External/libvirt
1
0
Fork 0
Code

domain_conf: move net device validation to domain_validate.c

Browse Source 
The next objective is to move virDomainDeviceDefValidate() to
domain_validate.c. First let's move all the static helpers.

The net device validation functions are used across multiple
drivers, so let's move them separately first.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
This commit is contained in:
Daniel Henrique Barboza 2020-12-10 21:38:07 -03:00
parent 80dc61cc3f
commit 69f30cfc67
10 changed files with 160 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
src/conf/domain_conf.c
View File

@ -6022,159 +6022,6 @@ virDomainDefHasUSB(const virDomainDef *def)
} }
static int
virDomainNetDefValidatePortOptions(const char *macstr,
virDomainNetType type,
const virNetDevVPortProfile *vport,
virTristateBool isolatedPort)
{
/*
* This function can be called for either a config interface
* object (NetDef) or a runtime interface object (ActualNetDef),
* by calling it with either, e.g., the "type" (what is in the
* config) or the "actualType" (what is determined at runtime by
* acquiring a port from the network).
*/
/*
* port isolation can only be set for an interface that is
* connected to a Linux host bridge (either a libvirt-managed
* network, or plain type='bridge')
*/
if (isolatedPort == VIR_TRISTATE_BOOL_YES) {
if (!(type == VIR_DOMAIN_NET_TYPE_NETWORK ||
type == VIR_DOMAIN_NET_TYPE_BRIDGE)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - <port isolated='yes'/> is not supported for network interfaces with type='%s'"),
macstr, virDomainNetTypeToString(type));
return -1;
}
/*
* also not allowed for anything with <virtualport> setting
* (openvswitch or 802.11Qb[gh])
*/
if (vport && vport->virtPortType != VIR_NETDEV_VPORT_PROFILE_NONE) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - <port isolated='yes'/> is not supported for network interfaces with virtualport type='%s'"),
macstr, virNetDevVPortTypeToString(vport->virtPortType));
return -1;
}
}
return 0;
}
int
virDomainActualNetDefValidate(const virDomainNetDef *net)
{
/* Unlike virDomainNetDefValidate(), which is a static function
* called internally to this file, virDomainActualNetDefValidate()
* is a public function that can be called from a hypervisor after
* it has completely setup the NetDef for use by a domain,
* including possibly allocating a port from the network driver
* (which could change the effective/"actual" type of the NetDef,
* thus changing what should/shouldn't be allowed by validation).
*
* This function should contain validations not specific to a
* particular hypervisor (e.g. whether or not specifying bandwidth
* is allowed for a type of interface), but *not*
* hypervisor-specific things.
*/
char macstr[VIR_MAC_STRING_BUFLEN];
virDomainNetType actualType = virDomainNetGetActualType(net);
const virNetDevVPortProfile *vport = virDomainNetGetActualVirtPortProfile(net);
const virNetDevBandwidth *bandwidth = virDomainNetGetActualBandwidth(net);
virMacAddrFormat(&net->mac, macstr);
if (virDomainNetGetActualVlan(net)) {
/* vlan configuration via libvirt is only supported for PCI
* Passthrough SR-IOV devices (hostdev or macvtap passthru
* mode) and openvswitch bridges. Otherwise log an error and
* fail
*/
if (!(actualType == VIR_DOMAIN_NET_TYPE_HOSTDEV ||
(actualType == VIR_DOMAIN_NET_TYPE_DIRECT &&
virDomainNetGetActualDirectMode(net) == VIR_NETDEV_MACVLAN_MODE_PASSTHRU) ||
(actualType == VIR_DOMAIN_NET_TYPE_BRIDGE &&
vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - vlan tag not supported for this connection type"),
macstr);
return -1;
}
}
/* bandwidth configuration via libvirt is not supported for
* hostdev network devices
*/
if (bandwidth && actualType == VIR_DOMAIN_NET_TYPE_HOSTDEV) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - bandwidth settings are not supported "
"for hostdev interfaces"),
macstr);
return -1;
}
if (virDomainNetDefValidatePortOptions(macstr, actualType, vport,
virDomainNetGetActualPortOptionsIsolated(net)) < 0) {
return -1;
}
return 0;
}
static int
virDomainNetDefValidate(const virDomainNetDef *net)
{
char macstr[VIR_MAC_STRING_BUFLEN];
virMacAddrFormat(&net->mac, macstr);
if ((net->hostIP.nroutes || net->hostIP.nips) &&
net->type != VIR_DOMAIN_NET_TYPE_ETHERNET) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Invalid attempt to set network interface "
"host-side IP route and/or address info on "
"interface of type '%s'. This is only supported "
"on interfaces of type 'ethernet'"),
virDomainNetTypeToString(net->type));
return -1;
}
if (net->managed_tap == VIR_TRISTATE_BOOL_NO &&
net->type != VIR_DOMAIN_NET_TYPE_ETHERNET) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unmanaged target dev is not supported on "
"interfaces of type '%s'"),
virDomainNetTypeToString(net->type));
return -1;
}
if (net->teaming.type == VIR_DOMAIN_NET_TEAMING_TYPE_TRANSIENT) {
if (!net->teaming.persistent) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("teaming persistent attribute must be set if teaming type is 'transient'"));
return -1;
}
} else {
if (net->teaming.persistent) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("teaming persistent attribute not allowed if teaming type is '%s'"),
virDomainNetTeamingTypeToString(net->teaming.type));
return -1;
}
}
if (virDomainNetDefValidatePortOptions(macstr, net->type, net->virtPortProfile,
net->isolatedPort) < 0) {
return -1;
}
return 0;
}
static int static int
virDomainHostdevDefValidate(const virDomainHostdevDef *hostdev) virDomainHostdevDefValidate(const virDomainHostdevDef *hostdev)
{ {

