conf: Introduce virnwfilterobj

Move all the NWFilterObj API's into their own module virnwfilterobj
from the nwfilter_conf

Purely code motion at this point, plus adjustments to cleanly build.
This commit is contained in:
John Ferlan 2017-02-28 17:37:15 -05:00
parent cab7b8c276
commit 079747a36d
10 changed files with 489 additions and 418 deletions

View File

@ -44,6 +44,7 @@ src/conf/virchrdev.c
src/conf/virdomainobjlist.c src/conf/virdomainobjlist.c
src/conf/virinterfaceobj.c src/conf/virinterfaceobj.c
src/conf/virnodedeviceobj.c src/conf/virnodedeviceobj.c
src/conf/virnwfilterobj.c
src/conf/virsecretobj.c src/conf/virsecretobj.c
src/cpu/cpu.c src/cpu/cpu.c
src/cpu/cpu_arm.c src/cpu/cpu_arm.c

View File

@ -369,11 +369,13 @@ NWFILTER_PARAM_CONF_SOURCES = \
conf/nwfilter_params.c conf/nwfilter_params.h \ conf/nwfilter_params.c conf/nwfilter_params.h \
conf/nwfilter_ipaddrmap.c \ conf/nwfilter_ipaddrmap.c \
conf/nwfilter_ipaddrmap.h \ conf/nwfilter_ipaddrmap.h \
conf/nwfilter_conf.h conf/nwfilter_conf.h \
conf/virnwfilterobj.h
NWFILTER_CONF_SOURCES = \ NWFILTER_CONF_SOURCES = \
$(NWFILTER_PARAM_CONF_SOURCES) \ $(NWFILTER_PARAM_CONF_SOURCES) \
conf/nwfilter_conf.c conf/nwfilter_conf.h conf/nwfilter_conf.c conf/nwfilter_conf.h \
conf/virnwfilterobj.c conf/virnwfilterobj.h
# Storage driver generic impl APIs # Storage driver generic impl APIs
STORAGE_CONF_SOURCES = \ STORAGE_CONF_SOURCES = \

