From nobody Thu Nov 28 10:46:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1524842927973445.8333115910582; Fri, 27 Apr 2018 08:28:47 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 72DBFC03D472; Fri, 27 Apr 2018 15:28:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4569231327A1; Fri, 27 Apr 2018 15:28:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B71314CAA2; Fri, 27 Apr 2018 15:28:45 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w3RFPSiM032345 for ; Fri, 27 Apr 2018 11:25:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8B3F7AB3EF; Fri, 27 Apr 2018 15:25:28 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id 252CC83B71; Fri, 27 Apr 2018 15:25:28 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Fri, 27 Apr 2018 16:25:13 +0100 Message-Id: <20180427152513.28928-15-berrange@redhat.com> In-Reply-To: <20180427152513.28928-1-berrange@redhat.com> References: <20180427152513.28928-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH WIP 14/14] nwfilter: remove virt driver callback layer for rebuilding filters X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 27 Apr 2018 15:28:47 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Now that the nwfilter driver keeps a list of bindings that it has created, there is no need for the complex virt driver callbacks. It is possible to simply iterate of the list of recorded filter bindings. This means that rebuilding filters no longer has to acquire any locks on the virDomainObj objects, as they're never touched. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/conf/nwfilter_conf.c | 169 ++++++++++-------------------= ---- src/conf/nwfilter_conf.h | 51 +--------- src/conf/virnwfilterobj.c | 4 +- src/libvirt_private.syms | 3 +- src/lxc/lxc_driver.c | 28 ------ src/nwfilter/nwfilter_driver.c | 22 +++-- src/nwfilter/nwfilter_gentech_driver.c | 169 ++++++++++++++++++++---------= ---- src/nwfilter/nwfilter_gentech_driver.h | 4 +- src/qemu/qemu_driver.c | 25 ----- src/uml/uml_driver.c | 29 ------ 10 files changed, 175 insertions(+), 329 deletions(-) diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index 3d2ae9d0f3..83c9ff920f 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -2819,121 +2819,6 @@ virNWFilterSaveConfig(const char *configDir, } =20 =20 -int nCallbackDriver; -#define MAX_CALLBACK_DRIVER 10 -static virNWFilterCallbackDriverPtr callbackDrvArray[MAX_CALLBACK_DRIVER]; - -void -virNWFilterRegisterCallbackDriver(virNWFilterCallbackDriverPtr cbd) -{ - if (nCallbackDriver < MAX_CALLBACK_DRIVER) - callbackDrvArray[nCallbackDriver++] =3D cbd; -} - - -void -virNWFilterUnRegisterCallbackDriver(virNWFilterCallbackDriverPtr cbd) -{ - size_t i =3D 0; - - while (i < nCallbackDriver && callbackDrvArray[i] !=3D cbd) - i++; - - if (i < nCallbackDriver) { - memmove(&callbackDrvArray[i], &callbackDrvArray[i+1], - (nCallbackDriver - i - 1) * sizeof(callbackDrvArray[i])); - callbackDrvArray[i] =3D 0; - nCallbackDriver--; - } -} - - -void -virNWFilterCallbackDriversLock(void) -{ - size_t i; - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmDriverLock(); -} - - -void -virNWFilterCallbackDriversUnlock(void) -{ - size_t i; - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmDriverUnlock(); -} - - -static virDomainObjListIterator virNWFilterDomainFWUpdateCB; -static void *virNWFilterDomainFWUpdateOpaque; - -/** - * virNWFilterInstFiltersOnAllVMs: - * Apply all filters on all running VMs. Don't terminate in case of an - * error. This should be called upon reloading of the driver. - */ -int -virNWFilterInstFiltersOnAllVMs(void) -{ - size_t i; - struct domUpdateCBStruct cb =3D { - .opaque =3D virNWFilterDomainFWUpdateOpaque, - .step =3D STEP_APPLY_CURRENT, - .skipInterfaces =3D NULL, /* not needed */ - }; - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB, - &cb); - - return 0; -} - - -int -virNWFilterTriggerVMFilterRebuild(void) -{ - size_t i; - int ret =3D 0; - struct domUpdateCBStruct cb =3D { - .opaque =3D virNWFilterDomainFWUpdateOpaque, - .step =3D STEP_APPLY_NEW, - .skipInterfaces =3D virHashCreate(0, NULL), - }; - - if (!cb.skipInterfaces) - return -1; - - for (i =3D 0; i < nCallbackDriver; i++) { - if (callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, - &cb) < 0) - ret =3D -1; - } - - if (ret < 0) { - cb.step =3D STEP_TEAR_NEW; /* rollback */ - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, - &cb); - } else { - cb.step =3D STEP_TEAR_OLD; /* switch over */ - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, - &cb); - } - - virHashFree(cb.skipInterfaces); - - return ret; -} - - int virNWFilterDeleteDef(const char *configDir, virNWFilterDefPtr def) @@ -3204,16 +3089,18 @@ virNWFilterDefFormat(const virNWFilterDef *def) return NULL; } =20 +static virNWFilterTriggerRebuildCallback rebuildCallback; +static void *rebuildOpaque; =20 int -virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB, +virNWFilterConfLayerInit(virNWFilterTriggerRebuildCallback cb, void *opaque) { if (initialized) return -1; =20 - virNWFilterDomainFWUpdateCB =3D domUpdateCB; - virNWFilterDomainFWUpdateOpaque =3D opaque; + rebuildCallback =3D cb; + rebuildOpaque =3D opaque; =20 initialized =3D true; =20 @@ -3233,8 +3120,50 @@ virNWFilterConfLayerShutdown(void) virRWLockDestroy(&updateLock); =20 initialized =3D false; - virNWFilterDomainFWUpdateOpaque =3D NULL; - virNWFilterDomainFWUpdateCB =3D NULL; + rebuildCallback =3D NULL; + rebuildOpaque =3D NULL; +} + +int +virNWFilterTriggerRebuild(void) +{ +#if 0 + size_t i; + int ret =3D 0; + struct domUpdateCBStruct cb =3D { + .opaque =3D virNWFilterDomainFWUpdateOpaque, + .step =3D STEP_APPLY_NEW, + .skipInterfaces =3D virHashCreate(0, NULL), + }; + + if (!cb.skipInterfaces) + return -1; + + for (i =3D 0; i < nCallbackDriver; i++) { + if (callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, + &cb) < 0) + ret =3D -1; + } + + if (ret < 0) { + cb.step =3D STEP_TEAR_NEW; /* rollback */ + + for (i =3D 0; i < nCallbackDriver; i++) + callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, + &cb); + } else { + cb.step =3D STEP_TEAR_OLD; /* switch over */ + + for (i =3D 0; i < nCallbackDriver; i++) + callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, + &cb); + } + + virHashFree(cb.skipInterfaces); + + return ret; +#endif + return rebuildCallback(rebuildOpaque); } =20 =20 diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 8c5421ee62..3b36a02a78 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -559,20 +559,6 @@ struct virNWFilterBinding { }; =20 =20 -typedef enum { - STEP_APPLY_NEW, - STEP_TEAR_NEW, - STEP_TEAR_OLD, - STEP_APPLY_CURRENT, -} UpdateStep; - -struct domUpdateCBStruct { - void *opaque; - UpdateStep step; - virHashTablePtr skipInterfaces; -}; - - void virNWFilterRuleDefFree(virNWFilterRuleDefPtr def); =20 @@ -580,7 +566,7 @@ void virNWFilterDefFree(virNWFilterDefPtr def); =20 int -virNWFilterTriggerVMFilterRebuild(void); +virNWFilterTriggerRebuild(void); =20 int virNWFilterDeleteDef(const char *configDir, @@ -612,44 +598,15 @@ virNWFilterReadLockFilterUpdates(void); void virNWFilterUnlockFilterUpdates(void); =20 +typedef int (*virNWFilterTriggerRebuildCallback)(void *opaque); + int -virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB, +virNWFilterConfLayerInit(virNWFilterTriggerRebuildCallback