From 079747a36d5648d4a462e29a831f6b2f965ef088 Mon Sep 17 00:00:00 2001 From: John Ferlan Date: Tue, 28 Feb 2017 17:37:15 -0500 Subject: [PATCH] conf: Introduce virnwfilterobj Move all the NWFilterObj API's into their own module virnwfilterobj from the nwfilter_conf Purely code motion at this point, plus adjustments to cleanly build. --- po/POTFILES.in | 1 + src/Makefile.am | 6 +- src/conf/nwfilter_conf.c | 348 +--------------------- src/conf/nwfilter_conf.h | 58 +--- src/conf/virnwfilterobj.c | 382 +++++++++++++++++++++++++ src/conf/virnwfilterobj.h | 85 ++++++ src/libvirt_private.syms | 22 +- src/nwfilter/nwfilter_driver.c | 1 - src/nwfilter/nwfilter_gentech_driver.h | 2 +- src/nwfilter/nwfilter_tech_driver.h | 2 +- 10 files changed, 489 insertions(+), 418 deletions(-) create mode 100644 src/conf/virnwfilterobj.c create mode 100644 src/conf/virnwfilterobj.h diff --git a/po/POTFILES.in b/po/POTFILES.in index 50289a5c98..ceda3edadd 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -44,6 +44,7 @@ src/conf/virchrdev.c src/conf/virdomainobjlist.c src/conf/virinterfaceobj.c src/conf/virnodedeviceobj.c +src/conf/virnwfilterobj.c src/conf/virsecretobj.c src/cpu/cpu.c src/cpu/cpu_arm.c diff --git a/src/Makefile.am b/src/Makefile.am index a296d71f2c..02579659ab 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -369,11 +369,13 @@ NWFILTER_PARAM_CONF_SOURCES = \ conf/nwfilter_params.c conf/nwfilter_params.h \ conf/nwfilter_ipaddrmap.c \ conf/nwfilter_ipaddrmap.h \ - conf/nwfilter_conf.h + conf/nwfilter_conf.h \ + conf/virnwfilterobj.h NWFILTER_CONF_SOURCES = \ $(NWFILTER_PARAM_CONF_SOURCES) \ - conf/nwfilter_conf.c conf/nwfilter_conf.h + conf/nwfilter_conf.c conf/nwfilter_conf.h \ + conf/virnwfilterobj.c conf/virnwfilterobj.h # Storage driver generic impl APIs STORAGE_CONF_SOURCES = \ diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index f5290810b7..c4e8ec108a 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -30,7 +30,6 @@ #include #include #include -#include #if HAVE_NET_ETHERNET_H # include #endif @@ -344,32 +343,6 @@ virNWFilterDefFree(virNWFilterDefPtr def) } -void -virNWFilterObjFree(virNWFilterObjPtr obj) -{ - if (!obj) - return; - - virNWFilterDefFree(obj->def); - virNWFilterDefFree(obj->newDef); - - virMutexDestroy(&obj->lock); - - VIR_FREE(obj); -} - - -void -virNWFilterObjListFree(virNWFilterObjListPtr nwfilters) -{ - size_t i; - for (i = 0; i < nwfilters->count; i++) - virNWFilterObjFree(nwfilters->objs[i]); - VIR_FREE(nwfilters->objs); - nwfilters->count = 0; -} - - static int virNWFilterRuleDefAddVar(virNWFilterRuleDefPtr nwf, nwItemDesc *item, @@ -418,27 +391,6 @@ virNWFilterRuleDefAddString(virNWFilterRuleDefPtr nwf, } -void -virNWFilterObjRemove(virNWFilterObjListPtr nwfilters, - virNWFilterObjPtr nwfilter) -{ - size_t i; - - virNWFilterObjUnlock(nwfilter); - - for (i = 0; i < nwfilters->count; i++) { - virNWFilterObjLock(nwfilters->objs[i]); - if (nwfilters->objs[i] == nwfilter) { - virNWFilterObjUnlock(nwfilters->objs[i]); - virNWFilterObjFree(nwfilters->objs[i]); - - VIR_DELETE_ELEMENT(nwfilters->objs, i, nwfilters->count); - break; - } - virNWFilterObjUnlock(nwfilters->objs[i]); - } -} - union data { void *v; char *c; @@ -2779,39 +2731,6 @@ virNWFilterDefParseFile(const char *filename) } -virNWFilterObjPtr -virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters, - const unsigned char *uuid) -{ - size_t i; - - for (i = 0; i < nwfilters->count; i++) { - virNWFilterObjLock(nwfilters->objs[i]); - if (!memcmp(nwfilters->objs[i]->def->uuid, uuid, VIR_UUID_BUFLEN)) - return nwfilters->objs[i]; - virNWFilterObjUnlock(nwfilters->objs[i]); - } - - return NULL; -} - - -virNWFilterObjPtr -virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters, const char *name) -{ - size_t i; - - for (i = 0; i < nwfilters->count; i++) { - virNWFilterObjLock(nwfilters->objs[i]); - if (STREQ_NULLABLE(nwfilters->objs[i]->def->name, name)) - return nwfilters->objs[i]; - virNWFilterObjUnlock(nwfilters->objs[i]); - } - - return NULL; -} - - int virNWFilterSaveXML(const char *configDir, virNWFilterDefPtr def, const char *xml) @@ -2860,62 +2779,6 @@ int virNWFilterSaveConfig(const char *configDir, } -static int -_virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters, - virNWFilterDefPtr def, - const char *filtername) -{ - int rc = 0; - size_t i; - virNWFilterEntryPtr entry; - virNWFilterObjPtr obj; - - if (!def) - return 0; - - for (i = 0; i < def->nentries; i++) { - entry = def->filterEntries[i]; - if (entry->include) { - - if (STREQ(filtername, entry->include->filterref)) { - rc = -1; - break; - } - - obj = virNWFilterObjFindByName(nwfilters, - entry->include->filterref); - if (obj) { - rc = _virNWFilterDefLoopDetect(nwfilters, - obj->def, filtername); - - virNWFilterObjUnlock(obj); - if (rc < 0) - break; - } - } - } - - return rc; -} - - -/* - * virNWFilterDefLoopDetect: - * @nwfilters : the nwfilters to search - * @def : the filter definition that may add a loop and is to be tested - * - * Detect a loop introduced through the filters being able to - * reference each other. - * - * Returns 0 in case no loop was detected, -1 otherwise. - */ -static int -virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters, - virNWFilterDefPtr def) -{ - return _virNWFilterDefLoopDetect(nwfilters, def, def->name); -} - int nCallbackDriver; #define MAX_CALLBACK_DRIVER 10 static virNWFilterCallbackDriverPtr callbackDrvArray[MAX_CALLBACK_DRIVER]; @@ -2987,7 +2850,7 @@ virNWFilterInstFiltersOnAllVMs(void) return 0; } -static int +int virNWFilterTriggerVMFilterRebuild(void) { size_t i; @@ -3027,204 +2890,6 @@ virNWFilterTriggerVMFilterRebuild(void) } -int -virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter) -{ - int rc = 0; - - nwfilter->wantRemoved = 1; - /* trigger the update on VMs referencing the filter */ - if (virNWFilterTriggerVMFilterRebuild()) - rc = -1; - - nwfilter->wantRemoved = 0; - - return rc; -} - -static bool -virNWFilterDefEqual(const virNWFilterDef *def1, virNWFilterDefPtr def2, - bool cmpUUIDs) -{ - bool ret = false; - unsigned char rem_uuid[VIR_UUID_BUFLEN]; - char *xml1, *xml2 = NULL; - - if (!cmpUUIDs) { - /* make sure the UUIDs are equal */ - memcpy(rem_uuid, def2->uuid, sizeof(rem_uuid)); - memcpy(def2->uuid, def1->uuid, sizeof(def2->uuid)); - } - - if (!(xml1 = virNWFilterDefFormat(def1)) || - !