NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add support for network filter code in LXC driver

Browse Source 
The LXC driver networking uses veth device pairs. These can
be easily hooked into the network filtering code.

* src/lxc/lxc_driver.c: Add calls to setup/teardown nwfilter
This commit is contained in:
Daniel P. Berrange 2011-06-07 14:29:08 +01:00
parent b4728dd43e
commit b86524e8d5
1 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/lxc/lxc_driver.c
View File

@ -52,7 +52,7 @@
#include "hooks.h" #include "hooks.h"
#include "files.h" #include "files.h"
#include "fdstream.h" #include "fdstream.h"
#include "domain_nwfilter.h"
#define VIR_FROM_THIS VIR_FROM_LXC #define VIR_FROM_THIS VIR_FROM_LXC
@ -1027,6 +1027,8 @@ static void lxcVmCleanup(lxc_driver_t *driver,
vethDelete(vm->def->nets[i]->ifname); vethDelete(vm->def->nets[i]->ifname);
} }
virDomainConfVMNWFilterTeardown(vm);
if (driver->cgroup && if (driver->cgroup &&
virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) == 0) { virCgroupForDomain(driver->cgroup, vm->def->name, &cgroup, 0) == 0) {
virCgroupRemove(cgroup); virCgroupRemove(cgroup);
@ -1146,6 +1148,10 @@ static int lxcSetupInterfaces(virConnectPtr conn,
if (vethInterfaceUpOrDown(parentVeth, 1) < 0) if (vethInterfaceUpOrDown(parentVeth, 1) < 0)
goto error_exit; goto error_exit;
if (def->nets[i]->filter &&
virDomainConfNWFilterInstantiate(conn, def->nets[i]) < 0)
goto error_exit;
} }
rc = 0; rc = 0;
@ -1642,8 +1648,10 @@ cleanup:
vethDelete(veths[i]); vethDelete(veths[i]);
VIR_FREE(veths[i]); VIR_FREE(veths[i]);
} }
if (rc != 0) if (rc != 0) {
VIR_FORCE_CLOSE(priv->monitor); VIR_FORCE_CLOSE(priv->monitor);
virDomainConfVMNWFilterTeardown(vm);
}
VIR_FORCE_CLOSE(parentTty); VIR_FORCE_CLOSE(parentTty);
VIR_FORCE_CLOSE(handshakefds[0]); VIR_FORCE_CLOSE(handshakefds[0]);
VIR_FORCE_CLOSE(handshakefds[1]); VIR_FORCE_CLOSE(handshakefds[1]);
@ -2842,6 +2850,33 @@ cleanup:
return ret; return ret;
} }
static int
lxcVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
virHashIterator iter, void *data)
{
virHashForEach(lxc_driver->domains.objs, iter, data);
return 0;
}
static void
lxcVMDriverLock(void)
{
lxcDriverLock(lxc_driver);
}
static void
lxcVMDriverUnlock(void)
{
lxcDriverUnlock(lxc_driver);
}
static virNWFilterCallbackDriver lxcCallbackDriver = {
.name = "LXC",
.vmFilterRebuild = lxcVMFilterRebuild,
.vmDriverLock = lxcVMDriverLock,
.vmDriverUnlock = lxcVMDriverUnlock,
};
/* Function Tables */ /* Function Tables */
static virDriver lxcDriver = { static virDriver lxcDriver = {
@ -2913,5 +2948,6 @@ int lxcRegister(void)
{ {
virRegisterDriver(&lxcDriver); virRegisterDriver(&lxcDriver);
virRegisterStateDriver(&lxcStateDriver); virRegisterStateDriver(&lxcStateDriver);
virNWFilterRegisterCallbackDriver(&lxcCallbackDriver);
return 0; return 0;
} }