External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-07 18:35:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

nwfilter: convert the gentech driver code to use virNWFilterBindingDefPtr

Browse Source 
Use the virNWFilterBindingDefPtr struct in the gentech driver code
directly.

Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2018-04-26 12:26:51 +01:00
parent 278659fff6
commit d1a7c08eb1
5 changed files with 175 additions and 164 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/nwfilter/nwfilter_dhcpsnoop.c
View File

@ -497,15 +497,20 @@ virNWFilterSnoopIPLeaseInstallRule(virNWFilterSnoopIPLeasePtr ipl,
/* instantiate the filters */ /* instantiate the filters */
if (req->ifname) if (req->ifname) {
virNWFilterBindingDef binding = {
.portdevname = req->ifname,
.linkdevname = req->linkdev,
.mac = req->macaddr,
.filter = req->filtername,
.filterparams = req->vars,
.ownername = NULL,
.owneruuid = {0},
};
rc = virNWFilterInstantiateFilterLate(req->driver, rc = virNWFilterInstantiateFilterLate(req->driver,
NULL, &binding,
req->ifname, req->ifindex);
req->ifindex, }
req->linkdev,
&req->macaddr,
req->filtername,
req->vars);
exit_snooprequnlock: exit_snooprequnlock:
virNWFilterSnoopReqUnlock(req); virNWFilterSnoopReqUnlock(req);
@ -884,14 +889,18 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req,
goto skip_instantiate; goto skip_instantiate;
if (ipAddrLeft) { if (ipAddrLeft) {
virNWFilterBindingDef binding = {
.portdevname = req->ifname,
.linkdevname = req->linkdev,
.mac = req->macaddr,
.filter = req->filtername,
.filterparams = req->vars,
.ownername = NULL,
.owneruuid = {0},
};
ret = virNWFilterInstantiateFilterLate(req->driver, ret = virNWFilterInstantiateFilterLate(req->driver,
NULL, &binding,
req->ifname, req->ifindex);
req->ifindex,
req->linkdev,
&req->macaddr,
req->filtername,
req->vars);
} else { } else {
virNWFilterVarValuePtr dhcpsrvrs = virNWFilterVarValuePtr dhcpsrvrs =
virHashLookup(req->vars, NWFILTER_VARNAME_DHCPSERVER); virHashLookup(req->vars, NWFILTER_VARNAME_DHCPSERVER);

24
src/nwfilter/nwfilter_driver.c
View File

@ -38,6 +38,7 @@
#include "domain_conf.h" #include "domain_conf.h"
#include "domain_nwfilter.h" #include "domain_nwfilter.h"
#include "nwfilter_driver.h" #include "nwfilter_driver.h"
#include "virnwfilterbindingdef.h"
#include "nwfilter_gentech_driver.h" #include "nwfilter_gentech_driver.h"
#include "configmake.h" #include "configmake.h"
#include "virfile.h" #include "virfile.h"
@ -642,19 +643,36 @@ nwfilterGetXMLDesc(virNWFilterPtr nwfilter,
static int static int
nwfilterInstantiateFilter(const char *vmname ATTRIBUTE_UNUSED, nwfilterInstantiateFilter(const char *vmname,
const unsigned char *vmuuid, const unsigned char *vmuuid,
virDomainNetDefPtr net) virDomainNetDefPtr net)
{ {
return virNWFilterInstantiateFilter(driver, vmuuid, net); virNWFilterBindingDefPtr binding;
int ret;
if (!(binding = virNWFilterBindingDefForNet(vmname, vmuuid, net)))
return -1;
ret = virNWFilterInstantiateFilter(driver, binding);
virNWFilterBindingDefFree(binding);
return ret;
} }
static void static void
nwfilterTeardownFilter(virDomainNetDefPtr net) nwfilterTeardownFilter(virDomainNetDefPtr net)
{ {
virNWFilterBindingDef binding = {
.portdevname = net->ifname,
.linkdevname = (net->type == VIR_DOMAIN_NET_TYPE_DIRECT ?
