151 Commits

Author SHA1 Message Date
Stefan Berger
3bf24abc8c nwfilter: Support for learning a VM's IP address
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple  IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.

So, when for example an interface description in the domain XML has
looked like this up to now:

    <interface type='bridge'>
      <source bridge='mybridge'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'>
        <parameter name='IP' value='10.2.3.4'/>
      </filterref>
    </interface>

you may omit the IP parameter:

    <interface type='bridge'>
      <source bridge='mybridge'/>
      <model type='virtio'/>
      <filterref filter='clean-traffic'/>
    </interface>

Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface  (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.

A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.

* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
  src/nwfilter/nwfilter_ebiptables_driver.[ch]
  src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
2010-04-07 23:12:21 +02:00
Matthias Bolte
56bac4a221 Refactor major.minor.micro version parsing into a function
virParseVersionString uses virStrToLong_ui instead of sscanf.

This also fixes a bug in the UML driver, that always returned 0
as version number.

Introduce STRSKIP to check if a string has a certain prefix and
to skip this prefix.
2010-04-01 12:53:41 +02:00
Daniel P. Berrange
ab952024f4 Implement VNC password change in QEMU
Use the new virDomainUpdateDeviceFlags API to allow the VNC password
to be changed on the fly

* src/internal.h: Define STREQ_NULLABLE() which is like STREQ()
  but does not crash if either argument is NULL, and treats two
  NULLs as equal.
* src/libvirt_private.syms: Export virDomainGraphicsTypeToString
* src/qemu/qemu_driver.c: Support VNC password change on a live
  machine
* src/qemu/qemu_monitor.c: Disable crazy debugging info. Treat a
  NULL password as "" (empty string), allowing passwords to be
  disabled in the monitor
2010-03-26 14:17:35 +00:00
Eric Blake
36d8e7d8d7 build: consistently indent preprocessor directives
* global: patch created by running:
for f in $(git ls-files '*.[ch]') ; do
    cppi $f > $f.t && mv $f.t $f
done
2010-03-09 19:22:28 +01:00
Eric Blake
f6876e10cf virsh: fix existing N_ uses
It is a bad idea to call gettext on an already-translated
string.  In cases where a string must be translated separately
from where it is exposed to xgettext, the gettext manual
recommends the idiom of N_() wrapping gettext_noop for
marking the string.

* src/internal.h (N_): Fix definition to match gettext manual.
* tools/virsh.c: (cmdHelp, cmdList, cmdDomstate, cmdDominfo)
(cmdVcpuinfo, vshUsage): Replace incorrect use of N_ with _.
(vshCmddefHelp): Likewise.  Mark C format strings appropriately.
2010-03-09 18:23:44 +01:00
Eric Blake
6b8d8395b6 maint: avoid excess parens in STREQ
* src/internal.h (STREQ, STRCASEEQ, STRNEQ, STRCASENEQ, STREQLEN)
(STRCASEEQLEN, STRNEQLEN, STRCASENEQLEN, STRPREFIX): Avoid
redundant parenthesis.
* examples/domain-events/events-c/event-test.c (STREQ): Likewise.
* src/storage/parthelper.c (STREQ): Likewise.
2010-02-01 17:21:26 +01:00
Matthias Bolte
a3bd8bbb38 Define ATTRIBUTE_SENTINEL for GCC < 4.0 too
ATTRIBUTE_SENTINEL was defined for GCC >= 4.0 only, resulting in
compile errors when using GCC < 4.0.
2009-12-22 13:04:50 +01:00
Paolo Bonzini
649bcd72fe Add sentinel attribute for NULL terminated arg lists
* src/internal.h (ATTRIBUTE_SENTINEL): New, it's a ggc feature and
  protected as such
* src/util/buf.c (virBufferStrcat): Use it.
* src/util/ebtables.c (ebtablesAddRemoveRule): Use it.
* src/util/iptables.c (iptableAddRemoveRule: Use it.
* src/util/qparams.h (new_qparam_set, append_qparams): Use it.
* docs/apibuild.py: avoid breaking the API generator with that new
  internal keyword macro
2009-11-06 10:39:13 +01:00
Daniel P. Berrange
dd26096ad1 Move the VIR_DRV_FEATURE* constants
Move the VIR_DRV_FEATURE* constants into libvirt_internal.h
since these flags are indicating whether  APIs in the
libvirt_internal.h file are supported by a driver

