aboutsummaryrefslogtreecommitdiffstats
path: root/main/libvirt
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-02-11 15:58:34 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2013-02-11 16:00:44 +0100
commit953ae2a7a0188a8bb3b1fa34023f298c44e6d3b7 (patch)
tree337f06e01bf45ae36e0d3b5e2f7f45f18a9f5b3b /main/libvirt
parent49e2d2c34d92ddeaadb248333292b3737ebd03f5 (diff)
downloadaports-953ae2a7a0188a8bb3b1fa34023f298c44e6d3b7.tar.bz2
aports-953ae2a7a0188a8bb3b1fa34023f298c44e6d3b7.tar.xz
main/libvirt: upgrade to 1.0.2 and update public ip NAT patches
Diffstat (limited to 'main/libvirt')
-rw-r--r--main/libvirt/0001-Fix-missing-error-constants-in-libvirt-python-module.patch98
-rw-r--r--main/libvirt/0001-complete-virterror-virerror-name-change.patch40
-rw-r--r--main/libvirt/0001-net-support-set-public-ip-for-forward-mode-nat.patch277
-rw-r--r--main/libvirt/0001-net-support-set-public-ip-range-for-forward-mode-nat.patch487
-rw-r--r--main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch40
-rw-r--r--main/libvirt/0002-net-add-support-for-specifying-port-range-for-forwar.patch379
-rw-r--r--main/libvirt/APKBUILD78
-rw-r--r--main/libvirt/libvirt-1.0.0-remove-uclibc-mkostemp-redefine.patch14
8 files changed, 1070 insertions, 343 deletions
diff --git a/main/libvirt/0001-Fix-missing-error-constants-in-libvirt-python-module.patch b/main/libvirt/0001-Fix-missing-error-constants-in-libvirt-python-module.patch
new file mode 100644
index 0000000000..b9afb51031
--- /dev/null
+++ b/main/libvirt/0001-Fix-missing-error-constants-in-libvirt-python-module.patch
@@ -0,0 +1,98 @@
+From 25ea8e47e74def560bf89cd94dd54b75ca5ff4d6 Mon Sep 17 00:00:00 2001
+From: "Daniel P. Berrange" <berrange@redhat.com>
+Date: Tue, 5 Feb 2013 12:55:09 +0000
+Subject: [PATCH] Fix missing error constants in libvirt python module
+
+The previous change to the generator, changed too much - only
+the functions are in 'virerror.c', the constants remained in
+'virerror.h' which could not be renamed for API compat reasons.
+
+Add a test case to sanity check the generated python bindings
+
+Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
+---
+ python/Makefile.am | 5 +++++
+ python/generator.py | 4 +++-
+ python/sanitytest.py | 31 +++++++++++++++++++++++++++++++
+ 3 files changed, 39 insertions(+), 1 deletion(-)
+ create mode 100644 python/sanitytest.py
+
+diff --git a/python/Makefile.am b/python/Makefile.am
+index dd69600..ef3c3eb 100644
+--- a/python/Makefile.am
++++ b/python/Makefile.am
+@@ -119,6 +119,11 @@ $(libvirtmod_la_OBJECTS): $(GENERATED)
+ $(libvirtmod_qemu_la_OBJECTS): $(QEMU_GENERATED)
+ $(libvirtmod_lxc_la_OBJECTS): $(LXC_GENERATED)
+
++EXTRA_DIST += sanitytest.py
++
++check-local:
++ $(AM_V_GEN)PYTHONPATH=$(abs_topbuilddir):$(abs_topbuilddir)/.libs $(PYTHON) $(srcdir)/sanitytest.py
++
+ install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(pyexecdir)
+ $(INSTALL) -m 0644 libvirt.py $(DESTDIR)$(pyexecdir)
+diff --git a/python/generator.py b/python/generator.py
+index 71ca883..ceade6b 100755
+--- a/python/generator.py
++++ b/python/generator.py
+@@ -122,8 +122,9 @@ class docParser(xml.sax.handler.ContentHandler):
+ if attrs.has_key('field'):
+ self.function_return_field = attrs['field']
+ elif tag == 'enum':
++ # enums come from header files, hence virterror.h
+ if (attrs['file'] == "libvirt" or
+- attrs['file'] == "virerror"):
++ attrs['file'] == "virterror"):
+ enum(attrs['type'],attrs['name'],attrs['value'])
+ elif attrs['file'] == "libvirt-lxc":
+ lxc_enum(attrs['type'],attrs['name'],attrs['value'])
+@@ -134,6 +135,7 @@ class docParser(xml.sax.handler.ContentHandler):
+ if debug:
+ print "end %s" % tag
+ if tag == 'function':
++ # fuctions come from source files, hence 'virerror.c'
+ if self.function != None:
+ if (self.function_module == "libvirt" or
+ self.function_module == "virevent" or
+diff --git a/python/sanitytest.py b/python/sanitytest.py
+new file mode 100644
+index 0000000..047450b
+--- /dev/null
++++ b/python/sanitytest.py
+@@ -0,0 +1,31 @@
++#!/usr/bin/python
++
++import libvirt
++
++globals = dir(libvirt)
++
++# Sanity test that the generator hasn't gone wrong
++
++# Look for core classes
++assert("virConnect" in globals)
++assert("virDomain" in globals)
++assert("virDomainSnapshot" in globals)
++assert("virInterface" in globals)
++assert("virNWFilter" in globals)
++assert("virNodeDevice" in globals)
++assert("virNetwork" in globals)
++assert("virSecret" in globals)
++assert("virStoragePool" in globals)
++assert("virStorageVol" in globals)
++assert("virStream" in globals)
++assert("VIR_CONNECT_RO" in globals)
++
++# Error related bits
++assert("libvirtError" in globals)
++assert("VIR_ERR_AUTH_FAILED" in globals)
++assert("virGetLastError" in globals)
++
++# Some misc methods
++assert("virInitialize" in globals)
++assert("virEventAddHandle" in globals)
++assert("virEventRegisterDefaultImpl" in globals)
+--
+1.7.11.7
+
diff --git a/main/libvirt/0001-complete-virterror-virerror-name-change.patch b/main/libvirt/0001-complete-virterror-virerror-name-change.patch
new file mode 100644
index 0000000000..c16b009df2
--- /dev/null
+++ b/main/libvirt/0001-complete-virterror-virerror-name-change.patch
@@ -0,0 +1,40 @@
+From a6b8bae5a6a4752926eba409202ec061d81c6c8a Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge.hallyn@canonical.com>
+Date: Wed, 30 Jan 2013 21:05:45 -0600
+Subject: [PATCH] complete virterror->virerror name change
+
+Without these two string changes in generator.py, the
+virGetLastError wrapper does not get created in
+/usr/share/pyshared/libvirt.py. Noticed when running
+tests with virt-install.
