External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-08 02:45:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove broken error reporting in QEMU mac filtering

Browse Source 
The qemu_bridge_filter.c file had some helpers for calling
the ebtablesXXX functions todo bridge filtering. The only
thing these helpers did was to overwrite the original error
message from the ebtables code. For added fun, the callers
of these helpers overwrote the errors yet again. For even
more fun, one of the helpers called another helper and
overwrite its errors too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2014-03-07 17:34:54 +00:00
parent dafa39adbc
commit cfb92c9b0c
9 changed files with 12 additions and 174 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
po/POTFILES.in
View File

@ -96,7 +96,6 @@ src/parallels/parallels_utils.h
src/parallels/parallels_storage.c
src/phyp/phyp_driver.c
src/qemu/qemu_agent.c
src/qemu/qemu_bridge_filter.c
src/qemu/qemu_capabilities.c
src/qemu/qemu_cgroup.c
src/qemu/qemu_command.c

4
src/Makefile.am
View File

@ -688,9 +688,7 @@ QEMU_DRIVER_SOURCES = \
qemu/qemu_monitor_text.h \
qemu/qemu_monitor_json.c \
qemu/qemu_monitor_json.h \
qemu/qemu_driver.c qemu/qemu_driver.h \
qemu/qemu_bridge_filter.c \
qemu/qemu_bridge_filter.h
qemu/qemu_driver.c qemu/qemu_driver.h
XENAPI_DRIVER_SOURCES = \
xenapi/xenapi_driver.c xenapi/xenapi_driver.h \

104
src/qemu/qemu_bridge_filter.c
View File

@ -1,104 +0,0 @@
/*
* Copyright (C) 2007-2009, 2013 Red Hat, Inc.
* Copyright (C) 2009 IBM Corp.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Authors:
* Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
*/
#include <config.h>
#include "virebtables.h"
#include "qemu_conf.h"
#include "qemu_driver.h"
#include "virerror.h"
#include "virlog.h"
#include "qemu_bridge_filter.h"
#define VIR_FROM_THIS VIR_FROM_QEMU
int
networkAddEbtablesRules(virQEMUDriverPtr driver) {
int err;
/* Set forward policy to DROP */
if ((err = ebtablesAddForwardPolicyReject(driver->ebtables))) {
virReportSystemError(err,
_("failed to add ebtables rule to set default policy to drop on '%s'"),
__FILE__);
return err;
}
return 0;
}
int
networkDisableAllFrames(virQEMUDriverPtr driver) {
int err;
/* add default rules */
if ((err = networkAddEbtablesRules(driver))) {
virReportSystemError(err,
_("cannot filter mac addresses on bridge '%s'"),
__FILE__);
return err;
}
return 0;
}
int
networkAllowMacOnPort(virQEMUDriverPtr driver,
const char * ifname,
const virMacAddr *mac)
{
int err;
/* allow this combination of macaddr and ifname */
ebtablesContext * ebtablescontext = driver->ebtables;
if ((err = ebtablesAddForwardAllowIn(ebtablescontext,
ifname,
mac))) {
virReportSystemError(err,
_("failed to add ebtables rule to allow routing to '%s'"),
ifname);
}
return 0;
}
int
networkDisallowMacOnPort(virQEMUDriverPtr driver,
const char * ifname,
const virMacAddr *mac)
{
int err;
/* disallow this combination of macaddr and ifname */
ebtablesContext * ebtablescontext = driver->ebtables;
if ((err = ebtablesRemoveForwardAllowIn(ebtablescontext,
ifname,
mac))) {
virReportSystemError(err,
_("failed to add ebtables rule to allow routing to '%s'"),
ifname);
}
return 0;
}

37
src/qemu/qemu_bridge_filter.h
View File

@ -1,37 +0,0 @@
/*
* Copyright (C) 2007-2009, 2013 Red Hat, Inc.
* Copyright (C) 2009 IBM Corp.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*
* Authors:
* Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
*/
#ifndef __QEMUD_BRIDGE_FILTER_H__
# define __QEMUD_BRIDGE_FILTER_H__
int networkAllowMacOnPort(virQEMUDriverPtr driver,
const char *ifname,
const virMacAddr *mac);
int networkDisallowMacOnPort(virQEMUDriverPtr driver,
const char *ifname,
const virMacAddr *mac);
int networkDisableAllFrames(virQEMUDriverPtr driver);
int networkAddEbtablesRules(virQEMUDriverPtr driver);
#endif /* __QEMUD_BRIDGE_FILTER_H__ */

