mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
docs: correct invalid xml
* docs/internals.html.in: Fix xml errors. * docs/formatstorageencryption.html.in: Likewise. * docs/drvesx.html.in: Likewise. * docs/archnetwork.html.in: Likewise. * docs/logging.html.in: Likewise. * docs/drvvmware.html.in: Likewise. * docs/api.html.in: Likewise. * docs/formatnwfilter.html.in: Likewise. * docs/formatdomain.html.in: Likewise. * docs/windows.html.in: Likewise.
This commit is contained in:
parent
da3c471467
commit
b5ec89d955
@ -4,7 +4,7 @@
|
|||||||
<h1>The libvirt API concepts</h1>
|
<h1>The libvirt API concepts</h1>
|
||||||
|
|
||||||
<p> This page describes the main principles and architecture choices
|
<p> This page describes the main principles and architecture choices
|
||||||
behind the definition of the libvirt API:
|
behind the definition of the libvirt API:</p>
|
||||||
|
|
||||||
<ul id="toc"></ul>
|
<ul id="toc"></ul>
|
||||||
|
|
||||||
@ -22,7 +22,7 @@
|
|||||||
possible to use both KVM and LinuxContainers on the same node). A NULL
|
possible to use both KVM and LinuxContainers on the same node). A NULL
|
||||||
name will default to a preselected hypervisor but it's probably not a
|
name will default to a preselected hypervisor but it's probably not a
|
||||||
wise thing to do in most cases. See the <a href="uri.html">connection
|
wise thing to do in most cases. See the <a href="uri.html">connection
|
||||||
URI</a> page for a full descriptions of the values allowed.<p>
|
URI</a> page for a full descriptions of the values allowed.</p>
|
||||||
<p> Once the application obtained a <code class='docref'>virConnectPtr</code>
|
<p> Once the application obtained a <code class='docref'>virConnectPtr</code>
|
||||||
connection to the
|
connection to the
|
||||||
hypervisor it can then use it to manage domains and related resources
|
hypervisor it can then use it to manage domains and related resources
|
||||||
@ -61,7 +61,7 @@
|
|||||||
<code>defined</code> in which case they are inactive but there is
|
<code>defined</code> in which case they are inactive but there is
|
||||||
a permanent definition available in the system for them. Based on this
|
a permanent definition available in the system for them. Based on this
|
||||||
thay can be activated dynamically in order to be used.</p>
|
thay can be activated dynamically in order to be used.</p>
|
||||||
<p> Most kind of object can also be named in various ways:<p>
|
<p> Most kind of object can also be named in various ways:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>by their <code>name</code>, an user friendly identifier but
|
<li>by their <code>name</code>, an user friendly identifier but
|
||||||
whose unicity cannot be garanteed between two nodes.</li>
|
whose unicity cannot be garanteed between two nodes.</li>
|
||||||
@ -82,7 +82,7 @@
|
|||||||
<p> For each first class object you will find apis
|
<p> For each first class object you will find apis
|
||||||
for the following actions:</p>
|
for the following actions:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><b>Lookup</b>:...LookupByName,
|
<li><b>Lookup</b>:...LookupByName,</li>
|
||||||
<li><b>Enumeration</b>:virConnectList... and virConnectNumOf...:
|
<li><b>Enumeration</b>:virConnectList... and virConnectNumOf...:
|
||||||
those are used to enumerate a set of object available to an given
|
those are used to enumerate a set of object available to an given
|
||||||
hypervisor connection like:
|
hypervisor connection like:
|
||||||
@ -108,7 +108,8 @@
|
|||||||
<li><b>Destruction</b>: ... </li>
|
<li><b>Destruction</b>: ... </li>
|
||||||
</ul>
|
</ul>
|
||||||
<p> For more in-depth details of the storage related APIs see
|
<p> For more in-depth details of the storage related APIs see
|
||||||
<a href="storage.html">the storage management page</a>,
|
<a href="storage.html">the storage management page</a>.
|
||||||
|
</p>
|
||||||
<h2><a name="Driver">The libvirt drivers</a></h2>
|
<h2><a name="Driver">The libvirt drivers</a></h2>
|
||||||
<p></p>
|
<p></p>
|
||||||
<p class="image">
|
<p class="image">
|
||||||
|
@ -32,7 +32,7 @@
|
|||||||
</li>
|
</li>
|
||||||
<li><strong>Guest C</strong>. The only network interface is connected
|
<li><strong>Guest C</strong>. The only network interface is connected
|
||||||
to a virtual network <code>VLAN 2</code>. It has no direct connectivity
|
to a virtual network <code>VLAN 2</code>. It has no direct connectivity
|
||||||
to a physical LAN, relying on <code>Guest B</codE> to route traffic
|
to a physical LAN, relying on <code>Guest B</code> to route traffic
|
||||||
on its behalf.
|
on its behalf.
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@ -74,7 +74,7 @@ vpx://example-vcenter.com/dc1/cluster1/example-esx.com
|
|||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
|
|
||||||
<h4><a name="extraparams">Extra parameters</h4>
|
<h4><a name="extraparams">Extra parameters</a></h4>
|
||||||
<p>
|
<p>
|
||||||
Extra parameters can be added to a URI as part of the query string
|
Extra parameters can be added to a URI as part of the query string
|
||||||
(the part following <code>?</code>). A single parameter is formed by a
|
(the part following <code>?</code>). A single parameter is formed by a
|
||||||
@ -308,7 +308,7 @@ error: invalid argument in libvirt was built without the 'esx' driver
|
|||||||
There are several specialties in the domain XML config for ESX domains.
|
There are several specialties in the domain XML config for ESX domains.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3><a name="restrictions">Restrictions</h3>
|
<h3><a name="restrictions">Restrictions</a></h3>
|
||||||
<p>
|
<p>
|
||||||
There are some restrictions for some values of the domain XML config.
