2009-10-22 18:49:07 +02:00
|
|
|
/*
|
|
|
|
* QEMU System Emulator
|
|
|
|
*
|
|
|
|
* Copyright (c) 2003-2008 Fabrice Bellard
|
|
|
|
* Copyright (c) 2009 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
2016-01-29 18:50:00 +01:00
|
|
|
#include "qemu/osdep.h"
|
2012-10-24 08:43:34 +02:00
|
|
|
#include "tap_int.h"
|
2009-10-22 18:49:07 +02:00
|
|
|
|
|
|
|
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
#include <sys/wait.h>
|
2009-10-30 22:27:00 +01:00
|
|
|
#include <sys/socket.h>
|
2009-10-22 18:49:07 +02:00
|
|
|
#include <net/if.h>
|
|
|
|
|
2012-10-24 08:43:34 +02:00
|
|
|
#include "net/net.h"
|
2012-09-17 18:43:51 +02:00
|
|
|
#include "clients.h"
|
2012-12-17 18:19:49 +01:00
|
|
|
#include "monitor/monitor.h"
|
2012-12-17 18:20:04 +01:00
|
|
|
#include "sysemu/sysemu.h"
|
2009-10-22 18:49:07 +02:00
|
|
|
#include "qemu-common.h"
|
2012-12-17 18:20:00 +01:00
|
|
|
#include "qemu/error-report.h"
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2012-10-24 08:43:34 +02:00
|
|
|
#include "net/tap.h"
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2013-02-05 17:06:20 +01:00
|
|
|
#include "net/vhost_net.h"
|
2010-03-17 12:08:24 +01:00
|
|
|
|
2009-10-22 18:49:07 +02:00
|
|
|
typedef struct TAPState {
|
2012-07-24 17:35:13 +02:00
|
|
|
NetClientState nc;
|
2009-10-22 18:49:07 +02:00
|
|
|
int fd;
|
|
|
|
char down_script[1024];
|
|
|
|
char down_script_arg[128];
|
2013-03-18 19:43:44 +01:00
|
|
|
uint8_t buf[NET_BUFSIZE];
|
2013-01-30 12:12:20 +01:00
|
|
|
bool read_poll;
|
|
|
|
bool write_poll;
|
|
|
|
bool using_vnet_hdr;
|
|
|
|
bool has_ufo;
|
2013-01-30 12:12:32 +01:00
|
|
|
bool enabled;
|
2010-03-17 12:08:24 +01:00
|
|
|
VHostNetState *vhost_net;
|
2010-07-13 16:55:31 +02:00
|
|
|
unsigned host_vnet_hdr_len;
|
2009-10-22 18:49:07 +02:00
|
|
|
} TAPState;
|
|
|
|
|
2015-05-15 13:58:57 +02:00
|
|
|
static void launch_script(const char *setup_script, const char *ifname,
|
|
|
|
int fd, Error **errp);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
|
|
|
static void tap_send(void *opaque);
|
|
|
|
static void tap_writable(void *opaque);
|
|
|
|
|
|
|
|
static void tap_update_fd_handler(TAPState *s)
|
|
|
|
{
|
Change qemu_set_fd_handler2(..., NULL, ...) to qemu_set_fd_handler
Done with following Coccinelle semantic patch, plus manual cosmetic changes in
net/*.c.
@@
expression E1, E2, E3, E4;
@@
- qemu_set_fd_handler2(E1, NULL, E2, E3, E4);
+ qemu_set_fd_handler(E1, E2, E3, E4);
Signed-off-by: Fam Zheng <famz@redhat.com>
Message-id: 1433400324-7358-8-git-send-email-famz@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-06-04 08:45:18 +02:00
|
|
|
qemu_set_fd_handler(s->fd,
|
|
|
|
s->read_poll && s->enabled ? tap_send : NULL,
|
|
|
|
s->write_poll && s->enabled ? tap_writable : NULL,
|
|
|
|
s);
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
2013-01-30 12:12:20 +01:00
|
|
|
static void tap_read_poll(TAPState *s, bool enable)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2013-01-30 12:12:20 +01:00
|
|
|
s->read_poll = enable;
|
2009-10-22 18:49:07 +02:00
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
|
2013-01-30 12:12:20 +01:00
|
|
|
static void tap_write_poll(TAPState *s, bool enable)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2013-01-30 12:12:20 +01:00
|
|
|
s->write_poll = enable;
|
2009-10-22 18:49:07 +02:00
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void tap_writable(void *opaque)
|
|
|
|
{
|
|
|
|
TAPState *s = opaque;
|
|
|
|
|
2013-01-30 12:12:20 +01:00
|
|
|
tap_write_poll(s, false);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2009-11-25 19:49:04 +01:00
|
|
|
qemu_flush_queued_packets(&s->nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t tap_write_packet(TAPState *s, const struct iovec *iov, int iovcnt)
|
|
|
|
{
|
|
|
|
ssize_t len;
|
|
|
|
|
|
|
|
do {
|
|
|
|
len = writev(s->fd, iov, iovcnt);
|
|
|
|
} while (len == -1 && errno == EINTR);
|
|
|
|
|
|
|
|
if (len == -1 && errno == EAGAIN) {
|
2013-01-30 12:12:20 +01:00
|
|
|
tap_write_poll(s, true);
|
2009-10-22 18:49:07 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
static ssize_t tap_receive_iov(NetClientState *nc, const struct iovec *iov,
|
2009-10-22 18:49:07 +02:00
|
|
|
int iovcnt)
|
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
const struct iovec *iovp = iov;
|
|
|
|
struct iovec iov_copy[iovcnt + 1];
|
2010-07-13 16:55:31 +02:00
|
|
|
struct virtio_net_hdr_mrg_rxbuf hdr = { };
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2010-07-13 16:55:31 +02:00
|
|
|
if (s->host_vnet_hdr_len && !s->using_vnet_hdr) {
|
2009-10-22 18:49:07 +02:00
|
|
|
iov_copy[0].iov_base = &hdr;
|
2010-07-13 16:55:31 +02:00
|
|
|
iov_copy[0].iov_len = s->host_vnet_hdr_len;
|
2009-10-22 18:49:07 +02:00
|
|
|
memcpy(&iov_copy[1], iov, iovcnt * sizeof(*iov));
|
|
|
|
iovp = iov_copy;
|
|
|
|
iovcnt++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return tap_write_packet(s, iovp, iovcnt);
|
|
|
|
}
