_IP, }, { +.id = ipv6, +.att = ipv6Attributes, +.prtclType = VIR_NWFILTER_RULE_PROTOCOL_IPV6, +}, { .id = NULL, } }; @@ -825,6 +895,89 @@ virNWIPv4AddressParser(const char *input } +static bool +virNWIPv6AddressParser(const char *input, + nwIPAddressPtr output) +{ +int i, j, pos; +uint16_t n; +int shiftpos = -1; +char prevchar; +char base; + +memset(output, 0x0, sizeof(*output)); + +output-isIPv6 = 1; + +pos = 0; +i = 0; + +while (i 8) { +j = 0; +n = 0; +while (1) { +prevchar = input[pos++]; +if (prevchar == ':' || prevchar == 0) { +if (j 0) { +output-addr.ipv6Addr[i * 2 + 0] = n 8; +output-addr.ipv6Addr[i * 2 + 1] = n; +i++; +} +break; +} + +if (j = 4) +return 0; + +if (prevchar = '0' prevchar = '9') +base = '0'; +else if (prevchar = 'a' prevchar = 'f') +base = 'a' - 10; +else if (prevchar = 'A' prevchar = 'F') +base = 'A' - 10; +else +return 0; +n = 4; +n |= (prevchar - base); +j++; +} + +if (prevchar == 0) +break; + +if (input[pos] ==
[libvirt] [APPENDIX] Sample filters
Attached are some sample filter templates. Some of these should probably become available through libvirt repository later on as 'standard filters'. One may copy the XML files into /etc/libvirt/nwfilter or use 'virsh nwfilter-define filename' to make them known to libvirt. Using 'virsh nwfilter-list' one can then list the filters. The simpleloop.xml filter will not be accepted since it would directly introduce a loop. More complex loops are also detected. Regards, Stefan, Gerhard allow-arp.xml Description: XML document allow-dhcp.xml Description: XML document allow-ipv4.xml Description: XML document demofilter.xml Description: XML document demofilter2.xml Description: XML document demofilter3.xml Description: XML document demofilter4.xml Description: XML document no-ip-spoofing.xml Description: XML document no-mac-broadcast.xml Description: XML document no-mac-spoofing.xml Description: XML document simpleloop.xml Description: XML document ipv6test.xml Description: XML document no-arp-spoofing.xml Description: XML document -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: make Red Hat copyright notices consistent
Eric Blake wrote: Spell out 'Red Hat, Inc.': git grep -i 'Copyright.*Red Hat' | grep -v Inc Include (C) consistently: git grep -i 'Copyright [^(].*Red Hat' * src/lxc/lxc_container.c: Update copyright formatting. * src/node_device/node_device_udev.c: Likewise. * src/node_device/node_device_udev.h: Likewise. * src/xen/xend_internal.h: Likewise. * src/xen/xm_internal.c: Likewise. * src/xen/xm_internal.h: Likewise. * tests/xmconfigtest.c: Likewise. * tests/object-locking.ml: Likewise. ACK. Mechanical, comment-only change. One suggestion: consistency-adding changes are great, but they're worth much more when accompanied by syntax-check style rules that ensure future consistency, too. On that note, after your changes, there are only two violations: $ git grep -i 'Copyright [^(].*Red Hat' tools/virt-pki-validate.in:Copyright 2006-2009 by Red Hat, Inc tools/virt-xml-validate.in:Copyright 2009 by Red Hat, Inc So I'll fold in fixes: diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index 3e8c642..b3fc986 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -297,7 +297,7 @@ Alternatively report bugs to your software distributor / vendor. =head1 COPYRIGHT -Copyright 2006-2009 by Red Hat, Inc +Copyright (C) 2006-2009 by Red Hat, Inc =head1 LICENSE diff --git a/tools/virt-xml-validate.in b/tools/virt-xml-validate.in index 03bd1a1..19a68b7 100644 --- a/tools/virt-xml-validate.in +++ b/tools/virt-xml-validate.in @@ -134,7 +134,7 @@ Alternatively report bugs to your software distributor / vendor. =head1 COPYRIGHT -Copyright 2009 by Red Hat, Inc +Copyright (C) 2009 by Red Hat, Inc Copyright 2009 by Daniel P. Berrange =head1 LICENSE -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: make Red Hat copyright notices consistent
Eric Blake wrote: Spell out 'Red Hat, Inc.': git grep -i 'Copyright.*Red Hat' | grep -v Inc Include (C) consistently: git grep -i 'Copyright [^(].*Red Hat' * src/lxc/lxc_container.c: Update copyright formatting. * src/node_device/node_device_udev.c: Likewise. * src/node_device/node_device_udev.h: Likewise. * src/xen/xend_internal.h: Likewise. * src/xen/xm_internal.c: Likewise. * src/xen/xm_internal.h: Likewise. * tests/xmconfigtest.c: Likewise. * tests/object-locking.ml: Likewise. --- src/lxc/lxc_container.c|4 ++-- src/node_device/node_device_udev.c |2 +- src/node_device/node_device_udev.h |2 +- src/xen/xend_internal.h|2 +- src/xen/xm_internal.c |2 +- src/xen/xm_internal.h |2 +- tests/object-locking.ml|2 +- tests/xmconfigtest.c |2 +- For the record, here's the updated patch I'll soon push: From 0a3363357979fd8c08332baed12dca446684ce0e Mon Sep 17 00:00:00 2001 From: Eric Blake ebl...@redhat.com Date: Fri, 12 Mar 2010 10:47:26 -0700 Subject: [PATCH] maint: make Red Hat copyright notices consistent Spell out 'Red Hat, Inc.': git grep -i 'Copyright.*Red Hat' | grep -v Inc Include (C) consistently: git grep -i 'Copyright [^(].*Red Hat' * src/lxc/lxc_container.c: Update copyright formatting. * src/node_device/node_device_udev.c: Likewise. * src/node_device/node_device_udev.h: Likewise. * src/xen/xend_internal.h: Likewise. * src/xen/xm_internal.c: Likewise. * src/xen/xm_internal.h: Likewise. * tests/xmconfigtest.c: Likewise. * tests/object-locking.ml: Likewise. * tools/virt-pki-validate.in: Likewise. * tools/virt-xml-validate.in: Likewise. --- src/lxc/lxc_container.c|4 ++-- src/node_device/node_device_udev.c |2 +- src/node_device/node_device_udev.h |2 +- src/xen/xend_internal.h|2 +- src/xen/xm_internal.c |2 +- src/xen/xm_internal.h |2 +- tests/object-locking.ml|2 +- tests/xmconfigtest.c |2 +- tools/virt-pki-validate.in |2 +- tools/virt-xml-validate.in |4 ++-- 10 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 68b4656..706c796 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1,6 +1,6 @@ /* - * Copyright IBM Corp. 2008 - * Copyright Red Hat 2008-2009 + * Copyright (C) 2008-2010 Red Hat, Inc. + * Copyright (C) 2008 IBM Corp. * * lxc_container.c: file description * diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c index 11e27e0..e3114fa 100644 --- a/src/node_device/node_device_udev.c +++ b/src/node_device/node_device_udev.c @@ -1,7 +1,7 @@ /* * node_device_udev.c: node device enumeration - libudev implementation * - * Copyright (C) 2009-2010 Red Hat + * Copyright (C) 2009-2010 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/src/node_device/node_device_udev.h b/src/node_device/node_device_udev.h index 8367494..cdaa142 100644 --- a/src/node_device/node_device_udev.h +++ b/src/node_device/node_device_udev.h @@ -1,7 +1,7 @@ /* * node_device_udev.h: node device enumeration - libudev implementation * - * Copyright (C) 2009 Red Hat + * Copyright (C) 2009-2010 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/src/xen/xend_internal.h b/src/xen/xend_internal.h index 483253f..028a293 100644 --- a/src/xen/xend_internal.h +++ b/src/xen/xend_internal.h @@ -1,12 +1,12 @@ /* * xend_internal.h * + * Copyright (C) 2006-2008, 2010 Red Hat, Inc. * Copyright (C) 2005,2006 * * Anthony Liguori aligu...@us.ibm.com * Daniel Veillard veill...@redhat.com * - * Copyright 2006-2008 Red Hat * * This file is subject to the terms and conditions of the GNU Lesser General * Public License. See the file COPYING in the main directory of this archive diff --git a/src/xen/xm_internal.c b/src/xen/xm_internal.c index 3d4624d..74bf0b6 100644 --- a/src/xen/xm_internal.c +++ b/src/xen/xm_internal.c @@ -1,7 +1,7 @@ /* * xm_internal.h: helper routines for dealing with inactive domains * - * Copyright (C) 2006-2007, 2009, 2010 Red Hat + * Copyright (C) 2006-2007, 2009-2010 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange * * This library is free software; you can redistribute it and/or diff --git a/src/xen/xm_internal.h b/src/xen/xm_internal.h index 37132ef..3ad3456 100644 --- a/src/xen/xm_internal.h +++ b/src/xen/xm_internal.h @@ -1,7 +1,7 @@ /* * xm_internal.h: helper routines for dealing with inactive domains * - * Copyright (C) 2006-2007 Red Hat + * Copyright (C) 2006-2007, 2010 Red Hat, Inc. * Copyright (C) 2006 Daniel P. Berrange * * This library is
