From nobody Sat May 11 22:13:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1530008620733367.29397216240534; Tue, 26 Jun 2018 03:23:40 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 980D17EA80; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5FDDE308BDA5; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1B6A83FCC2; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5QANZHh011694 for ; Tue, 26 Jun 2018 06:23:35 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8AACC111AF22; Tue, 26 Jun 2018 10:23:35 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id 964D4111AF0B; Tue, 26 Jun 2018 10:23:34 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 26 Jun 2018 11:23:25 +0100 Message-Id: <20180626102330.10667-2-berrange@redhat.com> In-Reply-To: <20180626102330.10667-1-berrange@redhat.com> References: <20180626102330.10667-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 1/6] virsh: add manpage docs for nwfilter-binding commands. X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 26 Jun 2018 10:23:40 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: John Ferlan --- tools/virsh.pod | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tools/virsh.pod b/tools/virsh.pod index c9ef4f137c..47985ebf78 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -4807,6 +4807,41 @@ variables, and defaults to C. =20 =3Dback =20 +=3Dhead1 NWFILTER BINDING COMMANDS + +The following commands manipulate network filter bindings. Network filter +bindings track the association between a network port and a network +filter. Generally the bindings are managed automatically by the hypervisor +drivers when adding/removing NICs on a guest. + +If an admin is creating/deleting TAP devices for non-guest usage, +however, the network filter binding commands provide a way to make use +of the network filters directly. + +=3Dover 4 + +=3Ditem B I + +Associate a network port with a network filter. The network filter backend +will immediately attempt to instantiate the filter rules on the port. + +=3Ditem B I + +Disassociate a network port from a network filter. The network filter +backend will immediately tear down the filter rules that exist on the +port. + +=3Ditem B + +List all of the network ports which have filters associated with them + +=3Ditem B I + +Output the network filter binding XML for the network device called +C + +=3Dback + =3Dhead1 HYPERVISOR-SPECIFIC COMMANDS =20 NOTE: Use of the following commands is B discouraged. They --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 11 22:13:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1530008620724213.02312265306875; Tue, 26 Jun 2018 03:23:40 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A5FD2C0587FE; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6F1C91EF; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2AFEA18037ED; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5QANaH9011701 for ; Tue, 26 Jun 2018 06:23:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id A9A46111AF1B; Tue, 26 Jun 2018 10:23:36 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id D1998111AF0B; Tue, 26 Jun 2018 10:23:35 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 26 Jun 2018 11:23:26 +0100 Message-Id: <20180626102330.10667-3-berrange@redhat.com> In-Reply-To: <20180626102330.10667-1-berrange@redhat.com> References: <20180626102330.10667-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 2/6] nwfilter: keep track of active filter bindings X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 26 Jun 2018 10:23:40 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Currently the nwfilter driver does not keep any record of what filter bindings it has active. This means that when it needs to recreate filters, it has to rely on triggering callbacks provided by the virt drivers. This introduces a hash table recording the virNWFilterBinding objects so the driver has a record of all active filters. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: John Ferlan --- src/conf/virnwfilterobj.h | 4 ++ src/nwfilter/nwfilter_driver.c | 84 ++++++++++++++++++++++++---------- 2 files changed, 63 insertions(+), 25 deletions(-) diff --git a/src/conf/virnwfilterobj.h b/src/conf/virnwfilterobj.h index 433b0402d0..4a54dd50da 100644 --- a/src/conf/virnwfilterobj.h +++ b/src/conf/virnwfilterobj.h @@ -22,6 +22,7 @@ # include "internal.h" =20 # include "nwfilter_conf.h" +# include "virnwfilterbindingobjlist.h" =20 typedef struct _virNWFilterObj virNWFilterObj; typedef virNWFilterObj *virNWFilterObjPtr; @@ -37,7 +38,10 @@ struct _virNWFilterDriverState { =20 virNWFilterObjListPtr nwfilters; =20 + virNWFilterBindingObjListPtr bindings; + char *configDir; + char *bindingDir; }; =20 virNWFilterDefPtr diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 7202691646..1449b67c72 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -38,7 +38,6 @@ #include "domain_conf.h" #include "domain_nwfilter.h" #include "nwfilter_driver.h" -#include "virnwfilterbindingdef.h" #include "nwfilter_gentech_driver.h" #include "configmake.h" #include "virfile.h" @@ -174,7 +173,6 @@ nwfilterStateInitialize(bool privileged, virStateInhibitCallback callback ATTRIBUTE_UNUSED, void *opaque ATTRIBUTE_UNUSED) { - char *base =3D NULL; DBusConnection *sysbus =3D NULL; =20 if (virDBusHasSystemBus() && @@ -191,6 +189,9 @@ nwfilterStateInitialize(bool privileged, if (!(driver->nwfilters =3D virNWFilterObjListNew())) goto error; =20 + if (!(driver->bindings =3D virNWFilterBindingObjListNew())) + goto error; + if (!privileged) return 0; =20 @@ -230,30 +231,35 @@ nwfilterStateInitialize(bool privileged, goto error; } =20 - if (VIR_STRDUP(base, SYSCONFDIR "/libvirt") < 0) + if (VIR_STRDUP(driver->configDir, SYSCONFDIR "/libvirt/nwfilter") < 0) goto error; =20 - if (virAsprintf(&driver->configDir, - "%s/nwfilter", base) =3D=3D -1) + if (virFileMakePathWithMode(driver->configDir, S_IRWXU) < 0) { + virReportSystemError(errno, _("cannot create config directory '%s'= "), + driver->configDir); goto error; + } =20 - VIR_FREE(base); + if (VIR_STRDUP(driver->bindingDir, LOCALSTATEDIR "/run/libvirt/nwfilte= r-binding") < 0) + goto error; =20 - if (virFileMakePathWithMode(driver->configDir, S_IRWXU) < 0) { + if (virFileMakePathWithMode(driver->bindingDir, S_IRWXU) < 0) { virReportSystemError(errno, _("cannot create config directory '%s'= "), - driver->configDir); + driver->bindingDir); goto error; } =20 if (virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->config= Dir) < 0) goto error; =20 + if (virNWFilterBindingObjListLoadAllConfigs(driver->bindings, driver->= bindingDir) < 0) + goto error; + nwfilterDriverUnlock(); =20 return 0; =20 error: - VIR_FREE(base); nwfilterDriverUnlock(); nwfilterStateCleanup(); =20 @@ -333,9 +339,12 @@ nwfilterStateCleanup(void) nwfilterDriverRemoveDBusMatches(); =20 VIR_FREE(driver->configDir); + VIR_FREE(driver->bindingDir); nwfilterDriverUnlock(); } =20 + virObjectUnref(driver->bindings); + /* free inactive nwfilters */ virNWFilterObjListFree(driver->nwfilters); =20 @@ -647,13 +656,35 @@ nwfilterInstantiateFilter(const char *vmname, const unsigned char *vmuuid, virDomainNetDefPtr net) { - virNWFilterBindingDefPtr binding; + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; int ret; =20 - if (!