mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-12 15:52:55 +00:00
Pass the VM's UUID into the nwfilter subsystem
A preparatory patch for DHCP snooping where we want to be able to differentiate between a VM's interface using the tuple of <VM UUID, Interface MAC address>. We assume that MAC addresses could possibly be re-used between different networks (VLANs) thus do not only want to rely on the MAC address to identify an interface. At the current 'final destination' in virNWFilterInstantiate I am leaving the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive. (we may not post the DHCP snooping patches for 0.9.9, though) Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver and uml_conf, I am passing the virDomainDefPtr around until I am passing only the VM's uuid into the NWFilter calls.
This commit is contained in:
parent
95ff5899b9
commit
33eb3567dd
@ -37,9 +37,10 @@ virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) {
|
||||
|
||||
int
|
||||
virDomainConfNWFilterInstantiate(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
virDomainNetDefPtr net) {
|
||||
if (nwfilterDriver != NULL)
|
||||
return nwfilterDriver->instantiateFilter(conn, net);
|
||||
return nwfilterDriver->instantiateFilter(conn, vmuuid, net);
|
||||
/* driver module not available -- don't indicate failure */
|
||||
return 0;
|
||||
}
|
||||
|
@ -24,6 +24,7 @@
|
||||
# define DOMAIN_NWFILTER_H
|
||||
|
||||
typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
virDomainNetDefPtr net);
|
||||
typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net);
|
||||
|
||||
@ -36,6 +37,7 @@ typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr;
|
||||
void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver);
|
||||
|
||||
int virDomainConfNWFilterInstantiate(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
virDomainNetDefPtr net);
|
||||
void virDomainConfNWFilterTeardown(virDomainNetDefPtr net);
|
||||
void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm);
|
||||
|
@ -1185,6 +1185,7 @@ static void lxcVmCleanup(lxc_driver_t *driver,
|
||||
|
||||
|
||||
static int lxcSetupInterfaceBridged(virConnectPtr conn,
|
||||
virDomainDefPtr vm,
|
||||
virDomainNetDefPtr net,
|
||||
const char *brname,
|
||||
unsigned int *nveths,
|
||||
@ -1229,7 +1230,7 @@ static int lxcSetupInterfaceBridged(virConnectPtr conn,
|
||||
}
|
||||
|
||||
if (net->filter &&
|
||||
virDomainConfNWFilterInstantiate(conn, net) < 0)
|
||||
virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0)
|
||||
goto cleanup;
|
||||
|
||||
ret = 0;
|
||||
@ -1349,6 +1350,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
|
||||
goto cleanup;
|
||||
|
||||
if (lxcSetupInterfaceBridged(conn,
|
||||
def,
|
||||
def->nets[i],
|
||||
brname,
|
||||
nveths,
|
||||
@ -1367,6 +1369,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
|
||||
goto cleanup;
|
||||
}
|
||||
if (lxcSetupInterfaceBridged(conn,
|
||||
def,
|
||||
def->nets[i],
|
||||
brname,
|
||||
nveths,
|
||||
|
@ -443,8 +443,10 @@ cleanup:
|
||||
|
||||
static int
|
||||
nwfilterInstantiateFilter(virConnectPtr conn,
|
||||
virDomainNetDefPtr net) {
|
||||
return virNWFilterInstantiateFilter(conn, net);
|
||||
const unsigned char *vmuuid,
|
||||
virDomainNetDefPtr net)
|
||||
{
|
||||
return virNWFilterInstantiateFilter(conn, vmuuid, net);
|
||||
}
|
||||
|
||||
|
||||
|
@ -607,6 +607,7 @@ virNWFilterRuleInstancesToArray(int nEntries,
|
||||
|
||||
/**
|
||||
* virNWFilterInstantiate:
|
||||
* @vmuuid: The UUID of the VM