cb, void *opaque); =20 void virNWFilterConfLayerShutdown(void); =20 -int -virNWFilterInstFiltersOnAllVMs(void); - -typedef int -(*virNWFilterRebuild)(virDomainObjListIterator domUpdateCB, - void *data); - -typedef void -(*virNWFilterVoidCall)(void); - -typedef struct _virNWFilterCallbackDriver virNWFilterCallbackDriver; -typedef virNWFilterCallbackDriver *virNWFilterCallbackDriverPtr; -struct _virNWFilterCallbackDriver { - const char *name; - - virNWFilterRebuild vmFilterRebuild; - virNWFilterVoidCall vmDriverLock; - virNWFilterVoidCall vmDriverUnlock; -}; - -void -virNWFilterRegisterCallbackDriver(virNWFilterCallbackDriverPtr); - -void -virNWFilterUnRegisterCallbackDriver(virNWFilterCallbackDriverPtr); - -void -virNWFilterCallbackDriversLock(void); - -void -virNWFilterCallbackDriversUnlock(void); =20 char * virNWFilterPrintTCPFlags(uint8_t flags); diff --git a/src/conf/virnwfilterobj.c b/src/conf/virnwfilterobj.c index 87d7e72703..0136a0d56c 100644 --- a/src/conf/virnwfilterobj.c +++ b/src/conf/virnwfilterobj.c @@ -276,7 +276,7 @@ virNWFilterObjTestUnassignDef(virNWFilterObjPtr obj) =20 obj->wantRemoved =3D true; /* trigger the update on VMs referencing the filter */ - if (virNWFilterTriggerVMFilterRebuild() < 0) + if (virNWFilterTriggerRebuild() < 0) rc =3D -1; =20 obj->wantRemoved =3D false; @@ -358,7 +358,7 @@ virNWFilterObjListAssignDef(virNWFilterObjListPtr nwfil= ters, =20 obj->newDef =3D def; /* trigger the update on VMs referencing the filter */ - if (virNWFilterTriggerVMFilterRebuild() < 0) { + if (virNWFilterTriggerRebuild() < 0) { obj->newDef =3D NULL; virNWFilterObjUnlock(obj); return NULL; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 9fc0aa470d..fd5edc86ad 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -792,7 +792,6 @@ virNWFilterDefFree; virNWFilterDefParseFile; virNWFilterDefParseString; virNWFilterDeleteDef; -virNWFilterInstFiltersOnAllVMs; virNWFilterJumpTargetTypeToString; virNWFilterPrintStateMatchFlags; virNWFilterPrintTCPFlags; @@ -805,7 +804,7 @@ virNWFilterRuleIsProtocolIPv4; virNWFilterRuleIsProtocolIPv6; virNWFilterRuleProtocolTypeToString; virNWFilterSaveConfig; -virNWFilterTriggerVMFilterRebuild; +virNWFilterTriggerRebuild; virNWFilterUnlockFilterUpdates; virNWFilterUnRegisterCallbackDriver; virNWFilterWriteLockFilterUpdates; diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index ca01d369d5..a6b689aef0 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -66,7 +66,6 @@ #include "virfdstream.h" #include "domain_audit.h" #include "domain_nwfilter.h" -#include "nwfilter_conf.h" #include "virinitctl.h" #include "virnetdev.h" #include "virnetdevtap.h" @@ -95,31 +94,6 @@ static int lxcStateInitialize(bool privileged, static int lxcStateCleanup(void); virLXCDriverPtr lxc_driver =3D NULL; =20 -/* callbacks for nwfilter */ -static int -lxcVMFilterRebuild(virDomainObjListIterator iter, void *data) -{ - return virDomainObjListForEach(lxc_driver->domains, iter, data); -} - -static void -lxcVMDriverLock(void) -{ - lxcDriverLock(lxc_driver); -} - -static void -lxcVMDriverUnlock(void) -{ - lxcDriverUnlock(lxc_driver); -} - -static virNWFilterCallbackDriver lxcCallbackDriver =3D { - .name =3D "LXC", - .vmFilterRebuild =3D lxcVMFilterRebuild, - .vmDriverLock =3D lxcVMDriverLock, - .vmDriverUnlock =3D lxcVMDriverUnlock, -}; =20 /** * lxcDomObjFromDomain: @@ -1691,7 +1665,6 @@ static int lxcStateInitialize(bool privileged, NULL, NULL) < 0) goto cleanup; =20 - virNWFilterRegisterCallbackDriver(&lxcCallbackDriver); virObjectUnref(caps); return 0; =20 @@ -1764,7 +1737,6 @@ static int lxcStateCleanup(void) if (lxc_driver =3D=3D NULL) return -1; =20 - virNWFilterUnRegisterCallbackDriver(&lxcCallbackDriver); virObjectUnref(lxc_driver->domains); virObjectUnref(lxc_driver->domainEventState); =20 diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index ccbcfbbf67..92389840fd 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -170,6 +170,15 @@ static void virNWFilterBindingDataFree(void *payload, = const void *name ATTRIBUTE virNWFilterBindingFree(binding); } =20 + +static int virNWFilterTriggerRebuildImpl(void *opaque) +{ + virNWFilterDriverStatePtr nwdriver =3D opaque; + + return virNWFilterBuildAll(nwdriver, true); +} + + /** * nwfilterStateInitialize: * @@ -216,7 +225,7 @@ nwfilterStateInitialize(bool privileged, if (virNWFilterTechDriversInit(privileged) < 0) goto err_dhcpsnoop_shutdown; =20 - if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB, + if (virNWFilterConfLayerInit(virNWFilterTriggerRebuildImpl, driver) < 0) goto err_techdrivers_shutdown; =20 @@ -306,15 +315,14 @@ nwfilterStateReload(void) =20 nwfilterDriverLock(); virNWFilterWriteLockFilterUpdates(); - virNWFilterCallbackDriversLock(); =20 virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir); =20 - virNWFilterCallbackDriversUnlock(); virNWFilterUnlockFilterUpdates(); - nwfilterDriverUnlock(); =20 - virNWFilterInstFiltersOnAllVMs(); + virNWFilterBuildAll(driver, false); + + nwfilterDriverUnlock(); =20 return 0; } @@ -550,7 +558,6 @@ nwfilterDefineXML(virConnectPtr conn, =20 nwfilterDriverLock(); virNWFilterWriteLockFilterUpdates(); - virNWFilterCallbackDriversLock(); =20 if (!(def =3D virNWFilterDefParseString(xml))) goto cleanup; @@ -575,7 +582,6 @@ nwfilterDefineXML(virConnectPtr conn, if (obj) virNWFilterObjUnlock(obj); =20 - virNWFilterCallbackDriversUnlock(); virNWFilterUnlockFilterUpdates(); nwfilterDriverUnlock(); return nwfilter; @@ -591,7 +597,6 @@ nwfilterUndefine(virNWFilterPtr nwfilter) =20 nwfilterDriverLock(); virNWFilterWriteLockFilterUpdates(); - virNWFilterCallbackDriversLock(); =20 if (!(obj =3D nwfilterObjFromNWFilter(nwfilter->uuid))) goto cleanup; @@ -618,7 +623,6 @@ nwfilterUndefine(virNWFilterPtr nwfilter) if (obj) virNWFilterObjUnlock(obj); =20 - virNWFilterCallbackDriversUnlock(); virNWFilterUnlockFilterUpdates(); nwfilterDriverUnlock(); return ret; diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter= _gentech_driver.c index 0dc51d16c5..5c83b06504 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -153,9 +153,9 @@ virNWFilterVarHashmapAddStdValues(virHashTablePtr table, if (!val) return -1; =20 - if (virHashAddEntry(table, - NWFILTER_STD_VAR_MAC, - val) < 0) { + if (virHashUpdateEntry(table, + NWFILTER_STD_VAR_MAC, + val) < 0) { virNWFilterVarValueFree(val); virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not add variable 'MAC' to hashma= p")); @@ -168,9 +168,9 @@ virNWFilterVarHashmapAddStdValues(virHashTablePtr table, if (!val) return -1; =20 - if (virHashAddEntry(table, - NWFILTER_STD_VAR_IP, - val) < 0) { + if (virHashUpdateEntry(table, + NWFILTER_STD_VAR_IP, + val) < 0) { virNWFilterVarValueFree(val); virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not add variable 'IP' to hashmap= ")); @@ -1000,72 +1000,111 @@ virNWFilterTeardownFilter(virNWFilterBindingPtr bi= nding) return ret; } =20 +enum { + STEP_APPLY_NEW, + STEP_TEAR_NEW, + STEP_TEAR_OLD, + STEP_APPLY_CURRENT, +}; =20 -int -virNWFilterDomainFWUpdateCB(virDomainObjPtr obj, - void *data) +static int +virNWFilterBuildOne(virNWFilterDriverStatePtr driver, + virNWFilterBindingPtr binding, + virHashTablePtr skipInterfaces, + int step) { - virDomainDefPtr vm =3D obj->def; - struct