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+---
+ python/generator.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/python/generator.py b/python/generator.py
+index 5d27f66..71ca883 100755
+--- a/python/generator.py
++++ b/python/generator.py
+@@ -123,7 +123,7 @@ class docParser(xml.sax.handler.ContentHandler):
+ self.function_return_field = attrs['field']
+ elif tag == 'enum':
+ if (attrs['file'] == "libvirt" or
+- attrs['file'] == "virterror"):
++ attrs['file'] == "virerror"):
+ enum(attrs['type'],attrs['name'],attrs['value'])
+ elif attrs['file'] == "libvirt-lxc":
+ lxc_enum(attrs['type'],attrs['name'],attrs['value'])
+@@ -137,7 +137,7 @@ class docParser(xml.sax.handler.ContentHandler):
+ if self.function != None:
+ if (self.function_module == "libvirt" or
+ self.function_module == "virevent" or
+- self.function_module == "virterror"):
++ self.function_module == "virerror"):
+ function(self.function, self.function_descr,
+ self.function_return, self.function_args,
+ self.function_file, self.function_module,
+--
+1.8.1
+
diff --git a/main/libvirt/0001-net-support-set-public-ip-for-forward-mode-nat.patch b/main/libvirt/0001-net-support-set-public-ip-for-forward-mode-nat.patch
deleted file mode 100644
index 831466f950..0000000000
--- a/main/libvirt/0001-net-support-set-public-ip-for-forward-mode-nat.patch
+++ /dev/null
@@ -1,277 +0,0 @@
-From da1e7fe01acdaf13b3fb9e3cda53627063014da9 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Tue, 4 Dec 2012 17:03:51 +0100
-Subject: [PATCH] net: support set public ip for forward mode nat
-
-Support setting which public ip to use for NAT via attribute
-publicaddr. This will construct an iptables line using '-j SNAT
---to-source <publicaddr>' instead of '-j MASQUERADE'.
-
-Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
----
- docs/formatnetwork.html.in | 4 +++-
- src/conf/network_conf.c | 33 +++++++++++++++++++++++++++++++++
- src/conf/network_conf.h | 1 +
- src/network/bridge_driver.c | 24 ++++++++++++++++--------
- src/util/iptables.c | 31 ++++++++++++++++++++++++-------
- src/util/iptables.h | 6 ++++--
- 6 files changed, 81 insertions(+), 18 deletions(-)
-
-diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
-index 49206dd..07f9783 100644
---- a/docs/formatnetwork.html.in
-+++ b/docs/formatnetwork.html.in
-@@ -125,7 +125,9 @@
- other network device whether ethernet, wireless, dialup,
- or VPN. If the <code>dev</code> attribute is set, the
- firewall rules will restrict forwarding to the named
-- device only. Inbound connections from other networks are
-+ device only. If the <code>publicaddr</code> attribute is set,
-+ the given source address will be used with iptables' SNAT
-+ target. Inbound connections from other networks are
- all prohibited; all connections between guests on the same
- network, and to/from the host to the guests, are
- unrestricted and not NATed.<span class="since">Since
-diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
-index 6ce2e63..36128ac 100644
---- a/src/conf/network_conf.c
-+++ b/src/conf/network_conf.c
-@@ -174,6 +174,7 @@ void virNetworkDefFree(virNetworkDefPtr def)
- VIR_FREE(def->name);
- VIR_FREE(def->bridge);
- VIR_FREE(def->domain);
-+ VIR_FREE(def->publicaddr);
-
- for (ii = 0 ; ii < def->nForwardPfs && def->forwardPfs ; ii++) {
- virNetworkForwardPfDefClear(&def->forwardPfs[ii]);
-@@ -1211,6 +1212,22 @@ error:
- return result;
- }
-
-+static int
-+virValidPublicaddr(const char *publicaddr)
-+{
-+ /* only check for max len and valid chars for now */
-+ const int maxlen = sizeof("123.123.123.123-123.123.123.123:65535-65534")-1;
-+ int len = strlen(publicaddr);
-+
-+ if (len > maxlen)
-+ return 0;
-+
-+ if (strspn(publicaddr, "0123456789.-:") < len)
-+ return 0;
-+
-+ return 1;
-+}
-+
- static virNetworkDefPtr
- virNetworkDefParseXML(xmlXPathContextPtr ctxt)
- {
-@@ -1387,6 +1404,21 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt)
- def->managed = 1;
- }
-
-+ def->publicaddr = virXPathString("string(./@publicaddr)", ctxt);
-+ if (def->publicaddr != NULL) {
-+ char *errstr = NULL;
-+ if (def->forwardType != VIR_NETWORK_FORWARD_NAT) {
-+ errstr = "Attribute 'publicaddr' is only valid with mode='nat'";
-+ } else if (!virValidPublicaddr(def->publicaddr)) {
-+ errstr = "Attribute 'publicaddr' must be in the format: ipaddr[-ipaddr][:port[-port]]";
-+ }
-+
-+ if (errstr != NULL) {
-+ virReportError(VIR_ERR_XML_ERROR, "%s", _(errstr));
-+ goto error;
-+ }
-+ }
-+
- /* all of these modes can use a pool of physical interfaces */
- nForwardIfs = virXPathNodeSet("./interface", ctxt, &forwardIfNodes);
- nForwardPfs = virXPathNodeSet("./pf", ctxt, &forwardPfNodes);
-@@ -1861,6 +1893,7 @@ char *virNetworkDefFormat(const virNetworkDefPtr def, unsigned int flags)
- }
- virBufferAddLit(&buf, "<forward");
- virBufferEscapeString(&buf, " dev='%s'", dev);
-+ virBufferEscapeString(&buf, " publicaddr='%s'", def->publicaddr);
- virBufferAsprintf(&buf, " mode='%s'", mode);
- if (def->forwardType == VIR_NETWORK_FORWARD_HOSTDEV) {
- if (def->managed == 1)
-diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
-index 3e46304..76fb591 100644
---- a/src/conf/network_conf.h
-+++ b/src/conf/network_conf.h
-@@ -206,6 +206,7 @@ struct _virNetworkDef {
- virPortGroupDefPtr portGroups;
- virNetDevBandwidthPtr bandwidth;
- virNetDevVlan vlan;
-+ char *publicaddr;
- };
-
- typedef struct _virNetworkObj virNetworkObj;
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index 75f3c3a..04f178b 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -1438,7 +1438,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
- &ipdef->address,
- prefix,
- forwardIf,
-- NULL) < 0) {
-+ NULL,
-+ network->def->publicaddr) < 0) {
- virReportError(VIR_ERR_SYSTEM_ERROR,
- forwardIf ?
- _("failed to add iptables rule to enable masquerading to %s") :
-@@ -1452,7 +1453,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
- &ipdef->address,
- prefix,
- forwardIf,
-- "udp") < 0) {
-+ "udp",
-+ network->def->publicaddr) < 0) {
- virReportError(VIR_ERR_SYSTEM_ERROR,
- forwardIf ?
- _("failed to add iptables rule to enable UDP masquerading to %s") :
-@@ -1466,7 +1468,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
- &ipdef->address,
- prefix,
- forwardIf,
-- "tcp") < 0) {
-+ "tcp",
-+ network->def->publicaddr) < 0) {
- virReportError(VIR_ERR_SYSTEM_ERROR,
- forwardIf ?