View File

@ -30,7 +30,6 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <fcntl.h> #include <fcntl.h>
#include <dirent.h>
#if HAVE_NET_ETHERNET_H #if HAVE_NET_ETHERNET_H
# include <net/ethernet.h> # include <net/ethernet.h>
#endif #endif
@ -344,32 +343,6 @@ virNWFilterDefFree(virNWFilterDefPtr def)
} }
void
virNWFilterObjFree(virNWFilterObjPtr obj)
{
if (!obj)
return;
virNWFilterDefFree(obj->def);
virNWFilterDefFree(obj->newDef);
virMutexDestroy(&obj->lock);
VIR_FREE(obj);
}
void
virNWFilterObjListFree(virNWFilterObjListPtr nwfilters)
{
size_t i;
for (i = 0; i < nwfilters->count; i++)
virNWFilterObjFree(nwfilters->objs[i]);
VIR_FREE(nwfilters->objs);
nwfilters->count = 0;
}
static int static int
virNWFilterRuleDefAddVar(virNWFilterRuleDefPtr nwf, virNWFilterRuleDefAddVar(virNWFilterRuleDefPtr nwf,
nwItemDesc *item, nwItemDesc *item,
@ -418,27 +391,6 @@ virNWFilterRuleDefAddString(virNWFilterRuleDefPtr nwf,
} }
void
virNWFilterObjRemove(virNWFilterObjListPtr nwfilters,
virNWFilterObjPtr nwfilter)
{
size_t i;
virNWFilterObjUnlock(nwfilter);
for (i = 0; i < nwfilters->count; i++) {
virNWFilterObjLock(nwfilters->objs[i]);
if (nwfilters->objs[i] == nwfilter) {
virNWFilterObjUnlock(nwfilters->objs[i]);
virNWFilterObjFree(nwfilters->objs[i]);
VIR_DELETE_ELEMENT(nwfilters->objs, i, nwfilters->count);
break;
}
virNWFilterObjUnlock(nwfilters->objs[i]);
}
}
union data { union data {
void *v; void *v;
char *c; char *c;
@ -2779,39 +2731,6 @@ virNWFilterDefParseFile(const char *filename)
} }
virNWFilterObjPtr
virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters,
const unsigned char *uuid)
{
size_t i;
for (i = 0; i < nwfilters->count; i++) {
virNWFilterObjLock(nwfilters->objs[i]);
if (!memcmp(nwfilters->objs[i]->def->uuid, uuid, VIR_UUID_BUFLEN))
return nwfilters->objs[i];
virNWFilterObjUnlock(nwfilters->objs[i]);
}
return NULL;
}
virNWFilterObjPtr
virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters, const char *name)
{
size_t i;
for (i = 0; i < nwfilters->count; i++) {
virNWFilterObjLock(nwfilters->objs[i]);
if (STREQ_NULLABLE(nwfilters->objs[i]->def->name, name))
return nwfilters->objs[i];
virNWFilterObjUnlock(nwfilters->objs[i]);
}
return NULL;
}
int virNWFilterSaveXML(const char *configDir, int virNWFilterSaveXML(const char *configDir,
virNWFilterDefPtr def, virNWFilterDefPtr def,
const char *xml) const char *xml)
@ -2860,62 +2779,6 @@ int virNWFilterSaveConfig(const char *configDir,
} }
static int
_virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def,
const char *filtername)
{
int rc = 0;
size_t i;
virNWFilterEntryPtr entry;
virNWFilterObjPtr obj;
if (!def)
return 0;
for (i = 0; i < def->nentries; i++) {
entry = def->filterEntries[i];
if (entry->include) {
if (STREQ(filtername, entry->include->filterref)) {
rc = -1;
break;
}
obj = virNWFilterObjFindByName(nwfilters,
entry->include->filterref);
if (obj) {
rc = _virNWFilterDefLoopDetect(nwfilters,
obj->def, filtername);
virNWFilterObjUnlock(obj);
if (rc < 0)
break;
}
}
}
return rc;
}
/*
* virNWFilterDefLoopDetect:
* @nwfilters : the nwfilters to search
* @def : the filter definition that may add a loop and is to be tested
*
* Detect a loop introduced through the filters being able to
* reference each other.
*
* Returns 0 in case no loop was detected, -1 otherwise.
*/
static int
virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def)
{
return _virNWFilterDefLoopDetect(nwfilters, def, def->name);
}
int nCallbackDriver; int nCallbackDriver;
#define MAX_CALLBACK_DRIVER 10 #define MAX_CALLBACK_DRIVER 10
static virNWFilterCallbackDriverPtr callbackDrvArray[MAX_CALLBACK_DRIVER]; static virNWFilterCallbackDriverPtr callbackDrvArray[MAX_CALLBACK_DRIVER];
@ -2987,7 +2850,7 @@ virNWFilterInstFiltersOnAllVMs(void)
return 0; return 0;
} }
static int int
virNWFilterTriggerVMFilterRebuild(void) virNWFilterTriggerVMFilterRebuild(void)
{ {
size_t i; size_t i;
@ -3027,204 +2890,6 @@ virNWFilterTriggerVMFilterRebuild(void)
} }
int
virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter)
{
int rc = 0;
nwfilter->wantRemoved = 1;
/* trigger the update on VMs referencing the filter */
if (virNWFilterTriggerVMFilterRebuild())
rc = -1;
nwfilter->wantRemoved = 0;
return rc;
}
static bool
virNWFilterDefEqual(const virNWFilterDef *def1, virNWFilterDefPtr def2,
bool cmpUUIDs)