Re: [libvirt] virtio serial config
On 18/03/10 14:31, Matthew Whitehead wrote: Matthew, Dan B referred me to you. I want to create 4 (or more) virtual serial devices between two KVM virtual hosts. The output of one serial device would be the input to the other. Virt-manager doesn't provide this, so I'm prepared to hack the config files manually. Unfortunately, I can't find documentation on the syntax. Can you assist? I'm normally the one complaining about lack of documentation :) That's quite an oversight. The basic syntax for a virtio-serial channel is: channel type='pty' target type='virtio' name='org.linux-kvm.port.1'/ /channel You'll want 4 channel/ entries per guest. Give them all different names. The interesting bit is going to be plugging the character devices together on the host. I'm pretty sure you'll have to use pipes. Note that afaik the libvirt documentation on this is wrong and misleading. Don't read it, just test instead :) IIRC, the way pipes actually work is that it expects to be able to use 2 pipes based on the path you specify, called foo.in and foo.out. I seem to recall you need to create these manually too. The following advice is completely untested. It may also be responsible for global warming and the rise of reality TV. Host: # mkfifo /tmp/guesta-virtioserial{1,2}.{in,out} # ln /tmp/guesta-virtioserial1.in /tmp/guestb-virtioserial1.out # ln /tmp/guesta-virtioserial1.out /tmp/guestb-virtioserial1.in # ln /tmp/guesta-virtioserial2.in /tmp/guestb-virtioserial2.out # ln /tmp/guesta-virtioserial2.out /tmp/guestb-virtioserial2.in Guest A: channel type='pipe' source path=/tmp/guesta-virtioserial1/ target type='virtio' name='org.linux-kvm.port.1'/ /channel channel type='pipe' source path=/tmp/guesta-virtioserial2/ target type='virtio' name='org.linux-kvm.port.2'/ /channel Guest B: channel type='pipe' source path=/tmp/guestb-virtioserial1/ target type='virtio' name='org.linux-kvm.port.1'/ /channel channel type='pipe' source path=/tmp/guestb-virtioserial2/ target type='virtio' name='org.linux-kvm.port.2'/ /channel At this point, both virtio-serial devices in each guest should be full-duplex. Matt -- Matthew Booth, RHCA, RHCSS Red Hat Engineering, Virtualisation Team M: +44 (0)7977 267231 GPG ID: D33C3490 GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: make Red Hat copyright notices consistent
On 03/18/2010 09:45 AM, Jim Meyering wrote: ACK. Mechanical, comment-only change. One suggestion: consistency-adding changes are great, but they're worth much more when accompanied by syntax-check style rules that ensure future consistency, too. OK, working on that in cfg.mk now... -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] maint: enforce recent copyright style
* cfg.mk (sc_copyright_format): New rule. Suggested by Jim Meyering. --- I tested that 'make syntax-check' with this patch rebased in place prior to the copyright updates catches the problems, but that when applied to the top of the tree it passes. cfg.mk |9 + 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/cfg.mk b/cfg.mk index 9fc2d66..e60820d 100644 --- a/cfg.mk +++ b/cfg.mk @@ -269,6 +269,15 @@ sc_preprocessor_indentation: echo '$(ME): skipping test $@: cppi not installed' 12; \ fi +sc_copyright_format: + @$(VC_LIST_EXCEPT) | xargs grep -ni 'copyright .*Red 'Hat \ + | grep -v Inc \ + { echo '$(ME): use correct Red Hat copyright' 12;\ + exit 1; } || : + @$(VC_LIST_EXCEPT) | xargs grep -ni 'copyright [^(].*Red 'Hat \ + { echo '$(ME): use correct Red Hat copyright' 12;\ + exit 1; } || : + # We don't use this feature of maint.mk. prev_version_file = /dev/null -- 1.6.6.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
On 03/18/2010 09:15 AM, Stefan Berger wrote: This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. ACK. I had to double-check MSDN to make sure that threads-win32 already creates recursive mutex by default. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
On Thu, Mar 18, 2010 at 10:41:58AM -0600, Eric Blake wrote: On 03/18/2010 09:15 AM, Stefan Berger wrote: This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. ACK. I had to double-check MSDN to make sure that threads-win32 already creates recursive mutex by default. I don't supposed you read if its possible to make it non-recursive, since the orginal impl is supposed to be non-recursive ! Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] maint: enforce recent copyright style
Eric Blake wrote: * cfg.mk (sc_copyright_format): New rule. Suggested by Jim Meyering. --- I tested that 'make syntax-check' with this patch rebased in place prior to the copyright updates catches the problems, but that when applied to the top of the tree it passes. cfg.mk |9 + 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/cfg.mk b/cfg.mk index 9fc2d66..e60820d 100644 --- a/cfg.mk +++ b/cfg.mk @@ -269,6 +269,15 @@ sc_preprocessor_indentation: echo '$(ME): skipping test $@: cppi not installed' 12; \ fi +sc_copyright_format: + @$(VC_LIST_EXCEPT) | xargs grep -ni 'copyright .*Red 'Hat \ + | grep -v Inc \ +{ echo '$(ME): use correct Red Hat copyright' 12;\ +exit 1; } || : + @$(VC_LIST_EXCEPT) | xargs grep -ni 'copyright [^(].*Red 'Hat \ +{ echo '$(ME): use correct Red Hat copyright' 12;\ +exit 1; } || : + # We don't use this feature of maint.mk. prev_version_file = /dev/null Thanks! In each diagnostic, it'd be nice to say what's missing. Inc. in the first, (C) in the second. In the second, isn't s/correct/consistent/ more appropriate? Or is there some legal guidance saying that the (C) is required? I seem to recall reading that at least with FSF copyrights, the (C) is optional, and without legal value. The only problem I can see is that when/if adding copyright year numbers (non-range notation), eventually, some copyright lines will be split, causing this check to report false-positive matches. This is another argument for using - year ranges, when possible, rather than writing them out as Y1, Y2, Y3, ... YN. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
On 03/18/2010 10:51 AM, Daniel P. Berrange wrote: On Thu, Mar 18, 2010 at 10:41:58AM -0600, Eric Blake wrote: On 03/18/2010 09:15 AM, Stefan Berger wrote: This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. ACK. I had to double-check MSDN to make sure that threads-win32 already creates recursive mutex by default. I don't supposed you read if its possible to make it non-recursive, since the orginal impl is supposed to be non-recursive ! Unfortunately, I don't see a way: http://msdn.microsoft.com/en-us/library/ms684266%28VS.85%29.aspx states: After a thread obtains ownership of a mutex, it can specify the same mutex in repeated calls to the wait-functions without blocking its execution. This prevents a thread from deadlocking itself while waiting for a mutex that it already owns. To release its ownership under such circumstances, the thread must call ReleaseMutex once for each time that the mutex satisfied the conditions of a wait function. with no mention of any way to parameterize it to be non-recursive. But what does a true non-recursive mutex buy you? The only difference between recursive and true non-recursive is whether you declare that an attempt to relock a mutex that you already own is a fatal deadlock error, rather than incrementing a counter for matching unlocks. It's just that non-recursive mutexes typically have faster implementations. For that matter, do we even need the distinction? Maybe ALL our code should be using recursive mutexes by default, by changing virMutexInit to be recursive no matter what, and not worry about introducing virMutexInitRecursive. Looking more closely at virMutexInit in the pthreads version, we use pthread_mutex_init(,NULL), which requests PTHREAD_MUTEX_DEFAULT. But POSIX states: http://www.opengroup.org/onlinepubs/9699919799/functions/pthread_mutexattr_settype.html PTHREAD_MUTEX_DEFAULT Attempting to recursively lock a mutex of this type results in undefined behavior. Attempting to unlock a mutex of this type which was not locked by the calling thread results in undefined behavior. Attempting to unlock a mutex of this type which is not locked results in undefined behavior. An implementation may map this mutex to one of the other mutex types. That is, our current implementation of virMutexInit is NOT a true non-recursive mutex, so much as a mutex that is unspecified whether it is recursive or not. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
