From nobody Wed May 8 04:03:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1555083421; cv=none; d=zoho.com; s=zohoarc; b=H04f0rvuYirCFNlPXI+4z+CrSIMItXfZk9hj79DqY0I3tm0496mQadCTyV3dXYD71UTQU0R/TU8NYRbXcBOqW2H/kFIMc2W+Me3C/EN6KO3dV3cJnxv0Mz98GHKYKLLHvjthtUHrscrbDSa+IhaElb2008ai65vYCJuKkfEmmDw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1555083421; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=UbCMvUpCFFxhgAJMKMTviPCMTwCy+Lc4QoNudHLEQsE=; b=UIVvSkhk+9ygokh4WSP9v8MiBQa9TSj4hfNDYQAtYVxqAGW1GGiqS2F/glsPU9u7PnA+cUPRj0L5SfEUMZ9jsHF/G3O0Cm5jnca63+JQKjKQ5JaJsv2ylMN0Y2Zgnz7TKQ2zhR/ncIvHwyk39a5bDm93OQKmzs+F0OnEsQmwT/s= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1555083420750166.45115523463176; Fri, 12 Apr 2019 08:37:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A208981E00; Fri, 12 Apr 2019 15:36:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B931519738; Fri, 12 Apr 2019 15:36:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 79DD541F3D; Fri, 12 Apr 2019 15:36:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x3CFZNbB031964 for ; Fri, 12 Apr 2019 11:35:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id 941805C219; Fri, 12 Apr 2019 15:35:23 +0000 (UTC) Received: from vhost2.laine.org (ovpn-117-38.phx2.redhat.com [10.3.117.38]) by smtp.corp.redhat.com (Postfix) with ESMTP id 533625C21F for ; Fri, 12 Apr 2019 15:35:17 +0000 (UTC) From: Laine Stump To: libvir-list@redhat.com Date: Fri, 12 Apr 2019 11:35:13 -0400 Message-Id: <20190412153513.1782-1-laine@laine.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] network: only reload firewall after firewalld is finished restarting X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 12 Apr 2019 15:36:59 +0000 (UTC) Content-Type: text/plain; charset="utf-8" The network driver used to reload the firewall rules whenever a dbus NameOwnerChanged message for org.fedoraproject.FirewallD1 was received. Presumably at some point in the past this was successful at reloading our rules after a firewalld restart. Recently though I noticed that once firewalld was restarted, libvirt's logs would get this message: The name org.fedoraproject.FirewallD1 was not provided by any .service fi= les After this point, no networks could be started until libvirtd itself was restarted. The problem is that the NameOwnerChanged message is sent twice during a firewalld restart - once when the old firewalld is stopped, and again when the new firewalld is started. If we try to reload at the point the old firewalld is stopped, none of the firewalld dbus calls will succeed. The solution is to check the new_owner field of the message - we should reload our firewall rules only if new_owner is non-empty (it is set to "" when firewalld is stopped, and some sort of epoch number when it is again started). Signed-off-by: Laine Stump --- src/network/bridge_driver.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 4d4ab0f375..167c142ae2 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -549,8 +549,23 @@ firewalld_dbus_filter_bridge(DBusConnection *connectio= n ATTRIBUTE_UNUSED, dbus_message_is_signal(message, "org.fedoraproject.FirewallD1", "Reloaded")) { - VIR_DEBUG("Reload in bridge_driver because of firewalld."); - networkReloadFirewallRules(driver, false); + VIR_AUTOFREE(char *) name =3D NULL; + VIR_AUTOFREE(char *) old_owner =3D NULL; + VIR_AUTOFREE(char *) new_owner =3D NULL; + + if (virDBusMessageDecode(message, "sss", &name, &old_owner, &new_o= wner) < 0) { + VIR_WARN("Failed to decode DBus NameOwnerChanged message"); + return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; + } + + /* + * if new_owner is empty, firewalld is shutting down. If it is + * non-empty, then it is starting + */ + if (new_owner && *new_owner) { + VIR_DEBUG("Reload in bridge_driver because of firewalld."); + networkReloadFirewallRules(driver, false); + } } =20 return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list