Commit Graph

18400 Commits

Author SHA1 Message Date
Luyao Huang
ce1d2f6315 conf: goto error when value of max_sectors is too large
Output error when we try to set a too large max_sectors.
Just like queues and cmd_per_lun here.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
2014-12-12 07:21:45 +01:00
Ján Tomko
15abebdecb Ignore CPU features without a model for host-passthrough
This fixes reverting to snapshots created by older libvirt
and allows libvirt not to lose track of a domain that
has this in its live status XML (such as a domain
restored from managedsave)

https://bugzilla.redhat.com/show_bug.cgi?id=1030793
https://bugzilla.redhat.com/show_bug.cgi?id=1151885
2014-12-11 12:03:36 +01:00
Ján Tomko
dd324bb270 Do not format CPU features without a model
For host-passthrough CPU we don't honor the CPU
features specified in the XML, but we allow
outputting them via the UPDATE_CPU flag for dumpxml,
this gives user a rough idea of what features the CPU
might have.

After restoring a managedsave'd domain, the features
might end up in the live status XML (in /var/run) without
the model. This XML cannot be parsed by the daemon after
restart and the domain might disappear.

This fix skips formatting the features for HOST_PASSTHROUGH
when UPDATE_CPU is not specified, so the newly restored domains
and newly created snapshots won't be affected.

Note: this doesn't fix existing snapshots or already restored
running domains.

https://bugzilla.redhat.com/show_bug.cgi?id=1030793
https://bugzilla.redhat.com/show_bug.cgi?id=1151885
2014-12-11 12:03:36 +01:00
Ján Tomko
2764977314 Fix build on mingw
Add missing ATTRIBUTE_UNUSED markers.
2014-12-11 11:13:43 +01:00
Francesco Romani
cb104ef734 qemu: bulk stats: Fix logic in monitor handling
A logic bug in qemuConnectGetAllDomainStats makes the code mark the
monitor as available when qemuDomainObjBeginJob fails, instead of when
it succeeds, as the correct flow requires.

This patch fixes the check and updates the code documentation
accordingly.

Broken by commit 57023c0a3a.

Signed-off-by: Francesco Romani <fromani@redhat.com>
2014-12-11 11:02:05 +01:00
Luyao Huang
c7c96647e9 dac: Add a new func to get DAC label of a running process
When using qemuProcessAttach to attach a qemu process,
the DAC label is not filled correctly.

Introduce a new function to get the uid:gid from the system
and fill the label.

This fixes the daemon crash when 'virsh screenshot' is called:
https://bugzilla.redhat.com/show_bug.cgi?id=1161831

It also fixes qemu-attach after the prerequisite of this patch
(commit f8c1fb3) was pushed out of order.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2014-12-11 10:29:43 +01:00
Matthew Rosato
82977058f5 network: Bring netdevs online later
Currently, MAC registration occurs during device creation, which is
early enough that, during live migration, you end up with duplicate
MAC addresses on still-running source and target devices, even though
the target device isn't actually being used yet.
This patch proposes to defer MAC registration until right before
the guest can actually use the device -- In other words, right
before starting guest CPUs.

Signed-off-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
Signed-off-by: Laine Stump <laine@laine.org>
2014-12-10 15:09:01 -05:00
John Ferlan
1548f22680 virsh.pod: Fix typo
Commit id 'c9ffd3ea9e' updated the descriptions, but pointed at the
wrong place for the pool-define-as (it should have been pool-create-as)
2014-12-10 08:18:37 -05:00
Cédric Bosdonnat
ba9b7252ea lxc: give RW access to /proc/sys/net/ipv[46] to containers
Some programs want to change some values for the network interfaces
configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
allows wicked to work on openSUSE 13.2+.