Daniel P. Berrange berra...@redhat.com wrote on 03/18/2010 12:51:55 PM: Please respond to Daniel P. Berrange On Thu, Mar 18, 2010 at 10:41:58AM -0600, Eric Blake wrote: On 03/18/2010 09:15 AM, Stefan Berger wrote: This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. ACK. I had to double-check MSDN to make sure that threads-win32 already creates recursive mutex by default. I don't supposed you read if its possible to make it non-recursive, since the orginal impl is supposed to be non-recursive ! From what I remember from some msdn page is that the win32 mutexes are all recursive. So, the call that I made for creating a recursive mutex by calling the virMutexInit() function is not correct -- it should be the other way around... Something to fix some other day ? Stefan Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/:| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org:| |: http://autobuild.org-o- http://search.cpan.org/~danberr/:| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
On Thu, Mar 18, 2010 at 11:04:17AM -0600, Eric Blake wrote: On 03/18/2010 10:51 AM, Daniel P. Berrange wrote: On Thu, Mar 18, 2010 at 10:41:58AM -0600, Eric Blake wrote: On 03/18/2010 09:15 AM, Stefan Berger wrote: This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. ACK. I had to double-check MSDN to make sure that threads-win32 already creates recursive mutex by default. I don't supposed you read if its possible to make it non-recursive, since the orginal impl is supposed to be non-recursive ! Unfortunately, I don't see a way: http://msdn.microsoft.com/en-us/library/ms684266%28VS.85%29.aspx states: After a thread obtains ownership of a mutex, it can specify the same mutex in repeated calls to the wait-functions without blocking its execution. This prevents a thread from deadlocking itself while waiting for a mutex that it already owns. To release its ownership under such circumstances, the thread must call ReleaseMutex once for each time that the mutex satisfied the conditions of a wait function. with no mention of any way to parameterize it to be non-recursive. But what does a true non-recursive mutex buy you? The only difference between recursive and true non-recursive is whether you declare that an attempt to relock a mutex that you already own is a fatal deadlock error, rather than incrementing a counter for matching unlocks. It's just that non-recursive mutexes typically have faster implementations. For that matter, do we even need the distinction? Maybe ALL our code should be using recursive mutexes by default, by changing virMutexInit to be recursive no matter what, and not worry about introducing virMutexInitRecursive. Having the mutex be non-recursive is a good thing, because more or less any code which causes recursion with our thread locking rules is broken by design and/or impl. Thus any deadlocks we encounter from non-recursive mutexes are highlighting bugs we'd not otherwise see. I'm not even convinced that this network filter stuff should need to have recursive mutexes, but we can leave that to address another day Regards, Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
On Thu, Mar 18, 2010 at 11:16:09AM -0600, Eric Blake wrote: On 03/18/2010 11:04 AM, Eric Blake wrote: But what does a true non-recursive mutex buy you? The only difference between recursive and true non-recursive is whether you declare that an attempt to relock a mutex that you already own is a fatal deadlock error, rather than incrementing a counter for matching unlocks. It's just that non-recursive mutexes typically have faster implementations. Actually, it DOES buy something. virCondWait DEPENDS on getting a true non-recursive function (PTHREAD_MUTEX_NORMAL or PTHREAD_MUTEX_ERRORCHECK, although the latter has better guaranteed behavior in the case of deadlock), because POSIX is clear that: It is advised that an application should not use a PTHREAD_MUTEX_RECURSIVE mutex with condition variables because the implicit unlock performed for a pthread_cond_timedwait() or pthread_cond_wait() may not actually release the mutex (if it had been locked multiple times). If this happens, no other thread can satisfy the condition of the predicate. For that matter, do we even need the distinction? Maybe ALL our code should be using recursive mutexes by default, by changing virMutexInit to be recursive no matter what, and not worry about introducing virMutexInitRecursive. Looking more closely at virMutexInit in the pthreads version, we use pthread_mutex_init(,NULL), which requests PTHREAD_MUTEX_DEFAULT. That is, our current implementation of virMutexInit is NOT a true non-recursive mutex, so much as a mutex that is unspecified whether it is recursive or not. And that means we have a bug in threads-pthread.c - we should be explicitly requesting a pthread_mutexattr with PTHREAD_MUTEX_ERRORCHECK rather than relying on NULL. No, we should set PTHREAD_MUTEX_NORMAL - we don't want it returning an error code on failure, because all our code assumes pthread_mutex_lock will not fail. Deadlock is what we want. Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
On 03/18/2010 11:04 AM, Eric Blake wrote: But what does a true non-recursive mutex buy you? The only difference between recursive and true non-recursive is whether you declare that an attempt to relock a mutex that you already own is a fatal deadlock error, rather than incrementing a counter for matching unlocks. It's just that non-recursive mutexes typically have faster implementations. Actually, it DOES buy something. virCondWait DEPENDS on getting a true non-recursive function (PTHREAD_MUTEX_NORMAL or PTHREAD_MUTEX_ERRORCHECK, although the latter has better guaranteed behavior in the case of deadlock), because POSIX is clear that: It is advised that an application should not use a PTHREAD_MUTEX_RECURSIVE mutex with condition variables because the implicit unlock performed for a pthread_cond_timedwait() or pthread_cond_wait() may not actually release the mutex (if it had been locked multiple times). If this happens, no other thread can satisfy the condition of the predicate. For that matter, do we even need the distinction? Maybe ALL our code should be using recursive mutexes by default, by changing virMutexInit to be recursive no matter what, and not worry about introducing virMutexInitRecursive. Looking more closely at virMutexInit in the pthreads version, we use pthread_mutex_init(,NULL), which requests PTHREAD_MUTEX_DEFAULT. That is, our current implementation of virMutexInit is NOT a true non-recursive mutex, so much as a mutex that is unspecified whether it is recursive or not. And that means we have a bug in threads-pthread.c - we should be explicitly requesting a pthread_mutexattr with PTHREAD_MUTEX_ERRORCHECK rather than relying on NULL. On the other hand, the win32 virCondWait is coded to correctly deal with the fact that Windows mutexes are always recursive (that is, windows events do not suffer from the pthread deadlock where a cond_wait on a recursively-held mutex fails to release the mutex). So, in a way, while the pthread virMutexInit must be non-recursive, I don't see any problem with the win32 being recursive. But we do need the distinction between virMutexInit and virMutexInitRecursive for pthreads, even though the win32 implementation can be the same for both. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] util: ensure virMutexInit is not recursive
