External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-05 22:05:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Pass the VM's UUID into the nwfilter subsystem

Browse Source 
A preparatory patch for DHCP snooping where we want to be able to
differentiate between a VM's interface using the tuple of
<VM UUID, Interface MAC address>. We assume that MAC addresses could
possibly be re-used between different networks (VLANs) thus do not only
want to rely on the MAC address to identify an interface.

At the current 'final destination' in virNWFilterInstantiate I am leaving
the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive.
(we may not post the DHCP snooping patches for 0.9.9, though)

Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver
and uml_conf, I am passing the virDomainDefPtr around until I am passing
only the VM's uuid into the NWFilter calls.
This commit is contained in:
Stefan Berger 2011-12-08 21:35:20 -05:00 committed by Stefan Berger
parent 95ff5899b9
commit 33eb3567dd
10 changed files with 46 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/conf/domain_nwfilter.c
View File

@ -37,9 +37,10 @@ virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) {
int int
virDomainConfNWFilterInstantiate(virConnectPtr conn, virDomainConfNWFilterInstantiate(virConnectPtr conn,
const unsigned char *vmuuid,
virDomainNetDefPtr net) { virDomainNetDefPtr net) {
if (nwfilterDriver != NULL) if (nwfilterDriver != NULL)
return nwfilterDriver->instantiateFilter(conn, net); return nwfilterDriver->instantiateFilter(conn, vmuuid, net);
/* driver module not available -- don't indicate failure */ /* driver module not available -- don't indicate failure */
return 0; return 0;
} }

2
src/conf/domain_nwfilter.h
View File

@ -24,6 +24,7 @@
# define DOMAIN_NWFILTER_H # define DOMAIN_NWFILTER_H
typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn, typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn,
const unsigned char *vmuuid,
virDomainNetDefPtr net); virDomainNetDefPtr net);
typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net); typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net);
@ -36,6 +37,7 @@ typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr;
void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver); void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver);
int virDomainConfNWFilterInstantiate(virConnectPtr conn, int virDomainConfNWFilterInstantiate(virConnectPtr conn,
const unsigned char *vmuuid,
virDomainNetDefPtr net); virDomainNetDefPtr net);
void virDomainConfNWFilterTeardown(virDomainNetDefPtr net); void virDomainConfNWFilterTeardown(virDomainNetDefPtr net);
void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm); void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm);

5
src/lxc/lxc_driver.c
View File

@ -1185,6 +1185,7 @@ static void lxcVmCleanup(lxc_driver_t *driver,
static int lxcSetupInterfaceBridged(virConnectPtr conn, static int lxcSetupInterfaceBridged(virConnectPtr conn,
virDomainDefPtr vm,
virDomainNetDefPtr net, virDomainNetDefPtr net,
const char *brname, const char *brname,
unsigned int *nveths, unsigned int *nveths,
@ -1229,7 +1230,7 @@ static int lxcSetupInterfaceBridged(virConnectPtr conn,
} }
if (net->filter && if (net->filter &&
virDomainConfNWFilterInstantiate(conn, net) < 0) virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0)
goto cleanup; goto cleanup;
ret = 0; ret = 0;
@ -1349,6 +1350,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
goto cleanup; goto cleanup;
if (lxcSetupInterfaceBridged(conn, if (lxcSetupInterfaceBridged(conn,
def,
def->nets[i], def->nets[i],
brname, brname,
nveths, nveths,
@ -1367,6 +1369,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
goto cleanup; goto cleanup;
} }
if (lxcSetupInterfaceBridged(conn, if (lxcSetupInterfaceBridged(conn,
def,
def->nets[i], def->nets[i],
brname, brname,
nveths, nveths,

6
src/nwfilter/nwfilter_driver.c
View File

@ -443,8 +443,10 @@ cleanup:
static int static int
nwfilterInstantiateFilter(virConnectPtr conn, nwfilterInstantiateFilter(virConnectPtr conn,
virDomainNetDefPtr net) { const unsigned char *vmuuid,
return virNWFilterInstantiateFilter(conn, net); virDomainNetDefPtr net)
{
return virNWFilterInstantiateFilter(conn, vmuuid, net);
} }