(xml2 = virNWFilterDefFormat(def2))) - goto cleanup; - - ret = STREQ(xml1, xml2); - - cleanup: - if (!cmpUUIDs) - memcpy(def2->uuid, rem_uuid, sizeof(rem_uuid)); - - VIR_FREE(xml1); - VIR_FREE(xml2); - - return ret; -} - -virNWFilterObjPtr -virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters, - virNWFilterDefPtr def) -{ - virNWFilterObjPtr nwfilter; - - nwfilter = virNWFilterObjFindByUUID(nwfilters, def->uuid); - - if (nwfilter) { - if (STRNEQ(def->name, nwfilter->def->name)) { - virReportError(VIR_ERR_OPERATION_FAILED, - _("filter with same UUID but different name " - "('%s') already exists"), - nwfilter->def->name); - virNWFilterObjUnlock(nwfilter); - return NULL; - } - virNWFilterObjUnlock(nwfilter); - } else { - nwfilter = virNWFilterObjFindByName(nwfilters, def->name); - if (nwfilter) { - char uuidstr[VIR_UUID_STRING_BUFLEN]; - virUUIDFormat(nwfilter->def->uuid, uuidstr); - virReportError(VIR_ERR_OPERATION_FAILED, - _("filter '%s' already exists with uuid %s"), - def->name, uuidstr); - virNWFilterObjUnlock(nwfilter); - return NULL; - } - } - - if (virNWFilterDefLoopDetect(nwfilters, def) < 0) { - virReportError(VIR_ERR_OPERATION_FAILED, - "%s", _("filter would introduce a loop")); - return NULL; - } - - - if ((nwfilter = virNWFilterObjFindByName(nwfilters, def->name))) { - - if (virNWFilterDefEqual(def, nwfilter->def, false)) { - virNWFilterDefFree(nwfilter->def); - nwfilter->def = def; - return nwfilter; - } - - nwfilter->newDef = def; - /* trigger the update on VMs referencing the filter */ - if (virNWFilterTriggerVMFilterRebuild()) { - nwfilter->newDef = NULL; - virNWFilterObjUnlock(nwfilter); - return NULL; - } - - virNWFilterDefFree(nwfilter->def); - nwfilter->def = def; - nwfilter->newDef = NULL; - return nwfilter; - } - - if (VIR_ALLOC(nwfilter) < 0) - return NULL; - - if (virMutexInitRecursive(&nwfilter->lock) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("cannot initialize mutex")); - VIR_FREE(nwfilter); - return NULL; - } - virNWFilterObjLock(nwfilter); - nwfilter->active = 0; - - if (VIR_APPEND_ELEMENT_COPY(nwfilters->objs, - nwfilters->count, nwfilter) < 0) { - virNWFilterObjUnlock(nwfilter); - virNWFilterObjFree(nwfilter); - return NULL; - } - nwfilter->def = def; - - return nwfilter; -} - - -static virNWFilterObjPtr -virNWFilterLoadConfig(virNWFilterObjListPtr nwfilters, - const char *configDir, - const char *name) -{ - virNWFilterDefPtr def = NULL; - virNWFilterObjPtr nwfilter; - char *configFile = NULL; - - if (!(configFile = virFileBuildPath(configDir, name, ".xml"))) - goto error; - - if (!(def = virNWFilterDefParseFile(configFile))) - goto error; - - if (STRNEQ(name, def->name)) { - virReportError(VIR_ERR_XML_ERROR, - _("network filter config filename '%s' " - "does not match name '%s'"), - configFile, def->name); - goto error; - } - - /* We generated a UUID, make it permanent by saving the config to disk */ - if (!def->uuid_specified && - virNWFilterSaveConfig(configDir, def) < 0) - goto error; - - if (!