- _("failed to add iptables rule to enable TCP masquerading to %s") :
-@@ -1482,13 +1485,15 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
- &ipdef->address,
- prefix,
- forwardIf,
-- "udp");
-+ "udp",
-+ network->def->publicaddr);
- masqerr4:
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
- prefix,
- forwardIf,
-- NULL);
-+ NULL,
-+ network->def->publicaddr);
- masqerr3:
- iptablesRemoveForwardAllowRelatedIn(driver->iptables,
- &ipdef->address,
-@@ -1518,17 +1523,20 @@ networkRemoveMasqueradingIptablesRules(struct network_driver *driver,
- &ipdef->address,
- prefix,
- forwardIf,
-- "tcp");
-+ "tcp",
-+ network->def->publicaddr);
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
- prefix,
- forwardIf,
-- "udp");
-+ "udp",
-+ network->def->publicaddr);
- iptablesRemoveForwardMasquerade(driver->iptables,
- &ipdef->address,
- prefix,
- forwardIf,
-- NULL);
-+ NULL,
-+ network->def->publicaddr);
-
- iptablesRemoveForwardAllowRelatedIn(driver->iptables,
- &ipdef->address,
-diff --git a/src/util/iptables.c b/src/util/iptables.c
-index 407ca3a..4a89673 100644
---- a/src/util/iptables.c
-+++ b/src/util/iptables.c
-@@ -804,6 +804,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
- unsigned int prefix,
- const char *physdev,
- const char *protocol,
-+ const char *publicaddr,
- int action)
- {
- int ret;
-@@ -833,10 +834,24 @@ iptablesForwardMasquerade(iptablesContext *ctx,
- if (physdev && physdev[0])
- virCommandAddArgList(cmd, "--out-interface", physdev, NULL);
-
-- virCommandAddArgList(cmd, "--jump", "MASQUERADE", NULL);
-+ /* Use --jump SNAT if public addr is specified */
-+ if (publicaddr && publicaddr[0]) {
-+ char tmpstr[sizeof("123.123.123.123-123.123.123.123:65535-65535")];
-+ const char *portstr = "";
-
-- if (protocol && protocol[0])
-- virCommandAddArgList(cmd, "--to-ports", "1024-65535", NULL);
-+ memset(tmpstr, 0, sizeof(tmpstr));
-+ if (protocol && protocol[0] && (strchr(publicaddr, ':') == NULL))
-+ portstr = ":1024-65535";
-+ snprintf(tmpstr, sizeof(tmpstr), "%s%s", publicaddr, portstr);
-+
-+ virCommandAddArgList(cmd, "--jump", "SNAT",
-+ "--to-source", tmpstr, NULL);
-+ } else {
-+ virCommandAddArgList(cmd, "--jump", "MASQUERADE", NULL);
-+
-+ if (protocol && protocol[0])
-+ virCommandAddArgList(cmd, "--to-ports", "1024-65535", NULL);
-+ }
-
- ret = iptablesCommandRunAndFree(cmd);
- VIR_FREE(networkstr);
-@@ -861,9 +876,10 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
-- const char *protocol)
-+ const char *protocol,
-+ const char *publicaddr)
- {
-- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, protocol, ADD);
-+ return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, protocol, publicaddr, ADD);
- }
-
- /**
-@@ -884,9 +900,10 @@ iptablesRemoveForwardMasquerade(iptablesContext *ctx,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
-- const char *protocol)
-+ const char *protocol,
-+ const char *publicaddr)
- {
-- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, protocol, REMOVE);
-+ return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, protocol, publicaddr, REMOVE);
- }
-
-
-diff --git a/src/util/iptables.h b/src/util/iptables.h
-index e54f8b1..a9d2772 100644
---- a/src/util/iptables.h
-+++ b/src/util/iptables.h
-@@ -105,12 +105,14 @@ int iptablesAddForwardMasquerade (iptablesContext *ctx,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
-- const char *protocol);
-+ const char *protocol,
-+ const char *publicaddr);
- int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
-- const char *protocol);
-+ const char *protocol,
-+ const char *publicaddr);
- int iptablesAddOutputFixUdpChecksum (iptablesContext *ctx,
- const char *iface,
- int port);
---
-1.8.0.1
-
diff --git a/main/libvirt/0001-net-support-set-public-ip-range-for-forward-mode-nat.patch b/main/libvirt/0001-net-support-set-public-ip-range-for-forward-mode-nat.patch
new file mode 100644
index 0000000000..789bd9bda3
--- /dev/null
+++ b/main/libvirt/0001-net-support-set-public-ip-range-for-forward-mode-nat.patch
@@ -0,0 +1,487 @@
+From 18d50f3bc920d70a65e2c3b1f08826db91d8ae2e Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Sun, 3 Feb 2013 12:18:36 +0100
+Subject: [PATCH 1/2] net: support set public ip range for forward mode nat
+
+Support setting which public ip to use for NAT via attribute
+address in subelement <nat> in <forward>:
+
+...
+ <forward mode='nat'>
+ <address start='1.2.3.4' end='1.2.3.10'/>
+ </forward>
+...
+
+This will construct an iptables line using:
+
+ '-j SNAT --to-source <start>-<end>'
+
+instead of:
+
+ '-j MASQUERADE'
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ docs/formatnetwork.html.in | 18 ++++++
+ src/conf/network_conf.c | 152 ++++++++++++++++++++++++++++++++++++++++++--
+ src/conf/network_conf.h | 3 +
+ src/network/bridge_driver.c | 16 +++++
+ src/util/viriptables.c | 56 +++++++++++++---
+ src/util/viriptables.h | 4 ++
+ 6 files changed, 235 insertions(+), 14 deletions(-)
+
+diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
+index 7b42529..5fbd0a9 100644
+--- a/docs/formatnetwork.html.in
++++ b/docs/formatnetwork.html.in
+@@ -136,6 +136,24 @@
+ network, and to/from the host to the guests, are
+ unrestricted and not NATed.<span class="since">Since
+ 0.4.2</span>
++
++ <p><span class="since">Since 1.0.3</span> it is possible to
++ specify a public IPv4 address range to be used for the NAT by
++ using the <code>&lt;nat&gt;</code> and
++ <code>&lt;address&gt;</code> subelements.
++ <pre>
++...
++ &lt;forward mode='nat'&gt;
++ &lt;nat&gt;
++ &lt;address start='1.2.3.4' end='1.2.3.10'/&gt;
++ &lt;/nat&gt;
++ &lt;/forward&gt;
++...
++ </pre>
++ An singe IPv4 address can be set by setting
++ <code>start</code> and <code>end</code> attributes to
++ the same value.