* src/driver.h: Remove VIR_DRV_FEATURE* constants
* src/libvirt_internal.h: Add VIR_DRV_FEATURE* constants, using
  an enum instead of #define
* src/internal.h: pull in libvirt_internal.h
2009-10-09 12:35:06 +01:00
Jim Meyering
45aec0eae4 infra: define ATTRIBUTE_NONNULL to mark non-NULL parameters
* src/internal.h (ATTRIBUTE_NONNULL): Define.
2009-09-03 18:04:23 +02:00
Maximilian Wilhelm
3f11d7820a Workaround for broken GCC in Debian Etch
* src/storage_conf.c src/internal.h: move previous check in internal.h
  and add a workaround for a GCC bug in Debian Etch on limit definitions
2009-08-05 11:19:34 +02:00
Daniel P. Berrange
899ae0d2b5 Fix misc Win32 compile warnings
GCC >= 4.4 assumes the 'printf' attribute refers to the native
runtime libraries format specifiers. Thanks to gnulib, libvirt
has GNU format specifiers everywhere.  This means we need to
use 'gnu_printf' with GCC >= 4.4 to get correct compiler
checking of printf format specifiers.

* HACKING: Document new rules for ATTRIBUTE_FMT_PRINTF
* autobuild.sh, mingw32-libvirt.spec.in: Disable OpenNebula
  driver on mingw32 builds
* qemud/dispatch.h, qemud/qemu.h, src/buf.h src/internal.h,
  src/logging.h, src/security.h, src/sexpr.h, src/util.h,
  src/virterror_internal.h, src/xend_internal.c: Change
  over to ATTRIBUTE_FMT_PRINTF.
* src/virsh.c: Disable 'cd' and 'pwd' commands on Win32
  since they don't compile
* src/threads-win32.c: Add missing return value check
2009-07-23 16:07:32 +01:00
Daniel P. Berrange
4dac0a1105 Generic internal threads API 2009-01-15 19:56:05 +00:00
John Levon
4d713eabf5 Avoid passing NULL to printf %s specifier 2009-01-15 17:54:20 +00:00
Daniel Veillard
df93e1ee24 add new logging module, and move existing definitions there
* src/logging.c src/logging.h proxy/Makefile.am proxy/libvirt_proxy.c
  src/Makefile.am src/cgroup.c src/datatypes.c src/domain_event.c
  src/internal.h src/libvirt.c src/lxc_container.c src/lxc_controller.c
  src/lxc_driver.c src/proxy_internal.c src/qemu_driver.c
  src/remote_internal.c src/storage_backend_disk.c src/util.c
  src/veth.c src/xen_internal.c src/xen_unified.c src/xend_internal.c:
  add new logging module, and move existing definitions there
Daniel
2008-11-06 16:36:07 +00:00
Daniel P. Berrange
2ea1eceb75 Move domain events helpers into dedicated file 2008-11-04 23:33:57 +00:00
Daniel P. Berrange
6ace5a39c3 Move some API declarations out of internal.h & hash.c into dedicated files 2008-11-04 23:22:06 +00:00
Daniel P. Berrange
2f19b24a03 Remove unused internal virStateSigDispatcher() API 2008-11-04 22:55:51 +00:00
Daniel P. Berrange
d714b2afae Move internal error APIs into virterror_internal.h & drop leading __ prefix 2008-11-04 22:30:33 +00:00
Daniel P. Berrange
cbb1dd0a9b Remove use of virStringList in favour of strongly typed APIs 2008-11-04 21:54:21 +00:00
Daniel Veillard
1509b8027f Massive patch adding event APIs by Ben Guthro
* include/libvirt/libvirt.h include/libvirt/libvirt.h.in
  src/libvirt.c src/libvirt_sym.version: new libvirt event entry
  points, big patch provided by Ben Guthro
* Makefile.am configure.in src/driver.h src/event.c src/event.h
  src/internal.h src/libvirt.c src/libvirt_sym.version src/lxc_driver.c
  src/openvz_driver.c src/qemu_conf.h src/qemu_driver.c
  src/remote_internal.c src/storage_backend_fs.c src/test.c
  qemud/event.c qemud/event.h qemud/mdns.c qemud/qemud.c
  qemud/qemud.h qemud/remote.c qemud/remote_dispatch_localvars.h
  qemud/remote_dispatch_proc_switch.h qemud/remote_dispatch_prototypes.h
  qemud/remote_protocol.c qemud/remote_protocol.h
  qemud/remote_protocol.x proxy/Makefile.am python/generator.py:
  Not much is left untouched by the patch adding the events support
* docs/libvirt-api.xml docs/libvirt-refs.xml
  docs/html/libvirt-libvirt.html: regenerated the docs
* examples/domain-events/events-c/Makefile.am
  examples/domain-events/events-c/event-test.c: a test example
* AUTHORS: added Ben Guthro
daniel
2008-10-23 13:18:18 +00:00
Cole Robinson
02fc93d624 Centralize majority of error reporting logic. 2008-10-09 15:38:31 +00:00
Cole Robinson
e2a43cdb87 Move DEBUG macros to central location. 2008-10-06 19:53:06 +00:00
Daniel P. Berrange
39c9354c5c Add storage pool source discovery support (patch from David Lively) 2008-08-27 20:05:58 +00:00
Daniel P. Berrange
bb16f4a25d Do conditional driver config in Makefile.am, not source files 2008-08-20 20:48:35 +00:00
Daniel P. Berrange
60ed1d2a7a Avoid signal race in virExec 2008-08-20 08:53:49 +00:00
Atsushi SAKAI
fbb5d771a0 Compilation fixes for MinGW 2008-06-26 09:37:51 +00:00
Richard W.M. Jones
f60dc0bc09 Deprecate the conn, dom and net fields in the _virError structure.
* include/libvirt/libvirt.h.in: Add VIR_DEPRECATED macro.
	* src/internal.h: Internal code is allowed to use deprecated
	features, so override VIR_DEPRECATED here.
	* include/libvirt/virterror.h: Deprecate the conn, dom and net
	fields in the _virError structure.
2008-05-23 08:32:08 +00:00
David L. Leskovec
94311de539 Enable libvirtd drivers to handle signals, in lxc, sigchld triggers vm cleanup
Mon May 12 23:32:21 PST 2008 David L. Leskovec <dlesko@linux.vnet.ibm.com>

