2005-11-02 20:50:21 +08:00
dnl Process this file with autoconf to produce a configure script.
2007-09-19 07:46:18 +08:00
2014-01-11 05:01:10 +08:00
dnl Copyright (C) 2005-2014 Red Hat, Inc.
2013-05-15 07:42:12 +08:00
dnl
dnl This library is free software; you can redistribute it and/or
dnl modify it under the terms of the GNU Lesser General Public
dnl License as published by the Free Software Foundation; either
dnl version 2.1 of the License, or (at your option) any later version.
dnl
dnl This library is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl Lesser General Public License for more details.
dnl
dnl You should have received a copy of the GNU Lesser General Public
dnl License along with this library. If not, see
dnl <http://www.gnu.org/licenses/>.
2011-07-29 02:56:24 +08:00
2014-09-02 16:07:15 +08:00
AC_INIT([libvirt], [1.2.9], [libvir-list@redhat.com], [], [http://libvirt.org])
2008-05-22 23:34:02 +08:00
AC_CONFIG_SRCDIR([src/libvirt.c])
AC_CONFIG_AUX_DIR([build-aux])
2010-01-25 23:00:43 +08:00
AC_CONFIG_HEADERS([config.h])
2013-10-10 20:09:08 +08:00
AH_BOTTOM([#include <config-post.h>])
2010-02-17 21:45:10 +08:00
AC_CONFIG_MACRO_DIR([m4])
2013-09-05 00:26:30 +08:00
dnl Make automake keep quiet about wildcards & other GNUmake-isms; also keep
dnl quiet about the fact that we intentionally cater to automake 1.9
build: use automake subdir-objects
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:
daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled. For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory. However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...
As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.
* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-08 06:18:06 +08:00
AM_INIT_AUTOMAKE([-Wno-portability -Wno-obsolete tar-ustar subdir-objects])
2009-07-08 17:51:59 +08:00
2011-02-12 03:43:05 +08:00
# Maintainer note - comment this line out if you plan to rerun
# GNULIB_POSIXCHECK testing to see if libvirt should be using more modules.
# Leave it uncommented for normal releases, for faster ./configure.
gl_ASSERT_NO_GNULIB_POSIXCHECK
2013-09-05 00:26:30 +08:00
# Default to using the silent-rules feature when possible. Formatting
# chosen to bypass 'grep' checks that cause older automake to warn.
# Users (include rpm) can still change the default at configure time.
m4_ifndef([AM_SILENT_RULES],
[m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
2009-07-08 17:51:59 +08:00
2005-11-02 20:50:21 +08:00
AC_CANONICAL_HOST
2012-08-11 01:39:41 +08:00
# First extract pieces from the version number string
2008-03-31 20:13:52 +08:00
LIBVIRT_MAJOR_VERSION=`echo $VERSION | awk -F. '{print $1}'`
LIBVIRT_MINOR_VERSION=`echo $VERSION | awk -F. '{print $2}'`
LIBVIRT_MICRO_VERSION=`echo $VERSION | awk -F. '{print $3}'`
2006-02-15 21:21:17 +08:00
LIBVIRT_VERSION=$LIBVIRT_MAJOR_VERSION.$LIBVIRT_MINOR_VERSION.$LIBVIRT_MICRO_VERSION$LIBVIRT_MICRO_VERSION_SUFFIX
LIBVIRT_VERSION_NUMBER=`expr $LIBVIRT_MAJOR_VERSION \* 1000000 + $LIBVIRT_MINOR_VERSION \* 1000 + $LIBVIRT_MICRO_VERSION`
2005-11-02 20:50:21 +08:00
2012-08-11 01:39:41 +08:00
# In libtool terminology we need to figure out:
#
# CURRENT
# The most recent interface number that this library implements.
#
# REVISION
# The implementation number of the CURRENT interface.
#
# AGE
# The difference between the newest and oldest interfaces that this
# library implements.
#
# In other words, the library implements all the interface numbers
# in the range from number `CURRENT - AGE' to `CURRENT'.
#
# Libtool assigns the soname version from `CURRENT - AGE', and we
# don't want that to ever change in libvirt. ie it must always be
# zero, to produce libvirt.so.0.
#
# We would, however, like the libvirt version number reflected
# in the so version'd symlinks, and this is based on AGE.REVISION
# eg libvirt.so.0.AGE.REVISION
#
# Assuming we do ever want to break soname version, this can
# toggled. But seriously, don't ever touch this.
LIBVIRT_SONUM=0
# The following examples show what libtool will do
#
# Input: 0.9.14 -> libvirt.so.0.9.14
# Input: 1.0.0 -> libvirt.so.0.1000.0
# Input: 2.5.8 -> libvirt.so.0.2005.8
#
AGE=`expr $LIBVIRT_MAJOR_VERSION '*' 1000 + $LIBVIRT_MINOR_VERSION`
REVISION=$LIBVIRT_MICRO_VERSION
CURRENT=`expr $LIBVIRT_SONUM + $AGE`
LIBVIRT_VERSION_INFO=$CURRENT:$REVISION:$AGE
2008-05-22 23:34:02 +08:00
AC_SUBST([LIBVIRT_MAJOR_VERSION])
AC_SUBST([LIBVIRT_MINOR_VERSION])
AC_SUBST([LIBVIRT_MICRO_VERSION])
2012-08-11 01:39:41 +08:00
AC_SUBST([LIBVIRT_SONUM])
2008-05-22 23:34:02 +08:00
AC_SUBST([LIBVIRT_VERSION])
AC_SUBST([LIBVIRT_VERSION_INFO])
AC_SUBST([LIBVIRT_VERSION_NUMBER])
2005-11-02 20:50:21 +08:00
Imprint all logs with version + package build information
The logging functions are enhanced so that immediately prior to
the first log message being printed to any output channel, the
libvirt package version will be printed.
eg
$ LIBVIRT_DEBUG=1 virsh
18:13:28.013: 17536: info : libvirt version: 0.8.7
18:13:28.013: 17536: debug : virInitialize:361 : register drivers
...
The 'configure' script gains two new arguments which can be
used as
--with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
--with-packager-version="1.fc14"
to allow distros to append a custom string with package specific
data.
The RPM specfile is modified so that it appends the RPM version,
the build host, the build date and the packager name.
eg
$ LIBVIRT_DEBUG=1 virsh
18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
18:14:52.086: 17551: debug : virInitialize:361 : register drivers
Thus when distro packagers receive bug reports they can clearly
see what version was in use, even if the bug reporter mistakenly
or intentionally lies about version/builds
* src/util/logging.c: Output version data prior to first log message
* libvirt.spec.in: Include RPM release, date, hostname & packager
* configure.ac: Add --with-packager & --with-packager-version args
2011-01-28 02:11:16 +08:00
AC_ARG_WITH([packager],
[AS_HELP_STRING([--with-packager],
[Extra packager name])],
2011-02-16 02:48:44 +08:00
[],[with_packager=no])
Imprint all logs with version + package build information
The logging functions are enhanced so that immediately prior to
the first log message being printed to any output channel, the
libvirt package version will be printed.
eg
$ LIBVIRT_DEBUG=1 virsh
18:13:28.013: 17536: info : libvirt version: 0.8.7
18:13:28.013: 17536: debug : virInitialize:361 : register drivers
...
The 'configure' script gains two new arguments which can be
used as
--with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
--with-packager-version="1.fc14"
to allow distros to append a custom string with package specific
data.
The RPM specfile is modified so that it appends the RPM version,
the build host, the build date and the packager name.
eg
$ LIBVIRT_DEBUG=1 virsh
18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
18:14:52.086: 17551: debug : virInitialize:361 : register drivers
Thus when distro packagers receive bug reports they can clearly
see what version was in use, even if the bug reporter mistakenly
or intentionally lies about version/builds
* src/util/logging.c: Output version data prior to first log message
* libvirt.spec.in: Include RPM release, date, hostname & packager
* configure.ac: Add --with-packager & --with-packager-version args
2011-01-28 02:11:16 +08:00
AC_ARG_WITH([packager-version],
[AS_HELP_STRING([--with-packager-version],
[Extra packager version])],
2011-02-16 02:48:44 +08:00
[],[with_packager_version=no])
Imprint all logs with version + package build information
The logging functions are enhanced so that immediately prior to
the first log message being printed to any output channel, the
libvirt package version will be printed.
eg
$ LIBVIRT_DEBUG=1 virsh
18:13:28.013: 17536: info : libvirt version: 0.8.7
18:13:28.013: 17536: debug : virInitialize:361 : register drivers
...
The 'configure' script gains two new arguments which can be
used as
--with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
--with-packager-version="1.fc14"
to allow distros to append a custom string with package specific
data.
The RPM specfile is modified so that it appends the RPM version,
the build host, the build date and the packager name.
eg
$ LIBVIRT_DEBUG=1 virsh
18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
18:14:52.086: 17551: debug : virInitialize:361 : register drivers
Thus when distro packagers receive bug reports they can clearly
see what version was in use, even if the bug reporter mistakenly
or intentionally lies about version/builds
* src/util/logging.c: Output version data prior to first log message
* libvirt.spec.in: Include RPM release, date, hostname & packager
* configure.ac: Add --with-packager & --with-packager-version args
2011-01-28 02:11:16 +08:00
if test "x$with_packager" != "xno"
then
AC_DEFINE_UNQUOTED([PACKAGER], ["$with_packager"],
[Extra package name])
fi
if test "x$with_packager_version" != "xno"
then
AC_DEFINE_UNQUOTED([PACKAGER_VERSION], ["$with_packager_version"],
[Extra package version])
fi
2007-09-19 23:35:00 +08:00
dnl Required minimum versions of all libs we depend on
2009-04-03 23:25:38 +08:00
LIBXML_REQUIRED="2.6.0"
2007-11-26 19:34:57 +08:00
GNUTLS_REQUIRED="1.0.25"
2007-12-06 02:21:27 +08:00
POLKIT_REQUIRED="0.6"
2008-02-20 23:52:17 +08:00
PARTED_REQUIRED="1.8.0"
2009-11-13 20:12:09 +08:00
DEVMAPPER_REQUIRED=1.0.0
nwfilter: Support for learning a VM's IP address
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
2010-04-08 05:02:18 +08:00
LIBPCAP_REQUIRED="1.0.0"
2010-05-26 03:31:38 +08:00
LIBNL_REQUIRED="1.1"
2007-09-19 09:56:55 +08:00
2007-11-30 01:41:57 +08:00
dnl Checks for C compiler.
2005-11-02 21:19:10 +08:00
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_CPP
2007-09-21 02:40:36 +08:00
2013-01-03 02:10:42 +08:00
dnl Setting AB_VERSION makes the 'autobuild' lines of configure output
dnl slightly more useful
if test -d $srcdir/.git && git --version >/dev/null 2>&1 ; then
AB_VERSION=`cd $srcdir && git describe --match 'v[[0-9]]*' 2>/dev/null`
fi
Use gnulib, starting with its physmem and getaddrinfo modules.
New files go into these directories:
gnulib/lib
gnulib/m4
gnulib/tests
* bootstrap: A wrapper around gnulib-tool.
* configure.in: Invoke gl_EARLY and gl_INIT, being careful to put gl_EARLY
before any macro that uses AC_COMPILE_IFELSE.
(AC_OUTPUT): Add lib/Makefile and gl-tests/Makefile. Remove m4/Makefile.
* Makefile.am (SUBDIRS): Add gnulib/lib and remove m4. Add gnulib/tests
early enough that those tests run before any libvirt unit tests.
* m4/Makefile.am: Remove file. Not needed.
* src/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS, libvirt_la_LIBADD): Add ../gnulib/lib/libgnu.la.
* src/nodeinfo.c: Include "physmem.h".
* qemud/qemud.c, src/remote_internal.c: Include "getaddrinfo.h".
(MEMINFO_PATH, linuxNodeInfoMemPopulate): Remove definitions.
(virNodeInfoPopulate): Use physmem_total, not linuxNodeInfoMemPopulate.
* tests/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS): Add ../gnulib/lib/libgnu.la.
* qemud/Makefile.am (libvirtd_LDADD): Add ../gnulib/lib/libgnu.la.
* tests/nodeinfotest.c (linuxTestCompareFiles): No longer read total
memory from a file.
Update expected output not to include "Memory: NNNN"
* tests/nodeinfodata/linux-nodeinfo-1.txt:
* tests/nodeinfodata/linux-nodeinfo-2.txt:
* tests/nodeinfodata/linux-nodeinfo-3.txt:
* tests/nodeinfodata/linux-nodeinfo-4.txt:
* tests/nodeinfodata/linux-nodeinfo-5.txt:
* tests/nodeinfodata/linux-nodeinfo-6.txt:
* src/test.c [WITH_TEST]: Remove definition of _GNU_SOURCE that
would conflict with the one now in "config.h".
* autogen.sh: Add -I gnulib/m4.
* src/conf.c, src/sexpr.c: Don't define _GNU_SOURCE.
Instead, include "config.h".
* qemud/qemud.c: Remove definition of _GNU_SOURCE.
* src/openvz_driver.c: Likewise.
* src/qemu_driver.c: Likewise.
* src/remote_internal.c: Likewise.
* configure.in: Use AC_CONFIG_AUX_DIR(build-aux), so that a bunch
of gettextize-generated files go into build-aux/, rather than in
the top-level directory.
* .cvsignore: Adjust.
* build-aux/.cvsignore: New file.
Author: Jim Meyering <meyering@redhat.com>
2007-12-06 05:31:07 +08:00
gl_EARLY
gl_INIT
2010-03-15 09:02:10 +08:00
AC_TYPE_UID_T
Use gnulib, starting with its physmem and getaddrinfo modules.
New files go into these directories:
gnulib/lib
gnulib/m4
gnulib/tests
* bootstrap: A wrapper around gnulib-tool.
* configure.in: Invoke gl_EARLY and gl_INIT, being careful to put gl_EARLY
before any macro that uses AC_COMPILE_IFELSE.
(AC_OUTPUT): Add lib/Makefile and gl-tests/Makefile. Remove m4/Makefile.
* Makefile.am (SUBDIRS): Add gnulib/lib and remove m4. Add gnulib/tests
early enough that those tests run before any libvirt unit tests.
* m4/Makefile.am: Remove file. Not needed.
* src/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS, libvirt_la_LIBADD): Add ../gnulib/lib/libgnu.la.
* src/nodeinfo.c: Include "physmem.h".
* qemud/qemud.c, src/remote_internal.c: Include "getaddrinfo.h".
(MEMINFO_PATH, linuxNodeInfoMemPopulate): Remove definitions.
(virNodeInfoPopulate): Use physmem_total, not linuxNodeInfoMemPopulate.
* tests/Makefile.am (INCLUDES): Add -I$(top_srcdir)/gnulib/lib -I../gnulib/lib.
(LDADDS): Add ../gnulib/lib/libgnu.la.
* qemud/Makefile.am (libvirtd_LDADD): Add ../gnulib/lib/libgnu.la.
* tests/nodeinfotest.c (linuxTestCompareFiles): No longer read total
memory from a file.
Update expected output not to include "Memory: NNNN"
* tests/nodeinfodata/linux-nodeinfo-1.txt:
* tests/nodeinfodata/linux-nodeinfo-2.txt:
* tests/nodeinfodata/linux-nodeinfo-3.txt:
* tests/nodeinfodata/linux-nodeinfo-4.txt:
* tests/nodeinfodata/linux-nodeinfo-5.txt:
* tests/nodeinfodata/linux-nodeinfo-6.txt:
* src/test.c [WITH_TEST]: Remove definition of _GNU_SOURCE that
would conflict with the one now in "config.h".
* autogen.sh: Add -I gnulib/m4.
* src/conf.c, src/sexpr.c: Don't define _GNU_SOURCE.
Instead, include "config.h".
* qemud/qemud.c: Remove definition of _GNU_SOURCE.
* src/openvz_driver.c: Likewise.
* src/qemu_driver.c: Likewise.
* src/remote_internal.c: Likewise.
* configure.in: Use AC_CONFIG_AUX_DIR(build-aux), so that a bunch
of gettextize-generated files go into build-aux/, rather than in
the top-level directory.
* .cvsignore: Adjust.
* build-aux/.cvsignore: New file.
Author: Jim Meyering <meyering@redhat.com>
2007-12-06 05:31:07 +08:00
2007-11-30 01:41:57 +08:00
dnl Support building Win32 DLLs (must appear *before* AM_PROG_LIBTOOL)
AC_LIBTOOL_WIN32_DLL
2013-04-02 23:52:31 +08:00
m4_ifndef([LT_INIT], [
AM_PROG_LIBTOOL
], [
LT_INIT([shared disable-static])
])
2007-03-16 01:24:56 +08:00
AM_PROG_CC_C_O
2010-04-27 15:43:55 +08:00
AM_PROG_LD
2007-03-16 01:24:56 +08:00
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
AC_MSG_CHECKING([for how to mark DSO non-deletable at runtime])
LIBVIRT_NODELETE=
`$LD --help 2>&1 | grep -- "-z nodelete" >/dev/null` && \
LIBVIRT_NODELETE="-Wl,-z -Wl,nodelete"
AC_MSG_RESULT([$LIBVIRT_NODELETE])
AC_SUBST([LIBVIRT_NODELETE])
AC_MSG_CHECKING([for how to set DSO symbol versions])
2008-12-18 05:39:41 +08:00
VERSION_SCRIPT_FLAGS=-Wl,--version-script=
2010-04-27 15:43:55 +08:00
`$LD --help 2>&1 | grep -- --version-script >/dev/null` || \
2008-12-18 05:39:41 +08:00
VERSION_SCRIPT_FLAGS="-Wl,-M -Wl,"
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS])
2008-12-18 05:39:41 +08:00
2013-09-18 00:25:42 +08:00
dnl Specify if we rely on ifconfig instead of iproute2 (e.g. in case
dnl we're working on BSD)
want_ifconfig=no
dnl Make some notes about which OS we're compiling for, as the lxc and qemu
dnl drivers require linux headers, and storage_mpath, dtrace, and nwfilter
dnl are also linux specific. The "network" and storage_fs drivers are known
dnl to not work on MacOS X presently, so we also make a note if compiling
dnl for that
with_linux=no with_osx=no with_freebsd=no
case $host in
*-*-linux*) with_linux=yes ;;
*-*-darwin*) with_osx=yes ;;
*-*-freebsd*) with_freebsd=yes ;;
2014-04-28 20:30:36 +08:00
*-*-mingw* | *-*-msvc* ) with_win=yes ;;
2013-09-18 00:25:42 +08:00
esac
if test $with_linux = no; then
if test "x$with_lxc" != xyes
then
with_lxc=no
fi
with_dtrace=no
fi
if test $with_freebsd = yes; then
want_ifconfig=yes
with_firewalld=no
fi
AM_CONDITIONAL([WITH_LINUX], [test "$with_linux" = "yes"])
AM_CONDITIONAL([WITH_FREEBSD], [test "$with_freebsd" = "yes"])
2014-04-28 20:30:36 +08:00
# We don't support the daemon yet
if test "$with_win" = "yes" ; then
with_libvirtd=no
fi
2013-09-28 07:09:20 +08:00
# The daemon requires remote support. Likewise, if we are not using
# RPC, we don't need several libraries.
if test "$with_remote" = "no" ; then
with_libvirtd=no
with_gnutls=no
with_ssh2=no
with_sasl=no
fi
# Stateful drivers are useful only when building the daemon.
2013-09-18 00:25:42 +08:00
if test "$with_libvirtd" = "no" ; then
with_qemu=no
2013-09-28 07:09:20 +08:00
with_xen=no
with_lxc=no
with_libxl=no
with_uml=no
with_vbox=no
2013-09-18 00:25:42 +08:00
fi
# Check for compiler and library settings.
2012-03-27 23:47:11 +08:00
LIBVIRT_COMPILE_WARNINGS
2013-04-03 18:32:15 +08:00
LIBVIRT_COMPILE_PIE
2013-04-03 19:36:32 +08:00
LIBVIRT_LINKER_RELRO
2013-08-13 19:49:05 +08:00
LIBVIRT_LINKER_NO_INDIRECT
2007-03-02 00:18:55 +08:00
2012-09-20 20:28:45 +08:00
LIBVIRT_CHECK_APPARMOR
2012-09-19 21:00:34 +08:00
LIBVIRT_CHECK_ATTR
2012-09-20 20:12:40 +08:00
LIBVIRT_CHECK_AUDIT
2012-09-20 22:22:09 +08:00
LIBVIRT_CHECK_AVAHI
2012-09-20 22:52:14 +08:00
LIBVIRT_CHECK_BLKID
2012-09-20 20:58:37 +08:00
LIBVIRT_CHECK_CAPNG
2013-01-09 05:31:58 +08:00
LIBVIRT_CHECK_CURL
2012-09-20 22:12:08 +08:00
LIBVIRT_CHECK_DBUS
2013-01-09 05:06:57 +08:00
LIBVIRT_CHECK_FUSE
2013-11-20 07:26:05 +08:00
LIBVIRT_CHECK_GLUSTER
2012-09-20 22:39:12 +08:00
LIBVIRT_CHECK_HAL
2012-09-20 22:14:52 +08:00
LIBVIRT_CHECK_NETCF
2012-09-20 20:47:23 +08:00
LIBVIRT_CHECK_NUMACTL
2013-01-09 06:08:53 +08:00
LIBVIRT_CHECK_OPENWSMAN
2012-09-20 22:34:13 +08:00
LIBVIRT_CHECK_PCIACCESS
2013-05-02 10:54:57 +08:00
LIBVIRT_CHECK_READLINE
2012-09-20 20:04:57 +08:00
LIBVIRT_CHECK_SANLOCK
2012-09-20 20:06:12 +08:00
LIBVIRT_CHECK_SASL
2012-09-20 20:21:48 +08:00
LIBVIRT_CHECK_SELINUX
2013-01-09 05:47:55 +08:00
LIBVIRT_CHECK_SSH2
2014-02-21 20:06:42 +08:00
LIBVIRT_CHECK_SYSTEMD_DAEMON
2012-09-20 22:34:13 +08:00
LIBVIRT_CHECK_UDEV
2012-09-20 20:03:27 +08:00
LIBVIRT_CHECK_YAJL
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 23:02:11 +08:00
AC_MSG_CHECKING([for CPUID instruction])
2010-12-13 21:44:47 +08:00
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 23:02:11 +08:00
[[
#include <stdint.h>
]],
[[
uint32_t eax, ebx, ecx, edx;
asm volatile (
"cpuid"
: "=a" (eax), "=b" (ebx), "=c" (ecx), "=d" (edx)
: "a" (eax));
2010-12-13 21:44:47 +08:00
]])],
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 23:02:11 +08:00
[have_cpuid=yes],
[have_cpuid=no])
if test "x$have_cpuid" = xyes; then
AC_DEFINE_UNQUOTED([HAVE_CPUID], 1, [whether CPUID instruction is supported])
fi
AC_MSG_RESULT([$have_cpuid])
2011-05-30 18:58:57 +08:00
AC_CHECK_SIZEOF([long])
Adds CPU selection infrastructure
Each driver supporting CPU selection must fill in host CPU capabilities.
When filling them, drivers for hypervisors running on the same node as
libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
such as VMware, need to implement their own way of getting such data.
Raw data can be decoded into virCPUDefPtr using cpuDecode() function.
When implementing virConnectCompareCPU(), a hypervisor driver can just
call cpuCompareXML() function with host CPU capabilities.
For each guest for which a driver supports selecting CPU models, it must
set the appropriate feature in guest's capabilities:
virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)
Actions needed when a domain is being created depend on whether the
hypervisor understands raw CPU data (currently CPUID for i686, x86_64
architectures) or symbolic names has to be used.
