[PATCH] * src/drv_initscripts.c (bridge_physdevs): handle empty iptables file
by David Lutterkort
From: David Lutterkort <lutter(a)redhat.com>
The logic for writing the content for an empty/nonexistent iptables file
was there already, but the detection of whether we had a preexisting or
empty iptables file was broken.
Fixes BZ 582905
---
src/drv_initscripts.c | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/drv_initscripts.c b/src/drv_initscripts.c
index ceba52c..6a1453a 100644
--- a/src/drv_initscripts.c
+++ b/src/drv_initscripts.c
@@ -432,12 +432,11 @@ static void bridge_physdevs(struct netcf *ncf) {
}
if (! use_lokkit) {
- defnode(ncf, "ipt_filter", NULL, "$iptables/table[. = 'filter']");
+ int created = defnode(ncf, "ipt_filter", NULL,
+ "$iptables/table[. = 'filter']");
ERR_BAIL(ncf);
- nmatches = aug_match(aug, "$ipt_filter", NULL);
- ERR_COND_BAIL(nmatches < 0, ncf, EOTHER);
- if (nmatches == 0) {
+ if (created) {
r = aug_set(aug, "$ipt_filter", "filter");
ERR_COND_BAIL(r < 0, ncf, EOTHER);
r = aug_set(aug, "$ipt_filter/chain[1]", "INPUT");
--
1.6.6.1
13 years, 9 months
[PATCH] rng: Don't fail validation if child interfaces have extraneous info
by Cole Robinson
Currently, child interfaces for bonds and bridges are expected to be
specified in a slimmed down 'bare' style, only supplying the required
information like name, MAC, etc. This makes the lives of API users
difficult for a couple reasons:
1) The existing interface XML can not be reused wholesale as a child
interface, it must be processed to remove unneeded information (which
netcf already does during the XSL transform).
2) Any future changes to the allowed values in the 'bare' definition will
require applications to be updated.
This patch changes the RNG to optionally accept unneeded interface
XML for child interfaces, and a few test files to validate the changes.
XSL stylesheets seem to already handle the hard work for us of ignoring
the pieces it does not need.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
data/xml/interface.rng | 30 +++++++++++++++++++++++++
tests/initscripts/bridge-nonbare.xml | 40 ++++++++++++++++++++++++++++++++++
tests/interface/bridge-nonbare.xml | 40 ++++++++++++++++++++++++++++++++++
tests/test-initscripts.c | 15 +++++++++++-
4 files changed, 123 insertions(+), 2 deletions(-)
create mode 100644 tests/initscripts/bridge-nonbare.xml
create mode 100644 tests/interface/bridge-nonbare.xml
diff --git a/data/xml/interface.rng b/data/xml/interface.rng
index 80d686e..aabfc77 100644
--- a/data/xml/interface.rng
+++ b/data/xml/interface.rng
@@ -45,10 +45,20 @@
<!-- Ethernet adapter without IP addressing, e.g. for a bridge -->
<define name="bare-ethernet-interface">
<element name="interface">
+ <optional>
+ <ref name="startmode"/>
+ </optional>
<ref name="basic-ethernet-content"/>
+ <optional>
+ <ref name="mtu"/>
+ </optional>
+ <optional>
+ <ref name="interface-addressing"/>
+ </optional>
</element>
</define>
+ <!-- Any change here must update bare-ethernet-interface accordingly -->
<define name="ethernet-interface">
<element name="interface">
<ref name="startmode"/>
@@ -83,10 +93,20 @@
<define name="bare-vlan-interface">
<element name="interface">
<ref name="vlan-interface-common"/>
+ <optional>
+ <ref name="startmode"/>
+ </optional>
+ <optional>
+ <ref name="mtu"/>
+ </optional>
+ <optional>
+ <ref name="interface-addressing"/>
+ </optional>
<ref name="vlan-device"/>
</element>
</define>
+ <!-- Any change here must update bare-vlan-interface accordingly -->
<define name="vlan-interface">
<element name="interface">
<ref name="vlan-interface-common"/>
@@ -227,10 +247,20 @@
<define name="bare-bond-interface">
<element name="interface">
<ref name="bond-interface-common"/>
+ <optional>
+ <ref name="startmode"/>
+ </optional>
+ <optional>
+ <ref name="mtu"/>
+ </optional>
+ <optional>
+ <ref name="interface-addressing"/>
+ </optional>
<ref name="bond-element"/>
</element>
</define>
+ <!-- Any change here must update bare-bond-interface accordingly -->
<define name="bond-interface">
<element name="interface">
<ref name="bond-interface-common"/>
diff --git a/tests/initscripts/bridge-nonbare.xml b/tests/initscripts/bridge-nonbare.xml
new file mode 100644
index 0000000..67bb89c
--- /dev/null