|
There are some restrictions for some values of the domain XML config.
|
||||||
The driver will complain if this restrictions are violated.
|
The driver will complain if this restrictions are violated.
|
||||||
@ -328,7 +328,7 @@ error: invalid argument in libvirt was built without the 'esx' driver
|
|||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
<h3><a name="datastore">Datastore references</h3>
|
<h3><a name="datastore">Datastore references</a></h3>
|
||||||
<p>
|
<p>
|
||||||
Storage is managed in datastores. VMware uses a special path format to
|
Storage is managed in datastores. VMware uses a special path format to
|
||||||
reference files in a datastore. Basically, the datastore name is put
|
reference files in a datastore. Basically, the datastore name is put
|
||||||
@ -347,7 +347,7 @@ error: invalid argument in libvirt was built without the 'esx' driver
|
|||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
<h3><a name="macaddresses">MAC addresses</h3>
|
<h3><a name="macaddresses">MAC addresses</a></h3>
|
||||||
<p>
|
<p>
|
||||||
VMware has registered two MAC address prefixes for domains:
|
VMware has registered two MAC address prefixes for domains:
|
||||||
<code>00:0c:29</code> and <code>00:50:56</code>. These prefixes are
|
<code>00:0c:29</code> and <code>00:50:56</code>. These prefixes are
|
||||||
@ -408,7 +408,7 @@ ethernet0.checkMACAddress = "false"
|
|||||||
</pre>
|
</pre>
|
||||||
|
|
||||||
|
|
||||||
<h3><a name="hardware">Available hardware</h3>
|
<h3><a name="hardware">Available hardware</a></h3>
|
||||||
<p>
|
<p>
|
||||||
VMware ESX supports different models of SCSI controllers and network
|
VMware ESX supports different models of SCSI controllers and network
|
||||||
cards.
|
cards.
|
||||||
|
@ -8,7 +8,9 @@
|
|||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
This driver uses the "vmrun" utility which is distributed with the VMware VIX API.
|
This driver uses the "vmrun" utility which is distributed with the VMware VIX API.
|
||||||
You can download the VIX API from <a href="http://www.vmware.com/support/developer/vix-api/">here</a>.
|
You can download the VIX API
|
||||||
|
from <a href="http://www.vmware.com/support/developer/vix-api/">here</a>.
|
||||||
|
</p>
|
||||||
|
|
||||||
<h2>Connections to VMware driver</h2>
|
<h2>Connections to VMware driver</h2>
|
||||||
|
|
||||||
|
@ -1277,7 +1277,7 @@
|
|||||||
<p>
|
<p>
|
||||||
Provides direct attachment of the virtual machine's NIC to the given
|
Provides direct attachment of the virtual machine's NIC to the given
|
||||||
physial interface of the host.
|
physial interface of the host.
|
||||||
<span class="since">Since 0.7.7 (QEMU and KVM only)</span><br>
|
<span class="since">Since 0.7.7 (QEMU and KVM only)</span><br/>
|
||||||
This setup requires the Linux macvtap
|
This setup requires the Linux macvtap
|
||||||
driver to be available. <span class="since">(Since Linux 2.6.34.)</span>
|
driver to be available. <span class="since">(Since Linux 2.6.34.)</span>
|
||||||
One of the modes 'vepa'
|
One of the modes 'vepa'
|
||||||
@ -1299,7 +1299,7 @@
|
|||||||
originate from are directly delivered to the target macvtap device.
|
originate from are directly delivered to the target macvtap device.
|
||||||
Both origin and destination devices need to be in bridge mode
|
Both origin and destination devices need to be in bridge mode
|
||||||
for direct delivery. If either one of them is in <code>vepa</code> mode,
|
for direct delivery. If either one of them is in <code>vepa</code> mode,
|
||||||
a VEPA capable bridge is required.
|
a VEPA capable bridge is required.</dd>
|
||||||
<dt><code>private</code></dt>
|
<dt><code>private</code></dt>
|
||||||
<dd>All packets are sent to the external bridge and will only be
|
<dd>All packets are sent to the external bridge and will only be
|
||||||
delivered to a target VM on the same host if they are sent through an
|
delivered to a target VM on the same host if they are sent through an
|
||||||
@ -1488,23 +1488,23 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
The <code>txmode</code> attribute specifies how to handle
|
The <code>txmode</code> attribute specifies how to handle
|
||||||
transmission of packets when the transmit buffer is full. The
|
transmission of packets when the transmit buffer is full. The
|
||||||
value can be either 'iothread' or 'timer'.
|
value can be either 'iothread' or 'timer'.