11
src/qemu/qemu_command.c
View File

@ -26,7 +26,6 @@
#include "qemu_command.h"
#include "qemu_hostdev.h"
#include "qemu_capabilities.h"
#include "qemu_bridge_filter.h"
#include "cpu/cpu.h"
#include "dirname.h"
#include "passfd.h"
@ -380,12 +379,10 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
virDomainAuditNetDevice(def, net, "/dev/net/tun", true);
if (cfg->macFilter &&
(ret = networkAllowMacOnPort(driver, net->ifname, &net->mac)) < 0) {
virReportSystemError(ret,
_("failed to add ebtables rule "
"to allow MAC address on '%s'"),
net->ifname);
}
ebtablesAddForwardAllowIn(driver->ebtables,
net->ifname,
&net->mac) < 0)
goto cleanup;
if (virNetDevBandwidthSet(net->ifname,
virDomainNetGetActualBandwidth(net),

1
src/qemu/qemu_conf.c
View File

@ -38,7 +38,6 @@
#include "qemu_conf.h"
#include "qemu_command.h"
#include "qemu_capabilities.h"
#include "qemu_bridge_filter.h"
#include "viruuid.h"
#include "virbuffer.h"
#include "virconf.h"

7
src/qemu/qemu_driver.c
View File

@ -53,7 +53,6 @@
#include "qemu_hostdev.h"
#include "qemu_hotplug.h"
#include "qemu_monitor.h"
#include "qemu_bridge_filter.h"
#include "qemu_process.h"
#include "qemu_migration.h"
@ -663,12 +662,8 @@ qemuStateInitialize(bool privileged,
goto error;
}
if ((errno = networkDisableAllFrames(qemu_driver))) {
virReportSystemError(errno,
_("failed to add rule to drop all frames in '%s'"),
__FILE__);
if (ebtablesAddForwardPolicyReject(qemu_driver->ebtables) < 0)
goto error;
}
}
/* Allocate bitmap for remote display port reservations. We cannot

11
src/qemu/qemu_hotplug.c
View File

@ -29,7 +29,6 @@
#include "qemu_capabilities.h"
#include "qemu_domain.h"
#include "qemu_command.h"
#include "qemu_bridge_filter.h"
#include "qemu_hostdev.h"
#include "domain_audit.h"
#include "domain_nwfilter.h"
@ -2710,13 +2709,9 @@ qemuDomainRemoveNetDevice(virQEMUDriverPtr driver,
}
if (cfg->macFilter && (net->ifname != NULL)) {
if ((errno = networkDisallowMacOnPort(driver,
net->ifname,
&net->mac))) {
virReportSystemError(errno,
_("failed to remove ebtables rule on '%s'"),
net->ifname);
}
ignore_value(ebtablesRemoveForwardAllowIn(driver->ebtables,
net->ifname,
&net->mac));
}
vport = virDomainNetGetActualVirtPortProfile(net);

10
src/qemu/qemu_process.c
View File

@ -41,7 +41,6 @@
#include "qemu_command.h"
#include "qemu_hostdev.h"
#include "qemu_hotplug.h"
#include "qemu_bridge_filter.h"
#include "qemu_migration.h"
#include "cpu/cpu.h"
@ -4280,12 +4279,9 @@ void qemuProcessStop(virQEMUDriverPtr driver,
virDomainNetDefPtr net = def->nets[i];
if (net->ifname == NULL)
continue;
if ((errno = networkDisallowMacOnPort(driver, net->ifname,
&net->mac))) {
virReportSystemError(errno,
_("failed to remove ebtables rule to allow MAC address on '%s'"),
net->ifname);
}
ignore_value(ebtablesRemoveForwardAllowIn(driver->ebtables,
net->ifname,
&net->mac));
}
}