[libvirt] [PATCH 00/14] nwfilter: refactor the driver to make it independent of virt drivers

Today the nwfilter driver is entangled with the virt drivers in both directions. At various times when rebuilding filters nwfilter will call out to the virt driver to iterate over running guest's NICs. This has caused very complicated lock ordering rules to be required. If we are to split the virt drivers out into separate daemons we need to get rid of this coupling since we don't want the separate daemons calling each other, as that risks deadlock if all of the RPC workers are busy. The obvious way to solve this is to have the nwfilter driver remember all the filters it has active, avoiding the need to iterate over running guests. NB, these patches are all ready for review, but the last patch really should not be merged at this time. I need to do more work to be able to serialize the filter state to disk, so the nwfilter driver can keep track of it across daemon restarts. All except the last patch should be ok to merge though. Daniel P. Berrangé (14): nwfilter: remove pointless virNWFilterHashTable struct nwfilter: remove methods that are trivial wrappers for virHash APIs nwfilter: remove virNWFilterHashTable typedefs entirely nwfilter: make virNWFilterIPAddrLearnReq type private nwfilter: remove obsolete code related to firewalld nwfilter: fix leaking of filter parameters upon error nwfilter: introduce virNWFilterBinding to decouple from virDomainNet nwfilter: pass vm name in when instantiating filters nwfilter: convert the gentech driver code to use virNWFilterBinding nwfilter: convert IP address learning code to virNWFilterBinding nwfilter: convert DHCP address snooping code to virNWFilterBinding nwfilter: report an error if nic needs filtering by no driver is present nwfilter: keep track of active filter bindings nwfilter: remove virt driver callback layer for rebuilding filters src/conf/domain_conf.c | 8 +- src/conf/domain_conf.h | 2 +- src/conf/domain_nwfilter.c | 14 +- src/conf/domain_nwfilter.h | 6 +- src/conf/nwfilter_conf.c | 224 ++++++++--------- src/conf/nwfilter_conf.h | 67 ++--- src/conf/nwfilter_ipaddrmap.c | 15 +- src/conf/nwfilter_params.c | 127 +++------- src/conf/nwfilter_params.h | 33 +-- src/conf/virnwfilterobj.c | 4 +- src/conf/virnwfilterobj.h | 4 +- src/libvirt_private.syms | 8 +- src/lxc/lxc_driver.c | 28 --- src/lxc/lxc_process.c | 2 +- src/nwfilter/nwfilter_dhcpsnoop.c | 153 +++++------- src/nwfilter/nwfilter_dhcpsnoop.h | 7 +- src/nwfilter/nwfilter_driver.c | 97 +++++--- src/nwfilter/nwfilter_driver.h | 2 - src/nwfilter/nwfilter_gentech_driver.c | 432 ++++++++++++++++++--------------- src/nwfilter/nwfilter_gentech_driver.h | 28 +-- src/nwfilter/nwfilter_learnipaddr.c | 113 ++++----- src/nwfilter/nwfilter_learnipaddr.h | 25 +- src/nwfilter/nwfilter_tech_driver.h | 2 +- src/qemu/qemu_driver.c | 25 -- src/qemu/qemu_hotplug.c | 6 +- src/qemu/qemu_interface.c | 4 +- src/qemu/qemu_process.c | 2 +- src/uml/uml_conf.c | 2 +- src/uml/uml_driver.c | 29 --- tests/nwfilterxml2firewalltest.c | 36 +-- 30 files changed, 642 insertions(+), 863 deletions(-) -- 2.14.3