++ </p>
+ </dd>
+
+ <dt><code>route</code></dt>
+diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
+index 3604ff7..61d086a 100644
+--- a/src/conf/network_conf.c
++++ b/src/conf/network_conf.c
+@@ -1325,6 +1325,80 @@ cleanup:
+ }
+
+ static int
++virNetworkForwardNatDefParseXML(const char *networkName,
++ xmlNodePtr node,
++ xmlXPathContextPtr ctxt,
++ virNetworkForwardDefPtr def)
++{
++ int ret = -1;
++ xmlNodePtr *natAddrNodes = NULL;
++ int nNatAddrs;
++ char *addr_start = NULL;
++ char *addr_end = NULL;
++ xmlNodePtr save = ctxt->node;
++
++ ctxt->node = node;
++
++ if (def->type != VIR_NETWORK_FORWARD_NAT) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("The <nat> element can only be used when <forward> 'mode' is 'nat' in network %s"),
++ networkName);
++ goto cleanup;
++ }
++
++ /* addresses for SNAT */
++ nNatAddrs = virXPathNodeSet("./address", ctxt, &natAddrNodes);
++ if (nNatAddrs < 0) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("invalid <address> element found in <forward> of "
++ "network %s"), networkName);
++ goto cleanup;
++ } else if (nNatAddrs > 1) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("Only one <address> element is allowed in <nat> in "
++ "<forward> in network %s"), networkName);
++ goto cleanup;
++ } else if (nNatAddrs == 1) {
++ addr_start = virXMLPropString(*natAddrNodes, "start");
++ if (addr_start == NULL) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("missing 'start' attribute in <address> element in <nat> in "
++ "<forward> in network %s"), networkName);
++ goto cleanup;
++ }
++ addr_end = virXMLPropString(*natAddrNodes, "end");
++ if (addr_end == NULL) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("missing 'end' attribute in <address> element in <nat> in "
++ "<forward> in network %s"), networkName);
++ goto cleanup;
++ }
++ }
++
++ if (addr_start && virSocketAddrParse(&def->addr_start, addr_start, AF_INET) < 0) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("Bad ipv4 start address '%s' in <nat> in <forward> in "
++ "network '%s'"), addr_start, networkName);
++ goto cleanup;
++ }
++
++ if (addr_end && virSocketAddrParse(&def->addr_end, addr_end, AF_INET) < 0) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("Bad ipv4 end address '%s' in <nat> in <forward> in "
++ "network '%s'"), addr_end, networkName);
++ goto cleanup;
++ }
++
++ ret = 0;
++
++cleanup:
++ VIR_FREE(addr_start);
++ VIR_FREE(addr_end);
++ ctxt->node = save;
++ return ret;
++}
++
++static int
+ virNetworkForwardDefParseXML(const char *networkName,
+ xmlNodePtr node,
+ xmlXPathContextPtr ctxt,
+@@ -1334,7 +1408,8 @@ virNetworkForwardDefParseXML(const char *networkName,
+ xmlNodePtr *forwardIfNodes = NULL;
+ xmlNodePtr *forwardPfNodes = NULL;
+ xmlNodePtr *forwardAddrNodes = NULL;
+- int nForwardIfs, nForwardAddrs, nForwardPfs;
++ xmlNodePtr *forwardNatNodes = NULL;
++ int nForwardIfs, nForwardAddrs, nForwardPfs, nForwardNats;
+ char *forwardDev = NULL;
+ char *forwardManaged = NULL;
+ char *type = NULL;
+@@ -1384,6 +1459,24 @@ virNetworkForwardDefParseXML(const char *networkName,
+ goto cleanup;
+ }
+
++ nForwardNats = virXPathNodeSet("./nat", ctxt, &forwardNatNodes);
++ if (nForwardNats < 0) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("invalid <nat> element found in <forward> of network %s"),
++ networkName);
++ goto cleanup;
++ } else if (nForwardNats > 1) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("Only one <nat> element is allowed in <forward> of network %s"),
++ networkName);
++ goto cleanup;
++ } else if (nForwardNats == 1) {
++ if (virNetworkForwardNatDefParseXML(networkName,
++ *forwardNatNodes,
++ ctxt, def) < 0)
++ goto cleanup;
++ }
++
+ if (((nForwardIfs > 0) + (nForwardAddrs > 0) + (nForwardPfs > 0)) > 1) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("<address>, <interface>, and <pf> elements in <forward> "
+@@ -1525,6 +1618,7 @@ cleanup:
+ VIR_FREE(forwardPfNodes);
+ VIR_FREE(forwardIfNodes);
+ VIR_FREE(forwardAddrNodes);
++ VIR_FREE(forwardNatNodes);
+ ctxt->node = save;
+ return ret;
+ }
+@@ -2079,13 +2173,54 @@ virPortGroupDefFormat(virBufferPtr buf,
+ }
+
+ static int
++virNatDefFormat(virBufferPtr buf,
++ const virNetworkForwardDefPtr fwd)
++{
++ char *addr_start = NULL;
++ char *addr_end = NULL;
++ int ret = -1;
++
++ if (VIR_SOCKET_ADDR_VALID(&fwd->addr_start)) {
++ addr_start = virSocketAddrFormat(&fwd->addr_start);
++ if (!addr_start)
++ goto cleanup;
++ }
++
++ if (VIR_SOCKET_ADDR_VALID(&fwd->addr_end)) {
++ addr_end = virSocketAddrFormat(&fwd->addr_end);
++ if (!addr_end)
++ goto cleanup;
++ }
++
++ if (!addr_end && !addr_start)
++ return 0;
++
++ virBufferAddLit(buf, "<nat>\n");
++ virBufferAdjustIndent(buf, 2);
++
++ virBufferAsprintf(buf, "<address start='%s'", addr_start);
++ if (addr_end)
++ virBufferAsprintf(buf, " end='%s'", addr_end);
++ virBufferAsprintf(buf, "/>\n");
++
++ virBufferAdjustIndent(buf, -2);
++ virBufferAsprintf(buf, "</nat>\n");
++ ret = 0;
++
++cleanup:
++ VIR_FREE(addr_start);
++ VIR_FREE(addr_end);
++ return ret;
++}
++
++static int
+ virNetworkDefFormatInternal(virBufferPtr buf,
+ const virNetworkDefPtr def,
+ unsigned int flags)
+ {
+ unsigned char *uuid;
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+- int ii;
++ int ii, shortforward;
+
+ virBufferAddLit(buf, "<network");
+ if (!(flags & VIR_NETWORK_XML_INACTIVE) && (def->connections > 0)) {
+@@ -2122,10 +2257,17 @@ virNetworkDefFormatInternal(virBufferPtr buf,
+ else
+ virBufferAddLit(buf, " managed='no'");
+ }
+- virBufferAsprintf(buf, "%s>\n",
+- (def->forward.nifs || def->forward.npfs) ? "" : "/");
++ shortforward = !(def->forward.nifs || def->forward.npfs
++ || VIR_SOCKET_ADDR_VALID(&def->forward.addr_start)
++ || VIR_SOCKET_ADDR_VALID(&def->forward.addr_end));
++ virBufferAsprintf(buf, "%s>\n", shortforward ? "/" : "");
+ virBufferAdjustIndent(buf, 2);
+
++ if (def->forward.type == VIR_NETWORK_FORWARD_NAT) {
++ if (virNatDefFormat(buf, &def->forward) < 0)
++ goto error;
++ }
++
+ /* For now, hard-coded to at most 1 forward.pfs */
+ if (def->forward.npfs)
+ virBufferEscapeString(buf, "<pf dev='%s'/>\n",
+@@ -2155,7 +2297,7 @@ virNetworkDefFormatInternal(virBufferPtr buf,
+ }
+ }
+ virBufferAdjustIndent(buf, -2);
+- if (def->forward.npfs || def->forward.nifs)
++ if (!shortforward)
+ virBufferAddLit(buf, "</forward>\n");
+ }
+
+diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
+index 4c634ed..1a598e3 100644
+--- a/src/conf/network_conf.h
++++ b/src/conf/network_conf.h
+@@ -174,6 +174,9 @@ struct _virNetworkForwardDef {
+
+ size_t nifs;
+ virNetworkForwardIfDefPtr ifs;
++
++ /* adresses for SNAT */
++ virSocketAddr addr_start, addr_end;
+ };
+
+ typedef struct _virPortGroupDef virPortGroupDef;
+diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
+index c834f83..6d74c1f 100644
+--- a/src/network/bridge_driver.c
++++ b/src/network/bridge_driver.c
+@@ -1587,6 +1587,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ NULL) < 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ forwardIf ?
+@@ -1601,6 +1603,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ "udp") < 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ forwardIf ?
+@@ -1615,6 +1619,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ "tcp") < 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ forwardIf ?