|
||||||
<span class="since">Since 0.8.8 (QEMU and KVM only)</span><br><br>
|
<span class="since">Since 0.8.8 (QEMU and KVM only)</span><br/><br/>
|
||||||
|
|
||||||
If set to 'iothread', packet tx is all done in an iothread in
|
If set to 'iothread', packet tx is all done in an iothread in
|
||||||
the bottom half of the driver (this option translates into
|
the bottom half of the driver (this option translates into
|
||||||
adding "tx=bh" to the qemu commandline -device virtio-net-pci
|
adding "tx=bh" to the qemu commandline -device virtio-net-pci
|
||||||
option).<br><br>
|
option).<br/><br/>
|
||||||
|
|
||||||
If set to 'timer', tx work is done in qemu, and if there is
|
If set to 'timer', tx work is done in qemu, and if there is
|
||||||
more tx data than can be sent at the present time, a timer is
|
more tx data than can be sent at the present time, a timer is
|
||||||
set before qemu moves on to do other things; when the timer
|
set before qemu moves on to do other things; when the timer
|
||||||
fires, another attempt is made to send more data.<br><br>
|
fires, another attempt is made to send more data.<br/><br/>
|
||||||
|
|
||||||
The resulting difference, according to the qemu developer who
|
The resulting difference, according to the qemu developer who
|
||||||
added the option is: "bh makes tx more asynchronous and reduces
|
added the option is: "bh makes tx more asynchronous and reduces
|
||||||
latency, but potentially causes more processor bandwidth
|
latency, but potentially causes more processor bandwidth
|
||||||
contention since the cpu doing the tx isn't necessarily the
|
contention since the cpu doing the tx isn't necessarily the
|
||||||
cpu where the guest generated the packets."<br><br>
|
cpu where the guest generated the packets."<br/><br/>
|
||||||
|
|
||||||
<b>In general you should leave this option alone, unless you
|
<b>In general you should leave this option alone, unless you
|
||||||
are very certain you know what you are doing.</b>
|
are very certain you know what you are doing.</b>
|
||||||
@ -1628,8 +1628,8 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
in clear text. The <code>keymap</code> attribute specifies the keymap
|
in clear text. The <code>keymap</code> attribute specifies the keymap
|
||||||
to use. It is possible to set a limit on the validity of the password
|
to use. It is possible to set a limit on the validity of the password
|
||||||
be giving an timestamp <code>passwdValidTo='2010-04-09T15:51:00'</code>
|
be giving an timestamp <code>passwdValidTo='2010-04-09T15:51:00'</code>
|
||||||
assumed to be in UTC. NB, this may not be supported by all hypervisors.<br>
|
assumed to be in UTC. NB, this may not be supported by all hypervisors.<br/>
|
||||||
<br>
|
<br/>
|
||||||
Rather than using listen/port, QEMU supports a <code>socket</code>
|
Rather than using listen/port, QEMU supports a <code>socket</code>
|
||||||
attribute for listening on a unix domain socket path.
|
attribute for listening on a unix domain socket path.
|
||||||
<span class="since">Since 0.8.8</span>
|
<span class="since">Since 0.8.8</span>
|
||||||
@ -2103,7 +2103,7 @@ qemu-kvm -net nic,model=? /dev/null
|
|||||||
Alternatively you can use <code>telnet</code> instead of <code>raw</code> TCP.
|
Alternatively you can use <code>telnet</code> instead of <code>raw</code> TCP.
|
||||||
<span class="since">Since 0.8.5</span> you can also use <code>telnets</code>
|
<span class="since">Since 0.8.5</span> you can also use <code>telnets</code>
|
||||||
(secure telnet) and <code>tls</code>.
|
(secure telnet) and <code>tls</code>.
|
||||||
<p>
|
</p>
|
||||||
|
|
||||||
<pre>
|
<pre>
|
||||||
...
|
...
|
||||||
|
@ -25,18 +25,18 @@
|
|||||||
cannot be circumvented from within
|
cannot be circumvented from within
|
||||||
the virtual machine, it makes them mandatory from the point of
|
the virtual machine, it makes them mandatory from the point of
|
||||||
view of a virtual machine user.
|
view of a virtual machine user.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
The network filter subsystem allows each virtual machine's network
|
The network filter subsystem allows each virtual machine's network
|
||||||
traffic filtering rules to be configured individually on a per
|
traffic filtering rules to be configured individually on a per
|
||||||
interface basis. The rules are
|
interface basis. The rules are
|
||||||
applied on the host when the virtual machine is started and can be modified
|
applied on the host when the virtual machine is started and can be modified
|
||||||
while the virtual machine is running. The latter can be achieved by
|
while the virtual machine is running. The latter can be achieved by
|
||||||
modifying the XML description of a network filter.
|
modifying the XML description of a network filter.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
Multiple virtual machines can make use of the same generic network filter.
|
Multiple virtual machines can make use of the same generic network filter.
|
||||||
When such a filter is modified, the network traffic filtering rules
|
When such a filter is modified, the network traffic filtering rules
|
||||||
of all running virtual machines that reference this filter are updated.
|
of all running virtual machines that reference this filter are updated.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
Network filtering support is available <span class="since">since 0.8.1
|
Network filtering support is available <span class="since">since 0.8.1
|
||||||
(Qemu, KVM)</span>
|
(Qemu, KVM)</span>
|
||||||
</p>
|
</p>
|
||||||
@ -79,7 +79,7 @@
|
|||||||
other filters can be used, a <i>tree</i> of filters can be built.
|
other filters can be used, a <i>tree</i> of filters can be built.
|
||||||
The <code>clean-traffic</code> filter can be viewed using the
|
The <code>clean-traffic</code> filter can be viewed using the
|
||||||
command <code>virsh nwfilter-dumpxml clean-traffic</code>.
|
command <code>virsh nwfilter-dumpxml clean-traffic</code>.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
As previously mentioned, a single network filter can be referenced
|
As previously mentioned, a single network filter can be referenced
|
||||||
by multiple virtual machines. Since interfaces will typically
|
by multiple virtual machines. Since interfaces will typically
|
||||||
have individual parameters associated with their respective traffic
|
have individual parameters associated with their respective traffic
|
||||||
@ -108,7 +108,7 @@
|
|||||||
10.0.0.1 and enforce that the traffic from this interface will
|
10.0.0.1 and enforce that the traffic from this interface will
|
||||||
always be using 10.0.0.1 as the source IP address, which is
|
always be using 10.0.0.1 as the source IP address, which is
|
||||||
one of the purposes of this particular filter.
|
one of the purposes of this particular filter.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3><a name="nwfconceptsvars">Usage of variables in filters</a></h3>
|
<h3><a name="nwfconceptsvars">Usage of variables in filters</a></h3>
|
||||||
@ -117,7 +117,7 @@
|
|||||||
Two variables names have so far been reserved for usage by the
|
Two variables names have so far been reserved for usage by the
|
||||||
network traffic filtering subsystem: <code>MAC</code> and
|
network traffic filtering subsystem: <code>MAC</code> and
|
||||||
<code>IP</code>.
