From nobody Sun Feb 8 18:15:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1548338800441243.62793323830033; Thu, 24 Jan 2019 06:06:40 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 201903D966; Thu, 24 Jan 2019 14:06:38 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 350C7600C1; Thu, 24 Jan 2019 14:06:37 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9C1693F602; Thu, 24 Jan 2019 14:06:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x0OE64vr007559 for ; Thu, 24 Jan 2019 09:06:04 -0500 Received: by smtp.corp.redhat.com (Postfix) id B8DDF5D756; Thu, 24 Jan 2019 14:06:04 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-61.ams2.redhat.com [10.36.112.61]) by smtp.corp.redhat.com (Postfix) with ESMTP id 60DA55D75C; Thu, 24 Jan 2019 14:06:03 +0000 (UTC) From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Thu, 24 Jan 2019 14:05:56 +0000 Message-Id: <20190124140559.21088-2-berrange@redhat.com> In-Reply-To: <20190124140559.21088-1-berrange@redhat.com> References: <20190124140559.21088-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Laine Stump Subject: [libvirt] [PATCH v3 1/4] network: add platform driver callbacks around firewall reload X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 24 Jan 2019 14:06:39 +0000 (UTC) Allow the platform driver impls to run logic before and after the firewall reload process. Reviewed-by: Laine Stump Signed-off-by: Daniel P. Berrang=C3=A9 --- src/network/bridge_driver.c | 13 ++++++++----- src/network/bridge_driver_linux.c | 11 +++++++++++ src/network/bridge_driver_nop.c | 11 +++++++++++ src/network/bridge_driver_platform.h | 3 +++ 4 files changed, 33 insertions(+), 5 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index aed80c04d5..fb4eb00c1d 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -163,7 +163,7 @@ static int networkShutdownNetworkExternal(virNetworkObjPtr obj); =20 static void -networkReloadFirewallRules(virNetworkDriverStatePtr driver); +networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup); =20 static void networkRefreshDaemons(virNetworkDriverStatePtr driver); @@ -551,7 +551,7 @@ firewalld_dbus_filter_bridge(DBusConnection *connection= ATTRIBUTE_UNUSED, "Reloaded")) { VIR_DEBUG("Reload in bridge_driver because of firewalld."); - networkReloadFirewallRules(driver); + networkReloadFirewallRules(driver, false); } =20 return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; @@ -751,7 +751,7 @@ networkStateInitialize(bool privileged, virNetworkObjListPrune(network_driver->networks, VIR_CONNECT_LIST_NETWORKS_INACTIVE | VIR_CONNECT_LIST_NETWORKS_TRANSIENT); - networkReloadFirewallRules(network_driver); + networkReloadFirewallRules(network_driver, true); networkRefreshDaemons(network_driver); =20 network_driver->networkEventState =3D virObjectEventStateNew(); @@ -827,7 +827,7 @@ networkStateReload(void) virNetworkObjLoadAllConfigs(network_driver->networks, network_driver->networkConfigDir, network_driver->networkAutostartDir); - networkReloadFirewallRules(network_driver); + networkReloadFirewallRules(network_driver, false); networkRefreshDaemons(network_driver); virNetworkObjListForEach(network_driver->networks, networkAutostartConfig, @@ -2179,12 +2179,15 @@ networkReloadFirewallRulesHelper(virNetworkObjPtr o= bj, =20 =20 static void -networkReloadFirewallRules(virNetworkDriverStatePtr driver) +networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup) { VIR_INFO("Reloading iptables rules"); + if (networkPreReloadFirewallRules(startup) < 0) + return; virNetworkObjListForEach(driver->networks, networkReloadFirewallRulesHelper, NULL); + networkPostReloadFirewallRules(startup); } =20 =20 diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_= linux.c index dd08222653..1e107ee422 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -34,6 +34,17 @@ VIR_LOG_INIT("network.bridge_driver_linux"); =20 #define PROC_NET_ROUTE "/proc/net/route" =20 +int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) +{ + return 0; +} + + +void networkPostReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) +{ +} + + /* XXX: This function can be a lot more exhaustive, there are certainly * other scenarios where we can ruin host network connectivity. * XXX: Using a proper library is preferred over parsing /proc diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_no= p.c index ce529a60a1..a0e57012f9 100644 --- a/src/network/bridge_driver_nop.c +++ b/src/network/bridge_driver_nop.c @@ -19,6 +19,17 @@ =20 #include =20 +int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) +{ + return 0; +} + + +void networkPostReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) +{ +} + + int networkCheckRouteCollision(virNetworkDefPtr def ATTRIBUTE_UNUSED) { return 0; diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driv= er_platform.h index 8f05ea2b47..baeb22bc3e 100644 --- a/src/network/bridge_driver_platform.h +++ b/src/network/bridge_driver_platform.h @@ -58,6 +58,9 @@ struct _virNetworkDriverState { typedef struct _virNetworkDriverState virNetworkDriverState; typedef virNetworkDriverState *virNetworkDriverStatePtr; =20 +int networkPreReloadFirewallRules(bool startup); +void networkPostReloadFirewallRules(bool startup); + int networkCheckRouteCollision(virNetworkDefPtr def); =20 int networkAddFirewallRules(virNetworkDefPtr def); --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list