Feature #589

[patch] Add support for LibVirt network-filter

Added by jordan pittier about 10 years ago. Updated about 10 years ago.

Status:ClosedStart date:04/26/2011
Priority:NormalDue date:
Assignee:Ruben S. Montero% Done:

0%

Category:Core & System
Target version:Release 3.0
Resolution:fixed Pull request:

Description

Hi,
I like Opennebula hooks to add some ebtables entries. But I prefer to use Libvirt network filters, they are more powerful. Here is a patch to add this feature :

Edit src/vmm/LibVirtDriverKVM.cc around line 60 add:

string ip

Edit src/vmm/LibVirtDriverKVM.cc around line 435 add:

ip         = nic->vector_value("IP");

Edit the same file, around line 450 (after the if( !mac.empty() ) code block) add

if( !ip.empty() )
{
  file << "\t\t\t<filterref filter='clean-traffic'>" << endl;
  file << "\t\t\t\t<parameter name='IP' value='" << ip << "'/>" << endl;
  file << "\t\t\t</filterref>" << endl;
}

This enables the most used network-filter, aka "clean-traffic". But there are others network-filters (see libvirt website) and it should be configurable using a preference in one/etc/vmm_ssh/vmm_ssh_kvm.conf

Associated revisions

Revision e050429a
Added by Ruben S. Montero about 10 years ago

feature #589: Add support for filter option in KVM driver

Revision 0cdbde48
Added by Ruben S. Montero about 10 years ago

feature #589: Fixes a bug for filter generation and sets no filter by default

History

#1 Updated by Ruben S. Montero about 10 years ago

  • Category set to Core & System
  • Assignee set to Ruben S. Montero
  • Target version set to Release 3.0

Hi, this makes sense, thanks for the patch!. This will only support predefined filter rules as described in http://libvirt.org/formatnwfilter.html#nwfelemsRules

#2 Updated by Ruben S. Montero about 10 years ago

  • Status changed from New to Closed
  • Resolution set to fixed
This is now ready in master. I've extended the functionality with:
  • You can now set any filter to the interface as:
    NIC = [ NETWORK_ID = 0, FILTER = "clean-traffic" ]
  • Default filters can be defined for NICs in vmm_kvm.conf

Also this is now documented in the KVM driver guide http://www.opennebula.org/documentation:rel2.4:kvmg?&#nic

#3 Updated by Shi Jin about 10 years ago

Hi,

Is it possible to integrate the filter into the VNET definition so that any NIC using the VNET will automatically inheritate its filters?
This way, there is no change needed on the VM templates.

Thanks.

#4 Updated by jordan pittier about 10 years ago

I dont see why it should be configurable on a per vnet basis instead of per VM. You would loose "granularity".

This way, there is no change needed on the VM templates.

What's the matter with editing the templates ? It's just one line.

#5 Updated by Shi Jin about 10 years ago

I agree but I just have a lot of templates to modify.
However, I found that if I put in $ONE_LOCATION/etc/vmm_exec/vmm_exec_kvm.conf

NIC      = [ filter = "clean-traffic" ]

Then it will automatically be appended to all VMs without the need to modify the existing templates.

#6 Updated by Shi Jin about 10 years ago

Also this is now documented in the KVM driver guide http://www.opennebula.org/documentation:rel2.4:kvmg?&#nic

Hi, this page is not available. Has it been moved to a new URL? Please update. Thanks.

Also, I already tested it under the master branch, meaning it will be available in the 3.x release. But is it possible to port it back to the 2.x release? I understand that there are some significant changes in database and API so it might take us a while port our systems to OpenNebula-3.x but this feature is definitely needed right away and it would be very nice to have it in the already working 2.x version.

Thanks a lot.
Shi

#7 Updated by Shi Jin about 10 years ago

Sorry this line was shown as quotes. So I am pasting again as text.

Also this is now documented in the KVM driver guide http://www.opennebula.org/documentation:rel2.4:kvmg?&#nic

Hi, this page is not available. Has it been moved to a new URL? Please update. Thanks.

#8 Updated by Ruben S. Montero about 10 years ago

The new link,
http://www.opennebula.org/documentation:rel3.0:kvmg?&#nic

Currently, there are no plans to backport this feature to the 2.x branch

Cheers

Ruben

Shi Jin wrote:

Sorry this line was shown as quotes. So I am pasting again as text.

Also this is now documented in the KVM driver guide http://www.opennebula.org/documentation:rel2.4:kvmg?&#nic

Hi, this page is not available. Has it been moved to a new URL? Please update. Thanks.

Also available in: Atom PDF