net->data.direct.linkdev : NULL),
.mac = net->mac,
.filter = net->filter,
.filterparams = net->filterparams,
.ownername = NULL,
.owneruuid = {0},
};
if ((net->ifname) && (net->filter)) if ((net->ifname) && (net->filter))
virNWFilterTeardownFilter(net); virNWFilterTeardownFilter(&binding);
} }

236
src/nwfilter/nwfilter_gentech_driver.c
View File

@ -182,33 +182,6 @@ virNWFilterVarHashmapAddStdValues(virHashTablePtr table,
} }
/**
* virNWFilterCreateVarHashmap:
* @macaddr: pointer to string containing formatted MAC address of interface
* @ipaddr: pointer to string containing formatted IP address used by
* VM on this interface; may be NULL
*
* Create a hashmap used for evaluating the firewall rules. Initializes
* it with the standard variable 'MAC' and 'IP' if provided.
*
* Returns pointer to hashmap, NULL if an error occurred.
*/
virHashTablePtr
virNWFilterCreateVarHashmap(const char *macaddr,
const virNWFilterVarValue *ipaddr)
{
virHashTablePtr table = virNWFilterHashTableCreate(0);
if (!table)
return NULL;
if (virNWFilterVarHashmapAddStdValues(table, macaddr, ipaddr) < 0) {
virHashFree(table);
return NULL;
}
return table;
}
/** /**
* Convert a virHashTable into a string of comma-separated * Convert a virHashTable into a string of comma-separated
* variable names. * variable names.
@ -577,12 +550,9 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter,
/** /**
* virNWFilterDoInstantiate: * virNWFilterDoInstantiate:
* @vmuuid: The UUID of the VM
* @techdriver: The driver to use for instantiation * @techdriver: The driver to use for instantiation
* @binding: description of port to bind the filter to
* @filter: The filter to instantiate * @filter: The filter to instantiate
* @ifname: The name of the interface to apply the rules to
* @vars: A map holding variable names and values used for instantiating
* the filter and its subfilters.
* @forceWithPendingReq: Ignore the check whether a pending learn request * @forceWithPendingReq: Ignore the check whether a pending learn request
* is active; 'true' only when the rules are applied late * is active; 'true' only when the rules are applied late
* *
@ -596,17 +566,13 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter,
* Call this function while holding the NWFilter filter update lock * Call this function while holding the NWFilter filter update lock
*/ */
static int static int
virNWFilterDoInstantiate(const unsigned char *vmuuid, virNWFilterDoInstantiate(virNWFilterTechDriverPtr techdriver,
virNWFilterTechDriverPtr techdriver, virNWFilterBindingDefPtr binding,
virNWFilterDefPtr filter, virNWFilterDefPtr filter,
const char *ifname,
int ifindex, int ifindex,
const char *linkdev,
virHashTablePtr vars,
enum instCase useNewFilter, enum instCase useNewFilter,
bool *foundNewFilter, bool *foundNewFilter,
bool teardownOld, bool teardownOld,
const virMacAddr *macaddr,
virNWFilterDriverStatePtr driver, virNWFilterDriverStatePtr driver,
bool forceWithPendingReq) bool forceWithPendingReq)
{ {
@ -628,14 +594,14 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid,
} }
rc = virNWFilterDetermineMissingVarsRec(filter, rc = virNWFilterDetermineMissingVarsRec(filter,
vars, binding->filterparams,
missing_vars, missing_vars,
useNewFilter, useNewFilter,
driver); driver);
if (rc < 0) if (rc < 0)
goto err_exit; goto err_exit;
lv = virHashLookup(vars, NWFILTER_VARNAME_CTRL_IP_LEARNING); lv = virHashLookup(binding->filterparams, NWFILTER_VARNAME_CTRL_IP_LEARNING);
if (lv) if (lv)
learning = virNWFilterVarValueGetNthValue(lv, 0); learning = virNWFilterVarValueGetNthValue(lv, 0);
