qemu: reorganize qemuInterfaceEthernetConnect()

This just moves around a few things in qemuInterfaceConnect() with no functional difference (except that a few failures that would have previously resulted in a "success" audit log will now properly produce a "fail" audit). The change is so that adding support for unmanaged tap/macvtap devices will be more easily reviewable. Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2025-03-20 07:59:00 +00:00 · 2019-08-27 12:18:35 -04:00 · 2019-08-27 12:18:35 -04:00 · 3c049fadce
commit 3c049fadce
parent 3d21ff72e0
1 changed files with 8 additions and 7 deletions
--- a/src/qemu/qemu_interface.c
+++ b/src/qemu/qemu_interface.c
@ -414,6 +414,7 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
    bool template_ifname = false;
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
    const char *tunpath = "/dev/net/tun";
+    const char *auditdev = tunpath;

    if (net->backend.tap) {
        tunpath = net->backend.tap;
@ -424,6 +425,9 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
        }
    }

+    if (virDomainNetIsVirtioModel(net))
+        tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR;
+
    if (!net->ifname ||
        STRPREFIX(net->ifname, VIR_NET_GENERATED_TAP_PREFIX) ||
        strchr(net->ifname, '%')) {
@ -433,18 +437,11 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
        /* avoid exposing vnet%d in getXMLDesc or error outputs */
        template_ifname = true;
    }
-
-    if (virDomainNetIsVirtioModel(net))
-        tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR;
-
    if (virNetDevTapCreate(&net->ifname, tunpath, tapfd, tapfdSize,
                           tap_create_flags) < 0) {
-        virDomainAuditNetDevice(def, net, tunpath, false);
        goto cleanup;
    }

-    virDomainAuditNetDevice(def, net, tunpath, true);
-
    /* The tap device's MAC address cannot match the MAC address
     * used by the guest. This results in "received packet on
     * vnetX with own address as source address" error logs from
@ -477,11 +474,15 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
        goto cleanup;
    }

+    virDomainAuditNetDevice(def, net, auditdev, true);
+
    ret = 0;

 cleanup:
    if (ret < 0) {
        size_t i;
+
+        virDomainAuditNetDevice(def, net, auditdev, false);
        for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++)
            VIR_FORCE_CLOSE(tapfd[i]);
        if (template_ifname)