(nwfilter = virNWFilterObjAssignDef(nwfilters, def))) - goto error; - - VIR_FREE(configFile); - return nwfilter; - - error: - VIR_FREE(configFile); - virNWFilterDefFree(def); - return NULL; -} - - -int -virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters, - const char *configDir) -{ - DIR *dir; - struct dirent *entry; - int ret = -1; - int rc; - - if ((rc = virDirOpenIfExists(&dir, configDir)) <= 0) - return rc; - - while ((ret = virDirRead(dir, &entry, configDir)) > 0) { - virNWFilterObjPtr nwfilter; - - if (!virFileStripSuffix(entry->d_name, ".xml")) - continue; - - nwfilter = virNWFilterLoadConfig(nwfilters, configDir, entry->d_name); - if (nwfilter) - virNWFilterObjUnlock(nwfilter); - } - - VIR_DIR_CLOSE(dir); - return ret; -} - - int virNWFilterSaveDef(const char *configDir, virNWFilterDefPtr def) @@ -3568,17 +3233,6 @@ void virNWFilterConfLayerShutdown(void) } -void virNWFilterObjLock(virNWFilterObjPtr obj) -{ - virMutexLock(&obj->lock); -} - -void virNWFilterObjUnlock(virNWFilterObjPtr obj) -{ - virMutexUnlock(&obj->lock); -} - - bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule) { if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP && diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index d87da0c6b8..96c330d6ec 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -546,41 +546,6 @@ struct _virNWFilterDef { }; -typedef struct _virNWFilterObj virNWFilterObj; -typedef virNWFilterObj *virNWFilterObjPtr; - -struct _virNWFilterObj { - virMutex lock; - - int active; - int wantRemoved; - - virNWFilterDefPtr def; - virNWFilterDefPtr newDef; -}; - - -typedef struct _virNWFilterObjList virNWFilterObjList; -typedef virNWFilterObjList *virNWFilterObjListPtr; -struct _virNWFilterObjList { - size_t count; - virNWFilterObjPtr *objs; -}; - - -typedef struct _virNWFilterDriverState virNWFilterDriverState; -typedef virNWFilterDriverState *virNWFilterDriverStatePtr; -struct _virNWFilterDriverState { - virMutex lock; - bool privileged; - - virNWFilterObjList nwfilters; - - char *configDir; - bool watchingFirewallD; -}; - - typedef enum { STEP_APPLY_NEW, STEP_TEAR_NEW, @@ -598,18 +563,8 @@ struct domUpdateCBStruct { void virNWFilterRuleDefFree(virNWFilterRuleDefPtr def); void virNWFilterDefFree(virNWFilterDefPtr def); -void virNWFilterObjListFree(virNWFilterObjListPtr nwfilters); -void virNWFilterObjRemove(virNWFilterObjListPtr nwfilters, - virNWFilterObjPtr nwfilter); - -void virNWFilterObjFree(virNWFilterObjPtr obj); - -virNWFilterObjPtr virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters, - const unsigned char *uuid); - -virNWFilterObjPtr virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters, - const char *name); +int virNWFilterTriggerVMFilterRebuild(void); int virNWFilterSaveDef(const char *configDir, virNWFilterDefPtr def); @@ -617,11 +572,6 @@ int virNWFilterSaveDef(const char *configDir, int virNWFilterDeleteDef(const char *configDir, virNWFilterDefPtr def); -virNWFilterObjPtr virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters, - virNWFilterDefPtr def); - -int virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter); - virNWFilterDefPtr virNWFilterDefParseNode(xmlDocPtr xml, xmlNodePtr root); @@ -634,18 +584,12 @@ int virNWFilterSaveXML(const char *configDir, int virNWFilterSaveConfig(const char *configDir, virNWFilterDefPtr def); -int virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters, - const char *configDir); - char *virNWFilterConfigFile(const char *dir, const