else else
@ -652,19 +618,20 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid,
goto err_unresolvable_vars; goto err_unresolvable_vars;
} }
if (STRCASEEQ(learning, "dhcp")) { if (STRCASEEQ(learning, "dhcp")) {
rc = virNWFilterDHCPSnoopReq(techdriver, ifname, linkdev, rc = virNWFilterDHCPSnoopReq(techdriver, binding->portdevname,
vmuuid, macaddr, binding->linkdevname,
filter->name, vars, driver); binding->owneruuid, &binding->mac,
filter->name, binding->filterparams, driver);
goto err_exit; goto err_exit;
} else if (STRCASEEQ(learning, "any")) { } else if (STRCASEEQ(learning, "any")) {
if (!virNWFilterHasLearnReq(ifindex)) { if (!virNWFilterHasLearnReq(ifindex)) {
rc = virNWFilterLearnIPAddress(techdriver, rc = virNWFilterLearnIPAddress(techdriver,
ifname, binding->portdevname,
ifindex, ifindex,
linkdev, binding->linkdevname,
macaddr, &binding->mac,
filter->name, filter->name,
vars, driver, binding->filterparams, driver,
DETECT_DHCP|DETECT_STATIC); DETECT_DHCP|DETECT_STATIC);
} }
goto err_exit; goto err_exit;
@ -688,7 +655,7 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid,
rc = virNWFilterDefToInst(driver, rc = virNWFilterDefToInst(driver,
filter, filter,
vars, binding->filterparams,
useNewFilter, foundNewFilter, useNewFilter, foundNewFilter,
&inst); &inst);
@ -705,22 +672,22 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid,
} }
if (instantiate) { if (instantiate) {
if (virNWFilterLockIface(ifname) < 0) if (virNWFilterLockIface(binding->portdevname) < 0)
goto err_exit; goto err_exit;
rc = techdriver->applyNewRules(ifname, inst.rules, inst.nrules); rc = techdriver->applyNewRules(binding->portdevname, inst.rules, inst.nrules);
if (teardownOld && rc == 0) if (teardownOld && rc == 0)
techdriver->tearOldRules(ifname); techdriver->tearOldRules(binding->portdevname);
if (rc == 0 && (virNetDevValidateConfig(ifname, NULL, ifindex) <= 0)) { if (rc == 0 && (virNetDevValidateConfig(binding->portdevname, NULL, ifindex) <= 0)) {
virResetLastError(); virResetLastError();
/* interface changed/disppeared */ /* interface changed/disppeared */
techdriver->allTeardown(ifname); techdriver->allTeardown(binding->portdevname);
rc = -1; rc = -1;
} }
virNWFilterUnlockIface(ifname); virNWFilterUnlockIface(binding->portdevname);
} }
err_exit: err_exit:
@ -749,14 +716,9 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid,
*/ */
static int static int
virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid,
bool teardownOld, bool teardownOld,
const char *ifname, virNWFilterBindingDefPtr binding,
int ifindex, int ifindex,
const char *linkdev,
const virMacAddr *macaddr,
const char *filtername,
virHashTablePtr filterparams,
enum instCase useNewFilter, enum instCase useNewFilter,
bool forceWithPendingReq, bool forceWithPendingReq,
bool *foundNewFilter) bool *foundNewFilter)
@ -765,7 +727,6 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver,
const char *drvname = EBIPTABLES_DRIVER_ID; const char *drvname = EBIPTABLES_DRIVER_ID;
virNWFilterTechDriverPtr techdriver; virNWFilterTechDriverPtr techdriver;
virNWFilterObjPtr obj; virNWFilterObjPtr obj;
virHashTablePtr vars, vars1;
virNWFilterDefPtr filter; virNWFilterDefPtr filter;
virNWFilterDefPtr newFilter; virNWFilterDefPtr newFilter;
char vmmacaddr[VIR_MAC_STRING_BUFLEN] = {0}; char vmmacaddr[VIR_MAC_STRING_BUFLEN] = {0};
@ -781,29 +742,22 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver,
return -1; return -1;
} }
VIR_DEBUG("filter name: %s", filtername); VIR_DEBUG("filter name: %s", binding->filter);
