Commit Graph

19 Commits

Author SHA1 Message Date
Daniel P. Berrangé b81e44d6ac nwfilter: move standard XML configs out of examples dir
The nwfilter XML configs are not merely examples, they are data that is
actively shipped and used in production by users.

Reviewed-by: Erik Skultety <eskultet@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-19 11:52:44 +01:00
Ales Musil ac01fbc90b examples: Add clean-traffic-gateway into nwfilters
The filter purpose is to simulate isolated private VLAN.

The behavior can be achieved by limiting network traffic
to traffic between VM and gateway. Because there is no
concept of the PVLAN in the linux bridge.

The filter also contains parts from clean-traffic
to prevent VM from spoofing its IP and MAC address.

To use this filter the user just needs to set
the GATEWAY_MAC variable to gateway MAC address.

Signed-off-by: Ales Musil <amusil@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2018-07-18 14:03:47 +02:00
Cole Robinson da176bf6b7 examples: Use one top level makefile
Using one Makefile per example subdirectory essentially serializes 'make'
calls. Convert to one example/Makefile that builds and distributes
all the subdir files. This reduces example/ rebuild time from about 5.8
seconds to 1.5 seconds on my machine.

One slight difference is that we no longer ship Makefile.am with the
examples in the rpm. This was virtually useless anyways since the Makefile
was very specific to libvirt infrastructure, so wasn't generically
reusable anyways.

Tested with 'make distcheck' and 'make rpm'
2016-01-09 21:14:12 -05:00
Peter Krempa d88f9027ae examples: test: Kill unsupported maxMemory element
The "maxMemory" element was never supported by libvirt. Remove it from
the test XMLs. (Found while actually trying to add support for a
identically named element).
2014-08-20 15:27:18 +02:00
Eric Blake b420df72a8 build: only install nwfilter examples when building nwfilter
'make rpm' with client_local set to 1 (by manual modification,
or with RHEL 5 on s390) warns:

RPM build errors:
    Installed (but unpackaged) file(s) found:
   /etc/libvirt/nwfilter/allow-arp.xml
   /etc/libvirt/nwfilter/allow-dhcp-server.xml
   /etc/libvirt/nwfilter/allow-dhcp.xml
   /etc/libvirt/nwfilter/allow-incoming-ipv4.xml
   /etc/libvirt/nwfilter/allow-ipv4.xml
   /etc/libvirt/nwfilter/clean-traffic.xml
   /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
   /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
   /etc/libvirt/nwfilter/no-arp-spoofing.xml
   /etc/libvirt/nwfilter/no-ip-multicast.xml
   /etc/libvirt/nwfilter/no-ip-spoofing.xml
   /etc/libvirt/nwfilter/no-mac-broadcast.xml
   /etc/libvirt/nwfilter/no-mac-spoofing.xml
   /etc/libvirt/nwfilter/no-other-l2-traffic.xml
   /etc/libvirt/nwfilter/no-other-rarp-traffic.xml
   /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
   /etc/libvirt/nwfilter/qemu-announce-self.xml
   /usr/share/polkit-1/actions/org.libvirt.api.policy

The bulk of these are fixed with this patch.

* examples/xml/nwfilter/Makefile.am (install-data-local)
(uninstall-local): Make conditional.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-04 13:48:27 -06:00
Eric Blake d7f53c7b97 maint: use LGPL correctly
Several files called out COPYING or COPYING.LIB instead of using
the normal boilerplate.  It's especially important that we don't
call out COPYING from an LGPL file, since COPYING is traditionally
used for the GPL.  A few files were lacking copyright altogether.