char *name); virNWFilterDefPtr virNWFilterDefParseString(const char *xml); virNWFilterDefPtr virNWFilterDefParseFile(const char *filename); -void virNWFilterObjLock(virNWFilterObjPtr obj); -void virNWFilterObjUnlock(virNWFilterObjPtr obj); - void virNWFilterWriteLockFilterUpdates(void); void virNWFilterReadLockFilterUpdates(void); void virNWFilterUnlockFilterUpdates(void); diff --git a/src/conf/virnwfilterobj.c b/src/conf/virnwfilterobj.c new file mode 100644 index 0000000000..869365cfbe --- /dev/null +++ b/src/conf/virnwfilterobj.c @@ -0,0 +1,382 @@ +/* + * virnwfilterobj.c: network filter object processing + * (derived from nwfilter_conf.c) + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include +#include + +#include "datatypes.h" + +#include "viralloc.h" +#include "virerror.h" +#include "virfile.h" +#include "virlog.h" +#include "virnwfilterobj.h" +#include "virstring.h" + +#define VIR_FROM_THIS VIR_FROM_NWFILTER + +VIR_LOG_INIT("conf.virnwfilterobj"); + + +void +virNWFilterObjFree(virNWFilterObjPtr obj) +{ + if (!obj) + return; + + virNWFilterDefFree(obj->def); + virNWFilterDefFree(obj->newDef); + + virMutexDestroy(&obj->lock); + + VIR_FREE(obj); +} + + +void +virNWFilterObjListFree(virNWFilterObjListPtr nwfilters) +{ + size_t i; + for (i = 0; i < nwfilters->count; i++) + virNWFilterObjFree(nwfilters->objs[i]); + VIR_FREE(nwfilters->objs); + nwfilters->count = 0; +} + + +void +virNWFilterObjRemove(virNWFilterObjListPtr nwfilters, + virNWFilterObjPtr nwfilter) +{ + size_t i; + + virNWFilterObjUnlock(nwfilter); + + for (i = 0; i < nwfilters->count; i++) { + virNWFilterObjLock(nwfilters->objs[i]); + if (nwfilters->objs[i] == nwfilter) { + virNWFilterObjUnlock(nwfilters->objs[i]); + virNWFilterObjFree(nwfilters->objs[i]); + + VIR_DELETE_ELEMENT(nwfilters->objs, i, nwfilters->count); + break; + } + virNWFilterObjUnlock(nwfilters->objs[i]); + } +} + + +virNWFilterObjPtr +virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters, + const unsigned char *uuid) +{ + size_t i; + + for (i = 0; i < nwfilters->count; i++) { + virNWFilterObjLock(nwfilters->objs[i]); + if (!memcmp(nwfilters->objs[i]->def->uuid, uuid, VIR_UUID_BUFLEN)) + return nwfilters->objs[i]; + virNWFilterObjUnlock(nwfilters->objs[i]); + } + + return NULL; +} + + +virNWFilterObjPtr +virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters, const char *name) +{ + size_t i; + + for (i = 0; i < nwfilters->count; i++) { + virNWFilterObjLock(nwfilters->objs[i]); + if (STREQ_NULLABLE(nwfilters->objs[i]->def->name, name)) + return nwfilters->objs[i]; + virNWFilterObjUnlock(nwfilters->objs[i]); + } + + return NULL; +} + + +static int +_virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters, + virNWFilterDefPtr def, + const char *filtername) +{ + int rc = 0; + size_t i; + virNWFilterEntryPtr entry; + virNWFilterObjPtr obj; + + if (!def) + return 0; + + for (i = 0; i < def->nentries; i++) { + entry = def->filterEntries[i]; + if (entry->include) { + + if (STREQ(filtername, entry->include->filterref)) { + rc = -1; + break; + } + + obj = virNWFilterObjFindByName(nwfilters, + entry->include->filterref); + if (obj) { + rc = _virNWFilterDefLoopDetect(nwfilters, + obj->def, filtername); + + virNWFilterObjUnlock(obj); + if (rc < 0) + break; + } + } + } + + return rc; +} + + +/* + * virNWFilterDefLoopDetect: + * @nwfilters : the nwfilters to search + * @def : the filter definition that may add a loop and is to be tested + * + * Detect a loop introduced through the filters being able to + * reference each other. + * + * Returns 0 in case no loop was detected, -1 otherwise. + */ +static int +virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters, + virNWFilterDefPtr def) +{ + return _virNWFilterDefLoopDetect(nwfilters, def, def->name); +} + + +int +virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter) +{ + int rc = 0; + + nwfilter->wantRemoved = 1; + /* trigger the update on VMs referencing the filter */ + if (virNWFilterTriggerVMFilterRebuild()) + rc = -1; + + nwfilter->wantRemoved = 0; + + return rc; +} + +static bool +virNWFilterDefEqual(const virNWFilterDef *def1, virNWFilterDefPtr def2, + bool cmpUUIDs) +{ + bool ret = false; + unsigned char rem_uuid[VIR_UUID_BUFLEN]; + char *xml1, *xml2 = NULL; + + if (!cmpUUIDs) { + /* make sure the UUIDs are equal */ + memcpy(rem_uuid, def2->uuid, sizeof(rem_uuid)); + memcpy(def2->uuid, def1->uuid, sizeof(def2->uuid)); + } + + if (!(xml1 = virNWFilterDefFormat(def1)) || + !(xml2 = virNWFilterDefFormat(def2))) + goto cleanup; + + ret = STREQ(xml1, xml2); + + cleanup: + if (!cmpUUIDs) + memcpy(def2->uuid, rem_uuid, sizeof(rem_uuid)); + + VIR_FREE(xml1); + VIR_FREE(xml2); + + return ret; +} + +virNWFilterObjPtr +virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters, + virNWFilterDefPtr def) +{ + virNWFilterObjPtr nwfilter; + + nwfilter = virNWFilterObjFindByUUID(nwfilters, def->uuid); + + if (nwfilter) { + if (STRNEQ(def->name, nwfilter->def->name)) { + virReportError(VIR_ERR_OPERATION_FAILED, + _("filter with same UUID but different name " + "('%s') already exists"), + nwfilter->def->name); + virNWFilterObjUnlock(nwfilter); + return NULL; + } + virNWFilterObjUnlock(nwfilter); + } else { + nwfilter = virNWFilterObjFindByName(nwfilters, def->name); + if (nwfilter) { + char uuidstr[VIR_UUID_STRING_BUFLEN]; + virUUIDFormat(nwfilter->def->uuid, uuidstr); + virReportError(VIR_ERR_OPERATION_FAILED, + _("filter '%s' already exists with uuid %s"), + def->name, uuidstr); + virNWFilterObjUnlock(nwfilter); + return NULL; + } + } + + if (virNWFilterDefLoopDetect(nwfilters, def) < 0) { + virReportError(VIR_ERR_OPERATION_FAILED, + "%s", _("filter would introduce a loop")); + return NULL; + } + + + if ((nwfilter = virNWFilterObjFindByName(nwfilters, def->name))) { + + if (virNWFilterDefEqual(def, nwfilter->def, false)) { + virNWFilterDefFree(nwfilter->def); + nwfilter->def = def; + return nwfilter; + } + + nwfilter->newDef = def; + /* trigger the update on VMs referencing the filter */ + if (virNWFilterTriggerVMFilterRebuild()) { + nwfilter->newDef = NULL; + virNWFilterObjUnlock(nwfilter); + return NULL; + } + + virNWFilterDefFree(nwfilter->def); + nwfilter->def = def; + nwfilter->newDef = NULL; + return nwfilter; + } + + if (VIR_ALLOC(nwfilter) < 0) + return NULL; + + if (virMutexInitRecursive(&nwfilter->lock) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("cannot initialize