+++ b/tests/initscripts/bridge-nonbare.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<forest>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-br0">
+ <node label="DEVICE" value="br0"/>
+ <node label="ONBOOT" value="yes"/>
+ <node label="TYPE" value="Bridge"/>
+ <node label="BOOTPROTO" value="dhcp"/>
+ <node label="STP" value="off"/>
+ </tree>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-eth0.42">
+ <node label="DEVICE" value="eth0.42"/>
+ <node label="VLAN" value="yes"/>
+ <node label="ONBOOT" value="yes"/>
+ <node label="BRIDGE" value="br0"/>
+ </tree>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-bond0">
+ <node label="DEVICE" value="bond0"/>
+ <node label="ONBOOT" value="yes"/>
+ <node label="BONDING_OPTS" value="'mode=active-backup primary=bondeth0 miimon=100 updelay=10 use_carrier=0'"/>
+ <node label="BRIDGE" value="br0"/>
+ </tree>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-bondeth0">
+ <node label="DEVICE" value="bondeth0"/>
+ <node label="ONBOOT" value="yes"/>
+ <node label="MASTER" value="bond0"/>
+ <node label="SLAVE" value="yes"/>
+ </tree>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-bondeth1">
+ <node label="DEVICE" value="bondeth1"/>
+ <node label="ONBOOT" value="yes"/>
+ <node label="MASTER" value="bond0"/>
+ <node label="SLAVE" value="yes"/>
+ </tree>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-eth0">
+ <node label="DEVICE" value="eth0"/>
+ <node label="HWADDR" value="aa:bb:cc:dd:ee:ff"/>
+ <node label="ONBOOT" value="yes"/>
+ <node label="BRIDGE" value="br0"/>
+ </tree>
+</forest>
diff --git a/tests/interface/bridge-nonbare.xml b/tests/interface/bridge-nonbare.xml
new file mode 100644
index 0000000..8029b34
--- /dev/null
+++ b/tests/interface/bridge-nonbare.xml
@@ -0,0 +1,40 @@
+<interface type="bridge" name="br0">
+ <start mode="onboot"/>
+ <protocol family="ipv4">
+ <dhcp/>
+ </protocol>
+ <bridge stp="off">
+ <interface type="vlan" name="eth0.42">
+ <start mode="onboot"/>
+ <protocol family="ipv4">
+ <dhcp peerdns="no"/>
+ </protocol>
+ <vlan tag="42">
+ <interface name="eth0"/>
+ </vlan>
+ </interface>
+
+ <interface type="bond" name="bond0">
+ <start mode="none"/>
+ <protocol family="ipv4">
+ <ip address="192.168.50.7" prefix="24"/>
+ <route gateway="192.168.50.1"/>
+ </protocol>
+ <bond mode="active-backup">
+ <miimon freq="100" updelay="10" carrier="ioctl"/>
+ <interface type="ethernet" name="bondeth0"/>
+ <interface type="ethernet" name="bondeth1"/>
+ </bond>
+ </interface>
+
+ <interface type="ethernet" name="eth0">
+ <start mode="none"/>
+ <mac address="aa:bb:cc:dd:ee:ff"/>
+ <mtu size="1492"/>
+ <protocol family="ipv4">
+ <dhcp peerdns="no"/>
+ </protocol>
+ </interface>
+
+ </bridge>
+</interface>
diff --git a/tests/test-initscripts.c b/tests/test-initscripts.c
index 404ec0a..e557b82 100644
--- a/tests/test-initscripts.c
+++ b/tests/test-initscripts.c
@@ -144,7 +144,8 @@ static void testDefineUndefine(CuTest *tc) {
CuAssertPtrEquals(tc, NULL, nif);
}
-static void assert_transforms(CuTest *tc, const char *base) {
+static void assert_transforms_flags(CuTest *tc, const char *base,
+ unsigned int skip_ncf) {
char *aug_fname = NULL, *ncf_fname = NULL;
char *aug_xml_exp = NULL, *ncf_xml_exp = NULL;
char *aug_xml_act = NULL, *ncf_xml_act = NULL;
@@ -162,7 +163,9 @@ static void assert_transforms(CuTest *tc, const char *base) {
r = ncf_put_aug(ncf, aug_xml_exp, &ncf_xml_act);
CuAssertIntEquals(tc, 0, r);
- assert_xml_equals(tc, ncf_fname, ncf_xml_exp, ncf_xml_act);
+ if (!skip_ncf) {
+ assert_xml_equals(tc, ncf_fname, ncf_xml_exp, ncf_xml_act);
+ }
assert_xml_equals(tc, aug_fname, aug_xml_exp, aug_xml_act);
free(ncf_xml_exp);
@@ -171,6 +174,10 @@ static void assert_transforms(CuTest *tc, const char *base) {
free(aug_xml_act);
}
+static void assert_transforms(CuTest *tc, const char *base) {
+ assert_transforms_flags(tc, base, 0);
+}
+
static void testTransforms(CuTest *tc) {
assert_transforms(tc, "bond");
assert_transforms(tc, "bond-arp");
@@ -191,6 +198,10 @@ static void testTransforms(CuTest *tc) {
assert_transforms(tc, "ipv6-autoconf");
assert_transforms(tc, "ipv6-autoconf-dhcp");
assert_transforms(tc, "ipv6-static-multi");
+
+ /* This test discards unneeded XML elements, so netcf roundtrip won't