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
static ssize_t tap_receive_raw(NetClientState *nc, const uint8_t *buf, size_t size)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
struct iovec iov[2];
|
|
|
|
int iovcnt = 0;
|
2010-07-13 16:55:31 +02:00
|
|
|
struct virtio_net_hdr_mrg_rxbuf hdr = { };
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2010-07-13 16:55:31 +02:00
|
|
|
if (s->host_vnet_hdr_len) {
|
2009-10-22 18:49:07 +02:00
|
|
|
iov[iovcnt].iov_base = &hdr;
|
2010-07-13 16:55:31 +02:00
|
|
|
iov[iovcnt].iov_len = s->host_vnet_hdr_len;
|
2009-10-22 18:49:07 +02:00
|
|
|
iovcnt++;
|
|
|
|
}
|
|
|
|
|
|
|
|
iov[iovcnt].iov_base = (char *)buf;
|
|
|
|
iov[iovcnt].iov_len = size;
|
|
|
|
iovcnt++;
|
|
|
|
|
|
|
|
return tap_write_packet(s, iov, iovcnt);
|
|
|
|
}
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
static ssize_t tap_receive(NetClientState *nc, const uint8_t *buf, size_t size)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
struct iovec iov[1];
|
|
|
|
|
2010-07-13 16:55:31 +02:00
|
|
|
if (s->host_vnet_hdr_len && !s->using_vnet_hdr) {
|
2009-11-25 19:49:04 +01:00
|
|
|
return tap_receive_raw(nc, buf, size);
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
iov[0].iov_base = (char *)buf;
|
|
|
|
iov[0].iov_len = size;
|
|
|
|
|
|
|
|
return tap_write_packet(s, iov, 1);
|
|
|
|
}
|
|
|
|
|
2009-10-22 18:49:09 +02:00
|
|
|
#ifndef __sun__
|
|
|
|
ssize_t tap_read_packet(int tapfd, uint8_t *buf, int maxlen)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
|
|
|
return read(tapfd, buf, maxlen);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
static void tap_send_completed(NetClientState *nc, ssize_t len)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2013-01-30 12:12:20 +01:00
|
|
|
tap_read_poll(s, true);
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void tap_send(void *opaque)
|
|
|
|
{
|
|
|
|
TAPState *s = opaque;
|
|
|
|
int size;
|
2014-07-18 11:33:42 +02:00
|
|
|
int packets = 0;
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2015-06-04 08:45:17 +02:00
|
|
|
while (true) {
|
2009-10-27 19:16:39 +01:00
|
|
|
uint8_t *buf = s->buf;
|
|
|
|
|
|
|
|
size = tap_read_packet(s->fd, s->buf, sizeof(s->buf));
|
|
|
|
if (size <= 0) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2010-07-13 16:55:31 +02:00
|
|
|
if (s->host_vnet_hdr_len && !s->using_vnet_hdr) {
|
|
|
|
buf += s->host_vnet_hdr_len;
|
|
|
|
size -= s->host_vnet_hdr_len;
|
2009-10-27 19:16:39 +01:00
|
|
|
}
|
|
|
|
|
2009-11-25 19:49:04 +01:00
|
|
|
size = qemu_send_packet_async(&s->nc, buf, size, tap_send_completed);
|
2009-10-27 19:16:39 +01:00
|
|
|
if (size == 0) {
|
2013-01-30 12:12:20 +01:00
|
|
|
tap_read_poll(s, false);
|
2014-03-08 16:00:43 +01:00
|
|
|
break;
|
|
|
|
} else if (size < 0) {
|
|
|
|
break;
|
2009-10-27 19:16:39 +01:00
|
|
|
}
|
2014-07-18 11:33:42 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* When the host keeps receiving more packets while tap_send() is
|
|
|
|
* running we can hog the QEMU global mutex. Limit the number of
|
|
|
|
* packets that are processed per tap_send() callback to prevent
|
|
|
|
* stalling the guest.
|
|
|
|
*/
|
|
|
|
packets++;
|
|
|
|
if (packets >= 50) {
|
|
|
|
break;
|
|
|
|
}
|
2014-03-08 16:00:43 +01:00
|
|
|
}
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
2014-02-06 17:02:19 +01:00
|
|
|
static bool tap_has_ufo(NetClientState *nc)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2012-07-17 16:17:12 +02:00
|
|
|
assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
|
|
|
return s->has_ufo;
|
|
|
|
}
|
|
|
|
|
2014-02-06 17:02:19 +01:00
|
|
|
static bool tap_has_vnet_hdr(NetClientState *nc)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2012-07-17 16:17:12 +02:00
|
|
|
assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2010-07-13 16:55:31 +02:00
|
|
|
return !!s->host_vnet_hdr_len;
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
2014-02-06 17:02:19 +01:00
|
|
|
static bool tap_has_vnet_hdr_len(NetClientState *nc, int len)
|
2010-07-16 10:16:06 +02:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
2012-07-17 16:17:12 +02:00
|
|
|
assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
2010-07-16 10:16:06 +02:00
|
|
|
|
2014-02-06 17:02:15 +01:00
|
|
|
return !!tap_probe_vnet_hdr_len(s->fd, len);
|
2010-07-16 10:16:06 +02:00
|
|
|
}
|
|
|
|
|
2014-02-06 17:02:19 +01:00
|
|
|
static void tap_set_vnet_hdr_len(NetClientState *nc, int len)
|
2010-07-16 10:16:06 +02:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
2012-07-17 16:17:12 +02:00
|
|
|
assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
2010-07-16 10:16:06 +02:00
|
|
|
assert(len == sizeof(struct virtio_net_hdr_mrg_rxbuf) ||
|
|
|
|
len == sizeof(struct virtio_net_hdr));
|
|
|
|
|
|
|
|
tap_fd_set_vnet_hdr_len(s->fd, len);
|
|
|
|
s->host_vnet_hdr_len = len;
|
|
|
|
}
|
|
|
|
|
2014-02-06 17:02:19 +01:00
|
|
|
