[libvirt] [PATCH v2 0/2] nwfilter: Fix a couple of session mode issues

John Ferlan posted 2 patches 5 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180830150608.13336-1-jferlan@redhat.com
Test syntax-check passed
src/conf/domain_nwfilter.c     | 22 +++++++++++++++-------
src/nwfilter/nwfilter_driver.c |  6 ++++++
2 files changed, 21 insertions(+), 7 deletions(-)
[libvirt] [PATCH v2 0/2] nwfilter: Fix a couple of session mode issues
Posted by John Ferlan 5 years, 7 months ago
v1: https://www.redhat.com/archives/libvir-list/2018-August/msg01464.html

Changes in v2 - different approach as review pointed out we should
never open the nwfilter driver in session mode (although driver
initialization does set up some barebones list infrastructure).

First, let's make sure we don't allow creation of the nwfilter
filter binding similar to how nwfiler filter creation is not
allowed.

Second, rather than blindly open the nwfilter during the
teardown processing, let's first ensure a filter exists for
the network. It's not possible to call instantiation when 
net->filter == NULL. Rather than alter all the callers, just
alter the two teardown API's to check if !net->filter and
return prior to opening the nwfilter connection. Since we
cannot create a filter nor can we create a binding, this
filtering works. Keeps the changes minimal too.

John Ferlan (2):
  nwfilter: Disallow binding creation in session mode
  nwfilter: Check for filter presence before open connect during
    teardown

 src/conf/domain_nwfilter.c     | 22 +++++++++++++++-------
 src/nwfilter/nwfilter_driver.c |  6 ++++++
 2 files changed, 21 insertions(+), 7 deletions(-)

-- 
2.17.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list