Reusing the lxcNeedNetworkNamespace function to tell
lxcContainerMountBasicFS if the netns is disabled. When no netns is
set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as
these would provide full access to the host NICs config.
2014-12-10 13:22:54 +01:00
John Ferlan
729251692f viriscsi: Need to sendtargets on Initiator IQN
https://bugzilla.redhat.com/show_bug.cgi?id=1172015

The refactoring done as part of commit id '59446096' caused a regression
for the multi initiator IQN commit '6aabcb5b' because the sendtargets was
not done on/for the initiator IQN prior to login (or trying to disable
autologin)

Prior to that commit, the paths were essentially

virStorageBackendISCSIStartPool
    virStorageBackendISCSILogin
        virStorageBackendISCSIConnection
            if initiatoriqn
                virStorageBackendCreateIfaceIQN
                Issue sendtargets
                Perform --login
            else
                Issue sendtargets
                Perform --login

After that commit:

virStorageBackendISCSIStartPool
    Issue sendtargets
    Call virStorageBackendISCSIConnection
        If initiatoriqn
            virStorageBackendCreateIfaceIQN
            Perform --login
        else
            Perform --login

So for non initiator IQN paths, nothing changed. For the initiator path,
the --login fails as does any attempts to change autologin via "--op update
--name node.startup --value manual".
2014-12-10 06:58:37 -05:00
John Ferlan
8832e2d412 docs: Fix typo in path for storage pool 2014-12-10 06:56:35 -05:00
Martin Kletzander
47a3dd46ea conf: Ignore device address for guestfwd channel
It make no sense at all to have it there.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-10 11:21:31 +01:00
Wang Rui
6ee1c0ff67 maint: clean up the unused variable 'caps' in src/qemu/qemu_*.c
Signed-off-by: Wang Rui <moon.wangrui@huawei.com>
2014-12-10 11:21:31 +01:00
Hao Liu
0d60a03094 docs: Fix missing curly braces
Signed-off-by: Hao Liu <hliu@redhat.com>
2014-12-10 11:21:31 +01:00
Hao Liu
9788007892 storage: Check stderr when matching parted output
In old version of parted like parted-2.1-25, error message is shown in
stdout when printing a disk info without disk label.

    Error: /dev/sda: unrecognised disk label

This line has been moved to stderr in newer version of parted. So we
should check both stdout and stderr when locating this message.

This should fix bug:
    https://bugzilla.redhat.com/show_bug.cgi?id=1172468

Signed-off-by: Hao Liu <hliu@redhat.com>
2014-12-10 10:55:23 +01:00
Martin Kletzander
57023c0a3a CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
When user doesn't have read access on one of the domains he requested,
the for loop could exit abruptly or continue and override pointer which
pointed to locked object.

This patch fixed two issues at once.  One is that domflags might have
had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this
is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the
job was acquired and cleaning domflags on every start of the loop.
Second one is that the domain is kept locked when
virConnectGetAllDomainStatsCheckACL() fails and continues the loop when
it didn't end.  Adding a simple virObjectUnlock() and clearing the
pointer ought to do.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-10 09:11:57 +01:00
Dmitry Guryanov
ab8715506f parallels: report proper error in Create/Destroy/Suspend e.t.c.
If we want to perform some operation and domain state is not suitable
for that operation, we should report error VIR_ERR_OPERATION_INVALID.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
b56c07a6a1 parallels: fix getJobResultHelper
When PrlJob_GetRetCode sets second argument to
error value it means sdk function failed and we
must return error from getJobResultHelper.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
1679883a45 parallels: return PRL_RESULT from waitJob and getJobResult
Return error code, returned by parallels SDK from
waitJob and getJobResult, so that caller can handle
different errors.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
7cbb50e912 parallels: implement domainUndefine and domainUndefineFlags
Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
a7ed488dd7 parallels: add cdroms support
Get cdrom devices list from parallels server in
prlsdkLoadDomains and add ability to define a domain
with cdroms.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Alexander Burluka
038a5a536b parallels: Add domainCreateWithFlags() function.
domainCreateWithFlags function is used by OpenStack/Nova to boot
an instance.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Alexander Burluka
6f67d9c0cf parallels: added function virDomainIsActive()
That function is necessary for proper domain removal
in openstack/nova.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
54a60fd70e parallels: refactor parallelsDomainDefineXML
First, we don't need to call prlsdkApplyConfig after
creating new VM or containers, because it's done in
functions prlsdkCreateVm and prlsdkCreateCt.

