shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-06 08:58:35 +03:00
Code Releases Activity

network: Add support for local PTR domains

Browse Source 
Similarly to localOnly DNS domain, localPtr attribute can be used to
tell the DNS server not to forward reverse lookups for unknown IPs which
belong to the virtual network.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
This commit is contained in:
Jiri Denemark 2016-12-08 22:23:09 +01:00
parent acd547dc95
commit 3d98acc9e3
9 changed files with 123 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/formatnetwork.html.in
View File

@ -855,14 +855,14 @@
&lt;hostname&gt;myhostalias&lt;/hostname&gt; &lt;hostname&gt;myhostalias&lt;/hostname&gt;
&lt;/host&gt; &lt;/host&gt;
&lt;/dns&gt; &lt;/dns&gt;
&lt;ip address="192.168.122.1" netmask="255.255.255.0"&gt; &lt;ip address="192.168.122.1" netmask="255.255.255.0" localPtr="yes"&gt;
&lt;dhcp&gt; &lt;dhcp&gt;
&lt;range start="192.168.122.100" end="192.168.122.254"/&gt; &lt;range start="192.168.122.100" end="192.168.122.254"/&gt;
&lt;host mac="00:16:3e:77:e2:ed" name="foo.example.com" ip="192.168.122.10"/&gt; &lt;host mac="00:16:3e:77:e2:ed" name="foo.example.com" ip="192.168.122.10"/&gt;
&lt;host mac="00:16:3e:3e:a9:1a" name="bar.example.com" ip="192.168.122.11"/&gt; &lt;host mac="00:16:3e:3e:a9:1a" name="bar.example.com" ip="192.168.122.11"/&gt;
&lt;/dhcp&gt; &lt;/dhcp&gt;
&lt;/ip&gt; &lt;/ip&gt;
&lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64"/&gt; &lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" localPtr="yes"/&gt;
&lt;route family="ipv6" address="2001:db9:ca1:1::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt; &lt;route family="ipv6" address="2001:db9:ca1:1::" prefix="64" gateway="2001:db8:ca2:2::2"/&gt;
</pre> </pre>
@ -983,11 +983,18 @@
to specify the type of address &mdash; <code>ipv4</code> or to specify the type of address &mdash; <code>ipv4</code> or
<code>ipv6</code>; if no <code>family</code> is given, <code>ipv6</code>; if no <code>family</code> is given,
<code>ipv4</code> is assumed. More than one address of each family can <code>ipv4</code> is assumed. More than one address of each family can
be defined for a network. The <code>ip</code> element is supported be defined for a network. The optional <code>localPtr</code> attribute
<span class="since">since 0.3.0</span>. IPv6, multiple addresses on a (<span class="since">since 3.0.0</span>) configures the DNS server to
single network, <code>family</code>, and <code>prefix</code> are not forward any reverse DNS requests for IP addresses from the network
supported <span class="since">since 0.8.7</span>. The <code>ip</code> configured by the <code>address</code> and
element may contain the following elements: <code>netmask</code>/<code>prefix</code> attributes. For some unusual
network prefixes (not divisible by 8 for IPv4 or not divisible by 4 for
IPv6) libvirt may be unable to compute the PTR domain automatically.
The <code>ip</code> element is supported <span class="since">since
0.3.0</span>. IPv6, multiple addresses on a single network,
<code>family</code>, and <code>prefix</code> are supported
<span class="since">since 0.8.7</span>. The <code>ip</code> element may
contain the following elements:
<dl> <dl>
<dt><code>tftp</code></dt> <dt><code>tftp</code></dt>

2
docs/news.html.in
View File

@ -16,6 +16,8 @@
<ul> <ul>
<li><strong>New features</strong> <li><strong>New features</strong>
<ul> <ul>
<li>New localPtr attribute for "ip" element in network XML
</li>
<li>qemu: Support QEMU group I/O throttling<br/> <li>qemu: Support QEMU group I/O throttling<br/>
Add the capability to allow group I/O throttling via a new Add the capability to allow group I/O throttling via a new
domain &lt;disk&gt; &lt;iotune&gt; subelement "group_name" domain &lt;disk&gt; &lt;iotune&gt; subelement "group_name"