(binding =3D virNWFilterBindingDefForNet(vmname, vmuuid, net))) + obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, net->= ifname); + if (obj) { + virNWFilterBindingObjEndAPI(&obj); + return 0; + } + + if (!(def =3D virNWFilterBindingDefForNet(vmname, vmuuid, net))) + return -1; + + obj =3D virNWFilterBindingObjListAdd(driver->bindings, + def); + if (!obj) { + virNWFilterBindingDefFree(def); return -1; - ret =3D virNWFilterInstantiateFilter(driver, binding); - virNWFilterBindingDefFree(binding); + } + + ret =3D virNWFilterInstantiateFilter(driver, def); + + if (ret >=3D 0) + virNWFilterBindingObjSave(obj, driver->bindingDir); + else + virNWFilterBindingObjListRemove(driver->bindings, obj); + + virNWFilterBindingObjEndAPI(&obj); + return ret; } =20 @@ -661,18 +692,21 @@ nwfilterInstantiateFilter(const char *vmname, static void nwfilterTeardownFilter(virDomainNetDefPtr net) { - virNWFilterBindingDef binding =3D { - .portdevname =3D net->ifname, - .linkdevname =3D (net->type =3D=3D VIR_DOMAIN_NET_TYPE_DIRECT ? - net->data.direct.linkdev : NULL), - .mac =3D net->mac, - .filter =3D net->filter, - .filterparams =3D net->filterparams, - .ownername =3D NULL, - .owneruuid =3D {0}, - }; - if ((net->ifname) && (net->filter)) - virNWFilterTeardownFilter(&binding); + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + if (!net->ifname) + return; + + obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, net->= ifname); + if (!obj) + return; + + def =3D virNWFilterBindingObjGetDef(obj); + virNWFilterTeardownFilter(def); + virNWFilterBindingObjDelete(obj, driver->bindingDir); + + virNWFilterBindingObjListRemove(driver->bindings, obj); + virNWFilterBindingObjEndAPI(&obj); } =20 =20 --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 11 22:13:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1530008625709163.78066854563463; Tue, 26 Jun 2018 03:23:45 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B806A81232; Tue, 26 Jun 2018 10:23:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 887129CC0; Tue, 26 Jun 2018 10:23:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 37E3518037EC; Tue, 26 Jun 2018 10:23:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5QANcwB011709 for ; Tue, 26 Jun 2018 06:23:38 -0400 Received: by smtp.corp.redhat.com (Postfix) id E7FD5111AF22; Tue, 26 Jun 2018 10:23:37 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id 15987111AF0B; Tue, 26 Jun 2018 10:23:36 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 26 Jun 2018 11:23:27 +0100 Message-Id: <20180626102330.10667-4-berrange@redhat.com> In-Reply-To: <20180626102330.10667-1-berrange@redhat.com> References: <20180626102330.10667-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 3/6] nwfilter: remove virt driver callback layer for rebuilding filters X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 26 Jun 2018 10:23:45 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Now that the nwfilter driver keeps a list of bindings that it has created, there is no need for the complex virt driver callbacks. It is possible to simply iterate of the list of recorded filter bindings. This means that rebuilding filters no longer has to acquire any locks on the virDomainObj objects, as they're never touched. Reviewed-by: John Ferlan Signed-off-by: Daniel P. Berrang=C3=A9 --- src/conf/nwfilter_conf.c | 136 +++----------------- src/conf/nwfilter_conf.h | 51 +------- src/conf/virnwfilterobj.c | 4 +- src/libvirt_private.syms | 7 +- src/lxc/lxc_driver.c | 28 ----- src/nwfilter/nwfilter_driver.c | 22 ++-- src/nwfilter/nwfilter_gentech_driver.c | 167 ++++++++++++++++--------- src/nwfilter/nwfilter_gentech_driver.h | 4 +- src/qemu/qemu_driver.c | 25 ---- src/uml/uml_driver.c | 29 ----- 10 files changed, 144 insertions(+), 329 deletions(-) diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index de26a6d034..706e803a25 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -2819,121 +2819,6 @@ virNWFilterSaveConfig(const char *configDir, } =20 =20 -int nCallbackDriver; -#define MAX_CALLBACK_DRIVER 10 -static virNWFilterCallbackDriverPtr callbackDrvArray[MAX_CALLBACK_DRIVER]; - -void -virNWFilterRegisterCallbackDriver(virNWFilterCallbackDriverPtr cbd) -{ - if (nCallbackDriver < MAX_CALLBACK_DRIVER) - callbackDrvArray[nCallbackDriver++] =3D cbd; -} - - -void -virNWFilterUnRegisterCallbackDriver(virNWFilterCallbackDriverPtr cbd) -{ - size_t i =3D 0; - - while (i < nCallbackDriver && callbackDrvArray[i] !=3D cbd) - i++; - - if (i < nCallbackDriver) { - memmove(&callbackDrvArray[i], &callbackDrvArray[i+1], - (nCallbackDriver - i - 1) * sizeof(callbackDrvArray[i])); - callbackDrvArray[i] =3D 0; - nCallbackDriver--; - } -} - - -void -virNWFilterCallbackDriversLock(void) -{ - size_t i; - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmDriverLock(); -} - - -void -virNWFilterCallbackDriversUnlock(void) -{ - size_t i; - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmDriverUnlock(); -} - - -static virDomainObjListIterator virNWFilterDomainFWUpdateCB; -static void *virNWFilterDomainFWUpdateOpaque; - -/** - * virNWFilterInstFiltersOnAllVMs: - * Apply all filters on all running VMs. Don't terminate in case of an - * error. This should be called upon reloading of the driver. - */ -int -virNWFilterInstFiltersOnAllVMs(void) -{ - size_t i; - struct domUpdateCBStruct cb =3D { - .opaque =3D virNWFilterDomainFWUpdateOpaque, - .step =3D STEP_APPLY_CURRENT, - .skipInterfaces =3D NULL, /* not needed */ - }; - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdateCB, - &cb); - - return 0; -} - - -int -virNWFilterTriggerVMFilterRebuild(void) -{ - size_t i; - int ret =3D 0; - struct domUpdateCBStruct cb =3D { - .opaque =3D virNWFilterDomainFWUpdateOpaque, - .step =3D STEP_APPLY_NEW, - .skipInterfaces =3D virHashCreate(0, NULL), - }; - - if (!cb.skipInterfaces) - return -1; - - for (i =3D 0; i < nCallbackDriver; i++) { - if (callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, - &cb) < 0) - ret =3D -1; - } - - if (ret < 0) { - cb.step =3D STEP_TEAR_NEW; /* rollback */ - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, - &cb); - } else { - cb.step =3D STEP_TEAR_OLD; /* switch over */ - - for (i =3D 0; i < nCallbackDriver; i++) - callbackDrvArray[i]->vmFilterRebuild(virNWFilterDomainFWUpdate= CB, - &cb); - } - - virHashFree(cb.skipInterfaces); - - return ret; -} - - int virNWFilterDeleteDef(const char *configDir, virNWFilterDefPtr def) @@ -3204,16 +3089,18 @@ virNWFilterDefFormat(const virNWFilterDef *def) return NULL; } =20 +static virNWFilterTriggerRebuildCallback rebuildCallback; +static void *rebuildOpaque; =20 int -virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB, +virNWFilterConfLayerInit(virNWFilterTriggerRebuildCallback cb, void *opaque) { if (initialized) return -1; =20 - virNWFilterDomainFWUpdateCB =3D domUpdateCB; - virNWFilterDomainFWUpdateOpaque =3D opaque; + rebuildCallback =3D cb; + rebuildOpaque =3D opaque; =20 initialized =3D true; =20 @@ -3233,8 +3120,17 @@ virNWFilterConfLayerShutdown(void) virRWLockDestroy(&updateLock); =20 initialized =3D false; - virNWFilterDomainFWUpdateOpaque =3D NULL; - virNWFilterDomainFWUpdateCB =3D NULL; + rebuildCallback =3D NULL; + rebuildOpaque =3D NULL; +} + + +int +virNWFilterTriggerRebuild(void) +{ + if (rebuildCallback) + return rebuildCallback(rebuildOpaque); + return 0; } =20 =20 diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 08fc07c55c..9f8ad51bf2 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -546,20 +546,6 @@ struct _virNWFilterDef { }; =20 =20 -typedef enum { - STEP_APPLY_NEW, - STEP_TEAR_NEW, - STEP_TEAR_OLD, - STEP_APPLY_CURRENT, -} UpdateStep; - -struct domUpdateCBStruct { - void *opaque; - UpdateStep step; - virHashTablePtr skipInterfaces; -}; - - void virNWFilterRuleDefFree(virNWFilterRuleDefPtr def); =20 @@ -567,7 +553,7 @@ void virNWFilterDefFree(virNWFilterDefPtr def); =20 int -virNWFilterTriggerVMFilterRebuild(void); +virNWFilterTriggerRebuild(void); =20 int virNWFilterDeleteDef(const char *configDir, @@ -599,44 +585,15 @@ virNWFilterReadLockFilterUpdates(void); void virNWFilterUnlockFilterUpdates(void); =20 +typedef int (*virNWFilterTriggerRebuildCallback)(void *opaque); + int -virNWFilterConfLayerInit(virDomainObjListIterator domUpdateCB, +virNWFilterConfLayerInit(virNWFilterTriggerRebuildCallback cb, void *opaque); =20 void virNWFilterConfLayerShutdown(void); =20 -int -virNWFilterInstFiltersOnAllVMs(void); - -typedef int -(*virNWFilterRebuild)(virDomainObjListIterator domUpdateCB, - void *data); - -typedef void -(*virNWFilterVoidCall)(void); - -typedef struct _virNWFilterCallbackDriver virNWFilterCallbackDriver; -typedef virNWFilterCallbackDriver *virNWFilterCallbackDriverPtr; -struct _virNWFilterCallbackDriver { - const char *name; - - virNWFilterRebuild vmFilterRebuild; - virNWFilterVoidCall vmDriverLock; - virNWFilterVoidCall vmDriverUnlock; -}; - -void -virNWFilterRegisterCallbackDriver(virNWFilterCallbackDriverPtr); - -void -virNWFilterUnRegisterCallbackDriver(virNWFilterCallbackDriverPtr); - -void -virNWFilterCallbackDriversLock(void); - -void -virNWFilterCallbackDriversUnlock(void); =20 char * virNWFilterPrintTCPFlags(uint8_t flags); diff --git a/src/conf/virnwfilterobj.c b/src/conf/virnwfilterobj.c index 87d7e72703..0136a0d56c 100644 --- a/src/conf/virnwfilterobj.c +++ b/src/conf/virnwfilterobj.c @@ -276,7 +276,7 @@ virNWFilterObjTestUnassignDef(virNWFilterObjPtr obj) =20 obj->wantRemoved =3D true; /* trigger the update on VMs referencing the filter */ - if (virNWFilterTriggerVMFilterRebuild() < 0) + if (virNWFilterTriggerRebuild() < 0) rc =3D -1; =20 obj->wantRemoved =3D false; @@ -358,7 +358,7 @@ virNWFilterObjListAssignDef(virNWFilterObjListPtr nwfil= ters, =20 obj->newDef =3D def; /* trigger the update on VMs referencing the filter */ - if (virNWFilterTriggerVMFilterRebuild() < 0) { + if (virNWFilterTriggerRebuild() < 0) { obj->newDef =3D NULL; virNWFilterObjUnlock(obj); return NULL; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 427c53eae4..42547e64ed 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -787,8 +787,6 @@ virDomainNumatuneSpecifiedMaxNode; =20 =20 # conf/nwfilter_conf.h -virNWFilterCallbackDriversLock; -virNWFilterCallbackDriversUnlock; virNWFilterChainSuffixTypeToString; virNWFilterConfLayerInit; virNWFilterConfLayerShutdown; @@ -797,12 +795,10 @@ virNWFilterDefFree; virNWFilterDefParseFile; virNWFilterDefParseString; virNWFilterDeleteDef; -virNWFilterInstFiltersOnAllVMs; virNWFilterJumpTargetTypeToString; virNWFilterPrintStateMatchFlags; virNWFilterPrintTCPFlags; virNWFilterReadLockFilterUpdates; -virNWFilterRegisterCallbackDriver; virNWFilterRuleActionTypeToString; virNWFilterRuleDirectionTypeToString; virNWFilterRuleIsProtocolEthernet; @@ -810,9 +806,8 @@ virNWFilterRuleIsProtocolIPv4; virNWFilterRuleIsProtocolIPv6; virNWFilterRuleProtocolTypeToString; virNWFilterSaveConfig; -virNWFilterTriggerVMFilterRebuild; +virNWFilterTriggerRebuild; virNWFilterUnlockFilterUpdates; -virNWFilterUnRegisterCallbackDriver; virNWFilterWriteLockFilterUpdates; =20 =20 diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index cfb431488d..bde0ff6ad4 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -66,7 +66,6 @@ #include "virfdstream.h" #include "domain_audit.h" #include "domain_nwfilter.h" -#include "nwfilter_conf.h" #include "virinitctl.h" #include "virnetdev.h" #include "virnetdevtap.h" @@ -95,31 +94,6 @@ static int lxcStateInitialize(bool privileged, static int lxcStateCleanup(void); virLXCDriverPtr lxc_driver =3D NULL; =20 -/* callbacks for nwfilter */ -static int -lxcVMFilterRebuild(virDomainObjListIterator iter, void *data) -{ - return virDomainObjListForEach(lxc_driver->domains, iter, data); -} - -static void -lxcVMDriverLock(void) -{ - lxcDriverLock(lxc_driver); -} - -static void -lxcVMDriverUnlock(void) -{ - lxcDriverUnlock(lxc_driver); -} - -static virNWFilterCallbackDriver lxcCallbackDriver =3D { - .name =3D "LXC", - .vmFilterRebuild =3D lxcVMFilterRebuild, - .vmDriverLock =3D lxcVMDriverLock, - .vmDriverUnlock =3D lxcVMDriverUnlock, -}; =20 /** * lxcDomObjFromDomain: @@ -1672,7 +1646,6 @@ static int lxcStateInitialize(bool privileged, NULL, NULL) < 0) goto cleanup; =20 - virNWFilterRegisterCallbackDriver(&lxcCallbackDriver); virObjectUnref(caps); return 0; =20 @@ -1744,7 +1717,6 @@ static int lxcStateCleanup(void) if (lxc_driver =3D=3D NULL) return -1; =20 - virNWFilterUnRegisterCallbackDriver(&lxcCallbackDriver); virObjectUnref(lxc_driver->domains); virObjectUnref(lxc_driver->domainEventState); =20 diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 1449b67c72..e49e0e7406 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -163,6 +163,15 @@ nwfilterDriverInstallDBusMatches(DBusConnection *sysbu= s ATTRIBUTE_UNUSED) =20 #endif /* HAVE_FIREWALLD */ =20 +static int +virNWFilterTriggerRebuildImpl(void *opaque) +{ + virNWFilterDriverStatePtr nwdriver =3D opaque; + + return virNWFilterBuildAll(nwdriver, true); +} + + /** * nwfilterStateInitialize: * @@ -207,7 +216,7 @@ nwfilterStateInitialize(bool privileged, if (virNWFilterTechDriversInit(privileged) < 0) goto err_dhcpsnoop_shutdown; =20 - if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB, + if (virNWFilterConfLayerInit(virNWFilterTriggerRebuildImpl, driver) < 0) goto err_techdrivers_shutdown; =20 @@ -302,15 +311,14 @@ nwfilterStateReload(void) =20 nwfilterDriverLock(); virNWFilterWriteLockFilterUpdates(); - virNWFilterCallbackDriversLock(); =20 virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir); =20 - virNWFilterCallbackDriversUnlock(); virNWFilterUnlockFilterUpdates(); - nwfilterDriverUnlock(); =20 - virNWFilterInstFiltersOnAllVMs(); + virNWFilterBuildAll(driver, false); + + nwfilterDriverUnlock(); =20 return 0; } @@ -547,7 +555,6 @@ nwfilterDefineXML(virConnectPtr conn, =20 nwfilterDriverLock(); virNWFilterWriteLockFilterUpdates(); - virNWFilterCallbackDriversLock(); =20 if (!