8:05 a.m.
Allow the platform driver impls to run logic before and after the
firewall reload process.
Reviewed-by: Laine Stump <laine(a)laine.org>
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/network/bridge_driver.c | 13 ++++++++-----
src/network/bridge_driver_linux.c | 11 +++++++++++
src/network/bridge_driver_nop.c | 11 +++++++++++
src/network/bridge_driver_platform.h | 3 +++
4 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index aed80c04d5..fb4eb00c1d 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -163,7 +163,7 @@ static int
networkShutdownNetworkExternal(virNetworkObjPtr obj);
static void
-networkReloadFirewallRules(virNetworkDriverStatePtr driver);
+networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup);
static void
networkRefreshDaemons(virNetworkDriverStatePtr driver);
@@ -551,7 +551,7 @@ firewalld_dbus_filter_bridge(DBusConnection *connection
ATTRIBUTE_UNUSED,
"Reloaded"))
{
VIR_DEBUG("Reload in bridge_driver because of firewalld.");
- networkReloadFirewallRules(driver);
+ networkReloadFirewallRules(driver, false);
}
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
@@ -751,7 +751,7 @@ networkStateInitialize(bool privileged,
virNetworkObjListPrune(network_driver->networks,
VIR_CONNECT_LIST_NETWORKS_INACTIVE |
VIR_CONNECT_LIST_NETWORKS_TRANSIENT);
- networkReloadFirewallRules(network_driver);
+ networkReloadFirewallRules(network_driver, true);
networkRefreshDaemons(network_driver);
network_driver->networkEventState = virObjectEventStateNew();
@@ -827,7 +827,7 @@ networkStateReload(void)
virNetworkObjLoadAllConfigs(network_driver->networks,
network_driver->networkConfigDir,
network_driver->networkAutostartDir);
- networkReloadFirewallRules(network_driver);
+ networkReloadFirewallRules(network_driver, false);
networkRefreshDaemons(network_driver);
virNetworkObjListForEach(network_driver->networks,
networkAutostartConfig,
@@ -2179,12 +2179,15 @@ networkReloadFirewallRulesHelper(virNetworkObjPtr obj,
static void
-networkReloadFirewallRules(virNetworkDriverStatePtr driver)
+networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
{
VIR_INFO("Reloading iptables rules");
+ if (networkPreReloadFirewallRules(startup) < 0)
+ return;
virNetworkObjListForEach(driver->networks,
networkReloadFirewallRulesHelper,
NULL);
+ networkPostReloadFirewallRules(startup);
}
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index dd08222653..1e107ee422 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -34,6 +34,17 @@ VIR_LOG_INIT("network.bridge_driver_linux");
#define PROC_NET_ROUTE "/proc/net/route"
+int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
+{
+ return 0;
+}
+
+
+void networkPostReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
+{
+}
+
+
/* XXX: This function can be a lot more exhaustive, there are certainly
* other scenarios where we can ruin host network connectivity.
* XXX: Using a proper library is preferred over parsing /proc
diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
index ce529a60a1..a0e57012f9 100644
--- a/src/network/bridge_driver_nop.c
+++ b/src/network/bridge_driver_nop.c
@@ -19,6 +19,17 @@
#include <config.h>
+int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
+{
+ return 0;
+}
+
+
+void networkPostReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
+{
+}
+
+
int networkCheckRouteCollision(virNetworkDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
index 8f05ea2b47..baeb22bc3e 100644
--- a/src/network/bridge_driver_platform.h
+++ b/src/network/bridge_driver_platform.h
@@ -58,6 +58,9 @@ struct _virNetworkDriverState {
typedef struct _virNetworkDriverState virNetworkDriverState;
typedef virNetworkDriverState *virNetworkDriverStatePtr;
+int networkPreReloadFirewallRules(bool startup);
+void networkPostReloadFirewallRules(bool startup);
+
int networkCheckRouteCollision(virNetworkDefPtr def);
int networkAddFirewallRules(virNetworkDefPtr def);
--
2.20.1