Typical use by hypervisors which prefer CPUID (such as VMware and Xen):
- convert guest CPU configuration from domain's XML into a set of raw
data structures each representing one of the feature policies:
cpuEncode(conn, architecture, guest_cpu_config,
&forced_data, &required_data, &optional_data,
&disabled_data, &forbidden_data)
- create a mask or whatever the hypervisor expects to see and pass it
to the hypervisor
Typical use by hypervisors with symbolic model names (such as QEMU):
- get raw CPU data for a computed guest CPU:
cpuGuestData(conn, host_cpu, guest_cpu_config, &data)
- decode raw data into virCPUDefPtr with a possible restriction on
allowed model names:
cpuDecode(conn, guest, data, n_allowed_models, allowed_models)
- pass guest->model and guest->features to the hypervisor
* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
* configure.in: check for CPUID instruction
* src/Makefile.am: glue the new files in
* src/libvirt_private.syms: add new private symbols
* po/POTFILES.in: add new cpu files containing translatable strings
2009-12-18 23:02:11 +08:00
2010-12-24 10:26:15 +08:00
dnl Availability of various common functions (non-fatal if missing),
dnl and various less common threadsafe functions
2013-10-01 00:57:35 +08:00
AC_CHECK_FUNCS_ONCE([cfmakeraw fallocate geteuid getgid getgrnam_r \
getmntent_r getpwuid_r getuid kill mmap newlocale posix_fallocate \
posix_memalign prlimit regexec sched_getaffinity setgroups setns \
2014-07-06 17:53:40 +08:00
setrlimit symlink sysctlbyname getifaddrs])
2010-04-29 10:39:11 +08:00
2014-01-23 00:17:10 +08:00
dnl Availability of pthread functions. Because of $LIB_PTHREAD, we
dnl cannot use AC_CHECK_FUNCS_ONCE. LIB_PTHREAD and LIBMULTITHREAD
dnl were set during gl_INIT by gnulib.
2010-04-29 10:39:11 +08:00
old_LIBS=$LIBS
2011-11-05 04:53:15 +08:00
LIBS="$LIBS $LIB_PTHREAD $LIBMULTITHREAD"
2014-01-23 00:17:10 +08:00
pthread_found=yes
2011-07-06 22:46:15 +08:00
AC_CHECK_FUNCS([pthread_mutexattr_init])
2014-01-23 00:17:10 +08:00
AC_CHECK_HEADER([pthread.h],,[pthread_found=no])
if test "$ac_cv_func_pthread_mutexattr_init:$pthread_found" != "yes:yes"
then
AC_MSG_ERROR([A pthreads impl is required for building libvirt])
fi
2014-01-11 05:01:10 +08:00
dnl At least mingw64-winpthreads #defines pthread_sigmask to 0,
dnl which in turn causes compilation to complain about unused variables.
dnl Expose this broken implementation, so we can work around it.
AC_CACHE_CHECK([whether pthread_sigmask does anything],
[lv_cv_pthread_sigmask_works],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <signal.h>
]], [[
2014-01-29 21:54:11 +08:00
#ifdef pthread_sigmask
int (*foo)(int, const sigset_t *, sigset_t *) = &pthread_sigmask;
return !foo;
#endif
2014-01-11 05:01:10 +08:00
]])], [lv_cv_pthread_sigmask_works=yes], [lv_cv_pthread_sigmask_works=no])])
if test "x$lv_cv_pthread_sigmask_works" != xyes; then
AC_DEFINE([FUNC_PTHREAD_SIGMASK_BROKEN], [1],
[Define to 1 if pthread_sigmask is not a real function])
fi
2010-04-29 10:39:11 +08:00
LIBS=$old_libs
2009-01-21 01:13:33 +08:00
2007-06-15 23:24:20 +08:00
dnl Availability of various common headers (non-fatal if missing).
2011-05-17 03:27:42 +08:00
AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/un.h \
2010-09-23 02:32:21 +08:00
sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \
2013-08-11 22:30:56 +08:00
sys/un.h sys/syscall.h sys/sysctl.h netinet/tcp.h ifaddrs.h \
libtasn1.h sys/ucred.h sys/mount.h])
2012-10-02 06:38:56 +08:00
dnl Check whether endian provides handy macros.
AC_CHECK_DECLS([htole64], [], [], [[#include <endian.h>]])
2011-07-23 01:59:37 +08:00
2012-07-11 21:35:43 +08:00
dnl We need to decide at configure time if libvirt will use real atomic
dnl operations ("lock free") or emulated ones with a mutex.
dnl Note that the atomic ops are only available with GCC on x86 when
dnl using -march=i486 or higher. If we detect that the atomic ops are
dnl not available but would be available given the right flags, we want
dnl to abort and advise the user to fix their CFLAGS. It's better to do
dnl that then to silently fall back on emulated atomic ops just because
dnl the user had the wrong build environment.
atomic_ops=
AC_MSG_CHECKING([for atomic ops implementation])
AC_TRY_COMPILE([], [__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4;],[
atomic_ops=gcc
],[])
if test "$atomic_ops" = "" ; then
SAVE_CFLAGS="${CFLAGS}"
CFLAGS="-march=i486"
AC_TRY_COMPILE([],
[__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4;],
[AC_MSG_ERROR([Libvirt must be built with -march=i486 or later.])],
[])
CFLAGS="${SAVE_CFLAGS}"
case "$host" in
*-*-mingw* | *-*-msvc* )
atomic_ops=win32
;;
*)
if test "$ac_cv_header_pthread_h" = "yes" ; then
atomic_ops=pthread
else
AC_MSG_ERROR([Libvirt must be built with GCC or have pthread.h on non-Win32 platforms])
fi
;;
esac
fi
case "$atomic_ops" in
gcc)
AC_DEFINE([VIR_ATOMIC_OPS_GCC],[1],[Use GCC atomic ops])
;;
win32)
AC_DEFINE([VIR_ATOMIC_OPS_WIN32],[1],[Use Win32 atomic ops])
;;
pthread)
AC_DEFINE([VIR_ATOMIC_OPS_PTHREAD],[1],[Use pthread atomic ops emulation])
;;
esac
AM_CONDITIONAL([WITH_ATOMIC_OPS_PTHREAD],[test "$atomic_ops" = "pthread"])
AC_MSG_RESULT([$atomic_ops])
2012-09-06 06:27:42 +08:00
AC_CHECK_TYPE([struct ifreq],
[AC_DEFINE([HAVE_STRUCT_IFREQ],[1],
[Defined if struct ifreq exists in net/if.h])],
[], [[#include <sys/socket.h>
#include <net/if.h>
]])
2011-12-01 21:31:18 +08:00
2011-07-23 01:59:37 +08:00
dnl Our only use of libtasn1.h is in the testsuite, and can be skipped
dnl if the header is not present. Assume -ltasn1 is present if the
dnl header could be found.
AM_CONDITIONAL([HAVE_LIBTASN1], [test "x$ac_cv_header_libtasn1_h" = "xyes"])
2007-06-15 23:24:20 +08:00
2008-09-05 20:03:45 +08:00
AC_CHECK_LIB([intl],[gettext],[])
2007-11-26 19:45:26 +08:00
dnl Do we have rpcgen?
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([RPCGEN], [rpcgen], [no])
2009-01-29 05:33:56 +08:00
AM_CONDITIONAL([HAVE_RPCGEN], [test "x$ac_cv_path_RPCGEN" != "xno"])
2007-12-05 03:14:11 +08:00
dnl Is this GLIBC's buggy rpcgen?
2009-01-29 05:33:56 +08:00
AM_CONDITIONAL([HAVE_GLIBC_RPCGEN],
2007-12-05 03:14:11 +08:00
[test "x$ac_cv_path_RPCGEN" != "xno" &&
$ac_cv_path_RPCGEN -t </dev/null >/dev/null 2>&1])
2007-11-26 19:45:26 +08:00
2007-11-30 01:41:57 +08:00
dnl Miscellaneous external programs.
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([XMLLINT], [xmllint], [/usr/bin/xmllint])
2008-08-20 21:16:29 +08:00
AC_PATH_PROG([XMLCATALOG], [xmlcatalog], [/usr/bin/xmlcatalog])
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([XSLTPROC], [xsltproc], [/usr/bin/xsltproc])
2008-09-04 18:44:23 +08:00
AC_PATH_PROG([AUGPARSE], [augparse], [/usr/bin/augparse])
2008-06-10 18:43:28 +08:00
AC_PROG_MKDIR_P
2007-11-30 01:41:57 +08:00
dnl External programs that we can use if they are available.
dnl We will hard-code paths to these programs unless we cannot
dnl detect them, in which case we'll search for the program
dnl along the $PATH at runtime and fail if it's not there.
2014-01-18 03:17:32 +08:00
AC_PATH_PROG([DMIDECODE], [dmidecode], [dmidecode],
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([DNSMASQ], [dnsmasq], [dnsmasq],
2007-11-30 01:41:57 +08:00
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2010-12-20 14:14:11 +08:00
AC_PATH_PROG([RADVD], [radvd], [radvd],
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2011-07-22 22:07:27 +08:00
AC_PATH_PROG([TC], [tc], [tc],
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2008-11-28 15:50:20 +08:00
AC_PATH_PROG([UDEVADM], [udevadm], [],
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2008-12-02 20:41:29 +08:00
AC_PATH_PROG([UDEVSETTLE], [udevsettle], [],
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2012-02-22 18:18:59 +08:00
AC_PATH_PROG([MODPROBE], [modprobe], [modprobe],
2009-03-03 00:18:11 +08:00
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2014-01-29 22:36:26 +08:00
AC_PATH_PROG([RMMOD], [rmmod], [rmmod],
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2012-02-11 05:09:00 +08:00
AC_PATH_PROG([OVSVSCTL], [ovs-vsctl], [ovs-vsctl],
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
2012-02-22 18:18:59 +08:00
AC_PATH_PROG([SCRUB], [scrub], [scrub],
2012-02-14 18:09:42 +08:00
[/sbin:/usr/sbin:/usr/local/sbin:$PATH])
Introduce new OOM testing support
The previous OOM testing support would re-run the entire "main"
method each iteration, failing a different malloc each time.
When a test suite has 'n' allocations, the number of repeats
requires is (n * (n + 1) ) / 2. This gets very large, very
quickly.
This new OOM testing support instead integrates at the
virtTestRun level, so each individual test case gets repeated,
instead of the entire test suite. This means the values of
'n' are orders of magnitude smaller.
The simple usage is
$ VIR_TEST_OOM=1 ./qemuxml2argvtest
...
29) QEMU XML-2-ARGV clock-utc ... OK
Test OOM for nalloc=36 .................................... OK
30) QEMU XML-2-ARGV clock-localtime ... OK
Test OOM for nalloc=36 .................................... OK
31) QEMU XML-2-ARGV clock-france ... OK
Test OOM for nalloc=38 ...................................... OK
...
the second lines reports how many mallocs have to be failed, and thus
how many repeats of the test will be run.
If it crashes, then running under valgrind will often show the problem
$ VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest
When debugging problems it is also helpful to select an individual
test case
$ VIR_TEST_RANGE=30 VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest
When things get really tricky, it is possible to request that just
specific allocs are failed. eg to fail allocs 5 -> 12, use
$ VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-12 ../run valgrind ./qemuxml2argvtest
In the worse case, you might want to know the stack trace of the
alloc which was failed then VIR_TEST_OOM_TRACE can be set. If it
is set to 1 then it will only print if it thinks a mistake happened.
This is often not reliable, so setting it to 2 will make it print
the stack trace for every alloc that is failed.
$ VIR_TEST_OOM_TRACE=2 VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-5 ../run valgrind ./qemuxml2argvtest
30) QEMU XML-2-ARGV clock-localtime ... OK
Test OOM for nalloc=36 !virAllocN
/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
virHashCreateFull
/home/berrange/src/virt/libvirt/src/util/virhash.c:144
virDomainDefParseXML
/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11745
virDomainDefParseNode
/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12646
virDomainDefParse
/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12590
testCompareXMLToArgvFiles
/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:106
virtTestRun
/home/berrange/src/virt/libvirt/tests/testutils.c:250
mymain
/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:418 (discriminator 2)
virtTestMain
/home/berrange/src/virt/libvirt/tests/testutils.c:750
??
??:0
_start
??:?
FAILED
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-23 21:21:52 +08:00
AC_PATH_PROG([ADDR2LINE], [addr2line], [addr2line],
[/sbin:/usr/bin:/usr/sbin:/usr/local/sbin:$PATH])
2007-11-30 01:41:57 +08:00
2014-01-18 03:17:32 +08:00
AC_DEFINE_UNQUOTED([DMIDECODE],["$DMIDECODE"],
[Location or name of the dmidecode program])
2007-11-30 01:41:57 +08:00
AC_DEFINE_UNQUOTED([DNSMASQ],["$DNSMASQ"],
[Location or name of the dnsmasq program])
2010-12-20 14:14:11 +08:00
AC_DEFINE_UNQUOTED([RADVD],["$RADVD"],
[Location or name of the radvd program])
2011-07-22 22:07:27 +08:00
AC_DEFINE_UNQUOTED([TC],["$TC"],
2014-03-21 17:04:59 +08:00
[Location or name of the tc program (see iproute2)])
2012-02-11 05:09:00 +08:00
AC_DEFINE_UNQUOTED([OVSVSCTL],["$OVSVSCTL"],
[Location or name of the ovs-vsctl program])
2008-11-28 15:50:20 +08:00
if test -n "$UDEVADM"; then
AC_DEFINE_UNQUOTED([UDEVADM],["$UDEVADM"],
[Location or name of the udevadm program])
fi
2008-12-02 20:41:29 +08:00
if test -n "$UDEVSETTLE"; then
AC_DEFINE_UNQUOTED([UDEVSETTLE],["$UDEVSETTLE"],
[Location or name of the udevsettle program])
fi
2009-03-03 00:18:11 +08:00
if test -n "$MODPROBE"; then
AC_DEFINE_UNQUOTED([MODPROBE],["$MODPROBE"],
[Location or name of the modprobe program])
fi
2014-01-29 22:36:26 +08:00
if test -n "$RMMOD"; then
AC_DEFINE_UNQUOTED([RMMOD],["$RMMOD"],
[Location or name of the rmmod program])
fi
2012-02-14 18:09:42 +08:00
AC_DEFINE_UNQUOTED([SCRUB],["$SCRUB"],
[Location or name of the scrub program (for wiping algorithms)])
Introduce new OOM testing support
The previous OOM testing support would re-run the entire "main"
method each iteration, failing a different malloc each time.
When a test suite has 'n' allocations, the number of repeats
requires is (n * (n + 1) ) / 2. This gets very large, very
quickly.
This new OOM testing support instead integrates at the
virtTestRun level, so each individual test case gets repeated,
instead of the entire test suite. This means the values of
'n' are orders of magnitude smaller.
The simple usage is
$ VIR_TEST_OOM=1 ./qemuxml2argvtest
...
29) QEMU XML-2-ARGV clock-utc ... OK
Test OOM for nalloc=36 .................................... OK
30) QEMU XML-2-ARGV clock-localtime ... OK
Test OOM for nalloc=36 .................................... OK
31) QEMU XML-2-ARGV clock-france ... OK
Test OOM for nalloc=38 ...................................... OK
...
the second lines reports how many mallocs have to be failed, and thus
how many repeats of the test will be run.
If it crashes, then running under valgrind will often show the problem
$ VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest
When debugging problems it is also helpful to select an individual
test case
$ VIR_TEST_RANGE=30 VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest
When things get really tricky, it is possible to request that just
specific allocs are failed. eg to fail allocs 5 -> 12, use
$ VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-12 ../run valgrind ./qemuxml2argvtest
In the worse case, you might want to know the stack trace of the
alloc which was failed then VIR_TEST_OOM_TRACE can be set. If it
is set to 1 then it will only print if it thinks a mistake happened.
This is often not reliable, so setting it to 2 will make it print
the stack trace for every alloc that is failed.
$ VIR_TEST_OOM_TRACE=2 VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-5 ../run valgrind ./qemuxml2argvtest
30) QEMU XML-2-ARGV clock-localtime ... OK
Test OOM for nalloc=36 !virAllocN
/home/berrange/src/virt/libvirt/src/util/viralloc.c:180
virHashCreateFull
/home/berrange/src/virt/libvirt/src/util/virhash.c:144
virDomainDefParseXML
/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11745
virDomainDefParseNode
/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12646
virDomainDefParse
/home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12590
testCompareXMLToArgvFiles
/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:106
virtTestRun
/home/berrange/src/virt/libvirt/tests/testutils.c:250
mymain
/home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:418 (discriminator 2)
virtTestMain
/home/berrange/src/virt/libvirt/tests/testutils.c:750
??
??:0
_start
??:?
FAILED
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-23 21:21:52 +08:00
AC_DEFINE_UNQUOTED([ADDR2LINE],["$ADDR2LINE"],
[Location of addr2line program])
2007-11-30 01:41:57 +08:00
2005-12-07 21:45:20 +08:00
dnl Specific dir for HTML output ?
2013-09-06 05:24:55 +08:00
AC_ARG_WITH([html-dir], [AS_HELP_STRING([--with-html-dir=path],
2008-05-22 23:34:02 +08:00
[path to base html directory, default $datadir/doc/html])],
2005-12-07 21:45:20 +08:00
[HTML_DIR=$withval], [HTML_DIR='$(datadir)/doc'])
2013-09-06 05:24:55 +08:00
AC_ARG_WITH([html-subdir], [AS_HELP_STRING([--with-html-subdir=path],
2008-05-22 23:34:02 +08:00
[directory used under html-dir, default $PACKAGE-$VERSION/html])],
2005-12-07 21:45:20 +08:00
[test "x$withval" != "x" && HTML_DIR="$HTML_DIR/$withval"],
[HTML_DIR="$HTML_DIR/\$(PACKAGE)-\$(VERSION)/html"])
2008-05-22 23:34:02 +08:00
AC_SUBST([HTML_DIR])
2005-12-07 21:45:20 +08:00
2010-10-26 23:07:00 +08:00
dnl Specific XML catalog file for validation of generated html
AC_ARG_WITH([xml-catalog-file],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-xml-catalog-file=path],
2010-10-26 23:07:00 +08:00
[path to XML catalog file for validating
generated html, default /etc/xml/catalog])],
[XML_CATALOG_FILE=$withval],
[XML_CATALOG_FILE='/etc/xml/catalog'])
AC_SUBST([XML_CATALOG_FILE])
2007-11-27 22:39:42 +08:00
dnl if --prefix is /usr, don't use /usr/var for localstatedir
dnl or /usr/etc for sysconfdir
dnl as this makes a lot of things break in testing situations
2010-03-24 16:10:13 +08:00
if test "$prefix" = "/usr" && test "$localstatedir" = '${prefix}/var' ; then
2007-11-27 22:39:42 +08:00
localstatedir='/var'
fi
2010-03-24 16:10:13 +08:00
if test "$prefix" = "/usr" && test "$sysconfdir" = '${prefix}/etc' ; then
2007-11-27 22:39:42 +08:00
sysconfdir='/etc'
fi
2007-06-11 20:19:46 +08:00
dnl Allow to build without Xen, QEMU/KVM, test or remote driver
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([xen],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-xen],
2013-09-06 04:32:25 +08:00
[add XEN support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_xen=check])
2008-11-25 18:44:52 +08:00
AC_ARG_WITH([xen-inotify],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-xen-inotify],
2013-09-06 04:32:25 +08:00
[add XEN inotify support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_xen_inotify=check])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([qemu],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-qemu],
2013-09-06 04:32:25 +08:00
[add QEMU/KVM support @<:@default=yes@:>@])])
m4_divert_text([DEFAULTS], [with_qemu=yes])
2008-11-20 00:58:23 +08:00
AC_ARG_WITH([uml],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-uml],
2013-09-06 04:32:25 +08:00
[add UML support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_uml=check])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([openvz],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-openvz],
2013-09-06 04:32:25 +08:00
[add OpenVZ support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_openvz=check])
2010-12-17 18:28:20 +08:00
AC_ARG_WITH([vmware],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-vmware],
2013-09-06 04:32:25 +08:00
[add VMware support @<:@default=yes@:>@])])
m4_divert_text([DEFAULTS], [with_vmware=yes])
2009-07-24 22:17:06 +08:00
AC_ARG_WITH([phyp],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-phyp],
2013-09-06 04:32:25 +08:00
[add PHYP support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_phyp=check])
2010-03-14 19:11:51 +08:00
AC_ARG_WITH([xenapi],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-xenapi],
2013-09-06 04:32:25 +08:00
[add XenAPI support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_xenapi=check])
2011-02-11 06:42:34 +08:00
AC_ARG_WITH([libxl],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-libxl],
2013-09-06 04:32:25 +08:00
[add libxenlight support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_libxl=check])
2009-04-18 00:09:07 +08:00
AC_ARG_WITH([vbox],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-vbox=@<:@PFX@:>@],
2013-09-06 04:32:25 +08:00
[VirtualBox XPCOMC location @<:@default=yes@:>@])])
m4_divert_text([DEFAULTS], [with_vbox=yes])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([lxc],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-lxc],
2013-09-06 04:32:25 +08:00
[add Linux Container support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_lxc=check])
2009-07-24 04:21:08 +08:00
AC_ARG_WITH([esx],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-esx],
2013-09-06 04:32:25 +08:00
[add ESX support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_esx=check])
2011-07-13 22:05:18 +08:00
AC_ARG_WITH([hyperv],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-hyperv],
2013-09-06 04:32:25 +08:00
[add Hyper-V support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_hyperv=check])
2012-08-01 02:56:05 +08:00
AC_ARG_WITH([parallels],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-parallels],
2013-09-06 04:32:25 +08:00
[add Parallels Cloud Server support @<:@default=check@:>@])])
m4_divert_text([DEFAULTS], [with_parallels=check])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([test],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-test],
2013-09-06 04:32:25 +08:00
[add test driver support @<:@default=yes@:>@])])
m4_divert_text([DEFAULTS], [with_test=yes])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([remote],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-remote],
2013-09-06 04:32:25 +08:00
[add remote driver support @<:@default=yes@:>@])])
m4_divert_text([DEFAULTS], [with_remote=yes])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([libvirtd],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-libvirtd],
2013-09-06 04:32:25 +08:00
[add libvirtd support @<:@default=yes@:>@])])
m4_divert_text([DEFAULTS], [with_libvirtd=yes])
2013-01-02 23:38:52 +08:00
AC_ARG_WITH([chrdev-lock-files],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-chrdev-lock-files],
[location for UUCP style lock files for character devices
2013-09-06 04:32:25 +08:00
(use auto for default paths on some platforms) @<:@default=auto@:>@])])
m4_divert_text([DEFAULTS], [with_chrdev_lock_files=auto])
2014-04-11 15:20:48 +08:00
AC_ARG_WITH([pm-utils],
[AS_HELP_STRING([--with-pm-utils],
[use pm-utils for power management @<:@default=yes@:>@])])
m4_divert_text([DEFAULTS], [with_pm_utils=check])
2007-03-15 15:43:16 +08:00
2005-12-02 20:11:06 +08:00
dnl
2010-09-09 23:06:00 +08:00
dnl in case someone want to build static binaries
dnl STATIC_BINARIES="-static"
2005-12-02 20:11:06 +08:00
dnl
2010-09-09 23:06:00 +08:00
STATIC_BINARIES=
2008-05-22 23:34:02 +08:00
AC_SUBST([STATIC_BINARIES])
2005-12-02 20:11:06 +08:00
2007-02-17 02:30:55 +08:00
dnl --enable-debug=(yes|no)
2008-05-22 23:34:02 +08:00
AC_ARG_ENABLE([debug],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--enable-debug=@<:@no|yes@:>@],
[enable debugging output @<:@default=yes@:>@])],
[],[enable_debug=yes])
2009-01-05 22:05:29 +08:00
AM_CONDITIONAL([ENABLE_DEBUG], test x"$enable_debug" = x"yes")
2007-02-17 02:30:55 +08:00
if test x"$enable_debug" = x"yes"; then
2008-05-22 23:34:02 +08:00
AC_DEFINE([ENABLE_DEBUG], [], [whether debugging is enabled])
2007-02-17 02:30:55 +08:00
fi
2007-08-07 21:02:35 +08:00
2007-06-11 20:19:46 +08:00
2007-02-23 20:50:58 +08:00
dnl
dnl init script flavor
dnl
AC_MSG_CHECKING([for init script flavor])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([init-script],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-init-script@<:@=STYLE@:>@],
[Style of init script to install: redhat, systemd, systemd+redhat,
upstart, check, none @<:@default=check@:>@])],
[],[with_init_script=check])
2011-07-07 21:45:07 +08:00
init_redhat=no
init_systemd=no
init_upstart=no
case "$with_init_script" in
systemd+redhat)
init_redhat=yes
init_systemd=yes
;;
systemd)
init_systemd=yes
;;
upstart)
init_upstart=yes
;;
redhat)
init_redhat=yes
;;
none)
;;
check)
if test "$cross_compiling" != yes && test -f /etc/redhat-release; then
init_redhat=yes
with_init_script=redhat
fi
;;
*)
AC_MSG_ERROR([Unknown initscript flavour $with_init_script])
;;
esac
AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_RED_HAT], test "$init_redhat" = "yes")
AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_UPSTART], test "$init_upstart" = "yes")
AM_CONDITIONAL([LIBVIRT_INIT_SCRIPT_SYSTEMD], test "$init_systemd" = "yes")
2009-11-03 00:55:40 +08:00
AC_MSG_RESULT($with_init_script)
2007-02-23 20:50:58 +08:00
2012-04-04 18:16:34 +08:00
AC_MSG_CHECKING([for whether to install sysctl config])
AC_ARG_WITH([sysctl],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-sysctl@<:@=yes/no@:>@],
[Whether to install sysctl configs @<:@default=check@:>@])],
[],[with_sysctl=check])
2012-04-04 18:16:34 +08:00
if test "$with_sysctl" = "yes" || test "$with_sysctl" = "check"
then
case $host in
*-*-linux*)
with_sysctl=yes
;;
**)
if test "$with_sysctl" = "yes"; then
AC_MSG_ERROR([No sysctl configuration supported for $host])
else
with_sysctl=no
fi
;;
esac
fi
AM_CONDITIONAL([WITH_SYSCTL], test "$with_sysctl" = "yes")
AC_MSG_RESULT($with_sysctl)
2009-01-20 01:41:39 +08:00
dnl RHEL-5 has a peculiar version of Xen, which requires some special casing
AC_ARG_WITH([rhel5-api],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-rhel5-api=@<:@ARG@:>@],
2010-01-17 22:48:45 +08:00
[build for the RHEL-5 API @<:@default=no@:>@])])
2009-01-20 01:41:39 +08:00
if test x"$with_rhel5_api" = x"yes"; then
AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API])
fi
2010-12-15 01:14:39 +08:00
AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [/usr/sbin:$PATH])
AC_DEFINE_UNQUOTED([IP_PATH], "$IP_PATH", [path to ip binary])
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH])
AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary])
2007-02-15 00:26:42 +08:00
2010-12-09 03:09:25 +08:00
AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH])
AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary])
2009-11-04 06:11:01 +08:00
AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH])
AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary])
2010-03-26 01:46:12 +08:00
2011-05-29 18:40:24 +08:00
dnl
dnl Checks for the OpenVZ driver
dnl
if test "$with_openvz" = "check"; then
with_openvz=$with_linux
fi
if test "$with_openvz" = "yes" && test "$with_linux" = "no"; then
AC_MSG_ERROR([The OpenVZ driver can be enabled on Linux only.])