domUpdateCBStruct *cb =3D data; - size_t i; bool skipIface; int ret =3D 0; - - virObjectLock(obj); - - if (virDomainObjIsActive(obj)) { - for (i =3D 0; i < vm->nnets; i++) { - virDomainNetDefPtr net =3D vm->nets[i]; - virNWFilterBinding binding =3D { - .ownername =3D vm->name, - .portdevname =3D net->ifname, - .linkdevname =3D (net->type =3D=3D VIR_DOMAIN_NET_TYPE_DIR= ECT ? - net->data.direct.linkdev : NULL), - .mac =3D net->mac, - .filter =3D net->filter, - .filterparams =3D net->filterparams, - }; - memcpy(binding.owneruuid, vm->uuid, sizeof(binding.owneruuid)); - if ((net->filter) && (net->ifname)) { - switch (cb->step) { - case STEP_APPLY_NEW: - ret =3D virNWFilterUpdateInstantiateFilter(cb->opaque, - &binding, - &skipIface); - if (ret =3D=3D 0 && skipIface) { - /* filter tree unchanged -- no update needed */ - ret =3D virHashAddEntry(cb->skipInterfaces, - net->ifname, - (void *)~0); - } - break; - - case STEP_TEAR_NEW: - if (!virHashLookup(cb->skipInterfaces, net->ifname)) - ret =3D virNWFilterRollbackUpdateFilter(&binding); - break; - - case STEP_TEAR_OLD: - if (!virHashLookup(cb->skipInterfaces, net->ifname)) - ret =3D virNWFilterTearOldFilter(&binding); - break; - - case STEP_APPLY_CURRENT: - ret =3D virNWFilterInstantiateFilter(cb->opaque, - &binding); - if (ret) - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Failure while applying current f= ilter on " - "VM %s"), vm->name); - break; - } - if (ret) - break; - } + VIR_DEBUG("Building filter for portdev=3D%s step=3D%d", binding->portd= evname, step); + + switch (step) { + case STEP_APPLY_NEW: + ret =3D virNWFilterUpdateInstantiateFilter(driver, + binding, + &skipIface); + if (ret =3D=3D 0 && skipIface) { + /* filter tree unchanged -- no update needed */ + ret =3D virHashAddEntry(skipInterfaces, + binding->portdevname, + (void *)~0); } + break; + + case STEP_TEAR_NEW: + if (!virHashLookup(skipInterfaces, binding->portdevname)) + ret =3D virNWFilterRollbackUpdateFilter(binding); + break; + + case STEP_TEAR_OLD: + if (!virHashLookup(skipInterfaces, binding->portdevname)) + ret =3D virNWFilterTearOldFilter(binding); + break; + + case STEP_APPLY_CURRENT: + ret =3D virNWFilterInstantiateFilter(driver, + binding); + break; } =20 - virObjectUnlock(obj); + return ret; +} + + +struct virNWFilterBuildData { + virNWFilterDriverStatePtr driver; + virHashTablePtr skipInterfaces; + int step; +}; + +static int +virNWFilterBuildIter(void *payload, const void *name ATTRIBUTE_UNUSED, voi= d *opaque) +{ + virNWFilterBindingPtr binding =3D payload; + struct virNWFilterBuildData *data =3D opaque; + + return virNWFilterBuildOne(data->driver, binding, + data->skipInterfaces, data->step); +} + +int +virNWFilterBuildAll(virNWFilterDriverStatePtr driver, + bool newFilters) +{ + struct virNWFilterBuildData data =3D { + .driver =3D driver, + }; + int ret =3D 0; + + VIR_DEBUG("Build all filters newFilters=3D%d", newFilters); + + if (newFilters) { + if (!(data.skipInterfaces =3D virHashCreate(0, NULL))) + return -1; + + data.step =3D STEP_APPLY_NEW; + if (virHashForEach(driver->bindings, + virNWFilterBuildIter, + &data) < 0) + ret =3D -1; + + if (ret =3D=3D -1) { + data.step =3D STEP_TEAR_NEW; + virHashForEach(driver->bindings, + virNWFilterBuildIter, + &data); + } else { + data.step =3D STEP_TEAR_OLD; + virHashForEach(driver->bindings, + virNWFilterBuildIter, + &data); + } + } else { + data.step =3D STEP_APPLY_CURRENT; + if (virHashForEach(driver->bindings, + virNWFilterBuildIter, + &data) < 0) + ret =3D -1; + } return ret; } =20 diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter= _gentech_driver.h index 