{
bool ret = false;
unsigned char rem_uuid[VIR_UUID_BUFLEN];
char *xml1, *xml2 = NULL;
if (!cmpUUIDs) {
/* make sure the UUIDs are equal */
memcpy(rem_uuid, def2->uuid, sizeof(rem_uuid));
memcpy(def2->uuid, def1->uuid, sizeof(def2->uuid));
}
if (!(xml1 = virNWFilterDefFormat(def1)) ||
!(xml2 = virNWFilterDefFormat(def2)))
goto cleanup;
ret = STREQ(xml1, xml2);
cleanup:
if (!cmpUUIDs)
memcpy(def2->uuid, rem_uuid, sizeof(rem_uuid));
VIR_FREE(xml1);
VIR_FREE(xml2);
return ret;
}
virNWFilterObjPtr
virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def)
{
virNWFilterObjPtr nwfilter;
nwfilter = virNWFilterObjFindByUUID(nwfilters, def->uuid);
if (nwfilter) {
if (STRNEQ(def->name, nwfilter->def->name)) {
virReportError(VIR_ERR_OPERATION_FAILED,
_("filter with same UUID but different name "
"('%s') already exists"),
nwfilter->def->name);
virNWFilterObjUnlock(nwfilter);
return NULL;
}
virNWFilterObjUnlock(nwfilter);
} else {
nwfilter = virNWFilterObjFindByName(nwfilters, def->name);
if (nwfilter) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(nwfilter->def->uuid, uuidstr);
virReportError(VIR_ERR_OPERATION_FAILED,
_("filter '%s' already exists with uuid %s"),
def->name, uuidstr);
virNWFilterObjUnlock(nwfilter);
return NULL;
}
}
if (virNWFilterDefLoopDetect(nwfilters, def) < 0) {
virReportError(VIR_ERR_OPERATION_FAILED,
"%s", _("filter would introduce a loop"));
return NULL;
}
if ((nwfilter = virNWFilterObjFindByName(nwfilters, def->name))) {
if (virNWFilterDefEqual(def, nwfilter->def, false)) {
virNWFilterDefFree(nwfilter->def);
nwfilter->def = def;
return nwfilter;
}
nwfilter->newDef = def;
/* trigger the update on VMs referencing the filter */
if (virNWFilterTriggerVMFilterRebuild()) {
nwfilter->newDef = NULL;
virNWFilterObjUnlock(nwfilter);
return NULL;
}
virNWFilterDefFree(nwfilter->def);
nwfilter->def = def;
nwfilter->newDef = NULL;
return nwfilter;
}
if (VIR_ALLOC(nwfilter) < 0)
return NULL;
if (virMutexInitRecursive(&nwfilter->lock) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("cannot initialize mutex"));
VIR_FREE(nwfilter);
return NULL;
}
virNWFilterObjLock(nwfilter);
nwfilter->active = 0;
if (VIR_APPEND_ELEMENT_COPY(nwfilters->objs,
nwfilters->count, nwfilter) < 0) {
virNWFilterObjUnlock(nwfilter);
virNWFilterObjFree(nwfilter);
return NULL;
}
nwfilter->def = def;
return nwfilter;
}
static virNWFilterObjPtr
virNWFilterLoadConfig(virNWFilterObjListPtr nwfilters,
const char *configDir,
const char *name)
{
virNWFilterDefPtr def = NULL;
virNWFilterObjPtr nwfilter;
char *configFile = NULL;
if (!(configFile = virFileBuildPath(configDir, name, ".xml")))
goto error;
if (!(def = virNWFilterDefParseFile(configFile)))
goto error;
if (STRNEQ(name, def->name)) {
virReportError(VIR_ERR_XML_ERROR,
_("network filter config filename '%s' "
"does not match name '%s'"),
configFile, def->name);
goto error;
}
/* We generated a UUID, make it permanent by saving the config to disk */
if (!def->uuid_specified &&
virNWFilterSaveConfig(configDir, def) < 0)
goto error;
if (!(nwfilter = virNWFilterObjAssignDef(nwfilters, def)))
goto error;
VIR_FREE(configFile);
return nwfilter;
error:
VIR_FREE(configFile);
virNWFilterDefFree(def);
return NULL;
}
int
virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
const char *configDir)
{
DIR *dir;
struct dirent *entry;
int ret = -1;
int rc;
if ((rc = virDirOpenIfExists(&dir, configDir)) <= 0)
return rc;
while ((ret = virDirRead(dir, &entry, configDir)) > 0) {
virNWFilterObjPtr nwfilter;
if (!virFileStripSuffix(entry->d_name, ".xml"))
continue;
nwfilter = virNWFilterLoadConfig(nwfilters, configDir, entry->d_name);
if (nwfilter)
virNWFilterObjUnlock(nwfilter);
}
VIR_DIR_CLOSE(dir);
return ret;
}
int int
virNWFilterSaveDef(const char *configDir, virNWFilterSaveDef(const char *configDir,
virNWFilterDefPtr def) virNWFilterDefPtr def)
@ -3568,17 +3233,6 @@ void virNWFilterConfLayerShutdown(void)
} }
void virNWFilterObjLock(virNWFilterObjPtr obj)
{
virMutexLock(&obj->lock);
}
void virNWFilterObjUnlock(virNWFilterObjPtr obj)
{
virMutexUnlock(&obj->lock);
}
bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule) bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule)
{ {
if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP && if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP &&