POSIX states that creation of a mutex with default attributes is unspecified whether the mutex is recursive or non-recursive. We specifically want non-recursive (deadlock is desirable in flushing out coding bugs that used our mutex incorrectly). * src/util/threads-pthread.c (virMutexInit): Specifically request non-recursive mutex, rather than relying on unspecified default. --- src/util/threads-pthread.c |7 +-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/util/threads-pthread.c b/src/util/threads-pthread.c index ad42483..2f0746b 100644 --- a/src/util/threads-pthread.c +++ b/src/util/threads-pthread.c @@ -1,7 +1,7 @@ /* * threads-pthread.c: basic thread synchronization primitives * - * Copyright (C) 2009 Red Hat, Inc. + * Copyright (C) 2009-2010 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -36,7 +36,10 @@ void virThreadOnExit(void) int virMutexInit(virMutexPtr m) { int ret; -if ((ret = pthread_mutex_init(m-lock, NULL)) != 0) { +pthread_mutexattr_t attr; +pthread_mutexattr_init(attr); +pthread_mutexattr_settype(attr, PTHREAD_MUTEX_NORMAL); +if ((ret = pthread_mutex_init(m-lock, attr)) != 0) { errno = ret; return -1; } -- 1.6.6.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 1/14] Adding recursive locks
On 03/18/2010 01:04 PM, Eric Blake wrote: On 03/18/2010 10:51 AM, Daniel P. Berrange wrote: On Thu, Mar 18, 2010 at 10:41:58AM -0600, Eric Blake wrote: On 03/18/2010 09:15 AM, Stefan Berger wrote: This patch adds recursive locks necessary due to the processing of network filter XML that can reference other network filters, including references that cause looks. Loops in the XML are prevented but their detection requires recursive locks. ACK. I had to double-check MSDN to make sure that threads-win32 already creates recursive mutex by default. I don't supposed you read if its possible to make it non-recursive, since the orginal impl is supposed to be non-recursive ! Unfortunately, I don't see a way: http://msdn.microsoft.com/en-us/library/ms684266%28VS.85%29.aspx states: After a thread obtains ownership of a mutex, it can specify the same mutex in repeated calls to the wait-functions without blocking its execution. This prevents a thread from deadlocking itself while waiting for a mutex that it already owns. To release its ownership under such circumstances, the thread must call ReleaseMutex once for each time that the mutex satisfied the conditions of a wait function. with no mention of any way to parameterize it to be non-recursive. But what does a true non-recursive mutex buy you? The only difference between recursive and true non-recursive is whether you declare that an attempt to relock a mutex that you already own is a fatal deadlock error, rather than incrementing a counter for matching unlocks. It's just that non-recursive mutexes typically have faster implementations. For that matter, do we even need the distinction? Maybe ALL our code should be using recursive mutexes by default, by changing virMutexInit to be recursive no matter what, and not worry about introducing virMutexInitRecursive. Not speaking in particular about libvirt code, but in general a non-recursive mutex can protect you against accidentally modifying a data structure inside a function that's called by some other function that's in the middle of modifying the same data structure. So it's useful not for any sort of concurrency resolution, but as an assertion (very important IMO) on top of the normal uses of a recursive lock. Since any occurrence of a non-recursive lock failing due to the lock already being held by the same thread will, by definition, result in a dead-lock, we could achieve the same thing (with better error reporting) in the case of Windows by adding a simple atomic counter that's incremented/decremented along with the lock, and logs an error message (and optionally somehow attempts to abort the operation?) if the counter ever goes higher than 1. Looking more closely at virMutexInit in the pthreads version, we use pthread_mutex_init(,NULL), which requests PTHREAD_MUTEX_DEFAULT. But POSIX states: http://www.opengroup.org/onlinepubs/9699919799/functions/pthread_mutexattr_settype.html PTHREAD_MUTEX_DEFAULT Attempting to recursively lock a mutex of this type results in undefined behavior. Attempting to unlock a mutex of this type which was not locked by the calling thread results in undefined behavior. Attempting to unlock a mutex of this type which is not locked results in undefined behavior. An implementation may map this mutex to one of the other mutex types. That is, our current implementation of virMutexInit is NOT a true non-recursive mutex, so much as a mutex that is unspecified whether it is recursive or not. Eww. That seems a bit problematic. This has been a very productive discussion, eh? ;-) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] util: ensure virMutexInit is not recursive
On Thu, Mar 18, 2010 at 11:32:16AM -0600, Eric Blake wrote: POSIX states that creation of a mutex with default attributes is unspecified whether the mutex is recursive or non-recursive. We specifically want non-recursive (deadlock is desirable in flushing out coding bugs that used our mutex incorrectly). * src/util/threads-pthread.c (virMutexInit): Specifically request non-recursive mutex, rather than relying on unspecified default. --- src/util/threads-pthread.c |7 +-- 1 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/util/threads-pthread.c b/src/util/threads-pthread.c index ad42483..2f0746b 100644 --- a/src/util/threads-pthread.c +++ b/src/util/threads-pthread.c @@ -1,7 +1,7 @@ /* * threads-pthread.c: basic thread synchronization primitives * - * Copyright (C) 2009 Red Hat, Inc. + * Copyright (C) 2009-2010 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -36,7 +36,10 @@ void virThreadOnExit(void) int virMutexInit(virMutexPtr m) { int ret; -if ((ret = pthread_mutex_init(m-lock, NULL)) != 0) { +pthread_mutexattr_t attr; +pthread_mutexattr_init(attr); +pthread_mutexattr_settype(attr, PTHREAD_MUTEX_NORMAL); +if ((ret = pthread_mutex_init(m-lock, attr)) != 0) { errno = ret; return -1; } ACK, this is good. Daniel -- |: Red Hat, Engineering, London-o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org-o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 0/5] Introduce virDomainMigrateSetMaxDowntime API