27
src/nwfilter/nwfilter_gentech_driver.c
View File

@ -607,6 +607,7 @@ virNWFilterRuleInstancesToArray(int nEntries,
/** /**
* virNWFilterInstantiate: * virNWFilterInstantiate:
* @vmuuid: The UUID of the VM
* @techdriver: The driver to use for instantiation * @techdriver: The driver to use for instantiation
* @filter: The filter to instantiate * @filter: The filter to instantiate
* @ifname: The name of the interface to apply the rules to * @ifname: The name of the interface to apply the rules to
@ -625,7 +626,8 @@ virNWFilterRuleInstancesToArray(int nEntries,
* Call this function while holding the NWFilter filter update lock * Call this function while holding the NWFilter filter update lock
*/ */
static int static int
virNWFilterInstantiate(virNWFilterTechDriverPtr techdriver, virNWFilterInstantiate(const unsigned char *vmuuid ATTRIBUTE_UNUSED,
virNWFilterTechDriverPtr techdriver,
enum virDomainNetType nettype, enum virDomainNetType nettype,
virNWFilterDefPtr filter, virNWFilterDefPtr filter,
const char *ifname, const char *ifname,
@ -761,7 +763,8 @@ err_unresolvable_vars:
* Call this function while holding the NWFilter filter update lock * Call this function while holding the NWFilter filter update lock
*/ */
static int static int
__virNWFilterInstantiateFilter(bool teardownOld, __virNWFilterInstantiateFilter(const unsigned char *vmuuid,
bool teardownOld,
const char *ifname, const char *ifname,
int ifindex, int ifindex,
const char *linkdev, const char *linkdev,
@ -853,7 +856,8 @@ __virNWFilterInstantiateFilter(bool teardownOld,
break; break;
} }
rc = virNWFilterInstantiate(techdriver, rc = virNWFilterInstantiate(vmuuid,
techdriver,
nettype, nettype,
filter, filter,
ifname, ifname,
@ -883,6 +887,7 @@ err_exit:
static int static int
_virNWFilterInstantiateFilter(virConnectPtr conn, _virNWFilterInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net, const virDomainNetDefPtr net,
bool teardownOld, bool teardownOld,
enum instCase useNewFilter, enum instCase useNewFilter,
@ -908,7 +913,8 @@ _virNWFilterInstantiateFilter(virConnectPtr conn,
goto cleanup; goto cleanup;
} }
rc = __virNWFilterInstantiateFilter(teardownOld, rc = __virNWFilterInstantiateFilter(vmuuid,
teardownOld,
net->ifname, net->ifname,
ifindex, ifindex,
linkdev, linkdev,
@ -929,7 +935,8 @@ cleanup:
int int
virNWFilterInstantiateFilterLate(const char *ifname, virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
const char *ifname,
int ifindex, int ifindex,
const char *linkdev, const char *linkdev,
enum virDomainNetType nettype, enum virDomainNetType nettype,
@ -943,7 +950,8 @@ virNWFilterInstantiateFilterLate(const char *ifname,
virNWFilterLockFilterUpdates(); virNWFilterLockFilterUpdates();
rc = __virNWFilterInstantiateFilter(true, rc = __virNWFilterInstantiateFilter(vmuuid,
true,
ifname, ifname,
ifindex, ifindex,
linkdev, linkdev,
@ -973,11 +981,12 @@ virNWFilterInstantiateFilterLate(const char *ifname,
int int
virNWFilterInstantiateFilter(virConnectPtr conn, virNWFilterInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net) const virDomainNetDefPtr net)
{ {
bool foundNewFilter = false; bool foundNewFilter = false;
return _virNWFilterInstantiateFilter(conn, net, return _virNWFilterInstantiateFilter(conn, vmuuid, net,
1, 1,
INSTANTIATE_ALWAYS, INSTANTIATE_ALWAYS,
&foundNewFilter); &foundNewFilter);
@ -986,12 +995,13 @@ virNWFilterInstantiateFilter(virConnectPtr conn,
int int
virNWFilterUpdateInstantiateFilter(virConnectPtr conn, virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net, const virDomainNetDefPtr net,
bool *skipIface) bool *skipIface)
{ {
bool foundNewFilter = false; bool foundNewFilter = false;
int rc = _virNWFilterInstantiateFilter(conn, net, int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net,
0, 0,
INSTANTIATE_FOLLOW_NEWFILTER, INSTANTIATE_FOLLOW_NEWFILTER,
&foundNewFilter); &foundNewFilter);
@ -1109,6 +1119,7 @@ virNWFilterDomainFWUpdateCB(void *payload,
switch (cb->step) { switch (cb->step) {
case STEP_APPLY_NEW: case STEP_APPLY_NEW:
cb->err = virNWFilterUpdateInstantiateFilter(cb->conn, cb->err = virNWFilterUpdateInstantiateFilter(cb->conn,
vm->uuid,
net, net,
&skipIface); &skipIface);
if (cb->err == 0 && skipIface) { if (cb->err == 0 && skipIface) {