fi
2008-08-21 04:48:35 +08:00
if test "$with_openvz" = "yes"; then
2008-11-05 07:37:23 +08:00
AC_DEFINE_UNQUOTED([WITH_OPENVZ], 1, [whether OpenVZ driver is enabled])
2007-07-17 21:27:26 +08:00
fi
2008-08-21 04:48:35 +08:00
AM_CONDITIONAL([WITH_OPENVZ], [test "$with_openvz" = "yes"])
2011-05-29 18:40:24 +08:00
dnl
dnl Checks for the VMware Workstation/Player driver
dnl
2010-12-17 18:28:20 +08:00
if test "$with_vmware" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_VMWARE], 1, [whether VMware driver is enabled])
fi
AM_CONDITIONAL([WITH_VMWARE], [test "$with_vmware" = "yes"])
2010-06-30 02:01:45 +08:00
2011-05-29 18:40:24 +08:00
2010-08-13 05:45:20 +08:00
dnl
dnl check for XDR
dnl
if test x"$with_remote" = x"yes" || test x"$with_libvirtd" = x"yes"; then
dnl Where are the XDR functions?
dnl If portablexdr is installed, prefer that.
dnl Otherwise try -lrpc (Cygwin) -lxdr (some MinGW), -lnsl (Solaris)
2011-05-10 23:42:06 +08:00
dnl -ltirpc (glibc 2.13.90 or newer) or none (most Unix)
2010-08-13 05:45:20 +08:00
AC_CHECK_LIB([portablexdr],[xdrmem_create],[],[
2011-05-10 23:42:06 +08:00
AC_SEARCH_LIBS([xdrmem_create],[rpc xdr nsl tirpc],[],
2010-08-13 05:45:20 +08:00
[AC_MSG_ERROR([Cannot find a XDR library])])
])
dnl check for cygwin's variation in xdr function names
AC_CHECK_FUNCS([xdr_u_int64_t],[],[],[#include <rpc/xdr.h>])
2010-12-08 11:35:08 +08:00
2011-05-10 23:42:06 +08:00
dnl Cygwin/recent glibc requires -I/usr/include/tirpc for <rpc/rpc.h>
2010-12-08 11:35:08 +08:00
old_CFLAGS=$CFLAGS
AC_CACHE_CHECK([where to find <rpc/rpc.h>], [lv_cv_xdr_cflags], [
for add_CFLAGS in '' '-I/usr/include/tirpc' 'missing'; do
if test x"$add_CFLAGS" = xmissing; then
lv_cv_xdr_cflags=missing; break
fi
CFLAGS="$old_CFLAGS $add_CFLAGS"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <rpc/rpc.h>
]])], [lv_cv_xdr_cflags=${add_CFLAGS:-none}; break])
done
])
CFLAGS=$old_CFLAGS
case $lv_cv_xdr_cflags in
none) XDR_CFLAGS= ;;
missing) AC_MSG_ERROR([Unable to find <rpc/rpc.h>]) ;;
*) XDR_CFLAGS=$lv_cv_xdr_cflags ;;
esac
AC_SUBST([XDR_CFLAGS])
2010-08-13 05:45:20 +08:00
fi
2011-06-10 03:47:43 +08:00
dnl
dnl check for libdl
dnl
dlfcn_found=yes
dlopen_found=yes
AC_CHECK_HEADER([dlfcn.h],, [dlfcn_found=no])
AC_SEARCH_LIBS([dlopen], [dl],, [dlopen_found=no])
case $ac_cv_search_dlopen:$host_os in
'none required'* | *:mingw* | *:msvc*) DLOPEN_LIBS= ;;
no*) AC_MSG_ERROR([Unable to find dlopen()]) ;;
*) if test "x$dlfcn_found" != "xyes"; then
AC_MSG_ERROR([Unable to find dlfcn.h])
fi
DLOPEN_LIBS=$ac_cv_search_dlopen ;;
esac
AC_SUBST([DLOPEN_LIBS])
2010-06-30 02:01:45 +08:00
dnl
dnl check for VirtualBox XPCOMC location
dnl
vbox_xpcomc_dir=
2010-10-23 03:25:03 +08:00
if test "x$with_vbox" != "xyes" && test "x$with_vbox" != "xno"; then
# intentionally don't do any further checks here on the provided path
vbox_xpcomc_dir=$with_vbox
with_vbox=yes
2010-06-30 02:01:45 +08:00
fi
AC_DEFINE_UNQUOTED([VBOX_XPCOMC_DIR], ["$vbox_xpcomc_dir"],
[Location of directory containing VirtualBox XPCOMC library])
2009-04-18 00:09:07 +08:00
if test "x$with_vbox" = "xyes"; then
AC_DEFINE_UNQUOTED([WITH_VBOX], 1, [whether VirtualBox driver is enabled])
fi
AM_CONDITIONAL([WITH_VBOX], [test "$with_vbox" = "yes"])
2007-09-19 07:36:30 +08:00
if test "$with_qemu" = "yes" ; then
2008-11-05 07:37:23 +08:00
AC_DEFINE_UNQUOTED([WITH_QEMU], 1, [whether QEMU driver is enabled])
2007-03-15 15:43:16 +08:00
fi
2008-08-21 04:48:35 +08:00
AM_CONDITIONAL([WITH_QEMU], [test "$with_qemu" = "yes"])
2007-03-15 15:43:16 +08:00
2007-09-19 07:36:30 +08:00
if test "$with_test" = "yes" ; then
2008-11-05 07:37:23 +08:00
AC_DEFINE_UNQUOTED([WITH_TEST], 1, [whether Test driver is enabled])
2007-03-15 15:43:16 +08:00
fi
2008-08-21 04:48:35 +08:00
AM_CONDITIONAL([WITH_TEST], [test "$with_test" = "yes"])
2007-03-15 15:43:16 +08:00
2007-09-19 07:36:30 +08:00
if test "$with_remote" = "yes" ; then
2008-11-05 07:37:23 +08:00
AC_DEFINE_UNQUOTED([WITH_REMOTE], 1, [whether Remote driver is enabled])
2007-06-11 20:19:46 +08:00
fi
2008-08-21 04:48:35 +08:00
AM_CONDITIONAL([WITH_REMOTE], [test "$with_remote" = "yes"])
2007-06-11 20:19:46 +08:00
2008-06-10 23:35:15 +08:00
if test "$with_libvirtd" = "yes" ; then
2008-11-05 07:37:23 +08:00
AC_DEFINE_UNQUOTED([WITH_LIBVIRTD], 1, [whether libvirtd daemon is enabled])
2008-06-10 23:35:15 +08:00
fi
2008-08-21 04:48:35 +08:00
AM_CONDITIONAL([WITH_LIBVIRTD], [test "$with_libvirtd" = "yes"])
2008-06-10 23:35:15 +08:00
2010-03-14 19:11:51 +08:00
old_LIBS="$LIBS"
old_CFLAGS="$CFLAGS"
LIBXENSERVER_LIBS=""
LIBXENSERVER_CFLAGS=""
dnl search for the XenServer library
2010-12-23 17:32:33 +08:00
fail=0
2010-03-14 19:11:51 +08:00
if test "$with_xenapi" != "no" ; then
2010-03-24 16:10:13 +08:00
if test "$with_xenapi" != "yes" && test "$with_xenapi" != "check" ; then
2010-03-14 19:11:51 +08:00
LIBXENSERVER_CFLAGS="-I$with_xenapi/include"
LIBXENSERVER_LIBS="-L$with_xenapi"
fi
CFLAGS="$CFLAGS $LIBXENSERVER_CFLAGS"
LIBS="$LIBS $LIBXENSERVER_LIBS"
AC_CHECK_LIB([xenserver], [xen_vm_start], [
LIBXENSERVER_LIBS="$LIBXENSERVER_LIBS -lxenserver"
],[
if test "$with_xenapi" = "yes"; then
fail=1
fi
2013-01-09 05:31:58 +08:00
with_xenapi=no
2010-03-14 19:11:51 +08:00
])
2013-01-09 05:31:58 +08:00
if test "$with_xenapi" != "no" ; then
if test "$with_curl" = "no"; then
if test "$with_xenapi" = "yes"; then
fail=1
fi
with_xenapi=no
else
with_xenapi=yes
fi
fi
2010-03-14 19:11:51 +08:00
fi
LIBS="$old_LIBS"
CFLAGS="$old_CFLAGS"
if test $fail = 1; then
2013-01-09 05:31:58 +08:00
AC_MSG_ERROR([You must install libxenserver and libcurl to compile the XenAPI driver])
2010-03-14 19:11:51 +08:00
fi
if test "$with_xenapi" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_XENAPI], 1, [whether XenAPI driver is enabled])
fi
AC_SUBST([LIBXENSERVER_CFLAGS])
AC_SUBST([LIBXENSERVER_LIBS])
2011-02-11 06:42:34 +08:00
old_LIBS="$LIBS"
old_CFLAGS="$CFLAGS"
LIBXL_LIBS=""
LIBXL_CFLAGS=""
dnl search for libxl, aka libxenlight
fail=0
if test "$with_libxl" != "no" ; then
if test "$with_libxl" != "yes" && test "$with_libxl" != "check" ; then
LIBXL_CFLAGS="-I$with_libxl/include"
LIBXL_LIBS="-L$with_libxl"
fi
CFLAGS="$CFLAGS $LIBXL_CFLAGS"
LIBS="$LIBS $LIBXL_LIBS"
2012-11-27 00:28:56 +08:00
AC_CHECK_LIB([xenlight], [libxl_ctx_alloc], [
2011-02-11 06:42:34 +08:00
with_libxl=yes
2013-01-08 01:15:56 +08:00
LIBXL_LIBS="$LIBXL_LIBS -lxenlight -lxenctrl"
2011-02-11 06:42:34 +08:00
],[
if test "$with_libxl" = "yes"; then
fail=1
fi
with_libxl=no
])
fi
LIBS="$old_LIBS"
CFLAGS="$old_CFLAGS"
if test $fail = 1; then
2012-11-27 00:28:56 +08:00
AC_MSG_ERROR([You must install the libxl Library from Xen >= 4.2 to compile libxenlight driver with -lxl])
2011-02-11 06:42:34 +08:00
fi
if test "$with_libxl" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_LIBXL], 1, [whether libxenlight driver is enabled])
fi
AM_CONDITIONAL([WITH_LIBXL], [test "$with_libxl" = "yes"])
AC_SUBST([LIBXL_CFLAGS])
AC_SUBST([LIBXL_LIBS])
2010-03-14 19:11:51 +08:00
2010-01-17 22:48:46 +08:00
old_LIBS="$LIBS"
old_CFLAGS="$CFLAGS"
2008-11-05 07:37:23 +08:00
XEN_LIBS=""
XEN_CFLAGS=""
dnl search for the Xen store library
if test "$with_xen" != "no" ; then
2010-03-24 16:10:13 +08:00
if test "$with_xen" != "yes" && test "$with_xen" != "check" ; then
2008-11-05 07:37:23 +08:00
XEN_CFLAGS="-I$with_xen/include"
XEN_LIBS="-L$with_xen/lib64 -L$with_xen/lib"
2007-03-15 15:43:16 +08:00
fi
2008-11-05 07:37:23 +08:00
fail=0
CFLAGS="$CFLAGS $XEN_CFLAGS"
LIBS="$LIBS $XEN_LIBS"
AC_CHECK_LIB([xenstore], [xs_read], [
with_xen=yes
XEN_LIBS="$XEN_LIBS -lxenstore"
],[
2010-01-17 22:48:46 +08:00
if test "$with_xen" = "yes"; then
2008-11-05 07:37:23 +08:00
fail=1
fi
2010-01-17 22:48:46 +08:00
with_xen=no
2008-11-05 07:37:23 +08:00
])
2010-01-17 22:48:46 +08:00
fi
2008-11-05 07:37:23 +08:00
2010-01-17 22:48:46 +08:00
if test "$with_xen" != "no" ; then
2012-09-27 05:20:35 +08:00
dnl In Xen 4.2, xs.h is deprecated in favor of xenstore.h.
AC_CHECK_HEADERS([xenstore.h])
2008-05-22 23:34:02 +08:00
AC_CHECK_HEADERS([xen/xen.h xen/version.h xen/dom0_ops.h],,[
2010-01-17 22:48:46 +08:00
if test "$with_xen" = "yes"; then
fail=1
fi
with_xen=no
2007-07-19 23:37:54 +08:00
],
[#include <stdio.h>
#include <stdint.h>
])
2010-01-17 22:48:46 +08:00
fi
2007-07-19 23:37:54 +08:00
2010-01-17 22:48:46 +08:00
if test "$with_xen" != "no" ; then
2007-07-19 23:37:54 +08:00
dnl Search for the location of <xen/{linux,sys}/privcmd.h>.
2010-01-17 22:48:46 +08:00
found=
AC_CHECK_HEADERS([xen/sys/privcmd.h xen/linux/privcmd.h], [found=yes; break;], [],
[#include <stdio.h>
#include <stdint.h>
#include <xen/xen.h>
])
if test "x$found" != "xyes"; then
if test "$with_xen" = "yes"; then
fail=1
fi
with_xen=no
fi
2007-03-15 15:43:16 +08:00
fi
2010-01-17 22:48:46 +08:00
LIBS="$old_LIBS"
CFLAGS="$old_CFLAGS"
if test $fail = 1; then
AC_MSG_ERROR([You must install the Xen development package to compile Xen driver with -lxenstore])
fi
2008-11-05 07:37:23 +08:00
if test "$with_xen" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_XEN], 1, [whether Xen driver is enabled])
fi
2010-01-17 22:48:46 +08:00
2008-11-05 07:37:23 +08:00
AM_CONDITIONAL([WITH_XEN], [test "$with_xen" = "yes"])
AC_SUBST([XEN_CFLAGS])
AC_SUBST([XEN_LIBS])
2005-11-02 21:19:10 +08:00
2014-08-15 02:43:32 +08:00
AM_CONDITIONAL([WITH_XENCONFIG], [test "$with_libxl" = "yes" || test "$with_xen" = "yes"])
2011-03-29 20:39:18 +08:00
2008-11-25 18:44:52 +08:00
dnl
dnl check for kernel headers required by xen_inotify
dnl
if test "$with_xen" != "yes"; then
with_xen_inotify=no
fi
if test "$with_xen_inotify" != "no"; then
2009-08-05 16:57:40 +08:00
AC_CHECK_HEADER([sys/inotify.h], [
with_xen_inotify=yes
], [
if test "$with_xen_inotify" = "check"; then
with_xen_inotify=no
AC_MSG_NOTICE([Header file <sys/inotify.h> is required for Xen Inotify support, disabling it])
else
AC_MSG_ERROR([Header file <sys/inotify.h> is required for Xen Inotify support!])
fi
0])
2008-11-25 18:44:52 +08:00
fi
if test "$with_xen_inotify" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_XEN_INOTIFY], 1,[whether Xen inotify sub-driver is enabled])
fi
AM_CONDITIONAL([WITH_XEN_INOTIFY], [test "$with_xen_inotify" = "yes"])
2008-09-17 22:07:49 +08:00
dnl
dnl check for kvm headers
2008-09-18 16:54:23 +08:00
dnl
2008-09-17 22:07:49 +08:00
AC_CHECK_HEADERS([linux/kvm.h])
2009-08-05 16:52:14 +08:00
dnl
dnl check for sufficient headers for LXC
dnl
2010-04-24 00:00:19 +08:00
if test "$with_libvirtd" = "no" ; then
with_lxc=no
fi
2010-03-25 05:31:31 +08:00
if test "$with_lxc" = "yes" || test "$with_lxc" = "check"; then
2013-07-18 23:35:12 +08:00
AC_LINK_IFELSE([AC_LANG_PROGRAM(
[[
2010-05-05 07:18:28 +08:00
#include <sched.h>
2011-10-27 00:11:50 +08:00
#include <linux/loop.h>
2012-01-20 04:35:39 +08:00
#include <sys/epoll.h>
2013-07-18 23:35:12 +08:00
]], [[
unshare(!(LO_FLAGS_AUTOCLEAR + EPOLL_CLOEXEC));
]])], [
2010-05-05 07:18:28 +08:00
with_lxc=yes
2012-08-22 00:26:18 +08:00
AC_DEFINE([HAVE_DECL_LO_FLAGS_AUTOCLEAR], [1],
[Define to 1 if you have the declaration of `LO_FLAGS_AUTOCLEAR',
and to 0 if you don't.])
2010-05-05 07:18:28 +08:00
], [
2009-08-05 16:52:14 +08:00
if test "$with_lxc" = "check"; then
with_lxc=no
2012-01-20 04:35:39 +08:00
AC_MSG_NOTICE([Required kernel features were not found, disabling LXC])
2009-08-05 16:52:14 +08:00
else
2012-01-20 04:35:39 +08:00
AC_MSG_ERROR([Required kernel features for LXC were not found])
2009-08-05 16:52:14 +08:00
fi
])
2013-09-05 19:04:33 +08:00
AC_LINK_IFELSE([AC_LANG_PROGRAM(
[[
#include <sched.h>
#include <linux/loop.h>
#include <sys/epoll.h>
]], [[
unshare(!(LOOP_CTL_GET_FREE));
]])], [
AC_DEFINE([HAVE_DECL_LOOP_CTL_GET_FREE], [1],
[Define to 1 if you have the declaration of `LOOP_CTL_GET_FREE',
and to 0 if you don't.])
])
2009-08-05 16:52:14 +08:00
fi
2009-08-05 18:59:58 +08:00
if test "$with_lxc" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_LXC], 1, [whether LXC driver is enabled])
fi
AM_CONDITIONAL([WITH_LXC], [test "$with_lxc" = "yes"])
2012-08-01 02:56:05 +08:00
dnl
dnl Checks for the Parallels driver
dnl
2014-09-12 00:24:02 +08:00
if test "$with_parallels" = "yes" ||
test "$with_parallels" = "check"; then
PKG_CHECK_MODULES([PARALLELS_SDK], [parallels-sdk],
[PARALLELS_SDK_FOUND=yes], [PARALLELS_SDK_FOUND=no])
2012-08-01 02:56:05 +08:00
2014-09-12 00:24:02 +08:00
if test "$with_parallels" = "yes" && test "$PARALLELS_SDK_FOUND" = "no"; then
AC_MSG_ERROR([Parallels Virtualization SDK is needed to build the Parallels driver.])
fi
with_parallels=$PARALLELS_SDK_FOUND
if test "$with_parallels" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_PARALLELS], 1,
[whether Parallels driver is enabled])
fi
2012-08-01 02:56:05 +08:00
fi
AM_CONDITIONAL([WITH_PARALLELS], [test "$with_parallels" = "yes"])
2014-02-18 18:08:10 +08:00
dnl
dnl Checks for bhyve driver
dnl
LIBVIRT_DRIVER_CHECK_BHYVE
2010-10-23 07:26:08 +08:00
dnl
dnl check for shell that understands <> redirection without truncation,
dnl needed by src/qemu/qemu_monitor_{text,json}.c.
dnl
if test "$with_qemu" = yes; then
lv_wrapper_shell=
AC_CACHE_CHECK([for shell that supports <> redirection],
[lv_cv_wrapper_shell],
[
# If cross-compiling, guess that /bin/sh is good enough except for
# Linux, where it might be dash 0.5.5 which is known broken; and on
# Linux, we have a good chance that /bin/bash will exist.
# If we guess wrong, a user can override the cache variable.
# Going through /bin/bash is a slight slowdown if /bin/sh works.
if test "$cross_compiling" = yes; then
case $host_os in
linux*) lv_cv_wrapper_shell=/bin/bash ;;
*) lv_cv_wrapper_shell=/bin/sh ;;
esac
else
for lv_cv_wrapper_shell in /bin/sh bash ksh zsh none; do
test $lv_cv_wrapper_shell = none &&
AC_MSG_ERROR([could not find decent shell])
echo a > conftest.a
2010-10-27 00:37:06 +08:00
($lv_cv_wrapper_shell -c ': 1<>conftest.a') 2>/dev/null &&
2010-10-23 07:26:08 +08:00
case `cat conftest.a`.$lv_cv_wrapper_shell in
a./*) break;; dnl /bin/sh is good enough
a.*) dnl bash, ksh, and zsh all understand 'command', use that
dnl to determine the absolute path of the shell
lv_cv_wrapper_shell=`$lv_cv_wrapper_shell -c \
2010-10-27 00:37:06 +08:00
"command -v $lv_cv_wrapper_shell"`
2010-10-23 07:26:08 +08:00
case $lv_cv_wrapper_shell in
/*) break;;
esac
;;
esac
done
rm -f conftest.a
fi
])
if test "x$lv_cv_wrapper_shell" != x/bin/sh; then
lv_wrapper_shell=$lv_cv_wrapper_shell
fi
if test "x$lv_wrapper_shell" != x; then
2010-10-27 00:37:06 +08:00
AC_DEFINE_UNQUOTED([VIR_WRAPPER_SHELL], ["$lv_wrapper_shell"],
2010-10-23 07:26:08 +08:00
[Define to the absolute path of a shell that does not truncate on
<> redirection, if /bin/sh does not fit the bill])
fi
fi
2009-08-05 18:59:58 +08:00
dnl
dnl check for kernel headers required by src/bridge.c
dnl
2012-12-12 15:44:21 +08:00
if test "$with_linux" = "yes"; then
2013-09-14 00:11:26 +08:00
# Various kernel versions have headers that are not self-standing, but
# yet are incompatible with the corresponding glibc headers. In order
# to guarantee compilation across a wide range of versions (from RHEL 5
# to rawhide), we first have to probe whether glibc and kernel can be
# used in tandem; and if not, provide workarounds that ensure that
# ABI-compatible IPv6 types are present for use by the kernel headers.
# These probes mirror the usage in virnetdevbridge.c
AC_CACHE_CHECK(
[whether <linux/*.h> and <netinet/*.h> headers are compatible],
[lv_cv_netinet_linux_compatible],
[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <netinet/in.h>
#include <linux/in6.h>
]])],
[lv_cv_netinet_linux_compatible=yes],
[lv_cv_netinet_linux_compatible=no])])
if test "x$lv_cv_netinet_linux_compatible" != xyes; then
AC_DEFINE([NETINET_LINUX_WORKAROUND], [1],
[define to 1 if Linux kernel headers require a workaround to avoid
compilation errors when mixed with glibc netinet headers])
fi
2012-12-12 15:44:21 +08:00
AC_CHECK_HEADERS([linux/param.h linux/sockios.h linux/if_bridge.h linux/if_tun.h],,
2013-01-15 00:54:25 +08:00
[AC_MSG_ERROR([You must install kernel-headers in order to compile libvirt with QEMU or LXC support])],
2013-09-14 00:11:26 +08:00
[[#include <netinet/in.h>
#if NETINET_LINUX_WORKAROUND
# define in6_addr in6_addr_
# define sockaddr_in6 sockaddr_in6_
# define ipv6_mreq ipv6_mreq_
# define in6addr_any in6addr_any_
# define in6addr_loopback in6addr_loopback_
#endif
2013-08-08 00:34:08 +08:00
#include <linux/in6.h>
2013-01-15 00:54:25 +08:00
]])
2009-08-05 18:59:58 +08:00
fi
2009-08-05 16:52:14 +08:00
2009-09-10 21:21:10 +08:00
dnl Need to test if pkg-config exists
PKG_PROG_PKG_CONFIG
2009-05-25 19:56:00 +08:00
2006-02-17 06:50:52 +08:00
dnl ==========================================================================
dnl find libxml2 library, borrowed from xmlsec
dnl ==========================================================================
LIBXML_CONFIG="xml2-config"
LIBXML_CFLAGS=""
LIBXML_LIBS=""
LIBXML_FOUND="no"
2007-09-19 23:35:00 +08:00
2013-09-06 05:24:55 +08:00
AC_ARG_WITH([libxml], [AS_HELP_STRING([--with-libxml=@<:@PFX@:>@],
[libxml2 location])])
2008-01-23 05:30:05 +08:00
if test "x$with_libxml" = "xno" ; then
2007-12-06 07:02:13 +08:00
AC_MSG_CHECKING(for libxml2 libraries >= $LIBXML_REQUIRED)
2008-05-22 23:34:02 +08:00
AC_MSG_ERROR([libxml2 >= $LIBXML_REQUIRED is required for libvirt])
2010-03-24 16:10:13 +08:00
elif test "x$with_libxml" = "x" && test "x$PKG_CONFIG" != "x" ; then
2008-01-23 05:30:05 +08:00
PKG_CHECK_MODULES(LIBXML, libxml-2.0 >= $LIBXML_REQUIRED, [LIBXML_FOUND=yes], [LIBXML_FOUND=no])
2006-02-17 06:50:52 +08:00
fi
2008-01-23 05:30:05 +08:00
if test "$LIBXML_FOUND" = "no" ; then
if test "x$with_libxml" != "x" ; then
2006-02-17 06:50:52 +08:00
LIBXML_CONFIG=$with_libxml/bin/$LIBXML_CONFIG
fi
2007-09-19 23:35:00 +08:00
AC_MSG_CHECKING(libxml2 $LIBXML_CONFIG >= $LIBXML_REQUIRED )
2006-02-17 06:50:52 +08:00
if ! $LIBXML_CONFIG --version > /dev/null 2>&1 ; then
2008-05-22 23:34:02 +08:00
AC_MSG_ERROR([Could not find libxml2 anywhere (see config.log for details).])