3
docs/schemas/network.rng
View File

@ -339,6 +339,9 @@
<optional> <optional>
<attribute name="family"><ref name="addr-family"/></attribute> <attribute name="family"><ref name="addr-family"/></attribute>
</optional> </optional>
<optional>
<attribute name="localPtr"><ref name="virYesNo"/></attribute>
</optional>
<interleave> <interleave>
<optional> <optional>
<element name="tftp"> <element name="tftp">

19
src/conf/network_conf.c
View File

@ -1507,6 +1507,7 @@ virNetworkIPDefParseXML(const char *networkName,
unsigned long prefix = 0; unsigned long prefix = 0;
int prefixRc; int prefixRc;
int result = -1; int result = -1;
char *localPtr = NULL;
save = ctxt->node; save = ctxt->node;
ctxt->node = node; ctxt->node = node;
@ -1549,6 +1550,17 @@ virNetworkIPDefParseXML(const char *networkName,
else else
def->prefix = prefix; def->prefix = prefix;
localPtr = virXPathString("string(./@localPtr)", ctxt);
if (localPtr) {
def->localPTR = virTristateBoolTypeFromString(localPtr);
if (def->localPTR <= 0) {
virReportError(VIR_ERR_XML_ERROR,
_("Invalid localPtr value '%s' in network '%s'"),
localPtr, networkName);
goto cleanup;
}
}
/* validate address, etc. for each family */ /* validate address, etc. for each family */
if ((def->family == NULL) || (STREQ(def->family, "ipv4"))) { if ((def->family == NULL) || (STREQ(def->family, "ipv4"))) {
if (!(VIR_SOCKET_ADDR_IS_FAMILY(&def->address, AF_INET) || if (!(VIR_SOCKET_ADDR_IS_FAMILY(&def->address, AF_INET) ||
@ -1627,6 +1639,7 @@ virNetworkIPDefParseXML(const char *networkName,
virNetworkIPDefClear(def); virNetworkIPDefClear(def);
VIR_FREE(address); VIR_FREE(address);
VIR_FREE(netmask); VIR_FREE(netmask);
VIR_FREE(localPtr);
ctxt->node = save; ctxt->node = save;
return result; return result;
@ -2652,6 +2665,12 @@ virNetworkIPDefFormat(virBufferPtr buf,
} }
if (def->prefix > 0) if (def->prefix > 0)
virBufferAsprintf(buf, " prefix='%u'", def->prefix); virBufferAsprintf(buf, " prefix='%u'", def->prefix);
if (def->localPTR) {
virBufferAsprintf(buf, " localPtr='%s'",
virTristateBoolTypeToString(def->localPTR));
}
virBufferAddLit(buf, ">\n"); virBufferAddLit(buf, ">\n");
virBufferAdjustIndent(buf, 2); virBufferAdjustIndent(buf, 2);

2
src/conf/network_conf.h
View File

@ -162,6 +162,8 @@ struct _virNetworkIPDef {
unsigned int prefix; /* ipv6 - only prefix allowed */ unsigned int prefix; /* ipv6 - only prefix allowed */
virSocketAddr netmask; /* ipv4 - either netmask or prefix specified */ virSocketAddr netmask; /* ipv4 - either netmask or prefix specified */
int localPTR; /* virTristateBool */
size_t nranges; /* Zero or more dhcp ranges */ size_t nranges; /* Zero or more dhcp ranges */
virSocketAddrRangePtr ranges; virSocketAddrRangePtr ranges;