|
<code>IP</code>.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
<code>MAC</code> is the MAC address of the
|
<code>MAC</code> is the MAC address of the
|
||||||
network interface. A filtering rule that references this variable
|
network interface. A filtering rule that references this variable
|
||||||
will automatically be instantiated with the MAC address of the
|
will automatically be instantiated with the MAC address of the
|
||||||
@ -125,7 +125,7 @@
|
|||||||
the MAC parameter. Even though it is possible to specify the MAC
|
the MAC parameter. Even though it is possible to specify the MAC
|
||||||
parameter similar to the IP parameter above, it is discouraged
|
parameter similar to the IP parameter above, it is discouraged
|
||||||
since libvirt knows what MAC address an interface will be using.
|
since libvirt knows what MAC address an interface will be using.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
The parameter <code>IP</code> represents the IP address
|
The parameter <code>IP</code> represents the IP address
|
||||||
that the operating system inside the virtual machine is expected
|
that the operating system inside the virtual machine is expected
|
||||||
to use on the given interface. The <code>IP</code> parameter
|
to use on the given interface. The <code>IP</code> parameter
|
||||||
@ -136,7 +136,7 @@
|
|||||||
For current limitations on IP address detection, consult the
|
For current limitations on IP address detection, consult the
|
||||||
<a href="#nwflimits">section on limitations</a> on how to use this
|
<a href="#nwflimits">section on limitations</a> on how to use this
|
||||||
feature and what to expect when using it.
|
feature and what to expect when using it.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
The following is the XML description of the network filer
|
The following is the XML description of the network filer
|
||||||
<code>no-arp-spoofing</code>. It serves as an example for
|
<code>no-arp-spoofing</code>. It serves as an example for
|
||||||
a network filter XML referencing the <code>MAC</code> and
|
a network filter XML referencing the <code>MAC</code> and
|
||||||
@ -205,7 +205,7 @@
|
|||||||
filters may be referenced multiple times in a filter tree but
|
filters may be referenced multiple times in a filter tree but
|
||||||
references between filters must not introduce loops (directed
|
references between filters must not introduce loops (directed
|
||||||
acyclic graph).
|
acyclic graph).
|
||||||
<br><br>
|
<br/><br/>
|
||||||
The following shows the XML of the <code>clean-traffic</code>
|
The following shows the XML of the <code>clean-traffic</code>
|
||||||
network filter referencing several other filters.
|
network filter referencing several other filters.
|
||||||
</p>
|
</p>
|
||||||
@ -226,7 +226,7 @@
|
|||||||
needs to be provided inside a <code>filter</code> node. This
|
needs to be provided inside a <code>filter</code> node. This
|
||||||
node must have the attribute <code>filter</code> whose value contains
|
node must have the attribute <code>filter</code> whose value contains
|
||||||
the name of the filter to be referenced.
|
the name of the filter to be referenced.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
New network filters can be defined at any time and
|
New network filters can be defined at any time and
|
||||||
may contain references to network filters that are
|
may contain references to network filters that are
|
||||||
not known to libvirt, yet. However, once a virtual machine
|
not known to libvirt, yet. However, once a virtual machine
|
||||||
@ -282,7 +282,7 @@
|
|||||||
<li>
|
<li>
|
||||||
statematch -- optional; possible values are '0' or 'false' to
|
statematch -- optional; possible values are '0' or 'false' to
|
||||||
turn the underlying connection state matching off; default is 'true'
|
turn the underlying connection state matching off; default is 'true'
|
||||||
<br>
|
<br/>
|
||||||
Also read the section on <a href="#nwfelemsRulesAdv">advanced configuration</a>
|
Also read the section on <a href="#nwfelemsRulesAdv">advanced configuration</a>
|
||||||
topics.
|
topics.
|
||||||
</li>
|
</li>
|
||||||
@ -294,7 +294,7 @@
|
|||||||
traffic of type <code>ip</code> is also associated with the chain
|
traffic of type <code>ip</code> is also associated with the chain
|
||||||
'ipv4' then that filter's rules will be ordered relative to the priority
|
'ipv4' then that filter's rules will be ordered relative to the priority
|
||||||
500 of the shown rule.
|
500 of the shown rule.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
A rule may contain a single rule for filtering of traffic. The
|
A rule may contain a single rule for filtering of traffic. The
|
||||||
above example shows that traffic of type <code>ip</code> is to be
|
above example shows that traffic of type <code>ip</code> is to be
|
||||||
filtered.
|
filtered.
|
||||||
@ -325,7 +325,7 @@
|
|||||||
<li>STRING: A string</li>
|
<li>STRING: A string</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>
|
<p>
|
||||||
<br><br>
|
<br/><br/>
|
||||||
Every attribute except for those of type IP_MASK or IPV6_MASK can
|
Every attribute except for those of type IP_MASK or IPV6_MASK can
|
||||||
be negated using the <code>match</code>
|
be negated using the <code>match</code>
|
||||||
attribute with value <code>no</code>. Multiple negated attributes
|
attribute with value <code>no</code>. Multiple negated attributes
|
||||||
@ -349,14 +349,14 @@
|
|||||||
the protocol property attribute1 does not match value1 AND
|
the protocol property attribute1 does not match value1 AND
|
||||||
the protocol property attribute2 does not match value2 AND
|
the protocol property attribute2 does not match value2 AND
|
||||||
the protocol property attribute3 matches value3.
|
the protocol property attribute3 matches value3.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoMAC">MAC (Ethernet)</a></h5>
|
<h5><a name="nwfelemsRulesProtoMAC">MAC (Ethernet)</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>mac</code>
|
Protocol ID: <code>mac</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: Rules of this type should go into the <code>root</code> chain.
|
Note: Rules of this type should go into the <code>root</code> chain.
