mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 14:15:28 +00:00
8a144c9045
When the bridge device for a network has macTableManager='libvirt' the intent is that all kernel management of the bridge's MAC table (Forwarding Database, or fdb, in the case of a Linux Host Bridge) be disabled, with libvirt handling updates to the table instead. The setup required for the bridge itself is: 1) set the "vlan_filtering" property of the bridge device to 1. 2) If the bridge has a "Dummy" tap device used to set a fixed MAC address on the bridge (which is always the case for a bridge created by libvirt, and never the case for a bridge created by the host system network config), turn off learning and unicast_flood on this tap (this is needed even though this tap is never IFF_UP, because the kernel ignores the IFF_UP flag of devices when using their settings to automatically decide whether or not to turn off promiscuous mode for any attached device). (1) is done both for libvirt-created/managed bridges, and for bridges that are created by the host system config, while (2) is done only for bridges created by libvirt (i.e. for forward modes of nat, routed, and isolated bridges) There is no attempt to turn vlan_filtering off when destroying the network because in the case of a libvirt-created bridge, the bridge is about to be destroyed anyway, and in the case of a system bridge, if the other devices attached to the bridge could operate properly before destroying libvirt's network object, they will continue to operate properly (this is similar to the way that libvirt will enable ip_forwarding whenever a routed/natted network is started, but will never attempt to disable it if they are stopped). |
||
|---|---|---|
| .. | ||
| access | ||
| bhyve | ||
| conf | ||
| cpu | ||
| esx | ||
| hyperv | ||
| interface | ||
| libxl | ||
| locking | ||
| lxc | ||
| network | ||
| node_device | ||
| nwfilter | ||
| openvz | ||
| parallels | ||
| phyp | ||
| qemu | ||
| remote | ||
| rpc | ||
| secret | ||
| security | ||
| storage | ||
| test | ||
| uml | ||
| util | ||
| vbox | ||
| vmware | ||
| vmx | ||
| xen | ||
| xenapi | ||
| xenconfig | ||
| check-aclperms.pl | ||
| check-aclrules.pl | ||
| check-driverimpls.pl | ||
| check-drivername.pl | ||
| check-symfile.pl | ||
| check-symsorting.pl | ||
| datatypes.c | ||
| datatypes.h | ||
| driver-hypervisor.h | ||
| driver-interface.h | ||
| driver-network.h | ||
| driver-nodedev.h | ||
| driver-nwfilter.h | ||
| driver-secret.h | ||
| driver-state.h | ||
| driver-storage.h | ||
| driver-stream.h | ||
| driver.c | ||
| driver.h | ||
| dtrace2systemtap.pl | ||
| fdstream.c | ||
| fdstream.h | ||
| gnutls_1_0_compat.h | ||
| internal.h | ||
| libvirt_atomic.syms | ||
| libvirt_daemon.syms | ||
| libvirt_driver_modules.syms | ||
| libvirt_esx.syms | ||
| libvirt_gnutls.syms | ||
| libvirt_internal.h | ||
| libvirt_libssh2.syms | ||
| libvirt_linux.syms | ||
| libvirt_lxc.syms | ||
| libvirt_openvz.syms | ||
| libvirt_private.syms | ||
| libvirt_probes.d | ||
| libvirt_public.syms | ||
| libvirt_qemu_probes.d | ||
| libvirt_qemu.syms | ||
| libvirt_remote.syms | ||
| libvirt_sasl.syms | ||
| libvirt_vmware.syms | ||
| libvirt_vmx.syms | ||
| libvirt_xenconfig.syms | ||
| libvirt-domain-snapshot.c | ||
| libvirt-domain.c | ||
| libvirt-host.c | ||
| libvirt-interface.c | ||
| libvirt-lxc.c | ||
| libvirt-lxc.pc.in | ||
| libvirt-network.c | ||
| libvirt-nodedev.c | ||
| libvirt-nwfilter.c | ||
| libvirt-qemu.c | ||
| libvirt-qemu.pc.in | ||
| libvirt-secret.c | ||
| libvirt-storage.c | ||
| libvirt-stream.c | ||
| libvirt.c | ||
| libvirt.conf | ||
| libvirt.pc.in | ||
| lock_protocol-structs | ||
| lxc_monitor_protocol-structs | ||
| lxc_protocol-structs | ||
| Makefile.am | ||
| nodeinfo.c | ||
| nodeinfo.h | ||
| nodeinfopriv.h | ||
| qemu_protocol-structs | ||
| README | ||
| remote_protocol-structs | ||
| virkeepaliveprotocol-structs | ||
| virnetprotocol-structs | ||
libvirt library code README
===========================
The directory provides the bulk of the libvirt codebase. Everything
except for the libvirtd daemon and client tools. The build uses a
large number of libtool convenience libraries - one for each child
directory, and then links them together for the final libvirt.so,
although some bits get linked directly to libvirtd daemon instead.
The files directly in this directory are supporting the public API
entry points & data structures.
There are two core shared modules to be aware of:
* util/ - a collection of shared APIs that can be used by any
code. This directory is always in the include path
for all things built
* conf/ - APIs for parsing / manipulating all the official XML
files used by the public API. This directory is only
in the include path for driver implementation modules
* vmx/ - VMware VMX config handling (used by esx/ and vmware/)
Then there are the hypervisor implementations:
* bhyve - bhyve - The BSD Hypervisor
* esx/ - VMware ESX and GSX support using vSphere API over SOAP
* hyperv/ - Microsoft Hyper-V support using WinRM
* lxc/ - Linux Native Containers
* openvz/ - OpenVZ containers using cli tools
* phyp/ - IBM Power Hypervisor using CLI tools over SSH
* qemu/ - QEMU / KVM using qemu CLI/monitor
* remote/ - Generic libvirt native RPC client
* test/ - A "mock" driver for testing
* uml/ - User Mode Linux
* vbox/ - Virtual Box using native API
* vmware/ - VMware Workstation and Player using the vmrun tool
* xen/ - Xen using hypercalls, XenD SEXPR & XenStore
* xenapi/ - Xen using libxenserver
Finally some secondary drivers that are shared for several HVs.
Currently these are used by LXC, OpenVZ, QEMU, UML and Xen drivers.
The ESX, Hyper-V, Power Hypervisor, Remote, Test & VirtualBox drivers all
implement the secondary drivers directly
* cpu/ - CPU feature management
* interface/ - Host network interface management
* network/ - Virtual NAT networking
* nwfilter/ - Network traffic filtering rules
* node_device/ - Host device enumeration
* secret/ - Secret management
* security/ - Mandatory access control drivers
* storage/ - Storage management drivers
Since both the hypervisor and secondary drivers can be built as
dlopen()able modules, it is *FORBIDDEN* to have build dependencies
between these directories. Drivers are only allowed to depend on
the public API, and the internal APIs in the util/ and conf/
directories