This API call sets maximum tolerable time for which the domain is allowed to be paused at the end of live migration. It's supposed to be called while the domain is being live-migrated as a reaction to migration progress. Changes in version 2: - API renamed to reflect it's maximum downtime - new flags parameter for the future - qemu implementation was fixed so that the call is allowed iff the domain is being migrated - --downtime parameter of virsh migrate command was removed in favor of new virsh migrate-setmaxdowntime which can be run independently - virsh accepts downtime as nanoseconds instead of floating-point seconds (shells don't deal with floating-point numbers well) Jiri Denemark (5): Public virDomainMigrateSetMaxDowntime API Wire protocol and dispatcher for virDomainMigrateSetMaxDowntime Implement virDomainMigrateSetMaxDowntime in remote driver Implement virDomainMigrateSetMaxDowntime in qemu driver Add migrate-setmaxdowntime command to virsh daemon/remote.c | 29 ++ daemon/remote_dispatch_args.h |1 + daemon/remote_dispatch_prototypes.h |8 +++ daemon/remote_dispatch_table.h |5 ++ include/libvirt/libvirt.h.in|4 ++ src/libvirt.c | 49 + src/libvirt_public.syms |5 ++ src/qemu/qemu_driver.c | 70 - src/qemu/qemu_monitor.c | 15 + src/qemu/qemu_monitor.h |3 + src/qemu/qemu_monitor_json.c| 29 ++ src/qemu/qemu_monitor_json.h|3 + src/qemu/qemu_monitor_text.c| 27 ++ src/qemu/qemu_monitor_text.h|3 + src/remote/remote_driver.c | 32 +++- src/remote/remote_protocol.c| 13 + src/remote/remote_protocol.h| 98 +++ src/remote/remote_protocol.x| 10 +++- tools/virsh.c | 66 +++ tools/virsh.pod |6 ++ 20 files changed, 429 insertions(+), 47 deletions(-) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/14] Add build support
On 03/18/2010 09:16 AM, Stefan Berger wrote: This patch adds build support for the network filtering framework. Signed-off-by: Stefan Berger stef...@us.ibm.com Some nits, but I'll let others more familiar with the process of API expansion give an actual ack/nak review. +NWFILTER_CONF_SOURCES = \ + $(NWFILTER_PARAM_CONF_SOURCES) \ + conf/nwfilter_conf.c conf/nwfilter_conf.h What's with the mix between tabs and spaces before the \? Moreover, it seems a bit odd to hook up the Makefile support in 2/14 when the new files don't exist until 12/14. But I guess that's okay as long as the automake conditional that enables this block of code doesn't trigger until the files exist. fi +if test $with_nwfilter = yes ; then + AC_DEFINE_UNQUOTED([WITH_NWFILTER], 1, [whether local network filter management driver is available]) +fi You can use AC_DEFINE instead of AC_DEFINE_UNQUOTED here, since you aren't doing any shell expansion on either WITH_NWFILTER or 1. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 4/5] Implement virDomainMigrateSetMaxDowntime in qemu driver
--- src/qemu/qemu_driver.c | 70 +- src/qemu/qemu_monitor.c | 15 + src/qemu/qemu_monitor.h |3 ++ src/qemu/qemu_monitor_json.c | 29 + src/qemu/qemu_monitor_json.h |3 ++ src/qemu/qemu_monitor_text.c | 27 src/qemu/qemu_monitor_text.h |3 ++ 7 files changed, 149 insertions(+), 1 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 4cb47f7..d04d9bf 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -99,6 +99,11 @@ enum qemuDomainJob { enum qemuDomainJobSignals { QEMU_JOB_SIGNAL_CANCEL = 1 0, /* Request job cancellation */ QEMU_JOB_SIGNAL_SUSPEND = 1 1, /* Request VM suspend to finish live migration offline */ +QEMU_JOB_SIGNAL_MIGRATE_DOWNTIME = 1 2, /* Request migration downtime change */ +}; + +struct qemuDomainJobSignalsData { +unsigned long long migrateDowntime; /* Data for QEMU_JOB_SIGNAL_MIGRATE_DOWNTIME */ }; typedef struct _qemuDomainObjPrivate qemuDomainObjPrivate; @@ -107,6 +112,7 @@ struct _qemuDomainObjPrivate { virCond jobCond; /* Use in conjunction with main virDomainObjPtr lock */ enum qemuDomainJob jobActive; /* Currently running job */ unsigned int jobSignals;/* Signals for running job */ +struct qemuDomainJobSignalsData jobSignalsData; /* Signal specific data */ virDomainJobInfo jobInfo; unsigned long long jobStart; @@ -352,6 +358,7 @@ static int qemuDomainObjBeginJob(virDomainObjPtr obj) } priv-jobActive = QEMU_JOB_UNSPECIFIED; priv-jobSignals = 0; +memset(priv-jobSignalsData, 0, sizeof(priv-jobSignalsData)); priv-jobStart = (now.tv_sec * 1000ull) + (now.tv_usec / 1000); memset(priv-jobInfo, 0, sizeof(priv-jobInfo)); @@ -399,6 +406,7 @@ static int qemuDomainObjBeginJobWithDriver(struct qemud_driver *driver, } priv-jobActive = QEMU_JOB_UNSPECIFIED; priv-jobSignals = 0; +memset(priv-jobSignalsData, 0, sizeof(priv-jobSignalsData)); priv-jobStart = (now.tv_sec * 1000ull) + (now.tv_usec / 1000); memset(priv-jobInfo, 0, sizeof(priv-jobInfo)); @@ -424,6 +432,7 @@ static int ATTRIBUTE_RETURN_CHECK qemuDomainObjEndJob(virDomainObjPtr obj) priv-jobActive = QEMU_JOB_NONE; priv-jobSignals = 0; +memset(priv-jobSignalsData, 0, sizeof(priv-jobSignalsData)); priv-jobStart = 0; memset(priv-jobInfo, 0, sizeof(priv-jobInfo)); virCondSignal(priv-jobCond); @@ -4061,6 +4070,17 @@ qemuDomainWaitForMigrationComplete(struct qemud_driver *driver, virDomainObjPtr VIR_DEBUG0(Pausing domain for non-live migration); if (qemuDomainMigrateOffline(driver, vm) 0) VIR_WARN0(Unable to pause domain); +} else if (priv-jobSignals QEMU_JOB_SIGNAL_MIGRATE_DOWNTIME) { +unsigned long long ns = priv-jobSignalsData.migrateDowntime; + +priv-jobSignals ^= QEMU_JOB_SIGNAL_MIGRATE_DOWNTIME; +priv-jobSignalsData.migrateDowntime = 0; +VIR_DEBUG(Setting migration downtime to %lluns, ns); +qemuDomainObjEnterMonitorWithDriver(driver, vm); +rc = qemuMonitorSetMigrationDowntime(priv-mon, ns); +qemuDomainObjExitMonitorWithDriver(driver, vm); +if (rc 0) +VIR_WARN0(Unable to set migration downtime); } qemuDomainObjEnterMonitorWithDriver(driver, vm); @@ -9516,6 +9536,54 @@ cleanup: } +static int +qemuDomainMigrateSetMaxDowntime(virDomainPtr dom, +unsigned long long downtime, +unsigned int flags ATTRIBUTE_UNUSED) +{ +struct qemud_driver *driver = dom-conn-privateData; +virDomainObjPtr vm; +qemuDomainObjPrivatePtr priv; +int ret = -1; + +qemuDriverLock(driver); +vm = virDomainFindByUUID(driver-domains, dom-uuid); + +if (!vm) { +char uuidstr[VIR_UUID_STRING_BUFLEN]; +virUUIDFormat(dom-uuid, uuidstr); +qemuReportError(VIR_ERR_NO_DOMAIN, +_(no domain with matching uuid '%s'), uuidstr); +goto cleanup; +} + +if (!virDomainObjIsActive(vm)) { +qemuReportError(VIR_ERR_OPERATION_INVALID, +%s, _(domain is not running)); +goto cleanup; +} + +priv = vm-privateData; + +if (priv-jobActive != QEMU_JOB_MIGRATION) { +qemuReportError(VIR_ERR_OPERATION_INVALID, +%s, _(domain is not being migrated)); +goto cleanup; +} + +VIR_DEBUG(Requesting migration downtime change to %lluns, downtime); +priv-jobSignals |= QEMU_JOB_SIGNAL_MIGRATE_DOWNTIME; +priv-jobSignalsData.migrateDowntime = downtime; +ret = 0; + +cleanup: +if (vm) +virDomainObjUnlock(vm); +qemuDriverUnlock(driver); +return ret; +} + + static virDriver qemuDriver = { VIR_DRV_QEMU, QEMU, @@ -9597,7 +9665,7 @@
[libvirt] [PATCH v2 2/5] Wire protocol and dispatcher for virDomainMigrateSetMaxDowntime
--- daemon/remote.c | 29 ++ daemon/remote_dispatch_args.h |1 + daemon/remote_dispatch_prototypes.h |8 +++ daemon/remote_dispatch_table.h |5 ++ src/remote/remote_protocol.c| 13 + src/remote/remote_protocol.h| 98 +++ src/remote/remote_protocol.x| 10 +++- 7 files changed, 119 insertions(+), 45 deletions(-) diff --git a/daemon/remote.c b/daemon/remote.c index 7c4339f..9ea19c1 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -5463,6 +5463,35 @@ remoteDispatchDomainAbortJob (struct qemud_server *server ATTRIBUTE_UNUSED, } +static int +remoteDispatchDomainMigrateSetMaxDowntime(struct qemud_server *server ATTRIBUTE_UNUSED, + struct qemud_client *client ATTRIBUTE_UNUSED, + virConnectPtr conn, + remote_message_header *hdr ATTRIBUTE_UNUSED, + remote_error *rerr, + remote_domain_migrate_set_max_downtime_args *args, + void *ret ATTRIBUTE_UNUSED) +{ +virDomainPtr dom; + +dom = get_nonnull_domain(conn, args-dom); +if (dom == NULL) { +remoteDispatchConnError(rerr, conn); +return -1; +} + +if (virDomainMigrateSetMaxDowntime(dom, args-downtime, args-flags) == -1) { +virDomainFree(dom); +remoteDispatchConnError(rerr, conn); +return -1; +} + +virDomainFree(dom); + +return 0; +} + + /*- Helpers. -*/ /* get_nonnull_domain and get_nonnull_network turn an on-wire diff --git a/daemon/remote_dispatch_args.h b/daemon/remote_dispatch_args.h index f97155b..fa4a1d0 100644 --- a/daemon/remote_dispatch_args.h +++ b/daemon/remote_dispatch_args.h @@ -140,3 +140,4 @@ remote_cpu_baseline_args val_remote_cpu_baseline_args; remote_domain_get_job_info_args val_remote_domain_get_job_info_args; remote_domain_abort_job_args val_remote_domain_abort_job_args; +remote_domain_migrate_set_max_downtime_args val_remote_domain_migrate_set_max_downtime_args; diff --git a/daemon/remote_dispatch_prototypes.h b/daemon/remote_dispatch_prototypes.h index b81c8c3..c94c536 100644 --- a/daemon/remote_dispatch_prototypes.h +++ b/daemon/remote_dispatch_prototypes.h @@ -378,6 +378,14 @@ static int remoteDispatchDomainMigratePrepareTunnel( remote_error *err, remote_domain_migrate_prepare_tunnel_args *args, void *ret); +static int remoteDispatchDomainMigrateSetMaxDowntime( +struct qemud_server *server, +struct qemud_client *client, +virConnectPtr conn, +remote_message_header *hdr, +remote_error *err, +remote_domain_migrate_set_max_downtime_args *args, +void *ret); static int remoteDispatchDomainPinVcpu( struct qemud_server *server, struct qemud_client *client, diff --git a/daemon/remote_dispatch_table.h b/daemon/remote_dispatch_table.h index 5ad6bff..ebba5ab 100644 --- a/daemon/remote_dispatch_table.h +++ b/daemon/remote_dispatch_table.h @@ -827,3 +827,8 @@ .args_filter = (xdrproc_t) xdr_remote_domain_abort_job_args, .ret_filter = (xdrproc_t) xdr_void, }, +{ /* DomainMigrateSetMaxDowntime = 165 */ +.fn = (dispatch_fn) remoteDispatchDomainMigrateSetMaxDowntime, +.args_filter = (xdrproc_t) xdr_remote_domain_migrate_set_max_downtime_args, +.ret_filter = (xdrproc_t) xdr_void, +}, diff --git a/src/remote/remote_protocol.c b/src/remote/remote_protocol.c index 701acab..490ad43 100644 --- a/src/remote/remote_protocol.c +++ b/src/remote/remote_protocol.c @@ -3009,6 +3009,19 @@ xdr_remote_domain_abort_job_args (XDR *xdrs, remote_domain_abort_job_args *objp) } bool_t +xdr_remote_domain_migrate_set_max_downtime_args (XDR *xdrs, remote_domain_migrate_set_max_downtime_args *objp) +{ + + if (!xdr_remote_nonnull_domain (xdrs, objp-dom)) + return FALSE; + if (!xdr_uint64_t (xdrs, objp-downtime)) + return FALSE; + if (!xdr_u_int (xdrs, objp-flags)) + return FALSE; +return TRUE; +} + +bool_t xdr_remote_procedure (XDR *xdrs, remote_procedure *objp) { diff --git a/src/remote/remote_protocol.h b/src/remote/remote_protocol.h index f76e6e5..34d49fa 100644 --- a/src/remote/remote_protocol.h +++ b/src/remote/remote_protocol.h @@ -4,51 +4,51 @@ */ #ifndef _RP_H_RPCGEN -# define _RP_H_RPCGEN +#define _RP_H_RPCGEN -# include rpc/rpc.h +#include rpc/rpc.h -# ifdef __cplusplus +#ifdef __cplusplus extern C { -# endif +#endif -# include internal.h -# include arpa/inet.h -# define REMOTE_MESSAGE_MAX 262144 -# define REMOTE_MESSAGE_HEADER_MAX 24 -# define REMOTE_MESSAGE_PAYLOAD_MAX 262120 -# define REMOTE_STRING_MAX 65536 +#include internal.h +#include arpa/inet.h +#define REMOTE_MESSAGE_MAX 262144 +#define REMOTE_MESSAGE_HEADER_MAX 24
[libvirt] [PATCH v2 3/5] Implement virDomainMigrateSetMaxDowntime in remote driver
--- src/remote/remote_driver.c | 32 +++- 1 files changed, 31 insertions(+), 1 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 2fb81a1..58f5a9d 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -7707,6 +7707,36 @@ done: } +static int +remoteDomainMigrateSetMaxDowntime(virDomainPtr domain, + unsigned long long downtime, + unsigned int flags) +{ +struct private_data *priv = domain-conn-privateData; +remote_domain_migrate_set_max_downtime_args args; +int rv = -1; + +remoteDriverLock(priv); + +make_nonnull_domain(args.dom, domain); +args.downtime = downtime; +args.flags = flags; + +if (call(domain-conn, priv, 0, REMOTE_PROC_DOMAIN_MIGRATE_SET_MAX_DOWNTIME, + (xdrproc_t) xdr_remote_domain_migrate_set_max_downtime_args, + (char *) args, + (xdrproc_t) xdr_void, + (char *) NULL) == -1) +goto done; + +rv = 0; + +done: +remoteDriverUnlock(priv); +return rv; +} + + /*--*/ @@ -9126,7 +9156,7 @@ static virDriver remote_driver = { remoteCPUBaseline, /* cpuBaseline */ remoteDomainGetJobInfo, /* domainGetJobInfo */ remoteDomainAbortJob, /* domainFinishJob */ -NULL, /* domainMigrateSetMaxDowntime */ +remoteDomainMigrateSetMaxDowntime, /* domainMigrateSetMaxDowntime */ }; static virNetworkDriver network_driver = { -- 1.7.0.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 1/5] Public virDomainMigrateSetMaxDowntime API
--- include/libvirt/libvirt.h.in |4 +++ src/libvirt.c| 49 ++ src/libvirt_public.syms |5 3 files changed, 58 insertions(+), 0 deletions(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index 0d1b5b5..d983e5f 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -408,6 +408,10 @@ int virDomainMigrateToURI (virDomainPtr domain, const char *duri, unsigned long flags, const char *dname, unsigned long bandwidth); +int virDomainMigrateSetMaxDowntime (virDomainPtr domain, +unsigned long long downtime, +unsigned int flags); + /** * VIR_NODEINFO_MAXCPUS: * @nodeinfo: virNodeInfo instance diff --git a/src/libvirt.c b/src/libvirt.c index 1d9b878..07837a3 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -11265,3 +11265,52 @@ error: virDispatchError(conn); return -1; } + + +/** + * virDomainMigrateSetMaxDowntime: + * @domain: a domain object + * @downtime: maximum tolerable downtime for live migration, in nanoseconds + * @flags: fine-tuning flags, currently unused, use 0 + * + * Sets maximum tolerable time for which the domain is allowed to be paused + * at the end of live migration. It's supposed to be called while the domain is + * being live-migrated as a reaction to migration progress. + * + * Returns 0 in case of success, -1 otherwise. + */ +int +virDomainMigrateSetMaxDowntime(virDomainPtr domain, + unsigned long long downtime, + unsigned int flags) +{ +virConnectPtr conn; + +DEBUG(domain=%p, downtime=%llu, flags=%u, domain, downtime, flags); + +virResetLastError(); + +if (!VIR_IS_CONNECTED_DOMAIN(domain)) { +virLibDomainError(NULL, VIR_ERR_INVALID_DOMAIN, __FUNCTION__); +virDispatchError(NULL); +return -1; +} + +conn = domain-conn; +if (conn-flags VIR_CONNECT_RO) { +virLibDomainError(domain, VIR_ERR_OPERATION_DENIED, __FUNCTION__); +goto error; +} + +if (conn-driver-domainMigrateSetMaxDowntime) { +if (conn-driver-domainMigrateSetMaxDowntime(domain, downtime, flags) 0) +goto error; +return 0; +} + +virLibConnError(conn, VIR_ERR_NO_SUPPORT, __FUNCTION__); + +error: +virDispatchError(conn); +return -1; +} diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 64e7505..6ed79d0 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -358,4 +358,9 @@ LIBVIRT_0.7.7 { virDomainAbortJob; } LIBVIRT_0.7.5; +LIBVIRT_0.7.8 { +global: +virDomainMigrateSetMaxDowntime; +} LIBVIRT_0.7.7; + # define new API here using predicted next version number -- 1.7.0.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v2 5/5] Add migrate-setmaxdowntime command to virsh