|
||||||
</p>
|
</p>
|
||||||
<table class="top_table">
|
<table class="top_table">
|
||||||
@ -408,7 +408,7 @@
|
|||||||
<h5><a name="nwfelemsRulesProtoARP">ARP/RARP</a></h5>
|
<h5><a name="nwfelemsRulesProtoARP">ARP/RARP</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>arp</code> or <code>rarp</code>
|
Protocol ID: <code>arp</code> or <code>rarp</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: Rules of this type should either go into the
|
Note: Rules of this type should either go into the
|
||||||
<code>root</code> or <code>arp/rarp</code> chain.
|
<code>root</code> or <code>arp/rarp</code> chain.
|
||||||
</p>
|
</p>
|
||||||
@ -483,7 +483,7 @@
|
|||||||
Valid strings for the <code>Opcode</code> field are:
|
Valid strings for the <code>Opcode</code> field are:
|
||||||
Request, Reply, Request_Reverse, Reply_Reverse, DRARP_Request,
|
Request, Reply, Request_Reverse, Reply_Reverse, DRARP_Request,
|
||||||
DRARP_Reply, DRARP_Error, InARP_Request, ARP_NAK
|
DRARP_Reply, DRARP_Error, InARP_Request, ARP_NAK
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoIP">IPv4</a></h5>
|
<h5><a name="nwfelemsRulesProtoIP">IPv4</a></h5>
|
||||||
@ -572,7 +572,7 @@
|
|||||||
<p>
|
<p>
|
||||||
Valid strings for <code>protocol</code> are:
|
Valid strings for <code>protocol</code> are:
|
||||||
tcp, udp, udplite, esp, ah, icmp, igmp, sctp
|
tcp, udp, udplite, esp, ah, icmp, igmp, sctp
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
@ -662,13 +662,13 @@
|
|||||||
<p>
|
<p>
|
||||||
Valid strings for <code>protocol</code> are:
|
Valid strings for <code>protocol</code> are:
|
||||||
tcp, udp, udplite, esp, ah, icmpv6, sctp
|
tcp, udp, udplite, esp, ah, icmpv6, sctp
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoTCP-ipv4">TCP/UDP/SCTP</a></h5>
|
<h5><a name="nwfelemsRulesProtoTCP-ipv4">TCP/UDP/SCTP</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>tcp</code>, <code>udp</code>, <code>sctp</code>
|
Protocol ID: <code>tcp</code>, <code>udp</code>, <code>sctp</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: The chain parameter is ignored for this type of traffic
|
Note: The chain parameter is ignored for this type of traffic
|
||||||
and should either be omitted or set to <code>root</code>.
|
and should either be omitted or set to <code>root</code>.
|
||||||
</p>
|
</p>
|
||||||
@ -757,14 +757,14 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p>
|
<p>
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoICMP">ICMP</a></h5>
|
<h5><a name="nwfelemsRulesProtoICMP">ICMP</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>icmp</code>
|
Protocol ID: <code>icmp</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: The chain parameter is ignored for this type of traffic
|
Note: The chain parameter is ignored for this type of traffic
|
||||||
and should either be omitted or set to <code>root</code>.
|
and should either be omitted or set to <code>root</code>.
|
||||||
</p>
|
</p>
|
||||||
@ -857,13 +857,13 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p>
|
<p>
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoMisc">IGMP, ESP, AH, UDPLITE, 'ALL'</a></h5>
|
<h5><a name="nwfelemsRulesProtoMisc">IGMP, ESP, AH, UDPLITE, 'ALL'</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>igmp</code>, <code>esp</code>, <code>ah</code>, <code>udplite</code>, <code>all</code>
|
Protocol ID: <code>igmp</code>, <code>esp</code>, <code>ah</code>, <code>udplite</code>, <code>all</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: The chain parameter is ignored for this type of traffic
|
Note: The chain parameter is ignored for this type of traffic
|
||||||
and should either be omitted or set to <code>root</code>.
|
and should either be omitted or set to <code>root</code>.
|
||||||
</p>
|
</p>
|
||||||
@ -946,14 +946,14 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p>
|
<p>
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoTCP-ipv6">TCP/UDP/SCTP over IPV6</a></h5>
|
<h5><a name="nwfelemsRulesProtoTCP-ipv6">TCP/UDP/SCTP over IPV6</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>tcp-ipv6</code>, <code>udp-ipv6</code>, <code>sctp-ipv6</code>
|
Protocol ID: <code>tcp-ipv6</code>, <code>udp-ipv6</code>, <code>sctp-ipv6</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: The chain parameter is ignored for this type of traffic
|
Note: The chain parameter is ignored for this type of traffic
|
||||||
and should either be omitted or set to <code>root</code>.
|
and should either be omitted or set to <code>root</code>.
|
||||||
</p>
|
</p>
|
||||||
@ -1042,14 +1042,14 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p>
|
<p>
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoICMPv6">ICMPv6</a></h5>
|
<h5><a name="nwfelemsRulesProtoICMPv6">ICMPv6</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>icmpv6</code>
|
Protocol ID: <code>icmpv6</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: The chain parameter is ignored for this type of traffic
|
Note: The chain parameter is ignored for this type of traffic
|
||||||
and should either be omitted or set to <code>root</code>.
|
and should either be omitted or set to <code>root</code>.
|
||||||
</p>
|
</p>
|
||||||
@ -1128,13 +1128,13 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p>
|
<p>
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h5><a name="nwfelemsRulesProtoMiscv6">IGMP, ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
|
<h5><a name="nwfelemsRulesProtoMiscv6">IGMP, ESP, AH, UDPLITE, 'ALL' over IPv6</a></h5>
|
||||||
<p>
|
<p>
|
||||||
Protocol ID: <code>igmp-ipv6</code>, <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
|
Protocol ID: <code>igmp-ipv6</code>, <code>esp-ipv6</code>, <code>ah-ipv6</code>, <code>udplite-ipv6</code>, <code>all-ipv6</code>
|
||||||
<br>
|
<br/>
|
||||||
Note: The chain parameter is ignored for this type of traffic
|
Note: The chain parameter is ignored for this type of traffic
|
||||||
and should either be omitted or set to <code>root</code>.