View File

@ -546,41 +546,6 @@ struct _virNWFilterDef {
}; };
typedef struct _virNWFilterObj virNWFilterObj;
typedef virNWFilterObj *virNWFilterObjPtr;
struct _virNWFilterObj {
virMutex lock;
int active;
int wantRemoved;
virNWFilterDefPtr def;
virNWFilterDefPtr newDef;
};
typedef struct _virNWFilterObjList virNWFilterObjList;
typedef virNWFilterObjList *virNWFilterObjListPtr;
struct _virNWFilterObjList {
size_t count;
virNWFilterObjPtr *objs;
};
typedef struct _virNWFilterDriverState virNWFilterDriverState;
typedef virNWFilterDriverState *virNWFilterDriverStatePtr;
struct _virNWFilterDriverState {
virMutex lock;
bool privileged;
virNWFilterObjList nwfilters;
char *configDir;
bool watchingFirewallD;
};
typedef enum { typedef enum {
STEP_APPLY_NEW, STEP_APPLY_NEW,
STEP_TEAR_NEW, STEP_TEAR_NEW,
@ -598,18 +563,8 @@ struct domUpdateCBStruct {
void virNWFilterRuleDefFree(virNWFilterRuleDefPtr def); void virNWFilterRuleDefFree(virNWFilterRuleDefPtr def);
void virNWFilterDefFree(virNWFilterDefPtr def); void virNWFilterDefFree(virNWFilterDefPtr def);
void virNWFilterObjListFree(virNWFilterObjListPtr nwfilters);
void virNWFilterObjRemove(virNWFilterObjListPtr nwfilters,
virNWFilterObjPtr nwfilter);
void virNWFilterObjFree(virNWFilterObjPtr obj);
virNWFilterObjPtr virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters,
const unsigned char *uuid);
virNWFilterObjPtr virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters,
const char *name);
int virNWFilterTriggerVMFilterRebuild(void);
int virNWFilterSaveDef(const char *configDir, int virNWFilterSaveDef(const char *configDir,
virNWFilterDefPtr def); virNWFilterDefPtr def);
@ -617,11 +572,6 @@ int virNWFilterSaveDef(const char *configDir,
int virNWFilterDeleteDef(const char *configDir, int virNWFilterDeleteDef(const char *configDir,
virNWFilterDefPtr def); virNWFilterDefPtr def);
virNWFilterObjPtr virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def);
int virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter);
virNWFilterDefPtr virNWFilterDefParseNode(xmlDocPtr xml, virNWFilterDefPtr virNWFilterDefParseNode(xmlDocPtr xml,
xmlNodePtr root); xmlNodePtr root);
@ -634,18 +584,12 @@ int virNWFilterSaveXML(const char *configDir,
int virNWFilterSaveConfig(const char *configDir, int virNWFilterSaveConfig(const char *configDir,
virNWFilterDefPtr def); virNWFilterDefPtr def);
int virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
const char *configDir);
char *virNWFilterConfigFile(const char *dir, char *virNWFilterConfigFile(const char *dir,
const char *name); const char *name);
virNWFilterDefPtr virNWFilterDefParseString(const char *xml); virNWFilterDefPtr virNWFilterDefParseString(const char *xml);
virNWFilterDefPtr virNWFilterDefParseFile(const char *filename); virNWFilterDefPtr virNWFilterDefParseFile(const char *filename);
void virNWFilterObjLock(virNWFilterObjPtr obj);
void virNWFilterObjUnlock(virNWFilterObjPtr obj);
void virNWFilterWriteLockFilterUpdates(void); void virNWFilterWriteLockFilterUpdates(void);
void virNWFilterReadLockFilterUpdates(void); void virNWFilterReadLockFilterUpdates(void);
void virNWFilterUnlockFilterUpdates(void); void virNWFilterUnlockFilterUpdates(void);