mutex")); + VIR_FREE(nwfilter); + return NULL; + } + virNWFilterObjLock(nwfilter); + nwfilter->active = 0; + + if (VIR_APPEND_ELEMENT_COPY(nwfilters->objs, + nwfilters->count, nwfilter) < 0) { + virNWFilterObjUnlock(nwfilter); + virNWFilterObjFree(nwfilter); + return NULL; + } + nwfilter->def = def; + + return nwfilter; +} + + +static virNWFilterObjPtr +virNWFilterLoadConfig(virNWFilterObjListPtr nwfilters, + const char *configDir, + const char *name) +{ + virNWFilterDefPtr def = NULL; + virNWFilterObjPtr nwfilter; + char *configFile = NULL; + + if (!(configFile = virFileBuildPath(configDir, name, ".xml"))) + goto error; + + if (!(def = virNWFilterDefParseFile(configFile))) + goto error; + + if (STRNEQ(name, def->name)) { + virReportError(VIR_ERR_XML_ERROR, + _("network filter config filename '%s' " + "does not match name '%s'"), + configFile, def->name); + goto error; + } + + /* We generated a UUID, make it permanent by saving the config to disk */ + if (!def->uuid_specified && + virNWFilterSaveConfig(configDir, def) < 0) + goto error; + + if (!(nwfilter = virNWFilterObjAssignDef(nwfilters, def))) + goto error; + + VIR_FREE(configFile); + return nwfilter; + + error: + VIR_FREE(configFile); + virNWFilterDefFree(def); + return NULL; +} + + +int +virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters, + const char *configDir) +{ + DIR *dir; + struct dirent *entry; + int ret = -1; + int rc; + + if ((rc = virDirOpenIfExists(&dir, configDir)) <= 0) + return rc; + + while ((ret = virDirRead(dir, &entry, configDir)) > 0) { + virNWFilterObjPtr nwfilter; + + if (!virFileStripSuffix(entry->d_name, ".xml")) + continue; + + nwfilter = virNWFilterLoadConfig(nwfilters, configDir, entry->d_name); + if (nwfilter) + virNWFilterObjUnlock(nwfilter); + } + + VIR_DIR_CLOSE(dir); + return ret; +} + + +void virNWFilterObjLock(virNWFilterObjPtr obj) +{ + virMutexLock(&obj->lock); +} + + +void virNWFilterObjUnlock(virNWFilterObjPtr obj) +{ + virMutexUnlock(&obj->lock); +} diff --git a/src/conf/virnwfilterobj.h b/src/conf/virnwfilterobj.h new file mode 100644 index 0000000000..00b8d0a92a --- /dev/null +++ b/src/conf/virnwfilterobj.h @@ -0,0 +1,85 @@ +/* + * virnwfilterobj.h: network filter object processing + * (derived from nwfilter_conf.h) + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ +#ifndef VIRNWFILTEROBJ_H +# define VIRNWFILTEROBJ_H + +# include "internal.h" + +# include "nwfilter_conf.h" + +typedef struct _virNWFilterObj virNWFilterObj; +typedef virNWFilterObj *virNWFilterObjPtr; + +struct _virNWFilterObj { + virMutex lock; + + int active; + int wantRemoved; + + virNWFilterDefPtr def; + virNWFilterDefPtr newDef; +}; + + +typedef struct _virNWFilterObjList virNWFilterObjList; +typedef virNWFilterObjList *virNWFilterObjListPtr; +struct _virNWFilterObjList { + size_t count; + virNWFilterObjPtr *objs; +}; + + +typedef struct _virNWFilterDriverState virNWFilterDriverState; +typedef virNWFilterDriverState *virNWFilterDriverStatePtr; +struct _virNWFilterDriverState { + virMutex lock; + bool privileged; + + virNWFilterObjList nwfilters; + + char *configDir; + bool watchingFirewallD; +}; + +void virNWFilterObjListFree(virNWFilterObjListPtr nwfilters); + +void