External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-26 07:36:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cafb934db8
libvirt/docs/schemas/network.rng
Laine Stump 40961978ee conf: new network bridge device attribute macTableManager 
The macTableManager attribute of a network's bridge subelement tells
libvirt how the bridge's MAC address table (used to determine the
egress port for packets) is managed. In the default mode, "kernel",
management is left to the kernel, which usually determines entries in
part by turning on promiscuous mode on all ports of the bridge,
flooding packets to all ports when the correct destination is unknown,
and adding/removing entries to the fdb as it sees incoming traffic
from particular MAC addresses.  In "libvirt" mode, libvirt turns off
learning and flooding on all the bridge ports connected to guest
domain interfaces, and adds/removes entries according to the MAC
addresses in the domain interface configurations. A side effect of
turning off learning and unicast_flood on the ports of a bridge is
that (with Linux kernel 3.17 and newer), the kernel can automatically
turn off promiscuous mode on one or more of the bridge's ports
(usually only the one interface that is used to connect the bridge to
the physical network). The result is better performance (because
packets aren't being flooded to all ports, and can be dropped earlier
when they are of no interest) and slightly better security (a guest
can still send out packets with a spoofed source MAC address, but will
only receive traffic intended for the guest interface's configured MAC
address).

The attribute looks like this in the configuration:

  <network>
    <name>test</name>
    <bridge name='br0' macTableManager='libvirt'/>
    ...

This patch only adds the config knob, documentation, and test
cases. The functionality behind this knob is added in later patches.
2014-12-08 14:41:37 -05:00