--- tools/virsh.c | 66 +++ tools/virsh.pod |6 + 2 files changed, 72 insertions(+), 0 deletions(-) diff --git a/tools/virsh.c b/tools/virsh.c index aa85ee6..3dd9314 100644 --- a/tools/virsh.c +++ b/tools/virsh.c @@ -227,6 +227,8 @@ static vshCmdOpt *vshCommandOpt(const vshCmd *cmd, const char *name); static int vshCommandOptInt(const vshCmd *cmd, const char *name, int *found); static char *vshCommandOptString(const vshCmd *cmd, const char *name, int *found); +static long long vshCommandOptLongLong(const vshCmd *cmd, const char *name, + int *found); #if 0 static int vshCommandOptStringList(const vshCmd *cmd, const char *name, char ***data); #endif @@ -2828,6 +2830,51 @@ cmdMigrate (vshControl *ctl, const vshCmd *cmd) } /* + * migrate-setmaxdowntime command + */ +static const vshCmdInfo info_migrate_setmaxdowntime[] = { +{help, N_(set maximum tolerable downtime)}, +{desc, N_(Set maximum tolerable downtime of a domain which is being live-migrated to another host.)}, +{NULL, NULL} +}; + +static const vshCmdOptDef opts_migrate_setmaxdowntime[] = { +{domain, VSH_OT_DATA, VSH_OFLAG_REQ, N_(domain name, id or uuid)}, +{downtime, VSH_OT_DATA, VSH_OFLAG_REQ, N_(maximum tolerable downtime (in nanoseconds) for migration)}, +{NULL, 0, 0, NULL} +}; + +static int +cmdMigrateSetMaxDowntime(vshControl *ctl, const vshCmd *cmd) +{ +virDomainPtr dom = NULL; +long long downtime; +int found; +int ret = FALSE; + +if (!vshConnectionUsability(ctl, ctl-conn, TRUE)) +return FALSE; + +if (!(dom = vshCommandOptDomain(ctl, cmd, NULL))) +return FALSE; + +downtime = vshCommandOptLongLong(cmd, downtime, found); +if (!found || downtime 1) { +vshError(ctl, %s, _(migrate: Invalid downtime)); +goto done; +} + +if (virDomainMigrateSetMaxDowntime(dom, downtime, 0)) +goto done; + +ret = TRUE; + +done: +virDomainFree(dom); +return ret; +} + +/* * net-autostart command */ static const vshCmdInfo info_network_autostart[] = { @@ -7726,6 +7773,7 @@ static const vshCmdDef commands[] = { {hostname, cmdHostname, NULL, info_hostname}, {list, cmdList, opts_list, info_list}, {migrate, cmdMigrate, opts_migrate, info_migrate}, +{migrate-setmaxdowntime, cmdMigrateSetMaxDowntime, opts_migrate_setmaxdowntime, info_migrate_setmaxdowntime}, {net-autostart, cmdNetworkAutostart, opts_network_autostart, info_network_autostart}, {net-create, cmdNetworkCreate, opts_network_create, info_network_create}, @@ -8065,6 +8113,24 @@ vshCommandOptString(const vshCmd *cmd, const char *name, int *found) return arg arg-data *arg-data ? arg-data : NULL; } +/* + * Returns option as long long + */ +static long long +vshCommandOptLongLong(const vshCmd *cmd, const char *name, int *found) +{ +vshCmdOpt *arg = vshCommandOpt(cmd, name); +int num_found = FALSE; +long long res = 0; +char *end_p = NULL; + +if ((arg != NULL) (arg-data != NULL)) +num_found = !virStrToLong_ll(arg-data, end_p, 10, res); +if (found) +*found = num_found; +return res; +} + #if 0 static int vshCommandOptStringList(const vshCmd *cmd, const char *name, char ***data) diff --git a/tools/virsh.pod b/tools/virsh.pod index 8f6df19..1c7cfce 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -334,6 +334,12 @@ leaves the domain paused on the destination host. The Idesturi is the connection URI of the destination host, and Imigrateuri is the migration URI, which usually can be omitted. +=item Bmigrate-setmaxdowntime Idomain-id Idowntime + +Set maximum tolerable downtime for a domain which is being live-migrated to +another host. The Idowntime is a number of nanoseconds the guest is allowed +to be down at the end of live migration. + =item Breboot Idomain-id Reboot a domain. This acts just as if the domain had the Breboot -- 1.7.0.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 5/14] Implementation of the public API
On 03/18/2010 09:16 AM, Stefan Berger wrote: This patch adds the implementation of the public API for the network filtering (ACL) extensions to libvirt.c . Signed-off-by: Stefan Berger stef...@us.ibm.com Some nits (again, leaving the content review to those more knowledgeable about API additions): +virRegisterNWFilterDriver(virNWFilterDriverPtr driver) +{ +if (virInitialize() 0) + return -1; + +if (driver == NULL) { +virLibConnError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__); +return(-1); Why the two different styles of returning -1? A quick grep shows that the former style (return -1) is used nearly 9x more frequently than the latter (return(-1)). +DEBUG(nwfilter driver %d %s returned %s, + i, virNWFilterDriverTab[i]-name, + res == VIR_DRV_OPEN_SUCCESS ? SUCCESS : + (res == VIR_DRV_OPEN_DECLINED ? DECLINED : + (res == VIR_DRV_OPEN_ERROR ? ERROR : unknown status))); +if (res == VIR_DRV_OPEN_ERROR) { +if (STREQ(virNWFilterDriverTab[i]-name, remote)) { +virLibConnWarning (NULL, VIR_WAR_NO_NWFILTER, + Is the daemon running ?); Do DEBUG messages need to be marked for translation? Even if not, the virLibConnWarning probably should be. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 14/14] Extension for iptables rules
On 03/18/2010 09:18 AM, Stefan Berger wrote: This patch adds support for L3/L4 filtering using iptables. This adds support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering. As mentioned in the introduction, a .c file provided by this patch is #include'd into a .c file. This will need work, but should be alright for review. Signed-off-by: Stefan Berger stef...@us.ibm.com [same caveats as earlier in this thread...] + unsigned int priority, + int isIptablesRule) { ebiptablesRuleInstPtr inst; @@ -225,6 +229,7 @@ ebiptablesAddRuleInst(virConnectPtr conn inst-neededProtocolChain = neededChain; inst-chainprefix = chainprefix; inst-priority = priority; +inst-isIptablesRule = isIptablesRule; This should be bool, not int. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org signature.asc Description: OpenPGP digital signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCHv2] Support vhost-net mode at qemu startup for virtio network devices.
Attempt to turn on vhost-net mode for devices of type NETWORK, BRIDGE, and DIRECT (macvtap). * src/qemu/qemu_conf.h: add vhostfd to qemuBuildHostNetStr prototype add qemudOpenVhostNet prototype new flag to set when :,vhost= found in qemu help * src/qemu/qemu_conf.c: * set QEMUD_CMD_FLAG_VNET_HOST is ,vhost= found in qemu help * qemudOpenVhostNet - opens /dev/vhost-net to pass to qemu if everything is in place to use it. * qemuBuildHostNetStr - add vhostfd to commandline if it's not empty (higher levels decide whether or not to fill it in) * qemudBuildCommandLine - if /dev/vhost-net is successfully opened, add its fd to tapfds array so it isn't closed on qemu exec, and populate vhostfd_name to be passed in to commandline builder. * src/qemu/qemu_driver.c: add filler 0 for new arg to qemuBuildHostNetStr, along with a note that this must be implemented in order for hot-plug of vhost-net virtio devices to work properly (once qemu netdev_add monitor command is implemented). --- The original version of this patch was doing a double close of tapfd in case of error, now fixed. In the meantime, similarities in the code made me wonder if vhost-net mode was supported by macvtap. I asked and found that it should work, so I tried, and it does! This version adds support for that type of interface. Note that these changes are still a NOP until the bit of code checking for -netdev in the qemu help and enabling QEMUD_CMD_FLAG_NETDEV in (qemu_conf.c:qemudComputeCmdFlags()) is uncommented. You can already do this by hand if you don't care about hot-plug/unplug of network devices, but checking in that change needs to wait until the netdev_add command is available in qemu (patches are submitted/in-process of submission to upstream qemu for that). Also, I've found that only a single network device per qemu process can take advantage of vhost-net. Any beyond that will result in qemu printing out the following warning: Error binding host notifier: 28 unable to start vhost net: 28: falling back on userspace virtio src/qemu/qemu_conf.c | 59 +++ src/qemu/qemu_conf.h |8 +- src/qemu/qemu_driver.c |3 +- 3 files changed, 63 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index fb23c52..f2d36f7 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -1183,6 +1183,10 @@ static unsigned long long qemudComputeCmdFlags(const char *help, if (is_kvm (version = 1 || kvm_version = 74)) flags |= QEMUD_CMD_FLAG_VNET_HDR; +if (is_kvm strstr(help, ,vhost=)) { +flags |= QEMUD_CMD_FLAG_VNET_HOST; +} + /* * Handling of -incoming arg with varying features * -incoming tcp(kvm = 79, qemu = 0.10.0) @@ -1597,6 +1601,27 @@ cleanup: } +int +qemudOpenVhostNet(virDomainNetDefPtr net, + unsigned long long qemuCmdFlags) +{ + +/* If qemu supports vhost-net mode (including the -netdev command + * option), the nic model is virtio, and we can open + * /dev/vhost_net, assume that vhost-net mode is available and + * return the fd to /dev/vhost_net. Otherwise, return -1. + */ + +if (!