5
src/nwfilter/nwfilter_gentech_driver.h
View File

@ -38,12 +38,15 @@ enum instCase {
int virNWFilterInstantiateFilter(virConnectPtr conn, int virNWFilterInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net); const virDomainNetDefPtr net);
int virNWFilterUpdateInstantiateFilter(virConnectPtr conn, int virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net, const virDomainNetDefPtr net,
bool *skipIface); bool *skipIface);
int virNWFilterInstantiateFilterLate(const char *ifname, int virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
const char *ifname,
int ifindex, int ifindex,
const char *linkdev, const char *linkdev,
enum virDomainNetType nettype, enum virDomainNetType nettype,

3
src/nwfilter/nwfilter_learnipaddr.c
View File

@ -704,7 +704,8 @@ learnIPAddressThread(void *arg)
"cache for interface %s"), inetaddr, req->ifname); "cache for interface %s"), inetaddr, req->ifname);
} }
ret = virNWFilterInstantiateFilterLate(req->ifname, ret = virNWFilterInstantiateFilterLate(NULL,
req->ifname,
req->ifindex, req->ifindex,
req->linkdev, req->linkdev,
req->nettype, req->nettype,

2
src/qemu/qemu_command.c
View File

@ -275,7 +275,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
if (tapfd >= 0) { if (tapfd >= 0) {
if ((net->filter) && (net->ifname)) { if ((net->filter) && (net->ifname)) {
if (virDomainConfNWFilterInstantiate(conn, net) < 0) if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0)
VIR_FORCE_CLOSE(tapfd); VIR_FORCE_CLOSE(tapfd);
} }
} }

2
src/qemu/qemu_process.c
View File

@ -2355,7 +2355,7 @@ qemuProcessFiltersInstantiate(virConnectPtr conn,
for (i = 0 ; i < def->nnets ; i++) { for (i = 0 ; i < def->nnets ; i++) {
virDomainNetDefPtr net = def->nets[i]; virDomainNetDefPtr net = def->nets[i];
if ((net->filter) && (net->ifname)) { if ((net->filter) && (net->ifname)) {
if (virDomainConfNWFilterInstantiate(conn, net) < 0) { if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) {
err = 1; err = 1;
break; break;
} }

11
src/uml/uml_conf.c
View File

@ -122,6 +122,7 @@ virCapsPtr umlCapsInit(void) {
static int static int
umlConnectTapDevice(virConnectPtr conn, umlConnectTapDevice(virConnectPtr conn,
virDomainDefPtr vm,
virDomainNetDefPtr net, virDomainNetDefPtr net,
const char *bridge) const char *bridge)
{ {
@ -148,7 +149,7 @@ umlConnectTapDevice(virConnectPtr conn,
} }
if (net->filter) { if (net->filter) {
if (virDomainConfNWFilterInstantiate(conn, net) < 0) { if (virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) {
if (template_ifname) if (template_ifname)
VIR_FREE(net->ifname); VIR_FREE(net->ifname);
goto error; goto error;
@ -165,6 +166,7 @@ error:
static char * static char *
umlBuildCommandLineNet(virConnectPtr conn, umlBuildCommandLineNet(virConnectPtr conn,
virDomainDefPtr vm,
virDomainNetDefPtr def, virDomainNetDefPtr def,
int idx) int idx)
{ {
@ -230,7 +232,7 @@ umlBuildCommandLineNet(virConnectPtr conn,
goto error; goto error;
} }
if (umlConnectTapDevice(conn, def, bridge) < 0) { if (umlConnectTapDevice(conn, vm, def, bridge) < 0) {
VIR_FREE(bridge); VIR_FREE(bridge);
goto error; goto error;
} }
@ -241,7 +243,8 @@ umlBuildCommandLineNet(virConnectPtr conn,
} }
case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_BRIDGE:
if (umlConnectTapDevice(conn, def, def->data.bridge.brname) < 0) if (umlConnectTapDevice(conn, vm, def,
def->data.bridge.brname) < 0)
goto error; goto error;
/* ethNNN=tuntap,tapname,macaddr,gateway */ /* ethNNN=tuntap,tapname,macaddr,gateway */
@ -434,7 +437,7 @@ virCommandPtr umlBuildCommandLine(virConnectPtr conn,
} }
for (i = 0 ; i < vm->def->nnets ; i++) { for (i = 0 ; i < vm->def->nnets ; i++) {
char *ret = umlBuildCommandLineNet(conn, vm->def->nets[i], i); char *ret = umlBuildCommandLineNet(conn, vm->def, vm->def->nets[i], i);
if (!ret) if (!ret)
goto error; goto error;
virCommandAddArg(cmd, ret); virCommandAddArg(cmd, ret);