	* qemud/qemud.c: get siginfo with signals, distribute to drivers that
    register a handler
	* src/driver.h: add sighandler function to state driver table
	* src/internal.h: define virStateSigDispatcher functions
	* src/libvirt.c: add __virStateSigDispatcher function
	* src/libvirt_sym.version: add __virStateSigDispatcher
	* src/lxc_driver.c: add sig handler function, cleanup vm when sigchld
    received from container process
	* src/qemu_driver.c: NULL for sig handler (no handler) in state driver
	* src/remote_internal.c: NULL for sig handler (no handler) in state driver
	* src/storage_driver.c: NULL for sig handler (no handler) in state driver
2008-05-13 06:30:58 +00:00
Daniel P. Berrange
4ffb0358de Added safer lowlevel memory allocation APis. Converted hash.c and capabilities.c to use them 2008-04-28 21:44:54 +00:00
Daniel P. Berrange
e6f1123819 Added full support for serial and parallel devices to Xen drivers 2008-04-26 14:22:02 +00:00
Daniel P. Berrange
49956f0469 Implement serial & parallel device support for QEMU driver 2008-04-25 20:46:13 +00:00
Jim Meyering
2d206f1d7a avoid compile error when <pthread.h> is absent
* src/internal.h (HAVE_PTHREAD_H): Test with "#ifdef", not "#if".
2008-04-18 09:26:45 +00:00
Richard W.M. Jones
8df91acf70 Fixes for MinGW.
* configure.in: Fix pkg-config detection of libxml2,
	  add -lgcrypt to gnutls lib.
	* src/Makefile.am: If compiling --without-libvirtd then
	  don't compile any part of the storage driver.
	* configure.in, src/hash.c, src/internal.h: Detect availability
	  of pthread library and compile out mutex code if not available.
	* src/storage_driver.c, src/util.c: Ignore some missing
	  headers on MinGW.
2008-04-18 08:33:23 +00:00
Jim Meyering
5bf824ea10 convert TAB-based indentation in C sources to use only spaces
Done using this command (also includes .c.in and .h.in files):
for i in $(g ls-files|grep -E '\.[ch](\.in)?$'|grep -v gnulib); do
  expand -i $i > j && mv j $i;done
2008-04-10 16:54:54 +00:00
Jim Meyering
dc42a9d2de remove Vim and Emacs variable settings from C source files
Done with these commands:
git grep -l Local.variab|xargs \
  perl -0x3b -pi -e 's,\n+/\*\n \* vim:(.|\n)*,\n,'

git grep -l Local.variab|xargs \
  perl -0x3b -pi -e 's,\n+/\*\n \* Local variables:\n(.|\n)*,\n,'
2008-04-10 16:53:29 +00:00
Daniel Veillard
c7d7aa1cd1 remove dandling domain/net/conn pointers from error data
* src/hash.c src/internal.h src/virterror.c: remove dandling
  domain/net/conn pointers from error data when released.
* src/lxc_driver.c: fix a NULL/0 return error mismatch
Daniel
2008-03-31 14:38:12 +00:00
Richard W.M. Jones
92a1e14b0b virMacAddrCompare for comparing MAC addresses
* src/util.c, src/util.h, src/libvirt_sym.version: Added
	  virMacAddrCompare utility function for comparing MAC
	  addresses.
	* src/virsh.c, src/xm_internal.c: Use virMacAddrCompare
	  to compare addresses.  (Shigeki Sakamoto and Richard Jones).
2008-02-27 16:14:44 +00:00
Daniel P. Berrange
cb228a0e24 Internal driver API for storage management 2008-02-20 15:06:53 +00:00
Mark McLoughlin
3da5504e68 Fix gcc-4.3.0 "inlining failed" warning.
* src/internal.h: move xstrol() variants from here ...