382
src/conf/virnwfilterobj.c Normal file
View File

@ -0,0 +1,382 @@
/*
* virnwfilterobj.c: network filter object processing
* (derived from nwfilter_conf.c)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <dirent.h>
#include "datatypes.h"
#include "viralloc.h"
#include "virerror.h"
#include "virfile.h"
#include "virlog.h"
#include "virnwfilterobj.h"
#include "virstring.h"
#define VIR_FROM_THIS VIR_FROM_NWFILTER
VIR_LOG_INIT("conf.virnwfilterobj");
void
virNWFilterObjFree(virNWFilterObjPtr obj)
{
if (!obj)
return;
virNWFilterDefFree(obj->def);
virNWFilterDefFree(obj->newDef);
virMutexDestroy(&obj->lock);
VIR_FREE(obj);
}
void
virNWFilterObjListFree(virNWFilterObjListPtr nwfilters)
{
size_t i;
for (i = 0; i < nwfilters->count; i++)
virNWFilterObjFree(nwfilters->objs[i]);
VIR_FREE(nwfilters->objs);
nwfilters->count = 0;
}
void
virNWFilterObjRemove(virNWFilterObjListPtr nwfilters,
virNWFilterObjPtr nwfilter)
{
size_t i;
virNWFilterObjUnlock(nwfilter);
for (i = 0; i < nwfilters->count; i++) {
virNWFilterObjLock(nwfilters->objs[i]);
if (nwfilters->objs[i] == nwfilter) {
virNWFilterObjUnlock(nwfilters->objs[i]);
virNWFilterObjFree(nwfilters->objs[i]);
VIR_DELETE_ELEMENT(nwfilters->objs, i, nwfilters->count);
break;
}
virNWFilterObjUnlock(nwfilters->objs[i]);
}
}
virNWFilterObjPtr
virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters,
const unsigned char *uuid)
{
size_t i;
for (i = 0; i < nwfilters->count; i++) {
virNWFilterObjLock(nwfilters->objs[i]);
if (!memcmp(nwfilters->objs[i]->def->uuid, uuid, VIR_UUID_BUFLEN))
return nwfilters->objs[i];
virNWFilterObjUnlock(nwfilters->objs[i]);
}
return NULL;
}
virNWFilterObjPtr
virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters, const char *name)
{
size_t i;
for (i = 0; i < nwfilters->count; i++) {
virNWFilterObjLock(nwfilters->objs[i]);
if (STREQ_NULLABLE(nwfilters->objs[i]->def->name, name))
return nwfilters->objs[i];
virNWFilterObjUnlock(nwfilters->objs[i]);
}
return NULL;
}
static int
_virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def,
const char *filtername)
{
int rc = 0;
size_t i;
virNWFilterEntryPtr entry;
virNWFilterObjPtr obj;
if (!def)
return 0;
for (i = 0; i < def->nentries; i++) {
entry = def->filterEntries[i];
if (entry->include) {
if (STREQ(filtername, entry->include->filterref)) {
rc = -1;
break;
}
obj = virNWFilterObjFindByName(nwfilters,
entry->include->filterref);
if (obj) {
rc = _virNWFilterDefLoopDetect(nwfilters,
obj->def, filtername);
virNWFilterObjUnlock(obj);
if (rc < 0)
break;
}
}
}
return rc;
}
/*
* virNWFilterDefLoopDetect:
* @nwfilters : the nwfilters to search
* @def : the filter definition that may add a loop and is to be tested
*
* Detect a loop introduced through the filters being able to
* reference each other.
*
* Returns 0 in case no loop was detected, -1 otherwise.
*/
static int
virNWFilterDefLoopDetect(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def)
{
return _virNWFilterDefLoopDetect(nwfilters, def, def->name);
}
int
virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter)
{
int rc = 0;
nwfilter->wantRemoved = 1;
/* trigger the update on VMs referencing the filter */
if (virNWFilterTriggerVMFilterRebuild())
rc = -1;
nwfilter->wantRemoved = 0;
return rc;
}
static bool
virNWFilterDefEqual(const virNWFilterDef *def1, virNWFilterDefPtr def2,
bool cmpUUIDs)
{
bool ret = false;
unsigned char rem_uuid[VIR_UUID_BUFLEN];
char *xml1, *xml2 = NULL;
if (!cmpUUIDs) {
/* make sure the UUIDs are equal */
memcpy(rem_uuid, def2->uuid, sizeof(rem_uuid));
memcpy(def2->uuid, def1->uuid, sizeof(def2->uuid));
}