static void tap_using_vnet_hdr(NetClientState *nc, bool using_vnet_hdr)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2012-07-17 16:17:12 +02:00
|
|
|
assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
2010-07-13 16:55:31 +02:00
|
|
|
assert(!!s->host_vnet_hdr_len == using_vnet_hdr);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
|
|
|
s->using_vnet_hdr = using_vnet_hdr;
|
|
|
|
}
|
|
|
|
|
2015-06-17 15:23:44 +02:00
|
|
|
static int tap_set_vnet_le(NetClientState *nc, bool is_le)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
|
|
|
return tap_fd_set_vnet_le(s->fd, is_le);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tap_set_vnet_be(NetClientState *nc, bool is_be)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
|
|
|
return tap_fd_set_vnet_be(s->fd, is_be);
|
|
|
|
}
|
|
|
|
|
2014-02-06 17:02:19 +01:00
|
|
|
static void tap_set_offload(NetClientState *nc, int csum, int tso4,
|
2009-10-22 18:49:07 +02:00
|
|
|
int tso6, int ecn, int ufo)
|
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2010-10-31 18:06:47 +01:00
|
|
|
if (s->fd < 0) {
|
|
|
|
return;
|
|
|
|
}
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2010-10-31 18:06:47 +01:00
|
|
|
tap_fd_set_offload(s->fd, csum, tso4, tso6, ecn, ufo);
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
static void tap_cleanup(NetClientState *nc)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2009-11-25 19:49:04 +01:00
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2015-05-15 13:58:57 +02:00
|
|
|
Error *err = NULL;
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2010-03-17 12:08:24 +01:00
|
|
|
if (s->vhost_net) {
|
|
|
|
vhost_net_cleanup(s->vhost_net);
|
2010-10-27 20:03:43 +02:00
|
|
|
s->vhost_net = NULL;
|
2010-03-17 12:08:24 +01:00
|
|
|
}
|
|
|
|
|
2009-11-25 19:49:04 +01:00
|
|
|
qemu_purge_queued_packets(nc);
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2015-05-15 13:58:57 +02:00
|
|
|
if (s->down_script[0]) {
|
|
|
|
launch_script(s->down_script, s->down_script_arg, s->fd, &err);
|
|
|
|
if (err) {
|
|
|
|
error_report_err(err);
|
|
|
|
}
|
|
|
|
}
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2013-01-30 12:12:20 +01:00
|
|
|
tap_read_poll(s, false);
|
|
|
|
tap_write_poll(s, false);
|
2009-10-22 18:49:07 +02:00
|
|
|
close(s->fd);
|
2010-10-31 18:06:47 +01:00
|
|
|
s->fd = -1;
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
static void tap_poll(NetClientState *nc, bool enable)
|
2009-12-24 13:46:29 +01:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
tap_read_poll(s, enable);
|
|
|
|
tap_write_poll(s, enable);
|
|
|
|
}
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
int tap_get_fd(NetClientState *nc)
|
2010-03-17 12:07:50 +01:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2012-07-17 16:17:12 +02:00
|
|
|
assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
2010-03-17 12:07:50 +01:00
|
|
|
return s->fd;
|
|
|
|
}
|
|
|
|
|
2009-10-22 18:49:07 +02:00
|
|
|
/* fd support */
|
|
|
|
|
2009-11-25 19:49:04 +01:00
|
|
|
static NetClientInfo net_tap_info = {
|
2012-07-17 16:17:12 +02:00
|
|
|
.type = NET_CLIENT_OPTIONS_KIND_TAP,
|
2009-11-25 19:49:04 +01:00
|
|
|
.size = sizeof(TAPState),
|
|
|
|
.receive = tap_receive,
|
|
|
|
.receive_raw = tap_receive_raw,
|
|
|
|
.receive_iov = tap_receive_iov,
|
2009-12-24 13:46:29 +01:00
|
|
|
.poll = tap_poll,
|
2009-11-25 19:49:04 +01:00
|
|
|
.cleanup = tap_cleanup,
|
2014-02-06 17:02:17 +01:00
|
|
|
.has_ufo = tap_has_ufo,
|
|
|
|
.has_vnet_hdr = tap_has_vnet_hdr,
|
|
|
|
.has_vnet_hdr_len = tap_has_vnet_hdr_len,
|
|
|
|
.using_vnet_hdr = tap_using_vnet_hdr,
|
|
|
|
.set_offload = tap_set_offload,
|
|
|
|
.set_vnet_hdr_len = tap_set_vnet_hdr_len,
|
2015-06-17 15:23:44 +02:00
|
|
|
.set_vnet_le = tap_set_vnet_le,
|
|
|
|
.set_vnet_be = tap_set_vnet_be,
|
2009-11-25 19:49:04 +01:00
|
|
|
};
|
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
static TAPState *net_tap_fd_init(NetClientState *peer,
|
2009-10-22 18:49:07 +02:00
|
|
|
const char *model,
|
|
|
|
const char *name,
|
|
|
|
int fd,
|
|
|
|
int vnet_hdr)
|
|
|
|
{
|
2012-07-24 17:35:13 +02:00
|
|
|
NetClientState *nc;
|
2009-10-22 18:49:07 +02:00
|
|
|
TAPState *s;
|
|
|
|
|
2012-07-24 17:35:08 +02:00
|
|
|
nc = qemu_new_net_client(&net_tap_info, peer, model, name);
|
2009-11-25 19:49:04 +01:00
|
|
|
|
|
|
|
s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
|
2009-10-22 18:49:07 +02:00
|
|
|
s->fd = fd;
|
2010-07-13 16:55:31 +02:00
|
|
|
s->host_vnet_hdr_len = vnet_hdr ? sizeof(struct virtio_net_hdr) : 0;
|
2013-01-30 12:12:20 +01:00
|
|
|
s->using_vnet_hdr = false;
|
2009-10-22 18:49:16 +02:00
|
|
|
s->has_ufo = tap_probe_has_ufo(s->fd);
|
2013-01-30 12:12:32 +01:00
|
|
|
s->enabled = true;
|
2009-11-25 19:49:04 +01:00
|
|
|
tap_set_offload(&s->nc, 0, 0, 0, 0, 0);
|
2012-11-13 11:23:23 +01:00
|
|
|
/*
|
|
|
|
* Make sure host header length is set correctly in tap:
|
|
|
|
* it might have been modified by another instance of qemu.