* src/util.[ch]: ... to here and rename to virStrToLong()

* src/libvirt_sym.version: export __virStrToLong_i() for
virsh and qemud.

* src/nodeinfo.c, src/stats_linux.c, src/virsh.c,
  src/xend_internal.c, qemud/qemud.c: replace xstrtol()
calls with virStrToLong()

* src/nodeinfo.h: don't include internal.h, which was only
needed for xstrtol(), but instead include libvirt.h which
is suffificient for the declarations in the header.
2008-02-08 09:15:16 +00:00
Daniel P. Berrange
97bed42f7a Fix & refactor ref counting cleanup code 2008-01-21 16:29:10 +00:00
Daniel P. Berrange
d56aff5255 Added xstrtol_ll and xstrtol_ull convenience functions 2008-01-20 16:11:25 +00:00
Daniel P. Berrange
e8d690aeb5 Enable debug by default, but only if LIBVIRT_DEBUG=1. Use generic macro for debug output 2008-01-19 18:36:01 +00:00
Richard W.M. Jones
f3ebd20d35 Fri Dec 7 14:47:00 UTC 2007 Richard W.M. Jones <rjones@redhat.com>
* src/internal.h: Use gnulib gettext library.  Define
	  INET_ADDRSTRLEN unless already defined.
2007-12-07 14:52:24 +00:00
Daniel P. Berrange
e332ccdf71 Wire up SASL interaction callbacks to libvirt callbacks. Provide default callback impl 2007-12-05 18:55:04 +00:00
Daniel P. Berrange
7fa9ceb740 Added public API for authentication credential callback support 2007-12-05 18:28:05 +00:00
Richard W.M. Jones
4bfdb77aae Wed Dec 5 13:48:00 UTC 2007 Richard W.M. Jones <rjones@redhat.com>
* python/libvir.c, python/libvirt_wrap.h, qemud/qemud.c,
        qemud/remote.c, src/internal.h, src/openvz_conf.c,
        src/openvz_driver.c, src/proxy_internal.h, src/qemu_conf.c,
        src/qemu_driver.c, src/remote_internal.h, src/test.h, src/util.c,
        src/xen_unified.c, src/xen_unified.h, tests/nodeinfotest.c,
        tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c, tests/reconnect.c,
        tests/sexpr2xmltest.c, tests/virshtest.c, tests/xencapstest.c,
        tests/xmconfigtest.c, tests/xml2sexprtest.c:
        Change #include <> to #include "" for local includes.
        Removed many includes from src/internal.h and put them in
        the C files which actually use them.
        Removed <ansidecl.h> - unused.
        Added a comment around __func__.
        Removed a clashing redefinition of VERSION symbol.
        All limits (PATH_MAX etc) now done in src/internal.h, so we
        don't need to include those headers in other files.
2007-12-05 13:56:22 +00:00
Richard W.M. Jones
46fdd02c75 Mon Nov 26 11:39:59 UTC 2007 Richard W.M. Jones <rjones@redhat.com>
* configure.in, src/internal.h, src/xml.c: <sys/syslimits.h>
	  is needed on Cygwin to get PATH_MAX.  HOST_NAME_MAX and
	  IF_NAMESIZE defined if not in header files.
2007-11-26 11:40:28 +00:00
Richard W.M. Jones
88f28d6980 Wed Nov 14 11:36:00 UTC 2007 Richard W.M. Jones <rjones@redhat.com>
* src/libvirt.c and all internal driver interfaces: Parse the
	  URI only once and pass it to virDrvOpen instead of the
	  unparsed name string.
2007-11-14 11:40:57 +00:00
Jim Meyering
5d25419188 Parse integers more carefully, cont'd.
* qemud/qemud.c: Replace uses of strtol with uses of xstrtol_i.
  Avoid overflow for very large --timeout=N values.
* src/nodeinfo.c: In linuxNodeInfoMemPopulate and
  linuxNodeInfoCPUPopulate, use xstrtol_i rather than strtol.
  Unlike in qemud.c, here we allow trailing "isspace", and in
  the case of "cpuinfo cpu MHz", also allow a "." terminator,
  since we ignore the decimal and any following digits.
* src/internal.h: Define xstrtol_ui, too.


Author: Jim Meyering <meyering@redhat.com>
2007-11-14 10:53:05 +00:00