|
||||
* @techdriver: The driver to use for instantiation
|
||||
* @filter: The filter to instantiate
|
||||
* @ifname: The name of the interface to apply the rules to
|
||||
@ -625,7 +626,8 @@ virNWFilterRuleInstancesToArray(int nEntries,
|
||||
* Call this function while holding the NWFilter filter update lock
|
||||
*/
|
||||
static int
|
||||
virNWFilterInstantiate(virNWFilterTechDriverPtr techdriver,
|
||||
virNWFilterInstantiate(const unsigned char *vmuuid ATTRIBUTE_UNUSED,
|
||||
virNWFilterTechDriverPtr techdriver,
|
||||
enum virDomainNetType nettype,
|
||||
virNWFilterDefPtr filter,
|
||||
const char *ifname,
|
||||
@ -761,7 +763,8 @@ err_unresolvable_vars:
|
||||
* Call this function while holding the NWFilter filter update lock
|
||||
*/
|
||||
static int
|
||||
__virNWFilterInstantiateFilter(bool teardownOld,
|
||||
__virNWFilterInstantiateFilter(const unsigned char *vmuuid,
|
||||
bool teardownOld,
|
||||
const char *ifname,
|
||||
int ifindex,
|
||||
const char *linkdev,
|
||||
@ -853,7 +856,8 @@ __virNWFilterInstantiateFilter(bool teardownOld,
|
||||
break;
|
||||
}
|
||||
|
||||
rc = virNWFilterInstantiate(techdriver,
|
||||
rc = virNWFilterInstantiate(vmuuid,
|
||||
techdriver,
|
||||
nettype,
|
||||
filter,
|
||||
ifname,
|
||||
@ -883,6 +887,7 @@ err_exit:
|
||||
|
||||
static int
|
||||
_virNWFilterInstantiateFilter(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
const virDomainNetDefPtr net,
|
||||
bool teardownOld,
|
||||
enum instCase useNewFilter,
|
||||
@ -908,7 +913,8 @@ _virNWFilterInstantiateFilter(virConnectPtr conn,
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
rc = __virNWFilterInstantiateFilter(teardownOld,
|
||||
rc = __virNWFilterInstantiateFilter(vmuuid,
|
||||
teardownOld,
|
||||
net->ifname,
|
||||
ifindex,
|
||||
linkdev,
|
||||
@ -929,7 +935,8 @@ cleanup:
|
||||
|
||||
|
||||
int
|
||||
virNWFilterInstantiateFilterLate(const char *ifname,
|
||||
virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
|
||||
const char *ifname,
|
||||
int ifindex,
|
||||
const char *linkdev,
|
||||
enum virDomainNetType nettype,
|
||||
@ -943,7 +950,8 @@ virNWFilterInstantiateFilterLate(const char *ifname,
|
||||
|
||||
virNWFilterLockFilterUpdates();
|
||||
|
||||
rc = __virNWFilterInstantiateFilter(true,
|
||||
rc = __virNWFilterInstantiateFilter(vmuuid,
|
||||
true,
|
||||
ifname,
|
||||
ifindex,
|
||||
linkdev,
|
||||
@ -973,11 +981,12 @@ virNWFilterInstantiateFilterLate(const char *ifname,
|
||||
|
||||
int
|
||||
virNWFilterInstantiateFilter(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
const virDomainNetDefPtr net)
|
||||
{
|
||||
bool foundNewFilter = false;
|
||||
|
||||
return _virNWFilterInstantiateFilter(conn, net,
|
||||
return _virNWFilterInstantiateFilter(conn, vmuuid, net,
|
||||
1,
|
||||
INSTANTIATE_ALWAYS,
|
||||
&foundNewFilter);
|
||||
@ -986,12 +995,13 @@ virNWFilterInstantiateFilter(virConnectPtr conn,
|
||||
|
||||
int
|
||||
virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
const virDomainNetDefPtr net,
|
||||
bool *skipIface)
|
||||
{
|
||||
bool foundNewFilter = false;
|
||||
|
||||
int rc = _virNWFilterInstantiateFilter(conn, net,
|
||||
int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net,
|
||||
0,
|
||||
INSTANTIATE_FOLLOW_NEWFILTER,
|
||||
&foundNewFilter);
|
||||
@ -1109,6 +1119,7 @@ virNWFilterDomainFWUpdateCB(void *payload,
|
||||
switch (cb->step) {
|
||||
case STEP_APPLY_NEW:
|
||||
cb->err = virNWFilterUpdateInstantiateFilter(cb->conn,
|
||||
vm->uuid,
