On Sun, Feb 16, 2020 at 11:22:58PM -0500, Laine Stump wrote:
During the hypervisor-agnostic validation of network devices, verify
that the interface type is either "network" or "bridge", and that if
there is any <virtualport>, that it doesn't have any type associated
with it.
This needs to be done both for the parse-time validation and for
runtime validation (after a port has been acquired from any associated
network), because an interface with type='network' could have an
actual type at runtime of "hostdev" or "direct", neither of which
support isolated='true' (yet). Likewise, if an interface is
type='network', then at runtime a <virtualport> with a type that
doesn't support isolated='yes' (e.g. "openvswitch", "802.1Qbh" -
currently *none* of the available virtualport types support it)
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
src/conf/domain_conf.c | 56 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 56 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 30b2a53b83..f8ce7d519d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -6239,6 +6239,47 @@ virDomainRedirdevDefValidate(const virDomainDef *def,
}
+static int
+virDomainNetDefValidatePortOptions(const char *macstr,
+ virDomainNetType type,
+ const virNetDevVPortProfile *vport,
+ virTristateBool isolatedPort)
+{
+ /*
+ * This function can be called for either a config interface
+ * object (NetDef) or a runtime interface object (ActualNetDef),
+ * by calling it with either, e.g., the "type" (what is in the
+ * config) or the "actualType" (what is determined at runtime by
+ * acquiring a port from the network).
+ */
+ /*
+ * port isolation can only be set for an interface that is
+ * connected to a Linux host bridge (either a libvirt-managed
+ * network, or plain type='bridge')
+ */
+ if (isolatedPort == VIR_TRISTATE_BOOL_YES) {
+ if (!(type == VIR_DOMAIN_NET_TYPE_NETWORK ||
+ type == VIR_DOMAIN_NET_TYPE_BRIDGE)) {
consider:
if (type != VIR_DOMAIN_NET_TYPE_NETWORK &&
type != VIR_DOMAIN_NET_TYPE_BRIDGE)
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("interface %s - <portOptions isolated='yes'/> is not supported for network interfaces with type='%s'"),
Please don't put XML snippets in the error message.
How about:
... - isolated ports are not supported ...
+ macstr, virDomainNetTypeToString(type));
+ return -1;
+ }
+ /*
+ * also not allowed for anything with <virtualport> setting
+ * (openvswitch or 802.11Qb[gh])
+ */
+ if (vport && vport->virtPortType != VIR_NETDEV_VPORT_PROFILE_NONE) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("interface %s - <portOptions isolated='yes'/> is not supported for network interfaces with virtualport type='%s'"),
+ macstr, virNetDevVPortTypeToString(vport->virtPortType));
Same here.
+ return -1;
+ }
+ }
+ return 0;
+}
+
+
int
virDomainActualNetDefValidate(const virDomainNetDef *net)
{
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
Attachment:
signature.asc
Description: PGP signature