No need to check, if domain exists in the list after
prlsdkAddDomain.

Also organize code, so that we can call virObjectUnlock
in one place.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
66d89199b4 parallels: create VMs and containers with sdk
This patch replaces code, which creates domains by
running prlctl command.

prlsdkCreateVm/Ct will do prlsdkApplyConfig, because
we send request to the server only once in this case.

But prlsdkApplyConfig will be called also from
parallelsDomainDefineXML function. There is no problem with
it, parallelsDomainDefineXML will be refactored later.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
02954c0bd3 parallels: rewrite parallelsApplyConfig with SDK
Rewrite code, which applies domain configuration given
to virDomainDefineXML function to the VM of container
registered in PCS.

This code first check if there are unsupported parameters
in domain XML and if yes - reports error. Some of such
parameters are not supported by PCS, for some - it's not
obvious, how to convert them into PCS's corresponding params,
so let's put off it, and implement only basic params in
this patch.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
560dcdf02f parallels: reimplement functions, which change domain state
Change domain state using parallels SDK functions instead of
prlctl command.

We don't need to send events from these functions now, becase
events handler will send them. But we still need to update
virDomainObj in privconn->domains.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Alexander Burluka
0a7aba408e parallels: handle events from parallels server
Subscribe to events from parallels server. It's
needed for 2 things: to update cached domains list
and to send corresponding libvirt events.

Parallels server sends a lot of different events, in
this patch we handle only some of them. In the future
we can handle for example, changes in a host network
configuration or devices states.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
8dec6bbbfe parallels: move parallelsDomNotFoundError to parallels_utils.h
Move macro parallelsDomNotFoundError to file parallels_utils.h, because
it will be used in parallels_sdk.c.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Alexander Burluka
7039bb3cd1 parallels: get domain info with SDK
Obtain information about domains using parallels sdk instead of prlctl.
prlsdkLoadDomains functions behaves as former parallelsLoadDomains with
NULL as second parameter (name) - it fills parallelsConn.domains list.

prlsdkLoadDomain is now able to update specified domain by given
virDomainObjPtr.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:04 +01:00
Dmitry Guryanov
d211ba7c49 parallels: move IS_CT macro to parallels_utils.h
This macro will be used in paralles_sdk.c so move it to common header.

Signed-off-by: Dmitry Guryanov <dguryanov@parallels.com>
2014-12-09 19:42:03 +01:00
Guido Günther
73a43665c1 define NTF_{SELF,MASTER} if undefined
Older kernel headers lack this definition (e.g. Debian Wheezy's 3.2)
2014-12-09 19:14:57 +01:00
John Ferlan
f36d9285cd security: Manage SELinux labels on shared/readonly hostdev's
https://bugzilla.redhat.com/show_bug.cgi?id=1082521

Support for shared hostdev's was added in a number of commits, initially
starting with 'f2c1d9a80' and most recently commit id 'fd243fc4' to fix
issues with the initial implementation.  Missed in all those changes was
the need to mimic the virSELinux{Set|Restore}SecurityDiskLabel code to
handle the "shared" (or shareable) and readonly options when Setting
or Restoring the SELinux labels.

This patch will adjust the virSecuritySELinuxSetSecuritySCSILabel to not
use the virSecuritySELinuxSetSecurityHostdevLabelHelper in order to set
the label. Rather follow what the Disk code does by setting the label
differently based on whether shareable/readonly is set.  This patch will
also modify the virSecuritySELinuxRestoreSecuritySCSILabel to follow
the same logic as virSecuritySELinuxRestoreSecurityImageLabelInt and not
restore the label if shared/readonly
2014-12-09 10:48:38 -05:00
John Ferlan
048237e3db tests: Fix sharable typo 2014-12-09 10:02:20 -05:00
Luyao Huang
a23fefdf46 conf: forbid negative number in address(like controller, bus, slot...)
https://bugzilla.redhat.com/show_bug.cgi?id=1171582