(qemuCmdFlags QEMUD_CMD_FLAG_VNET_HOST + qemuCmdFlags QEMUD_CMD_FLAG_NETDEV + qemuCmdFlags QEMUD_CMD_FLAG_DEVICE + net-model STREQ(net-model, virtio))) +return -1; + +return open(/dev/vhost-net, O_RDWR, 0); +} + + static int qemuDomainDeviceAliasIndex(virDomainDeviceInfoPtr info, const char *prefix) { @@ -2611,7 +2636,8 @@ char * qemuBuildHostNetStr(virDomainNetDefPtr net, char type_sep, int vlan, -const char *tapfd) +const char *tapfd, +const char *vhostfd) { virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -2680,6 +2706,10 @@ qemuBuildHostNetStr(virDomainNetDefPtr net, type_sep, net-info.alias); } +if (vhostfd *vhostfd) { +virBufferVSprintf(buf, ,vhost=on,vhostfd=%s, vhostfd); +} + if (virBufferError(buf)) { virBufferFreeAndReset(buf); virReportOOMError(); @@ -3828,6 +3858,7 @@ int qemudBuildCommandLine(virConnectPtr conn, virDomainNetDefPtr net = def-nets[i]; char *nic, *host; char tapfd_name[50]; +char vhostfd_name[50] = ; int vlan; /* VLANs are not used with -netdev, so don't record them */ @@
Re: [libvirt] [PATCH] util: ensure virMutexInit is not recursive
Daniel P. Berrange wrote: On Thu, Mar 18, 2010 at 11:32:16AM -0600, Eric Blake wrote: POSIX states that creation of a mutex with default attributes is unspecified whether the mutex is recursive or non-recursive. We specifically want non-recursive (deadlock is desirable in flushing out coding bugs that used our mutex incorrectly). * src/util/threads-pthread.c (virMutexInit): Specifically request non-recursive mutex, rather than relying on unspecified default. ... ACK, this is good. Pushed. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 2/14] Add build support
Eric Blake ebl...@redhat.com wrote on 03/18/2010 03:11:09 PM: On 03/18/2010 09:16 AM, Stefan Berger wrote: This patch adds build support for the network filtering framework. Signed-off-by: Stefan Berger stef...@us.ibm.com Some nits, but I'll let others more familiar with the process of API expansion give an actual ack/nak review. +NWFILTER_CONF_SOURCES = \ + $(NWFILTER_PARAM_CONF_SOURCES) \ + conf/nwfilter_conf.c conf/nwfilter_conf.h What's with the mix between tabs and spaces before the \? Fixed. Moreover, it seems a bit odd to hook up the Makefile support in 2/14 when the new files don't exist until 12/14. But I guess that's okay as long as the automake conditional that enables this block of code doesn't trigger until the files exist. All patches up to 12/14 are necessary for anything to work. It's also possible that an earlier patch has a code-dependency on a later one, so ordering isn't quite that simple... fi +if test $with_nwfilter = yes ; then + AC_DEFINE_UNQUOTED([WITH_NWFILTER], 1, [whether local network filter management driver is available]) +fi You can use AC_DEFINE instead of AC_DEFINE_UNQUOTED here, since you aren't doing any shell expansion on either WITH_NWFILTER or 1. Ok, Thanks and regards, Stefan -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org [attachment signature.asc deleted by Stefan Berger/Watson/IBM] -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 5/14] Implementation of the public API
Eric Blake ebl...@redhat.com wrote on 03/18/2010 03:25:25 PM: On 03/18/2010 09:16 AM, Stefan Berger wrote: This patch adds the implementation of the public API for the network filtering (ACL) extensions to libvirt.c . Signed-off-by: Stefan Berger stef...@us.ibm.com Some nits (again, leaving the content review to those more knowledgeable about API additions): +virRegisterNWFilterDriver(virNWFilterDriverPtr driver) +{ +if (virInitialize() 0) + return -1; + +if (driver == NULL) { +virLibConnError(NULL, VIR_ERR_INVALID_ARG, __FUNCTION__); +return(-1); Why the two different styles of returning -1? A quick grep shows that the former style (return -1) is used nearly 9x more frequently than the latter (return(-1)). Parts have been recycled from the storage driver and that's likely where that comes from. +DEBUG(nwfilter driver %d %s returned %s, + i, virNWFilterDriverTab[i]-name, + res == VIR_DRV_OPEN_SUCCESS ? SUCCESS : + (res == VIR_DRV_OPEN_DECLINED ? DECLINED : + (res == VIR_DRV_OPEN_ERROR ? ERROR : unknown status))); +if (res == VIR_DRV_OPEN_ERROR) { +if (STREQ(virNWFilterDriverTab[i]-name, remote)) { +virLibConnWarning (NULL, VIR_WAR_NO_NWFILTER, + Is the daemon running ?); Do DEBUG messages need to be marked for translation? Even if not, the virLibConnWarning probably should be. Correct. I will fix the error message. Thanks and regards, Stefan -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org [attachment signature.asc deleted by Stefan Berger/Watson/IBM] -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 14/14] Extension for iptables rules
Eric Blake ebl...@redhat.com wrote on 03/18/2010 03:29:17 PM: On 03/18/2010 09:18 AM, Stefan Berger wrote: This patch adds support for L3/L4 filtering using iptables. This adds support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering. As mentioned in the introduction, a .c file provided by this patch is #include'd into a .c file. This will need work, but should be alright for review. Signed-off-by: Stefan Berger stef...@us.ibm.com [same caveats as earlier in this thread...] + unsigned int priority, + int isIptablesRule) { ebiptablesRuleInstPtr inst; @@ -225,6 +229,7 @@ ebiptablesAddRuleInst(virConnectPtr conn inst-neededProtocolChain = neededChain; inst-chainprefix = chainprefix; inst-priority = priority; +inst-isIptablesRule = isIptablesRule; This should be bool, not int. Changed this now. Thanks and regards, Stefan -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org [attachment signature.asc deleted by Stefan Berger/Watson/IBM] -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] qemu: Fix FD leak in qemudStartVMDaemon
2010/3/18 Daniel Veillard veill...@redhat.com: On Thu, Mar 18, 2010 at 02:31:56PM +0100, Matthias Bolte wrote: 2010/3/18 Daniel Veillard veill...@redhat.com: On Wed, Mar 17, 2010 at 10:35:51PM +0100, Matthias Bolte wrote: The logfile FD is dup2'ed in __virExec in the child. The FD needs to be closed in the parent, otherwise it leaks. --- src/qemu/qemu_driver.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c8f3a15..fbb1275 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -2963,6 +2963,9 @@ static int qemudStartVMDaemon(virConnectPtr conn, if (virDomainSaveStatus(driver-caps, driver-stateDir, vm) 0) goto abort; + if (logfile != -1) + close(logfile); + return 0; cleanup: ACK, but we test if ((logfile = ...) 0) goto cleanup; so the logical counterpart would be if (logfile = 0) close(logfile); Daniel True. I just copied the the close call from the cleanup block. Both blocks (cleanup and abort) check for != 1, so one could argue to change them to = 0 too. Either way, let's plug the leak :-) thanks ! Daniel Yep, pushed. Matthias -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] Can not display graphical console of lxc Virtual Machine.
Hi all, I am trying to display the graphical console of a lxc virtual machine which was already created and running. For this, I am using 'virt-viewer'. But, when I execute the following command, it's throwing some errors. [r...@localhost lxc_devel]# virt-viewer --connect lxc:/// vm2_fedora --debug ** (virt-viewer:11988): DEBUG: Add handle 4 1 0x217c140 ** (virt-viewer:11988): DEBUG: Add timeout 0x217e4f0 -1 0x7fda386cb990 0x217c140 1 ** (virt-viewer:11988): DEBUG: Skipping inactive resize ** (virt-viewer:11988): DEBUG: Failed to activate viewer can anyone help me. Please suggest me if any other ways of doing it. Regards, Srikanth. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list