(def =3D virNWFilterDefParseString(xml))) goto cleanup; @@ -572,7 +579,6 @@ nwfilterDefineXML(virConnectPtr conn, if (obj) virNWFilterObjUnlock(obj); =20 - virNWFilterCallbackDriversUnlock(); virNWFilterUnlockFilterUpdates(); nwfilterDriverUnlock(); return nwfilter; @@ -588,7 +594,6 @@ nwfilterUndefine(virNWFilterPtr nwfilter) =20 nwfilterDriverLock(); virNWFilterWriteLockFilterUpdates(); - virNWFilterCallbackDriversLock(); =20 if (!(obj =3D nwfilterObjFromNWFilter(nwfilter->uuid))) goto cleanup; @@ -615,7 +620,6 @@ nwfilterUndefine(virNWFilterPtr nwfilter) if (obj) virNWFilterObjUnlock(obj); =20 - virNWFilterCallbackDriversUnlock(); virNWFilterUnlockFilterUpdates(); nwfilterDriverUnlock(); return ret; diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter= _gentech_driver.c index 4b55bd6ca4..d208d0188e 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -153,9 +153,9 @@ virNWFilterVarHashmapAddStdValues(virHashTablePtr table, if (!val) return -1; =20 - if (virHashAddEntry(table, - NWFILTER_STD_VAR_MAC, - val) < 0) { + if (virHashUpdateEntry(table, + NWFILTER_STD_VAR_MAC, + val) < 0) { virNWFilterVarValueFree(val); virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not add variable 'MAC' to hashma= p")); @@ -168,9 +168,9 @@ virNWFilterVarHashmapAddStdValues(virHashTablePtr table, if (!val) return -1; =20 - if (virHashAddEntry(table, - NWFILTER_STD_VAR_IP, - val) < 0) { + if (virHashUpdateEntry(table, + NWFILTER_STD_VAR_IP, + val) < 0) { virNWFilterVarValueFree(val); virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not add variable 'IP' to hashmap= ")); @@ -973,68 +973,113 @@ virNWFilterTeardownFilter(virNWFilterBindingDefPtr b= inding) return ret; } =20 +enum { + STEP_APPLY_NEW, + STEP_ROLLBACK, + STEP_SWITCH, + STEP_APPLY_CURRENT, +}; =20 -int -virNWFilterDomainFWUpdateCB(virDomainObjPtr obj, - void *data) +static int +virNWFilterBuildOne(virNWFilterDriverStatePtr driver, + virNWFilterBindingDefPtr binding, + virHashTablePtr skipInterfaces, + int step) { - virDomainDefPtr vm =3D obj->def; - struct domUpdateCBStruct *cb =3D data; - size_t i; bool skipIface; int ret =3D 0; - - virObjectLock(obj); - - if (virDomainObjIsActive(obj)) { - for (i =3D 0; i < vm->nnets; i++) { - virDomainNetDefPtr net =3D vm->nets[i]; - virNWFilterBindingDefPtr binding; - - if ((net->filter) && (net->ifname) && - (binding =3D virNWFilterBindingDefForNet( - vm->name, vm->uuid, net))) { - - switch (cb->step) { - case STEP_APPLY_NEW: - ret =3D virNWFilterUpdateInstantiateFilter(cb->opaque, - binding, - &skipIface); - if (ret =3D=3D 0 && skipIface) { - /* filter tree unchanged -- no update needed */ - ret =3D virHashAddEntry(cb->skipInterfaces, - net->ifname, - (void *)~0); - } - break; - - case STEP_TEAR_NEW: - if (!virHashLookup(cb->skipInterfaces, net->ifname)) - ret =3D virNWFilterRollbackUpdateFilter(binding); - break; - - case STEP_TEAR_OLD: - if (!virHashLookup(cb->skipInterfaces, net->ifname)) - ret =3D virNWFilterTearOldFilter(binding); - break; - - case STEP_APPLY_CURRENT: - ret =3D virNWFilterInstantiateFilter(cb->opaque, - binding); - if (ret) - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Failure while applying current f= ilter on " - "VM %s"), vm->name); - break; - } - virNWFilterBindingDefFree(binding); - if (ret) - break; - } + VIR_DEBUG("Building filter for portdev=3D%s step=3D%d", binding->portd= evname, step); + + switch (step) { + case STEP_APPLY_NEW: + ret =3D virNWFilterUpdateInstantiateFilter(driver, + binding, + &skipIface); + if (ret =3D=3D 0 && skipIface) { + /* filter tree unchanged -- no update needed */ + ret =3D virHashAddEntry(skipInterfaces, + binding->portdevname, + (void *)~0); } + break; + + case STEP_ROLLBACK: + if (!virHashLookup(skipInterfaces, binding->portdevname)) + ret =3D virNWFilterRollbackUpdateFilter(binding); + break; + + case STEP_SWITCH: + if (!virHashLookup(skipInterfaces, binding->portdevname)) + ret =3D virNWFilterTearOldFilter(binding); + break; + + case STEP_APPLY_CURRENT: + ret =3D virNWFilterInstantiateFilter(driver, + binding); + break; } =20 - virObjectUnlock(obj); + return ret; +} + + +struct virNWFilterBuildData { + virNWFilterDriverStatePtr driver; + virHashTablePtr skipInterfaces; + int step; +}; + +static int +virNWFilterBuildIter(virNWFilterBindingObjPtr binding, void *opaque) +{ + struct virNWFilterBuildData *data =3D opaque; + virNWFilterBindingDefPtr def =3D virNWFilterBindingObjGetDef(binding); + + return virNWFilterBuildOne(data->driver, def, + data->skipInterfaces, data->step); +} + +int +virNWFilterBuildAll(virNWFilterDriverStatePtr driver, + bool newFilters) +{ + struct virNWFilterBuildData data =3D { + .driver =3D driver, + }; + int ret =3D 0; + + VIR_DEBUG("Build all filters newFilters=3D%d", newFilters); + + if (newFilters) { + if (!(data.skipInterfaces =3D virHashCreate(0, NULL))) + return -1; + + data.step =3D STEP_APPLY_NEW; + if (virNWFilterBindingObjListForEach(driver->bindings, + virNWFilterBuildIter, + &data) < 0) + ret =3D -1; + + if (ret =3D=3D -1) { + data.step =3D STEP_ROLLBACK; + virNWFilterBindingObjListForEach(driver->bindings, + virNWFilterBuildIter, + &data); + } else { + data.step =3D STEP_SWITCH; + virNWFilterBindingObjListForEach(driver->bindings, + virNWFilterBuildIter, + &data); + } + + virHashFree(data.skipInterfaces); + } else { + data.step =3D STEP_APPLY_CURRENT; + if (virNWFilterBindingObjListForEach(driver->bindings, + virNWFilterBuildIter, + &data) < 0) + ret =3D -1; + } return ret; } =20 diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter= _gentech_driver.h index 6b51096a0d..481fdd2413 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -54,8 +54,8 @@ int virNWFilterTeardownFilter(virNWFilterBindingDefPtr bi= nding); virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr, const virNWFilterVarValue *val= ue); =20 -int virNWFilterDomainFWUpdateCB(virDomainObjPtr vm, - void *data); +int virNWFilterBuildAll(virNWFilterDriverStatePtr driver, + bool newFilters); =20 virNWFilterBindingDefPtr virNWFilterBindingDefForNet(const char *vmname, const unsigned char *= vmuuid, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 129bacdd34..4e94b4f095 