2006-02-17 06:50:52 +08:00
fi
vers=`$LIBXML_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
2007-09-19 23:35:00 +08:00
minvers=`echo $LIBXML_REQUIRED | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
2006-02-17 06:50:52 +08:00
if test "$vers" -ge "$minvers" ; then
LIBXML_LIBS="`$LIBXML_CONFIG --libs`"
LIBXML_CFLAGS="`$LIBXML_CONFIG --cflags`"
LIBXML_FOUND="yes"
2007-09-19 23:35:00 +08:00
AC_MSG_RESULT(yes)
2006-02-17 06:50:52 +08:00
else
2008-01-23 05:30:05 +08:00
AC_MSG_ERROR(
[You need at least libxml2 $LIBXML_REQUIRED for this version of libvirt])
2006-02-17 06:50:52 +08:00
fi
fi
2008-05-22 23:34:02 +08:00
AC_SUBST([LIBXML_CFLAGS])
AC_SUBST([LIBXML_LIBS])
2006-02-17 06:50:52 +08:00
2007-06-11 20:19:46 +08:00
dnl xmlURI structure has query_raw?
old_cflags="$CFLAGS"
2009-12-19 01:34:40 +08:00
old_libs="$LIBS"
2007-06-11 20:19:46 +08:00
CFLAGS="$CFLAGS $LIBXML_CFLAGS"
2009-12-19 01:34:40 +08:00
LIBS="$LIBS $LIBXML_LIBS"
2008-05-22 23:34:02 +08:00
AC_CHECK_MEMBER([struct _xmlURI.query_raw],
[AC_DEFINE([HAVE_XMLURI_QUERY_RAW], [], [Have query_raw field in libxml2 xmlURI structure])],,
2007-06-11 20:19:46 +08:00
[#include <libxml/uri.h>])
CFLAGS="$old_cflags"
2009-12-19 01:34:40 +08:00
LIBS="$old_libs"
2007-06-11 20:19:46 +08:00
dnl GnuTLS library
2013-01-07 22:54:18 +08:00
AC_ARG_WITH([gnutls],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-gnutls],
[use GNUTLS for encryption @<:@default=check@:>@])],
2013-01-07 22:54:18 +08:00
[],
[with_gnutls=check])
if test "x$with_gnutls" != "xno"; then
if test "x$with_gnutls" != "xyes" && test "x$with_gnutls" != "xcheck"; then
GNUTLS_CFLAGS="-I$with_gnutls/include"
GNUTLS_LIBS="-L$with_gnutls/lib"
fi
2008-05-22 23:40:01 +08:00
fail=0
2013-01-07 22:54:18 +08:00
old_cflags="$CFLAGS"
2007-09-20 01:42:40 +08:00
old_libs="$LIBS"
2013-01-07 22:54:18 +08:00
CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
LIBS="$LIBS $GNUTLS_LIBS"
2008-05-22 23:40:01 +08:00
2013-01-07 22:54:18 +08:00
GNUTLS_FOUND=no
build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-26 06:03:17 +08:00
GNUTLS_GCRYPT=unknown
2013-01-07 22:54:18 +08:00
if test -x "$PKG_CONFIG" ; then
build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-26 06:03:17 +08:00
dnl Triple probe: gnutls < 2.12 only used gcrypt, gnutls >= 3.0 uses
dnl only nettle, and versions in between had a configure option.
dnl Our goal is to avoid gcrypt if we can prove gnutls uses nettle,
dnl but it is a safe fallback to use gcrypt if we can't prove anything.
if $PKG_CONFIG --exists 'gnutls >= 3.0'; then
GNUTLS_GCRYPT=no
elif $PKG_CONFIG --exists 'gnutls >= 2.12'; then
GNUTLS_GCRYPT=probe
else
GNUTLS_GCRYPT=yes
fi
2013-01-07 22:54:18 +08:00
PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_REQUIRED,
[GNUTLS_FOUND=yes], [GNUTLS_FOUND=no])
fi
if test "$GNUTLS_FOUND" = "no"; then
build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-26 06:03:17 +08:00
dnl pkg-config couldn't help us, assume gcrypt is necessary
2013-01-07 22:54:18 +08:00
fail=0
build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-26 06:03:17 +08:00
GNUTLS_GCRYPT=yes
2013-01-07 22:54:18 +08:00
AC_CHECK_HEADER([gnutls/gnutls.h], [], [fail=1])
AC_CHECK_LIB([gnutls], [gnutls_handshake],[], [fail=1], [-lgcrypt])
test $fail = 0 && GNUTLS_FOUND=yes
GNUTLS_LIBS="$GNUTLS_LIBS -lgnutls"
fi
if test "$GNUTLS_FOUND" = "no"; then
if test "$with_gnutls" = "check"; then
with_gnutls=no
GNUTLS_LIBS=
GNUTLS_CFLAGS=
else
AC_MSG_ERROR([You must install the GnuTLS library in order to compile and run libvirt])
fi
else
build: avoid -lgcrypt with newer gnutls
https://bugzilla.redhat.com/show_bug.cgi?id=951637
Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
regarding initialization. Yet we were unconditionally initializing
gcrypt even when gnutls wouldn't be using it, and having two crypto
libraries linked into libvirt.so is pointless, but mostly harmless
(it doesn't crash, but does interfere with certification efforts).
There are three distinct version ranges to worry about when
determining which crypto lib gnutls uses, per these gnutls mails:
2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html
If pkg-config can prove version numbers and/or list the crypto
library used for static linking, we have our proof; if not, it
is safer (even if pointless) to continue to use gcrypt ourselves.
* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
define a witness WITH_GNUTLS_GCRYPT.
* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
(virGlobalInit): Honor the witness.
* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
no longer needed in Fedora 19.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-26 06:03:17 +08:00
dnl See comments above about when to use gcrypt.
if test "$GNUTLS_GCRYPT" = probe; then
case `$PKG_CONFIG --libs --static gnutls` in
*gcrypt*) GNUTLS_GCRYPT=yes ;;
*nettle*) GNUTLS_GCRYPT=no ;;
*) GNUTLS_GCRYPT=unknown ;;
esac
fi
if test "$GNUTLS_GCRYPT" = yes || test "$GNUTLS_GCRYPT" = unknown; then
GNUTLS_LIBS="$GNUTLS_LIBS -lgcrypt"
dnl We're not using gcrypt deprecated features so define
dnl GCRYPT_NO_DEPRECATED to avoid deprecated warnings
GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DGCRYPT_NO_DEPRECATED"
AC_DEFINE_UNQUOTED([WITH_GNUTLS_GCRYPT], 1,
[set to 1 if it is known or assumed that GNUTLS uses gcrypt])
fi
2013-05-11 22:27:26 +08:00
2013-05-29 11:15:08 +08:00
dnl gnutls 3.x moved some declarations to a new header
AC_CHECK_HEADERS([gnutls/crypto.h], [], [], [[
#include <gnutls/gnutls.h>
]])
2013-01-07 22:54:18 +08:00
with_gnutls=yes
fi
2008-05-22 23:40:01 +08:00
2007-09-20 01:42:40 +08:00
LIBS="$old_libs"
2013-01-07 22:54:18 +08:00
CFLAGS="$old_CFLAGS"
2007-09-20 01:42:40 +08:00
fi
2013-01-07 22:54:18 +08:00
if test "x$with_gnutls" = "xyes" ; then
2013-01-09 05:02:05 +08:00
AC_DEFINE_UNQUOTED([WITH_GNUTLS], 1,
2013-01-07 22:54:18 +08:00
[whether GNUTLS is available for encryption])
fi
2013-01-09 05:02:05 +08:00
AM_CONDITIONAL([WITH_GNUTLS], [test "x$with_gnutls" = "xyes"])
2008-05-22 23:34:02 +08:00
AC_SUBST([GNUTLS_CFLAGS])
AC_SUBST([GNUTLS_LIBS])
2007-06-11 20:19:46 +08:00
2007-09-19 09:56:55 +08:00
2007-12-06 02:21:27 +08:00
dnl PolicyKit library
POLKIT_CFLAGS=
POLKIT_LIBS=
2009-08-06 20:54:08 +08:00
PKCHECK_PATH=
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([polkit],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-polkit],
[use PolicyKit for UNIX socket access checks @<:@default=check@:>@])],
2007-12-06 02:21:27 +08:00
[],
[with_polkit=check])
2009-08-06 20:54:08 +08:00
with_polkit0=no
with_polkit1=no
2010-03-25 05:31:31 +08:00
if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
2009-08-06 20:54:08 +08:00
dnl Check for new polkit first - just a binary
AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
if test "x$PKCHECK_PATH" != "x" ; then
AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
2013-08-28 22:25:40 +08:00
AC_MSG_CHECKING([whether pkcheck supports uid value])
pkcheck_supports_uid=`$PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1`
if test "x$pkcheck_supports_uid" = "xtrue"; then
AC_MSG_RESULT([yes])
AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
else
AC_MSG_RESULT([no])
fi
2013-01-09 06:19:00 +08:00
AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
2009-08-06 20:54:08 +08:00
[use PolicyKit for UNIX socket access checks])
2013-01-09 06:19:00 +08:00
AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
2009-08-06 20:54:08 +08:00
[use PolicyKit for UNIX socket access checks])
with_polkit="yes"
with_polkit1="yes"
else
dnl Check for old polkit second - library + binary
PKG_CHECK_MODULES(POLKIT, polkit-dbus >= $POLKIT_REQUIRED,
[with_polkit=yes], [
if test "x$with_polkit" = "xcheck" ; then
with_polkit=no
else
AC_MSG_ERROR(
[You must install PolicyKit >= $POLKIT_REQUIRED to compile libvirt])
fi
])
if test "x$with_polkit" = "xyes" ; then
2013-01-09 06:19:00 +08:00
AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
2009-08-06 20:54:08 +08:00
[use PolicyKit for UNIX socket access checks])
2013-01-09 06:19:00 +08:00
AC_DEFINE_UNQUOTED([WITH_POLKIT0], 1,
2009-08-06 20:54:08 +08:00
[use PolicyKit for UNIX socket access checks])
old_CFLAGS=$CFLAGS
2009-12-19 01:34:40 +08:00
old_LIBS=$LIBS
2009-08-06 20:54:08 +08:00
CFLAGS="$CFLAGS $POLKIT_CFLAGS"
2009-12-19 01:34:40 +08:00
LIBS="$LIBS $POLKIT_LIBS"
2009-08-06 20:54:08 +08:00
AC_CHECK_FUNCS([polkit_context_is_caller_authorized])
CFLAGS="$old_CFLAGS"
2009-12-19 01:34:40 +08:00
LIBS="$old_LIBS"
2009-08-06 20:54:08 +08:00
AC_PATH_PROG([POLKIT_AUTH], [polkit-auth])
if test "x$POLKIT_AUTH" != "x"; then
AC_DEFINE_UNQUOTED([POLKIT_AUTH],["$POLKIT_AUTH"],[Location of polkit-auth program])
fi
with_polkit0="yes"
2008-02-21 00:54:35 +08:00
fi
2008-01-23 05:30:05 +08:00
fi
2007-12-06 02:21:27 +08:00
fi
2013-01-09 06:19:00 +08:00
AM_CONDITIONAL([WITH_POLKIT], [test "x$with_polkit" = "xyes"])
AM_CONDITIONAL([WITH_POLKIT0], [test "x$with_polkit0" = "xyes"])
AM_CONDITIONAL([WITH_POLKIT1], [test "x$with_polkit1" = "xyes"])
2008-05-22 23:34:02 +08:00
AC_SUBST([POLKIT_CFLAGS])
AC_SUBST([POLKIT_LIBS])
2007-12-05 23:24:15 +08:00
network: use firewalld instead of iptables, when available
* configure.ac, spec file: firewalld defaults to enabled if dbus is
available, otherwise is disabled. If --with_firewalld is explicitly
requested and dbus is not available, configure will fail.
* bridge_driver: add dbus filters to get the FirewallD1.Reloaded
signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1.
When these are encountered, reload all the iptables reuls of all
libvirt's virtual networks (similar to what happens when libvirtd is
restarted).
* iptables, ebtables: use firewall-cmd's direct passthrough interface
when available, otherwise use iptables and ebtables commands. This
decision is made once the first time libvirt calls
iptables/ebtables, and that decision is maintained for the life of
libvirtd.
* Note that the nwfilter part of this patch was separated out into
another patch by Stefan in V2, so that needs to be revised and
re-reviewed as well.
================
All the configure.ac and specfile changes are unchanged from Thomas'
V3.
V3 re-ran "firewall-cmd --state" every time a new rule was added,
which was extremely inefficient. V4 uses VIR_ONCE_GLOBAL_INIT to set
up a one-time initialization function.
The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called
vir(Ip|Eb)OnceInit(), which will then be called the first time that
the static function vir(Ip|Eb)TablesInitialize() is called (that
function is defined for you by the macro). This is
thread-safe, so there is no chance of any race.
IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init
functions (one for iptables, on for ebtables) as VIR_WARN so that I
don't have to turn on all the other debug message just to see
these. Even if this patch doesn't need any other modification, those
messages need to be changed to VIR_DEBUG before pushing.
This one-time initialization works well. However, I've encountered
problems with testing:
1) Whenever I have enabled the firewalld service, *all* attempts to
call firewall-cmd from within libvirtd end with firewall-cmd hanging
internally somewhere. This is *not* the case if firewall-cmd returns
non-0 in response to "firewall-cmd --state" (i.e. *that* command runs
and returns to libvirt successfully.)
2) If I start libvirtd while firewalld is stopped, then start
firewalld later, this triggers libvirtd to reload its iptables rules,
however it also spits out a *ton* of complaints about deletion failing
(I suppose because firewalld has nuked all of libvirt's rules). I
guess we need to suppress those messages (which is a more annoying
problem to fix than you might think, but that's another story).
3) I noticed a few times during this long line of errors that
firewalld made a complaint about "Resource Temporarily
unavailable. Having libvirtd access iptables commands directly at the
same time as firewalld is doing so is apparently problematic.
4) In general, I'm concerned about the "set it once and never change
it" method - if firewalld is disabled at libvirtd startup, causing
libvirtd to always use iptables/ebtables directly, this won't cause
*terrible* problems, but if libvirtd decides to use firewall-cmd and
firewalld is later disabled, libvirtd will not be able to recover.
2012-08-15 02:59:52 +08:00
dnl firewalld
AC_ARG_WITH([firewalld],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-firewalld],
[enable firewalld support @<:@default=check@:>@])],
network: use firewalld instead of iptables, when available
* configure.ac, spec file: firewalld defaults to enabled if dbus is
available, otherwise is disabled. If --with_firewalld is explicitly
requested and dbus is not available, configure will fail.
* bridge_driver: add dbus filters to get the FirewallD1.Reloaded
signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1.
When these are encountered, reload all the iptables reuls of all
libvirt's virtual networks (similar to what happens when libvirtd is
restarted).
* iptables, ebtables: use firewall-cmd's direct passthrough interface
when available, otherwise use iptables and ebtables commands. This
decision is made once the first time libvirt calls
iptables/ebtables, and that decision is maintained for the life of
libvirtd.
* Note that the nwfilter part of this patch was separated out into
another patch by Stefan in V2, so that needs to be revised and
re-reviewed as well.
================
All the configure.ac and specfile changes are unchanged from Thomas'
V3.
V3 re-ran "firewall-cmd --state" every time a new rule was added,
which was extremely inefficient. V4 uses VIR_ONCE_GLOBAL_INIT to set
up a one-time initialization function.
The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called
vir(Ip|Eb)OnceInit(), which will then be called the first time that
the static function vir(Ip|Eb)TablesInitialize() is called (that
function is defined for you by the macro). This is
thread-safe, so there is no chance of any race.
IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init
functions (one for iptables, on for ebtables) as VIR_WARN so that I
don't have to turn on all the other debug message just to see
these. Even if this patch doesn't need any other modification, those
messages need to be changed to VIR_DEBUG before pushing.
This one-time initialization works well. However, I've encountered
problems with testing:
1) Whenever I have enabled the firewalld service, *all* attempts to
call firewall-cmd from within libvirtd end with firewall-cmd hanging
internally somewhere. This is *not* the case if firewall-cmd returns
non-0 in response to "firewall-cmd --state" (i.e. *that* command runs
and returns to libvirt successfully.)
2) If I start libvirtd while firewalld is stopped, then start
firewalld later, this triggers libvirtd to reload its iptables rules,
however it also spits out a *ton* of complaints about deletion failing
(I suppose because firewalld has nuked all of libvirt's rules). I
guess we need to suppress those messages (which is a more annoying
problem to fix than you might think, but that's another story).
3) I noticed a few times during this long line of errors that
firewalld made a complaint about "Resource Temporarily
unavailable. Having libvirtd access iptables commands directly at the
same time as firewalld is doing so is apparently problematic.
4) In general, I'm concerned about the "set it once and never change
it" method - if firewalld is disabled at libvirtd startup, causing
libvirtd to always use iptables/ebtables directly, this won't cause
*terrible* problems, but if libvirtd decides to use firewall-cmd and
firewalld is later disabled, libvirtd will not be able to recover.
2012-08-15 02:59:52 +08:00
[],
[with_firewalld=check])
if test "x$with_firewalld" = "xcheck" ; then
with_firewalld=$with_dbus
fi
if test "x$with_firewalld" == "xyes" ; then
if test "x$with_dbus" != "xyes" ; then
AC_MSG_ERROR([You must have dbus enabled for firewalld support])
fi
AC_DEFINE_UNQUOTED([HAVE_FIREWALLD], [1], [whether firewalld support is enabled])
fi
AM_CONDITIONAL([HAVE_FIREWALLD], [test "x$with_firewalld" != "xno"])
2010-09-15 21:44:11 +08:00
2013-01-02 23:38:52 +08:00
dnl UUCP style file locks for character devices
if test "$with_chrdev_lock_files" != "no"; then
case $with_chrdev_lock_files in
2011-11-25 23:25:14 +08:00
yes | auto)
dnl Default locations for platforms, or disable if unknown
if test "$with_linux" = "yes"; then
2013-01-02 23:38:52 +08:00
with_chrdev_lock_files=/var/lock
elif test "$with_chrdev_lock_files" = "auto"; then
with_chrdev_lock_files=no
2011-11-25 23:25:14 +08:00
fi ;;
esac
2013-01-02 23:38:52 +08:00
if test "$with_chrdev_lock_files" = "yes"; then
2011-11-25 23:25:14 +08:00
AC_MSG_ERROR([You must specify path for the lock files on this
platform])
fi
2014-03-05 23:23:14 +08:00
if test "$with_chrdev_lock_files" != "no"; then
AC_DEFINE_UNQUOTED([VIR_CHRDEV_LOCK_FILE_PATH], "$with_chrdev_lock_files",
[path to directory containing UUCP device lock files])
fi
2011-11-25 23:25:14 +08:00
fi
2013-01-02 23:38:52 +08:00
AM_CONDITIONAL([VIR_CHRDEV_LOCK_FILE_PATH], [test "$with_chrdev_lock_files" != "no"])
2011-11-25 23:25:14 +08:00
2010-09-15 21:44:11 +08:00
2009-03-03 18:06:49 +08:00
AC_ARG_WITH([secdriver-selinux],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-secdriver-selinux],
[use SELinux security driver @<:@default=check@:>@])],
2009-03-03 18:06:49 +08:00
[],
[with_secdriver_selinux=check])
if test "$with_selinux" != "yes" ; then
if test "$with_secdriver_selinux" = "check" ; then
with_secdriver_selinux=no
2012-10-22 02:32:39 +08:00
fi
if test "$with_secdriver_selinux" != "no"; then
2010-04-22 01:44:29 +08:00
AC_MSG_ERROR([You must install the libselinux development package and enable SELinux with the --with-selinux=yes in order to compile libvirt --with-secdriver-selinux=yes])
2009-03-03 18:06:49 +08:00
fi
2012-10-22 02:32:39 +08:00
elif test "$with_secdriver_selinux" != "no"; then
2009-03-03 18:06:49 +08:00
old_cflags="$CFLAGS"
old_libs="$LIBS"
CFLAGS="$CFLAGS $SELINUX_CFLAGS"
LIBS="$CFLAGS $SELINUX_LIBS"
fail=0
AC_CHECK_FUNC([selinux_virtual_domain_context_path], [], [fail=1])
AC_CHECK_FUNC([selinux_virtual_image_context_path], [], [fail=1])
2012-05-16 21:18:25 +08:00
AC_CHECK_FUNCS([selinux_lxc_contexts_path])
2009-03-03 18:06:49 +08:00
CFLAGS="$old_cflags"
LIBS="$old_libs"
if test "$fail" = "1" ; then
if test "$with_secdriver_selinux" = "check" ; then
with_secdriver_selinux=no
else
2010-04-22 01:44:29 +08:00
AC_MSG_ERROR([You must install libselinux development package >= 2.0.82 in order to compile libvirt --with-secdriver-selinux=yes])
2009-03-03 18:06:49 +08:00
fi
else
with_secdriver_selinux=yes
AC_DEFINE_UNQUOTED([WITH_SECDRIVER_SELINUX], 1, [whether SELinux security driver is available])
fi
fi
AM_CONDITIONAL([WITH_SECDRIVER_SELINUX], [test "$with_secdriver_selinux" != "no"])
2009-10-08 22:34:22 +08:00
AC_ARG_WITH([secdriver-apparmor],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-secdriver-apparmor],
[use AppArmor security driver @<:@default=check@:>@])],
2009-10-08 22:34:22 +08:00
[],
[with_secdriver_apparmor=check])
if test "$with_apparmor" != "yes" ; then
if test "$with_secdriver_apparmor" = "check" ; then
with_secdriver_apparmor=no
2012-10-22 02:32:39 +08:00
fi
if test "$with_secdriver_apparmor" != "no" ; then
2009-10-08 22:34:22 +08:00
AC_MSG_ERROR([You must install the AppArmor development package in order to compile libvirt])
fi
2012-10-22 02:32:39 +08:00
elif test "with_secdriver_apparmor" != "no" ; then
2012-09-20 20:28:45 +08:00
with_secdriver_apparmor=yes
AC_DEFINE_UNQUOTED([WITH_SECDRIVER_APPARMOR], 1, [whether AppArmor security driver is available])
2009-10-08 22:34:22 +08:00
fi
AM_CONDITIONAL([WITH_SECDRIVER_APPARMOR], [test "$with_secdriver_apparmor" != "no"])
2014-01-07 01:27:31 +08:00
AC_ARG_WITH([apparmor-profiles],
[AS_HELP_STRING([--with-apparmor-profiles],
[install apparmor profiles @<:@default=no@:>@])],
[with_apparmor_profiles=yes],
[with_apparmor_profiles=no])
2014-01-08 06:55:15 +08:00
if test "$with_apparmor" = "no"; then
2014-01-07 01:27:31 +08:00
with_apparmor_profiles="no"
fi
AM_CONDITIONAL([WITH_APPARMOR_PROFILES], [test "$with_apparmor_profiles" != "no"])
2009-10-08 22:34:22 +08:00
Add dtrace static probes in libvirtd
Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.