|
|
|
|
*/
|
|
|
|
if (tap_probe_vnet_hdr_len(s->fd, s->host_vnet_hdr_len)) {
|
|
|
|
tap_fd_set_vnet_hdr_len(s->fd, s->host_vnet_hdr_len);
|
|
|
|
}
|
2013-01-30 12:12:20 +01:00
|
|
|
tap_read_poll(s, true);
|
2010-03-17 12:08:24 +01:00
|
|
|
s->vhost_net = NULL;
|
2009-10-22 18:49:07 +02:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2015-05-15 13:58:57 +02:00
|
|
|
static void launch_script(const char *setup_script, const char *ifname,
|
|
|
|
int fd, Error **errp)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
|
|
|
int pid, status;
|
|
|
|
char *args[3];
|
|
|
|
char **parg;
|
|
|
|
|
|
|
|
/* try to launch network script */
|
|
|
|
pid = fork();
|
2015-05-15 13:58:57 +02:00
|
|
|
if (pid < 0) {
|
|
|
|
error_setg_errno(errp, errno, "could not launch network script %s",
|
|
|
|
setup_script);
|
|
|
|
return;
|
|
|
|
}
|
2009-10-22 18:49:07 +02:00
|
|
|
if (pid == 0) {
|
|
|
|
int open_max = sysconf(_SC_OPEN_MAX), i;
|
|
|
|
|
2014-03-12 17:54:27 +01:00
|
|
|
for (i = 3; i < open_max; i++) {
|
|
|
|
if (i != fd) {
|
2009-10-22 18:49:07 +02:00
|
|
|
close(i);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
parg = args;
|
|
|
|
*parg++ = (char *)setup_script;
|
|
|
|
*parg++ = (char *)ifname;
|
2010-04-25 20:35:52 +02:00
|
|
|
*parg = NULL;
|
2009-10-22 18:49:07 +02:00
|
|
|
execv(setup_script, args);
|
|
|
|
_exit(1);
|
2015-05-15 13:58:57 +02:00
|
|
|
} else {
|
2009-10-22 18:49:07 +02:00
|
|
|
while (waitpid(pid, &status, 0) != pid) {
|
|
|
|
/* loop */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
|
2015-05-15 13:58:57 +02:00
|
|
|
return;
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
2015-05-15 13:58:57 +02:00
|
|
|
error_setg(errp, "network script %s failed with status %d",
|
|
|
|
setup_script, status);
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
static int recv_fd(int c)
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
uint8_t msgbuf[CMSG_SPACE(sizeof(fd))];
|
|
|
|
struct msghdr msg = {
|
|
|
|
.msg_control = msgbuf,
|
|
|
|
.msg_controllen = sizeof(msgbuf),
|
|
|
|
};
|
|
|
|
struct cmsghdr *cmsg;
|
|
|
|
struct iovec iov;
|
|
|
|
uint8_t req[1];
|
|
|
|
ssize_t len;
|
|
|
|
|
|
|
|
cmsg = CMSG_FIRSTHDR(&msg);
|
|
|
|
cmsg->cmsg_level = SOL_SOCKET;
|
|
|
|
cmsg->cmsg_type = SCM_RIGHTS;
|
|
|
|
cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
|
|
|
|
msg.msg_controllen = cmsg->cmsg_len;
|
|
|
|
|
|
|
|
iov.iov_base = req;
|
|
|
|
iov.iov_len = sizeof(req);
|
|
|
|
|
|
|
|
msg.msg_iov = &iov;
|
|
|
|
msg.msg_iovlen = 1;
|
|
|
|
|
|
|
|
len = recvmsg(c, &msg, 0);
|
|
|
|
if (len > 0) {
|
|
|
|
memcpy(&fd, CMSG_DATA(cmsg), sizeof(fd));
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
static int net_bridge_run_helper(const char *helper, const char *bridge,
|
|
|
|
Error **errp)
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
{
|
|
|
|
sigset_t oldmask, mask;
|
|
|
|
int pid, status;
|
|
|
|
char *args[5];
|
|
|
|
char **parg;
|
|
|
|
int sv[2];
|
|
|
|
|
|
|
|
sigemptyset(&mask);
|
|
|
|
sigaddset(&mask, SIGCHLD);
|
|
|
|
sigprocmask(SIG_BLOCK, &mask, &oldmask);
|
|
|
|
|
|
|
|
if (socketpair(PF_UNIX, SOCK_STREAM, 0, sv) == -1) {
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
error_setg_errno(errp, errno, "socketpair() failed");
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* try to launch bridge helper */
|
|
|
|
pid = fork();
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
if (pid < 0) {
|
|
|
|
error_setg_errno(errp, errno, "Can't fork bridge helper");
|
|
|
|
return -1;
|
|
|
|
}
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
if (pid == 0) {
|
|
|
|
int open_max = sysconf(_SC_OPEN_MAX), i;
|
|
|
|
char fd_buf[6+10];
|
|
|
|
char br_buf[6+IFNAMSIZ] = {0};
|
|
|
|
char helper_cmd[PATH_MAX + sizeof(fd_buf) + sizeof(br_buf) + 15];
|
|
|
|
|
2014-03-12 17:54:27 +01:00
|
|
|
for (i = 3; i < open_max; i++) {
|
|
|
|
if (i != sv[1]) {
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
close(i);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
snprintf(fd_buf, sizeof(fd_buf), "%s%d", "--fd=", sv[1]);
|
|
|
|
|
|
|
|
if (strrchr(helper, ' ') || strrchr(helper, '\t')) {
|
|
|
|
/* assume helper is a command */
|
|
|
|
|
|
|
|
if (strstr(helper, "--br=") == NULL) {
|
|
|
|
snprintf(br_buf, sizeof(br_buf), "%s%s", "--br=", bridge);
|
|
|
|
}
|
|
|
|
|
|
|
|
snprintf(helper_cmd, sizeof(helper_cmd), "%s %s %s %s",
|
|
|
|
helper, "--use-vnet", fd_buf, br_buf);
|
|
|
|
|
|
|
|
parg = args;
|
|
|
|
*parg++ = (char *)"sh";
|
|
|
|
*parg++ = (char *)"-c";
|
|
|
|
*parg++ = helper_cmd;
|
|
|
|
*parg++ = NULL;
|
|
|
|
|
|
|
|
