From 1730a8e5ff1b0267389d1dc6d5bc08649aaa2171 Mon Sep 17 00:00:00 2001 From: Daniel Gollub Date: Wed, 28 Aug 2013 17:36:25 +0200 Subject: [PATCH] virtinst: add nwfilter support This allows to make use of libvirt network filtering support with virt-install. With the additional option "filterref" in the --network parameter one can configure any defined nwfilter per network interface, i.e.: virt-install ... --network network=mynet,model=virtio,filterref=clean-traffic (crobinso: add an xmlparse test case) --- man/virt-install.pod | 6 ++++++ tests/xmlparse-xml/change-nics-out.xml | 1 + tests/xmlparse.py | 1 + virtinst/cli.py | 4 +++- virtinst/deviceinterface.py | 4 +++- 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/man/virt-install.pod b/man/virt-install.pod index 6106d8f4..c3d5e863 100644 --- a/man/virt-install.pod +++ b/man/virt-install.pod @@ -614,6 +614,12 @@ Xen virtual machines it is required that the first 3 pairs in the MAC address be the sequence '00:16:3e', while for QEMU or KVM virtual machines it must be '52:54:00'. +=item B + +Controlling firewall and network filtering in libvirt. Value can be any nwfilter +defined by the C 'nwfilter' subcommands. Available filters can be listed +by running 'virsh nwfilter-list', e.g.: 'clean-traffic', 'no-mac-spoofing', ... + =back =item --nonetworks diff --git a/tests/xmlparse-xml/change-nics-out.xml b/tests/xmlparse-xml/change-nics-out.xml index 8ee098e5..10d0faaa 100644 --- a/tests/xmlparse-xml/change-nics-out.xml +++ b/tests/xmlparse-xml/change-nics-out.xml @@ -22,6 +22,7 @@ + diff --git a/tests/xmlparse.py b/tests/xmlparse.py index e5c29b75..d8725bd8 100644 --- a/tests/xmlparse.py +++ b/tests/xmlparse.py @@ -410,6 +410,7 @@ class XMLParseTest(unittest.TestCase): check("bridge", None, "br0") check("network", None, "route") check("macaddr", "22:11:11:11:11:11", "AA:AA:AA:AA:AA:AA") + check("filterref", None, "foo") self.assertEquals(dev1.get_source(), None) check = self._make_checker(dev2) diff --git a/virtinst/cli.py b/virtinst/cli.py index 38e458bd..09070fa0 100644 --- a/virtinst/cli.py +++ b/virtinst/cli.py @@ -993,7 +993,8 @@ def add_net_option(devg): help=_("Configure a guest network interface. Ex:\n" "--network bridge=mybr0\n" "--network network=my_libvirt_virtual_net\n" - "--network network=mynet,model=virtio,mac=00:11...")) + "--network network=mynet,model=virtio,mac=00:11...\n" + "--network network=mynet,filterref=clean-traffic,model=virtio")) def add_device_options(devg): @@ -1578,6 +1579,7 @@ def parse_network(guest, optstring, dev=None, mac=None): set_param("bridge", "bridge") set_param("model", "model") set_param("macaddr", "mac") + set_param("filterref", "filterref") if opts: raise ValueError(_("Unknown options %s") % opts.keys()) diff --git a/virtinst/deviceinterface.py b/virtinst/deviceinterface.py index 3e59d277..8412b830 100644 --- a/virtinst/deviceinterface.py +++ b/virtinst/deviceinterface.py @@ -198,7 +198,8 @@ class VirtualNetworkInterface(VirtualDevice): _XML_PROP_ORDER = [ "bridge", "network", "source_dev", "source_mode", - "macaddr", "target_dev", "model", "virtualport"] + "macaddr", "target_dev", "model", "virtualport", + "filterref"] type = XMLProperty(xpath="./@type", default_cb=lambda s: s.TYPE_BRIDGE) @@ -233,6 +234,7 @@ class VirtualNetworkInterface(VirtualDevice): default_cb=_default_source_mode) model = XMLProperty(xpath="./model/@type") target_dev = XMLProperty(xpath="./target/@dev") + filterref = XMLProperty(xpath="./filterref/@filter") VirtualNetworkInterface.register_type()