shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-21 22:03:49 +03:00
Code Releases Activity

network: Let domains be restricted to local DNS

Browse Source 
This adds a new "localOnly" attribute on the domain element of the
network xml.  With this set to "yes", DNS requests under that domain
will only be resolved by libvirt's dnsmasq, never forwarded upstream.

This was how it worked before commit f69a6b987d616, and I found that
functionality useful.  For example, I have my host's NetworkManager
dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
easily resolve guest names from outside.  But if libvirt's dnsmasq
doesn't know a name and forwards it to the host, I'd get an endless
forwarding loop.  Now I can set localOnly="yes" to prevent the loop.

Signed-off-by: Josh Stone <jistone@redhat.com>
This commit is contained in:
Josh Stone 2014-12-03 16:01:33 -08:00 committed by Laine Stump
parent e11490e358
commit 298fa4858c
8 changed files with 74 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/formatnetwork.html.in
View File

@ -82,7 +82,7 @@
<pre>
...
&lt;bridge name="virbr0" stp="on" delay="5" macTableManager="libvirt"/&gt;
&lt;domain name="example.com"/&gt;
&lt;domain name="example.com" localOnly="no"/&gt;
&lt;forward mode="nat" dev="eth0"/&gt;
...</pre>
@ -151,6 +151,16 @@
a <code>&lt;forward&gt;</code> mode of "nat" or "route" (or an
isolated network with no <code>&lt;forward&gt;</code>
element). <span class="since">Since 0.4.5</span>
<p>
If the optional <code>localOnly</code> attribute on the
<code>domain</code> element is "yes", then DNS requests under
this domain will only be resolved by the virtual network's own
DNS server - they will not be forwarded to the host's upstream
DNS server. If <code>localOnly</code> is "no", and by
default, unresolved requests <b>will</b> be forwarded.
<span class="since">Since 1.2.12</span>
</p>
</dd>
<dt><code>forward</code></dt>
<dd>Inclusion of the <code>forward</code> element indicates that

3
docs/schemas/network.rng
View File

@ -234,6 +234,9 @@
<optional>
<element name="domain">
<attribute name="name"><ref name="dnsName"/></attribute>
<optional>
<attribute name="localOnly"><ref name="virYesNo"/></attribute>
</optional>
</element>
</optional>

32
src/conf/network_conf.c
View File

@ -1854,6 +1854,18 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
/* Parse network domain information */
def->domain = virXPathString("string(./domain[1]/@name)", ctxt);
tmp = virXPathString("string(./domain[1]/@localOnly)", ctxt);
if (tmp) {
def->domainLocalOnly = virTristateBoolTypeFromString(tmp);
if (def->domainLocalOnly <= 0) {
virReportError(VIR_ERR_XML_ERROR,
_("Invalid domain localOnly setting '%s' "
"in network '%s'"),
tmp, def->name);
goto error;
}
VIR_FREE(tmp);
}
if ((bandwidthNode = virXPathNode("./bandwidth", ctxt)) &&
virNetDevBandwidthParse(&def->bandwidth, bandwidthNode, -1) < 0)
@ -2560,8 +2572,24 @@ virNetworkDefFormatBuf(virBufferPtr buf,
virBufferAsprintf(buf, "<mac address='%s'/>\n", macaddr);
}
if (def->domain)
virBufferAsprintf(buf, "<domain name='%s'/>\n", def->domain);
if (def->domain) {
virBufferAsprintf(buf, "<domain name='%s'", def->domain);
/* default to "no", but don't format it in the XML */
if (def->domainLocalOnly) {
const char *local = virTristateBoolTypeToString(def->domainLocalOnly);
if (!local) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Unknown localOnly type %d in network"),
def->domainLocalOnly);
return -1;
}
virBufferAsprintf(buf, " localOnly='%s'", local);
}
virBufferAddLit(buf, "/>\n");
}
if (virNetworkDNSDefFormat(buf, &def->dns) < 0)
goto error;

1
src/conf/network_conf.h
View File

@ -225,6 +225,7 @@ struct _virNetworkDef {
char *bridge; /* Name of bridge device */
int macTableManager; /* enum virNetworkBridgeMACTableManager */
char *domain;
int domainLocalOnly; /* enum virTristateBool: yes disables dns forwarding */
unsigned long delay; /* Bridge forward delay (ms) */
bool stp; /* Spanning tree protocol */
virMacAddr mac; /* mac address of bridge device */

5
src/network/bridge_driver.c
View File

@ -928,6 +928,11 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
}
if (network->def->domain) {
if (network->def->domainLocalOnly == VIR_TRISTATE_BOOL_YES) {
virBufferAsprintf(&configbuf,
"local=/%s/\n",
network->def->domain);
}
virBufferAsprintf(&configbuf,
"domain=%s\n"
"expand-hosts\n",

14
tests/networkxml2confdata/nat-network-dns-local-domain.conf Normal file
View File

@ -0,0 +1,14 @@
##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
## virsh net-edit default
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
local=/example.com/
domain=example.com
expand-hosts
except-interface=lo
bind-dynamic
interface=virbr0
addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts

9
tests/networkxml2confdata/nat-network-dns-local-domain.xml Normal file
View File

@ -0,0 +1,9 @@
<network>
<name>default</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9c</uuid>
<forward dev='eth0' mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<domain name='example.com' localOnly='yes'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
</ip>
</network>

1
tests/networkxml2conftest.c
View File

@ -134,6 +134,7 @@ mymain(void)
DO_TEST("nat-network-dns-hosts", full);
DO_TEST("nat-network-dns-forward-plain", full);
DO_TEST("nat-network-dns-forwarders", full);
DO_TEST("nat-network-dns-local-domain", full);
DO_TEST("dhcp6-network", dhcpv6);
DO_TEST("dhcp6-nat-network", dhcpv6);
DO_TEST("dhcp6host-routed-network", dhcpv6);