execv("/bin/sh", args);
|
|
|
|
} else {
|
|
|
|
/* assume helper is just the executable path name */
|
|
|
|
|
|
|
|
snprintf(br_buf, sizeof(br_buf), "%s%s", "--br=", bridge);
|
|
|
|
|
|
|
|
parg = args;
|
|
|
|
*parg++ = (char *)helper;
|
|
|
|
*parg++ = (char *)"--use-vnet";
|
|
|
|
*parg++ = fd_buf;
|
|
|
|
*parg++ = br_buf;
|
|
|
|
*parg++ = NULL;
|
|
|
|
|
|
|
|
execv(helper, args);
|
|
|
|
}
|
|
|
|
_exit(1);
|
|
|
|
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
} else {
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
int fd;
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
int saved_errno;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
|
|
|
close(sv[1]);
|
|
|
|
|
|
|
|
do {
|
|
|
|
fd = recv_fd(sv[0]);
|
|
|
|
} while (fd == -1 && errno == EINTR);
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
saved_errno = errno;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
|
|
|
close(sv[0]);
|
|
|
|
|
|
|
|
while (waitpid(pid, &status, 0) != pid) {
|
|
|
|
/* loop */
|
|
|
|
}
|
|
|
|
sigprocmask(SIG_SETMASK, &oldmask, NULL);
|
|
|
|
if (fd < 0) {
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
error_setg_errno(errp, saved_errno,
|
|
|
|
"failed to recv file descriptor");
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
return -1;
|
|
|
|
}
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
|
|
|
|
error_setg(errp, "bridge helper failed");
|
|
|
|
return -1;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
}
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
return fd;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-17 16:17:21 +02:00
|
|
|
int net_init_bridge(const NetClientOptions *opts, const char *name,
|
2015-05-15 13:58:50 +02:00
|
|
|
NetClientState *peer, Error **errp)
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
{
|
2012-07-17 16:17:20 +02:00
|
|
|
const NetdevBridgeOptions *bridge;
|
|
|
|
const char *helper, *br;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
TAPState *s;
|
|
|
|
int fd, vnet_hdr;
|
|
|
|
|
2015-10-26 23:34:56 +01:00
|
|
|
assert(opts->type == NET_CLIENT_OPTIONS_KIND_BRIDGE);
|
|
|
|
bridge = opts->u.bridge;
|
2012-07-17 16:17:20 +02:00
|
|
|
|
|
|
|
helper = bridge->has_helper ? bridge->helper : DEFAULT_BRIDGE_HELPER;
|
|
|
|
br = bridge->has_br ? bridge->br : DEFAULT_BRIDGE_INTERFACE;
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
fd = net_bridge_run_helper(helper, br, errp);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
if (fd == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
fcntl(fd, F_SETFL, O_NONBLOCK);
|
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd);
|
2012-07-24 17:35:05 +02:00
|
|
|
s = net_tap_fd_init(peer, "bridge", name, fd, vnet_hdr);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
2012-07-17 16:17:20 +02:00
|
|
|
snprintf(s->nc.info_str, sizeof(s->nc.info_str), "helper=%s,br=%s", helper,
|
|
|
|
br);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-07-17 16:17:19 +02:00
|
|
|
static int net_tap_init(const NetdevTapOptions *tap, int *vnet_hdr,
|
|
|
|
const char *setup_script, char *ifname,
|
2015-05-15 13:58:58 +02:00
|
|
|
size_t ifname_sz, int mq_required, Error **errp)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2015-05-15 13:58:57 +02:00
|
|
|
Error *err = NULL;
|
2009-10-22 18:49:07 +02:00
|
|
|
int fd, vnet_hdr_required;
|
|
|
|
|
2012-07-17 16:17:19 +02:00
|
|
|
if (tap->has_vnet_hdr) {
|
|
|
|
*vnet_hdr = tap->vnet_hdr;
|
2009-10-22 18:49:07 +02:00
|
|
|
vnet_hdr_required = *vnet_hdr;
|
|
|
|
} else {
|
2012-07-17 16:17:19 +02:00
|
|
|
*vnet_hdr = 1;
|
2009-10-22 18:49:07 +02:00
|
|
|
vnet_hdr_required = 0;
|
|
|
|
}
|
|
|
|
|
2013-01-30 12:12:34 +01:00
|
|
|
TFR(fd = tap_open(ifname, ifname_sz, vnet_hdr, vnet_hdr_required,
|
2015-05-15 13:58:58 +02:00
|
|
|
mq_required, errp));
|
2009-10-22 18:49:07 +02:00
|
|
|
if (fd < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (setup_script &&
|
|
|
|
setup_script[0] != '\0' &&
|
2015-05-15 13:58:57 +02:00
|
|
|
strcmp(setup_script, "no") != 0) {
|
|
|
|
launch_script(setup_script, ifname, fd, &err);
|
|
|
|
if (err) {
|
2015-05-15 13:58:58 +02:00
|
|
|
error_propagate(errp, err);
|
2015-05-15 13:58:57 +02:00
|
|
|
close(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
2013-01-30 12:12:34 +01:00
|
|
|
#define MAX_TAP_QUEUES 1024
|
|
|
|
|
2015-05-15 13:58:56 +02:00
|
|
|
static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
|
|
|
|
const char *model, const char *name,
|
|
|
|
const char *ifname, const char *script,
|
|
|
|
const char *downscript, const char *vhostfdname,
|
|
|
|