|
||||
net,
|
||||
&skipIface);
|
||||
if (cb->err == 0 && skipIface) {
|
||||
|
@ -38,12 +38,15 @@ enum instCase {
|
||||
|
||||
|
||||
int virNWFilterInstantiateFilter(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
const virDomainNetDefPtr net);
|
||||
int virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
|
||||
const unsigned char *vmuuid,
|
||||
const virDomainNetDefPtr net,
|
||||
bool *skipIface);
|
||||
|
||||
int virNWFilterInstantiateFilterLate(const char *ifname,
|
||||
int virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
|
||||
const char *ifname,
|
||||
int ifindex,
|
||||
const char *linkdev,
|
||||
enum virDomainNetType nettype,
|
||||
|
@ -704,7 +704,8 @@ learnIPAddressThread(void *arg)
|
||||
"cache for interface %s"), inetaddr, req->ifname);
|
||||
}
|
||||
|
||||
ret = virNWFilterInstantiateFilterLate(req->ifname,
|
||||
ret = virNWFilterInstantiateFilterLate(NULL,
|
||||
req->ifname,
|
||||
req->ifindex,
|
||||
req->linkdev,
|
||||
req->nettype,
|
||||
|
@ -275,7 +275,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
|
||||
|
||||
if (tapfd >= 0) {
|
||||
if ((net->filter) && (net->ifname)) {
|
||||
if (virDomainConfNWFilterInstantiate(conn, net) < 0)
|
||||
if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0)
|
||||
VIR_FORCE_CLOSE(tapfd);
|
||||
}
|
||||
}
|
||||
|
@ -2355,7 +2355,7 @@ qemuProcessFiltersInstantiate(virConnectPtr conn,
|
||||
for (i = 0 ; i < def->nnets ; i++) {
|
||||
virDomainNetDefPtr net = def->nets[i];
|
||||
if ((net->filter) && (net->ifname)) {
|
||||
if (virDomainConfNWFilterInstantiate(conn, net) < 0) {
|
||||
if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) {
|
||||
err = 1;
|
||||
break;
|
||||
}
|
||||
|
@ -122,6 +122,7 @@ virCapsPtr umlCapsInit(void) {
|
||||
|
||||
static int
|
||||
umlConnectTapDevice(virConnectPtr conn,
|
||||
virDomainDefPtr vm,
|
||||
virDomainNetDefPtr net,
|
||||
const char *bridge)
|
||||
{
|
||||
@ -148,7 +149,7 @@ umlConnectTapDevice(virConnectPtr conn,
|
||||
}
|
||||
|
||||
if (net->filter) {
|
||||
if (virDomainConfNWFilterInstantiate(conn, net) < 0) {
|
||||
if (virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) {
|
||||
if (template_ifname)
|
||||
VIR_FREE(net->ifname);
|
||||
goto error;
|
||||
@ -165,6 +166,7 @@ error:
|
||||
|
||||
static char *
|
||||
umlBuildCommandLineNet(virConnectPtr conn,
|
||||
virDomainDefPtr vm,
|
||||
virDomainNetDefPtr def,
|
||||
int idx)
|
||||
{
|
||||
@ -230,7 +232,7 @@ umlBuildCommandLineNet(virConnectPtr conn,
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (umlConnectTapDevice(conn, def, bridge) < 0) {
|
||||
if (umlConnectTapDevice(conn, vm, def, bridge) < 0) {
|
||||
VIR_FREE(bridge);
|
||||
goto error;
|
||||
}
|
||||
@ -241,7 +243,8 @@ umlBuildCommandLineNet(virConnectPtr conn,
|
||||
}
|
||||
|
||||
case VIR_DOMAIN_NET_TYPE_BRIDGE:
|
||||
if (umlConnectTapDevice(conn, def, def->data.bridge.brname) < 0)
|
||||
if (umlConnectTapDevice(conn, vm, def,
|
||||
def->data.bridge.brname) < 0)
|
||||
goto error;
|
||||
|
||||
/* ethNNN=tuntap,tapname,macaddr,gateway */
|
||||
@ -434,7 +437,7 @@ virCommandPtr umlBuildCommandLine(virConnectPtr conn,
|
||||
}
|
||||
|
||||
for (i = 0 ; i < vm->def->nnets ; i++) {
|
||||
char *ret = umlBuildCommandLineNet(conn, vm->def->nets[i], i);
|
||||
char *ret = umlBuildCommandLineNet(conn, vm->def, vm->def->nets[i], i);
|
||||
if (!ret)
|
||||
goto error;
|
||||
virCommandAddArg(cmd, ret);
|
||||
|
Loading…
x
Reference in New Issue
Block a user