|
and should either be omitted or set to <code>root</code>.
|
||||||
</p>
|
</p>
|
||||||
@ -1202,7 +1202,7 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p>
|
<p>
|
||||||
<br><br>
|
<br/><br/>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3><a name="nwfelemsRulesAdv">Advanced Filter Configuration Topics</a></h3>
|
<h3><a name="nwfelemsRulesAdv">Advanced Filter Configuration Topics</a></h3>
|
||||||
@ -1227,7 +1227,7 @@
|
|||||||
port 80 on an attacker site, then the attacker will not be able to
|
port 80 on an attacker site, then the attacker will not be able to
|
||||||
initiate a connection from TCP port 80 back towards the VM.
|
initiate a connection from TCP port 80 back towards the VM.
|
||||||
By default the connection state match that enables connection tracking
|
By default the connection state match that enables connection tracking
|
||||||
and then enforcement of directionality of traffic is turned on. <br>
|
and then enforcement of directionality of traffic is turned on. <br/>
|
||||||
The following shows an example XML fragement where this feature has been
|
The following shows an example XML fragement where this feature has been
|
||||||
turned off for incoming connections to TCP port 12345.
|
turned off for incoming connections to TCP port 12345.
|
||||||
</p>
|
</p>
|
||||||
@ -1277,14 +1277,14 @@
|
|||||||
</pre>
|
</pre>
|
||||||
<p>
|
<p>
|
||||||
Note that the rule for the limit has to logically appear
|
Note that the rule for the limit has to logically appear
|
||||||
before the rule for accepting the traffic.<br>
|
before the rule for accepting the traffic.<br/>
|
||||||
An additional rule for letting DNS traffic to port 22
|
An additional rule for letting DNS traffic to port 22
|
||||||
go out the VM has been added to avoid ssh sessions not
|
go out the VM has been added to avoid ssh sessions not
|
||||||
getting established for reasons related to DNS lookup failures
|
getting established for reasons related to DNS lookup failures
|
||||||
by the ssh daemon. Leaving this rule out may otherwise lead to
|
by the ssh daemon. Leaving this rule out may otherwise lead to
|
||||||
fun-filled debugging joy (symptom: ssh client seems to hang
|
fun-filled debugging joy (symptom: ssh client seems to hang
|
||||||
while trying to connect).
|
while trying to connect).
|
||||||
<br><br>
|
<br/><br/>
|
||||||
Lot of care must be taken with timeouts related
|
Lot of care must be taken with timeouts related
|
||||||
to tracking of traffic. An ICMP ping that
|
to tracking of traffic. An ICMP ping that
|
||||||
the user may have terminated inside the VM may have a long
|
the user may have terminated inside the VM may have a long
|
||||||
@ -1299,7 +1299,7 @@
|
|||||||
<p>
|
<p>
|
||||||
sets the ICMP connection tracking timeout to 3 seconds. The
|
sets the ICMP connection tracking timeout to 3 seconds. The
|
||||||
effect of this is that once one ping is terminated, another
|
effect of this is that once one ping is terminated, another
|
||||||
one can start after 3 seconds.<br>
|
one can start after 3 seconds.<br/>
|
||||||
Further, we want to point out that a client that for whatever
|
Further, we want to point out that a client that for whatever
|
||||||
reason has not properly closed a TCP connection may cause a
|
reason has not properly closed a TCP connection may cause a
|
||||||
connection to be held open for a longer period of time,
|
connection to be held open for a longer period of time,
|
||||||
@ -1323,7 +1323,7 @@
|
|||||||
with life-cycle support for network filters. All commands related
|
with life-cycle support for network filters. All commands related
|
||||||
to the network filtering subsystem start with the prefix
|
to the network filtering subsystem start with the prefix
|
||||||
<code>nwfilter</code>. The following commands are available:
|
<code>nwfilter</code>. The following commands are available:
|
||||||
<p>
|
</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>nwfilter-list : list UUIDs and names of all network filters</li>
|
<li>nwfilter-list : list UUIDs and names of all network filters</li>
|
||||||
<li>nwfilter-define : define a new network filter or update an existing one</li>
|
<li>nwfilter-define : define a new network filter or update an existing one</li>
|
||||||
@ -1398,7 +1398,7 @@
|
|||||||
the protocols very well that you want to be filtering on so that
|
the protocols very well that you want to be filtering on so that
|
||||||
no further traffic than what you want can pass and that in fact the
|
no further traffic than what you want can pass and that in fact the
|
||||||
traffic you want to allow does pass.
|
traffic you want to allow does pass.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
The network filtering subsystem is currently only available on
|
The network filtering subsystem is currently only available on
|
||||||
Linux hosts and only works for Qemu and KVM type of virtual machines.
|
Linux hosts and only works for Qemu and KVM type of virtual machines.
|
||||||
On Linux
|
On Linux
|
||||||
@ -1412,19 +1412,19 @@
|
|||||||
<li>arp, rarp</li>
|
<li>arp, rarp</li>
|
||||||
<li>ip</li>
|
<li>ip</li>
|
||||||
<li>ipv6</li>
|
<li>ipv6</li>
|
||||||
</uL>
|
</ul>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
All other protocols over IPv4 are supported using iptables, those over
|
All other protocols over IPv4 are supported using iptables, those over
|
||||||
IPv6 are implemented using ip6tables.
