qemu/lxc: plumb isolatedPort from config down through bridge attachment

This patch pushes the isolatedPort setting from the <interface> down
all the way to the callers of virNetDevBridgeAddPort(), and sets
BR_ISOLATED on the port (using virNetDevBridgePortSetIsolated()) after
the port has been successfully added to the bridge.

Signed-off-by: Laine Stump <laine@redhat.com>
Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
index a8bfc0aa729684d85077c134c18f761d1289e9a2..2df7b6011545c01b23619d3e5c9e6974935904ca 100644 (file)
--- a/src/bhyve/bhyve_command.c
+++ b/src/bhyve/bhyve_command.c
@@ -95,6 +95,7 @@ bhyveBuildNetArgStr(virConnectPtr conn,
                                            def->uuid, NULL, NULL, 0,
                                            virDomainNetGetActualVirtPortProfile(net),
                                            virDomainNetGetActualVlan(net),
+                                           virDomainNetGetActualPortOptionsIsolated(net),
                                            NULL, 0, NULL,
                                            VIR_NETDEV_TAP_CREATE_IFUP | VIR_NETDEV_TAP_CREATE_PERSIST) < 0) {
             goto cleanup;

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d88947c131dfccd108fb5b9058127a4dc3c1f75b..5f9f4df1bd980dccc303d6f92065898f5242b0fa 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -31232,6 +31232,7 @@ virDomainNetNotifyActualDevice(virConnectPtr conn,
                                                 &iface->mac, dom->uuid,
                                                 virDomainNetGetActualVirtPortProfile(iface),
                                                 virDomainNetGetActualVlan(iface),
+                                                virDomainNetGetActualPortOptionsIsolated(iface),
                                                 iface->mtu, NULL));
     }
 }

diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index da6df868347bd4b370db0005587f9eb30f114dc3..6851b3e3e27615663fe8d2ece0f257c2db078467 100644 (file)
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -303,6 +303,16 @@ virLXCProcessSetupInterfaceTap(virDomainDefPtr vm,
         } else {
             if (virNetDevBridgeAddPort(brname, parentVeth) < 0)
                 return NULL;
+
+            if (virDomainNetGetActualPortOptionsIsolated(net) == VIR_TRISTATE_BOOL_YES &&
+                virNetDevBridgePortSetIsolated(brname, parentVeth, true) < 0) {
+                virErrorPtr err;
+
+                virErrorPreserveLast(&err);
+                ignore_value(virNetDevBridgeRemovePort(brname, parentVeth));
+                virErrorRestore(&err);
+                return NULL;
+            }
         }
     }
 

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 0048907f6c9dc5054c1fbab56269d24424ce98d4..fbc0bea238448a352036bcbfe026eecc78911e83 100644 (file)
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2489,6 +2489,7 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
         if (virNetDevTapCreateInBridgePort(def->bridge,
                                            &macTapIfName, &def->mac,
                                            NULL, NULL, &tapfd, 1, NULL, NULL,
+                                           VIR_TRISTATE_BOOL_NO,
                                            NULL, def->mtu, NULL,
                                            VIR_NETDEV_TAP_CREATE_USE_MAC_FOR_BRIDGE |
                                            VIR_NETDEV_TAP_CREATE_IFUP |

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 6395826c69ae6ace1615e687aac3b436dc443bfd..af892255c7a6bf19eb4f69217dd1d1f85013796c 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3350,12 +3350,28 @@ qemuDomainChangeNetBridge(virDomainObjPtr vm,
     }
 
     ret = virNetDevBridgeAddPort(newbridge, olddev->ifname);
+    if (ret == 0 &&
+        virDomainNetGetActualPortOptionsIsolated(newdev) == VIR_TRISTATE_BOOL_YES) {
+
+        ret = virNetDevBridgePortSetIsolated(newbridge, olddev->ifname, true);
+        if (ret < 0) {
+            virErrorPtr err;
+
+            virErrorPreserveLast(&err);
+            ignore_value(virNetDevBridgeRemovePort(newbridge, olddev->ifname));
+            virErrorRestore(&err);
+        }
+    }
     virDomainAuditNet(vm, NULL, newdev, "attach", ret == 0);
     if (ret < 0) {
         virErrorPtr err;
 
         virErrorPreserveLast(&err);
         ret = virNetDevBridgeAddPort(oldbridge, olddev->ifname);
+        if (ret == 0 &&
+            virDomainNetGetActualPortOptionsIsolated(olddev) == VIR_TRISTATE_BOOL_YES) {
+            ignore_value(virNetDevBridgePortSetIsolated(newbridge, olddev->ifname, true));
+        }
         virDomainAuditNet(vm, NULL, olddev, "attach", ret == 0);
         virErrorRestore(&err);
         return -1;

diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
index 74d4782599987143767df387f81b4cce8fcd504a..8a01eecd831fb403584729a7461840d80194ff1b 100644 (file)
--- a/src/qemu/qemu_interface.c
+++ b/src/qemu/qemu_interface.c
@@ -568,6 +568,7 @@ qemuInterfaceBridgeConnect(virDomainDefPtr def,
                                            def->uuid, tunpath, tapfd, *tapfdSize,
                                            virDomainNetGetActualVirtPortProfile(net),
                                            virDomainNetGetActualVlan(net),
+                                           virDomainNetGetActualPortOptionsIsolated(net),
                                            net->coalesce, 0, NULL,
                                            tap_create_flags) < 0) {
             virDomainAuditNetDevice(def, net, tunpath, false);

diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index 84d91428e7e42ccd6ba0b4490c39c3294595115e..7bd30ea0f993bf9c17f1a46063400d1888cc86e9 100644 (file)
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -505,6 +505,7 @@ virNetDevTapAttachBridge(const char *tapname,
                          const unsigned char *vmuuid,
                          const virNetDevVPortProfile *virtPortProfile,
                          const virNetDevVlan *virtVlan,
+                         virTristateBool isolatedPort,
                          unsigned int mtu,
                          unsigned int *actualMTU)
 {
@@ -545,6 +546,16 @@ virNetDevTapAttachBridge(const char *tapname,
     } else {
         if (virNetDevBridgeAddPort(brname, tapname) < 0)
             return -1;
+
+        if (isolatedPort == VIR_TRISTATE_BOOL_YES &&
+            virNetDevBridgePortSetIsolated(brname, tapname, true) < 0) {
+            virErrorPtr err;
+
+            virErrorPreserveLast(&err);
+            ignore_value(virNetDevBridgeRemovePort(brname, tapname));
+            virErrorRestore(&err);
+            return -1;
+        }
     }
 
     return 0;
@@ -574,6 +585,7 @@ virNetDevTapReattachBridge(const char *tapname,
                            const unsigned char *vmuuid,
                            const virNetDevVPortProfile *virtPortProfile,
                            const virNetDevVlan *virtVlan,
+                           virTristateBool isolatedPort,
                            unsigned int mtu,
                            unsigned int *actualMTU)
 {
@@ -611,6 +623,7 @@ virNetDevTapReattachBridge(const char *tapname,
                                  macaddr, vmuuid,
                                  virtPortProfile,
                                  virtVlan,
+                                 isolatedPort,
                                  mtu, actualMTU) < 0)
         return -1;
 
@@ -660,6 +673,7 @@ int virNetDevTapCreateInBridgePort(const char *brname,
                                    size_t tapfdSize,
                                    const virNetDevVPortProfile *virtPortProfile,
                                    const virNetDevVlan *virtVlan,
+                                   virTristateBool isolatedPort,
                                    virNetDevCoalescePtr coalesce,
                                    unsigned int mtu,
                                    unsigned int *actualMTU,
@@ -697,7 +711,8 @@ int virNetDevTapCreateInBridgePort(const char *brname,
         goto error;
 
     if (virNetDevTapAttachBridge(*ifname, brname, macaddr, vmuuid,
-                                 virtPortProfile, virtVlan, mtu, actualMTU) < 0) {
+                                 virtPortProfile, virtVlan,
+                                 isolatedPort, mtu, actualMTU) < 0) {
         goto error;
     }
 

diff --git a/src/util/virnetdevtap.h b/src/util/virnetdevtap.h
index cae8e618614e8d1cf13b26bebbc9623c2ac20ec7..c6bd9285bab2bd799e66b3202d4ef049507dc0e0 100644 (file)
--- a/src/util/virnetdevtap.h
+++ b/src/util/virnetdevtap.h
@@ -65,6 +65,7 @@ virNetDevTapAttachBridge(const char *tapname,
                          const unsigned char *vmuuid,
                          const virNetDevVPortProfile *virtPortProfile,
                          const virNetDevVlan *virtVlan,
+                         virTristateBool isolatedPort,
                          unsigned int mtu,
                          unsigned int *actualMTU)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
@@ -77,6 +78,7 @@ virNetDevTapReattachBridge(const char *tapname,
                            const unsigned char *vmuuid,
                            const virNetDevVPortProfile *virtPortProfile,
                            const virNetDevVlan *virtVlan,
+                           virTristateBool isolatedPort,
                            unsigned int mtu,
                            unsigned int *actualMTU)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
@@ -91,6 +93,7 @@ int virNetDevTapCreateInBridgePort(const char *brname,
                                    size_t tapfdSize,
                                    const virNetDevVPortProfile *virtPortProfile,
                                    const virNetDevVlan *virtVlan,
+                                   virTristateBool isolatedPort,
                                    virNetDevCoalescePtr coalesce,
                                    unsigned int mtu,
                                    unsigned int *actualMTU,

diff --git a/tests/bhyvexml2argvmock.c b/tests/bhyvexml2argvmock.c
index 2a552f9f4706b25ba6c1a29de5ded27295f06e9e..25b97f5e04b8dc38e0e21888b8117f638a4e6272 100644 (file)
--- a/tests/bhyvexml2argvmock.c
+++ b/tests/bhyvexml2argvmock.c
@@ -28,6 +28,7 @@ int virNetDevTapCreateInBridgePort(const char *brname G_GNUC_UNUSED,
                                    size_t tapfdSize G_GNUC_UNUSED,
                                    const virNetDevVPortProfile *virtPortProfile G_GNUC_UNUSED,
                                    const virNetDevVlan *virtVlan G_GNUC_UNUSED,
+                                   virTristateBool isolatedPort G_GNUC_UNUSED,
                                    virNetDevCoalescePtr coalesce G_GNUC_UNUSED,
                                    unsigned int mtu G_GNUC_UNUSED,
                                    unsigned int *actualMTU G_GNUC_UNUSED,