if (!(obj = virNWFilterObjListFindInstantiateFilter(driver->nwfilters, if (!(obj = virNWFilterObjListFindInstantiateFilter(driver->nwfilters,
filtername))) binding->filter)))
return -1; return -1;
virMacAddrFormat(macaddr, vmmacaddr); virMacAddrFormat(&binding->mac, vmmacaddr);
ipaddr = virNWFilterIPAddrMapGetIPAddr(ifname); ipaddr = virNWFilterIPAddrMapGetIPAddr(binding->portdevname);
vars1 = virNWFilterCreateVarHashmap(vmmacaddr, ipaddr); if (virNWFilterVarHashmapAddStdValues(binding->filterparams,
if (!vars1) { vmmacaddr, ipaddr) < 0) {
rc = -1; rc = -1;
goto err_exit; goto err_exit;
} }
vars = virNWFilterCreateVarsFrom(vars1,
filterparams);
if (!vars) {
rc = -1;
goto err_exit_vars1;
}
filter = virNWFilterObjGetDef(obj); filter = virNWFilterObjGetDef(obj);
switch (useNewFilter) { switch (useNewFilter) {
@ -819,17 +773,11 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver,
break; break;
} }
rc = virNWFilterDoInstantiate(vmuuid, techdriver, filter, rc = virNWFilterDoInstantiate(techdriver, binding, filter,
ifname, ifindex, linkdev, ifindex, useNewFilter, foundNewFilter,
vars, useNewFilter, foundNewFilter, teardownOld, driver,
teardownOld, macaddr, driver,
forceWithPendingReq); forceWithPendingReq);
virHashFree(vars);
err_exit_vars1:
virHashFree(vars1);
err_exit: err_exit:
virNWFilterObjUnlock(obj); virNWFilterObjUnlock(obj);
@ -839,15 +787,11 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver,
static int static int
virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver, virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid, virNWFilterBindingDefPtr binding,
const virDomainNetDef *net,
bool teardownOld, bool teardownOld,
enum instCase useNewFilter, enum instCase useNewFilter,
bool *foundNewFilter) bool *foundNewFilter)
{ {
const char *linkdev = (net->type == VIR_DOMAIN_NET_TYPE_DIRECT)
? net->data.direct.linkdev
: NULL;
int ifindex; int ifindex;
int rc; int rc;
@ -856,8 +800,8 @@ virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver,
/* after grabbing the filter update lock check for the interface; if /* after grabbing the filter update lock check for the interface; if
it's not there anymore its filters will be or are being removed it's not there anymore its filters will be or are being removed
(while holding the lock) and we don't want to build new ones */ (while holding the lock) and we don't want to build new ones */
if (virNetDevExists(net->ifname) != 1 || if (virNetDevExists(binding->portdevname) != 1 ||
virNetDevGetIndex(net->ifname, &ifindex) < 0) { virNetDevGetIndex(binding->portdevname, &ifindex) < 0) {
/* interfaces / VMs can disappear during filter instantiation; /* interfaces / VMs can disappear during filter instantiation;
don't mark it as an error */ don't mark it as an error */
virResetLastError(); virResetLastError();
@ -865,10 +809,10 @@ virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver,
goto cleanup; goto cleanup;
} }
rc = virNWFilterInstantiateFilterUpdate(driver, vmuuid, teardownOld, rc = virNWFilterInstantiateFilterUpdate(driver, teardownOld,
net->ifname, ifindex, linkdev, binding,
&net->mac, net->filter, ifindex,
net->filterparams, useNewFilter, useNewFilter,
false, foundNewFilter); false, foundNewFilter);
cleanup: cleanup:
@ -880,13 +824,8 @@ virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver,
int int
virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid, virNWFilterBindingDefPtr binding,
const char *ifname, int ifindex)
int ifindex,
const char *linkdev,
const virMacAddr *macaddr,
