From 5054e89272cf121c4c1b7d87cb73adc4739c368e Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@us.ibm.com>
Date: Fri, 30 Apr 2010 08:12:26 -0400
Subject: [PATCH] Prevent updates while IP address learn thread is running

Prevent updating and tearing down of filter while the IP
address learning thread is running and has its own filtering
rules applied.
---
 src/nwfilter/nwfilter_gentech_driver.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
index 9fede3b673..0108197bfd 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -610,6 +610,8 @@ virNWFilterInstantiate(virConnectPtr conn,
     } else if (virHashSize(missing_vars->hashTable) > 1) {
         rc = 1;
         goto err_exit;
+    } else if (virNWFilterLookupLearnReq(ifindex) == NULL) {
+        goto err_exit;
     }
 
     rc = _virNWFilterInstantiateRec(conn,
@@ -890,7 +892,9 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
                                     const virDomainNetDefPtr net)
 {
     const char *drvname = EBIPTABLES_DRIVER_ID;
+    int ifindex;
     virNWFilterTechDriverPtr techdriver;
+
     techdriver = virNWFilterTechDriverForName(drvname);
     if (!techdriver) {
         virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
@@ -900,6 +904,11 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
         return 1;
     }
 
+    /* don't tear anything while the address is being learned */
+    if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 &&
+        virNWFilterLookupLearnReq(ifindex) != NULL)
+        return 0;
+
     return techdriver->tearNewRules(conn, net->ifname);
 }
 
@@ -909,7 +918,9 @@ virNWFilterTearOldFilter(virConnectPtr conn,
                          virDomainNetDefPtr net)
 {
     const char *drvname = EBIPTABLES_DRIVER_ID;
+    int ifindex;
     virNWFilterTechDriverPtr techdriver;
+
     techdriver = virNWFilterTechDriverForName(drvname);
     if (!techdriver) {
         virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
@@ -919,6 +930,11 @@ virNWFilterTearOldFilter(virConnectPtr conn,
         return 1;
     }
 
+    /* don't tear anything while the address is being learned */
+    if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 &&
+        virNWFilterLookupLearnReq(ifindex) != NULL)
+        return 0;
+
     return techdriver->tearOldRules(conn, net->ifname);
 }