virNWFilterObjRemove(virNWFilterObjListPtr nwfilters, + virNWFilterObjPtr nwfilter); + +void virNWFilterObjFree(virNWFilterObjPtr obj); + +virNWFilterObjPtr virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters, + const unsigned char *uuid); + +virNWFilterObjPtr virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters, + const char *name); + +virNWFilterObjPtr virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters, + virNWFilterDefPtr def); + +int virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter); + +int virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters, + const char *configDir); + +void virNWFilterObjLock(virNWFilterObjPtr obj); + +void virNWFilterObjUnlock(virNWFilterObjPtr obj); + +#endif /* VIRNWFILTEROBJ_H */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 0c6ea2b58d..4652c2df77 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -746,14 +746,6 @@ virNWFilterDefParseString; virNWFilterDeleteDef; virNWFilterInstFiltersOnAllVMs; virNWFilterJumpTargetTypeToString; -virNWFilterLoadAllConfigs; -virNWFilterObjAssignDef; -virNWFilterObjFindByName; -virNWFilterObjFindByUUID; -virNWFilterObjListFree; -virNWFilterObjLock; -virNWFilterObjRemove; -virNWFilterObjUnlock; virNWFilterPrintStateMatchFlags; virNWFilterPrintTCPFlags; virNWFilterReadLockFilterUpdates; @@ -765,7 +757,7 @@ virNWFilterRuleIsProtocolIPv4; virNWFilterRuleIsProtocolIPv6; virNWFilterRuleProtocolTypeToString; virNWFilterSaveDef; -virNWFilterTestUnassignDef; +virNWFilterTriggerVMFilterRebuild; virNWFilterUnlockFilterUpdates; virNWFilterUnRegisterCallbackDriver; virNWFilterWriteLockFilterUpdates; @@ -964,6 +956,18 @@ virNodeDeviceObjRemove; virNodeDeviceObjUnlock; +# conf/virnwfilterobj.h +virNWFilterLoadAllConfigs; +virNWFilterObjAssignDef; +virNWFilterObjFindByName; +virNWFilterObjFindByUUID; +virNWFilterObjListFree; +virNWFilterObjLock; +virNWFilterObjRemove; +virNWFilterObjUnlock; +virNWFilterTestUnassignDef; + + # conf/virsecretobj.h virSecretLoadAllConfigs; virSecretObjDeleteConfig; diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 5e4f07655c..6ce2bfd6c7 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -37,7 +37,6 @@ #include "viralloc.h" #include "domain_conf.h" #include "domain_nwfilter.h" -#include "nwfilter_conf.h" #include "nwfilter_driver.h" #include "nwfilter_gentech_driver.h" #include "configmake.h" diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h index 8349ab4105..71924879a2 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -24,7 +24,7 @@ #ifndef __NWFILTER_GENTECH_DRIVER_H # define __NWFILTER_GENTECH_DRIVER_H -# include "nwfilter_conf.h" +# include "virnwfilterobj.h" # include "nwfilter_tech_driver.h" virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name); diff --git a/src/nwfilter/nwfilter_tech_driver.h b/src/nwfilter/nwfilter_tech_driver.h index 7b6f56fd6a..bc30496644 100644 --- a/src/nwfilter/nwfilter_tech_driver.h +++ b/src/nwfilter/nwfilter_tech_driver.h @@ -26,7 +26,7 @@ #ifndef __NWFILTER_TECH_DRIVER_H__ # define __NWFILTER_TECH_DRIVER_H__ -# include "nwfilter_conf.h" +# include "virnwfilterobj.h" typedef struct _virNWFilterTechDriver virNWFilterTechDriver; typedef virNWFilterTechDriver *virNWFilterTechDriverPtr;