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -84,7 +84,6 @@ #include "cpu/cpu.h" #include "virsysinfo.h" #include "domain_nwfilter.h" -#include "nwfilter_conf.h" #include "virhook.h" #include "virstoragefile.h" #include "virfile.h" @@ -164,28 +163,6 @@ static int qemuARPGetInterfaces(virDomainObjPtr vm, =20 static virQEMUDriverPtr qemu_driver; =20 - -static void -qemuVMDriverLock(void) -{} -static void -qemuVMDriverUnlock(void) -{} - -static int -qemuVMFilterRebuild(virDomainObjListIterator iter, void *data) -{ - return virDomainObjListForEach(qemu_driver->domains, iter, data); -} - -static virNWFilterCallbackDriver qemuCallbackDriver =3D { - .name =3D QEMU_DRIVER_NAME, - .vmFilterRebuild =3D qemuVMFilterRebuild, - .vmDriverLock =3D qemuVMDriverLock, - .vmDriverUnlock =3D qemuVMDriverUnlock, -}; - - /** * qemuDomObjFromDomain: * @domain: Domain pointer that has to be looked up @@ -941,7 +918,6 @@ qemuStateInitialize(bool privileged, =20 qemuProcessReconnectAll(qemu_driver); =20 - virNWFilterRegisterCallbackDriver(&qemuCallbackDriver); return 0; =20 error: @@ -1081,7 +1057,6 @@ qemuStateCleanup(void) if (!qemu_driver) return -1; =20 - virNWFilterUnRegisterCallbackDriver(&qemuCallbackDriver); virThreadPoolFree(qemu_driver->workerPool); virObjectUnref(qemu_driver->config); virObjectUnref(qemu_driver->hostdevMgr); diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c index 0c5b7fcda7..c77988f01e 100644 --- a/src/uml/uml_driver.c +++ b/src/uml/uml_driver.c @@ -55,7 +55,6 @@ #include "datatypes.h" #include "virlog.h" #include "domain_nwfilter.h" -#include "nwfilter_conf.h" #include "virfile.h" #include "virfdstream.h" #include "configmake.h" @@ -143,25 +142,6 @@ static int umlMonitorCommand(const struct uml_driver *= driver, =20 static struct uml_driver *uml_driver; =20 -static int -umlVMFilterRebuild(virDomainObjListIterator iter, void *data) -{ - return virDomainObjListForEach(uml_driver->domains, iter, data); -} - -static void -umlVMDriverLock(void) -{ - umlDriverLock(uml_driver); -} - -static void -umlVMDriverUnlock(void) -{ - umlDriverUnlock(uml_driver); -} - - static virDomainObjPtr umlDomObjFromDomainLocked(struct uml_driver *driver, const unsigned char *uuid) @@ -194,13 +174,6 @@ umlDomObjFromDomain(struct uml_driver *driver, } =20 =20 -static virNWFilterCallbackDriver umlCallbackDriver =3D { - .name =3D "UML", - .vmFilterRebuild =3D umlVMFilterRebuild, - .vmDriverLock =3D umlVMDriverLock, - .vmDriverUnlock =3D umlVMDriverUnlock, -}; - struct umlAutostartData { struct uml_driver *driver; virConnectPtr conn; @@ -604,7 +577,6 @@ umlStateInitialize(bool privileged, =20 VIR_FREE(userdir); =20 - virNWFilterRegisterCallbackDriver(¨CallbackDriver); return 0; =20 out_of_memory: @@ -697,7 +669,6 @@ umlStateCleanup(void) return -1; =20 umlDriverLock(uml_driver); - virNWFilterRegisterCallbackDriver(¨CallbackDriver); if (uml_driver->inotifyWatch !=3D -1) virEventRemoveHandle(uml_driver->inotifyWatch); VIR_FORCE_CLOSE(uml_driver->inotifyFD); --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 11 22:13:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1530008626013370.8066688159033; Tue, 26 Jun 2018 03:23:46 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DD913C04B31F; Tue, 26 Jun 2018 10:23:44 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9E26A831AC; Tue, 26 Jun 2018 10:23:44 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 51F983FA54; Tue, 26 Jun 2018 10:23:44 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5QANdMe011719 for ; Tue, 26 Jun 2018 06:23:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0DB4E111AF22; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D9AE111AF0B; Tue, 26 Jun 2018 10:23:38 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 26 Jun 2018 11:23:28 +0100 Message-Id: <20180626102330.10667-5-berrange@redhat.com> In-Reply-To: <20180626102330.10667-1-berrange@redhat.com> References: <20180626102330.10667-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 4/6] nwfilter: wire up new APIs for listing and querying filter bindings X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 26 Jun 2018 10:23:45 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Wire up the ListAll, LookupByPortDev and GetXMLDesc APIs to allow the virsh nwfilter-binding-list & nwfilter-binding-dumpxml commands to work. Reviewed-by: John Ferlan Signed-off-by: Daniel P. Berrang=C3=A9 --- src/nwfilter/nwfilter_driver.c | 76 ++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index e49e0e7406..79509fc4c0 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -714,6 +714,79 @@ nwfilterTeardownFilter(virDomainNetDefPtr net) } =20 =20 +static virNWFilterBindingPtr +nwfilterBindingLookupByPortDev(virConnectPtr conn, + const char *portdev) +{ + virNWFilterBindingPtr ret =3D NULL; + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + + obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, + portdev); + if (!obj) + goto cleanup; + + def =3D virNWFilterBindingObjGetDef(obj); + if (virNWFilterBindingLookupByPortDevEnsureACL(conn, def) < 0) + goto cleanup; + + ret =3D virGetNWFilterBinding(conn, def->portdevname, def->filter); + + cleanup: + virNWFilterBindingObjEndAPI(&obj); + return ret; +} + + +static int +nwfilterConnectListAllNWFilterBindings(virConnectPtr conn, + virNWFilterBindingPtr **bindings, + unsigned int flags) +{ + int ret; + + virCheckFlags(0, -1); + + if (virConnectListAllNWFilterBindingsEnsureACL(conn) < 0) + return -1; + + ret =3D virNWFilterBindingObjListExport(driver->bindings, + conn, + bindings, + virConnectListAllNWFilterBinding= sCheckACL); + + return ret; +} + + +static char * +nwfilterBindingGetXMLDesc(virNWFilterBindingPtr binding, + unsigned int flags) +{ + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + char *ret =3D NULL; + + virCheckFlags(0, NULL); + + obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, + binding->portdev); + if (!obj) + goto cleanup; + + def =3D virNWFilterBindingObjGetDef(obj); + if (virNWFilterBindingGetXMLDescEnsureACL(binding->conn, def) < 0) + goto cleanup; + + ret =3D virNWFilterBindingDefFormat(def); + + cleanup: + virNWFilterBindingObjEndAPI(&obj); + return ret; +} + + static virNWFilterDriver nwfilterDriver =3D { .name =3D "nwfilter", .connectNumOfNWFilters =3D nwfilterConnectNumOfNWFilters, /* 0.8.0 */ @@ -724,6 +797,9 @@ static virNWFilterDriver nwfilterDriver =3D { .nwfilterDefineXML =3D nwfilterDefineXML, /* 0.8.0 */ .nwfilterUndefine =3D nwfilterUndefine, /* 0.8.0 */ .nwfilterGetXMLDesc =3D nwfilterGetXMLDesc, /* 0.8.0 */ + .nwfilterBindingLookupByPortDev =3D nwfilterBindingLookupByPortDev, /*= 4.5.0 */ + .connectListAllNWFilterBindings =3D nwfilterConnectListAllNWFilterBind= ings, /* 4.5.0 */ + .nwfilterBindingGetXMLDesc =3D nwfilterBindingGetXMLDesc, /* 4.5.0 */ }; =20 =20 --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 