network: save network status when firewall rules are reloaded

In the case that a new version of libvirt is started that uses different rules to build the network firewall, we need to re-save the status so that when the network is destroyed (or the *next* time libvirt is restarted and wants to remove/re-add the firewall), it will have the proper information to perform the firewall removal. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2025-03-07 17:28:15 +00:00 · 2024-04-19 22:19:42 -04:00 · 2024-04-19 22:19:42 -04:00 · 110383fa30
commit 110383fa30
parent 97061d576b
2 changed files with 8 additions and 1 deletions
--- a/src/conf/virnetworkobj.c
+++ b/src/conf/virnetworkobj.c
@ -834,6 +834,7 @@ virNetworkObjSaveStatus(const char *statusDir,
    int flags = 0;
    g_autofree char *xml = NULL;

+    VIR_DEBUG("Writing network status to disk");
    if (!(xml = virNetworkObjFormat(obj, xmlopt, flags)))
        return -1;

--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@ -1686,6 +1686,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
    VIR_LOCK_GUARD lock = virObjectLockGuard(obj);
    virNetworkDef *def = virNetworkObjGetDef(obj);
    virFirewall *fwRemoval = NULL;
+    bool saveStatus = false;

    if (virNetworkObjIsActive(obj)) {
        switch ((virNetworkForwardType) def->forward.type) {
@ -1700,6 +1701,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
            networkRemoveFirewallRules(obj);
            ignore_value(networkAddFirewallRules(def, cfg->firewallBackend, &fwRemoval));
            virNetworkObjSetFwRemoval(obj, fwRemoval);
+            saveStatus = true;
            break;

        case VIR_NETWORK_FORWARD_OPEN:
@ -1717,6 +1719,11 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
        }
    }

+    if (saveStatus) {
+        ignore_value(virNetworkObjSaveStatus(cfg->stateDir, obj,
+                                             network_driver->xmlopt));
+    }
+
    return 0;
 }

@ -2366,7 +2373,6 @@ networkStartNetwork(virNetworkDriverState *driver,
    /* Persist the live configuration now that anything autogenerated
     * is setup.
     */
-    VIR_DEBUG("Writing network status to disk");
    if (virNetworkObjSaveStatus(cfg->stateDir,
                                obj, network_driver->xmlopt) < 0)
        goto cleanup;