When we edit a negative controller address number to a device,
some of them will auto generate a controller with invalid index
number. This will make guest disappear after restart libvirtd.
Instead of allowing negative number for controller index, we
should forbid negative number in these place (we did this before,
but after f18c02ec, virStrToLong_ui changed to allow negative
number). Therefore switch to virStrToLong_uip in these places.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2014-12-09 11:35:27 +01:00
Peter Krempa
2bdcd29c71 qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs
Avoid leaving the domain locked on a failed ACL check in
qemuDomainMigratePerform() and qemuDomainMigrateFinish2().

Introduced in commit abf75aea24 (Add ACL checks into the QEMU driver).
2014-12-09 10:10:24 +01:00
Martin Kletzander
77a778d2e0 docs: Fix simple typo s/ a API/ an API/
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-09 08:31:32 +01:00
Martin Kletzander
e9e5eee5a8 build: Move check for XML::XPath into bootstrap
The module XML::XPath is needed when building from git only (no need to
have it when building from tarball), so this patch moves the check from
specfile into bootstrap.conf.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-12-09 08:23:21 +01:00
Eric Blake
8a408b869c maint: update to latest gnulib
Several portability changes, but the one we are most interested in
is the improvement to bootstrap to detect perl modules.

This patch doesn't actually change our bootstrap requirements
(that will be a separate patch), but sets the stage for it.

* .gnulib: Update to latest.
* bootstrap: Regenerate from upstream.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-12-08 16:48:11 -07:00
Eric Blake
1398b70044 build: fix mingw printing of pid
Commit c75425734 introduced a compilation failure:

../../src/access/viraccessdriverpolkit.c: In function 'virAccessDriverPolkitCheck':
../../src/access/viraccessdriverpolkit.c:137:5: error: format '%d' expects argument of type 'int', but argument 9 has type 'pid_t' [-Werror=format=]
     VIR_DEBUG("Check action '%s' for process '%d' time %lld uid %d",
     ^

Since mingw pid_t is 64 bits, it's easier to just follow what we've
done elsewhere and cast to a large enough type when printing pids.

* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
Add cast.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-12-08 15:01:24 -07:00
Eric Blake
b4861ce976 build: fix unused variable in mingw
Bug introduced in commit 100b7a72a:

util/virnetdevbridge.c: In function 'virNetDevBridgePortSetLearning':
util/virnetdevbridge.c:359:38: error: unused parameter 'enable' [-Werror=unused-parameter]
                                bool enable)
                                      ^

* src/util/virnetdevbridge.c (virNetDevBridgePortSetLearning): Mark
unused variable.

Signed-off-by: Eric Blake <eblake@redhat.com>
2014-12-08 14:50:37 -07:00
Kyle DeFrancia
5adc6031fa network: don't allow multiple dhcp sections
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=907779

A <dhcp> element can exist in only one IPv4 address and one IPv6
address per network.  This patch enforces that in virNetworkUpdate.
2014-12-08 15:41:09 -05:00
Laine Stump
b0fbe7459b lxc: always use virDomainNetGetActualBridgeName to get interface's bridge
lxcProcessSetupInterfaces() used to have a special case for
actualType='network' (a network with forward mode of route, nat, or
isolated) to call the libvirt public API to retrieve the bridge being
used by a network. That is no longer necessary - since all network
types that use a bridge and tap device now get the bridge name stored
in the ActualNetDef, we can just always use
virDomainNetGetActualBridgeName() instead.
2014-12-08 14:52:17 -05:00
Laine Stump
4aae2ed6fb qemu: always use virDomainNetGetActualBridgeName to get interface's bridge
qemuNetworkIfaceConnect() used to have a special case for
actualType='network' (a network with forward mode of route, nat, or
isolated) to call the libvirt public API to retrieve the bridge being
used by a network. That is no longer necessary - since all network
types that use a bridge and tap device now get the bridge name stored
in the ActualNetDef, we can just always use
virDomainNetGetActualBridgeName() instead.