11 22:13:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1530008630641927.9470387040768; Tue, 26 Jun 2018 03:23:50 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A2BCA3003072; Tue, 26 Jun 2018 10:23:49 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6B0AC171CA; Tue, 26 Jun 2018 10:23:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 172E53F7FE; Tue, 26 Jun 2018 10:23:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5QANeIE011726 for ; Tue, 26 Jun 2018 06:23:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id 2A1E7111AF1B; Tue, 26 Jun 2018 10:23:40 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6C498111AF0B; Tue, 26 Jun 2018 10:23:39 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 26 Jun 2018 11:23:29 +0100 Message-Id: <20180626102330.10667-6-berrange@redhat.com> In-Reply-To: <20180626102330.10667-1-berrange@redhat.com> References: <20180626102330.10667-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 5/6] nwfilter: wire up new APIs for creating and deleting nwfilter bindings X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 26 Jun 2018 10:23:50 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 This allows the virsh commands nwfilter-binding-create and nwfilter-binding-delete to be used. Note using these commands lets you delete filters that were previously created automatically by the virt drivers, or add filters for VM nics that were not there before. Generally it is expected these new APIs will only be used by virt drivers. It is the admin's responsibility to not shoot themselves in the foot. Reviewed-by: John Ferlan Signed-off-by: Daniel P. Berrang=C3=A9 --- src/nwfilter/nwfilter_driver.c | 86 ++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 79509fc4c0..83a2e19dbe 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -787,6 +787,90 @@ nwfilterBindingGetXMLDesc(virNWFilterBindingPtr bindin= g, } =20 =20 +static virNWFilterBindingPtr +nwfilterBindingCreateXML(virConnectPtr conn, + const char *xml, + unsigned int flags) +{ + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + virNWFilterBindingPtr ret =3D NULL; + + virCheckFlags(0, NULL); + + def =3D virNWFilterBindingDefParseString(xml); + if (!def) + return NULL; + + if (virNWFilterBindingCreateXMLEnsureACL(conn, def) < 0) + goto cleanup; + + obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, def->= portdevname); + if (obj) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Filter already present for NIC %s"), def->portde= vname); + goto cleanup; + } + + obj =3D virNWFilterBindingObjListAdd(driver->bindings, + def); + if (!obj) + goto cleanup; + + if (!(ret =3D virGetNWFilterBinding(conn, def->portdevname, def->filte= r))) + goto cleanup; + + if (virNWFilterInstantiateFilter(driver, def) < 0) { + virNWFilterBindingObjListRemove(driver->bindings, obj); + virObjectUnref(ret); + ret =3D NULL; + goto cleanup; + } + virNWFilterBindingObjSave(obj, driver->bindingDir); + + cleanup: + if (!obj) + virNWFilterBindingDefFree(def); + virNWFilterBindingObjEndAPI(&obj); + + return ret; +} + + +/* + * Note that this is primarily intended for usage by the hypervisor + * drivers. it is exposed to the admin, however, and nothing stops + * an admin from deleting filter bindings created by the hypervisor + * drivers. IOW, it is the admin's responsibility not to shoot + * themself in the foot + */ +static int +nwfilterBindingDelete(virNWFilterBindingPtr binding) +{ + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + int ret =3D -1; + + obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, bindi= ng->portdev); + if (!obj) + return -1; + + def =3D virNWFilterBindingObjGetDef(obj); + if (virNWFilterBindingDeleteEnsureACL(binding->conn, def) < 0) + goto cleanup; + + virNWFilterTeardownFilter(def); + virNWFilterBindingObjDelete(obj, driver->bindingDir); + virNWFilterBindingObjListRemove(driver->bindings, obj); + + ret =3D 0; + + cleanup: + virNWFilterBindingObjEndAPI(&obj); + return ret; +} + + static virNWFilterDriver nwfilterDriver =3D { .name =3D "nwfilter", .connectNumOfNWFilters =3D nwfilterConnectNumOfNWFilters, /* 0.8.0 */ @@ -800,6 +884,8 @@ static virNWFilterDriver nwfilterDriver =3D { .nwfilterBindingLookupByPortDev =3D nwfilterBindingLookupByPortDev, /*= 4.5.0 */ .connectListAllNWFilterBindings =3D nwfilterConnectListAllNWFilterBind= ings, /* 4.5.0 */ .nwfilterBindingGetXMLDesc =3D nwfilterBindingGetXMLDesc, /* 4.5.0 */ + .nwfilterBindingCreateXML =3D nwfilterBindingCreateXML, /* 4.5.0 */ + .nwfilterBindingDelete =3D nwfilterBindingDelete, /* 4.5.0 */ }; =20 =20 --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat May 11 22:13:59 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1530008631438774.8871806403997; Tue, 26 Jun 2018 03:23:51 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CA0F84DAFB; Tue, 26 Jun 2018 10:23:49 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9AE9430012B0; Tue, 26 Jun 2018 10:23:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 543FB18037F0; Tue, 26 Jun 2018 10:23:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w5QANfq9011731 for ; Tue, 26 Jun 2018 06:23:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7AF8B111AF1B; Tue, 26 Jun 2018 10:23:41 +0000 (UTC) Received: from t460.redhat.com (unknown [10.33.36.56]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8BDED111AF0B; Tue, 26 Jun 2018 10:23:40 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Tue, 26 Jun 2018 11:23:30 +0100 Message-Id: <20180626102330.10667-7-berrange@redhat.com> In-Reply-To: <20180626102330.10667-1-berrange@redhat.com> References: <20180626102330.10667-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 6/6] nwfilter: convert virt drivers to use public API for nwfilter bindings X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 26 Jun 2018 10:23:50 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Remove the callbacks that the nwfilter driver registers with the domain object config layer. Instead make the current helper methods call into the public API for creating/deleting nwfilter bindings. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: John Ferlan --- src/conf/domain_nwfilter.c | 135 +++++++++++++++++++++---- src/conf/domain_nwfilter.h | 16 +-- src/libvirt_private.syms | 1 - src/lxc/lxc_process.c | 2 +- src/nwfilter/nwfilter_driver.c | 82 +++------------ src/nwfilter/nwfilter_gentech_driver.c | 42 -------- src/nwfilter/nwfilter_gentech_driver.h | 4 - src/qemu/qemu_hotplug.c | 4 +- src/qemu/qemu_interface.c | 4 +- src/qemu/qemu_process.c | 6 +- src/remote/remote_daemon.c | 1 + src/uml/uml_conf.c | 2 +- 12 files changed, 142 insertions(+), 157 deletions(-) diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c index 7570e0ae83..948b32481e 100644 --- a/src/conf/domain_nwfilter.c +++ b/src/conf/domain_nwfilter.c @@ -28,45 +28,146 @@ #include "datatypes.h" #include "domain_conf.h" #include "domain_nwfilter.h" +#include "virnwfilterbindingdef.h" #include "virerror.h" +#include "viralloc.h" +#include "virstring.h" +#include "virlog.h" =20 -#define VIR_FROM_THIS VIR_FROM_NWFILTER =20 -static virDomainConfNWFilterDriverPtr nwfilterDriver; +VIR_LOG_INIT("conf.domain_nwfilter"); =20 -void -virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) +#define VIR_FROM_THIS VIR_FROM_NWFILTER + +static virNWFilterBindingDefPtr +virNWFilterBindingDefForNet(const char *vmname, + const unsigned char *vmuuid, + virDomainNetDefPtr net) { - nwfilterDriver =3D driver; + virNWFilterBindingDefPtr ret; + + if (VIR_ALLOC(ret) < 0) + return NULL; + + if (VIR_STRDUP(ret->ownername, vmname) < 0) + goto error; + + memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid)); + + if (VIR_STRDUP(ret->portdevname, net->ifname) < 0) + goto error; + + if (net->type =3D=3D VIR_DOMAIN_NET_TYPE_DIRECT && + VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0) + goto error; + + ret->mac =3D net->mac; + + if (VIR_STRDUP(ret->filter, net->filter) < 0) + goto error; + + if (!(ret->filterparams =3D virNWFilterHashTableCreate(0))) + goto error; + + if (net->filterparams && + virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) <= 0) + goto error; + + return ret; + + error: + virNWFilterBindingDefFree(ret); + return NULL; } =20 + int virDomainConfNWFilterInstantiate(const char *vmname, const unsigned char *vmuuid, - virDomainNetDefPtr net) + virDomainNetDefPtr net, + bool ignoreExists) { - if (nwfilterDriver !=3D NULL) - return nwfilterDriver->instantiateFilter(vmname, vmuuid, net); + virConnectPtr conn =3D virGetConnectNWFilter(); + virNWFilterBindingDefPtr def =3D NULL; + virNWFilterBindingPtr binding =3D NULL; + char *xml; + int ret =3D -1; + + VIR_DEBUG("vmname=3D%s portdev=3D%s filter=3D%s ignoreExists=3D%d", + vmname, NULLSTR(net->ifname), NULLSTR(net->filter), ignoreEx= ists); + + if (!conn) + goto cleanup; + + if (ignoreExists) { + binding =3D virNWFilterBindingLookupByPortDev(conn, net->ifname); + if (binding) { + ret =3D 0; + goto cleanup; + } + } =20 - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("No network filter driver available")); - return -1; + if (!(def =3D virNWFilterBindingDefForNet(vmname, vmuuid, net))) + goto cleanup; + + if (!(xml =3D virNWFilterBindingDefFormat(def))) + goto cleanup; + + if (!(binding =3D virNWFilterBindingCreateXML(conn, xml, 0))) + goto cleanup; + + ret =3D 0; + + cleanup: + VIR_FREE(xml); + virNWFilterBindingDefFree(def); + virObjectUnref(binding); + virObjectUnref(conn); + return ret; } =20 + +static void +virDomainConfNWFilterTeardownImpl(virConnectPtr conn, + virDomainNetDefPtr net) +{ + virNWFilterBindingPtr binding; + + binding =3D virNWFilterBindingLookupByPortDev(conn, net->ifname); + if (!binding) + return; + + virNWFilterBindingDelete(binding); + + virObjectUnref(binding); +} + + void virDomainConfNWFilterTeardown(virDomainNetDefPtr net) { - if (nwfilterDriver !=3D NULL) - nwfilterDriver->teardownFilter(net); + virConnectPtr conn =3D virGetConnectNWFilter(); + + if (!conn) + return; + + virDomainConfNWFilterTeardownImpl(conn, net); + + virObjectUnref(conn); } =20 void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm) { size_t i; + virConnectPtr conn =3D virGetConnectNWFilter(); =20 - if (nwfilterDriver !=3D NULL) { - for (i =3D 0; i < vm->def->nnets; i++) - virDomainConfNWFilterTeardown(vm->def->nets[i]); - } + if (!conn) + return; + + + for (i =3D 0; i < vm->def->nnets; i++) + virDomainConfNWFilterTeardownImpl(conn, vm->def->nets[i]); + + virObjectUnref(conn); } diff --git a/src/conf/domain_nwfilter.h b/src/conf/domain_nwfilter.h index 857cac6c2a..6bda228fc8 100644 --- a/src/conf/domain_nwfilter.h +++ b/src/conf/domain_nwfilter.h @@ -23,22 +23,10 @@ #ifndef DOMAIN_NWFILTER_H # define DOMAIN_NWFILTER_H =20 -typedef int (*virDomainConfInstantiateNWFilter)(const char *vmname, - const unsigned char *vmuui= d, - virDomainNetDefPtr net); -typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net); - -typedef struct { - virDomainConfInstantiateNWFilter instantiateFilter; - virDomainConfTeardownNWFilter teardownFilter; -} virDomainConfNWFilterDriver; -typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr; - -void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver); - int virDomainConfNWFilterInstantiate(const char *vmname, const unsigned char *vmuuid, - virDomainNetDefPtr net); + virDomainNetDefPtr net, + bool ignoreExists); void virDomainConfNWFilterTeardown(virDomainNetDefPtr net); void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm); =20 diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 42547e64ed..f81333baf6 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -651,7 +651,6 @@ virDomainQemuMonitorEventStateRegisterID; =20 # conf/domain_nwfilter.h virDomainConfNWFilterInstantiate; -virDomainConfNWFilterRegister; virDomainConfNWFilterTeardown; virDomainConfVMNWFilterTeardown; =20 diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 60ae7daaed..14502e12fe 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -303,7 +303,7 @@ virLXCProcessSetupInterfaceTap(virDomainDefPtr vm, } =20 if (net->filter && - virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net) < 0) + virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, false) <= 0) goto cleanup; =20 ret =3D containerVeth; diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 83a2e19dbe..d385b46f5f 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -655,65 +655,6 @@ nwfilterGetXMLDesc(virNWFilterPtr nwfilter, } =20 =20 -static int -nwfilterInstantiateFilter(const char *vmname, - const unsigned char *vmuuid, - virDomainNetDefPtr net) -{ - virNWFilterBindingObjPtr obj; - virNWFilterBindingDefPtr def; - int ret; - - obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, net->= ifname); - if (obj) { - virNWFilterBindingObjEndAPI(&obj); - return 0; - } - - if (!