398 lines
13 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<!-- A Relax NG schema for the libvirt network XML format -->
<grammar xmlns="http://relaxng.org/ns/structure/1.0"
datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
<start>
<ref name="network"/>
</start>
<include href='basictypes.rng'/>
<include href='networkcommon.rng'/>
<define name="network">
<element name="network">
<optional>
<attribute name="connections">
<data type="unsignedInt"/>
</attribute>
</optional>
<!-- Enables IPv6 guest-to-guest communications on a network
with no gateways addresses specified -->
<optional>
<attribute name="ipv6">
<ref name="virYesNo"/>
</attribute>
</optional>
<optional>
<attribute name="trustGuestRxFilters">
<ref name="virYesNo"/>
</attribute>
</optional>
<interleave>
<!-- The name of the network, used to refer to it through the API
and in virsh -->
<element name="name">
<text/>
</element>
<!-- <uuid> element -->
<optional>
<element name="uuid"><ref name="UUID"/></element>
</optional>
<!-- <bridge> element -->
<optional>
<!-- The name of the network to be set up; this will back
the network on the host -->
<element name="bridge">
<optional>
<attribute name="name">
<ref name="deviceName"/>
</attribute>
</optional>
<optional>
<attribute name="stp">
<ref name="virOnOff"/>
</attribute>
</optional>
<optional>
<attribute name="delay">
<data type="unsignedLong"/>
</attribute>
</optional>
<optional>
<attribute name="macTableManager">
<choice>
<value>kernel</value>
<value>libvirt</value>
</choice>
</attribute>
</optional>
</element>
</optional>
<!-- <mac> element -->
<optional>
<element name="mac">
<attribute name="address"><ref name="uniMacAddr"/></attribute>
<empty/>
</element>
</optional>
<!-- <forward> element -->
<optional>
<!-- The device through which the bridge is connected to the
rest of the network -->
<element name="forward">
<optional>
<attribute name="dev">
<ref name="deviceName"/>
</attribute>
</optional>
<optional>
<attribute name="mode">
<choice>
<value>nat</value>
<value>route</value>
<value>bridge</value>
<value>passthrough</value>
<value>private</value>
<value>vepa</value>
<value>hostdev</value>
</choice>
</attribute>
</optional>
<optional>
<attribute name="managed">
<ref name="virYesNo"/>
</attribute>
</optional>
<interleave>
<choice>
<group>
<zeroOrMore>
<element name='interface'>
<attribute name='dev'>
<ref name='deviceName'/>
</attribute>
<optional>
<attribute name="connections">
<data type="unsignedInt"/>
</attribute>
</optional>
</element>
</zeroOrMore>
</group>
<group>
<zeroOrMore>
<element name='address'>
<attribute name='type'>
<value>pci</value>
</attribute>
<ref name="pciaddress"/>
<optional>
<attribute name="connections">
<data type="unsignedInt"/>
</attribute>
</optional>
</element>
</zeroOrMore>
</group>
</choice>
<optional>
<element name='pf'>
<attribute name='dev'>
<ref name='deviceName'/>
</attribute>
</element>
</optional>
<optional>
<element name="driver">
<attribute name="name">
<choice>
<value>kvm</value>
<value>vfio</value>
</choice>
</attribute>
<empty/>
</element>
</optional>
<optional>
<element name='nat'>
<interleave>
<optional>
<element name='address'>
<attribute name='start'>
<ref name='ipv4Addr'/>
</attribute>
<attribute name='end'>
<ref name='ipv4Addr'/>
</attribute>
</element>
</optional>
<optional>
<element name='port'>
<attribute name='start'>
<ref name='port'/>
</attribute>
<attribute name='end'>
<ref name='port'/>
</attribute>
</element>
</optional>
</interleave>
</element>
</optional>
</interleave>
</element>
</optional>
<!-- <virtualport> element -->
<optional>
<ref name="virtualPortProfile"/>
</optional>
<!-- <portgroup> elements -->
<zeroOrMore>
<element name="portgroup">
<attribute name="name">
<ref name="deviceName"/>
</attribute>
<optional>
<attribute name="default">
<ref name="virYesNo"/>
</attribute>
</optional>
<optional>
<attribute name="trustGuestRxFilters">
<ref name="virYesNo"/>
</attribute>
</optional>
<interleave>
<optional>
<ref name="virtualPortProfile"/>
</optional>
<optional>
<ref name="bandwidth"/>
</optional>
<optional>
<ref name="vlan"/>
</optional>
</interleave>
</element>
</zeroOrMore>
<!-- <domain> element -->
<optional>
<element name="domain">
<attribute name="name"><ref name="dnsName"/></attribute>
</element>
</optional>
<!-- Define the DNS related elements like TXT records
and other features in the <dns> element -->
<optional>
<element name="dns">
<optional>
<attribute name="forwardPlainNames">
<ref name="virYesNo"/>
</attribute>
</optional>
<interleave>
<zeroOrMore>
<element name="forwarder">
<attribute name="addr"><ref name="ipAddr"/></attribute>
</element>
</zeroOrMore>
<zeroOrMore>
<element name="txt">
<attribute name="name"><ref name="dnsName"/></attribute>
<attribute name="value"><text/></attribute>
</element>
</zeroOrMore>
<zeroOrMore>
<element name="srv">
<attribute name="service"><text/></attribute>
<attribute name="protocol">
<ref name="protocol"/>
</attribute>
<optional>
<attribute name="domain"><ref name="dnsName"/></attribute>
<attribute name="target"><text/></attribute>
<attribute name="port">
<ref name="unsignedShort"/>
</attribute>
<attribute name="priority">
<ref name="unsignedShort"/>
</attribute>
<attribute name="weight">
<ref name="unsignedShort"/>
</attribute>
</optional>
</element>
</zeroOrMore>
<zeroOrMore>
<element name="host">
<attribute name="ip"><ref name="ipAddr"/></attribute>
<oneOrMore>
<element name="hostname"><ref name="dnsName"/></element>
</oneOrMore>
</element>
</zeroOrMore>
</interleave>
</element>
</optional>
<optional>
<ref name="bandwidth"/>
</optional>
<optional>
<ref name="vlan"/>
</optional>
<optional>
<element name="link">
<attribute name="state">
<choice>
<value>up</value>
<value>down</value>
</choice>
</attribute>
<empty/>
</element>
</optional>
<!-- <ip> element -->
<zeroOrMore>
<!-- The IP element sets up NAT'ing and an optional DHCP server
local to the host. -->
<element name="ip">
<optional>
<attribute name="address"><ref name="ipAddr"/></attribute>
</optional>
<optional>
<choice>
<attribute name="netmask"><ref name="ipv4Addr"/></attribute>
<attribute name="prefix"><ref name="ipPrefix"/></attribute>
</choice>
</optional>
<optional>
<attribute name="family"><ref name="addr-family"/></attribute>
</optional>
<optional>
<element name="tftp">
<attribute name="root"><text/></attribute>
</element>
</optional>
<optional>
<!-- Define the range(s) of IP addresses that the DHCP
server should hand out -->
<element name="dhcp">
<zeroOrMore>
<element name="range">
<attribute name="start"><ref name="ipAddr"/></attribute>
<attribute name="end"><ref name="ipAddr"/></attribute>
</element>
</zeroOrMore>
<zeroOrMore>
<element name="host">
<choice>
<group>
<choice>
<attribute name="mac"><ref name="uniMacAddr"/></attribute>
<attribute name="id"><ref name="DUID"/></attribute>
</choice>
<optional>
<attribute name="name"><text/></attribute>
</optional>
</group>
<attribute name="name"><text/></attribute>
</choice>
<attribute name="ip"><ref name="ipAddr"/></attribute>
</element>
</zeroOrMore>
<optional>
<element name="bootp">
<attribute name="file"><ref name="filePath"/></attribute>
<optional>
<attribute name="server"><ref name="dnsName"/></attribute>
</optional>
</element>
</optional>
</element>
</optional>
</element>
</zeroOrMore>
<!-- <route> element -->
<zeroOrMore>
<!-- The (static) route element specifies a network address and gateway
address to access that network. Both the network address and
the gateway address must be specified. -->
<element name="route">
<optional>
<attribute name="family"><ref name="addr-family"/></attribute>
</optional>
<attribute name="address"><ref name="ipAddr"/></attribute>
<optional>
<choice>
<attribute name="netmask"><ref name="ipv4Addr"/></attribute>
<attribute name="prefix"><ref name="ipPrefix"/></attribute>
</choice>
</optional>
<attribute name="gateway"><ref name="ipAddr"/></attribute>
<optional>
<attribute name="metric"><ref name="unsignedInt"/></attribute>
</optional>
</element>
</zeroOrMore>
</interleave>
</element>
</define>
</grammar>
Reference in New Issue View Git Blame Copy Permalink