mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-08-28 03:21:19 +00:00
util: query/set BR_ISOLATED flag on netdevs attached to bridge
When this flag is set for an interface attached to a bridge, traffic to/from the specified interface can only enter/exit the bridge via another attached interface that *doesn't* have the BR_ISOLATED flag set. This can be used to permit guests to communicate with the rest of the network, but not with each other. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
3f8b57a61f
commit
a378d8fa55
@ -2554,8 +2554,10 @@ virNetDevBridgeFDBDel;
|
|||||||
virNetDevBridgeGetSTP;
|
virNetDevBridgeGetSTP;
|
||||||
virNetDevBridgeGetSTPDelay;
|
virNetDevBridgeGetSTPDelay;
|
||||||
virNetDevBridgeGetVlanFiltering;
|
virNetDevBridgeGetVlanFiltering;
|
||||||
|
virNetDevBridgePortGetIsolated;
|
||||||
virNetDevBridgePortGetLearning;
|
virNetDevBridgePortGetLearning;
|
||||||
virNetDevBridgePortGetUnicastFlood;
|
virNetDevBridgePortGetUnicastFlood;
|
||||||
|
virNetDevBridgePortSetIsolated;
|
||||||
virNetDevBridgePortSetLearning;
|
virNetDevBridgePortSetLearning;
|
||||||
virNetDevBridgePortSetUnicastFlood;
|
virNetDevBridgePortSetUnicastFlood;
|
||||||
virNetDevBridgeRemovePort;
|
virNetDevBridgeRemovePort;
|
||||||
|
@ -311,6 +311,30 @@ virNetDevBridgePortSetUnicastFlood(const char *brname,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
virNetDevBridgePortGetIsolated(const char *brname,
|
||||||
|
const char *ifname,
|
||||||
|
bool *enable)
|
||||||
|
{
|
||||||
|
unsigned long value;
|
||||||
|
|
||||||
|
if (virNetDevBridgePortGet(brname, ifname, "isolated", &value) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
*enable = !!value;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
virNetDevBridgePortSetIsolated(const char *brname,
|
||||||
|
const char *ifname,
|
||||||
|
bool enable)
|
||||||
|
{
|
||||||
|
return virNetDevBridgePortSet(brname, ifname, "isolated", enable ? 1 : 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
#else
|
#else
|
||||||
int
|
int
|
||||||
virNetDevBridgePortGetLearning(const char *brname G_GNUC_UNUSED,
|
virNetDevBridgePortGetLearning(const char *brname G_GNUC_UNUSED,
|
||||||
@ -354,6 +378,28 @@ virNetDevBridgePortSetUnicastFlood(const char *brname G_GNUC_UNUSED,
|
|||||||
_("Unable to set bridge port unicast_flood on this platform"));
|
_("Unable to set bridge port unicast_flood on this platform"));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
virNetDevBridgePortGetIsolated(const char *brname G_GNUC_UNUSED,
|
||||||
|
const char *ifname G_GNUC_UNUSED,
|
||||||
|
bool *enable G_GNUC_UNUSED)
|
||||||
|
{
|
||||||
|
virReportSystemError(ENOSYS, "%s",
|
||||||
|
_("Unable to get bridge port isolated on this platform"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
virNetDevBridgePortSetIsolated(const char *brname G_GNUC_UNUSED,
|
||||||
|
const char *ifname G_GNUC_UNUSED,
|
||||||
|
bool enable G_GNUC_UNUSED)
|
||||||
|
{
|
||||||
|
virReportSystemError(ENOSYS, "%s",
|
||||||
|
_("Unable to set bridge port isolated on this platform"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
@ -73,6 +73,15 @@ int virNetDevBridgePortSetUnicastFlood(const char *brname,
|
|||||||
const char *ifname,
|
const char *ifname,
|
||||||
bool enable)
|
bool enable)
|
||||||
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
|
||||||
|
int virNetDevBridgePortGetIsolated(const char *brname,
|
||||||
|
const char *ifname,
|
||||||
|
bool *enable)
|
||||||
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
|
||||||
|
G_GNUC_WARN_UNUSED_RESULT;
|
||||||
|
int virNetDevBridgePortSetIsolated(const char *brname,
|
||||||
|
const char *ifname,
|
||||||
|
bool enable)
|
||||||
|
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT;
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
VIR_NETDEVBRIDGE_FDB_FLAG_ROUTER = (1 << 0),
|
VIR_NETDEVBRIDGE_FDB_FLAG_ROUTER = (1 << 0),
|
||||||
|
Loading…
Reference in New Issue
Block a user