3
src/conf/domain_conf.h
View File

@ -3024,9 +3024,6 @@ bool virDomainDefHasUSB(const virDomainDef *def);
bool virDomainDeviceAliasIsUserAlias(const char *aliasStr); bool virDomainDeviceAliasIsUserAlias(const char *aliasStr);
int
virDomainActualNetDefValidate(const virDomainNetDef *net);
static inline bool static inline bool
virDomainObjIsActive(virDomainObjPtr dom) virDomainObjIsActive(virDomainObjPtr dom)
{ {

152
src/conf/domain_validate.c
View File

@ -1169,3 +1169,155 @@ virDomainDefValidate(virDomainDefPtr def,
return 0; return 0;
} }
static int
virDomainNetDefValidatePortOptions(const char *macstr,
virDomainNetType type,
const virNetDevVPortProfile *vport,
virTristateBool isolatedPort)
{
/*
* This function can be called for either a config interface
* object (NetDef) or a runtime interface object (ActualNetDef),
* by calling it with either, e.g., the "type" (what is in the
* config) or the "actualType" (what is determined at runtime by
* acquiring a port from the network).
*/
/*
* port isolation can only be set for an interface that is
* connected to a Linux host bridge (either a libvirt-managed
* network, or plain type='bridge')
*/
if (isolatedPort == VIR_TRISTATE_BOOL_YES) {
if (!(type == VIR_DOMAIN_NET_TYPE_NETWORK ||
type == VIR_DOMAIN_NET_TYPE_BRIDGE)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - <port isolated='yes'/> is not supported for network interfaces with type='%s'"),
macstr, virDomainNetTypeToString(type));
return -1;
}
/*
* also not allowed for anything with <virtualport> setting
* (openvswitch or 802.11Qb[gh])
*/
if (vport && vport->virtPortType != VIR_NETDEV_VPORT_PROFILE_NONE) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - <port isolated='yes'/> is not supported for network interfaces with virtualport type='%s'"),
macstr, virNetDevVPortTypeToString(vport->virtPortType));
return -1;
}
}
return 0;
}
int
virDomainActualNetDefValidate(const virDomainNetDef *net)
{
/* Unlike virDomainNetDefValidate(), which is a static function
* called internally to this file, virDomainActualNetDefValidate()
* is a public function that can be called from a hypervisor after
* it has completely setup the NetDef for use by a domain,
* including possibly allocating a port from the network driver
* (which could change the effective/"actual" type of the NetDef,
* thus changing what should/shouldn't be allowed by validation).
*
* This function should contain validations not specific to a
* particular hypervisor (e.g. whether or not specifying bandwidth
* is allowed for a type of interface), but *not*
* hypervisor-specific things.
*/
char macstr[VIR_MAC_STRING_BUFLEN];
virDomainNetType actualType = virDomainNetGetActualType(net);
const virNetDevVPortProfile *vport = virDomainNetGetActualVirtPortProfile(net);
const virNetDevBandwidth *bandwidth = virDomainNetGetActualBandwidth(net);
virMacAddrFormat(&net->mac, macstr);
if (virDomainNetGetActualVlan(net)) {
/* vlan configuration via libvirt is only supported for PCI
* Passthrough SR-IOV devices (hostdev or macvtap passthru
* mode) and openvswitch bridges. Otherwise log an error and
* fail
*/
if (!(actualType == VIR_DOMAIN_NET_TYPE_HOSTDEV ||
(actualType == VIR_DOMAIN_NET_TYPE_DIRECT &&
virDomainNetGetActualDirectMode(net) == VIR_NETDEV_MACVLAN_MODE_PASSTHRU) ||
(actualType == VIR_DOMAIN_NET_TYPE_BRIDGE &&
vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - vlan tag not supported for this connection type"),
macstr);
return -1;
}
}
/* bandwidth configuration via libvirt is not supported for
* hostdev network devices
*/
if (bandwidth && actualType == VIR_DOMAIN_NET_TYPE_HOSTDEV) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %s - bandwidth settings are not supported "
"for hostdev interfaces"),
macstr);
return -1;
}
if (virDomainNetDefValidatePortOptions(macstr, actualType, vport,
virDomainNetGetActualPortOptionsIsolated(net)) < 0) {
return -1;
}
return 0;
}
int
virDomainNetDefValidate(const virDomainNetDef *net)
{
char macstr[VIR_MAC_STRING_BUFLEN];
virMacAddrFormat(&net->mac, macstr);
if ((net->hostIP.nroutes || net->hostIP.nips) &&
net->type != VIR_DOMAIN_NET_TYPE_ETHERNET) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Invalid attempt to set network interface "
"host-side IP route and/or address info on "
"interface of type '%s'. This is only supported "
"on interfaces of type 'ethernet'"),
virDomainNetTypeToString(net->type));
return -1;
}
if (net->managed_tap == VIR_TRISTATE_BOOL_NO &&
net->type != VIR_DOMAIN_NET_TYPE_ETHERNET) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unmanaged target dev is not supported on "
"interfaces of type '%s'"),
virDomainNetTypeToString(net->type));
return -1;
}
if (net->teaming.type == VIR_DOMAIN_NET_TEAMING_TYPE_TRANSIENT) {
if (!net->teaming.persistent) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("teaming persistent attribute must be set if teaming type is 'transient'"));
return -1;
}
} else {
if (net->teaming.persistent) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("teaming persistent attribute not allowed if teaming type is '%s'"),
virDomainNetTeamingTypeToString(net->teaming.type));
return -1;
}
}
if (virDomainNetDefValidatePortOptions(macstr, net->type, net->virtPortProfile,
net->isolatedPort) < 0) {
return -1;
}
return 0;
}