const char *filtername,
virHashTablePtr filterparams)
{ {
int rc; int rc;
bool foundNewFilter = false; bool foundNewFilter = false;
@ -894,18 +833,17 @@ virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver,
virNWFilterReadLockFilterUpdates(); virNWFilterReadLockFilterUpdates();
virMutexLock(&updateMutex); virMutexLock(&updateMutex);
rc = virNWFilterInstantiateFilterUpdate(driver, vmuuid, true, rc = virNWFilterInstantiateFilterUpdate(driver, true,
ifname, ifindex, linkdev, binding, ifindex,
macaddr, filtername, filterparams,
INSTANTIATE_ALWAYS, true, INSTANTIATE_ALWAYS, true,
&foundNewFilter); &foundNewFilter);
if (rc < 0) { if (rc < 0) {
/* something went wrong... 'DOWN' the interface */ /* something went wrong... 'DOWN' the interface */
if ((virNetDevValidateConfig(ifname, NULL, ifindex) <= 0) || if ((virNetDevValidateConfig(binding->portdevname, NULL, ifindex) <= 0) ||
(virNetDevSetOnline(ifname, false) < 0)) { (virNetDevSetOnline(binding->portdevname, false) < 0)) {
virResetLastError(); virResetLastError();
/* assuming interface disappeared... */ /* assuming interface disappeared... */
_virNWFilterTeardownFilter(ifname); _virNWFilterTeardownFilter(binding->portdevname);
} }
} }
@ -918,12 +856,11 @@ virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver,
int int
virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver, virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid, virNWFilterBindingDefPtr binding)
const virDomainNetDef *net)
{ {
bool foundNewFilter = false; bool foundNewFilter = false;
return virNWFilterInstantiateFilterInternal(driver, vmuuid, net, return virNWFilterInstantiateFilterInternal(driver, binding,
1, 1,
INSTANTIATE_ALWAYS, INSTANTIATE_ALWAYS,
&foundNewFilter); &foundNewFilter);
@ -932,13 +869,12 @@ virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
int int
virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver, virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid, virNWFilterBindingDefPtr binding,
const virDomainNetDef *net,
bool *skipIface) bool *skipIface)
{ {
bool foundNewFilter = false; bool foundNewFilter = false;
int rc = virNWFilterInstantiateFilterInternal(driver, vmuuid, net, int rc = virNWFilterInstantiateFilterInternal(driver, binding,
0, 0,
INSTANTIATE_FOLLOW_NEWFILTER, INSTANTIATE_FOLLOW_NEWFILTER,
&foundNewFilter); &foundNewFilter);
@ -948,7 +884,7 @@ virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver,
} }
static int static int
virNWFilterRollbackUpdateFilter(const virDomainNetDef *net) virNWFilterRollbackUpdateFilter(virNWFilterBindingDefPtr binding)
{ {
const char *drvname = EBIPTABLES_DRIVER_ID; const char *drvname = EBIPTABLES_DRIVER_ID;
int ifindex; int ifindex;
@ -964,17 +900,17 @@ virNWFilterRollbackUpdateFilter(const virDomainNetDef *net)
} }
/* don't tear anything while the address is being learned */ /* don't tear anything while the address is being learned */
if (virNetDevGetIndex(net->ifname, &ifindex) < 0) if (virNetDevGetIndex(binding->portdevname, &ifindex) < 0)
virResetLastError(); virResetLastError();
else if (virNWFilterHasLearnReq(ifindex)) else if (virNWFilterHasLearnReq(ifindex))
return 0; return 0;
return techdriver->tearNewRules(net->ifname); return techdriver->tearNewRules(binding->portdevname);
} }
static int static int
virNWFilterTearOldFilter(virDomainNetDefPtr net) virNWFilterTearOldFilter(virNWFilterBindingDefPtr binding)
{ {
const char *drvname = EBIPTABLES_DRIVER_ID; const char *drvname = EBIPTABLES_DRIVER_ID;
int ifindex; int ifindex;
