From 8fa78dd49cff5093a266343bd4d61542f50fa7d4 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Fri, 27 Jan 2012 08:19:58 -0500 Subject: [PATCH] nwfilter: Force instantiation of filters upon driver reload Introduce a function that rebuilds all running VMs' filters. Call this function when reloading the nwfilter driver. This addresses a problem introduced by the 2nd patch that typically causes no filters to be reinstantiate anymore upon driver reload since their XML has not changed. Yet the current behavior is that upon a SIGHUP all filters get reinstantiated. --- src/conf/nwfilter_conf.c | 23 +++++++++++++++++++++++ src/conf/nwfilter_conf.h | 3 +++ src/libvirt_private.syms | 1 + src/nwfilter/nwfilter_driver.c | 2 ++ src/nwfilter/nwfilter_gentech_driver.c | 12 +++++++++++- 5 files changed, 40 insertions(+), 1 deletion(-) diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index 5db4562128..684e270a78 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -2723,6 +2723,29 @@ virNWFilterCallbackDriversUnlock(void) static virHashIterator virNWFilterDomainFWUpdateCB; +/** + * virNWFilterInstFiltersOnAllVMs: + * Apply all filters on all running VMs. Don't terminate in case of an + * error. This should be called upon reloading of the driver. + */ +int +virNWFilterInstFiltersOnAllVMs(virConnectPtr conn) +{ + int i; + struct domUpdateCBStruct cb = { + .conn = conn, + .err = 0, /* ignored here */ + .step = STEP_APPLY_CURRENT, + .skipInterfaces = NULL, /* not needed */ + }; + + for (i = 0; i < nCallbackDriver; i++) + callbackDrvArray[i]->vmFilterRebuild(conn, + virNWFilterDomainFWUpdateCB, + &cb); + + return 0; +} static int virNWFilterTriggerVMFilterRebuild(virConnectPtr conn) diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 3cb4b82f37..4816a9c6fe 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -577,6 +577,7 @@ enum UpdateStep { STEP_APPLY_NEW, STEP_TEAR_NEW, STEP_TEAR_OLD, + STEP_APPLY_CURRENT, }; struct domUpdateCBStruct { @@ -722,6 +723,8 @@ void virNWFilterUnlockFilterUpdates(void); int virNWFilterConfLayerInit(virHashIterator domUpdateCB); void virNWFilterConfLayerShutdown(void); +int virNWFilterInstFiltersOnAllVMs(virConnectPtr conn); + # define virNWFilterReportError(code, fmt...) \ virReportErrorHelper(VIR_FROM_NWFILTER, code, __FILE__, \ __FUNCTION__, __LINE__, fmt) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 915a43f12e..e1ee23fa92 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -811,6 +811,7 @@ virNWFilterConfLayerShutdown; virNWFilterDefFormat; virNWFilterDefFree; virNWFilterDefParseString; +virNWFilterInstFiltersOnAllVMs; virNWFilterJumpTargetTypeToString; virNWFilterLoadAllConfigs; virNWFilterLockFilterUpdates; diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index ed5028de9d..ffb4b5df78 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -162,6 +162,8 @@ nwfilterDriverReload(void) { virNWFilterCallbackDriversUnlock(); nwfilterDriverUnlock(driverState); + virNWFilterInstFiltersOnAllVMs(conn); + virConnectClose(conn); } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index 17fdd39ff0..c35b74975d 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -1122,7 +1122,7 @@ virNWFilterDomainFWUpdateCB(void *payload, virDomainObjPtr obj = payload; virDomainDefPtr vm = obj->def; struct domUpdateCBStruct *cb = data; - int i; + int i, err; bool skipIface; virDomainObjLock(obj); @@ -1156,6 +1156,16 @@ virNWFilterDomainFWUpdateCB(void *payload, cb->err = virNWFilterTearOldFilter(net); } break; + + case STEP_APPLY_CURRENT: + err = virNWFilterInstantiateFilter(cb->conn, + vm->uuid, + net); + if (err) + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, + _("Failure while applying current filter on " + "VM %s"), vm->name); + break; } if (cb->err) break;