int vnet_hdr, int fd, Error **errp)
|
2013-01-30 12:12:30 +01:00
|
|
|
{
|
2015-02-09 14:03:19 +01:00
|
|
|
Error *err = NULL;
|
2015-05-15 13:58:53 +02:00
|
|
|
TAPState *s = net_tap_fd_init(peer, model, name, fd, vnet_hdr);
|
2014-05-27 14:05:22 +02:00
|
|
|
int vhostfd;
|
2013-01-30 12:12:30 +01:00
|
|
|
|
2015-05-15 13:58:55 +02:00
|
|
|
tap_set_sndbuf(s->fd, tap, &err);
|
|
|
|
if (err) {
|
2015-05-15 13:58:56 +02:00
|
|
|
error_propagate(errp, err);
|
|
|
|
return;
|
2013-01-30 12:12:30 +01:00
|
|
|
}
|
|
|
|
|
2013-01-30 12:12:34 +01:00
|
|
|
if (tap->has_fd || tap->has_fds) {
|
2013-01-30 12:12:30 +01:00
|
|
|
snprintf(s->nc.info_str, sizeof(s->nc.info_str), "fd=%d", fd);
|
|
|
|
} else if (tap->has_helper) {
|
|
|
|
snprintf(s->nc.info_str, sizeof(s->nc.info_str), "helper=%s",
|
|
|
|
tap->helper);
|
|
|
|
} else {
|
|
|
|
snprintf(s->nc.info_str, sizeof(s->nc.info_str),
|
|
|
|
"ifname=%s,script=%s,downscript=%s", ifname, script,
|
|
|
|
downscript);
|
|
|
|
|
|
|
|
if (strcmp(downscript, "no") != 0) {
|
|
|
|
snprintf(s->down_script, sizeof(s->down_script), "%s", downscript);
|
|
|
|
snprintf(s->down_script_arg, sizeof(s->down_script_arg),
|
|
|
|
"%s", ifname);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tap->has_vhost ? tap->vhost :
|
|
|
|
vhostfdname || (tap->has_vhostforce && tap->vhostforce)) {
|
2014-05-27 14:05:22 +02:00
|
|
|
VhostNetOptions options;
|
|
|
|
|
2014-05-27 14:05:49 +02:00
|
|
|
options.backend_type = VHOST_BACKEND_TYPE_KERNEL;
|
2014-05-27 14:05:22 +02:00
|
|
|
options.net_backend = &s->nc;
|
2013-01-30 12:12:30 +01:00
|
|
|
|
2016-02-26 00:05:57 +01:00
|
|
|
if (vhostfdname) {
|
2015-02-09 14:03:19 +01:00
|
|
|
vhostfd = monitor_fd_param(cur_mon, vhostfdname, &err);
|
2013-01-30 12:12:30 +01:00
|
|
|
if (vhostfd == -1) {
|
2015-05-15 13:58:56 +02:00
|
|
|
error_propagate(errp, err);
|
|
|
|
return;
|
2013-01-30 12:12:30 +01:00
|
|
|
}
|
|
|
|
} else {
|
2014-05-27 14:05:22 +02:00
|
|
|
vhostfd = open("/dev/vhost-net", O_RDWR);
|
|
|
|
if (vhostfd < 0) {
|
2015-05-15 13:58:56 +02:00
|
|
|
error_setg_errno(errp, errno,
|
|
|
|
"tap: open vhost char device failed");
|
|
|
|
return;
|
2014-05-27 14:05:22 +02:00
|
|
|
}
|
2013-01-30 12:12:30 +01:00
|
|
|
}
|
2014-05-27 14:05:22 +02:00
|
|
|
options.opaque = (void *)(uintptr_t)vhostfd;
|
2013-01-30 12:12:30 +01:00
|
|
|
|
2014-05-27 14:05:22 +02:00
|
|
|
s->vhost_net = vhost_net_init(&options);
|
2013-01-30 12:12:30 +01:00
|
|
|
if (!s->vhost_net) {
|
2015-05-15 13:58:56 +02:00
|
|
|
error_setg(errp,
|
|
|
|
"vhost-net requested but could not be initialized");
|
|
|
|
return;
|
2013-01-30 12:12:30 +01:00
|
|
|
}
|
2016-02-26 00:05:57 +01:00
|
|
|
} else if (vhostfdname) {
|
2015-05-15 13:58:56 +02:00
|
|
|
error_setg(errp, "vhostfd= is not valid without vhost");
|
2013-01-30 12:12:30 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-01-30 12:12:34 +01:00
|
|
|
static int get_fds(char *str, char *fds[], int max)
|
|
|
|
{
|
|
|
|
char *ptr = str, *this;
|
|
|
|
size_t len = strlen(str);
|
|
|
|
int i = 0;
|
|
|
|
|
|
|
|
while (i < max && ptr < str + len) {
|
|
|
|
this = strchr(ptr, ':');
|
|
|
|
|
|
|
|
if (this == NULL) {
|
|
|
|
fds[i] = g_strdup(ptr);
|
|
|
|
} else {
|
|
|
|
fds[i] = g_strndup(ptr, this - ptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
i++;
|
|
|
|
if (this == NULL) {
|
|
|
|
break;
|
|
|
|
} else {
|
|
|
|
ptr = this + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
|
2012-07-17 16:17:21 +02:00
|
|
|
int net_init_tap(const NetClientOptions *opts, const char *name,
|
2015-05-15 13:58:50 +02:00
|
|
|
NetClientState *peer, Error **errp)
|
2009-10-22 18:49:07 +02:00
|
|
|
{
|
2012-07-17 16:17:19 +02:00
|
|
|
const NetdevTapOptions *tap;
|
2013-01-30 12:12:34 +01:00
|
|
|
int fd, vnet_hdr = 0, i = 0, queues;
|
2012-07-17 16:17:19 +02:00
|
|
|
/* for the no-fd, no-helper case */
|
|
|
|
const char *script = NULL; /* suppress wrong "uninit'd use" gcc warning */
|
2013-01-30 12:12:30 +01:00
|
|
|
const char *downscript = NULL;
|
2015-02-09 14:03:19 +01:00
|
|
|
Error *err = NULL;
|
2013-01-30 12:12:34 +01:00
|
|
|
const char *vhostfdname;
|
2012-07-17 16:17:19 +02:00
|
|
|
char ifname[128];
|
|
|
|
|
2015-10-26 23:34:56 +01:00
|
|
|
assert(opts->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
|
|
|
tap = opts->u.tap;
|
2013-01-30 12:12:34 +01:00
|
|
|
queues = tap->has_queues ? tap->queues : 1;
|
|
|
|
vhostfdname = tap->has_vhostfd ? tap->vhostfd : NULL;
|
2009-10-22 18:49:07 +02:00
|
|
|
|
2013-02-21 04:05:56 +01:00
|
|
|
/* QEMU vlans does not support multiqueue tap, in this case peer is set.