@ -990,12 +926,12 @@ virNWFilterTearOldFilter(virDomainNetDefPtr net)
} }
/* don't tear anything while the address is being learned */ /* don't tear anything while the address is being learned */
if (virNetDevGetIndex(net->ifname, &ifindex) < 0) if (virNetDevGetIndex(binding->portdevname, &ifindex) < 0)
virResetLastError(); virResetLastError();
else if (virNWFilterHasLearnReq(ifindex)) else if (virNWFilterHasLearnReq(ifindex))
return 0; return 0;
return techdriver->tearOldRules(net->ifname); return techdriver->tearOldRules(binding->portdevname);
} }
@ -1032,11 +968,11 @@ _virNWFilterTeardownFilter(const char *ifname)
int int
virNWFilterTeardownFilter(const virDomainNetDef *net) virNWFilterTeardownFilter(virNWFilterBindingDefPtr binding)
{ {
int ret; int ret;
virMutexLock(&updateMutex); virMutexLock(&updateMutex);
ret = _virNWFilterTeardownFilter(net->ifname); ret = _virNWFilterTeardownFilter(binding->portdevname);
virMutexUnlock(&updateMutex); virMutexUnlock(&updateMutex);
return ret; return ret;
} }
@ -1057,12 +993,16 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj,
if (virDomainObjIsActive(obj)) { if (virDomainObjIsActive(obj)) {
for (i = 0; i < vm->nnets; i++) { for (i = 0; i < vm->nnets; i++) {
virDomainNetDefPtr net = vm->nets[i]; virDomainNetDefPtr net = vm->nets[i];
if ((net->filter) && (net->ifname)) { virNWFilterBindingDefPtr binding;
if ((net->filter) && (net->ifname) &&
(binding = virNWFilterBindingDefForNet(
vm->name, vm->uuid, net))) {
switch (cb->step) { switch (cb->step) {
case STEP_APPLY_NEW: case STEP_APPLY_NEW:
ret = virNWFilterUpdateInstantiateFilter(cb->opaque, ret = virNWFilterUpdateInstantiateFilter(cb->opaque,
vm->uuid, binding,
net,
&skipIface); &skipIface);
if (ret == 0 && skipIface) { if (ret == 0 && skipIface) {
/* filter tree unchanged -- no update needed */ /* filter tree unchanged -- no update needed */
@ -1074,24 +1014,24 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj,
case STEP_TEAR_NEW: case STEP_TEAR_NEW:
if (!virHashLookup(cb->skipInterfaces, net->ifname)) if (!virHashLookup(cb->skipInterfaces, net->ifname))
ret = virNWFilterRollbackUpdateFilter(net); ret = virNWFilterRollbackUpdateFilter(binding);
break; break;
case STEP_TEAR_OLD: case STEP_TEAR_OLD:
if (!virHashLookup(cb->skipInterfaces, net->ifname)) if (!virHashLookup(cb->skipInterfaces, net->ifname))
ret = virNWFilterTearOldFilter(net); ret = virNWFilterTearOldFilter(binding);
break; break;
case STEP_APPLY_CURRENT: case STEP_APPLY_CURRENT:
ret = virNWFilterInstantiateFilter(cb->opaque, ret = virNWFilterInstantiateFilter(cb->opaque,
vm->uuid, binding);
net);
if (ret) if (ret)
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("Failure while applying current filter on " _("Failure while applying current filter on "
"VM %s"), vm->name); "VM %s"), vm->name);
break; break;
} }
virNWFilterBindingDefFree(binding);
if (ret) if (ret)
break; break;
} }
@ -1101,3 +1041,45 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj,
virObjectUnlock(obj); virObjectUnlock(obj);
return ret; return ret;
} }
virNWFilterBindingDefPtr
virNWFilterBindingDefForNet(const char *vmname,
const unsigned char *vmuuid,
virDomainNetDefPtr net)
{
virNWFilterBindingDefPtr ret;
if (VIR_ALLOC(ret) < 0)
return NULL;
if (VIR_STRDUP(ret->ownername, vmname) < 0)
goto error;
memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid));
if (VIR_STRDUP(ret->portdevname, net->ifname) < 0)
goto error;
if (net->type == VIR_DOMAIN_NET_TYPE_DIRECT &&
VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0)
goto error;