This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).
# stap examples/systemtap/client.stp
Client fd=44 connected readonly=0
Client fd=44 auth polkit deny pid:24997,uid:500
Client fd=44 disconnected
Client fd=46 connected readonly=1
Client fd=46 auth sasl allow test
Client fd=46 disconnected
The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.
* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace
2010-09-15 00:30:32 +08:00
dnl DTrace static probes
AC_ARG_WITH([dtrace],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-dtrace],
[use dtrace for static probing @<:@default=check@:>@])],
Add dtrace static probes in libvirtd
Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.
This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).
# stap examples/systemtap/client.stp
Client fd=44 connected readonly=0
Client fd=44 auth polkit deny pid:24997,uid:500
Client fd=44 disconnected
Client fd=46 connected readonly=1
Client fd=46 auth sasl allow test
Client fd=46 disconnected
The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.
* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace
2010-09-15 00:30:32 +08:00
[],
[with_dtrace=check])
if test "$with_dtrace" != "no" ; then
AC_PATH_PROG([DTRACE], [dtrace], [], [/bin:/usr/bin])
if test -z "$DTRACE" ; then
if test "$with_dtrace" = "check"; then
with_dtrace=no
else
AC_MSG_ERROR([You must install the 'dtrace' binary to enable libvirt static probes])
fi
else
with_dtrace=yes
fi
if test "$with_dtrace" = "yes"; then
2012-02-24 23:10:53 +08:00
AC_DEFINE_UNQUOTED([WITH_DTRACE_PROBES], 1, [whether DTrace static probes are available])
Add dtrace static probes in libvirtd
Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.
This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).
# stap examples/systemtap/client.stp
Client fd=44 connected readonly=0
Client fd=44 auth polkit deny pid:24997,uid:500
Client fd=44 disconnected
Client fd=46 connected readonly=1
Client fd=46 auth sasl allow test
Client fd=46 disconnected
The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.
* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace
2010-09-15 00:30:32 +08:00
fi
fi
2012-02-24 23:10:53 +08:00
AM_CONDITIONAL([WITH_DTRACE_PROBES], [test "$with_dtrace" != "no"])
Add dtrace static probes in libvirtd
Adds initial support for dtrace static probes in libvirtd
daemon, assuming use of systemtap dtrace compat shim on
Linux. The probes are inserted for network client connect,
disconnect, TLS handshake states and authentication protocol
states.
This can be tested by running the xample program and then
attempting to connect with any libvirt client (virsh,
virt-manager, etc).
# stap examples/systemtap/client.stp
Client fd=44 connected readonly=0
Client fd=44 auth polkit deny pid:24997,uid:500
Client fd=44 disconnected
Client fd=46 connected readonly=1
Client fd=46 auth sasl allow test
Client fd=46 disconnected
The libvirtd.stp file should also really not be required,
since it is duplicated info that is already available in
the main probes.d definition file. A script to autogenerate
the .stp file is needed, either in libvirtd tree, or better
as part of systemtap itself.
* Makefile.am: Add examples/systemtap subdir
* autobuild.sh: Disable dtrace for mingw32
* configure.ac: Add check for dtrace
* daemon/.gitignore: Ignore generated dtrace probe file
* daemon/Makefile.am: Build dtrace probe header & object
files
* daemon/libvirtd.stp: SystemTAP convenience probeset
* daemon/libvirtd.c: Add connect/disconnect & TLS probes
* daemon/remote.c: Add SASL and PolicyKit auth probes
* daemon/probes.d: Master probe definition
* daemon/libvirtd.h: Add convenience macro for probes
so that compilation is a no-op when dtrace is not available
* examples/systemtap/Makefile.am, examples/systemtap/client.stp
Example systemtap script using dtrace probe markers
* libvirt.spec.in: Enable dtrace on F13/RHEL6
* mingw32-libvirt.spec.in: Force disable dtrace
2010-09-15 00:30:32 +08:00
2009-03-03 18:06:49 +08:00
2012-03-24 09:35:20 +08:00
dnl numad
AC_ARG_WITH([numad],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-numad],
[use numad to manage CPU placement dynamically @<:@default=check@:>@])],
2012-03-24 09:35:20 +08:00
[],
[with_numad=check])
2012-03-08 21:36:26 +08:00
2012-03-24 09:35:20 +08:00
if test "$with_numad" != "no" ; then
2012-05-09 12:22:58 +08:00
fail=0
2013-11-27 12:32:43 +08:00
AC_PATH_PROG([NUMAD], [numad], [], [/bin:/usr/bin:/usr/sbin])
2012-05-09 12:22:58 +08:00
if test "$with_numad" = "check"; then
2012-09-20 20:47:23 +08:00
test "$with_numactl" = "yes" || fail=1
2012-05-09 12:22:58 +08:00
if test -z "$NUMAD" || test $fail = 1; then
2012-03-24 09:35:20 +08:00
with_numad="no"
else
2012-05-10 10:25:22 +08:00
with_numad="yes"
2012-03-08 21:36:26 +08:00
fi
2012-03-24 09:35:20 +08:00
else
2012-05-09 12:22:58 +08:00
test -z "$NUMAD" &&
AC_MSG_ERROR([You must install numad package to manage CPU and memory placement dynamically])
2012-09-20 20:47:23 +08:00
test "$with_numactl" = "yes" || fail=1
2012-05-09 12:22:58 +08:00
test $fail = 1 &&
AC_MSG_ERROR([You must install the numactl development package in order to compile and run libvirt])
2012-03-24 09:35:20 +08:00
fi
2012-05-09 12:22:58 +08:00
fi
if test "$with_numad" = "yes"; then
AC_DEFINE_UNQUOTED([HAVE_NUMAD], 1, [whether numad is available])
AC_DEFINE_UNQUOTED([NUMAD],["$NUMAD"], [Location or name of the numad program])
fi
2012-03-24 09:35:20 +08:00
AM_CONDITIONAL([HAVE_NUMAD], [test "$with_numad" != "no"])
2009-08-05 16:47:18 +08:00
nwfilter: Support for learning a VM's IP address
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
2010-04-08 05:02:18 +08:00
dnl pcap lib
LIBPCAP_CONFIG="pcap-config"
LIBPCAP_CFLAGS=""
LIBPCAP_LIBS=""
LIBPCAP_FOUND="no"
2013-09-06 05:24:55 +08:00
AC_ARG_WITH([libpcap], [AS_HELP_STRING([--with-libpcap=@<:@PFX@:>@],
[libpcap location])])
nwfilter: Support for learning a VM's IP address
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
2010-04-08 05:02:18 +08:00
if test "$with_qemu" = "yes"; then
2010-12-15 04:26:44 +08:00
case $with_libpcap in
no) LIBPCAP_CONFIG= ;;
''|yes) LIBPCAP_CONFIG="pcap-config" ;;
*) LIBPCAP_CONFIG="$with_libpcap/bin/pcap-config" ;;
esac
2010-12-13 21:44:46 +08:00
AS_IF([test "x$LIBPCAP_CONFIG" != "x"], [
AC_MSG_CHECKING(libpcap $LIBPCAP_CONFIG >= $LIBPCAP_REQUIRED )
if ! $LIBPCAP_CONFIG --libs > /dev/null 2>&1 ; then
AC_MSG_RESULT(no)
else
LIBPCAP_LIBS="`$LIBPCAP_CONFIG --libs`"
LIBPCAP_CFLAGS="`$LIBPCAP_CONFIG --cflags`"
LIBPCAP_FOUND="yes"
AC_MSG_RESULT(yes)
nwfilter: Support for learning a VM's IP address
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
2010-04-08 05:02:18 +08:00
fi
2010-12-13 21:44:46 +08:00
])
nwfilter: Support for learning a VM's IP address
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
2010-04-08 05:02:18 +08:00
fi
if test "x$LIBPCAP_FOUND" = "xyes"; then
AC_DEFINE_UNQUOTED([HAVE_LIBPCAP], 1, [whether libpcap can be used])
fi
AC_SUBST([LIBPCAP_CFLAGS])
AC_SUBST([LIBPCAP_LIBS])
2009-08-05 16:47:18 +08:00
dnl
dnl Checks for the UML driver
dnl
2010-04-24 00:00:19 +08:00
if test "$with_libvirtd" = "no" ; then
with_uml=no
fi
2010-03-25 05:31:31 +08:00
if test "$with_uml" = "yes" || test "$with_uml" = "check"; then
2009-08-05 16:47:18 +08:00
AC_CHECK_HEADER([sys/inotify.h], [
with_uml=yes
], [
if test "$with_uml" = "check"; then
with_uml=no
AC_MSG_NOTICE([<sys/inotify.h> is required for the UML driver, disabling it])
else
AC_MSG_ERROR([The <sys/inotify.h> is required for the UML driver. Upgrade your libc6.])
fi
])
fi
2009-08-05 18:59:58 +08:00
if test "$with_uml" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_UML], 1, [whether UML driver is enabled])
fi
AM_CONDITIONAL([WITH_UML], [test "$with_uml" = "yes"])
2009-08-05 16:47:18 +08:00
dnl
2013-01-09 05:47:55 +08:00
dnl check for PHYP
2009-08-05 16:47:18 +08:00
dnl
2013-01-09 05:47:55 +08:00
if test "$with_phyp" != "no"; then
if test "$with_ssh2" = "no" ; then
if test "$with_phyp" = "check"; then
with_phyp=no
else
AC_MSG_ERROR([libssh2 is required for Phyp driver])
fi
else
with_phyp=yes
fi
2011-04-27 18:26:07 +08:00
fi
2009-09-09 22:21:38 +08:00
2011-04-27 18:26:07 +08:00
if test "$with_phyp" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_PHYP], 1, [whether IBM HMC / IVM driver is enabled])
2009-07-24 22:17:06 +08:00
fi
2011-11-14 22:30:23 +08:00
2009-07-24 22:17:06 +08:00
AM_CONDITIONAL([WITH_PHYP],[test "$with_phyp" = "yes"])
2011-04-27 18:26:07 +08:00
2014-04-11 15:20:48 +08:00
dnl
dnl Should we build with pm-utils support?
dnl
if test "$with_pm_utils" = "check"; then
with_pm_utils=yes
if test "$with_dbus" = "yes"; then
if test "$init_systemd" = "yes"; then
with_pm_utils=no
fi
fi
fi
if test "$with_pm_utils" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_PM_UTILS], 1, [whether to use pm-utils])
fi
AM_CONDITIONAL([WITH_PM_UTILS], [test "$with_pm_utils" = "yes"])
2005-12-08 18:23:34 +08:00
dnl virsh libraries
2013-05-02 10:54:57 +08:00
VIRSH_LIBS="$VIRSH_LIBS $READLINE_LIBS"
2008-05-22 23:34:02 +08:00
AC_SUBST([VIRSH_LIBS])
2005-12-08 18:23:34 +08:00
2010-10-05 09:31:05 +08:00
dnl check if the network driver should be compiled
2008-02-20 23:42:30 +08:00
2008-10-10 21:57:13 +08:00
AC_ARG_WITH([network],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-network],
[with virtual network driver @<:@default=yes@:>@])],
[],[with_network=yes])
2010-10-05 09:31:05 +08:00
dnl there's no use compiling the network driver without the libvirt
dnl daemon, nor compiling it for MacOS X, where it breaks the compile
if test "$with_libvirtd" = "no" || test "$with_osx" = "yes"; then
2008-10-10 21:57:13 +08:00
with_network=no
fi
2010-10-05 09:31:05 +08:00
2008-10-10 21:57:13 +08:00
if test "$with_network" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_NETWORK], 1, [whether network driver is enabled])
fi
AM_CONDITIONAL([WITH_NETWORK], [test "$with_network" = "yes"])
2009-02-17 18:23:19 +08:00
with_bridge=no
if test "$with_qemu:$with_lxc:$with_network" != "no:no:no"; then
with_bridge=yes
AC_DEFINE_UNQUOTED([WITH_BRIDGE], 1, [whether bridge code is needed])
fi
AM_CONDITIONAL([WITH_BRIDGE], [test "$with_bridge" = "yes"])
2008-10-10 21:57:13 +08:00
2009-09-14 20:31:23 +08:00
2011-05-24 19:21:51 +08:00
AC_ARG_WITH([secrets],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-secrets],
[with local secrets management driver @<:@default=yes@:>@])],
[],[with_secrets=yes])
2011-05-24 19:21:51 +08:00
2009-09-14 20:31:23 +08:00
if test "$with_libvirtd" = "no"; then
with_secrets=no
fi
if test "$with_secrets" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_SECRETS], 1, [whether local secrets management driver is available])
fi
AM_CONDITIONAL([WITH_SECRETS], [test "$with_secrets" = "yes"])
2011-05-24 19:21:51 +08:00
AC_ARG_WITH([storage-dir],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-dir],
[with directory backend for the storage driver @<:@default=yes@:>@])],
[],[with_storage_dir=yes])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([storage-fs],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-fs],
[with FileSystem backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_fs=check])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([storage-lvm],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-lvm],
[with LVM backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_lvm=check])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([storage-iscsi],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-iscsi],
[with iSCSI backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_iscsi=check])
2009-04-02 00:03:22 +08:00
AC_ARG_WITH([storage-scsi],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-scsi],
[with SCSI backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_scsi=check])
2009-09-08 21:47:45 +08:00
AC_ARG_WITH([storage-mpath],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-mpath],
[with mpath backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_mpath=check])
2008-05-22 23:34:02 +08:00
AC_ARG_WITH([storage-disk],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-disk],
[with GPartd Disk backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_disk=check])
2012-05-14 17:06:42 +08:00
AC_ARG_WITH([storage-rbd],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-rbd],
[with RADOS Block Device backend for the storage driver
@<:@default=check@:>@])],
[],[with_storage_rbd=check])
2012-07-19 03:06:58 +08:00
AC_ARG_WITH([storage-sheepdog],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-storage-sheepdog],
[with Sheepdog backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_sheepdog=check])
2013-11-20 07:26:05 +08:00
AC_ARG_WITH([storage-gluster],
[AS_HELP_STRING([--with-storage-gluster],
[with Gluster backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_gluster=check])
2014-07-21 22:38:42 +08:00
AC_ARG_WITH([storage-zfs],
[AS_HELP_STRING([--with-storage-zfs],
[with ZFS backend for the storage driver @<:@default=check@:>@])],
[],[with_storage_zfs=check])
2008-02-20 23:42:30 +08:00
2008-09-05 20:03:45 +08:00
if test "$with_libvirtd" = "no"; then
with_storage_dir=no
with_storage_fs=no
with_storage_lvm=no
with_storage_iscsi=no
2009-04-02 00:03:22 +08:00
with_storage_scsi=no
2009-09-08 21:47:45 +08:00
with_storage_mpath=no
2008-09-05 20:03:45 +08:00
with_storage_disk=no
2012-05-14 17:06:42 +08:00
with_storage_rbd=no
2012-07-19 03:06:58 +08:00
with_storage_sheepdog=no
2013-11-20 07:26:05 +08:00
with_storage_gluster=no
2014-07-21 22:38:42 +08:00
with_storage_zfs=no
2008-09-05 20:03:45 +08:00
fi
if test "$with_storage_dir" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_STORAGE_DIR], 1, [whether directory backend for storage driver is enabled])
fi
AM_CONDITIONAL([WITH_STORAGE_DIR], [test "$with_storage_dir" = "yes"])
2010-10-05 09:31:05 +08:00
dnl storage-fs does not work on MacOS X
if test "$with_osx" = "yes"; then
with_storage_fs=no
fi
2008-09-05 20:03:45 +08:00
2010-11-13 19:33:44 +08:00
if test "$with_storage_fs" = "yes" || test "$with_storage_fs" = "check"; then
AC_CHECK_HEADER([mntent.h],,
[
if test "$with_storage_fs" = "check"; then
with_storage_fs=no
AC_MSG_NOTICE([<mntent.h> is required for the FS storage driver, disabling it])
else
AC_MSG_ERROR([<mntent.h> is required for the FS storage driver])
fi
])
fi
2010-03-25 05:31:31 +08:00
if test "$with_storage_fs" = "yes" || test "$with_storage_fs" = "check"; then
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([MOUNT], [mount], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([UMOUNT], [umount], [], [$PATH:/sbin:/usr/sbin])
2011-06-14 16:16:39 +08:00
AC_PATH_PROG([MKFS], [mkfs], [], [$PATH:/sbin:/usr/sbin])
2008-02-20 23:42:30 +08:00
if test "$with_storage_fs" = "yes" ; then
2008-05-22 23:34:02 +08:00
if test -z "$MOUNT" ; then AC_MSG_ERROR([We need mount for FS storage driver]) ; fi
2008-05-22 23:40:01 +08:00
if test -z "$UMOUNT" ; then AC_MSG_ERROR([We need umount for FS storage driver]) ; fi
2011-06-14 16:16:39 +08:00
if test -z "$MKFS" ; then AC_MSG_ERROR([We need mkfs for FS storage driver]) ; fi
2008-02-20 23:42:30 +08:00
else
if test -z "$MOUNT" ; then with_storage_fs=no ; fi
if test -z "$UMOUNT" ; then with_storage_fs=no ; fi
2011-06-14 16:16:39 +08:00
if test -z "$MKFS" ; then with_storage_fs=no ; fi
2008-02-20 23:42:30 +08:00
if test "$with_storage_fs" = "check" ; then with_storage_fs=yes ; fi
fi
if test "$with_storage_fs" = "yes" ; then
2008-05-22 23:34:02 +08:00
AC_DEFINE_UNQUOTED([WITH_STORAGE_FS], 1, [whether FS backend for storage driver is enabled])
2008-02-20 23:42:30 +08:00
AC_DEFINE_UNQUOTED([MOUNT],["$MOUNT"],
[Location or name of the mount program])
AC_DEFINE_UNQUOTED([UMOUNT],["$UMOUNT"],
[Location or name of the mount program])
2011-06-14 16:16:39 +08:00
AC_DEFINE_UNQUOTED([MKFS],["$MKFS"],
[Location or name of the mkfs program])
2008-02-20 23:42:30 +08:00
fi
fi
2008-05-22 23:34:02 +08:00
AM_CONDITIONAL([WITH_STORAGE_FS], [test "$with_storage_fs" = "yes"])
2008-08-28 04:05:58 +08:00
if test "$with_storage_fs" = "yes"; then
AC_PATH_PROG([SHOWMOUNT], [showmount], [], [$PATH:/sbin:/usr/sbin])
AC_DEFINE_UNQUOTED([SHOWMOUNT], ["$SHOWMOUNT"],
[Location or name of the showmount program])
fi
2008-02-20 23:42:30 +08:00
2010-03-25 05:31:31 +08:00
if test "$with_storage_lvm" = "yes" || test "$with_storage_lvm" = "check"; then
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([PVCREATE], [pvcreate], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([VGCREATE], [vgcreate], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([LVCREATE], [lvcreate], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([PVREMOVE], [pvremove], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([VGREMOVE], [vgremove], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([LVREMOVE], [lvremove], [], [$PATH:/sbin:/usr/sbin])
2011-11-22 15:24:25 +08:00
AC_PATH_PROG([LVCHANGE], [lvchange], [], [$PATH:/sbin:/usr/sbin])
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([VGCHANGE], [vgchange], [], [$PATH:/sbin:/usr/sbin])
2008-11-05 19:41:43 +08:00
AC_PATH_PROG([VGSCAN], [vgscan], [], [$PATH:/sbin:/usr/sbin])
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([PVS], [pvs], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([VGS], [vgs], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([LVS], [lvs], [], [$PATH:/sbin:/usr/sbin])
2008-02-20 23:45:33 +08:00
if test "$with_storage_lvm" = "yes" ; then
2008-05-22 23:34:02 +08:00
if test -z "$PVCREATE" ; then AC_MSG_ERROR([We need pvcreate for LVM storage driver]) ; fi
if test -z "$VGCREATE" ; then AC_MSG_ERROR([We need vgcreate for LVM storage driver]) ; fi
if test -z "$LVCREATE" ; then AC_MSG_ERROR([We need lvcreate for LVM storage driver]) ; fi
if test -z "$PVREMOVE" ; then AC_MSG_ERROR([We need pvremove for LVM storage driver]) ; fi
if test -z "$VGREMOVE" ; then AC_MSG_ERROR([We need vgremove for LVM storage driver]) ; fi
if test -z "$LVREMOVE" ; then AC_MSG_ERROR([We need lvremove for LVM storage driver]) ; fi
2011-11-22 15:24:25 +08:00
if test -z "$LVCHANGE" ; then AC_MSG_ERROR([We need lvchange for LVM storage driver]) ; fi
2008-05-22 23:34:02 +08:00
if test -z "$VGCHANGE" ; then AC_MSG_ERROR([We need vgchange for LVM storage driver]) ; fi
2008-11-05 19:41:43 +08:00
if test -z "$VGSCAN" ; then AC_MSG_ERROR([We need vgscan for LVM storage driver]) ; fi
2008-05-22 23:34:02 +08:00
if test -z "$PVS" ; then AC_MSG_ERROR([We need pvs for LVM storage driver]) ; fi
if test -z "$VGS" ; then AC_MSG_ERROR([We need vgs for LVM storage driver]) ; fi
if test -z "$LVS" ; then AC_MSG_ERROR([We need lvs for LVM storage driver]) ; fi
2008-02-20 23:45:33 +08:00
else
if test -z "$PVCREATE" ; then with_storage_lvm=no ; fi
if test -z "$VGCREATE" ; then with_storage_lvm=no ; fi
if test -z "$LVCREATE" ; then with_storage_lvm=no ; fi
if test -z "$PVREMOVE" ; then with_storage_lvm=no ; fi
if test -z "$VGREMOVE" ; then with_storage_lvm=no ; fi
if test -z "$LVREMOVE" ; then with_storage_lvm=no ; fi
2011-11-22 15:24:25 +08:00
if test -z "$LVCHANGE" ; then with_storage_lvm=no ; fi
2008-11-05 19:41:43 +08:00
if test -z "$VGCHANGE" ; then with_storage_lvm=no ; fi
if test -z "$VGSCAN" ; then with_storage_lvm=no ; fi
2008-02-20 23:45:33 +08:00
if test -z "$PVS" ; then with_storage_lvm=no ; fi
if test -z "$VGS" ; then with_storage_lvm=no ; fi
if test -z "$LVS" ; then with_storage_lvm=no ; fi
if test "$with_storage_lvm" = "check" ; then with_storage_lvm=yes ; fi
fi
if test "$with_storage_lvm" = "yes" ; then
2008-05-22 23:34:02 +08:00
AC_DEFINE_UNQUOTED([WITH_STORAGE_LVM], 1, [whether LVM backend for storage driver is enabled])
2008-02-20 23:45:33 +08:00
AC_DEFINE_UNQUOTED([PVCREATE],["$PVCREATE"],[Location of pvcreate program])
AC_DEFINE_UNQUOTED([VGCREATE],["$VGCREATE"],[Location of vgcreate program])
AC_DEFINE_UNQUOTED([LVCREATE],["$LVCREATE"],[Location of lvcreate program])
2011-06-08 15:07:24 +08:00
AC_DEFINE_UNQUOTED([PVREMOVE],["$PVREMOVE"],[Location of pvremove program])
AC_DEFINE_UNQUOTED([VGREMOVE],["$VGREMOVE"],[Location of vgremove program])
AC_DEFINE_UNQUOTED([LVREMOVE],["$LVREMOVE"],[Location of lvremove program])
2011-11-22 15:24:25 +08:00
AC_DEFINE_UNQUOTED([LVCHANGE],["$LVCHANGE"],[Location of lvchange program])
2008-02-20 23:45:33 +08:00
AC_DEFINE_UNQUOTED([VGCHANGE],["$VGCHANGE"],[Location of vgchange program])
2008-11-05 19:41:43 +08:00
AC_DEFINE_UNQUOTED([VGSCAN],["$VGSCAN"],[Location of vgscan program])
2008-02-20 23:45:33 +08:00
AC_DEFINE_UNQUOTED([PVS],["$PVS"],[Location of pvs program])
AC_DEFINE_UNQUOTED([VGS],["$VGS"],[Location of vgs program])
AC_DEFINE_UNQUOTED([LVS],["$LVS"],[Location of lvs program])
fi
fi
2008-05-22 23:34:02 +08:00
AM_CONDITIONAL([WITH_STORAGE_LVM], [test "$with_storage_lvm" = "yes"])
2008-02-20 23:45:33 +08:00
2008-02-20 23:49:25 +08:00
2010-03-25 05:31:31 +08:00
if test "$with_storage_iscsi" = "yes" || test "$with_storage_iscsi" = "check"; then
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([ISCSIADM], [iscsiadm], [], [$PATH:/sbin:/usr/sbin])
2008-02-20 23:49:25 +08:00
if test "$with_storage_iscsi" = "yes" ; then
2008-05-22 23:34:02 +08:00
if test -z "$ISCSIADM" ; then AC_MSG_ERROR([We need iscsiadm for iSCSI storage driver]) ; fi
2008-02-20 23:49:25 +08:00
else
if test -z "$ISCSIADM" ; then with_storage_iscsi=no ; fi
if test "$with_storage_iscsi" = "check" ; then with_storage_iscsi=yes ; fi
fi
if test "$with_storage_iscsi" = "yes" ; then
2008-05-22 23:34:02 +08:00
AC_DEFINE_UNQUOTED([WITH_STORAGE_ISCSI], 1, [whether iSCSI backend for storage driver is enabled])
2008-02-20 23:49:25 +08:00
fi
fi
2014-03-21 16:02:44 +08:00
if test -z "$ISCIADM" ; then
AC_DEFINE_UNQUOTED([ISCSIADM],["iscsiadm"],[Name of iscsiadm program])
else
AC_DEFINE_UNQUOTED([ISCSIADM],["$ISCSIADM"],[Location of iscsiadm program])
fi
2008-05-22 23:34:02 +08:00
AM_CONDITIONAL([WITH_STORAGE_ISCSI], [test "$with_storage_iscsi" = "yes"])
2008-02-20 23:49:25 +08:00
2009-04-02 00:03:22 +08:00
if test "$with_storage_scsi" = "check"; then
with_storage_scsi=yes
AC_DEFINE_UNQUOTED([WITH_STORAGE_SCSI], 1,
[whether SCSI backend for storage driver is enabled])
fi
2009-04-03 02:42:33 +08:00
AM_CONDITIONAL([WITH_STORAGE_SCSI], [test "$with_storage_scsi" = "yes"])
2008-02-20 23:49:25 +08:00
2011-05-13 12:47:50 +08:00
if test "$with_storage_mpath" = "check"; then
if test "$with_linux" = "yes"; then
with_storage_mpath=yes
AC_DEFINE_UNQUOTED([WITH_STORAGE_MPATH], 1,
[whether mpath backend for storage driver is enabled])
else
with_storage_mpath=no
fi
2009-09-08 21:47:45 +08:00
fi
AM_CONDITIONAL([WITH_STORAGE_MPATH], [test "$with_storage_mpath" = "yes"])
2012-05-14 17:06:42 +08:00
LIBRBD_LIBS=
if test "$with_storage_rbd" = "yes" || test "$with_storage_rbd" = "check"; then
AC_CHECK_HEADER([rbd/librbd.h], [LIBRBD_FOUND=yes; break;])
if test "$LIBRBD_FOUND" = "yes"; then
with_storage_rbd=yes
2012-07-16 01:18:44 +08:00
LIBRBD_LIBS="-lrbd -lrados"
2012-05-14 17:06:42 +08:00
AC_DEFINE_UNQUOTED([WITH_STORAGE_RBD], [1],
[whether RBD backend for storage driver is enabled])
else
with_storage_rbd=no
fi
fi
AM_CONDITIONAL([WITH_STORAGE_RBD], [test "$with_storage_rbd" = "yes"])
AC_SUBST([LIBRBD_LIBS])
2012-07-19 03:06:58 +08:00
if test "$with_storage_sheepdog" = "yes" ||
test "$with_storage_sheepdog" = "check"; then
AC_PATH_PROG([COLLIE], [collie], [], [$PATH:/sbin:/usr/sbin])
if test "$with_storage_sheepdog" = "yes"; then
if test -z "$COLLIE"; then
AC_MSG_ERROR([We need collie for Sheepdog storage driver])
fi
else
if test -z "$COLLIE"; then
with_storage_sheepdog=no
fi
if test "$with_storage_sheepdog" = "check"; then
with_storage_sheepdog=yes
fi
fi
if test "$with_storage_sheepdog" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_STORAGE_SHEEPDOG], 1,
[whether Sheepdog backend for storage driver is enabled])
AC_DEFINE_UNQUOTED([COLLIE],["$COLLIE"],[Location of collie program])
fi
fi
AM_CONDITIONAL([WITH_STORAGE_SHEEPDOG],
[test "$with_storage_sheepdog" = "yes"])
2013-11-20 07:26:05 +08:00
if test "$with_storage_gluster" = "check"; then
with_storage_gluster=$with_glusterfs
fi
if test "$with_storage_gluster" = "yes"; then
if test "$with_glusterfs" = no; then
AC_MSG_ERROR([Need glusterfs (libgfapi) for gluster storage driver])
fi
AC_DEFINE_UNQUOTED([WITH_STORAGE_GLUSTER], [1],
[whether Gluster backend for storage driver is enabled])
fi
AM_CONDITIONAL([WITH_STORAGE_GLUSTER], [test "$with_storage_gluster" = "yes"])
2014-07-21 22:38:42 +08:00
if test "$with_storage_zfs" = "check"; then
with_storage_zfs=$with_freebsd
fi
if test "$with_storage_zfs" = "yes" && test "$with_freebsd" = "no"; then
AC_MSG_ERROR([The ZFS storage driver can be enabled on FreeBSD only.])