|
|
|
|
* For -netdev, peer is always NULL. */
|
|
|
|
if (peer && (tap->has_queues || tap->has_fds || tap->has_vhostfds)) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp, "Multiqueue tap cannot be used with QEMU vlans");
|
2013-02-21 04:05:56 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2012-07-17 16:17:19 +02:00
|
|
|
if (tap->has_fd) {
|
|
|
|
if (tap->has_ifname || tap->has_script || tap->has_downscript ||
|
2013-01-30 12:12:34 +01:00
|
|
|
tap->has_vnet_hdr || tap->has_helper || tap->has_queues ||
|
2013-06-04 07:18:17 +02:00
|
|
|
tap->has_fds || tap->has_vhostfds) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp, "ifname=, script=, downscript=, vnet_hdr=, "
|
|
|
|
"helper=, queues=, fds=, and vhostfds= "
|
|
|
|
"are invalid with fd=");
|
2009-10-22 18:49:07 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2015-02-09 14:03:19 +01:00
|
|
|
fd = monitor_fd_param(cur_mon, tap->fd, &err);
|
2009-10-22 18:49:07 +02:00
|
|
|
if (fd == -1) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_propagate(errp, err);
|
2009-10-22 18:49:07 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
fcntl(fd, F_SETFL, O_NONBLOCK);
|
|
|
|
|
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
2015-05-15 13:58:56 +02:00
|
|
|
net_init_tap_one(tap, peer, "tap", name, NULL,
|
|
|
|
script, downscript,
|
|
|
|
vhostfdname, vnet_hdr, fd, &err);
|
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_propagate(errp, err);
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} else if (tap->has_fds) {
|
|
|
|
char *fds[MAX_TAP_QUEUES];
|
|
|
|
char *vhost_fds[MAX_TAP_QUEUES];
|
|
|
|
int nfds, nvhosts;
|
|
|
|
|
|
|
|
if (tap->has_ifname || tap->has_script || tap->has_downscript ||
|
|
|
|
tap->has_vnet_hdr || tap->has_helper || tap->has_queues ||
|
2013-06-04 07:18:17 +02:00
|
|
|
tap->has_vhostfd) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp, "ifname=, script=, downscript=, vnet_hdr=, "
|
|
|
|
"helper=, queues=, and vhostfd= "
|
|
|
|
"are invalid with fds=");
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
nfds = get_fds(tap->fds, fds, MAX_TAP_QUEUES);
|
|
|
|
if (tap->has_vhostfds) {
|
|
|
|
nvhosts = get_fds(tap->vhostfds, vhost_fds, MAX_TAP_QUEUES);
|
|
|
|
if (nfds != nvhosts) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp, "The number of fds passed does not match "
|
|
|
|
"the number of vhostfds passed");
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
2015-02-09 14:03:19 +01:00
|
|
|
fd = monitor_fd_param(cur_mon, fds[i], &err);
|
2013-01-30 12:12:34 +01:00
|
|
|
if (fd == -1) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_propagate(errp, err);
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
fcntl(fd, F_SETFL, O_NONBLOCK);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
2013-01-30 12:12:34 +01:00
|
|
|
if (i == 0) {
|
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd);
|
|
|
|
} else if (vnet_hdr != tap_probe_vnet_hdr(fd)) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp,
|
|
|
|
"vnet_hdr not consistent across given tap fds");
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2015-05-15 13:58:56 +02:00
|
|
|
net_init_tap_one(tap, peer, "tap", name, ifname,
|
|
|
|
script, downscript,
|
|
|
|
tap->has_vhostfds ? vhost_fds[i] : NULL,
|
|
|
|
vnet_hdr, fd, &err);
|
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_propagate(errp, err);
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
2012-07-17 16:17:19 +02:00
|
|
|
} else if (tap->has_helper) {
|
|
|
|
if (tap->has_ifname || tap->has_script || tap->has_downscript ||
|
2013-06-04 07:18:17 +02:00
|
|
|
tap->has_vnet_hdr || tap->has_queues || tap->has_vhostfds) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp, "ifname=, script=, downscript=, vnet_hdr=, "
|
|
|
|
"queues=, and vhostfds= are invalid with helper=");
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
tap: Improve -netdev/netdev_add/-net/... bridge error reporting
When -netdev bridge fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev bridge,id=foo
failed to launch bridge helper
qemu-system-x86_64: -netdev bridge,id=foo: Device 'bridge' could not be initialized
The first message goes to stderr. Wrong for HMP, because errors need
to go to the monitor there.
The second message goes to stderr for -netdev, to the monitor for HMP
netdev_add, and becomes the error reply for QMP netdev_add.
Convert net_bridge_run_helper() to Error, and propagate its errors
through net_init_bridge(). This ensures the error gets reported where
the user is, and suppresses the unwanted second message.
While there, improve the error messages a bit.
