[libvirt] [PATCH 4/4] Add support for interfaces with type=direct to LXC

Stefan Berger stefanb at linux.vnet.ibm.com
Thu Nov 10 14:02:41 UTC 2011 

On 11/10/2011 06:28 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"<berrange at redhat.com>
>
> Support creation of macvlan devices for LXC containers. Do not
> allow setting of network filters, bandwidth controls or vport
> profiles due to the complication that there is no host side
> visible device to work with.
>
> * src/lxc/lxc_driver.c: Support type=direct interfaces
> ---
>   src/lxc/lxc_driver.c |  106 +++++++++++++++++++++++++++++++++++++++++++++++++-
>   1 files changed, 105 insertions(+), 1 deletions(-)
>
> diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
> index 4f6807b..09752a3 100644
> --- a/src/lxc/lxc_driver.c
> +++ b/src/lxc/lxc_driver.c
> @@ -1230,6 +1230,102 @@ cleanup:
>       return ret;
>   }
>
> +
> +static int lxcSetupInterfaceDirect(virConnectPtr conn,
> +                                   virDomainDefPtr def,
> +                                   virDomainNetDefPtr net,
> +                                   unsigned int *nveths,
> +                                   char ***veths)
> +{
> +    int ret = 0;
> +    char *res_ifname = NULL;
> +    lxc_driver_t *driver = conn->privateData;
> +    virNetDevBandwidthPtr bw;
> +    virNetDevVPortProfilePtr prof;
> +
> +    /* XXX how todo filtering ?
> +     * Since the 'net-ifname' is about to be moved to a different
> +     * namespace&  renamed, there will be no host side visible
> +     * interface for the container to attach rules to
> +     */
Afaik, filtering doesn't work on the direct interfaces anyway due to 
missing hooks in their kernel implementation. At least  I have been told 
so about the macvtap type of device.
> +    if (net->filter) {
> +        lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> +                 _("Unable to set network filters on direct interfaces"));
> +        return -1;
> +    }
> +
> +    /* XXX how todo bandwidth controls ?
> +     * Since the 'net-ifname' is about to be moved to a different
> +     * namespace&  renamed, there will be no host side visible
> +     * interface for the container to attach rules to
> +     */
> +    bw = virDomainNetGetActualBandwidth(net);
> +    if (bw) {
> +        lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> +                 _("Unable to set network bandwidth on direct interfaces"));
> +        return -1;
> +    }
> +
> +    /* XXX how todo port profiles ?
> +     * Although we can do the association during container
> +     * startup, at shutdown we are unable to disassociate
> +     * because the macvlan device was moved to the container
> +     * and automagically dies when the container dies. So
> +     * we have no dev to perform disassociation with.
> +     */
> +    prof = virDomainNetGetActualDirectVirtPortProfile(net);
> +    if (prof) {
> +        lxcError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> +                 _("Unable to set port profile on direct interfaces"));
> +        return -1;
> +    }
> +
> +    if (VIR_REALLOC_N(*veths, (*nveths)+1)<  0) {
> +        virReportOOMError();
> +        return -1;
> +    }
> +    (*veths)[(*nveths)] = NULL;
> +
> +    if (virNetDevMacVLanCreateWithVPortProfile(
> +            net->ifname, net->mac,
> +            virDomainNetGetActualDirectDev(net),
> +            virDomainNetGetActualDirectMode(net),
> +            false, false, def->uuid,
> +            virDomainNetGetActualDirectVirtPortProfile(net),
> +&res_ifname,
> +            VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
> +            driver->stateDir,
> +            virDomainNetGetActualBandwidth(net))<  0)
> +        goto cleanup;
> +
> +    (*veths)[(*nveths)] = res_ifname;
> +    (*nveths)++;
> +
> +#if 0
> +    if (rc>= 0) {
> +        if ((net->filter)&&  (net->ifname)) {
> +            err = virDomainConfNWFilterInstantiate(conn, net);
> +            if (err) {
> +                VIR_FORCE_CLOSE(rc);
> +                ignore_value(virNetDevMacVLanDeleteWithVPortProfile(
> +                                 net->ifname, net->mac,
> +                                 virDomainNetGetActualDirectDev(net),
> +                                 virDomainNetGetActualDirectMode(net),
> +                                 virDomainNetGetActualDirectVirtPortProfile(net),
> +                                 driver->stateDir));
> +                VIR_FREE(net->ifname);
> +            }
> +        }
> +    }
> +#endif
I think you can remove this block.
> +
> +    ret = 0;
> +
> +cleanup:
> +    return ret;
> +}
> +
> +
>   /**
>    * lxcSetupInterfaces:
>    * @conn: pointer to connection
> @@ -1299,13 +1395,21 @@ static int lxcSetupInterfaces(virConnectPtr conn,
>                   goto cleanup;
>           }   break;
>
> +        case VIR_DOMAIN_NET_TYPE_DIRECT:
> +            if (lxcSetupInterfaceDirect(conn,
> +                                        def,
> +                                        def->nets[i],
> +                                        nveths,
> +                                        veths)<  0)
> +                goto cleanup;
> +            break;
> +
>           case VIR_DOMAIN_NET_TYPE_USER:
>           case VIR_DOMAIN_NET_TYPE_ETHERNET:
>           case VIR_DOMAIN_NET_TYPE_SERVER:
>           case VIR_DOMAIN_NET_TYPE_CLIENT:
>           case VIR_DOMAIN_NET_TYPE_MCAST:
>           case VIR_DOMAIN_NET_TYPE_INTERNAL:
> -        case VIR_DOMAIN_NET_TYPE_DIRECT:
>           case VIR_DOMAIN_NET_TYPE_LAST:
>               lxcError(VIR_ERR_INTERNAL_ERROR,
>                        _("Unsupported network type %s"),

ACK , but see nits above.

More information about the libvir-list mailing list