fi
if test "$with_storage_zfs" = "yes" ||
test "$with_storage_zfs" = "check"; then
AC_PATH_PROG([ZFS], [zfs], [], [$PATH:/sbin:/usr/sbin])
AC_PATH_PROG([ZPOOL], [zpool], [], [$PATH:/sbin:/usr/sbin])
if test "$with_storage_zfs" = "yes"; then
if test -z "$ZFS" || test -z "$ZPOOL"; then
AC_MSG_ERROR([We need zfs and zpool for ZFS storage driver])
fi
else
if test -z "$ZFS" || test -z "$ZPOOL"; then
with_storage_zfs=no
fi
if test "$with_storage_zfs" = "check"; then
with_storage_zfs=yes
fi
fi
if test "$with_storage_zfs" = "yes"; then
AC_DEFINE_UNQUOTED([WITH_STORAGE_ZFS], 1,
[whether ZFS backend for storage driver is enabled])
AC_DEFINE_UNQUOTED([ZFS], ["$ZFS"], [Location of zfs program])
AC_DEFINE_UNQUOTED([ZPOOL], ["$ZPOOL"], [Location of zpool program])
fi
fi
AM_CONDITIONAL([WITH_STORAGE_ZFS],
[test "$with_storage_zfs" = "yes"])
2014-03-27 02:17:55 +08:00
if test "$with_storage_fs" = "yes" ||
test "$with_storage_gluster" = "yes"; then
AC_PATH_PROG([GLUSTER_CLI], [gluster], [], [$PATH:/sbin:/usr/sbin])
2014-04-07 15:24:41 +08:00
if test "x$GLUSTER_CLI" != "x"; then
AC_DEFINE_UNQUOTED([GLUSTER_CLI], ["$GLUSTER_CLI"],
[Location or name of the gluster command line tool])
fi
2014-03-27 02:17:55 +08:00
fi
2012-07-19 03:06:58 +08:00
2008-02-20 23:52:17 +08:00
LIBPARTED_CFLAGS=
LIBPARTED_LIBS=
2011-02-01 06:08:26 +08:00
if test "$with_storage_disk" = "yes" ||
test "$with_storage_disk" = "check"; then
2008-05-22 23:34:02 +08:00
AC_PATH_PROG([PARTED], [parted], [], [$PATH:/sbin:/usr/sbin])
2011-02-17 15:29:07 +08:00
AC_PATH_PROG([DMSETUP], [dmsetup], [], [$PATH:/sbin:/usr/sbin])
2008-05-30 03:23:17 +08:00
if test -z "$PARTED" ; then
PARTED_FOUND=no
else
PARTED_FOUND=yes
fi
2008-02-20 23:52:17 +08:00
2011-02-17 15:29:07 +08:00
if test -z "$DMSETUP" ; then
DMSETUP_FOUND=no
else
DMSETUP_FOUND=yes
fi
2011-02-01 06:08:26 +08:00
if test "$PARTED_FOUND" = "yes" && test "x$PKG_CONFIG" != "x" ; then
PKG_CHECK_MODULES([LIBPARTED], [libparted >= $PARTED_REQUIRED], [],
[PARTED_FOUND=no])
2008-02-20 23:52:17 +08:00
fi
if test "$PARTED_FOUND" = "no"; then
# RHEL-5 vintage parted is missing pkg-config files
save_LIBS="$LIBS"
save_CFLAGS="$CFLAGS"
PARTED_FOUND=yes
2008-05-22 23:34:02 +08:00
AC_CHECK_HEADER([parted/parted.h],,[PARTED_FOUND=no])
AC_CHECK_LIB([uuid], [uuid_generate],,[PARTED_FOUND=no])
AC_CHECK_LIB([parted], [ped_device_read],,[PARTED_FOUND=no])
2008-02-20 23:52:17 +08:00
LIBPARTED_LIBS="-luuid -lparted"
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
fi
2011-02-17 15:29:07 +08:00
if test "$with_storage_disk" = "yes" &&
test "$PARTED_FOUND:$DMSETUP_FOUND" != "yes:yes"; then
AC_MSG_ERROR([Need both parted and dmsetup for disk storage driver])
fi
if test "$with_storage_disk" = "check"; then
if test "$PARTED_FOUND:$DMSETUP_FOUND" != "yes:yes"; then
2008-02-20 23:52:17 +08:00
with_storage_disk=no
2011-02-17 15:29:07 +08:00
else
with_storage_disk=yes
2008-02-20 23:52:17 +08:00
fi
fi
if test "$with_storage_disk" = "yes"; then
2011-02-01 06:08:26 +08:00
AC_DEFINE_UNQUOTED([WITH_STORAGE_DISK], 1,
[whether Disk backend for storage driver is enabled])
AC_DEFINE_UNQUOTED([PARTED],["$PARTED"],
[Location or name of the parted program])
2011-02-17 15:29:07 +08:00
AC_DEFINE_UNQUOTED([DMSETUP],["$DMSETUP"],
[Location or name of the dmsetup program])
2008-02-20 23:52:17 +08:00
fi
fi
2008-05-22 23:34:02 +08:00
AM_CONDITIONAL([WITH_STORAGE_DISK], [test "$with_storage_disk" = "yes"])
AC_SUBST([LIBPARTED_CFLAGS])
AC_SUBST([LIBPARTED_LIBS])
2008-02-20 23:52:17 +08:00
2011-02-21 09:57:24 +08:00
if test "$with_storage_mpath" = "yes" ||
test "$with_storage_disk" = "yes"; then
DEVMAPPER_CFLAGS=
DEVMAPPER_LIBS=
PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= $DEVMAPPER_REQUIRED], [], [DEVMAPPER_FOUND=no])
if test "$DEVMAPPER_FOUND" = "no"; then
# devmapper is missing pkg-config files in ubuntu, suse, etc
save_LIBS="$LIBS"
save_CFLAGS="$CFLAGS"
DEVMAPPER_FOUND=yes
AC_CHECK_LIB([devmapper], [dm_task_run],,[DEVMAPPER_FOUND=no])
DEVMAPPER_LIBS="-ldevmapper"
LIBS="$save_LIBS"
CFLAGS="$save_CFLAGS"
fi
AC_CHECK_HEADERS([libdevmapper.h],,[DEVMAPPER_FOUND=no])
if test "$DEVMAPPER_FOUND" = "no" ; then
AC_MSG_ERROR([You must install device-mapper-devel/libdevmapper >= $DEVMAPPER_REQUIRED to compile libvirt])
fi
fi
AC_SUBST([DEVMAPPER_CFLAGS])
AC_SUBST([DEVMAPPER_LIBS])
2012-06-06 00:28:52 +08:00
with_storage=no
for backend in dir fs lvm iscsi scsi mpath rbd disk; do
if eval test \$with_storage_$backend = yes; then
with_storage=yes
break
fi
done
if test $with_storage = yes; then
AC_DEFINE([WITH_STORAGE], [1],
[Define to 1 if at least one storage backend is in use])
fi
AM_CONDITIONAL([WITH_STORAGE], [test "$with_storage" = "yes"])
2009-07-24 04:21:08 +08:00
dnl
2013-01-09 05:31:58 +08:00
dnl check for (ESX)
2009-07-24 04:21:08 +08:00
dnl
2013-01-09 05:31:58 +08:00
if test "$with_curl" != "yes" ; then
2013-01-26 05:06:53 +08:00
if test "$with_esx" != "yes"; then
2013-01-09 05:31:58 +08:00
with_esx=no
else
AC_MSG_ERROR([Curl is required for the ESX driver])
fi
else
if test "$with_esx" = "check"; then
with_esx=yes
fi
2012-10-07 02:09:20 +08:00
fi
2010-03-14 19:11:51 +08:00
2009-08-05 18:59:58 +08:00
if test "$with_esx" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_ESX], 1, [whether ESX driver is enabled])
fi
AM_CONDITIONAL([WITH_ESX], [test "$with_esx" = "yes"])
2009-07-24 04:21:08 +08:00
2010-12-22 05:39:55 +08:00
with_vmx=yes
if test "$with_esx" != "yes" && test "$with_vmware" != "yes"; then
with_vmx=no
fi
if test "$with_vmx" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_VMX], 1, [whether VMware VMX config handling is enabled])
fi
AM_CONDITIONAL([WITH_VMX], [test "$with_vmx" = "yes"])
2010-03-14 19:11:51 +08:00
if test "$with_xenapi" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_XENAPI], 1, [whether XenAPI driver is enabled])
fi
AM_CONDITIONAL([WITH_XENAPI], [test "$with_xenapi" = "yes"])
2011-07-13 22:05:18 +08:00
dnl
2013-01-09 06:08:53 +08:00
dnl check for Hyper-V
2011-07-13 22:05:18 +08:00
dnl
2013-01-09 06:08:53 +08:00
if test "$with_hyperv" != "no"; then
if test "$with_openwsman" != "yes"; then
if test "$with_hyperv" = "check"; then
with_hyperv=no
else
AC_MSG_ERROR([openwsman is required for the Hyper-V driver])
fi
else
with_hyperv=yes
fi
2011-07-13 22:05:18 +08:00
fi
if test "$with_hyperv" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_HYPERV], 1, [whether Hyper-V driver is enabled])
fi
AM_CONDITIONAL([WITH_HYPERV], [test "$with_hyperv" = "yes"])
2013-11-23 00:42:22 +08:00
dnl Allow perl/python overrides
2013-12-18 01:53:28 +08:00
AC_PATH_PROGS([PYTHON], [python2 python])
2012-05-30 05:49:13 +08:00
AC_PATH_PROG([PERL], [perl])
2014-08-14 11:37:45 +08:00
if test -z "$PERL"; then
AC_MSG_ERROR([Failed to find perl.])
fi
2012-05-30 05:49:13 +08:00
2013-12-18 14:59:19 +08:00
AC_ARG_WITH([test-suite],
[AS_HELP_STRING([--with-test-suite],
[build test suite by default @<:@default=check@:>@])],
[case "${withval}" in
yes|no|check) ;;
*) AC_MSG_ERROR([bad value ${withval} for tests option]) ;;
esac],
[withval=check])
2012-03-27 23:35:01 +08:00
AC_MSG_CHECKING([Whether to build test suite by default])
if test "$withval" = "check" ; then
if test -d $srcdir/.git ; then
withval=yes
else
withval=no
fi
fi
AC_MSG_RESULT([$withval])
AM_CONDITIONAL([WITH_TESTS], [test "$withval" = "yes"])
build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc). While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior). Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on. It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).
Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable. Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.
* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-31 21:18:58 +08:00
AC_ARG_ENABLE([expensive-tests],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--enable-expensive-tests],
build: add configure option to disable gnulib tests
The gnulib testsuite is relatively stable - the only times it is
likely to have a test change from pass to fail is on a gnulib
submodule update or a major system change (such as moving from
Fedora 18 to 19, or other large change to libc). While it is an
important test for end users on arbitrary machines (to make sure
that the portability glue works for their machine), it mostly
wastes time for development testing (as most developers aren't
making any of the major changes that would cause gnulib tests
to alter behavior). Thus, it pays to make the tests optional
at configure time, defaulting to off for development, on for
tarballs, with autobuilders requesting it to be on. It also
helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
(much the way automake sets up V=[01] for overriding the configure
time default of how verbose to be).
Automake has some pretty hard-coded magic with regards to the
TESTS variable; I had quite a job figuring out how to keep
'make distcheck' passing regardless of the configure option
setting in use, while still disabling the tests at runtime
when I did not configure them on and did not use the override
variable. Thankfully, we require GNU make, which lets me
hide some information from Automake's magic handling of TESTS.
* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
* configure.ac (--enable-expensive-tests): Add new enable switch.
(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
witnesses.
* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
configure settings and the VIR_TEST_EXPENSIVE variable.
* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
to all tests.
* autobuild.sh: Enable all tests during autobuilds.
* libvirt.spec.in (%configure): Likewise.
* mingw-libvirt.spec.in (%mingw_configure): Likewise.
* docs/hacking.html.in: Document the option.
* HACKING: Regenerate.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-07-31 21:18:58 +08:00
[set the default for enabling expensive tests (gnulib and long timeouts) ]
[@<:@default=check@:>@; use VIR_TEST_EXPENSIVE to override during make])],
[case $enableval in
0|no) VIR_TEST_EXPENSIVE_DEFAULT=0 ;;
1|yes) VIR_TEST_EXPENSIVE_DEFAULT=1 ;;
check) ;;
*) AC_MSG_ERROR([bad value ${enableval} for enable-expensive-tests option])
;;
esac], [enableval=check])
if test "$enableval" = check; then
if test -d $srcdir/.git ; then
VIR_TEST_EXPENSIVE_DEFAULT=0
else
VIR_TEST_EXPENSIVE_DEFAULT=1
fi
fi
AC_SUBST([VIR_TEST_EXPENSIVE_DEFAULT])
AM_CONDITIONAL([WITH_EXPENSIVE_TESTS], [test $VIR_TEST_EXPENSIVE_DEFAULT = 1])
2008-05-22 23:34:02 +08:00
AC_ARG_ENABLE([test-coverage],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--enable-test-coverage],
[turn on code coverage instrumentation @<:@default=no@:>@])],
2007-02-14 10:12:41 +08:00
[case "${enableval}" in
yes|no) ;;
*) AC_MSG_ERROR([bad value ${enableval} for test-coverage option]) ;;
esac],
[enableval=no])
2008-05-29 23:13:07 +08:00
enable_coverage=$enableval
2007-02-14 10:12:41 +08:00
2008-05-29 23:13:07 +08:00
if test "${enable_coverage}" = yes; then
2010-07-16 23:04:05 +08:00
save_WARN_CFLAGS=$WARN_CFLAGS
WARN_CFLAGS=
gl_WARN_ADD([-fprofile-arcs])
gl_WARN_ADD([-ftest-coverage])
COVERAGE_FLAGS=$WARN_CFLAGS
AC_SUBST([COVERAGE_CFLAGS], [$COVERAGE_FLAGS])
AC_SUBST([COVERAGE_LDFLAGS], [$COVERAGE_FLAGS])
WARN_CFLAGS=$save_WARN_CFLAGS
2007-02-14 10:12:41 +08:00
fi
2008-05-29 23:13:07 +08:00
AC_ARG_ENABLE([test-oom],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--enable-test-oom],
[memory allocation failure checking @<:@default=no@:>@])],
2008-05-29 23:13:07 +08:00
[case "${enableval}" in
yes|no) ;;
*) AC_MSG_ERROR([bad value ${enableval} for test-oom option]) ;;
esac],
[enableval=no])
enable_oom=$enableval
if test "${enable_oom}" = yes; then
have_trace=yes
AC_CHECK_HEADER([execinfo.h],[],[have_trace=no])
AC_CHECK_FUNC([backtrace],[],[have_trace=no])
if test "$have_trace" = "yes"; then
AC_DEFINE([TEST_OOM_TRACE], 1, [Whether backtrace() is available])
fi
AC_DEFINE([TEST_OOM], 1, [Whether malloc OOM checking is enabled])
fi
2009-05-19 18:17:17 +08:00
AC_ARG_ENABLE([test-locking],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--enable-test-locking],
[thread locking tests using CIL @<:@default=no@:>@])],
2009-05-19 18:17:17 +08:00
[case "${enableval}" in
yes|no) ;;
*) AC_MSG_ERROR([bad value ${enableval} for test-locking option]) ;;
esac],
[enableval=no])
enable_locking=$enableval
if test "$enable_locking" = "yes"; then
2013-12-19 00:15:08 +08:00
LOCK_CHECKING_CFLAGS="-save-temps"
2009-05-19 18:17:17 +08:00
AC_SUBST([LOCK_CHECKING_CFLAGS])
fi
AM_CONDITIONAL([WITH_CIL],[test "$enable_locking" = "yes"])
2007-12-07 00:34:48 +08:00
dnl Enable building libvirtd?
2008-05-22 23:34:02 +08:00
AM_CONDITIONAL([WITH_LIBVIRTD],[test "x$with_libvirtd" = "xyes"])
2007-12-07 00:34:48 +08:00
2011-05-12 23:29:51 +08:00
dnl Check for gettext - don't go any newer than what RHEL 5 supports
2011-07-28 20:55:21 +08:00
dnl
dnl save and restore CPPFLAGS around gettext check as the internal iconv
dnl check might leave -I/usr/local/include in CPPFLAGS on FreeBSD resulting
dnl in the build picking up previously installed libvirt/libvirt.h instead
dnl of the correct one from the source tree.
dnl compute the difference between save_CPPFLAGS and CPPFLAGS and append it
dnl to INCLUDES in order to preserve changes made by gettext but in a place
dnl that does not break the build
save_CPPFLAGS="$CPPFLAGS"
2012-04-25 11:40:08 +08:00
AM_GNU_GETTEXT_VERSION([0.17])
2006-09-21 23:24:37 +08:00
AM_GNU_GETTEXT([external])
2011-07-28 20:55:21 +08:00
GETTEXT_CPPFLAGS=
if test "x$save_CPPFLAGS" != "x$CPPFLAGS"; then
set dummy $CPPFLAGS; shift
for var
do
case " $var " in
" $save_CPPFLAGS ") ;;
*) GETTEXT_CPPFLAGS="$GETTEXT_CPPFLAGS $var" ;;
esac
done
fi
CPPFLAGS="$save_CPPFLAGS"
AC_SUBST([GETTEXT_CPPFLAGS])
2010-02-24 17:53:44 +08:00
2008-10-22 21:55:15 +08:00
ALL_LINGUAS=`cd "$srcdir/po" > /dev/null && ls *.po | sed 's+\.po$++'`
2006-09-21 23:24:37 +08:00
2007-11-30 01:44:01 +08:00
dnl Extra link-time flags for Cygwin.
dnl Copied from libxml2 configure.in, but I removed mingw changes
dnl for now since I'm not supporting mingw at present. - RWMJ
CYGWIN_EXTRA_LDFLAGS=
CYGWIN_EXTRA_LIBADD=
2008-01-06 00:06:36 +08:00
MINGW_EXTRA_LDFLAGS=
2010-03-17 06:54:22 +08:00
WIN32_EXTRA_CFLAGS=
2013-01-10 06:07:30 +08:00
dnl libvirt.syms is generated in builddir, but libvirt_qemu.syms is in git;
dnl hence the asymmetric naming of these two symbol files.