|
IPv6 are implemented using ip6tables.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
On a Linux host, all traffic filtering instantiated by libvirt's network
|
On a Linux host, all traffic filtering instantiated by libvirt's network
|
||||||
filter subsystem first passes through the filtering support implemented
|
filter subsystem first passes through the filtering support implemented
|
||||||
by ebtables and only then through iptables or ip6tables filters. If
|
by ebtables and only then through iptables or ip6tables filters. If
|
||||||
a filter tree has rules with the protocols <code>mac</code>,
|
a filter tree has rules with the protocols <code>mac</code>,
|
||||||
<code>arp</code>, <code>rarp</code>, <code>ip</code>, or <code>ipv6</code>
|
<code>arp</code>, <code>rarp</code>, <code>ip</code>, or <code>ipv6</code>
|
||||||
ebtables rules will automatically be instantiated.
|
ebtables rules will automatically be instantiated.
|
||||||
<br>
|
<br/>
|
||||||
The role of the <code>chain</code> attribute in the network filter
|
The role of the <code>chain</code> attribute in the network filter
|
||||||
XML is that internally a new user-defined ebtables table is created
|
XML is that internally a new user-defined ebtables table is created
|
||||||
that then for example receives all <code>arp</code> traffic coming
|
that then for example receives all <code>arp</code> traffic coming
|
||||||
@ -1435,7 +1435,7 @@
|
|||||||
placed into filters specifying this chain. This type of branching
|
placed into filters specifying this chain. This type of branching
|
||||||
into user-defined tables is only supported with filtering on the ebtables
|
into user-defined tables is only supported with filtering on the ebtables
|
||||||
layer.
|
layer.
|
||||||
<br>
|
<br/>
|
||||||
As an example, it is
|
As an example, it is
|
||||||
possible to filter on UDP traffic by source and destination ports using
|
possible to filter on UDP traffic by source and destination ports using
|
||||||
the <code>ip</code> protocol filter and specifying attributes for the
|
the <code>ip</code> protocol filter and specifying attributes for the
|
||||||
@ -1467,7 +1467,7 @@
|
|||||||
The requirement to prevent spoofing is fulfilled by the existing
|
The requirement to prevent spoofing is fulfilled by the existing
|
||||||
<code>clean-traffic</code> network filter, thus we will reference this
|
<code>clean-traffic</code> network filter, thus we will reference this
|
||||||
filter from our custom filter.
|
filter from our custom filter.
|
||||||
<br>
|
<br/>
|
||||||
To enable traffic for TCP ports 22 and 80 we will add 2 rules to
|
To enable traffic for TCP ports 22 and 80 we will add 2 rules to
|
||||||
enable this type of traffic. To allow the VM to send ping traffic
|
enable this type of traffic. To allow the VM to send ping traffic
|
||||||
we will add a rule for ICMP traffic. For simplicity reasons
|
we will add a rule for ICMP traffic. For simplicity reasons
|
||||||
@ -1523,7 +1523,7 @@
|
|||||||
per-interface basis and the rules are evaluated based on the knowledge
|
per-interface basis and the rules are evaluated based on the knowledge
|
||||||
about which (tap) interface has sent or will receive the packet rather
|
about which (tap) interface has sent or will receive the packet rather
|
||||||
than what their source or destination IP address may be.
|
than what their source or destination IP address may be.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
An XML fragment for a possible network interface description inside
|
An XML fragment for a possible network interface description inside
|
||||||
the domain XML of the <code>test</code> VM could then look like this:
|
the domain XML of the <code>test</code> VM could then look like this:
|
||||||
</p>
|
</p>
|
||||||
@ -1568,7 +1568,7 @@
|
|||||||
<li>allows the VM to send ping traffic from an interface
|
<li>allows the VM to send ping traffic from an interface
|
||||||
but not let the VM be pinged on the interface</li>
|
but not let the VM be pinged on the interface</li>
|
||||||
<li>allows the VM to do DNS lookups (UDP towards port 53)</li>
|
<li>allows the VM to do DNS lookups (UDP towards port 53)</li>
|
||||||
<li>enable an ftp server (in active mode) to be run inside the VM
|
<li>enable an ftp server (in active mode) to be run inside the VM</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>
|
<p>
|
||||||
The additional requirement of allowing an ftp server to be run inside
|
The additional requirement of allowing an ftp server to be run inside
|
||||||
@ -1577,7 +1577,7 @@
|
|||||||
outgoing tcp connection originating from the VM's TCP port 20 back to
|
outgoing tcp connection originating from the VM's TCP port 20 back to
|
||||||
the ftp client (ftp active mode). There are several ways of how this
|
the ftp client (ftp active mode). There are several ways of how this
|
||||||
filter can be written and we present 2 solutions.
|
filter can be written and we present 2 solutions.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
The 1st solution makes use of the <code>state</code> attribute of
|
The 1st solution makes use of the <code>state</code> attribute of
|
||||||
the TCP protocol that gives us a hook into the connection tracking
|
the TCP protocol that gives us a hook into the connection tracking
|
||||||
framework of the Linux host. For the VM-initiated ftp data connection
|
framework of the Linux host. For the VM-initiated ftp data connection
|
||||||
@ -1752,13 +1752,13 @@
|
|||||||
to be using.
|
to be using.
|
||||||
Different IP addresses in use by multiple interfaces of a VM
|
Different IP addresses in use by multiple interfaces of a VM
|
||||||
(one IP address each) will be independently detected.
|
(one IP address each) will be independently detected.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
Once a VM's IP address has been detected, its IP network traffic
|
Once a VM's IP address has been detected, its IP network traffic
|
||||||
may be locked to that address, if for example IP address spoofing
|
may be locked to that address, if for example IP address spoofing
|
||||||
is prevented by one of its filters. In that case the user of the VM
|
is prevented by one of its filters. In that case the user of the VM
|
||||||
will not be able to change the IP address on the interface inside
|
will not be able to change the IP address on the interface inside
|
||||||
the VM, which would be considered IP address spoofing.
|
the VM, which would be considered IP address spoofing.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
In case a VM is resumed after suspension or migrated, IP address
|
In case a VM is resumed after suspension or migrated, IP address
|
||||||
detection will be restarted.
|
detection will be restarted.
|
||||||
</p>
|
</p>
|
||||||
@ -1776,7 +1776,7 @@
|
|||||||
outside the scope of libvirt to ensure that referenced filters
|
outside the scope of libvirt to ensure that referenced filters
|
||||||
on the source system are equivalent to those on the target system
|
on the source system are equivalent to those on the target system
|
||||||
and vice versa.
|
and vice versa.
|
||||||
<br><br>
|
<br/><br/>
|
||||||
Migration must occur between libvirt insallations of version
|
Migration must occur between libvirt insallations of version
|
||||||
0.8.1 or later in order not to lose the network traffic filters
|
0.8.1 or later in order not to lose the network traffic filters
|
||||||
associated with an interface.
|
associated with an interface.
