int
networkDnsmasqConfContents(virNetworkObjPtr network,
- const char *pidfile,
- char **configstr,
- dnsmasqContext *dctx,
- dnsmasqCapsPtr caps ATTRIBUTE_UNUSED)
+ const char *pidfile,
+ char **configstr,
+ dnsmasqContext *dctx,
+ dnsmasqCapsPtr caps ATTRIBUTE_UNUSED)
{
virBuffer configbuf = VIR_BUFFER_INITIALIZER;
int r, ret = -1;
/* create dnsmasq config file appropriate for this network */
virBufferAsprintf(&configbuf,
- "##WARNING: THIS IS AN AUTO-GENERATED FILE. "
- "CHANGES TO IT ARE LIKELY TO BE\n"
- "##OVERWRITTEN AND LOST. Changes to this "
- "configuration should be made using:\n"
- "## virsh net-edit %s\n"
- "## or other application using the libvirt API.\n"
- "##\n## dnsmasq conf file created by libvirt\n"
- "strict-order\n"
- "domain-needed\n",
- network->def->name);
-
- if (network->def->domain) {
+ "##WARNING: THIS IS AN AUTO-GENERATED FILE. "
+ "CHANGES TO IT ARE LIKELY TO BE\n"
+ "##OVERWRITTEN AND LOST. Changes to this "
+ "configuration should be made using:\n"
+ "## virsh net-edit %s\n"
+ "## or other application using the libvirt API.\n"
+ "##\n## dnsmasq conf file created by libvirt\n"
+ "strict-order\n"
+ "domain-needed\n",
+ network->def->name);
+
+ if (network->def->domain) {
virBufferAsprintf(&configbuf,
- "domain=%s\n"
- "expand-hosts\n",
- network->def->domain);
- }
- /* need to specify local even if no domain specified */
+ "domain=%s\n"
+ "expand-hosts\n",
+ network->def->domain);
+ }
+ /* need to specify local even if no domain specified */
virBufferAsprintf(&configbuf,
- "local=/%s/\n",
- network->def->domain ? network->def->domain : "");
+ "local=/%s/\n",
+ network->def->domain ? network->def->domain : "");
- if (pidfile)
+ if (pidfile)
virBufferAsprintf(&configbuf, "pid-file=%s\n", pidfile);
/* dnsmasq will *always* listen on localhost unless told otherwise */
* this network). This was added in response to CVE 2012-3411.
*/
virBufferAsprintf(&configbuf,
- "bind-dynamic\n"
- "interface=%s\n",
- network->def->bridge);
+ "bind-dynamic\n"
+ "interface=%s\n",
+ network->def->bridge);
} else {
virBufferAddLit(&configbuf, "bind-interfaces\n");
/*
if (!ipaddr)
goto cleanup;
+
/* also part of CVE 2012-3411 - if the host's version of
* dnsmasq doesn't have bind-dynamic, only allow listening on
* private/local IP addresses (see RFC1918/RFC3484/RFC4193)
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Publicly routable address %s is prohibited. "
- "The version of dnsmasq on this host (%d.%d) doesn't "
- "support the bind-dynamic option, which is required "
- "for safe operation on a publicly routable subnet "
- "(see CVE-2012-3411). You must either upgrade dnsmasq, "
- "or use a private/local subnet range for this network "
- "(as described in RFC1918/RFC3484/RFC4193)."), ipaddr,
- (int)version / 1000000, (int)(version % 1000000) / 1000);
+ "The version of dnsmasq on this host (%d.%d) "
+ "doesn't support the bind-dynamic option, "
+ "which is required for safe operation on a "
+ "publicly routable subnet "
+ "(see CVE-2012-3411). You must either "
+ "upgrade dnsmasq, or use a private/local "
+ "subnet range for this network "
+ "(as described in RFC1918/RFC3484/RFC4193)."),
+ ipaddr, (int)version / 1000000,
+ (int)(version % 1000000) / 1000);
goto cleanup;
}
virBufferAsprintf(&configbuf, "listen-address=%s\n", ipaddr);
*/
if (network->def->forward.type == VIR_NETWORK_FORWARD_NONE) {
virBufferAddLit(&configbuf, "dhcp-option=3\n"
- "no-resolv\n");
+ "no-resolv\n");
}
for (ii = 0; ii < dns->ntxts; ii++) {
if (virAsprintf(&record, "%s.%s.%s,%s,%s,%s,%s",
dns->srvs[ii].service,
dns->srvs[ii].protocol,
- dns->srvs[ii].domain ? dns->srvs[ii].domain : "",
- dns->srvs[ii].target ? dns->srvs[ii].target : "",
- recordPort ? recordPort : "",
- recordPriority ? recordPriority : "",
- recordWeight ? recordWeight : "") < 0) {
+ dns->srvs[ii].domain ? dns->srvs[ii].domain : "",
+ dns->srvs[ii].target ? dns->srvs[ii].target : "",
+ recordPort ? recordPort : "",
+ recordPriority ? recordPriority : "",
+ recordWeight ? recordWeight : "") < 0) {
virReportOOMError();
goto cleanup;
}