(an audit of the two callers to qemuNetworkIfaceConnect() confirms
that it is never called for any other type of network, so the dead
code in the else statement (logging an internal error if it is called
for any other type of network) is eliminated in the process.)
2014-12-08 14:50:50 -05:00
Laine Stump
7cb822c2a5 qemu: setup tap devices for macTableManager='libvirt'
When libvirt is managing the MAC table of a Linux host bridge, it must
turn off learning and unicast_flood for each tap device attached to
that bridge, then add a Forwarding Database (fdb) entry for the tap
device using the MAC address from the domain interface config.

Once we have disabled learning and flooding, any packet that has a
destination MAC address not present in the fdb will be dropped by the
bridge. This, along with the opportunistic disabling of promiscuous
mode[*], can result in enhanced network performance. and a potential
slight security improvement.

[*] If there is only one device on the bridge with learning/unicast_flood
enabled, then that device will automatically have promiscuous mode
disabled. If there are *no* devices with learning/unicast_flood
enabled (e.g. for a libvirt "route", "nat", or isolated network that
has no physical device attached), then all non-tap devices will have
promiscuous mode disabled (tap devices always have promiscuous mode
enabled, which may be a bug in the kernel, but in practice has 0
effect).

None of this has any effect for kernels prior to 3.15 (upstream kernel
commit 2796d0c648c940b4796f84384fbcfb0a2399db84 "bridge: Automatically
manage port promiscuous mode"). Even after that, until kernel 3.17
(upstream commit 5be5a2df40f005ea7fb7e280e87bbbcfcf1c2fc0 "bridge: Add
filtering support for default_pvid") traffic will not be properly
forwarded without manually adding vlan table entries. Unfortunately,
although the presence of the first patch is signalled by existence of
the "learning" and "unicast_flood" options in sysfs, there is no
reliable way to query whether or not the system's kernel has the
second of those patches installed, the only thing that can be done is
to try the setting and see if traffic continues to pass.
2014-12-08 14:49:09 -05:00
Laine Stump
8a144c9045 network: setup bridge devices for macTableManager='libvirt'
When the bridge device for a network has macTableManager='libvirt' the
intent is that all kernel management of the bridge's MAC table
(Forwarding Database, or fdb, in the case of a Linux Host Bridge) be
disabled, with libvirt handling updates to the table instead. The
setup required for the bridge itself is:

1) set the "vlan_filtering" property of the bridge device to 1.

2) If the bridge has a "Dummy" tap device used to set a fixed MAC
address on the bridge (which is always the case for a bridge created
by libvirt, and never the case for a bridge created by the host system
network config), turn off learning and unicast_flood on this tap (this
is needed even though this tap is never IFF_UP, because the kernel
ignores the IFF_UP flag of devices when using their settings to
automatically decide whether or not to turn off promiscuous mode for
any attached device).

(1) is done both for libvirt-created/managed bridges, and for bridges
that are created by the host system config, while (2) is done only for
bridges created by libvirt (i.e. for forward modes of nat, routed, and
isolated bridges)

There is no attempt to turn vlan_filtering off when destroying the
network because in the case of a libvirt-created bridge, the bridge is
about to be destroyed anyway, and in the case of a system bridge, if
the other devices attached to the bridge could operate properly before
destroying libvirt's network object, they will continue to operate
properly (this is similar to the way that libvirt will enable
ip_forwarding whenever a routed/natted network is started, but will
never attempt to disable it if they are stopped).
2014-12-08 14:47:06 -05:00
Laine Stump
33f4a8bc03 network: store network macTableManager setting in NetDef actual object
At the time that the network driver allocates a connection to a
network, the tap device that will be used hasn't yet been created -
that will be done later by qemu (or lxc or whoever) - but if the
network has macTableManager='libvirt', then when we do get around to
creating the tap device, we will need to add an entry for it to the
network bridge's fdb (forwarding database) *and* turn off learning and
unicast_flood for that tap device in the bridge's sysfs settings. This
means that qemu needs to know both the bridge name as well as the
setting of macTableManager, so we either need to create a new API to
retrieve that info, or just pass it back in the ActualNetDef that is
created during networkAllocateActualDevice. We choose the latter
method, since it's already done for the bridge device, and it has the
side effect of making the information available in domain status.

