[libvirt PATCH 06/10] network: propagate <portOptions isolated='yes'/> between network and domain

Ján Tomko jtomko at redhat.com
Tue Feb 18 17:40:29 UTC 2020


On Sun, Feb 16, 2020 at 11:22:55PM -0500, Laine Stump wrote:
>Similar to the way that the <vlan>, <bandwidth>, and <virtualport>
>elements and the trustGuestRxFilters attribute in a <network> (or in
>the appropriate <portgroup> element of a <network> can be applied to a
>port when it is allocated for a domain's network interface, this patch
>checks for a configured value of <portOptions isolated="yes|no"/> in
>either the domain <interface> or in the network, setting isolatedPort
>in the <networkport> to the first one it finds (the setting from the
>domain's <interface> is preferred). This, in turn, is passed back to
>the domain when a port is allocated, so that the domain will use that
>setting.
>
>(One difference from <vlan>, <bandwidth>, <virtualport>, and
>trustGuestRxFilters, is that all of those can be set in a <portgroup>
>so that they can be applied only to a subset of interfaces connected
>to the network. This didn't really make sense for the isolated setting
>due to the way that it's implemented in Linux - the BR_ISOLATED flag
>will prevent traffic from passing between two ports that both have
>BR_ISOLATED set, but traffic can still go between those ports and
>other ports that *don't* have BR_ISOLATED. (It would be nice if all
>traffic from a BR_ISOLATED port could be blocked except traffic going
>to/from a designated egress port or ports, but instead the entire
>feature is implemented as a single flag. Because of this, it's really
>only useful if all the ports on a network are isolated, so setting it
>for a subset has no practical utility.)
>
>Signed-off-by: Laine Stump <laine at redhat.com>
>---
> src/conf/domain_conf.c      | 3 +++
> src/network/bridge_driver.c | 3 +++
> 2 files changed, 6 insertions(+)
>

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200218/bc16a74f/attachment-0001.sig>


More information about the libvir-list mailing list