if (!(xml1 = virNWFilterDefFormat(def1)) ||
!(xml2 = virNWFilterDefFormat(def2)))
goto cleanup;
ret = STREQ(xml1, xml2);
cleanup:
if (!cmpUUIDs)
memcpy(def2->uuid, rem_uuid, sizeof(rem_uuid));
VIR_FREE(xml1);
VIR_FREE(xml2);
return ret;
}
virNWFilterObjPtr
virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def)
{
virNWFilterObjPtr nwfilter;
nwfilter = virNWFilterObjFindByUUID(nwfilters, def->uuid);
if (nwfilter) {
if (STRNEQ(def->name, nwfilter->def->name)) {
virReportError(VIR_ERR_OPERATION_FAILED,
_("filter with same UUID but different name "
"('%s') already exists"),
nwfilter->def->name);
virNWFilterObjUnlock(nwfilter);
return NULL;
}
virNWFilterObjUnlock(nwfilter);
} else {
nwfilter = virNWFilterObjFindByName(nwfilters, def->name);
if (nwfilter) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(nwfilter->def->uuid, uuidstr);
virReportError(VIR_ERR_OPERATION_FAILED,
_("filter '%s' already exists with uuid %s"),
def->name, uuidstr);
virNWFilterObjUnlock(nwfilter);
return NULL;
}
}
if (virNWFilterDefLoopDetect(nwfilters, def) < 0) {
virReportError(VIR_ERR_OPERATION_FAILED,
"%s", _("filter would introduce a loop"));
return NULL;
}
if ((nwfilter = virNWFilterObjFindByName(nwfilters, def->name))) {
if (virNWFilterDefEqual(def, nwfilter->def, false)) {
virNWFilterDefFree(nwfilter->def);
nwfilter->def = def;
return nwfilter;
}
nwfilter->newDef = def;
/* trigger the update on VMs referencing the filter */
if (virNWFilterTriggerVMFilterRebuild()) {
nwfilter->newDef = NULL;
virNWFilterObjUnlock(nwfilter);
return NULL;
}
virNWFilterDefFree(nwfilter->def);
nwfilter->def = def;
nwfilter->newDef = NULL;
return nwfilter;
}
if (VIR_ALLOC(nwfilter) < 0)
return NULL;
if (virMutexInitRecursive(&nwfilter->lock) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("cannot initialize mutex"));
VIR_FREE(nwfilter);
return NULL;
}
virNWFilterObjLock(nwfilter);
nwfilter->active = 0;
if (VIR_APPEND_ELEMENT_COPY(nwfilters->objs,
nwfilters->count, nwfilter) < 0) {
virNWFilterObjUnlock(nwfilter);
virNWFilterObjFree(nwfilter);
return NULL;
}
nwfilter->def = def;
return nwfilter;
}
static virNWFilterObjPtr
virNWFilterLoadConfig(virNWFilterObjListPtr nwfilters,
const char *configDir,
const char *name)
{
virNWFilterDefPtr def = NULL;
virNWFilterObjPtr nwfilter;
char *configFile = NULL;
if (!(configFile = virFileBuildPath(configDir, name, ".xml")))
goto error;
if (!(def = virNWFilterDefParseFile(configFile)))
goto error;
if (STRNEQ(name, def->name)) {
virReportError(VIR_ERR_XML_ERROR,
_("network filter config filename '%s' "
"does not match name '%s'"),
configFile, def->name);
goto error;
}
/* We generated a UUID, make it permanent by saving the config to disk */
if (!def->uuid_specified &&
virNWFilterSaveConfig(configDir, def) < 0)
goto error;
if (!(nwfilter = virNWFilterObjAssignDef(nwfilters, def)))
goto error;
VIR_FREE(configFile);
return nwfilter;
error:
VIR_FREE(configFile);
virNWFilterDefFree(def);
return NULL;
}
int
virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
const char *configDir)
{
DIR *dir;
struct dirent *entry;
int ret = -1;
int rc;
if ((rc = virDirOpenIfExists(&dir, configDir)) <= 0)
return rc;
while ((ret = virDirRead(dir, &entry, configDir)) > 0) {
virNWFilterObjPtr nwfilter;
if (!virFileStripSuffix(entry->d_name, ".xml"))
continue;
nwfilter = virNWFilterLoadConfig(nwfilters, configDir, entry->d_name);
if (nwfilter)
virNWFilterObjUnlock(nwfilter);
}
VIR_DIR_CLOSE(dir);
return ret;
}
void virNWFilterObjLock(virNWFilterObjPtr obj)
{
virMutexLock(&obj->lock);
}
void virNWFilterObjUnlock(virNWFilterObjPtr obj)
{
virMutexUnlock(&obj->lock);
}

