Pass the VM's UUID into the nwfilter subsystem

A preparatory patch for DHCP snooping where we want to be able to
differentiate between a VM's interface using the tuple of
<VM UUID, Interface MAC address>. We assume that MAC addresses could
possibly be re-used between different networks (VLANs) thus do not only
want to rely on the MAC address to identify an interface.

At the current 'final destination' in virNWFilterInstantiate I am leaving
the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive.
(we may not post the DHCP snooping patches for 0.9.9, though)

Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver
and uml_conf, I am passing the virDomainDefPtr around until I am passing
only the VM's uuid into the NWFilter calls.
This commit is contained in:
Stefan Berger 2011-12-08 21:35:20 -05:00 committed by Stefan Berger
parent 95ff5899b9
commit 33eb3567dd
10 changed files with 46 additions and 20 deletions

View File

@ -37,9 +37,10 @@ virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) {
int
virDomainConfNWFilterInstantiate(virConnectPtr conn,
const unsigned char *vmuuid,
virDomainNetDefPtr net) {
if (nwfilterDriver != NULL)
return nwfilterDriver->instantiateFilter(conn, net);
return nwfilterDriver->instantiateFilter(conn, vmuuid, net);
/* driver module not available -- don't indicate failure */
return 0;
}

View File

@ -24,6 +24,7 @@
# define DOMAIN_NWFILTER_H
typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn,
const unsigned char *vmuuid,
virDomainNetDefPtr net);
typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net);
@ -36,6 +37,7 @@ typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr;
void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver);
int virDomainConfNWFilterInstantiate(virConnectPtr conn,
const unsigned char *vmuuid,
virDomainNetDefPtr net);
void virDomainConfNWFilterTeardown(virDomainNetDefPtr net);
void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm);

View File

@ -1185,6 +1185,7 @@ static void lxcVmCleanup(lxc_driver_t *driver,
static int lxcSetupInterfaceBridged(virConnectPtr conn,
virDomainDefPtr vm,
virDomainNetDefPtr net,
const char *brname,
unsigned int *nveths,
@ -1229,7 +1230,7 @@ static int lxcSetupInterfaceBridged(virConnectPtr conn,
}
if (net->filter &&
virDomainConfNWFilterInstantiate(conn, net) < 0)
virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0)
goto cleanup;
ret = 0;
@ -1349,6 +1350,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
goto cleanup;
if (lxcSetupInterfaceBridged(conn,
def,
def->nets[i],
brname,
nveths,
@ -1367,6 +1369,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
goto cleanup;
}
if (lxcSetupInterfaceBridged(conn,
def,
def->nets[i],
brname,
nveths,

View File

@ -443,8 +443,10 @@ cleanup:
static int
nwfilterInstantiateFilter(virConnectPtr conn,
virDomainNetDefPtr net) {
return virNWFilterInstantiateFilter(conn, net);
const unsigned char *vmuuid,
virDomainNetDefPtr net)
{
return virNWFilterInstantiateFilter(conn, vmuuid, net);
}

View File

@ -607,6 +607,7 @@ virNWFilterRuleInstancesToArray(int nEntries,
/**
* virNWFilterInstantiate:
* @vmuuid: The UUID of the VM
* @techdriver: The driver to use for instantiation
* @filter: The filter to instantiate
* @ifname: The name of the interface to apply the rules to
@ -625,7 +626,8 @@ virNWFilterRuleInstancesToArray(int nEntries,
* Call this function while holding the NWFilter filter update lock
*/
static int
virNWFilterInstantiate(virNWFilterTechDriverPtr techdriver,
virNWFilterInstantiate(const unsigned char *vmuuid ATTRIBUTE_UNUSED,
virNWFilterTechDriverPtr techdriver,
enum virDomainNetType nettype,
virNWFilterDefPtr filter,
const char *ifname,
@ -761,7 +763,8 @@ err_unresolvable_vars:
* Call this function while holding the NWFilter filter update lock
*/
static int
__virNWFilterInstantiateFilter(bool teardownOld,
__virNWFilterInstantiateFilter(const unsigned char *vmuuid,
bool teardownOld,
const char *ifname,
int ifindex,
const char *linkdev,
@ -853,7 +856,8 @@ __virNWFilterInstantiateFilter(bool teardownOld,
break;
}
rc = virNWFilterInstantiate(techdriver,
rc = virNWFilterInstantiate(vmuuid,
techdriver,
nettype,
filter,
ifname,
@ -883,6 +887,7 @@ err_exit:
static int
_virNWFilterInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net,
bool teardownOld,
enum instCase useNewFilter,
@ -908,7 +913,8 @@ _virNWFilterInstantiateFilter(virConnectPtr conn,
goto cleanup;
}
rc = __virNWFilterInstantiateFilter(teardownOld,
rc = __virNWFilterInstantiateFilter(vmuuid,
teardownOld,
net->ifname,
ifindex,
linkdev,
@ -929,7 +935,8 @@ cleanup:
int
virNWFilterInstantiateFilterLate(const char *ifname,
virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
const char *ifname,
int ifindex,
const char *linkdev,
enum virDomainNetType nettype,
@ -943,7 +950,8 @@ virNWFilterInstantiateFilterLate(const char *ifname,
virNWFilterLockFilterUpdates();
rc = __virNWFilterInstantiateFilter(true,
rc = __virNWFilterInstantiateFilter(vmuuid,
true,
ifname,
ifindex,
linkdev,
@ -973,11 +981,12 @@ virNWFilterInstantiateFilterLate(const char *ifname,
int
virNWFilterInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net)
{
bool foundNewFilter = false;
return _virNWFilterInstantiateFilter(conn, net,
return _virNWFilterInstantiateFilter(conn, vmuuid, net,
1,
INSTANTIATE_ALWAYS,
&foundNewFilter);
@ -986,12 +995,13 @@ virNWFilterInstantiateFilter(virConnectPtr conn,
int
virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net,
bool *skipIface)
{
bool foundNewFilter = false;
int rc = _virNWFilterInstantiateFilter(conn, net,
int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net,
0,
INSTANTIATE_FOLLOW_NEWFILTER,
&foundNewFilter);
@ -1109,6 +1119,7 @@ virNWFilterDomainFWUpdateCB(void *payload,
switch (cb->step) {
case STEP_APPLY_NEW:
cb->err = virNWFilterUpdateInstantiateFilter(cb->conn,
vm->uuid,
net,
&skipIface);
if (cb->err == 0 && skipIface) {

