[libvirt] [RFC PATCH 4/6] add MAC address based port filtering to libvirt

Gerhard Stenzel gstenzel at linux.vnet.ibm.com
Fri Oct 2 13:48:27 UTC 2009


This patch adds MAC address based port filtering support to libvirt.

Signed-off-by: Gerhard Stenzel <gerhard.stenzel at de.ibm.com>
---

 include/libvirt/libvirt.h.in |   16 ++++++
 src/driver.h                 |   16 ++++++
 src/libvirt.c                |  121 ++++++++++++++++++++++++++++++++++++++++++
 src/libvirt_public.syms      |    3 +
 src/test/test_driver.c       |    3 +
 5 files changed, 159 insertions(+), 0 deletions(-)

diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in
index 4e63e48..78e5cce 100644
--- a/include/libvirt/libvirt.h.in
+++ b/include/libvirt/libvirt.h.in
@@ -884,6 +884,22 @@ int                     virNetworkSetAutostart  (virNetworkPtr network,
                                                  int autostart);
 
 /*
+ *  MAC address based filtering
+ */
+
+int                     virNetworkDisableAllFrames(virConnectPtr conn);
+
+int                     virNetworkAllowMacOnPort(virNetworkPtr network,
+                                                 char * brname,
+                                                 char * ifname,
+                                                 unsigned char * mac);
+
+int                     virNetworkDisallowMacOnPort(virNetworkPtr network,
+                                                    char * brname,
+                                                    char * ifname,
+                                                    unsigned char * mac);
+
+/*
  * Physical host interface configuration API
  */
 
diff --git a/src/driver.h b/src/driver.h
index 6a3dcc2..fea6247 100644
--- a/src/driver.h
+++ b/src/driver.h
@@ -470,6 +470,19 @@ typedef int
 typedef int
         (*virDrvNetworkSetAutostart)	(virNetworkPtr network,
                                          int autostart);
+typedef int
+        (*virDrvNetworkAllowMacOnPort)	(virConnectPtr conn,
+                                         char * brname,
+                                         char * ifname,
+                                         unsigned char * mac);
+typedef int
+        (*virDrvNetworkDisableAllFrames)	(virConnectPtr conn);
+
+typedef int
+        (*virDrvNetworkDisallowMacOnPort)	(virConnectPtr conn,
+                                         char * brname,
+                                         char * ifname,
+                                         unsigned char * mac);
 
 
 typedef struct _virNetworkDriver virNetworkDriver;
@@ -504,6 +517,9 @@ struct _virNetworkDriver {
         virDrvNetworkGetBridgeName	networkGetBridgeName;
         virDrvNetworkGetAutostart	networkGetAutostart;
         virDrvNetworkSetAutostart	networkSetAutostart;
+        virDrvNetworkAllowMacOnPort	networkAllowMacOnPort;
+        virDrvNetworkDisallowMacOnPort	networkDisallowMacOnPort;
+        virDrvNetworkDisableAllFrames networkDisableAllFrames;
 };
 
 /*-------*/
diff --git a/src/libvirt.c b/src/libvirt.c
index 4cc19ec..ca65beb 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -5456,6 +5456,127 @@ error:
 }
 
 /**
+ * virNetworkDisableAllFrames:
+ * @network: a network object
+ *
+ * Provides a bridge interface name to which a domain may connect
+ * a network interface in order to join the network.
+ *
+ * Returns -1 in case of error, 0 in case of success
+ */
+
+int
+virNetworkDisableAllFrames(virConnectPtr conn) {
+
+    virResetLastError();
+
+    if (conn->networkDriver && conn->networkDriver->networkDisableAllFrames) {
+        int ret;
+        ret = conn->networkDriver->networkDisableAllFrames(conn);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+    /* Copy to connection error object for back compatability */
+    return -1;
+}
+
+
+/**
+ * virNetworkDisallowMacOnPort:
+ * @network: a network object
+ *
+ * Provides a bridge interface name to which a domain may connect
+ * a network interface in order to join the network.
+ *
+ * Returns -1 in case of error, 0 in case of success
+ */
+
+int
+virNetworkDisallowMacOnPort(virNetworkPtr network,
+               char * brname,
+               char * ifname,
+               unsigned char * mac) {
+
+    virConnectPtr conn;
+    DEBUG("network=%p", network);
+
+    virResetLastError();
+
+    if (!VIR_IS_CONNECTED_NETWORK(network)) {
+        virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+        return (-1);
+    }
+
+    conn = network->conn;
+
+    if (conn->networkDriver && conn->networkDriver->networkDisallowMacOnPort) {
+        int ret;
+        ret = conn->networkDriver->networkDisallowMacOnPort (conn, brname, ifname, mac);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+    /* Copy to connection error object for back compatability */
+    virSetConnError(network->conn);
+    return -1;
+}
+
+/**
+ * virNetworkAllowMacOnPort:
+ * @network: a network object
+ *
+ * Provides a bridge interface name to which a domain may connect
+ * a network interface in order to join the network.
+ *
+ * Returns -1 in case of error, 0 in case of success
+ */
+
+int
+virNetworkAllowMacOnPort(virNetworkPtr network,
+               char * brname,
+               char * ifname,
+               unsigned char * mac) {
+
+    virConnectPtr conn;
+    DEBUG("network=%p", network);
+    DEBUG("%s: ifname=%s", __FILE__, ifname);
+    DEBUG("%s: mac=%s", __FILE__, mac);
+
+    virResetLastError();
+
+    if (!VIR_IS_CONNECTED_NETWORK(network)) {
+        virLibNetworkError(NULL, VIR_ERR_INVALID_NETWORK, __FUNCTION__);
+        return (-1);
+    }
+
+    conn = network->conn;
+
+    if (conn->networkDriver && conn->networkDriver->networkAllowMacOnPort) {
+        int ret;
+        ret = conn->networkDriver->networkAllowMacOnPort (conn, brname, ifname, mac);
+        if (ret < 0)
+            goto error;
+        return ret;
+    }
+
+    virLibConnError (conn, VIR_ERR_NO_SUPPORT, __FUNCTION__);
+
+error:
+    /* Copy to connection error object for back compatability */
+    virSetConnError(network->conn);
+    return -1;
+}
+
+/**
  * virNetworkGetBridgeName:
  * @network: a network object
  *
diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms
index 7226e88..6ec6fa6 100644
--- a/src/libvirt_public.syms
+++ b/src/libvirt_public.syms
@@ -326,6 +326,9 @@ LIBVIRT_0.7.2 {
 	virStreamFinish;
 	virStreamAbort;
 	virStreamFree;
+	virNetworkDisableAllFrames;
+	virNetworkAllowMacOnPort;
+	virNetworkDisallowMacOnPort;
 } LIBVIRT_0.7.1;
 
 # .... define new API here using predicted next version number ....
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index cb48f64..d72c453 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -4288,6 +4288,9 @@ static virNetworkDriver testNetworkDriver = {
     testNetworkGetBridgeName, /* networkGetBridgeName */
     testNetworkGetAutostart, /* networkGetAutostart */
     testNetworkSetAutostart, /* networkSetAutostart */
+    NULL, /*  */
+    NULL, /*  */
+    NULL, /*  */
 };
 
 static virInterfaceDriver testInterfaceDriver = {




More information about the libvir-list mailing list