2010-03-22 09:25:36 +08:00
LIBVIRT_SYMBOL_FILE=libvirt.syms
Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-21 21:15:19 +08:00
LIBVIRT_LXC_SYMBOL_FILE='$(srcdir)/libvirt_lxc.syms'
2010-07-27 00:38:30 +08:00
LIBVIRT_QEMU_SYMBOL_FILE='$(srcdir)/libvirt_qemu.syms'
2012-05-28 19:31:21 +08:00
MSCOM_LIBS=
2007-11-30 01:44:01 +08:00
case "$host" in
*-*-cygwin*)
CYGWIN_EXTRA_LDFLAGS="-no-undefined"
CYGWIN_EXTRA_LIBADD="${INTLLIBS}"
2012-05-28 19:31:21 +08:00
MSCOM_LIBS="-lole32 -loleaut32"
2007-11-30 01:44:01 +08:00
;;
2008-01-06 00:06:36 +08:00
*-*-mingw*)
MINGW_EXTRA_LDFLAGS="-no-undefined"
2012-05-28 19:31:21 +08:00
MSCOM_LIBS="-lole32 -loleaut32"
;;
*-*-msvc*)
MSCOM_LIBS="-lole32 -loleaut32"
2008-01-06 00:06:36 +08:00
;;
2007-11-30 01:44:01 +08:00
esac
2010-03-17 06:54:22 +08:00
case "$host" in
*-*-mingw* | *-*-cygwin* | *-*-msvc* )
# If the host is Windows, and shared libraries are disabled, we
# need to add -DLIBVIRT_STATIC to the CFLAGS for proper linking
if test "x$enable_shared" = "xno"; then
WIN32_EXTRA_CFLAGS="-DLIBVIRT_STATIC"
fi
2010-04-27 15:43:55 +08:00
esac
case "$host" in
*-*-mingw* | *-*-msvc* )
2010-03-22 09:25:36 +08:00
# Also set the symbol file to .def, so src/Makefile generates libvirt.def
# from libvirt.syms and passes libvirt.def instead of libvirt.syms to the linker
LIBVIRT_SYMBOL_FILE=libvirt.def
Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-21 21:15:19 +08:00
LIBVIRT_LXC_SYMBOL_FILE=libvirt_lxc.def
2010-08-13 05:43:16 +08:00
LIBVIRT_QEMU_SYMBOL_FILE=libvirt_qemu.def
2010-04-27 15:43:55 +08:00
# mingw's ld has the --version-script parameter, but it requires a .def file
2010-05-03 18:21:58 +08:00
# instead to work properly, therefore clear --version-script here and use
# -Wl, to pass the .def file to the linker
2010-04-27 15:43:55 +08:00
# cygwin's ld has the --version-script parameter too, but for some reason
# it's working there as expected
2010-05-03 18:21:58 +08:00
VERSION_SCRIPT_FLAGS="-Wl,"
2010-03-17 06:54:22 +08:00
;;
esac
2008-05-22 23:34:02 +08:00
AC_SUBST([CYGWIN_EXTRA_LDFLAGS])
AC_SUBST([CYGWIN_EXTRA_LIBADD])
AC_SUBST([MINGW_EXTRA_LDFLAGS])
2010-03-17 06:54:22 +08:00
AC_SUBST([WIN32_EXTRA_CFLAGS])
2010-03-22 09:25:36 +08:00
AC_SUBST([LIBVIRT_SYMBOL_FILE])
Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-21 21:15:19 +08:00
AC_SUBST([LIBVIRT_LXC_SYMBOL_FILE])
2010-04-14 02:02:46 +08:00
AC_SUBST([LIBVIRT_QEMU_SYMBOL_FILE])
2010-05-03 18:21:58 +08:00
AC_SUBST([VERSION_SCRIPT_FLAGS])
2012-05-28 19:31:21 +08:00
AC_SUBST([MSCOM_LIBS])
2007-11-30 01:44:01 +08:00
2008-10-16 02:39:34 +08:00
2010-04-08 17:52:46 +08:00
dnl Look for windres to build a Windows icon resource.
case "$host" in
*-*-mingw* | *-*-cygwin* | *-*-msvc* )
AC_CHECK_TOOL([WINDRES], [windres], [])
;;
esac
AM_CONDITIONAL([WITH_WIN_ICON], [test "$WINDRES" != ""])
2008-11-21 20:16:08 +08:00
dnl Driver-Modules library
AC_ARG_WITH([driver-modules],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-driver-modules],
[build drivers as loadable modules @<:@default=check@:>@])],
2008-11-21 20:16:08 +08:00
[],
2012-04-02 22:49:32 +08:00
[with_driver_modules=check])
if test "$with_libvirtd" = "no" ; then
with_driver_modules=no
fi
2008-11-21 20:16:08 +08:00
2010-02-24 19:04:27 +08:00
DRIVER_MODULE_CFLAGS=
DRIVER_MODULE_LIBS=
2012-04-02 22:49:32 +08:00
if test "$with_driver_modules" = "yes" || test "$with_driver_modules" = "check"; then
2011-06-10 03:47:43 +08:00
if test "$dlfcn_found" != "yes" || test "$dlopen_found" != "yes"; then
2012-04-02 22:49:32 +08:00
if test "$with_driver_modules" = "yes" ; then
AC_MSG_ERROR([You must have dlfcn.h / dlopen() support to build driver modules])
else
with_driver_modules=no
fi
else
with_driver_modules=yes
2011-06-10 03:47:43 +08:00
fi
2012-04-02 22:49:32 +08:00
fi
if test "$with_driver_modules" = "yes" ; then
2013-05-13 19:48:06 +08:00
DRIVER_MODULE_LDFLAGS="-export-dynamic"
2010-03-04 23:45:02 +08:00
case $ac_cv_search_dlopen in
no*) DRIVER_MODULE_LIBS= ;;
*) DRIVER_MODULE_LIBS=$ac_cv_search_dlopen ;;
esac
2008-11-21 20:16:08 +08:00
AC_DEFINE_UNQUOTED([WITH_DRIVER_MODULES], 1, [whether to build drivers as modules])
fi
AM_CONDITIONAL([WITH_DRIVER_MODULES], [test "$with_driver_modules" != "no"])
2013-05-13 19:48:06 +08:00
AC_SUBST([DRIVER_MODULE_LDFLAGS])
2010-02-24 19:04:27 +08:00
AC_SUBST([DRIVER_MODULE_LIBS])
2008-11-21 20:16:08 +08:00
2008-02-29 01:07:37 +08:00
# Set LV_LIBTOOL_OBJDIR to "." or $lt_cv_objdir, depending on whether
# we're building shared libraries. This is the name of the directory
# in which .o files will be created.
test "$enable_shared" = no && lt_cv_objdir=.
LV_LIBTOOL_OBJDIR=${lt_cv_objdir-.}
2008-05-22 23:34:02 +08:00
AC_SUBST([LV_LIBTOOL_OBJDIR])
2008-02-29 01:07:37 +08:00
2008-11-21 20:27:11 +08:00
with_nodedev=no;
2010-03-25 05:31:31 +08:00
if test "$with_hal" = "yes" || test "$with_udev" = "yes";
2008-11-21 20:27:11 +08:00
then
with_nodedev=yes
AC_DEFINE_UNQUOTED([WITH_NODE_DEVICES], 1, [with node device driver])
fi
AM_CONDITIONAL([WITH_NODE_DEVICES], [test "$with_nodedev" = "yes"])
2010-10-05 09:31:05 +08:00
dnl nwfilter should only be compiled for linux, and only if the
dnl libvirt daemon is also being compiled
2009-07-16 05:25:01 +08:00
2010-09-28 03:44:27 +08:00
with_nwfilter=yes
if test "$with_libvirtd" = "no" || test "$with_linux" != "yes"; then
with_nwfilter=no
fi
if test "$with_nwfilter" = "yes" ; then
AC_DEFINE([WITH_NWFILTER], 1, [whether local network filter management driver is available])
fi
AM_CONDITIONAL([WITH_NWFILTER], [test "$with_nwfilter" = "yes"])
2012-09-18 09:27:06 +08:00
dnl check if the interface driver should be compiled
AC_ARG_WITH([interface],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-interface],
[with host interface driver @<:@default=check@:>@])],
[],[with_interface=check])
2012-09-18 09:27:06 +08:00
dnl Don't compile the interface driver without libvirtd
if test "$with_libvirtd" = "no" ; then
with_interface=no
fi
2012-10-07 03:20:25 +08:00
dnl The interface driver depends on the netcf library or udev library
case $with_interface:$with_netcf:$with_udev in
check:*yes*) with_interface=yes ;;
check:no:no) with_interface=no ;;
yes:no:no) AC_MSG_ERROR([Requested the Interface driver without netcf or udev support]) ;;
esac
2012-09-18 09:27:06 +08:00
if test "$with_interface" = "yes" ; then
AC_DEFINE_UNQUOTED([WITH_INTERFACE], [1],
[whether the interface driver is enabled])
fi
AM_CONDITIONAL([WITH_INTERFACE], [test "$with_interface" = "yes"])
2011-06-14 16:16:39 +08:00
2013-10-29 02:20:35 +08:00
if test $with_freebsd = yes || test $with_osx = yes; then
2012-12-12 15:44:21 +08:00
default_qemu_user=root
default_qemu_group=wheel
else
default_qemu_user=root
default_qemu_group=root
fi
2009-07-16 05:25:01 +08:00
AC_ARG_WITH([qemu-user],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-qemu-user],
[username to run QEMU system instance as
@<:@default=platform dependent@:>@])],
2009-07-16 05:25:01 +08:00
[QEMU_USER=${withval}],
2012-12-12 15:44:21 +08:00
[QEMU_USER=${default_qemu_user}])
2009-07-16 05:25:01 +08:00
AC_ARG_WITH([qemu-group],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-qemu-group],
[groupname to run QEMU system instance as
@<:@default=platform dependent@:>@])],
2009-07-16 05:25:01 +08:00
[QEMU_GROUP=${withval}],
2012-12-12 15:44:21 +08:00
[QEMU_GROUP=${default_qemu_group}])
2009-07-16 05:25:01 +08:00
AC_DEFINE_UNQUOTED([QEMU_USER], ["$QEMU_USER"], [QEMU user account])
AC_DEFINE_UNQUOTED([QEMU_GROUP], ["$QEMU_GROUP"], [QEMU group account])
2010-02-13 01:03:07 +08:00
AC_ARG_WITH([macvtap],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-macvtap],
[enable macvtap device @<:@default=check@:>@])],
2010-02-13 01:03:07 +08:00
[with_macvtap=${withval}],
[with_macvtap=check])
2010-09-29 19:56:26 +08:00
AC_MSG_CHECKING([whether to compile with macvtap support])
2010-02-13 01:03:07 +08:00
if test "$with_macvtap" != "no" ; then
2010-03-09 21:14:48 +08:00
AC_TRY_COMPILE([ #include <sys/socket.h>
#include <linux/rtnetlink.h> ],
2012-04-15 01:18:03 +08:00
[ int x = MACVLAN_MODE_BRIDGE;
int y = IFLA_VF_MAX; ],
2010-02-13 01:03:07 +08:00
[ with_macvtap=yes ],
[ if test "$with_macvtap" = "yes" ; then
AC_MSG_ERROR([Installed linux headers don't show support for macvtap device.])
fi
with_macvtap=no ])
if test "$with_macvtap" = "yes" ; then
val=1
else
val=0
fi
AC_DEFINE_UNQUOTED([WITH_MACVTAP], $val, [whether macvtap support is enabled])
fi
AM_CONDITIONAL([WITH_MACVTAP], [test "$with_macvtap" = "yes"])
2010-09-29 19:56:26 +08:00
AC_MSG_RESULT([$with_macvtap])
2011-05-17 19:26:09 +08:00
if test "$with_macvtap" = yes; then
AC_CHECK_DECLS([MACVLAN_MODE_PASSTHRU], [], [], [[
#include <sys/socket.h>
#include <linux/if_link.h>
]])
fi
2010-02-13 01:03:07 +08:00
2010-09-29 19:56:26 +08:00
AC_ARG_WITH([virtualport],
2013-09-06 05:24:55 +08:00
[AS_HELP_STRING([--with-virtualport],
[enable virtual port support @<:@default=check@:>@])],
2010-09-29 19:56:26 +08:00
[with_virtualport=${withval}],
[with_virtualport=check])
2010-09-29 22:14:07 +08:00
dnl Warn the user and error out if they requested virtualport support with configure
dnl options, but the required macvtap support isn't available
if test "$with_virtualport" = "yes"; then
2010-09-29 19:56:26 +08:00
if test "$with_macvtap" = "no"; then
AC_MSG_ERROR([--with-virtualport requires --with-macvtap])
fi
2010-09-29 22:14:07 +08:00
fi
dnl virtualport checks
if test "$with_macvtap" != "yes"; then
with_virtualport=no
fi
if test "$with_virtualport" != "no"; then
2010-09-29 19:56:26 +08:00
AC_MSG_CHECKING([whether to compile with virtual port support])
AC_TRY_COMPILE([ #include <sys/socket.h>
#include <linux/rtnetlink.h> ],
[ int x = IFLA_PORT_MAX; ],
[ with_virtualport=yes ],
[ if test "$with_virtualport" = "yes" ; then
AC_MSG_ERROR([Installed linux headers don't show support for virtual port support.])
fi
with_virtualport=no ])
if test "$with_virtualport" = "yes"; then
val=1
else
val=0
fi
AC_DEFINE_UNQUOTED([WITH_VIRTUALPORT], $val,
[whether vsi vepa support is enabled])
AC_MSG_RESULT([$with_virtualport])
add 802.1Qbh and 802.1Qbg handling
This patch that adds support for configuring 802.1Qbg and 802.1Qbh
switches. The 802.1Qbh part has been successfully tested with real
hardware. The 802.1Qbg part has only been tested with a (dummy)
server that 'behaves' similarly to how we expect lldpad to 'behave'.
The following changes were made during the development of this patch:
- Merging Scott's v13-pre1 patch
- Fixing endptr related bug while using virStrToLong_ui() pointed out
by Jim Meyering
- Addressing Jim Meyering's comments to v11
- requiring mac address to the vpDisassociateProfileId() function to
pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched)
- determining pid of lldpad daemon by reading it from /var/run/libvirt.pid
(hardcode as is hardcode alson in lldpad sources)
- merging netlink send code for kernel target and user space target
(lldpad) using one function nlComm() to send the messages
- adding a select() after the sending and before the reading of the
netlink response in case lldpad doesn't respond and so we don't hang
- when reading the port status, in case of 802.1Qbg, no status may be
received while things are 'in progress' and only at the end a status
will be there.
- when reading the port status, use the given instanceId and vf to pick
the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS.
- never sending nor parsing IFLA_PORT_SELF type of messages in the
802.1Qbg case
- iterating over the elements in a IFLA_VF_PORTS to pick the right
IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId
(802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg)
and reading the current status in IFLA_PORT_RESPONSE.
- recycling a previous patch that adds functionality to interface.c to
- get the vlan identifier on an interface
- get the flags of an interface and some convenience function to
check whether an interface is 'up' or not (not currently used here)
- adding function to determine the root physical interface of an
interface. For example if a macvtap is linked to eth0.100, it will
find eth0. Also adding a function that finds the vlan on the 'way to
the root physical interface'
- conveying the root physical interface name and index in case of 802.1Qbg
- conveying mac address of macvlan device and vlan identifier in
IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ]
to (future) lldpad via netlink
- To enable build with --without-macvtap rename the
[dis|]associatePortProfileId functions, prepend 'vp' before their
name and make them non-static functions.
- Renaming variable multicast to nltarget_kernel and inverting
the logic
- Addressing Jim Meyering's comments; this also touches existing
code for example for correcting indentation of break statements or
simplification of switch statements.
- Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses
- 802.1Qbg part prepared for sending a RTM_SETLINK and getting
processing status back plus a subsequent RTM_GETLINK to
get IFLA_PORT_RESPONSE.
Note: This interface for 802.1Qbg may still change
- [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid
compiler
warning when latest if_link.h isn't available
- move from Stefan's 802.1Qb{g|h} XML v8 to v9
- move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh
- remove debug fprintfs
- use virGetHostUUID (thanks Stefan!)
- fix compile issue when latest if_link.h isn't available
- change poll timeout to 10s, at 1/8 intervals
- if polling times out, log msg and return -ETIMEDOUT
- Add Stefan's code for getPortProfileStatus
- Poll for up to 2 secs for port-profile status, at 1/8 sec intervals:
- if status indicates error, abort openMacvtapTap
- if status indicates success, exit polling
- if status is "in-progress" after 2 secs of polling, exit
polling loop silently, without error
My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete.
I've tested using the recent kernel updates for VF_PORT netlink msgs and
enic for Cisco's 10G Ethernet NIC. I tested many VMs, each with several
direct interfaces, each configured with a port-profile per the XML. VM-to-VM,
and VM-to-external work as expected. VM-to-VM on same host (using same NIC)
works same as VM-to-VM where VMs are on diff hosts. I'm able to change
settings on the port-profile while the VM is running to change the virtual
port behaviour. For example, adjusting a QoS setting like rate limit. All
VMs with interfaces using that port-profile immediatly see the effect of the
change to the port-profile.
I don't have a SR-IOV device to test so source dev is a non-SR-IOV device,
but most of the code paths include support for specifing the source dev and
VF index. We'll need to complete this by discovering the PF given the VF
linkdev. Once we have the PF, we'll also have the VF index. All this info-
mation is available from sysfs.
2010-06-03 09:35:22 +08:00
fi
AM_CONDITIONAL([WITH_VIRTUALPORT], [test "$with_virtualport" = "yes"])
2014-02-10 22:08:26 +08:00
dnl GET_VLAN_VID_CMD is required for virNetDevGetVLanID
AC_CHECK_DECLS([GET_VLAN_VID_CMD], [], [], [[#include <linux/if_vlan.h>]])
2010-02-13 01:03:07 +08:00
2010-05-26 03:31:38 +08:00
dnl netlink library
2011-06-23 23:51:00 +08:00
have_libnl=no
2010-05-26 03:31:38 +08:00
2011-06-23 23:51:00 +08:00
if test "$with_linux" = "yes"; then
2012-09-08 06:38:52 +08:00
# When linking with netcf, we must ensure that we pick the same version
# of libnl that netcf picked. Prefer libnl-3 unless we can prove
# netcf linked against libnl-1, or unless the user set LIBNL_CFLAGS.
# (Setting LIBNL_CFLAGS is already used by PKG_CHECK_MODULES to
# override any probing, so if it set, you know which libnl is in use.)
libnl_ldd=
2012-09-13 20:27:07 +08:00
for dir in /usr/lib64 /usr/lib /usr/lib/*-linux-gnu*; do
2012-09-08 06:38:52 +08:00
if test -f $dir/libnetcf.so; then
libnl_ldd=`(ldd $dir/libnetcf.so) 2>&1`
break
fi
done
2013-09-05 05:12:48 +08:00
case $libnl_ldd:${LIBNL_CFLAGS+set} in
*libnl-3.so.*:) LIBNL_REQUIRED=3.0 ;;
esac
2012-09-08 06:38:52 +08:00
case $libnl_ldd:${LIBNL_CFLAGS+set} in
2012-09-13 20:32:41 +08:00
*libnl.so.1*:) ;;
2012-09-08 06:38:52 +08:00
*)
PKG_CHECK_MODULES([LIBNL], [libnl-3.0], [
have_libnl=yes
AC_DEFINE([HAVE_LIBNL3], [1], [Use libnl-3.0])
AC_DEFINE([HAVE_LIBNL], [1], [whether the netlink library is available])
PKG_CHECK_MODULES([LIBNL_ROUTE3], [libnl-route-3.0])
LIBNL_CFLAGS="$LIBNL_CFLAGS $LIBNL_ROUTE3_CFLAGS"
LIBNL_LIBS="$LIBNL_LIBS $LIBNL_ROUTE3_LIBS"
2012-09-13 20:32:41 +08:00
], [:]) ;;
2012-09-08 06:38:52 +08:00
esac
if test "$have_libnl" = no; then
PKG_CHECK_MODULES([LIBNL], [libnl-1 >= $LIBNL_REQUIRED], [
2012-05-04 00:10:50 +08:00
have_libnl=yes
AC_DEFINE_UNQUOTED([HAVE_LIBNL], [1],
[whether the netlink library is available])
AC_DEFINE_UNQUOTED([HAVE_LIBNL1], [1],
[whether the netlink v1 library is available])
], [
if test "$with_macvtap" = "yes"; then
AC_MSG_ERROR([libnl-devel >= $LIBNL_REQUIRED is required for macvtap support])
fi
])
2012-09-08 06:38:52 +08:00
fi
2010-05-26 03:31:38 +08:00
fi
2011-06-23 23:51:00 +08:00
AM_CONDITIONAL([HAVE_LIBNL], [test "$have_libnl" = "yes"])
2010-05-26 03:31:38 +08:00
AC_SUBST([LIBNL_CFLAGS])
AC_SUBST([LIBNL_LIBS])
2014-01-16 01:06:58 +08:00
dnl wireshark dissector
AC_ARG_WITH([wireshark-dissector],
[AS_HELP_STRING([--with-wireshark-dissector],
[enable wireshark dissector plugin support @<:@default=check@:>@])],
[ with_wireshark_dissector=$withval ],
[ with_wireshark_dissector=check ])
AC_DEFUN([LIBVIRT_WS_HANDLE_ERROR], [
if test "$with_wireshark_dissector" = "yes"; then
AC_MSG_ERROR([$1])
else
with_wireshark_dissector=no
fi
])
if test "$with_wireshark_dissector" != "no"; then
dnl Check for XDR headers existence
AC_CHECK_HEADERS([rpc/types.h])
dnl Check for glib-2.0 existence
PKG_CHECK_MODULES([GLIB], [glib-2.0], [
WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS `$PKG_CONFIG --cflags glib-2.0`"
], [
LIBVIRT_WS_HANDLE_ERROR([pkg-config 'glib-2.0' is required for wireshark-dissector support])
])
dnl Search for wireshark(or tshark) command
AC_PATH_PROG([WIRESHARK], [wireshark])
AC_PATH_PROG([WIRESHARK], [tshark])
if test -z "$WIRESHARK"; then
LIBVIRT_WS_HANDLE_ERROR([command not found wireshark or tshark])
else
dnl Check for wireshark headers
save_CPPFLAGS="$CPPFLAGS"
WS_DISSECTOR_CPPFLAGS="$WS_DISSECTOR_CPPFLAGS -I`dirname $WIRESHARK`/../include/wireshark"
CPPFLAGS="$CPPFLAGS $WS_DISSECTOR_CPPFLAGS"
AC_CHECK_HEADERS([wireshark/config.h],, [
LIBVIRT_WS_HANDLE_ERROR([wireshark/config.h is required for wireshark-dissector support])
])
AC_CHECK_HEADERS([wireshark/epan/packet.h wireshark/epan/dissectors/packet-tcp.h],, [
LIBVIRT_WS_HANDLE_ERROR([wireshark/epan/{packet,packet-tcp}.h are required for wireshark-dissector support])
], [
#include <wireshark/config.h>
])
CPPFLAGS="$save_CPPFLAGS"
fi
if test "$with_wireshark_dissector" != "no"; then
with_wireshark_dissector=yes
fi
fi
AC_SUBST([WS_DISSECTOR_CPPFLAGS])
AM_CONDITIONAL([WITH_WIRESHARK_DISSECTOR], [test "$with_wireshark_dissector" = "yes"])
AC_ARG_WITH([ws-plugindir],
[AS_HELP_STRING([--with-ws-plugindir],
2014-02-05 03:37:15 +08:00
[wireshark plugins directory for use when installing wireshark plugin])],
[ws_plugindir=$withval])
2014-01-16 01:06:58 +08:00
if test "$with_wireshark_dissector" != "no" && test -z "$ws_plugindir"; then
ws_version=`$WIRESHARK -v | head -1 | cut -f 2 -d' '`
2014-01-22 00:06:37 +08:00
ws_plugindir="$libdir/wireshark/plugins/$ws_version"
2014-01-16 01:06:58 +08:00
fi
AC_SUBST([ws_plugindir])
2013-04-27 23:50:19 +08:00
# Check for Linux vs. BSD ifreq members
AC_CHECK_MEMBERS([struct ifreq.ifr_newname,
struct ifreq.ifr_ifindex,
struct ifreq.ifr_index],
[], [],
[#include <sys/socket.h>
#include <net/if.h>
])
2013-07-18 02:02:17 +08:00
2013-05-03 21:35:20 +08:00
# Check for BSD approach for setting MAC addr
2013-07-18 02:02:17 +08:00
AC_LINK_IFELSE([AC_LANG_PROGRAM(
[[
#include <sys/types.h>
#include <sys/socket.h>
#include <net/if_dl.h>
]],
[[
2013-07-24 21:02:00 +08:00
link_addr(0, 0)]])],
2013-07-18 02:02:17 +08:00
[AC_DEFINE([HAVE_DECL_LINK_ADDR],
[1],
[whether link_addr is available])])
2013-05-03 21:35:20 +08:00
2013-06-20 00:47:31 +08:00
# Check for BSD approach for bridge management
AC_CHECK_DECLS([BRDGSFD, BRDGADD, BRDGDEL],
[AC_DEFINE([HAVE_BSD_BRIDGE_MGMT],
[1],
[whether BSD style bridge management is available])],
[],
2013-07-10 17:38:06 +08:00
[#include <stdint.h>
#include <net/if.h>
2013-06-20 00:47:31 +08:00
#include <net/ethernet.h>
#include <net/if_bridgevar.h>
])
2014-01-30 02:31:44 +08:00
# Check for BSD CPU affinity availability
AC_CHECK_DECLS([cpuset_getaffinity],
[AC_DEFINE([HAVE_BSD_CPU_AFFINITY],
[1],
[whether BSD CPU affinity management is available])],
[],
[#include <sys/param.h>
#include <sys/cpuset.h>
])
2014-04-21 18:59:58 +08:00
# Check for BSD kvm (kernel memory interface)
if test $with_freebsd = yes; then
AC_CHECK_LIB([kvm], [kvm_getprocs], [],
[AC_MSG_ERROR([BSD kernel memory interface library is required to build on FreeBSD])]
)
fi
2014-07-06 17:53:40 +08:00
# FreeBSD 10-STABLE requires _IFI_OQDROPS to be defined for if_data.ifi_oqdrops
# field be available
old_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -D_IFI_OQDROPS"
AC_CHECK_MEMBERS([struct if_data.ifi_oqdrops],
[],
[CFLAGS="$old_CFLAGS"],
[#include <net/if.h>
])
2013-08-11 21:54:48 +08:00
# Check if we need to look for ifconfig
if test "$want_ifconfig" = "yes"; then
AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])
if test -z "$IFCONFIG_PATH"; then
AC_MSG_ERROR([Failed to find ifconfig.])