View File

@ -38,12 +38,15 @@ enum instCase {
int virNWFilterInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net);
int virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
const unsigned char *vmuuid,
const virDomainNetDefPtr net,
bool *skipIface);
int virNWFilterInstantiateFilterLate(const char *ifname,
int virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
const char *ifname,
int ifindex,
const char *linkdev,
enum virDomainNetType nettype,

View File

@ -704,7 +704,8 @@ learnIPAddressThread(void *arg)
"cache for interface %s"), inetaddr, req->ifname);
}
ret = virNWFilterInstantiateFilterLate(req->ifname,
ret = virNWFilterInstantiateFilterLate(NULL,
req->ifname,
req->ifindex,
req->linkdev,
req->nettype,

View File

@ -275,7 +275,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
if (tapfd >= 0) {
if ((net->filter) && (net->ifname)) {
if (virDomainConfNWFilterInstantiate(conn, net) < 0)
if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0)
VIR_FORCE_CLOSE(tapfd);
}
}

View File

@ -2355,7 +2355,7 @@ qemuProcessFiltersInstantiate(virConnectPtr conn,
for (i = 0 ; i < def->nnets ; i++) {
virDomainNetDefPtr net = def->nets[i];
if ((net->filter) && (net->ifname)) {
if (virDomainConfNWFilterInstantiate(conn, net) < 0) {
if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) {
err = 1;
break;
}

View File

@ -122,6 +122,7 @@ virCapsPtr umlCapsInit(void) {
static int
umlConnectTapDevice(virConnectPtr conn,
virDomainDefPtr vm,
virDomainNetDefPtr net,
const char *bridge)
{
@ -148,7 +149,7 @@ umlConnectTapDevice(virConnectPtr conn,
}
if (net->filter) {
if (virDomainConfNWFilterInstantiate(conn, net) < 0) {
if (virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) {
if (template_ifname)
VIR_FREE(net->ifname);
goto error;
@ -165,6 +166,7 @@ error:
static char *
umlBuildCommandLineNet(virConnectPtr conn,
virDomainDefPtr vm,
virDomainNetDefPtr def,
int idx)
{
@ -230,7 +232,7 @@ umlBuildCommandLineNet(virConnectPtr conn,
goto error;
}
if (umlConnectTapDevice(conn, def, bridge) < 0) {
if (umlConnectTapDevice(conn, vm, def, bridge) < 0) {
VIR_FREE(bridge);
goto error;
}
@ -241,7 +243,8 @@ umlBuildCommandLineNet(virConnectPtr conn,
}
case VIR_DOMAIN_NET_TYPE_BRIDGE:
if (umlConnectTapDevice(conn, def, def->data.bridge.brname) < 0)
if (umlConnectTapDevice(conn, vm, def,
def->data.bridge.brname) < 0)
goto error;
/* ethNNN=tuntap,tapname,macaddr,gateway */
@ -434,7 +437,7 @@ virCommandPtr umlBuildCommandLine(virConnectPtr conn,
}
for (i = 0 ; i < vm->def->nnets ; i++) {
char *ret = umlBuildCommandLineNet(conn, vm->def->nets[i], i);
char *ret = umlBuildCommandLineNet(conn, vm->def, vm->def->nets[i], i);
if (!ret)
goto error;
virCommandAddArg(cmd, ret);