+@@ -1631,12 +1637,16 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ "udp");
+ masqerr4:
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ NULL);
+ masqerr3:
+ iptablesRemoveForwardAllowRelatedIn(driver->iptables,
+@@ -1667,16 +1677,22 @@ networkRemoveMasqueradingIptablesRules(struct network_driver *driver,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ "tcp");
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ "udp");
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ &ipdef->address,
+ prefix,
+ forwardIf,
++ &network->def->forward.addr_start,
++ &network->def->forward.addr_end,
+ NULL);
+
+ iptablesRemoveForwardAllowRelatedIn(driver->iptables,
+diff --git a/src/util/viriptables.c b/src/util/viriptables.c
+index 41fe780..3f0dcf0 100644
+--- a/src/util/viriptables.c
++++ b/src/util/viriptables.c
+@@ -805,11 +805,15 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
++ virSocketAddr *addr_start,
++ virSocketAddr *addr_end,
+ const char *protocol,
+ int action)
+ {
+- int ret;
+- char *networkstr;
++ int ret = -1;
++ char *networkstr = NULL;
++ char *addr_start_str = NULL;
++ char *addr_end_str = NULL;
+ virCommandPtr cmd = NULL;
+
+ if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
+@@ -820,8 +824,18 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Attempted to NAT '%s'. NAT is only supported for IPv4."),
+ networkstr);
+- VIR_FREE(networkstr);
+- return -1;
++ goto cleanup;
++ }
++
++ if (VIR_SOCKET_ADDR_IS_FAMILY(addr_start, AF_INET)) {
++ addr_start_str = virSocketAddrFormat(addr_start);
++ if (!addr_start_str)
++ goto cleanup;
++ if (VIR_SOCKET_ADDR_IS_FAMILY(addr_end, AF_INET)) {
++ addr_end_str = virSocketAddrFormat(addr_end);
++ if (!addr_end_str)
++ goto cleanup;
++ }
+ }
+
+ cmd = iptablesCommandNew(ctx->nat_postrouting, AF_INET, action);
+@@ -835,12 +849,32 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+ if (physdev && physdev[0])
+ virCommandAddArgList(cmd, "--out-interface", physdev, NULL);
+
+- virCommandAddArgList(cmd, "--jump", "MASQUERADE", NULL);
++ /* Use --jump SNAT if public addr is specified */
++ if (addr_start_str && addr_start_str[0]) {
++ char tmpstr[sizeof("123.123.123.123-123.123.123.123:65535-65535")];
++ const char *portstr = "";
++
++ memset(tmpstr, 0, sizeof(tmpstr));
++ if (protocol && protocol[0])
++ portstr = ":1024-65535";
++ if (addr_end_str && addr_end_str[0]) {
++ snprintf(tmpstr, sizeof(tmpstr), "%s-%s%s",
++ addr_start_str, addr_end_str, portstr);
++ } else {
++ snprintf(tmpstr, sizeof(tmpstr), "%s%s", addr_start_str, portstr);
++ }
+
+- if (protocol && protocol[0])
+- virCommandAddArgList(cmd, "--to-ports", "1024-65535", NULL);
++ virCommandAddArgList(cmd, "--jump", "SNAT",
++ "--to-source", tmpstr, NULL);
++ } else {
++ virCommandAddArgList(cmd, "--jump", "MASQUERADE", NULL);
++
++ if (protocol && protocol[0])
++ virCommandAddArgList(cmd, "--to-ports", "1024-65535", NULL);
++ }
+
+ ret = iptablesCommandRunAndFree(cmd);
++cleanup:
+ VIR_FREE(networkstr);
+ return ret;
+ }
+@@ -863,9 +897,11 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
++ virSocketAddr *addr_start,
++ virSocketAddr *addr_end,
+ const char *protocol)
+ {
+- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, protocol, ADD);
++ return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, addr_start, addr_end, protocol, ADD);
+ }
+
+ /**
+@@ -886,9 +922,11 @@ iptablesRemoveForwardMasquerade(iptablesContext *ctx,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
++ virSocketAddr *addr_start,
++ virSocketAddr *addr_end,
+ const char *protocol)
+ {
+- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, protocol, REMOVE);
++ return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, addr_start, addr_end, protocol, REMOVE);
+ }
+
+
+diff --git a/src/util/viriptables.h b/src/util/viriptables.h
+index d7fa731..4241380 100644
+--- a/src/util/viriptables.h
++++ b/src/util/viriptables.h
+@@ -107,11 +107,15 @@ int iptablesAddForwardMasquerade (iptablesContext *ctx,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
++ virSocketAddr *addr_start,
++ virSocketAddr *addr_end,
+ const char *protocol);
+ int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
++ virSocketAddr *addr_start,
++ virSocketAddr *addr_end,
+ const char *protocol);
+ int iptablesAddOutputFixUdpChecksum (iptablesContext *ctx,
+ const char *iface,
+--
+1.8.1.2
+
diff --git a/main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch b/main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch
index 6441577b1e..d77da2f2f7 100644
--- a/main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch
+++ b/main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch
@@ -1,6 +1,6 @@
-From d1be257a85234f139c073f7c41f845065dd7246e Mon Sep 17 00:00:00 2001
+From f3531a040cf2ea1fc432a7613af4e9e823b2caa1 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Thu, 22 Nov 2012 13:33:23 +0100
+Date: Mon, 4 Feb 2013 10:45:23 +0100
Subject: [PATCH] util: refactor iptables command construction into multiple
steps
@@ -10,15 +10,25 @@ so we can add conditional options like physdev and protocol.
This removes code duplication while keeping existing behaviour.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+Signed-off-by: Eric Blake <eblake@redhat.com>
---
- src/util/iptables.c | 130 +++++++++++++++++++++++-----------------------------
- 1 file changed, 58 insertions(+), 72 deletions(-)
+ src/util/viriptables.c | 132 ++++++++++++++++++++++---------------------------
+ 1 file changed, 59 insertions(+), 73 deletions(-)
-diff --git a/src/util/iptables.c b/src/util/iptables.c
-index 00a1c29..407ca3a 100644
---- a/src/util/iptables.c
-+++ b/src/util/iptables.c
-@@ -127,15 +127,10 @@ iptRulesNew(const char *table,
+diff --git a/src/util/viriptables.c b/src/util/viriptables.c
+index 2c4290a..41fe780 100644
+--- a/src/util/viriptables.c
++++ b/src/util/viriptables.c
+@@ -1,7 +1,7 @@
+ /*
+ * viriptables.c: helper APIs for managing iptables
+ *
+- * Copyright (C) 2007-2012 Red Hat, Inc.
