This allows the virsh commands nwfilter-binding-create and
nwfilter-binding-delete to be used.
Note using these commands lets you delete filters that were
previously created automatically by the virt drivers, or add
filters for VM nics that were not there before. Generally it
is expected these new APIs will only be used by virt drivers.
It is the admin's responsibility to not shoot themselves in
the foot.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/nwfilter/nwfilter_driver.c | 79 ++++++++++++++++++++++++++++++++++
1 file changed, 79 insertions(+)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 6bfb584b09..2b6856a36c 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -788,6 +788,83 @@ nwfilterBindingGetXMLDesc(virNWFilterBindingPtr binding,
}
+static virNWFilterBindingPtr
+nwfilterBindingCreateXML(virConnectPtr conn,
+ const char *xml,
+ unsigned int flags)
+{
+ virNWFilterBindingObjPtr obj;
+ virNWFilterBindingDefPtr def;
+ virNWFilterBindingPtr ret = NULL;
+
+ virCheckFlags(0, NULL);
+
+ def = virNWFilterBindingDefParseString(xml);
+ if (!def)
+ return NULL;
+
+ if (virNWFilterBindingCreateXMLEnsureACL(conn, def) < 0)
+ goto cleanup;
+
+ obj = virNWFilterBindingObjListFindByPortDev(driver->bindings,
def->portdevname);
+ if (obj) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Filter already present for NIC %s"),
def->portdevname);
+ goto cleanup;
+ }
+
+ obj = virNWFilterBindingObjListAdd(driver->bindings,
+ def);
+ if (!obj)
+ goto cleanup;
+
+ if (!(ret = virGetNWFilterBinding(conn, def->portdevname, def->filter)))
+ goto cleanup;
+
+ if (virNWFilterInstantiateFilter(driver, def) < 0) {
+ virNWFilterBindingObjListRemove(driver->bindings, obj);
+ virObjectUnref(ret);
+ ret = NULL;
+ goto cleanup;
+ }
+ virNWFilterBindingObjSave(obj, driver->bindingDir);
+
+ cleanup:
+ if (!obj)
+ virNWFilterBindingDefFree(def);
+ virNWFilterBindingObjEndAPI(&obj);
+
+ return ret;
+}
+
+
+static int
+nwfilterBindingDelete(virNWFilterBindingPtr binding)
+{
+ virNWFilterBindingObjPtr obj;
+ virNWFilterBindingDefPtr def;
+ int ret = -1;
+
+ obj = virNWFilterBindingObjListFindByPortDev(driver->bindings,
binding->portdev);
+ if (!obj)
+ return -1;
+
+ def = virNWFilterBindingObjGetDef(obj);
+ if (virNWFilterBindingDeleteEnsureACL(binding->conn, def) < 0)
+ goto cleanup;
+
+ virNWFilterTeardownFilter(def);
+ virNWFilterBindingObjDelete(obj, driver->bindingDir);
+ virNWFilterBindingObjListRemove(driver->bindings, obj);
+
+ ret = 0;
+
+ cleanup:
+ virNWFilterBindingObjEndAPI(&obj);
+ return ret;
+}
+
+
static virNWFilterDriver nwfilterDriver = {
.name = "nwfilter",
.connectNumOfNWFilters = nwfilterConnectNumOfNWFilters, /* 0.8.0 */
@@ -801,6 +878,8 @@ static virNWFilterDriver nwfilterDriver = {
.nwfilterBindingLookupByPortDev = nwfilterBindingLookupByPortDev, /* 4.5.0 */
.connectListAllNWFilterBindings = nwfilterConnectListAllNWFilterBindings, /* 4.5.0
*/
.nwfilterBindingGetXMLDesc = nwfilterBindingGetXMLDesc, /* 4.5.0 */
+ .nwfilterBindingCreateXML = nwfilterBindingCreateXML, /* 4.5.0 */
+ .nwfilterBindingDelete = nwfilterBindingDelete, /* 4.5.0 */
};
--
2.17.0