41
src/network/bridge_driver.c
View File

@ -994,6 +994,43 @@ networkBuildDnsmasqHostsList(dnsmasqContext *dctx,
} }
static int
networkDnsmasqConfLocalPTRs(virBufferPtr buf,
virNetworkDefPtr def)
{
virNetworkIPDefPtr ip;
size_t i;
char *ptr = NULL;
int rc;
for (i = 0; i < def->nips; i++) {
ip = def->ips + i;
if (ip->localPTR != VIR_TRISTATE_BOOL_YES)
continue;
if ((rc = virSocketAddrPTRDomain(&ip->address,
virNetworkIPDefPrefix(ip),
&ptr)) < 0) {
if (rc == -2) {
int family = VIR_SOCKET_ADDR_FAMILY(&ip->address);
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("PTR domain for %s network with prefix %u "
"cannot be automatically created"),
(family == AF_INET) ? "IPv4" : "IPv6",
virNetworkIPDefPrefix(ip));
}
return -1;
}
virBufferAsprintf(buf, "local=/%s/\n", ptr);
VIR_FREE(ptr);
}
return 0;
}
int int
networkDnsmasqConfContents(virNetworkObjPtr network, networkDnsmasqConfContents(virNetworkObjPtr network,
const char *pidfile, const char *pidfile,
@ -1079,6 +1116,10 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
network->def->domain); network->def->domain);
} }
if (wantDNS &&
networkDnsmasqConfLocalPTRs(&configbuf, network->def) < 0)
goto cleanup;
if (wantDNS && network->def->dns.forwardPlainNames == VIR_TRISTATE_BOOL_NO) { if (wantDNS && network->def->dns.forwardPlainNames == VIR_TRISTATE_BOOL_NO) {
virBufferAddLit(&configbuf, "domain-needed\n"); virBufferAddLit(&configbuf, "domain-needed\n");
/* need to specify local=// whether or not a domain is /* need to specify local=// whether or not a domain is

20
tests/networkxml2confdata/ptr-domains-auto.conf Normal file
View File

@ -0,0 +1,20 @@
##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
## virsh net-edit default
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
local=/122.168.192.in-addr.arpa/
local=/1.0.e.f.0.1.c.a.8.b.d.0.1.0.0.2.ip6.arpa/
except-interface=lo
bind-dynamic
interface=virbr0
dhcp-range=192.168.122.2,192.168.122.254
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=253
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts
dhcp-range=2001:db8:ac10:fe01::1,ra-only
dhcp-range=2001:db8:ac10:fd01::1,ra-only

21
tests/networkxml2confdata/ptr-domains-auto.xml Normal file
View File

@ -0,0 +1,21 @@
<network>
<name>default</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
<forward dev='eth1' mode='nat'/>
<bridge name='virbr0' stp='on' delay='0'/>
<ip address='192.168.122.1' netmask='255.255.255.0' localPtr='yes'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
<host mac='00:16:3e:77:e2:ed' name='a.example.com' ip='192.168.122.10'/>
<host mac='00:16:3e:3e:a9:1a' name='b.example.com' ip='192.168.122.11'/>
</dhcp>
</ip>
<ip family='ipv4' address='192.168.123.1' netmask='255.255.255.0' localPtr='no'>
</ip>
<ip family='ipv6' address='2001:db8:ac10:fe01::1' prefix='64' localPtr='yes'>
</ip>
<ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
</ip>
<ip family='ipv4' address='10.24.10.1'>
</ip>
</network>

1
tests/networkxml2conftest.c
View File

@ -129,6 +129,7 @@ mymain(void)
DO_TEST("dhcp6-network", dhcpv6); DO_TEST("dhcp6-network", dhcpv6);
DO_TEST("dhcp6-nat-network", dhcpv6); DO_TEST("dhcp6-nat-network", dhcpv6);
DO_TEST("dhcp6host-routed-network", dhcpv6); DO_TEST("dhcp6host-routed-network", dhcpv6);
DO_TEST("ptr-domains-auto", dhcpv6);
virObjectUnref(dhcpv6); virObjectUnref(dhcpv6);
virObjectUnref(full); virObjectUnref(full);