[libvirt PATCH 09/10] conf: extra validation for <portOptions isolated='yes'/>

Ján Tomko jtomko at redhat.com
Tue Feb 18 17:52:29 UTC 2020


On Sun, Feb 16, 2020 at 11:22:58PM -0500, Laine Stump wrote:
>During the hypervisor-agnostic validation of network devices, verify
>that the interface type is either "network" or "bridge", and that if
>there is any <virtualport>, that it doesn't have any type associated
>with it.
>
>This needs to be done both for the parse-time validation and for
>runtime validation (after a port has been acquired from any associated
>network), because an interface with type='network' could have an
>actual type at runtime of "hostdev" or "direct", neither of which
>support isolated='true' (yet). Likewise, if an interface is
>type='network', then at runtime a <virtualport> with a type that
>doesn't support isolated='yes' (e.g. "openvswitch", "802.1Qbh" -
>currently *none* of the available virtualport types support it)
>
>Signed-off-by: Laine Stump <laine at redhat.com>
>---
> src/conf/domain_conf.c | 56 ++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 56 insertions(+)
>
>diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>index 30b2a53b83..f8ce7d519d 100644
>--- a/src/conf/domain_conf.c
>+++ b/src/conf/domain_conf.c
>@@ -6239,6 +6239,47 @@ virDomainRedirdevDefValidate(const virDomainDef *def,
> }
>
>
>+static int
>+virDomainNetDefValidatePortOptions(const char *macstr,
>+                                   virDomainNetType type,
>+                                   const virNetDevVPortProfile *vport,
>+                                   virTristateBool isolatedPort)
>+{
>+    /*
>+     * This function can be called for either a config interface
>+     * object (NetDef) or a runtime interface object (ActualNetDef),
>+     * by calling it with either, e.g., the "type" (what is in the
>+     * config) or the "actualType" (what is determined at runtime by
>+     * acquiring a port from the network).
>+     */
>+    /*
>+     * port isolation can only be set for an interface that is
>+     * connected to a Linux host bridge (either a libvirt-managed
>+     * network, or plain type='bridge')
>+     */
>+    if (isolatedPort == VIR_TRISTATE_BOOL_YES) {
>+        if (!(type == VIR_DOMAIN_NET_TYPE_NETWORK ||
>+              type == VIR_DOMAIN_NET_TYPE_BRIDGE)) {

consider:
         if (type != VIR_DOMAIN_NET_TYPE_NETWORK &&
             type != VIR_DOMAIN_NET_TYPE_BRIDGE)

>+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
>+                           _("interface %s - <portOptions isolated='yes'/> is not supported for network interfaces with type='%s'"),

Please don't put XML snippets in the error message.
How about:
     ... - isolated ports are not supported ...

>+                           macstr, virDomainNetTypeToString(type));
>+            return -1;
>+        }
>+        /*
>+         * also not allowed for anything with <virtualport> setting
>+         * (openvswitch or 802.11Qb[gh])
>+         */
>+        if (vport && vport->virtPortType != VIR_NETDEV_VPORT_PROFILE_NONE) {
>+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
>+                           _("interface %s - <portOptions isolated='yes'/> is not supported for network interfaces with virtualport type='%s'"),
>+                           macstr, virNetDevVPortTypeToString(vport->virtPortType));

Same here.

>+            return -1;
>+        }
>+    }
>+    return 0;
>+}
>+
>+
> int
> virDomainActualNetDefValidate(const virDomainNetDef *net)
> {

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200218/70947dcb/attachment-0001.sig>


More information about the libvir-list mailing list