fi
AC_DEFINE_UNQUOTED([IFCONFIG_PATH], "$IFCONFIG_PATH", [path to ifconfig binary])
fi
2010-04-07 23:02:25 +08:00
# Detect when running under the clang static analyzer's scan-build driver
# or Coverity-prevent's cov-build. Define STATIC_ANALYSIS accordingly.
2011-08-03 02:25:58 +08:00
AC_CACHE_CHECK([whether this build is done by a static analysis tool],
[lv_cv_static_analysis], [
lv_cv_static_analysis=no
if test -n "${CCC_ANALYZER_ANALYSIS+set}" || \
test -n "$COVERITY_BUILD_COMMAND$COVERITY_LD_PRELOAD"; then
lv_cv_static_analysis=yes
fi
])
2011-06-04 03:43:15 +08:00
t=0
2011-08-03 02:25:58 +08:00
test "x$lv_cv_static_analysis" = xyes && t=1
2010-04-07 23:02:25 +08:00
AC_DEFINE_UNQUOTED([STATIC_ANALYSIS], [$t],
[Define to 1 when performing static analysis.])
2012-08-02 21:21:00 +08:00
# Some GNULIB base64 symbols clash with a kerberos library
AC_DEFINE_UNQUOTED([isbase64],[libvirt_gl_isbase64],[Hack to avoid symbol clash])
AC_DEFINE_UNQUOTED([base64_encode],[libvirt_gl_base64_encode],[Hack to avoid symbol clash])
AC_DEFINE_UNQUOTED([base64_encode_alloc],[libvirt_gl_base64_encode_alloc],[Hack to avoid symbol clash])
2012-09-14 17:08:54 +08:00
AC_CONFIG_FILES([run],
[chmod +x,-w run])
2013-08-01 04:52:16 +08:00
AC_CONFIG_FILES([\
Makefile src/Makefile include/Makefile docs/Makefile \
docs/schemas/Makefile \
gnulib/lib/Makefile \
gnulib/tests/Makefile \
2014-06-21 00:47:15 +08:00
libvirt.pc \
libvirt-qemu.pc \
libvirt-lxc.pc \
2014-06-21 00:48:12 +08:00
src/libvirt.pc \
src/libvirt-qemu.pc \
src/libvirt-lxc.pc \
2014-06-21 00:47:15 +08:00
libvirt.spec mingw-libvirt.spec \
2013-08-01 04:52:16 +08:00
po/Makefile.in \
include/libvirt/Makefile include/libvirt/libvirt.h \
daemon/Makefile \
tools/Makefile \
tests/Makefile \
examples/apparmor/Makefile \
2013-12-11 23:11:18 +08:00
examples/object-events/Makefile \
2013-12-13 19:54:10 +08:00
examples/domsuspend/Makefile \
2013-08-01 04:52:16 +08:00
examples/dominfo/Makefile \
2014-04-12 02:44:32 +08:00
examples/dommigrate/Makefile \
2014-07-14 21:09:51 +08:00
examples/domtop/Makefile \
2013-08-01 04:52:16 +08:00
examples/openauth/Makefile \
examples/hellolibvirt/Makefile \
examples/systemtap/Makefile \
2014-01-16 01:06:58 +08:00
examples/xml/nwfilter/Makefile \
2014-06-17 15:26:22 +08:00
examples/lxcconvert/Makefile \
2014-01-16 01:06:58 +08:00
tools/wireshark/Makefile \
tools/wireshark/src/Makefile])
2013-08-01 04:52:16 +08:00
AC_OUTPUT
2007-09-19 07:36:30 +08:00
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Configuration summary])
AC_MSG_NOTICE([=====================])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Drivers])
AC_MSG_NOTICE([])
2012-08-01 02:56:05 +08:00
AC_MSG_NOTICE([ Xen: $with_xen])
AC_MSG_NOTICE([ QEMU: $with_qemu])
AC_MSG_NOTICE([ UML: $with_uml])
AC_MSG_NOTICE([ OpenVZ: $with_openvz])
AC_MSG_NOTICE([ VMware: $with_vmware])
AC_MSG_NOTICE([ VBox: $with_vbox])
AC_MSG_NOTICE([ XenAPI: $with_xenapi])
AC_MSG_NOTICE([ xenlight: $with_libxl])
AC_MSG_NOTICE([ LXC: $with_lxc])
AC_MSG_NOTICE([ PHYP: $with_phyp])
AC_MSG_NOTICE([ ESX: $with_esx])
AC_MSG_NOTICE([ Hyper-V: $with_hyperv])
AC_MSG_NOTICE([Parallels: $with_parallels])
2014-02-18 18:08:10 +08:00
LIBVIRT_DRIVER_RESULT_BHYVE
2012-08-01 02:56:05 +08:00
AC_MSG_NOTICE([ Test: $with_test])
AC_MSG_NOTICE([ Remote: $with_remote])
AC_MSG_NOTICE([ Network: $with_network])
AC_MSG_NOTICE([ Libvirtd: $with_libvirtd])
2012-09-18 09:27:06 +08:00
AC_MSG_NOTICE([Interface: $with_interface])
2012-08-01 02:56:05 +08:00
AC_MSG_NOTICE([ macvtap: $with_macvtap])
AC_MSG_NOTICE([ virtport: $with_virtualport])
2007-09-19 07:36:30 +08:00
AC_MSG_NOTICE([])
2008-02-20 23:42:30 +08:00
AC_MSG_NOTICE([Storage Drivers])
AC_MSG_NOTICE([])
2008-09-05 20:03:45 +08:00
AC_MSG_NOTICE([ Dir: $with_storage_dir])
2008-02-20 23:42:30 +08:00
AC_MSG_NOTICE([ FS: $with_storage_fs])
AC_MSG_NOTICE([ NetFS: $with_storage_fs])
2008-02-20 23:45:33 +08:00
AC_MSG_NOTICE([ LVM: $with_storage_lvm])
2008-02-20 23:49:25 +08:00
AC_MSG_NOTICE([ iSCSI: $with_storage_iscsi])
2009-04-02 00:03:22 +08:00
AC_MSG_NOTICE([ SCSI: $with_storage_scsi])
2009-09-08 21:47:45 +08:00
AC_MSG_NOTICE([ mpath: $with_storage_mpath])
2008-02-20 23:52:17 +08:00
AC_MSG_NOTICE([ Disk: $with_storage_disk])
2012-05-14 17:06:42 +08:00
AC_MSG_NOTICE([ RBD: $with_storage_rbd])
2012-07-19 03:06:58 +08:00
AC_MSG_NOTICE([Sheepdog: $with_storage_sheepdog])
2013-11-20 07:26:05 +08:00
AC_MSG_NOTICE([ Gluster: $with_storage_gluster])
2014-07-21 22:38:42 +08:00
AC_MSG_NOTICE([ ZFS: $with_storage_zfs])
2008-02-20 23:42:30 +08:00
AC_MSG_NOTICE([])
2009-03-03 18:06:49 +08:00
AC_MSG_NOTICE([Security Drivers])
AC_MSG_NOTICE([])
2012-03-26 23:39:30 +08:00
AC_MSG_NOTICE([ SELinux: $with_secdriver_selinux ($SELINUX_MOUNT)])
2014-01-07 01:27:31 +08:00
AC_MSG_NOTICE([AppArmor: $with_secdriver_apparmor (install profiles: $with_apparmor_profiles)])
2009-03-03 18:06:49 +08:00
AC_MSG_NOTICE([])
2008-11-21 20:16:08 +08:00
AC_MSG_NOTICE([Driver Loadable Modules])
AC_MSG_NOTICE([])
if test "$with_driver_modules" != "no" ; then
2010-02-24 19:04:27 +08:00
AC_MSG_NOTICE([ dlopen: $DRIVER_MODULE_CFLAGS $DRIVER_MODULE_LIBS])
2008-11-21 20:16:08 +08:00
else
AC_MSG_NOTICE([ dlopen: no])
fi
2009-08-05 16:43:37 +08:00
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Libraries])
AC_MSG_NOTICE([])
2012-09-20 20:28:45 +08:00
LIBVIRT_RESULT_APPARMOR
2012-09-19 21:00:34 +08:00
LIBVIRT_RESULT_ATTR
2012-09-20 20:12:40 +08:00
LIBVIRT_RESULT_AUDIT
2012-09-20 22:22:09 +08:00
LIBVIRT_RESULT_AVAHI
2012-09-20 22:52:14 +08:00
LIBVIRT_RESULT_BLKID
2012-09-20 20:58:37 +08:00
LIBVIRT_RESULT_CAPNG
2013-01-09 05:31:58 +08:00
LIBVIRT_RESULT_CURL
2012-09-20 22:12:08 +08:00
LIBVIRT_RESULT_DBUS
2013-01-09 05:06:57 +08:00
LIBVIRT_RESULT_FUSE
2013-11-20 07:26:05 +08:00
LIBVIRT_RESULT_GLUSTER
2012-09-20 22:39:12 +08:00
LIBVIRT_RESULT_HAL
2012-09-20 22:14:52 +08:00
LIBVIRT_RESULT_NETCF
2012-09-20 20:47:23 +08:00
LIBVIRT_RESULT_NUMACTL
2013-01-09 06:08:53 +08:00
LIBVIRT_RESULT_OPENWSMAN
2012-09-20 22:34:13 +08:00
LIBVIRT_RESULT_PCIACCESS
2013-05-02 10:54:57 +08:00
LIBVIRT_RESULT_READLINE
2012-09-20 20:04:57 +08:00
LIBVIRT_RESULT_SANLOCK
2012-09-20 20:06:12 +08:00
LIBVIRT_RESULT_SASL
2012-09-20 20:21:48 +08:00
LIBVIRT_RESULT_SELINUX
2013-01-09 05:47:55 +08:00
LIBVIRT_RESULT_SSH2
2014-02-21 20:06:42 +08:00
LIBVIRT_RESULT_SYSTEMD_DAEMON
2012-09-20 22:34:13 +08:00
LIBVIRT_RESULT_UDEV
2012-09-20 20:03:27 +08:00
LIBVIRT_RESULT_YAJL
2009-08-05 16:43:37 +08:00
AC_MSG_NOTICE([ libxml: $LIBXML_CFLAGS $LIBXML_LIBS])
2011-06-10 03:47:43 +08:00
AC_MSG_NOTICE([ dlopen: $DLOPEN_LIBS])
2011-07-13 22:05:18 +08:00
if test "$with_hyperv" = "yes" ; then
AC_MSG_NOTICE([openwsman: $OPENWSMAN_CFLAGS $OPENWSMAN_LIBS])
else
AC_MSG_NOTICE([openwsman: no])
fi
2013-01-07 22:54:18 +08:00
if test "$with_gnutls" != "no" ; then
2007-09-20 01:42:40 +08:00
AC_MSG_NOTICE([ gnutls: $GNUTLS_CFLAGS $GNUTLS_LIBS])
2013-01-07 22:54:18 +08:00
else
AC_MSG_NOTICE([ gnutls: no])
fi
network: use firewalld instead of iptables, when available
* configure.ac, spec file: firewalld defaults to enabled if dbus is
available, otherwise is disabled. If --with_firewalld is explicitly
requested and dbus is not available, configure will fail.
* bridge_driver: add dbus filters to get the FirewallD1.Reloaded
signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1.
When these are encountered, reload all the iptables reuls of all
libvirt's virtual networks (similar to what happens when libvirtd is
restarted).
* iptables, ebtables: use firewall-cmd's direct passthrough interface
when available, otherwise use iptables and ebtables commands. This
decision is made once the first time libvirt calls
iptables/ebtables, and that decision is maintained for the life of
libvirtd.
* Note that the nwfilter part of this patch was separated out into
another patch by Stefan in V2, so that needs to be revised and
re-reviewed as well.
================
All the configure.ac and specfile changes are unchanged from Thomas'
V3.
V3 re-ran "firewall-cmd --state" every time a new rule was added,
which was extremely inefficient. V4 uses VIR_ONCE_GLOBAL_INIT to set
up a one-time initialization function.
The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called
vir(Ip|Eb)OnceInit(), which will then be called the first time that
the static function vir(Ip|Eb)TablesInitialize() is called (that
function is defined for you by the macro). This is
thread-safe, so there is no chance of any race.
IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init
functions (one for iptables, on for ebtables) as VIR_WARN so that I
don't have to turn on all the other debug message just to see
these. Even if this patch doesn't need any other modification, those
messages need to be changed to VIR_DEBUG before pushing.
This one-time initialization works well. However, I've encountered
problems with testing:
1) Whenever I have enabled the firewalld service, *all* attempts to
call firewall-cmd from within libvirtd end with firewall-cmd hanging
internally somewhere. This is *not* the case if firewall-cmd returns
non-0 in response to "firewall-cmd --state" (i.e. *that* command runs
and returns to libvirt successfully.)
2) If I start libvirtd while firewalld is stopped, then start
firewalld later, this triggers libvirtd to reload its iptables rules,
however it also spits out a *ton* of complaints about deletion failing
(I suppose because firewalld has nuked all of libvirt's rules). I
guess we need to suppress those messages (which is a more annoying
problem to fix than you might think, but that's another story).
3) I noticed a few times during this long line of errors that
firewalld made a complaint about "Resource Temporarily
unavailable. Having libvirtd access iptables commands directly at the
same time as firewalld is doing so is apparently problematic.
4) In general, I'm concerned about the "set it once and never change
it" method - if firewalld is disabled at libvirtd startup, causing
libvirtd to always use iptables/ebtables directly, this won't cause
*terrible* problems, but if libvirtd decides to use firewall-cmd and
firewalld is later disabled, libvirtd will not be able to recover.
2012-08-15 02:59:52 +08:00
AC_MSG_NOTICE([firewalld: $with_firewalld])
2007-12-06 02:21:27 +08:00
if test "$with_polkit" = "yes" ; then
2009-08-06 20:54:08 +08:00
if test "$with_polkit0" = "yes" ; then
AC_MSG_NOTICE([ polkit: $POLKIT_CFLAGS $POLKIT_LIBS (version 0)])
else
AC_MSG_NOTICE([ polkit: $PKCHECK_PATH (version 1)])
fi
2007-12-06 02:21:27 +08:00
else
AC_MSG_NOTICE([ polkit: no])
fi
2008-11-05 07:37:23 +08:00
if test "$with_xen" = "yes" ; then
2009-01-20 20:25:40 +08:00
AC_MSG_NOTICE([ xen: $XEN_CFLAGS $XEN_LIBS])
2008-11-05 07:37:23 +08:00
else
2009-01-20 20:25:40 +08:00
AC_MSG_NOTICE([ xen: no])
2008-11-05 07:37:23 +08:00
fi
2010-03-14 19:11:51 +08:00
if test "$with_xenapi" = "yes" ; then
AC_MSG_NOTICE([ xenapi: $LIBXENSERVER_CFLAGS $LIBXENSERVER_LIBS])
else
AC_MSG_NOTICE([ xenapi: no])
fi
2011-02-11 06:42:34 +08:00
if test "$with_libxl" = "yes" ; then
2011-03-25 23:04:51 +08:00
AC_MSG_NOTICE([xenlight: $LIBXL_CFLAGS $LIBXL_LIBS])
2011-02-11 06:42:34 +08:00
else
2011-03-25 23:04:51 +08:00
AC_MSG_NOTICE([xenlight: no])
2011-02-11 06:42:34 +08:00
fi
2010-12-13 21:44:46 +08:00
if test "$with_qemu" = "yes" && test "$LIBPCAP_FOUND" != "no"; then
nwfilter: Support for learning a VM's IP address
This patch implements support for learning a VM's IP address. It uses
the pcap library to listen on the VM's backend network interface (tap)
or the physical ethernet device (macvtap) and tries to capture packets
with source or destination MAC address of the VM and learn from DHCP
Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
the VM's interface is. This then allows to instantiate the network
traffic filtering rules without the user having to provide the IP
parameter somewhere in the filter description or in the interface
description as a parameter. This only supports to detect the parameter
IP, which is for the assumed single IPv4 address of a VM. There is not
support for interfaces that may have multiple IP addresses (IP
aliasing) or IPv6 that may then require more than one valid IP address
to be detected. A VM can have multiple independent interfaces that each
uses a different IP address and in that case it will be attempted to
detect each one of the address independently.
So, when for example an interface description in the domain XML has
looked like this up to now:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'>
<parameter name='IP' value='10.2.3.4'/>
</filterref>
</interface>
you may omit the IP parameter:
<interface type='bridge'>
<source bridge='mybridge'/>
<model type='virtio'/>
<filterref filter='clean-traffic'/>
</interface>
Internally I am walking the 'tree' of a VM's referenced network filters
and determine with the given variables which variables are missing. Now,
the above IP parameter may be missing and this causes a libvirt-internal
thread to be started that uses the pcap library's API to listen to the
backend interface (in case of macvtap to the physical interface) in an
attempt to determine the missing IP parameter. If the backend interface
disappears the thread terminates assuming the VM was brought down. In
case of a macvtap device a timeout is being used to wait for packets
from the given VM (filtering by VM's interface MAC address). If the VM's
macvtap device disappeared the thread also terminates. In all other
cases it tries to determine the IP address of the VM and will then apply
the rules late on the given interface, which would have happened
immediately if the IP parameter had been explicitly given. In case an
error happens while the firewall rules are applied, the VM's backend
interface is 'down'ed preventing it to communicate. Reasons for failure
for applying the network firewall rules may that an ebtables/iptables
command failes or OOM errors. Essentially the same failure reasons may
occur as when the firewall rules are applied immediately on VM start,
except that due to the late application of the filtering rules the VM
now is already running and cannot be hindered anymore from starting.
Bringing down the whole VM would probably be considered too drastic.
While a VM's IP address is attempted to be determined only limited
updates to network filters are allowed. In particular it is prevented
that filters are modified in such a way that they would introduce new
variables.
A caveat: The algorithm does not know which one is the appropriate IP
address of a VM. If the VM spoofs an IP address in its first ARP traffic
or IPv4 packets its filtering rules will be instantiated for this IP
address, thus 'locking' it to the found IP address. So, it's still
'safer' to explicitly provide the IP address of a VM's interface in the
filter description if it is known beforehand.
* configure.ac: detect libpcap
* libvirt.spec.in: require libpcap[-devel] if qemu is built
* src/internal.h: add the new ATTRIBUTE_PACKED define
* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
src/nwfilter/nwfilter_ebiptables_driver.[ch]
src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
* tests/nwfilterxml2xmltest: extend testing
2010-04-08 05:02:18 +08:00
AC_MSG_NOTICE([ pcap: $LIBPCAP_CFLAGS $LIBPCAP_LIBS])
else
AC_MSG_NOTICE([ pcap: no])
fi
2011-06-23 23:51:00 +08:00
if test "$have_libnl" = "yes" ; then
2010-05-26 03:31:38 +08:00
AC_MSG_NOTICE([ nl: $LIBNL_CFLAGS $LIBNL_LIBS])
else
AC_MSG_NOTICE([ nl: no])
fi
2010-12-15 06:07:57 +08:00
if test "$with_vbox" = "yes" && test -n "$MSCOM_LIBS" ; then
AC_MSG_NOTICE([ mscom: $MSCOM_LIBS])
else
AC_MSG_NOTICE([ mscom: no])
fi
2010-12-08 11:35:08 +08:00
if test "$with_remote" = "yes" || test "$with_libvirtd" = "yes" ; then
AC_MSG_NOTICE([ xdr: $XDR_CFLAGS])
else
AC_MSG_NOTICE([ xdr: no])
fi
2012-07-16 01:18:44 +08:00
if test "$with_storage_rbd" = "yes" ; then
AC_MSG_NOTICE([ rbd: $LIBRBD_LIBS])
else
AC_MSG_NOTICE([ rbd: no])
fi
2014-04-11 15:20:48 +08:00
AC_MSG_NOTICE([pm-utils: $with_pm_utils])
2012-07-16 01:18:44 +08:00
2007-09-19 07:36:30 +08:00
AC_MSG_NOTICE([])
2008-05-29 23:13:07 +08:00
AC_MSG_NOTICE([Test suite])
AC_MSG_NOTICE([])
2009-01-20 20:25:40 +08:00
AC_MSG_NOTICE([ Coverage: $enable_coverage])
2008-05-29 23:13:07 +08:00
AC_MSG_NOTICE([ Alloc OOM: $enable_oom])
AC_MSG_NOTICE([])
2007-09-19 07:36:30 +08:00
AC_MSG_NOTICE([Miscellaneous])
AC_MSG_NOTICE([])
2013-01-02 23:38:52 +08:00
AC_MSG_NOTICE([ Debug: $enable_debug])
AC_MSG_NOTICE([ Use -Werror: $set_werror])
AC_MSG_NOTICE([ Warning Flags: $WARN_CFLAGS])
AC_MSG_NOTICE([ DTrace: $with_dtrace])
AC_MSG_NOTICE([ numad: $with_numad])
AC_MSG_NOTICE([ XML Catalog: $XML_CATALOG_FILE])
AC_MSG_NOTICE([ Init script: $with_init_script])
AC_MSG_NOTICE([Char device locks: $with_chrdev_lock_files])
2007-09-19 07:36:30 +08:00
AC_MSG_NOTICE([])
2014-01-16 01:06:58 +08:00
AC_MSG_NOTICE([Developer Tools])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([Wireshark dissector: $with_wireshark_dissector])
AC_MSG_NOTICE([])
2009-07-16 05:25:01 +08:00
AC_MSG_NOTICE([Privileges])
AC_MSG_NOTICE([])
AC_MSG_NOTICE([ QEMU: $QEMU_USER:$QEMU_GROUP])
2009-07-24 22:17:06 +08:00
AC_MSG_NOTICE([])