[libvirt-users] libvirt + openvswitch, <parameters interfaceid='x'/> seems less-than-useful?

Richard Harman libvirt-users at richardharman.com
Fri May 13 13:57:22 UTC 2016


Hey folks, I'm working on setting up a Cuckoo sandbox malware lab at
home, and can't seem to get openvswitch and libvirt to work together
as-documented.  I'm not subscribed to the list, so please reply-all. 
Thanks in advance!

I've debugged this, and I think the interfaceid stuff in network XML
isn't doing much besides setting a custom interfaceid in an OpenVSwitch
table that really has no effect on the operation of OpenVSwitch.  I
think the -- set Interface vnet0 "external-ids:iface-id="{uuid here}"
command run by libvirt doesn't actually set the _uuid of a new
interface. :(  It's just for an external system (e.g. libvirt) to track
an interface *it* creates in OVS.

I've got an OVS switch, "malware0" which is my malware lab network.  I
made a "monitor0" interface, and told OVS to make that a span/mirror of
all the traffic on the malware0 switch.

I attach monitor0 to my cuckoo VM, and boot the VM.  Well, actually
libvirt REALLY wants to create the interface itself, so I have to delete
the monitor0 interface from OVS.  I boot the VM, libvirt creates the
monitor0 interface (with a different UUID) and it's not a span/mirror
port any more. :( 

I had all the ports in the cuckoo VM <parameters interfaceid='{uuid
here}'/>, but libvirt keeps deleting/creating ports and the OVS internal
UUID changes, which means any setting applied in OVS (e.g. setting a
port as a mirror) is lost during the add/delete cycle.

With my cuckoo sandbox vm up: (no bfc10d05 UUID in ports, the mirror
port UUID)

# ovs-vsctl list bridge
_uuid               : 16847994-eb75-4e71-a913-50edd8a89252
mirrors             : [bfc10d05-846e-4653-8417-27e1f648da93]
name                : "malware0"
ports               : [3931cb83-1f85-4fc8-880d-ffe299a85857,
6c6e3d97-d55b-4d55-8179-302412242664, 8eb4e13b-b5ea-4994-8e95-87d61db87ba6]

With the cuckoo vm down:  (393, 83b go away)

# ovs-vsctl list bridge
_uuid               : 16847994-eb75-4e71-a913-50edd8a89252
mirrors             : [bfc10d05-846e-4653-8417-27e1f648da93]
name                : "malware0"
ports               : [6c6e3d97-d55b-4d55-8179-302412242664]

... and lets bring up the cuckoo vm again: (only 6c6 remains)

# ovs-vsctl list bridge
_uuid               : 16847994-eb75-4e71-a913-50edd8a89252
mirrors             : [bfc10d05-846e-4653-8417-27e1f648da93]
name                : "malware0"
ports               : [1c09dd43-52d0-449b-81a2-537ddafb4966,
6c6e3d97-d55b-4d55-8179-302412242664, f90820f9-056f-47a3-bd51-c5190ad1df46]






More information about the libvirt-users mailing list