* src/rpc/gendispatch.pl: Add missing copyright.
* Makefile.nonreentrant: Likewise.
* src/check-symfile.pl: Likewise.
* src/check-symsorting.pl: Likewise.
* src/driver.h: Likewise.
* src/internal.h: Likewise.
* tools/libvirt-guests.sh.in: Likewise.
* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
* tools/virt-sanlock-cleanup.in: Likewise.
* src/rpc/genprotocol.pl: Spell out license terms.
* src/xen/xend_internal.h: Likewise.
* src/xen/xend_internal.c: Likewise.
* Makefile.am: Likewise.
* daemon/Makefile.am: Likewise.
* docs/Makefile.am: Likewise.
* docs/schemas/Makefile.am: Likewise.
* examples/apparmor/Makefile.am: Likewise.
* examples/domain-events/events-c/Makefile.am: Likewise.
* examples/dominfo/Makefile.am: Likewise.
* examples/domsuspend/Makefile.am: Likewise.
* examples/hellolibvirt/Makefile.am: Likewise.
* examples/openauth/Makefile.am: Likewise.
* examples/python/Makefile.am: Likewise.
* examples/systemtap/Makefile.am: Likewise.
* examples/xml/nwfilter/Makefile.am: Likewise.
* gnulib/lib/Makefile.am: Likewise.
* gnulib/tests/Makefile.am: Likewise.
* include/Makefile.am: Likewise.
* include/libvirt/Makefile.am: Likewise.
* python/Makefile.am: Likewise.
* python/tests/Makefile.am: Likewise.
* src/Makefile.am: Likewise.
* tests/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.
* configure.ac: Likewise.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-20 14:03:48 -06:00
Daniel Veillard 683e011137 Revert "Refactor the libvirt RPM daemon pieces"
This reverts commit 06a0d57f5a.
2012-04-03 14:49:31 +08:00
Daniel P. Berrange 8bf0442e83 Fix client only RPM build & other misc RPM problems
* libvirt.spec.in: Remove obsolete --with-remote-pid-file arg.
  Add missing %{without_libxl} statement. Fix handling of docs
  in client only build. Put systemtap files in -client RPM
  instead of -daemon RPM
* examples/xml/nwfilter/Makefile.am: Don't install examples if
  nwfilter is disabled.
2012-03-31 13:22:40 +01:00
Stefan Berger af5594c88b nwfilter: fix typing error in filter
Fix a typing error in the no-ip-spoofing filter.
Return DHCP request packets passing through this filter. Have
the user use another filter to actually allow DHCP requests to be
sent (action='accept').
2012-01-17 12:47:41 -05:00
Stefan Berger 8c309caff8 Update of filters to handle multiple IP addresses
With fragments borrowed from David Steven's previous submission and some
further modifications:

A set of modifications to filters to handle multiple IP addresses
(and MAC addresses) per interface.

Also:
- enable DHCP traffic from VM to any DHCP server
- will require an update to a libvirt-tck data file

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2011-12-01 20:34:36 -05:00
Osier Yang 4b7de948f9 examples: Correct the example command to use testnode.xml
* s/-connection/-c/
 * Removes the redundant '/'.
 * Add "absolute" so that it's more clear.

Pushed under trivial rule.
2011-11-29 18:43:20 +08:00
Eric Blake ff81956ac6 maint: add missing copyright notices
I went with the shorter license notice used by src/libvirt.c,
rather than spelling out the full LGPLv2+ clause into each of
these files.

* configure.ac: Declare copyright.
* all Makefile.am: Likewise.
2011-07-28 15:01:17 -06:00
Stefan Berger fcb0e8c227 nwfilter: enable filtering of gratuitous ARP packets
This patch enables filtering of gratuitous ARP packets using the following XML:

<rule action='accept' direction='in' priority='425'>
<arp gratuitous='true'/>
</rule>
2011-05-23 19:41:18 -04:00
Stefan Berger ed7813d28d nwfilter: let qemu's after-migration packet pass
Qemu currently sends an Ethernet packet with protocol id 0x835 once a VM
was successfully migrated. The content of the packet looks like a
gratuitous RARP, just with the wrong protocol ID, which should be
0x8035. I wrote some filters to let either one of the packets pass and
am adapting the clean-traffic sample filter to use it. I am also
doing some changes on the existing ARP filter which was lacking a
test for source MAC address.
2010-04-27 14:50:35 -04:00
Philipp Hahn 8b3a89c486 Install nwfilter xml files from source directory.
During an out-of-tree build, the current working directory is the build
directory. Since the FILTERS are static and not modified or
auto-generated during the build process, they need to be explicitly
fetched from the source directory during install.

Prefix the files with $(srcdir), which gets expanded to the absolute or
relative path to the source directory, even when duing out-of-tree
builds.

Signed-off-by: Philipp Hahn <hahn@univention.de>
2010-04-20 08:14:23 -06:00
Daniel Veillard b4b0949dd7 Distribute nwfilter xml files and add them to rpm
* examples/xml/nwfilter/Makefile.am: add all xml to the distribution
* libvirt.spec.in: reference them from the rpm spec file to have them
  available in the main libvirt package
2010-03-31 10:20:22 +02:00
Stefan Berger e3a7137ac2 Add some examples filters
This patch adds some example filters to libvirt. They are automatically
installed into the proper directory for libvirt to pick them up.
2010-03-26 18:01:17 +00:00
Cole Robinson e22f2f5c9c test: Support loading node device info from file/XML
Also add some XML examples.

Signed-off-by: Cole Robinson <crobinso@redhat.com>
2009-10-05 14:07:17 -04:00
Daniel P. Berrange 13f59ad733 Move example XML files into examples/xml
* docs/storage/: Move to examples/xml/storage/
* docs/test*.xml: Move to examples/xml/test/
* docs/Makefile.am: Remove example XML files from dist
* Makefile.am: Add examples/xml to EXTRA_DIST
* tests/virshtest.c: Update for moved test XML
* libvirt.spec.in: Include example XML files as docs
* tests/int-overflow: UPdate for moved XML
2009-09-21 14:41:48 +01:00