85
src/conf/virnwfilterobj.h Normal file
View File

@ -0,0 +1,85 @@
/*
* virnwfilterobj.h: network filter object processing
* (derived from nwfilter_conf.h)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#ifndef VIRNWFILTEROBJ_H
# define VIRNWFILTEROBJ_H
# include "internal.h"
# include "nwfilter_conf.h"
typedef struct _virNWFilterObj virNWFilterObj;
typedef virNWFilterObj *virNWFilterObjPtr;
struct _virNWFilterObj {
virMutex lock;
int active;
int wantRemoved;
virNWFilterDefPtr def;
virNWFilterDefPtr newDef;
};
typedef struct _virNWFilterObjList virNWFilterObjList;
typedef virNWFilterObjList *virNWFilterObjListPtr;
struct _virNWFilterObjList {
size_t count;
virNWFilterObjPtr *objs;
};
typedef struct _virNWFilterDriverState virNWFilterDriverState;
typedef virNWFilterDriverState *virNWFilterDriverStatePtr;
struct _virNWFilterDriverState {
virMutex lock;
bool privileged;
virNWFilterObjList nwfilters;
char *configDir;
bool watchingFirewallD;
};
void virNWFilterObjListFree(virNWFilterObjListPtr nwfilters);
void virNWFilterObjRemove(virNWFilterObjListPtr nwfilters,
virNWFilterObjPtr nwfilter);
void virNWFilterObjFree(virNWFilterObjPtr obj);
virNWFilterObjPtr virNWFilterObjFindByUUID(virNWFilterObjListPtr nwfilters,
const unsigned char *uuid);
virNWFilterObjPtr virNWFilterObjFindByName(virNWFilterObjListPtr nwfilters,
const char *name);
virNWFilterObjPtr virNWFilterObjAssignDef(virNWFilterObjListPtr nwfilters,
virNWFilterDefPtr def);
int virNWFilterTestUnassignDef(virNWFilterObjPtr nwfilter);
int virNWFilterLoadAllConfigs(virNWFilterObjListPtr nwfilters,
const char *configDir);
void virNWFilterObjLock(virNWFilterObjPtr obj);
void virNWFilterObjUnlock(virNWFilterObjPtr obj);
#endif /* VIRNWFILTEROBJ_H */