0d846dc92f..8bfc323808 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -52,8 +52,8 @@ int virNWFilterTeardownFilter(virNWFilterBindingPtr bindi= ng); virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr, const virNWFilterVarValue *value); =20 -int virNWFilterDomainFWUpdateCB(virDomainObjPtr vm, - void *data); +int virNWFilterBuildAll(virNWFilterDriverStatePtr driver, + bool newFilters); =20 virNWFilterBindingPtr virNWFilterBindingForNet(const char *vmname, const unsigned char *vmuuid, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 7484b00e23..668891a119 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -84,7 +84,6 @@ #include "cpu/cpu.h" #include "virsysinfo.h" #include "domain_nwfilter.h" -#include "nwfilter_conf.h" #include "virhook.h" #include "virstoragefile.h" #include "virfile.h" @@ -164,28 +163,6 @@ static int qemuARPGetInterfaces(virDomainObjPtr vm, =20 static virQEMUDriverPtr qemu_driver; =20 - -static void -qemuVMDriverLock(void) -{} -static void -qemuVMDriverUnlock(void) -{} - -static int -qemuVMFilterRebuild(virDomainObjListIterator iter, void *data) -{ - return virDomainObjListForEach(qemu_driver->domains, iter, data); -} - -static virNWFilterCallbackDriver qemuCallbackDriver =3D { - .name =3D QEMU_DRIVER_NAME, - .vmFilterRebuild =3D qemuVMFilterRebuild, - .vmDriverLock =3D qemuVMDriverLock, - .vmDriverUnlock =3D qemuVMDriverUnlock, -}; - - /** * qemuDomObjFromDomain: * @domain: Domain pointer that has to be looked up @@ -938,7 +915,6 @@ qemuStateInitialize(bool privileged, if (!qemu_driver->workerPool) goto error; =20 - virNWFilterRegisterCallbackDriver(&qemuCallbackDriver); return 0; =20 error: @@ -1078,7 +1054,6 @@ qemuStateCleanup(void) if (!qemu_driver) return -1; =20 - virNWFilterUnRegisterCallbackDriver(&qemuCallbackDriver); virThreadPoolFree(qemu_driver->workerPool); virObjectUnref(qemu_driver->config); virObjectUnref(qemu_driver->hostdevMgr); diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c index b50ba1ba64..4da8fdf473 100644 --- a/src/uml/uml_driver.c +++ b/src/uml/uml_driver.c @@ -55,7 +55,6 @@ #include "datatypes.h" #include "virlog.h" #include "domain_nwfilter.h" -#include "nwfilter_conf.h" #include "virfile.h" #include "virfdstream.h" #include "configmake.h" @@ -145,25 +144,6 @@ static int umlMonitorCommand(const struct uml_driver *= driver, =20 static struct uml_driver *uml_driver; =20 -static int -umlVMFilterRebuild(virDomainObjListIterator iter, void *data) -{ - return virDomainObjListForEach(uml_driver->domains, iter, data); -} - -static void -umlVMDriverLock(void) -{ - umlDriverLock(uml_driver); -} - -static void -umlVMDriverUnlock(void) -{ - umlDriverUnlock(uml_driver); -} - - static virDomainObjPtr umlDomObjFromDomainLocked(struct uml_driver *driver, const unsigned char *uuid) @@ -196,13 +176,6 @@ umlDomObjFromDomain(struct uml_driver *driver, } =20 =20 -static virNWFilterCallbackDriver umlCallbackDriver =3D { - .name =3D "UML", - .vmFilterRebuild =3D umlVMFilterRebuild, - .vmDriverLock =3D umlVMDriverLock, - .vmDriverUnlock =3D umlVMDriverUnlock, -}; - struct umlAutostartData { struct uml_driver *driver; virConnectPtr conn; @@ -615,7 +588,6 @@ umlStateInitialize(bool privileged, =20 VIR_FREE(userdir); =20 - virNWFilterRegisterCallbackDriver(¨CallbackDriver); return 0; =20 out_of_memory: @@ -709,7 +681,6 @@ umlStateCleanup(void) return -1; =20 umlDriverLock(uml_driver); - virNWFilterRegisterCallbackDriver(¨CallbackDriver); if (uml_driver->inotifyWatch !=3D -1) virEventRemoveHandle(uml_driver->inotifyWatch); VIR_FORCE_CLOSE(uml_driver->inotifyFD); --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list