2
src/conf/domain_validate.h
View File

@ -45,3 +45,5 @@ int virDomainDefValidate(virDomainDefPtr def,
unsigned int parseFlags, unsigned int parseFlags,
virDomainXMLOptionPtr xmlopt, virDomainXMLOptionPtr xmlopt,
void *parseOpaque); void *parseOpaque);
int virDomainActualNetDefValidate(const virDomainNetDef *net);
int virDomainNetDefValidate(const virDomainNetDef *net);

2
src/libvirt_private.syms
View File

@ -226,7 +226,6 @@ virDiskNameParse;
virDiskNameToBusDeviceIndex; virDiskNameToBusDeviceIndex;
virDiskNameToIndex; virDiskNameToIndex;
virDomainActualNetDefFree; virDomainActualNetDefFree;
virDomainActualNetDefValidate;
virDomainAudioTypeTypeFromString; virDomainAudioTypeTypeFromString;
virDomainAudioTypeTypeToString; virDomainAudioTypeTypeToString;
virDomainBlockedReasonTypeFromString; virDomainBlockedReasonTypeFromString;
@ -743,6 +742,7 @@ virDomainConfVMNWFilterTeardown;
# conf/domain_validate.h # conf/domain_validate.h
virDomainActualNetDefValidate;
virDomainDefValidate; virDomainDefValidate;
virDomainDeviceValidateAliasForHotplug; virDomainDeviceValidateAliasForHotplug;

1
src/libxl/libxl_domain.c
View File

@ -35,6 +35,7 @@
#include "locking/domain_lock.h" #include "locking/domain_lock.h"
#include "xen_common.h" #include "xen_common.h"
#include "driver.h" #include "driver.h"
#include "domain_validate.h"
#define VIR_FROM_THIS VIR_FROM_LIBXL #define VIR_FROM_THIS VIR_FROM_LIBXL

1
src/libxl/libxl_driver.c
View File

@ -55,6 +55,7 @@
#include "virnetdevtap.h" #include "virnetdevtap.h"
#include "cpu/cpu.h" #include "cpu/cpu.h"
#include "virutil.h" #include "virutil.h"
#include "domain_validate.h"
#define VIR_FROM_THIS VIR_FROM_LIBXL #define VIR_FROM_THIS VIR_FROM_LIBXL

1
src/lxc/lxc_driver.c
View File

@ -58,6 +58,7 @@
#include "domain_cgroup.h" #include "domain_cgroup.h"
#include "domain_driver.h" #include "domain_driver.h"
#include "domain_nwfilter.h" #include "domain_nwfilter.h"
#include "domain_validate.h"
#include "virinitctl.h" #include "virinitctl.h"
#include "virnetdev.h" #include "virnetdev.h"
#include "virnetdevtap.h" #include "virnetdevtap.h"

1
src/lxc/lxc_process.c
View File

@ -42,6 +42,7 @@
#include "domain_nwfilter.h" #include "domain_nwfilter.h"
#include "viralloc.h" #include "viralloc.h"
#include "domain_audit.h" #include "domain_audit.h"
#include "domain_validate.h"
#include "virerror.h" #include "virerror.h"
#include "virlog.h" #include "virlog.h"
#include "vircommand.h" #include "vircommand.h"

1
src/qemu/qemu_domain.c
View File

@ -48,6 +48,7 @@
#include "domain_capabilities.h" #include "domain_capabilities.h"
#include "domain_driver.h" #include "domain_driver.h"
#include "domain_event.h" #include "domain_event.h"
#include "domain_validate.h"
#include "virtime.h" #include "virtime.h"
#include "virnetdevopenvswitch.h" #include "virnetdevopenvswitch.h"
#include "virstoragefile.h" #include "virstoragefile.h"