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
by the particular volume format and driver, automatically generate a
|
by the particular volume format and driver, automatically generate a
|
||||||
secret value at the time of volume creation, and store it using the
|
secret value at the time of volume creation, and store it using the
|
||||||
specified <code>uuid</code>.
|
specified <code>uuid</code>.
|
||||||
<p>
|
</p>
|
||||||
<h3><a name="StorageEncryptionDefault">"default" format</a></h3>
|
<h3><a name="StorageEncryptionDefault">"default" format</a></h3>
|
||||||
<p>
|
<p>
|
||||||
<code><encryption type="default"/></code> can be specified only
|
<code><encryption type="default"/></code> can be specified only
|
||||||
|
@ -9,9 +9,9 @@
|
|||||||
</p>
|
</p>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li>Introduction to basic rules and guidelines for <a href="hacking.html">hacking<a>
|
<li>Introduction to basic rules and guidelines for <a href="hacking.html">hacking</a>
|
||||||
on libvirt code</li>
|
on libvirt code</li>
|
||||||
<li>Guide to adding <a href="api_extension.html">public APIs<a></li>
|
<li>Guide to adding <a href="api_extension.html">public APIs</a></li>
|
||||||
<li>Approach for <a href="internals/command.html">spawning commands</a> from
|
<li>Approach for <a href="internals/command.html">spawning commands</a> from
|
||||||
libvirt driver code</li>
|
libvirt driver code</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
@ -82,7 +82,7 @@
|
|||||||
<a name="log_daemon">Logging in the daemon</a>
|
<a name="log_daemon">Logging in the daemon</a>
|
||||||
</h3>
|
</h3>
|
||||||
<p>Similarly the daemon logging behaviour can be tuned using 3 config
|
<p>Similarly the daemon logging behaviour can be tuned using 3 config
|
||||||
variables, stored in the configuration file:
|
variables, stored in the configuration file:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>log_level: accepts the following values:
|
<li>log_level: accepts the following values:
|
||||||
<ul>
|
<ul>
|
||||||
@ -128,7 +128,7 @@
|
|||||||
<p>Multiple filters can be defined in a single string, they just need to be
|
<p>Multiple filters can be defined in a single string, they just need to be
|
||||||
separated by spaces, e.g: <code>"3:remote 4:event"</code> to only get
|
separated by spaces, e.g: <code>"3:remote 4:event"</code> to only get
|
||||||
warning or errors from the remote layer and only errors from the event
|
warning or errors from the remote layer and only errors from the event
|
||||||
layer.<p>
|
layer.</p>
|
||||||
<p>If you specify a log priority in a filter that is below the default log
|
<p>If you specify a log priority in a filter that is below the default log
|
||||||
priority level, messages that match that filter will still be logged,
|
priority level, messages that match that filter will still be logged,
|
||||||
while others will not. In order to see those messages, you must also have
|
while others will not. In order to see those messages, you must also have
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
and untested Python bindings.
|
and untested Python bindings.
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h3><a name="caveats">Caveats</h3>
|
<h3><a name="caveats">Caveats</a></h3>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
@ -47,7 +47,7 @@
|
|||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h3><a name="knowninstallerprobs">Existing problems with this installer we know about</a>
|
<h3><a name="knowninstallerprobs">Existing problems with this installer we know about</a></h3>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
These are problems we know about, and need to be fixed in subsequent
|
These are problems we know about, and need to be fixed in subsequent
|
||||||
@ -72,7 +72,7 @@
|
|||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h2><a name="conntypes">Connection types</h2>
|
<h2><a name="conntypes">Connection types</a></h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
These connection types are known to work:
|
These connection types are known to work:
|
||||||
@ -114,7 +114,7 @@
|
|||||||
be used in security sensitive environments.</b>
|
be used in security sensitive environments.</b>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
<h2><a name="esx">Connecting to VMware ESX/vSphere</h2>
|
<h2><a name="esx">Connecting to VMware ESX/vSphere</a></h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Details on the capabilities, certificates, and connection string
|
Details on the capabilities, certificates, and connection string
|
||||||
@ -124,7 +124,7 @@
|
|||||||
|
|
||||||
<a href="http://libvirt.org/drvesx.html">http://libvirt.org/drvesx.html</a>
|
<a href="http://libvirt.org/drvesx.html">http://libvirt.org/drvesx.html</a>
|
||||||
|
|
||||||
<h2><a name="tlscerts">TLS Certificates</h2>
|
<h2><a name="tlscerts">TLS Certificates</a></h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
TLS certificates need to have been created and placed in the correct
|
TLS certificates need to have been created and placed in the correct
|
||||||
@ -184,7 +184,7 @@
|
|||||||
<li>C:\Users\someuser\AppData\Roaming\libvirt\pki\libvirt\private\clientkey.pem</li>
|
<li>C:\Users\someuser\AppData\Roaming\libvirt\pki\libvirt\private\clientkey.pem</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<h2><a name="feedback">Feedback</h2>
|
<h2><a name="feedback">Feedback</a></h2>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Feedback and suggestions on changes to make and what else to include
|
Feedback and suggestions on changes to make and what else to include
|
||||||
|
Loading…
Reference in New Issue
Block a user