View File

@ -746,14 +746,6 @@ virNWFilterDefParseString;
virNWFilterDeleteDef; virNWFilterDeleteDef;
virNWFilterInstFiltersOnAllVMs; virNWFilterInstFiltersOnAllVMs;
virNWFilterJumpTargetTypeToString; virNWFilterJumpTargetTypeToString;
virNWFilterLoadAllConfigs;
virNWFilterObjAssignDef;
virNWFilterObjFindByName;
virNWFilterObjFindByUUID;
virNWFilterObjListFree;
virNWFilterObjLock;
virNWFilterObjRemove;
virNWFilterObjUnlock;
virNWFilterPrintStateMatchFlags; virNWFilterPrintStateMatchFlags;
virNWFilterPrintTCPFlags; virNWFilterPrintTCPFlags;
virNWFilterReadLockFilterUpdates; virNWFilterReadLockFilterUpdates;
@ -765,7 +757,7 @@ virNWFilterRuleIsProtocolIPv4;
virNWFilterRuleIsProtocolIPv6; virNWFilterRuleIsProtocolIPv6;
virNWFilterRuleProtocolTypeToString; virNWFilterRuleProtocolTypeToString;
virNWFilterSaveDef; virNWFilterSaveDef;
virNWFilterTestUnassignDef; virNWFilterTriggerVMFilterRebuild;
virNWFilterUnlockFilterUpdates; virNWFilterUnlockFilterUpdates;
virNWFilterUnRegisterCallbackDriver; virNWFilterUnRegisterCallbackDriver;
virNWFilterWriteLockFilterUpdates; virNWFilterWriteLockFilterUpdates;
@ -964,6 +956,18 @@ virNodeDeviceObjRemove;
virNodeDeviceObjUnlock; virNodeDeviceObjUnlock;
# conf/virnwfilterobj.h
virNWFilterLoadAllConfigs;
virNWFilterObjAssignDef;
virNWFilterObjFindByName;
virNWFilterObjFindByUUID;
virNWFilterObjListFree;
virNWFilterObjLock;
virNWFilterObjRemove;
virNWFilterObjUnlock;
virNWFilterTestUnassignDef;
# conf/virsecretobj.h # conf/virsecretobj.h
virSecretLoadAllConfigs; virSecretLoadAllConfigs;
virSecretObjDeleteConfig; virSecretObjDeleteConfig;

View File

@ -37,7 +37,6 @@
#include "viralloc.h" #include "viralloc.h"
#include "domain_conf.h" #include "domain_conf.h"
#include "domain_nwfilter.h" #include "domain_nwfilter.h"
#include "nwfilter_conf.h"
#include "nwfilter_driver.h" #include "nwfilter_driver.h"
#include "nwfilter_gentech_driver.h" #include "nwfilter_gentech_driver.h"
#include "configmake.h" #include "configmake.h"

View File

@ -24,7 +24,7 @@
#ifndef __NWFILTER_GENTECH_DRIVER_H #ifndef __NWFILTER_GENTECH_DRIVER_H
# define __NWFILTER_GENTECH_DRIVER_H # define __NWFILTER_GENTECH_DRIVER_H
# include "nwfilter_conf.h" # include "virnwfilterobj.h"
# include "nwfilter_tech_driver.h" # include "nwfilter_tech_driver.h"
virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name); virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name);

View File

@ -26,7 +26,7 @@
#ifndef __NWFILTER_TECH_DRIVER_H__ #ifndef __NWFILTER_TECH_DRIVER_H__
# define __NWFILTER_TECH_DRIVER_H__ # define __NWFILTER_TECH_DRIVER_H__
# include "nwfilter_conf.h" # include "virnwfilterobj.h"
typedef struct _virNWFilterTechDriver virNWFilterTechDriver; typedef struct _virNWFilterTechDriver virNWFilterTechDriver;
typedef virNWFilterTechDriver *virNWFilterTechDriverPtr; typedef virNWFilterTechDriver *virNWFilterTechDriverPtr;