++ * Copyright (C) 2007-2013 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+@@ -129,15 +129,10 @@ iptRulesNew(const char *table,
return NULL;
}
@@ -36,7 +46,7 @@ index 00a1c29..407ca3a 100644
#if HAVE_FIREWALLD
virIpTablesInitialize();
if (firewall_cmd_path) {
-@@ -152,16 +147,36 @@ iptablesAddRemoveRule(iptRules *rules, int family, int action,
+@@ -154,16 +149,36 @@ iptablesAddRemoveRule(iptRules *rules, int family, int action,
virCommandAddArgList(cmd, "--table", rules->table,
action == ADD ? "--insert" : "--delete",
@@ -77,7 +87,7 @@ index 00a1c29..407ca3a 100644
}
/**
-@@ -370,28 +385,24 @@ iptablesForwardAllowOut(iptablesContext *ctx,
+@@ -372,28 +387,24 @@ iptablesForwardAllowOut(iptablesContext *ctx,
{
int ret;
char *networkstr;
@@ -109,7 +119,7 @@ index 00a1c29..407ca3a 100644
+ action);
+ virCommandAddArgList(cmd,
+ "--source", networkstr,
-+ "--in-interface", iface, NULL);
++ "--in-interface", iface, NULL);
+
+ if (physdev && physdev[0])
+ virCommandAddArgList(cmd, "--out-interface", physdev, NULL);
@@ -120,7 +130,7 @@ index 00a1c29..407ca3a 100644
VIR_FREE(networkstr);
return ret;
}
-@@ -797,6 +808,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+@@ -799,6 +810,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
{
int ret;
char *networkstr;
@@ -128,7 +138,7 @@ index 00a1c29..407ca3a 100644
if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
return -1;
-@@ -810,49 +822,23 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+@@ -812,49 +824,23 @@ iptablesForwardMasquerade(iptablesContext *ctx,
return -1;
}
@@ -196,5 +206,5 @@ index 00a1c29..407ca3a 100644
return ret;
}
--
-1.8.0.1
+1.8.1.2
diff --git a/main/libvirt/0002-net-add-support-for-specifying-port-range-for-forwar.patch b/main/libvirt/0002-net-add-support-for-specifying-port-range-for-forwar.patch
new file mode 100644
index 0000000000..3c1a32f10f
--- /dev/null
+++ b/main/libvirt/0002-net-add-support-for-specifying-port-range-for-forwar.patch
@@ -0,0 +1,379 @@
+From acca897f2d0631e2acd4c5c53fd57a4d0a3eb712 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Mon, 11 Feb 2013 10:08:56 +0100
+Subject: [PATCH 2/2] net: add support for specifying port range for forward
+ mode nat
+
+Let users set the port range to be used for forward mode NAT:
+
+...
+ <forward mode='nat'>
+ <nat>
+ <port start='1024' end='65535'/>
+ </nat>
+ </forward>
+...
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ docs/formatnetwork.html.in | 21 ++++++++++++++---
+ src/conf/network_conf.c | 57 +++++++++++++++++++++++++++++++++++++++------
+ src/conf/network_conf.h | 3 ++-
+ src/network/bridge_driver.c | 16 +++++++++++++
+ src/util/viriptables.c | 39 ++++++++++++++++++++++++-------
+ src/util/viriptables.h | 4 ++++
+ 6 files changed, 120 insertions(+), 20 deletions(-)
+
+diff --git a/docs/formatnetwork.html.in b/docs/formatnetwork.html.in
+index 5fbd0a9..adb5bb9 100644
+--- a/docs/formatnetwork.html.in
++++ b/docs/formatnetwork.html.in
+@@ -138,9 +138,11 @@
+ 0.4.2</span>
+
+ <p><span class="since">Since 1.0.3</span> it is possible to
+- specify a public IPv4 address range to be used for the NAT by
+- using the <code>&lt;nat&gt;</code> and
+- <code>&lt;address&gt;</code> subelements.
++ specify a public IPv4 address and port range to be used for
++ the NAT by using the <code>&lt;nat&gt;</code> subelement.
++ The address range is set with the <code>&lt;address&gt;</code>
++ subelements and <code>start</code> and <code>stop</code>
++ attributes:
+ <pre>
+ ...
+ &lt;forward mode='nat'&gt;
+@@ -154,6 +156,19 @@
+ <code>start</code> and <code>end</code> attributes to
+ the same value.
+ </p>
++ <p>
++ The port range to be used for the <code>&lt;nat&gt;</code> can
++ be set via the subelement <code>&lt;port&gt;</code>:
++ <pre>
++...
++ &lt;forward mode='nat'&gt;
++ &lt;nat&gt;
++ &lt;port start='500' end='1000'/&gt;
++ &lt;/nat&gt;
++ &lt;/forward&gt;
++...
++ </pre>
++ </p>
+ </dd>
+
+ <dt><code>route</code></dt>
+diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
+index 61d086a..5725800 100644
+--- a/src/conf/network_conf.c
++++ b/src/conf/network_conf.c
+@@ -1332,7 +1332,8 @@ virNetworkForwardNatDefParseXML(const char *networkName,
+ {
+ int ret = -1;
+ xmlNodePtr *natAddrNodes = NULL;
+- int nNatAddrs;
++ xmlNodePtr *natPortNodes = NULL;
++ int nNatAddrs, nNatPorts;
+ char *addr_start = NULL;
+ char *addr_end = NULL;
+ xmlNodePtr save = ctxt->node;
+@@ -1389,6 +1390,36 @@ virNetworkForwardNatDefParseXML(const char *networkName,
+ goto cleanup;
+ }
+
++ /* ports for SNAT and MASQUERADE */
++ nNatPorts = virXPathNodeSet("./port", ctxt, &natPortNodes);
++ if (nNatPorts < 0) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("invalid <port> element found in <forward> of "
++ "network %s"), networkName);
++ goto cleanup;
++ } else if (nNatPorts > 1) {
++ virReportError(VIR_ERR_XML_ERROR,
++ _("Only one <port> element is allowed in <nat> in "
++ "<forward> in network %s"), networkName);
++ goto cleanup;
++ } else if (nNatPorts == 1) {
++ if (virXPathUInt("string(./port[1]/@start)", ctxt, &def->port_start) < 0
++ || def->port_start > 65535) {
++
++ virReportError(VIR_ERR_XML_DETAIL,
++ _("Missing or invalid 'start' attribute in <port> "
++ "in <nat> in <forward> in network %s"),
++ networkName);
++ goto cleanup;
++ }
++ if (virXPathUInt("string(./port[1]/@end)", ctxt, &def->port_end) < 0
++ || def->port_end > 65535 || def->port_end < def->port_start) {
++ virReportError(VIR_ERR_XML_DETAIL,
++ _("Missing or invalid 'end' attribute in <port> in "
++ "<nat> in <forward> in network %s"), networkName);
++ goto cleanup;
++ }
++ }
+ ret = 0;
+
+ cleanup:
+@@ -2179,6 +2210,7 @@ virNatDefFormat(virBufferPtr buf,
+ char *addr_start = NULL;
+ char *addr_end = NULL;
+ int ret = -1;
++ int longdef;
+
+ if (VIR_SOCKET_ADDR_VALID(&fwd->addr_start)) {
+ addr_start = virSocketAddrFormat(&fwd->addr_start);
+@@ -2192,16 +2224,25 @@ virNatDefFormat(virBufferPtr buf,
+ goto cleanup;
+ }
+
+- if (!addr_end && !addr_start)
++ if (!addr_start && !addr_end && !fwd->port_start && !fwd->port_end)
+ return 0;
+
+ virBufferAddLit(buf, "<nat>\n");
+ virBufferAdjustIndent(buf, 2);
+
+- virBufferAsprintf(buf, "<address start='%s'", addr_start);
+- if (addr_end)
+- virBufferAsprintf(buf, " end='%s'", addr_end);
+- virBufferAsprintf(buf, "/>\n");
++ if (addr_start) {
++ virBufferAsprintf(buf, "<address start='%s'", addr_start);
++ if (addr_end)
++ virBufferAsprintf(buf, " end='%s'", addr_end);
++ virBufferAsprintf(buf, "/>\n");
++ }
++
++ if (fwd->port_start || fwd->port_end) {
++ virBufferAsprintf(buf, "<port start='%d'", fwd->port_start);
++ if (fwd->port_end)
++ virBufferAsprintf(buf, " end='%d'", fwd->port_end);
++ virBufferAsprintf(buf, "/>\n");
++ }
+
+ virBufferAdjustIndent(buf, -2);
+ virBufferAsprintf(buf, "</nat>\n");
+@@ -2259,7 +2300,9 @@ virNetworkDefFormatInternal(virBufferPtr buf,
+ }
+ shortforward = !(def->forward.nifs || def->forward.npfs
+ || VIR_SOCKET_ADDR_VALID(&def->forward.addr_start)
+- || VIR_SOCKET_ADDR_VALID(&def->forward.addr_end));
++ || VIR_SOCKET_ADDR_VALID(&def->forward.addr_end)
++ || def->forward.port_start
++ || def->forward.port_end);
+ virBufferAsprintf(buf, "%s>\n", shortforward ? "/" : "");
+ virBufferAdjustIndent(buf, 2);
+
+diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
+index 1a598e3..7df2426 100644
+--- a/src/conf/network_conf.h
++++ b/src/conf/network_conf.h
+@@ -175,8 +175,9 @@ struct _virNetworkForwardDef {
+ size_t nifs;
+ virNetworkForwardIfDefPtr ifs;
+
+- /* adresses for SNAT */
++ /* ranges for NAT */
+ virSocketAddr addr_start, addr_end;
++ unsigned int port_start, port_end;
+ };
+
+ typedef struct _virPortGroupDef virPortGroupDef;
+diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
+index 6d74c1f..5c83085 100644
+--- a/src/network/bridge_driver.c
++++ b/src/network/bridge_driver.c
+@@ -1589,6 +1589,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ NULL) < 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ forwardIf ?
