On Thu, Nov 10, 2011 at 09:02:41AM -0500, Stefan Berger wrote:
> On 11/10/2011 06:28 AM, Daniel P. Berrange wrote:
> >From: "Daniel P. Berrange"<berrange@xxxxxxxxxx>
> >
> >Support creation of macvlan devices for LXC containers. Do not
> >allow setting of network filters, bandwidth controls or vport
> >profiles due to the complication that there is no host side
> >visible device to work with.
> >
> >* src/lxc/lxc_driver.c: Support type=direct interfaces
> >---
> > src/lxc/lxc_driver.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++-
> > 1 files changed, 105 insertions(+), 1 deletions(-)
> >
> >diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
> >index 4f6807b..09752a3 100644
> >--- a/src/lxc/lxc_driver.c
> >+++ b/src/lxc/lxc_driver.c
> >@@ -1230,6 +1230,102 @@ cleanup:
> > return ret;
> > }
> >
> >+
> >+static int lxcSetupInterfaceDirect(virConnectPtr conn,
> >+ virDomainDefPtr def,
> >+ virDomainNetDefPtr net,
> >+ unsigned int *nveths,
> >+ char ***veths)
> >+{
> >+ int ret = 0;
> >+ char *res_ifname = NULL;
> >+ lxc_driver_t *driver = conn->privateData;
> >+ virNetDevBandwidthPtr bw;
> >+ virNetDevVPortProfilePtr prof;
> >+
> >+ /* XXX how todo filtering ?
> >+ * Since the 'net-ifname' is about to be moved to a different
> >+ * namespace& renamed, there will be no host side visible
> >+ * interface for the container to attach rules to
> >+ */
> Afaik, filtering doesn't work on the direct interfaces anyway due to
> missing hooks in their kernel implementation. At least I have been
> told so about the macvtap type of device.
Oh, I wonder why the filtering controls are set for macvtap devices
in the QEMU driver :-)
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list