From 07450cd42951d5007ab28d8e522f65d948181674 Mon Sep 17 00:00:00 2001 From: Laine Stump Date: Tue, 23 Sep 2014 14:19:08 -0400 Subject: [PATCH] conf: add trustGuestRxFilters attribute to network and domain interface This new attribute will control whether or not libvirt will pay attention to guest notifications about changes to network device mac addresses and receive filters. The default for this is 'no' (for security reasons). If it is set to 'yes' *and* the specified device model and connection support it (currently only macvtap+virtio) then libvirt will watch for NIC_RX_FILTER_CHANGED events, and when it receives one, it will issue a query-rx-filter command, retrieve the result, and modify the host-side macvtap interface's mac address and unicast/multicast filters accordingly. The functionality behind this attribute will be in a later patch. This patch merely adds the attribute to the top-level of a domain's as well as to and , and adds documentation and schema/xml2xml tests. Rather than adding even more test files, I've just added the net attribute in various applicable places of existing test files. --- docs/formatdomain.html.in | 40 ++++++++++++++---- docs/formatnetwork.html.in | 29 +++++++++++-- docs/schemas/domaincommon.rng | 5 +++ docs/schemas/network.rng | 10 +++++ src/conf/domain_conf.c | 42 +++++++++++++++++++ src/conf/domain_conf.h | 3 ++ src/conf/network_conf.c | 36 ++++++++++++++++ src/conf/network_conf.h | 2 + src/libvirt_private.syms | 1 + tests/networkxml2xmlin/vepa-net.xml | 4 +- tests/networkxml2xmlout/vepa-net.xml | 4 +- ...uxml2argv-net-virtio-network-portgroup.xml | 4 +- 12 files changed, 164 insertions(+), 16 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 45b0f618b9..0099ce7f46 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -3343,10 +3343,9 @@ 
   ...
   <devices>
-    <interface type='bridge'>
-      <source bridge='xenbr0'/>
-      <mac address='00:16:3e:5d:c7:9e'/>
-      <script path='vif-bridge'/>
+    <interface type='direct' trustGuestRxFilters='yes'>
+      <source dev='eth0'/>
+      <mac address='52:54:00:5d:c7:9e'/>
       <boot order='1'/>
       <rom bar='off'/>
     </interface>
@@ -3356,8 +3355,23 @@
     

       There are several possibilities for specifying a network
       interface visible to the guest.  Each subsection below provides
-      more details about common setup options.  Additionally,
-      each <interface> element has an
+      more details about common setup options.
+    

+    

+      Since 1.2.10),
+      the interface element
+      property trustGuestRxFilters provides the
+      capability for the host to detect and trust reports from the
+      guest regarding changes to the interface mac address and receive
+      filters by setting the attribute to yes. The default
+      setting for the attribute is no for security
+      reasons and support depends on the guest network device model as
+      well as the type of connection on the host - currently it is
+      only supported for the virtio ddevice model and for macvtap
+      connections on the host.
+    

+    

+      Each <interface> element has an
       optional <address> sub-element that can tie
       the interface to a particular pci slot, with
       attribute type='pci'
@@ -3589,6 +3603,18 @@
       being the default mode. The individual modes cause the delivery of
       packets to behave as follows:
     

+    

+      If the model type is set to virtio and
+      interface's trustGuestRxFilters attribute is set
+      to yes, changes made to the interface mac address,
+      unicast/multicast receive filters, and vlan settings in the
+      guest will be monitored and propagated to the associated macvtap
+      device on the host (Since
+      1.2.10). If trustGuestRxFilters is not set,
+      or is not supported for the device model in use, an attempted
+      change to the mac address originating from the guest side will
+      result in a non-working network connection.
+    

 
     

       
vepa

@@ -3621,7 +3647,7 @@
   ...
   <devices>
     ...
-    <interface type='direct'>
+    <interface type='direct' trustGuestRxFilters='no'>
       <source dev='eth0' mode='vepa'/>
     </interface>
   </devices>
diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
index 1a8ad8e8d6..dc438aee86 100644
--- a/docs/formatnetwork.html.in
+++ b/docs/formatnetwork.html.in
@@ -35,7 +35,7 @@
     

 
     
-      <network ipv6='yes'>
+      <network ipv6='yes' trustGuestRxFilters='no'>
         <name>default</name>
         <uuid>3e3fce45-4f53-4fa7-bb32-11f34168b82b</uuid>
         ...

@@ -60,6 +60,16 @@
         to have guest-to-guest communications.  For further information,
         see the example below for the example with no gateway addresses.
         Since 1.0.1
+      
trustGuestRxFilters='yes'

+      
The optional parameter trustGuestRxFilters can
+        be used to set that attribute of the same name for each domain
+        interface connected to this network (since
+        1.2.10). See
+        the Network
+        interfaces section of the domain XML documentation for
+        more details. Note that an explicit setting of this attribute
+        in a portgroup or the individual domain interface will
+        override the setting in the network.

     

 
     
Connectivity

@@ -606,7 +616,7 @@
       <outbound average='1000' peak='5000' burst='5120'/>
     </bandwidth>
   </portgroup>
-  <portgroup name='sales'>
+  <portgroup name='sales' trustGuestRxFilters='no'>
     <virtualport type='802.1Qbh'>
       <parameters profileid='salestest'/>
     </virtualport>
@@ -626,7 +636,7 @@
       network can have multiple portgroup elements (and one of those
       can optionally be designated as the 'default' portgroup for the
       network), and each portgroup has a name, as well as various
-      subelements associated with it. The currently supported
+      attributes and subelements associated with it. The currently supported
       subelements are <bandwidth>
       (described here)
       and <virtualport>
@@ -650,6 +660,19 @@
       considered an error, and will prevent the interface from
       starting.
     

+    

+      portgroups also support the optional
+      parameter trustGuestRxFilters which can be used to
+      set that attribute of the same name for each domain interface
+      using this portgroup (since
+      1.2.10). See
+      the Network
+      interfaces section of the domain XML documentation for more
+      details. Note that an explicit setting of this attribute in the
+      portgroup overrides the network-wide setting, and an explicit
+      setting in the individual domain interface will override the
+      setting in the portgroup.
+    

 
     
Static Routes

     

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 6b69fd1bac..20d81ae2d6 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2240,6 +2240,11 @@
           
         
       
+      
+        
+          
+        
+