ret->mac = net->mac;
if (VIR_STRDUP(ret->filter, net->filter) < 0)
goto error;
if (!(ret->filterparams = virNWFilterHashTableCreate(0)))
goto error;
if (net->filterparams &&
virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) < 0)
goto error;
return ret;
error:
virNWFilterBindingDefFree(ret);
return NULL;
}

22
src/nwfilter/nwfilter_gentech_driver.h
View File

@ -25,6 +25,7 @@
# define __NWFILTER_GENTECH_DRIVER_H # define __NWFILTER_GENTECH_DRIVER_H
# include "virnwfilterobj.h" # include "virnwfilterobj.h"
# include "virnwfilterbindingdef.h"
# include "nwfilter_tech_driver.h" # include "nwfilter_tech_driver.h"
virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name); virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name);
@ -39,23 +40,16 @@ enum instCase {
int virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver, int virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid, virNWFilterBindingDefPtr binding);
const virDomainNetDef *net);
int virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver, int virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid, virNWFilterBindingDefPtr binding,
const virDomainNetDef *net,
bool *skipIface); bool *skipIface);
int virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, int virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver,
const unsigned char *vmuuid, virNWFilterBindingDefPtr binding,
const char *ifname, int ifindex);
int ifindex,
const char *linkdev,
const virMacAddr *macaddr,
const char *filtername,
virHashTablePtr filterparams);
int virNWFilterTeardownFilter(const virDomainNetDef *net); int virNWFilterTeardownFilter(virNWFilterBindingDefPtr binding);
virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr, virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr,
const virNWFilterVarValue *value); const virNWFilterVarValue *value);
@ -63,4 +57,8 @@ virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr,
int virNWFilterDomainFWUpdateCB(virDomainObjPtr vm, int virNWFilterDomainFWUpdateCB(virDomainObjPtr vm,
void *data); void *data);
virNWFilterBindingDefPtr virNWFilterBindingDefForNet(const char *vmname,
const unsigned char *vmuuid,
virDomainNetDefPtr net);
#endif #endif

18
src/nwfilter/nwfilter_learnipaddr.c
View File

@ -672,19 +672,23 @@ learnIPAddressThread(void *arg)
virNWFilterUnlockIface(req->ifname); virNWFilterUnlockIface(req->ifname);
if ((inetaddr = virSocketAddrFormat(&sa)) != NULL) { if ((inetaddr = virSocketAddrFormat(&sa)) != NULL) {
virNWFilterBindingDef binding = {
.portdevname = req->ifname,
.linkdevname = req->linkdev,
.mac = req->macaddr,
.filter = req->filtername,
.filterparams = req->filterparams,
.ownername = NULL,
.owneruuid = {0},
};
if (virNWFilterIPAddrMapAddIPAddr(req->ifname, inetaddr) < 0) { if (virNWFilterIPAddrMapAddIPAddr(req->ifname, inetaddr) < 0) {
VIR_ERROR(_("Failed to add IP address %s to IP address " VIR_ERROR(_("Failed to add IP address %s to IP address "
"cache for interface %s"), inetaddr, req->ifname); "cache for interface %s"), inetaddr, req->ifname);
} }
ret = virNWFilterInstantiateFilterLate(req->driver, ret = virNWFilterInstantiateFilterLate(req->driver,
NULL, &binding,
req->ifname, req->ifindex);
req->ifindex,
req->linkdev,
&req->macaddr,
req->filtername,
req->filterparams);
VIR_DEBUG("Result from applying firewall rules on " VIR_DEBUG("Result from applying firewall rules on "
"%s with IP addr %s : %d", req->ifname, inetaddr, ret); "%s with IP addr %s : %d", req->ifname, inetaddr, ret);
VIR_FREE(inetaddr); VIR_FREE(inetaddr);