The above example becomes:
$ qemu-system-x86_64 -netdev bridge,id=foo
qemu-system-x86_64: -netdev bridge,id=foo: bridge helper failed
net_init_tap() also uses net_bridge_run_helper(). Propagate its
errors there as well. Improves reporting these errors with -netdev
tap & friends.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-7-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:58:54 +02:00
|
|
|
fd = net_bridge_run_helper(tap->helper, DEFAULT_BRIDGE_INTERFACE,
|
|
|
|
errp);
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
if (fd == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
fcntl(fd, F_SETFL, O_NONBLOCK);
|
|
|
|
vnet_hdr = tap_probe_vnet_hdr(fd);
|
|
|
|
|
2015-05-15 13:58:56 +02:00
|
|
|
net_init_tap_one(tap, peer, "bridge", name, ifname,
|
|
|
|
script, downscript, vhostfdname,
|
|
|
|
vnet_hdr, fd, &err);
|
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_propagate(errp, err);
|
2014-11-02 06:37:17 +01:00
|
|
|
close(fd);
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2009-10-22 18:49:07 +02:00
|
|
|
} else {
|
2013-06-04 07:18:17 +02:00
|
|
|
if (tap->has_vhostfds) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp, "vhostfds= is invalid if fds= wasn't specified");
|
2013-06-04 07:18:17 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2012-07-17 16:17:19 +02:00
|
|
|
script = tap->has_script ? tap->script : DEFAULT_NETWORK_SCRIPT;
|
2013-01-30 12:12:30 +01:00
|
|
|
downscript = tap->has_downscript ? tap->downscript :
|
|
|
|
DEFAULT_NETWORK_DOWN_SCRIPT;
|
2013-01-30 12:12:34 +01:00
|
|
|
|
|
|
|
if (tap->has_ifname) {
|
|
|
|
pstrcpy(ifname, sizeof ifname, tap->ifname);
|
|
|
|
} else {
|
|
|
|
ifname[0] = '\0';
|
2009-11-20 23:23:03 +01:00
|
|
|
}
|
Add support for net bridge
The most common use of -net tap is to connect a tap device to a bridge. This
requires the use of a script and running qemu as root in order to allocate a
tap device to pass to the script.
This model is great for portability and flexibility but it's incredibly
difficult to eliminate the need to run qemu as root. The only really viable
mechanism is to use tunctl to create a tap device, attach it to a bridge as
root, and then hand that tap device to qemu. The problem with this mechanism
is that it requires administrator intervention whenever a user wants to create
a guest.
By essentially writing a helper that implements the most common qemu-ifup
script that can be safely given cap_net_admin, we can dramatically simplify
things for non-privileged users. We still support existing -net tap options
as a mechanism for advanced users and backwards compatibility.
Currently, this is very Linux centric but there's really no reason why it
couldn't be extended for other Unixes.
A typical invocation would be similar to one of the following:
qemu linux.img -net bridge -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper"
-net nic,model=virtio
qemu linux.img -netdev bridge,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
The default bridge that we attach to is br0. The thinking is that a distro
could preconfigure such an interface to allow out-of-the-box bridged networking.
Alternatively, if a user wants to use a different bridge, a typical invocation
would be simliar to one of the following:
qemu linux.img -net bridge,br=qemubr0 -net nic,model=virtio
qemu linux.img -net tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0"
-net nic,model=virtio
qemu linux.img -netdev bridge,br=qemubr0,id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
qemu linux.img -netdev tap,helper="/usr/local/libexec/qemu-bridge-helper --br=qemubr0",id=hn0
-device virtio-net-pci,netdev=hn0,id=nic1
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2012-01-26 15:42:27 +01:00
|
|
|
|
2013-01-30 12:12:34 +01:00
|
|
|
for (i = 0; i < queues; i++) {
|
|
|
|
fd = net_tap_init(tap, &vnet_hdr, i >= 1 ? "no" : script,
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
ifname, sizeof ifname, queues > 1, errp);
|
2013-01-30 12:12:34 +01:00
|
|
|
if (fd == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (queues > 1 && i == 0 && !tap->has_ifname) {
|
|
|
|
if (tap_fd_get_ifname(fd, ifname)) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_setg(errp, "Fail to get ifname");
|
2014-11-02 06:37:17 +01:00
|
|
|
close(fd);
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-15 13:58:56 +02:00
|
|
|
net_init_tap_one(tap, peer, "tap", name, ifname,
|
|
|
|
i >= 1 ? "no" : script,
|
|
|
|
i >= 1 ? "no" : downscript,
|
|
|
|
vhostfdname, vnet_hdr, fd, &err);
|
|
|
|
if (err) {
|
tap: Improve -netdev/netdev_add/-net/... tap error reporting
When -netdev tap fails, it first reports a specific error, then a
generic one, like this:
$ qemu-system-x86_64 -netdev tap,id=foo
qemu-system-x86_64: -netdev tap,id=foo: could not configure /dev/net/tun: Operation not permitted
qemu-system-x86_64: -netdev tap,id=foo: Device 'tap' could not be initialized
With the command line, the messages go to stderr. In HMP, they go to
the monitor. In QMP, the second one becomes the error reply, and the
first one goes to stderr.
Convert net_init_tap() to Error. This suppresses the unwanted second
message, and makes the specific error the QMP error reply.
[Dropped duplicate "and" from error message as suggested by Eric Blake:
"ifname=, script=, downscript=, and vnet_hdr=, "
"queues=, and vhostfds= are invalid with helper="
--Stefan]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1431691143-1015-16-git-send-email-armbru@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-05-15 13:59:03 +02:00
|
|
|
error_propagate(errp, err);
|
2014-11-02 06:37:17 +01:00
|
|
|
close(fd);
|
2013-01-30 12:12:34 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
|
|
|
|
2013-01-30 12:12:34 +01:00
|
|
|
return 0;
|
2009-10-22 18:49:07 +02:00
|
|
|
}
|
2010-03-17 12:08:38 +01:00
|
|
|
|
2012-07-24 17:35:13 +02:00
|
|
|
VHostNetState *tap_get_vhost_net(NetClientState *nc)
|
2010-03-17 12:08:38 +01:00
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
2012-07-17 16:17:12 +02:00
|
|
|
assert(nc->info->type == NET_CLIENT_OPTIONS_KIND_TAP);
|
2010-03-17 12:08:38 +01:00
|
|
|
return s->vhost_net;
|
|
|
|
}
|
2013-01-30 12:12:32 +01:00
|
|
|
|
|
|
|
int tap_enable(NetClientState *nc)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (s->enabled) {
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
ret = tap_fd_enable(s->fd);
|
|
|
|
if (ret == 0) {
|
|
|
|
s->enabled = true;
|
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int tap_disable(NetClientState *nc)
|
|
|
|
{
|
|
|
|
TAPState *s = DO_UPCAST(TAPState, nc, nc);
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (s->enabled == 0) {
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
ret = tap_fd_disable(s->fd);
|
|
|
|
if (ret == 0) {
|
|
|
|
qemu_purge_queued_packets(nc);
|
|
|
|
s->enabled = false;
|
|
|
|
tap_update_fd_handler(s);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
}
|