+ * match. Skip the netcf check */
+ assert_transforms_flags(tc, "bridge-nonbare", 1);
}
static void testCorruptedSetup(CuTest *tc) {
--
1.6.6.1
13 years, 9 months
Fwd: network interface management in bridge firewall configuration
by Aleksander Trofimowicz
forwarded as this is a subscriber-only mailing list apparently
---------- Forwarded message ----------
From: Aleksander Trofimowicz <aatrof(a)gmail.com>
To: netcf-devel@lists.fedorahosted.org
Date: Thu, 17 Jun 2010 17:01:20 +0200
Subject: network interface management in bridge firewall configuration
Hello,
I'm just wondering why I can't manage my network interfaces through
libvirt when the following kernel parameters are turned on:
net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-arptables
Is it a bug or by design? If the latter, could someone explain me
premises of such decision? I'm aware of security implications of
mixing conntrack and bridge bits, so we can skip that point.
This behaviour is noticeable when using:
libvirt-0.8.1-1.fc13.x86_64
netcf-libs-0.1.6-1.fc13.x86_64
--
thanks,
aleksander trofimowicz
13 years, 10 months
[PATCH] rng: bond: Make miimon/arpmon optional
by Cole Robinson
Initscripts have defaults for these values, so if mii or arp isn't
explicitly specified, just defer to system defaults.
Add test files for implicit bonding defaults.
Caveat: I haven't actually tested that this works since I have never really
dealt with bonding.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
data/xml/interface.rng | 77 ++++++++++++++++++-----------------
tests/initscripts/bond-defaults.xml | 28 +++++++++++++
tests/interface/bond-defaults.xml | 11 +++++
tests/test-initscripts.c | 1 +
4 files changed, 80 insertions(+), 37 deletions(-)
create mode 100644 tests/initscripts/bond-defaults.xml
create mode 100644 tests/interface/bond-defaults.xml
diff --git a/data/xml/interface.rng b/data/xml/interface.rng
index a0df9ba..80d686e 100644
--- a/data/xml/interface.rng
+++ b/data/xml/interface.rng
@@ -177,43 +177,46 @@
xmit_hash_policy (since 2.6.3/3.2.2)
-->
- <choice>
- <element name="miimon">
- <!-- miimon frequency in ms -->
- <attribute name="freq"><ref name="uint"/></attribute>
- <optional>
- <attribute name="downdelay"><ref name="uint"/></attribute>
- </optional>
- <optional>
- <attribute name="updelay"><ref name="uint"/></attribute>
- </optional>
- <optional>
- <!-- use_carrier -->
- <attribute name="carrier">
- <choice>
- <!-- use MII/ETHTOOL ioctl -->
- <value>ioctl</value>
- <!-- use netif_carrier_ok() -->
- <value>netif</value>
- </choice>
- </attribute>
- </optional>
- </element>
- <element name="arpmon">
- <attribute name="interval"><ref name="uint"/></attribute>
- <attribute name="target"><ref name="ipv4-addr"/></attribute>
- <optional>
- <attribute name="validate">
- <choice>
- <value>none</value>
- <value>active</value>
- <value>backup</value>
- <value>all</value>
- </choice>
- </attribute>
- </optional>
- </element>
- </choice>
+ <optional>
+ <choice>
+ <element name="miimon">
+ <!-- miimon frequency in ms -->
+ <attribute name="freq"><ref name="uint"/></attribute>
+ <optional>
+ <attribute name="downdelay"><ref name="uint"/></attribute>
+ </optional>
+ <optional>
+ <attribute name="updelay"><ref name="uint"/></attribute>
+ </optional>
+ <optional>
+ <!-- use_carrier -->
+ <attribute name="carrier">
+ <choice>
+ <!-- use MII/ETHTOOL ioctl -->
+ <value>ioctl</value>
+ <!-- use netif_carrier_ok() -->
+ <value>netif</value>
+ </choice>
+ </attribute>
+ </optional>
+ </element>
+ <element name="arpmon">
+ <attribute name="interval"><ref name="uint"/></attribute>
+ <attribute name="target"><ref name="ipv4-addr"/></attribute>
+ <optional>
+ <attribute name="validate">
+ <choice>
+ <value>none</value>
+ <value>active</value>
+ <value>backup</value>
+ <value>all</value>
+ </choice>
+ </attribute>
+ </optional>
+ </element>
+ </choice>
+ </optional>
+
<oneOrMore>
<!-- The slave interfaces -->
<ref name="bare-ethernet-interface"/>
diff --git a/tests/initscripts/bond-defaults.xml b/tests/initscripts/bond-defaults.xml
new file mode 100644
index 0000000..3e92d19
--- /dev/null
+++ b/tests/initscripts/bond-defaults.xml
@@ -0,0 +1,28 @@
+<!-- A sketch of how the ethernet-static.xml example would be
+ turned into actual files.