+@@ -1605,6 +1607,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ "udp") < 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ forwardIf ?
+@@ -1621,6 +1625,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ "tcp") < 0) {
+ virReportError(VIR_ERR_SYSTEM_ERROR,
+ forwardIf ?
+@@ -1639,6 +1645,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ "udp");
+ masqerr4:
+ iptablesRemoveForwardMasquerade(driver->iptables,
+@@ -1647,6 +1655,8 @@ networkAddMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ NULL);
+ masqerr3:
+ iptablesRemoveForwardAllowRelatedIn(driver->iptables,
+@@ -1679,6 +1689,8 @@ networkRemoveMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ "tcp");
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ &ipdef->address,
+@@ -1686,6 +1698,8 @@ networkRemoveMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ "udp");
+ iptablesRemoveForwardMasquerade(driver->iptables,
+ &ipdef->address,
+@@ -1693,6 +1707,8 @@ networkRemoveMasqueradingIptablesRules(struct network_driver *driver,
+ forwardIf,
+ &network->def->forward.addr_start,
+ &network->def->forward.addr_end,
++ network->def->forward.port_start,
++ network->def->forward.port_end,
+ NULL);
+
+ iptablesRemoveForwardAllowRelatedIn(driver->iptables,
+diff --git a/src/util/viriptables.c b/src/util/viriptables.c
+index 3f0dcf0..aa48520 100644
+--- a/src/util/viriptables.c
++++ b/src/util/viriptables.c
+@@ -807,6 +807,8 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+ const char *physdev,
+ virSocketAddr *addr_start,
+ virSocketAddr *addr_end,
++ unsigned int port_start,
++ unsigned int port_end,
+ const char *protocol,
+ int action)
+ {
+@@ -815,6 +817,7 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+ char *addr_start_str = NULL;
+ char *addr_end_str = NULL;
+ virCommandPtr cmd = NULL;
++ char port_str[sizeof(":65535-65535")] = "";
+
+ if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
+ return -1;
+@@ -849,19 +852,27 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+ if (physdev && physdev[0])
+ virCommandAddArgList(cmd, "--out-interface", physdev, NULL);
+
++ if (protocol && protocol[0]) {
++ if (port_start == 0 && port_end == 0) {
++ port_start = 1024;
++ port_end = 65535;
++ }
++
++ if (port_start < port_end && port_end < 65536)
++ snprintf(port_str, sizeof(port_str), ":%d-%d",
++ port_start, port_end);
++ }
++
+ /* Use --jump SNAT if public addr is specified */
+ if (addr_start_str && addr_start_str[0]) {
+ char tmpstr[sizeof("123.123.123.123-123.123.123.123:65535-65535")];
+- const char *portstr = "";
+
+ memset(tmpstr, 0, sizeof(tmpstr));
+- if (protocol && protocol[0])
+- portstr = ":1024-65535";
+ if (addr_end_str && addr_end_str[0]) {
+ snprintf(tmpstr, sizeof(tmpstr), "%s-%s%s",
+- addr_start_str, addr_end_str, portstr);
++ addr_start_str, addr_end_str, port_str);
+ } else {
+- snprintf(tmpstr, sizeof(tmpstr), "%s%s", addr_start_str, portstr);
++ snprintf(tmpstr, sizeof(tmpstr), "%s%s", addr_start_str, port_str);
+ }
+
+ virCommandAddArgList(cmd, "--jump", "SNAT",
+@@ -869,8 +880,8 @@ iptablesForwardMasquerade(iptablesContext *ctx,
+ } else {
+ virCommandAddArgList(cmd, "--jump", "MASQUERADE", NULL);
+
+- if (protocol && protocol[0])
+- virCommandAddArgList(cmd, "--to-ports", "1024-65535", NULL);
++ if (port_str[0])
++ virCommandAddArgList(cmd, "--to-ports", &port_str[1], NULL);
+ }
+
+ ret = iptablesCommandRunAndFree(cmd);
+@@ -899,9 +910,14 @@ iptablesAddForwardMasquerade(iptablesContext *ctx,
+ const char *physdev,
+ virSocketAddr *addr_start,
+ virSocketAddr *addr_end,
++ unsigned int port_start,
++ unsigned int port_end,
+ const char *protocol)
+ {
+- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, addr_start, addr_end, protocol, ADD);
++ return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev,
++ addr_start, addr_end,
++ port_start, port_end,
++ protocol, ADD);
+ }
+
+ /**
+@@ -924,9 +940,14 @@ iptablesRemoveForwardMasquerade(iptablesContext *ctx,
+ const char *physdev,
+ virSocketAddr *addr_start,
+ virSocketAddr *addr_end,
++ unsigned int port_start,
++ unsigned int port_end,
+ const char *protocol)
+ {
+- return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev, addr_start, addr_end, protocol, REMOVE);
++ return iptablesForwardMasquerade(ctx, netaddr, prefix, physdev,
++ addr_start, addr_end,
++ port_start, port_end,
++ protocol, REMOVE);
+ }
+
+
+diff --git a/src/util/viriptables.h b/src/util/viriptables.h
+index 4241380..f2db368 100644
+--- a/src/util/viriptables.h
++++ b/src/util/viriptables.h
+@@ -109,6 +109,8 @@ int iptablesAddForwardMasquerade (iptablesContext *ctx,
+ const char *physdev,
+ virSocketAddr *addr_start,
+ virSocketAddr *addr_end,
++ unsigned int port_start,
++ unsigned int port_end,
+ const char *protocol);
+ int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
+ virSocketAddr *netaddr,
+@@ -116,6 +118,8 @@ int iptablesRemoveForwardMasquerade (iptablesContext *ctx,
+ const char *physdev,
+ virSocketAddr *addr_start,
+ virSocketAddr *addr_end,
++ unsigned int port_start,
++ unsigned int port_end,
+ const char *protocol);
+ int iptablesAddOutputFixUdpChecksum (iptablesContext *ctx,
+ const char *iface,
+--
+1.8.1.2
+
