From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> Support creation of macvlan devices for LXC containers. Do not allow setting of network filters, bandwidth controls or vport profiles due to the complication that there is no host side visible device to work with. * src/lxc/lxc_driver.c: Support type=direct interfaces --- src/lxc/lxc_driver.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 105 insertions(+), 1 deletions(-) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 4f6807b..09752a3 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1230,6 +1230,102 @@ cleanup: return ret; } + +static int lxcSetupInterfaceDirect(virConnectPtr conn, + virDomainDefPtr def, + virDomainNetDefPtr net, + unsigned int *nveths, + char ***veths) +{ + int ret = 0; + char *res_ifname = NULL; + lxc_driver_t *driver = conn->privateData; + virNetDevBandwidthPtr bw; + virNetDevVPortProfilePtr prof; + + /* XXX how todo filtering ? + * Since the 'net-ifname' is about to be moved to a different + * namespace & renamed, there will be no host side visible + * interface for the container to attach rules to + */ + if (net->filter) { + lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Unable to set network filters on direct interfaces")); + return -1; + } + + /* XXX how todo bandwidth controls ? + * Since the 'net-ifname' is about to be moved to a different + * namespace & renamed, there will be no host side visible + * interface for the container to attach rules to + */ + bw = virDomainNetGetActualBandwidth(net); + if (bw) { + lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Unable to set network bandwidth on direct interfaces")); + return -1; + } + + /* XXX how todo port profiles ? + * Although we can do the association during container + * startup, at shutdown we are unable to disassociate + * because the macvlan device was moved to the container + * and automagically dies when the container dies. So + * we have no dev to perform disassociation with. + */ + prof = virDomainNetGetActualDirectVirtPortProfile(net); + if (prof) { + lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Unable to set port profile on direct interfaces")); + return -1; + } + + if (VIR_REALLOC_N(*veths, (*nveths)+1) < 0) { + virReportOOMError(); + return -1; + } + (*veths)[(*nveths)] = NULL; + + if (virNetDevMacVLanCreateWithVPortProfile( + net->ifname, net->mac, + virDomainNetGetActualDirectDev(net), + virDomainNetGetActualDirectMode(net), + false, false, def->uuid, + virDomainNetGetActualDirectVirtPortProfile(net), + &res_ifname, + VIR_NETDEV_VPORT_PROFILE_OP_CREATE, + driver->stateDir, + virDomainNetGetActualBandwidth(net)) < 0) + goto cleanup; + + (*veths)[(*nveths)] = res_ifname; + (*nveths)++; + +#if 0 + if (rc >= 0) { + if ((net->filter) && (net->ifname)) { + err = virDomainConfNWFilterInstantiate(conn, net); + if (err) { + VIR_FORCE_CLOSE(rc); + ignore_value(virNetDevMacVLanDeleteWithVPortProfile( + net->ifname, net->mac, + virDomainNetGetActualDirectDev(net), + virDomainNetGetActualDirectMode(net), + virDomainNetGetActualDirectVirtPortProfile(net), + driver->stateDir)); + VIR_FREE(net->ifname); + } + } + } +#endif + + ret = 0; + +cleanup: + return ret; +} + + /** * lxcSetupInterfaces: * @conn: pointer to connection @@ -1299,13 +1395,21 @@ static int lxcSetupInterfaces(virConnectPtr conn, goto cleanup; } break; + case VIR_DOMAIN_NET_TYPE_DIRECT: + if (lxcSetupInterfaceDirect(conn, + def, + def->nets[i], + nveths, + veths) < 0) + goto cleanup; + break; + case VIR_DOMAIN_NET_TYPE_USER: case VIR_DOMAIN_NET_TYPE_ETHERNET: case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: case VIR_DOMAIN_NET_TYPE_INTERNAL: - case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_LAST: lxcError(VIR_ERR_INTERNAL_ERROR, _("Unsupported network type %s"), -- 1.7.6.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list