if (ipdef->nranges || ipdef->nhosts) {
if (ipv4def) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("For IPv4, multiple DHCP definitions cannot "
- "be specified."));
+ _("For IPv4, multiple DHCP definitions "
+ "cannot be specified."));
goto cleanup;
} else {
ipv4def = ipdef;
if (!DNSMASQ_DHCPv6_SUPPORT(caps)) {
unsigned long version = dnsmasqCapsGetVersion(caps);
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
- _("The version of dnsmasq on this host (%d.%d) doesn't "
- "adequately support IPv6 dhcp range or dhcp host "
- "specification. Version %d.%d or later is required."),
- (int)version / 1000000, (int)(version % 1000000) / 1000,
- DNSMASQ_DHCPv6_MAJOR_REQD, DNSMASQ_DHCPv6_MINOR_REQD);
+ _("The version of dnsmasq on this host "
+ "(%d.%d) doesn't adequately support "
+ "IPv6 dhcp range or dhcp host "
+ "specification. Version %d.%d or later "
+ "is required."),
+ (int)version / 1000000,
+ (int)(version % 1000000) / 1000,
+ DNSMASQ_DHCPv6_MAJOR_REQD,
+ DNSMASQ_DHCPv6_MINOR_REQD);
goto cleanup;
}
if (ipv6def) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("For IPv6, multiple DHCP definitions cannot "
- "be specified."));
+ _("For IPv6, multiple DHCP definitions "
+ "cannot be specified."));
goto cleanup;
} else {
ipv6def = ipdef;
if (ipv6def && ipv6SLAAC) {
VIR_WARN("For IPv6, when DHCP is specified for one address, then "
"state-full Router Advertising will occur. The additional "
- "IPv6 addresses specified require manually configured guest "
- "network to work properly since both state-full (DHCP) "
- "and state-less (SLAAC) addressing are not supported "
- "on the same network interface.");
+ "IPv6 addresses specified require manually configured guest "
+ "network to work properly since both state-full (DHCP) "
+ "and state-less (SLAAC) addressing are not supported "
+ "on the same network interface.");
}
ipdef = ipv4def ? ipv4def : ipv6def;
goto cleanup;
}
virBufferAsprintf(&configbuf, "dhcp-range=%s,%s\n",
- saddr, eaddr);
+ saddr, eaddr);
VIR_FREE(saddr);
VIR_FREE(eaddr);
nbleases += virSocketAddrGetRange(&ipdef->ranges[r].start,
}
/*
- * For static-only DHCP, i.e. with no range but at least one host element,
- * we have to add a special --dhcp-range option to enable the service in
- * dnsmasq. (this is for dhcp-hosts= support)
+ * For static-only DHCP, i.e. with no range but at least one
+ * host element, we have to add a special --dhcp-range option
+ * to enable the service in dnsmasq. (this is for dhcp-hosts=
+ * support)
*/
if (!ipdef->nranges && ipdef->nhosts) {
char *bridgeaddr = virSocketAddrFormat(&ipdef->address);
goto cleanup;
}
virBufferAsprintf(&configbuf, "dhcp-boot=%s%s%s\n",
- ipdef->bootfile, ",,", bootserver);
+ ipdef->bootfile, ",,", bootserver);
VIR_FREE(bootserver);
} else {
virBufferAsprintf(&configbuf, "dhcp-boot=%s\n", ipdef->bootfile);
/* this is done once per interface */
if (networkBuildDnsmasqHostsList(dctx, dns) < 0)
- goto cleanup;
+ goto cleanup;
/* Even if there are currently no static hosts, if we're
* listening for DHCP, we should write a 0-length hosts
* file to allow for runtime additions.
*/
if (ipv4def || ipv6def)
- virBufferAsprintf(&configbuf, "dhcp-hostsfile=%s\n",
- dctx->hostsfile->path);
+ virBufferAsprintf(&configbuf, "dhcp-hostsfile=%s\n",
+ dctx->hostsfile->path);
- /* Likewise, always create this file and put it on the commandline, to allow for
- * for runtime additions.
+ /* Likewise, always create this file and put it on the
+ * commandline, to allow for runtime additions.
*/
virBufferAsprintf(&configbuf, "addn-hosts=%s\n",
- dctx->addnhostsfile->path);
+ dctx->addnhostsfile->path);
/* Are we doing RA instead of radvd? */
if (DNSMASQ_RA_SUPPORT(caps)) {
virBufferAddLit(&configbuf, "enable-ra\n");
else {
for (ii = 0;
- (ipdef = virNetworkDefGetIpByIndex(network->def, AF_INET6, ii));
- ii++) {
+ (ipdef = virNetworkDefGetIpByIndex(network->def, AF_INET6, ii));
+ ii++) {
if (!(ipdef->nranges || ipdef->nhosts)) {
char *bridgeaddr = virSocketAddrFormat(&ipdef->address);
if (!bridgeaddr)
projects / people / liuw / libxenctrl-split / libvirt.git / commitdiff