diff --git a/main/libvirt/APKBUILD b/main/libvirt/APKBUILD
index fb246694d3..836fd2f42c 100644
--- a/main/libvirt/APKBUILD
+++ b/main/libvirt/APKBUILD
@@ -1,10 +1,8 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=libvirt
-vmajor="1.0.0"
-vminor=""
-pkgver="${vmajor}"
+pkgver="1.0.2"
_ver="${pkgver/_rc/-rc}"
-pkgrel=2
+pkgrel=0
pkgdesc="A virtualization API for several hypervisor and container systems"
url="http://libvirt.org/"
arch="all"
@@ -14,7 +12,7 @@ makedepends="augeas-dev bridge-utils cyrus-sasl-dev device-mapper
e2fsprogs-dev gnutls-dev libcap-ng-dev libgpg-error-dev
libnetcf-dev libnl-dev libxml2-dev libxslt-dev libtasn1-dev
lvm2-dev lxc-dev gnutls-dev libgcrypt-dev parted-dev perl pkgconfig
- udev-dev zlib-dev yajl-dev libpcap-dev curl-dev"
+ udev-dev zlib-dev yajl-dev libpcap-dev curl-dev libpciaccess-dev"
install=
subpackages="$pkgname-client $pkgname-daemon $pkgname-dev $pkgname-doc $pkgname-lang
$pkgname-lxc $pkgname-qemu $pkgname-uml"
@@ -22,9 +20,13 @@ source="http://libvirt.org/sources/$pkgname-$pkgver.tar.gz
libvirt.confd
libvirt.initd
uclibc-physmem.patch
- libvirt-1.0.0-remove-uclibc-mkostemp-redefine.patch
0001-util-refactor-iptables-command-construction-into-mul.patch
- 0001-net-support-set-public-ip-for-forward-mode-nat.patch
+
+ 0001-net-support-set-public-ip-range-for-forward-mode-nat.patch
+ 0002-net-add-support-for-specifying-port-range-for-forwar.patch
+
+ 0001-complete-virterror-virerror-name-change.patch
+ 0001-Fix-missing-error-constants-in-libvirt-python-module.patch
"
if [ "$ALPINE_LIBC" != "eglibc" ]; then
@@ -32,10 +34,10 @@ if [ "$ALPINE_LIBC" != "eglibc" ]; then
makedepends="$makedepends xen-dev"
fi
-_builddir="$srcdir"/$pkgname-$vmajor
+_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
- cd "$_builddir"
+ cd "$_builddir" || return 1
for patch in $source; do
case $patch in
# we concider patches with uclibc in its name
@@ -104,50 +106,52 @@ client() {
}
_mv_driver() {
- mkdir -p "$subpkgdir"/usr/lib/libvirt/connection-driver \
- "$subpkgdir"/etc/libvirt "$subpkgdir"/etc/logrotate.d
- mv "$pkgdir"/usr/lib/libvirt/connection-driver/libvirt_driver_$1.so \
- "$subpkgdir"/usr/lib/libvirt/connection-driver/
- if [ "$1" != "xen" ]; then
- mv "$pkgdir"/etc/logrotate.d/libvirtd.$1 \
- "$subpkgdir"/etc/logrotate.d/
+ local _name="$1" _driver="$2" _pkg="$3"
+ pkgdesc="$_name driver for libvirt"
+ depends="libvirt-daemon logrotate"
+ replaces="libvirt"
+ if [ -n "$_pkg" ]; then
+ install_if="$pkgname-daemon=$pkgver-r$pkgrel $_pkg"
+ else
+ install_if=
+ fi
+ local _dir=/usr/lib/libvirt/connection-driver
+ mkdir -p "$subpkgdir"/$_dir \
+ "$subpkgdir"/etc/libvirt \
+ "$subpkgdir"/etc/logrotate.d
+
+ mv "$pkgdir"/$_dir/libvirt_driver_$_driver.so "$subpkgdir"/$_dir/ \
+ || return 1
+
+ if [ -e "$pkgdir"/etc/logrotate.d/libvirtd.$_driver ]; then
+ mv "$pkgdir"/etc/logrotate.d/libvirtd.$_driver \
+ "$subpkgdir"/etc/logrotate.d/
fi
}
qemu() {
- pkgdesc="QEMU driver for libvirt"
- depends="libvirt-daemon logrotate"
- replaces="libvirt"
- _mv_driver qemu
+ _mv_driver "QEMU" qemu qemu
mv "$pkgdir"/etc/libvirt/qemu.conf "$subpkgdir"/etc/libvirt/
}
xen() {
- pkgdesc="XEN driver for libvirt"
- depends="libvirt-daemon"
- replaces="libvirt"
- _mv_driver xen
+ _mv_driver "XEN" xen xen
}
lxc() {
- pkgdesc="lxc driver for libvirt"
- depends="libvirt-daemon logrotate"
- replaces="libvirt"
- _mv_driver lxc
+ _mv_driver "LXC" lxc lxc
}
uml() {
- pkgdesc="UML driver for libvirt"
- depends="libvirt-daemon logrotate"
- replaces="libvirt"
- _mv_driver uml
+ _mv_driver "UML" uml
}
-md5sums="7c8b006de7338e30866bb56738803b21 libvirt-1.0.0.tar.gz
+md5sums="7e268ed702c4331d393e5b43449cae13 libvirt-1.0.2.tar.gz
1c84a7baeafe0a7f4e9d7ae5180311b7 libvirt.confd
d897df38c7e7fa1a297aa551108633c9 libvirt.initd
df9cbfaf8a6e520a4822914a300add4d uclibc-physmem.patch
-e992133db641b20cb43dda704518984d libvirt-1.0.0-remove-uclibc-mkostemp-redefine.patch
-671eb364f071e67f58ab2c01ec357567 0001-util-refactor-iptables-command-construction-into-mul.patch
-20ef9eab94e9a52aa401ddbcb066aeb2 0001-net-support-set-public-ip-for-forward-mode-nat.patch"
-
+98a496d6d606c3406e6f8b03c3b25028 0001-util-refactor-iptables-command-construction-into-mul.patch
+05789e003f4b90808b6898e9d72ad8f4 0001-net-support-set-public-ip-range-for-forward-mode-nat.patch
+de01f68b563a51dd39b873c5eade0f25 0002-net-add-support-for-specifying-port-range-for-forwar.patch
+854982416fafeabbeca06e807c868a9c 0001-complete-virterror-virerror-name-change.patch
+dcb427eeceb5dcb79e5ea8eef748e44d 0001-Fix-missing-error-constants-in-libvirt-python-module.patch"
diff --git a/main/libvirt/libvirt-1.0.0-remove-uclibc-mkostemp-redefine.patch b/main/libvirt/libvirt-1.0.0-remove-uclibc-mkostemp-redefine.patch
deleted file mode 100644
index f7e5a5e143..0000000000
--- a/main/libvirt/libvirt-1.0.0-remove-uclibc-mkostemp-redefine.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- a/src/util/logging.c
-+++ b/src/util/logging.c
-@@ -58,11 +58,6 @@
-
- #define VIR_FROM_THIS VIR_FROM_NONE
-
--#ifdef __UCLIBC__
--/* uclibc does not implement mkostemp GNU extention */
--#define mkostemp(x,y) mkstemp(x)
--#endif
--
- VIR_ENUM_DECL(virLogSource)
- VIR_ENUM_IMPL(virLogSource, VIR_LOG_FROM_LAST,
- "file",