+
+ The XML notation is close to what would turn up in a Augeas tree -->
+
+<forest>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-bond0">
+ <node label="DEVICE" value="bond0"/>
+ <node label="ONBOOT" value="no"/>
+ <node label="BOOTPROTO" value="none"/>
+ <node label="IPADDR" value="192.168.50.7"/>
+ <node label="NETMASK" value="255.255.255.0"/>
+ <node label="GATEWAY" value="192.168.50.1"/>
+ <node label="BONDING_OPTS" value="''"/>
+ </tree>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-eth1">
+ <node label="DEVICE" value="eth1"/>
+ <node label="ONBOOT" value="no"/>
+ <node label="MASTER" value="bond0"/>
+ <node label="SLAVE" value="yes"/>
+ </tree>
+ <tree path="/files/etc/sysconfig/network-scripts/ifcfg-eth0">
+ <node label="DEVICE" value="eth0"/>
+ <node label="ONBOOT" value="no"/>
+ <node label="MASTER" value="bond0"/>
+ <node label="SLAVE" value="yes"/>
+ </tree>
+</forest>
diff --git a/tests/interface/bond-defaults.xml b/tests/interface/bond-defaults.xml
new file mode 100644
index 0000000..38224c4
--- /dev/null
+++ b/tests/interface/bond-defaults.xml
@@ -0,0 +1,11 @@
+<interface type="bond" name="bond0">
+ <start mode="none"/>
+ <protocol family="ipv4">
+ <ip address="192.168.50.7" prefix="24"/>
+ <route gateway="192.168.50.1"/>
+ </protocol>
+ <bond>
+ <interface type="ethernet" name="eth1"/>
+ <interface type="ethernet" name="eth0"/>
+ </bond>
+</interface>
diff --git a/tests/test-initscripts.c b/tests/test-initscripts.c
index 329bf19..404ec0a 100644
--- a/tests/test-initscripts.c
+++ b/tests/test-initscripts.c
@@ -174,6 +174,7 @@ static void assert_transforms(CuTest *tc, const char *base) {
static void testTransforms(CuTest *tc) {
assert_transforms(tc, "bond");
assert_transforms(tc, "bond-arp");
+ assert_transforms(tc, "bond-defaults");
assert_transforms(tc, "bridge");
assert_transforms(tc, "bridge-no-address");
assert_transforms(tc, "bridge-vlan");
--
1.6.6.1
13 years, 10 months
[PATCH] Only build datadir.h after configure is run
by Cole Robinson
Force building this file breaks make && sudo make install with NFS and
root squash.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/Makefile.am | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 4c6b734..9d8a3d7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -54,10 +54,7 @@ netcf.syms: netcf_public.syms netcf_private.syms
# Generate datadir.h. That's where we look for stylesheets
internal.h: datadir.h
-FORCE-datadir.h: Makefile
- echo '#define DATADIR "$(datadir)"' > datadir.h1
- $(top_srcdir)/build/aux/move-if-change datadir.h1 datadir.h
-
-datadir.h: FORCE-datadir.h
+datadir.h: $(top_builddir)/config.status
+ echo '#define DATADIR "$(datadir)"' > datadir.h
DISTCLEANFILES += $(BUILT_SOURCES)
--
1.6.6.1
13 years, 10 months