(NB: in the future, I think that the tap device should actually be
created by networkAllocateActualDevice(), as that will solve several
other problems, but that is a battle for another day, and this
information will still be useful outside the network driver)
2014-12-08 14:45:09 -05:00
Laine Stump
a360912179 network: save bridge name in ActualNetDef when actualType==network too
When the actualType of a virDomainNetDef is "network", it means that
we are connecting to a libvirt-managed network (routed, natted, or
isolated) which does use a bridge device (created by libvirt). In the
past we have required drivers such as qemu to call the public API to
retrieve the bridge name in this case (even though it is available in
the NetDef's ActualNetDef if the actualType is "bridge" (i.e., an
externally-created bridge that isn't managed by libvirt). There is no
real reason for this difference, and as a matter of fact it
complicates things for qemu. Also, there is another bridge-related
attribute (macTableManager) that will need to be available in both
cases, so this makes things consistent.

In order to avoid problems when restarting libvirtd after an update
from an older version that *doesn't* store the network's bridgename in
the ActualNetDef, we also need to put it in place during
networkNotifyActualDevice() (this function is run for each interface
of each domain whenever libvirtd is restarted).

Along with making the bridge name available in the internal object, it
is also now reported in the <source> element of the <interface> state
XML (or the <actual> subelement in the internally-stored format).

The one oddity about this change is that usually there is a separate
union for every different "type" in a higher level object (e.g. in the
case of a virDomainNetDef there are separate "network" and "bridge"
members of the union that pivots on the type), but in this case
network and bridge types both have exactly the same attributes, so the
"bridge" member is used for both type==network and type==bridge.
2014-12-08 14:43:42 -05:00
Laine Stump
40961978ee conf: new network bridge device attribute macTableManager
The macTableManager attribute of a network's bridge subelement tells
libvirt how the bridge's MAC address table (used to determine the
egress port for packets) is managed. In the default mode, "kernel",
management is left to the kernel, which usually determines entries in
part by turning on promiscuous mode on all ports of the bridge,
flooding packets to all ports when the correct destination is unknown,
and adding/removing entries to the fdb as it sees incoming traffic
from particular MAC addresses.  In "libvirt" mode, libvirt turns off
learning and flooding on all the bridge ports connected to guest
domain interfaces, and adds/removes entries according to the MAC
addresses in the domain interface configurations. A side effect of
turning off learning and unicast_flood on the ports of a bridge is
that (with Linux kernel 3.17 and newer), the kernel can automatically
turn off promiscuous mode on one or more of the bridge's ports
(usually only the one interface that is used to connect the bridge to
the physical network). The result is better performance (because
packets aren't being flooded to all ports, and can be dropped earlier
when they are of no interest) and slightly better security (a guest
can still send out packets with a spoofed source MAC address, but will
only receive traffic intended for the guest interface's configured MAC
address).

The attribute looks like this in the configuration:

  <network>
    <name>test</name>
    <bridge name='br0' macTableManager='libvirt'/>
    ...

This patch only adds the config knob, documentation, and test
cases. The functionality behind this knob is added in later patches.
2014-12-08 14:41:37 -05:00
Laine Stump
19a5474d04 util: functions to manage bridge fdb (forwarding database)
These two functions use netlink RTM_NEWNEIGH and RTM_DELNEIGH messages
to add and delete entries from a bridge's fdb. The bridge itself is
not referenced in the arguments to the functions, only the name of the
device that is attached to the bridge (since a device can only be
attached to one bridge at a time, and must be attached for this
function to make sense, the kernel easily infers which bridge's fdb is
being modified by looking at the device name/index).
2014-12-08 14:39:12 -05:00