(def =3D virNWFilterBindingDefForNet(vmname, vmuuid, net))) - return -1; - - obj =3D virNWFilterBindingObjListAdd(driver->bindings, - def); - if (!obj) { - virNWFilterBindingDefFree(def); - return -1; - } - - ret =3D virNWFilterInstantiateFilter(driver, def); - - if (ret >=3D 0) - virNWFilterBindingObjSave(obj, driver->bindingDir); - else - virNWFilterBindingObjListRemove(driver->bindings, obj); - - virNWFilterBindingObjEndAPI(&obj); - - return ret; -} - - -static void -nwfilterTeardownFilter(virDomainNetDefPtr net) -{ - virNWFilterBindingObjPtr obj; - virNWFilterBindingDefPtr def; - if (!net->ifname) - return; - - obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, net->= ifname); - if (!obj) - return; - - def =3D virNWFilterBindingObjGetDef(obj); - virNWFilterTeardownFilter(def); - virNWFilterBindingObjDelete(obj, driver->bindingDir); - - virNWFilterBindingObjListRemove(driver->bindings, obj); - virNWFilterBindingObjEndAPI(&obj); -} - - static virNWFilterBindingPtr nwfilterBindingLookupByPortDev(virConnectPtr conn, const char *portdev) @@ -724,8 +665,11 @@ nwfilterBindingLookupByPortDev(virConnectPtr conn, =20 obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, portdev); - if (!obj) + if (!obj) { + virReportError(VIR_ERR_NO_NWFILTER_BINDING, + _("no nwfilter binding for port dev '%s'"), portdev= ); goto cleanup; + } =20 def =3D virNWFilterBindingObjGetDef(obj); if (virNWFilterBindingLookupByPortDevEnsureACL(conn, def) < 0) @@ -772,8 +716,11 @@ nwfilterBindingGetXMLDesc(virNWFilterBindingPtr bindin= g, =20 obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, binding->portdev); - if (!obj) + if (!obj) { + virReportError(VIR_ERR_NO_NWFILTER_BINDING, + _("no nwfilter binding for port dev '%s'"), binding= ->portdev); goto cleanup; + } =20 def =3D virNWFilterBindingObjGetDef(obj); if (virNWFilterBindingGetXMLDescEnsureACL(binding->conn, def) < 0) @@ -852,8 +799,11 @@ nwfilterBindingDelete(virNWFilterBindingPtr binding) int ret =3D -1; =20 obj =3D virNWFilterBindingObjListFindByPortDev(driver->bindings, bindi= ng->portdev); - if (!obj) + if (!obj) { + virReportError(VIR_ERR_NO_NWFILTER_BINDING, + _("no nwfilter binding for port dev '%s'"), binding= ->portdev); return -1; + } =20 def =3D virNWFilterBindingObjGetDef(obj); if (virNWFilterBindingDeleteEnsureACL(binding->conn, def) < 0) @@ -914,13 +864,6 @@ static virStateDriver stateDriver =3D { .stateReload =3D nwfilterStateReload, }; =20 - -static virDomainConfNWFilterDriver domainNWFilterDriver =3D { - .instantiateFilter =3D nwfilterInstantiateFilter, - .teardownFilter =3D nwfilterTeardownFilter, -}; - - int nwfilterRegister(void) { if (virRegisterConnectDriver(&nwfilterConnectDriver, false) < 0) @@ -929,6 +872,5 @@ int nwfilterRegister(void) return -1; if (virRegisterStateDriver(&stateDriver) < 0) return -1; - virDomainConfNWFilterRegister(&domainNWFilterDriver); return 0; } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter= _gentech_driver.c index d208d0188e..e5dea91f83 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -1082,45 +1082,3 @@ virNWFilterBuildAll(virNWFilterDriverStatePtr driver, } return ret; } - - -virNWFilterBindingDefPtr -virNWFilterBindingDefForNet(const char *vmname, - const unsigned char *vmuuid, - virDomainNetDefPtr net) -{ - virNWFilterBindingDefPtr ret; - - if (VIR_ALLOC(ret) < 0) - return NULL; - - if (VIR_STRDUP(ret->ownername, vmname) < 0) - goto error; - - memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid)); - - if (VIR_STRDUP(ret->portdevname, net->ifname) < 0) - goto error; - - if (net->type =3D=3D VIR_DOMAIN_NET_TYPE_DIRECT && - VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0) - goto error; - - ret->mac =3D net->mac; - - if (VIR_STRDUP(ret->filter, net->filter) < 0) - goto error; - - if (!(ret->filterparams =3D virNWFilterHashTableCreate(0))) - goto error; - - if (net->filterparams && - virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) <= 0) - goto error; - - return ret; - - error: - virNWFilterBindingDefFree(ret); - return NULL; -} diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter= _gentech_driver.h index 481fdd2413..2cd19c90fc 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -57,8 +57,4 @@ virHashTablePtr virNWFilterCreateVarHashmap(const char *m= acaddr, int virNWFilterBuildAll(virNWFilterDriverStatePtr driver, bool newFilters); =20 -virNWFilterBindingDefPtr virNWFilterBindingDefForNet(const char *vmname, - const unsigned char *= vmuuid, - virDomainNetDefPtr ne= t); - #endif diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 7a1bbc7c8c..58cb0539e1 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3009,7 +3009,7 @@ qemuDomainChangeNetFilter(virDomainObjPtr vm, =20 if (newdev->filter && virDomainConfNWFilterInstantiate(vm->def->name, - vm->def->uuid, newdev) < 0) { + vm->def->uuid, newdev, false) < 0= ) { virErrorPtr errobj; =20 virReportError(VIR_ERR_OPERATION_FAILED, @@ -3018,7 +3018,7 @@ qemuDomainChangeNetFilter(virDomainObjPtr vm, olddev->ifname); virErrorPreserveLast(&errobj); ignore_value(virDomainConfNWFilterInstantiate(vm->def->name, - vm->def->uuid, oldde= v)); + vm->def->uuid, oldde= v, false)); virErrorRestore(&errobj); return -1; } diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c index 5d54a85c53..a3f13093f5 100644 --- a/src/qemu/qemu_interface.c +++ b/src/qemu/qemu_interface.c @@ -467,7 +467,7 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def, goto cleanup; =20 if (net->filter && - virDomainConfNWFilterInstantiate(def->name, def->uuid, net) < 0) { + virDomainConfNWFilterInstantiate(def->name, def->uuid, net, false)= < 0) { goto cleanup; } =20 @@ -586,7 +586,7 @@ qemuInterfaceBridgeConnect(virDomainDefPtr def, goto cleanup; =20 if (net->filter && - virDomainConfNWFilterInstantiate(def->name, def->uuid, net) < 0) { + virDomainConfNWFilterInstantiate(def->name, def->uuid, net, false)= < 0) { goto cleanup; } =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 7e9ad01e61..ac32dafcbe 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3018,14 +3018,14 @@ qemuProcessNotifyNets(virDomainDefPtr def) } =20 static int -qemuProcessFiltersInstantiate(virDomainDefPtr def) +qemuProcessFiltersInstantiate(virDomainDefPtr def, bool ignoreExists) { size_t i; =20 for (i =3D 0; i < def->nnets; i++) { virDomainNetDefPtr net =3D def->nets[i]; if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net= ) < 0) + if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net= , ignoreExists) < 0) return 1; } } @@ -7650,7 +7650,7 @@ qemuProcessReconnect(void *opaque) =20 qemuProcessNotifyNets(obj->def); =20 - if (qemuProcessFiltersInstantiate(obj->def)) + if (qemuProcessFiltersInstantiate(obj->def, true)) goto error; =20 if (qemuProcessRefreshDisks(driver, obj, QEMU_ASYNC_JOB_NONE) < 0) diff --git a/src/remote/remote_daemon.c b/src/remote/remote_daemon.c index 21ab22499d..9f3a5f38ad 100644 --- a/src/remote/remote_daemon.c +++ b/src/remote/remote_daemon.c @@ -283,6 +283,7 @@ static int daemonErrorLogFilter(virErrorPtr err, int pr= iority) case VIR_ERR_NO_NODE_DEVICE: case VIR_ERR_NO_INTERFACE: case VIR_ERR_NO_NWFILTER: + case VIR_ERR_NO_NWFILTER_BINDING: case VIR_ERR_NO_SECRET: case VIR_ERR_NO_DOMAIN_SNAPSHOT: case VIR_ERR_OPERATION_INVALID: diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 9c548f0e80..f116e619ef 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -137,7 +137,7 @@ umlConnectTapDevice(virDomainDefPtr vm, } =20 if (net->filter) { - if (virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net) < 0)= { + if (virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, fals= e) < 0) { if (template_ifname) VIR_FREE(net->ifname); goto error; --=20 2.17.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list