[libvirt] [PATCH 4/4] nwfilter: force filters reinstantiation on binary update
This helps us bring correct firewall rules if previous binary
install them incorrectly.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/conf/virnwfilterbindingobj.c | 20 ++++++++++++++++++++
src/conf/virnwfilterbindingobj.h | 3 +++
src/libvirt_private.syms | 1 +
src/nwfilter/nwfilter_gentech_driver.c | 4 +++-
4 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/src/conf/virnwfilterbindingobj.c b/src/conf/virnwfilterbindingobj.c
index 355981e..09b757a 100644
--- a/src/conf/virnwfilterbindingobj.c
+++ b/src/conf/virnwfilterbindingobj.c
@@ -37,6 +37,7 @@ struct _virNWFilterBindingObj {
bool removing;
virNWFilterBindingDefPtr def;
char *filterhash;
+ time_t libvirtCtime;
};
@@ -110,6 +111,7 @@ virNWFilterBindingObjSetFilterhash(virNWFilterBindingObjPtr obj,
{
VIR_FREE(obj->filterhash);
obj->filterhash = filterhash;
+ obj->libvirtCtime = virGetSelfLastChanged();
}
@@ -120,6 +122,12 @@ virNWFilterBindingObjGetFilterhash(virNWFilterBindingObjPtr obj)
}
+time_t
+virNWFilterBindingObjGetLibvirtCtime(virNWFilterBindingObjPtr obj)
+{
+ return obj->libvirtCtime;
+}
+
/**
* virNWFilterBindingObjEndAPI:
* @obj: binding object
@@ -220,12 +228,22 @@ virNWFilterBindingObjParseXML(xmlDocPtr doc,
{
virNWFilterBindingObjPtr ret;
xmlNodePtr node;
+ long long int ctime;
if (!(ret = virNWFilterBindingObjNew()))
return NULL;
ret->filterhash = virXPathString("string(./filterhash)", ctxt);
+ if (virXPathBoolean("boolean(./libvirtctime)", ctxt) > 0) {
+ if (virXPathLongLong("string(./libvirtctime)", ctxt, &ctime) <
0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("invalid libvirtctime format"));
+ goto cleanup;
+ }
+ ret->libvirtCtime = (time_t)ctime;
+ }
+
if (!(node = virXPathNode("./filterbinding", ctxt))) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("filter binding status missing content"));
@@ -304,6 +322,8 @@ virNWFilterBindingObjFormat(const virNWFilterBindingObj *obj)
virBufferAdjustIndent(&buf, 2);
virBufferAsprintf(&buf, "<filterhash>%s</filterhash>\n",
obj->filterhash);
+ virBufferAsprintf(&buf,
"<libvirtctime>%llu</libvirtctime>\n",
+ (long long) obj->libvirtCtime);
if (virNWFilterBindingDefFormatBuf(&buf, obj->def) < 0) {
virBufferFreeAndReset(&buf);
diff --git a/src/conf/virnwfilterbindingobj.h b/src/conf/virnwfilterbindingobj.h
index fbcee03..ab949f8 100644
--- a/src/conf/virnwfilterbindingobj.h
+++ b/src/conf/virnwfilterbindingobj.h
@@ -52,6 +52,9 @@ virNWFilterBindingObjSetFilterhash(virNWFilterBindingObjPtr obj,
char*
virNWFilterBindingObjGetFilterhash(virNWFilterBindingObjPtr obj);
+time_t
+virNWFilterBindingObjGetLibvirtCtime(virNWFilterBindingObjPtr obj);
+
void
virNWFilterBindingObjEndAPI(virNWFilterBindingObjPtr *obj);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index cc3aaba..368ee01 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1058,6 +1058,7 @@ virNWFilterBindingObjEndAPI;
virNWFilterBindingObjFormat;
virNWFilterBindingObjGetDef;
virNWFilterBindingObjGetFilterhash;
+virNWFilterBindingObjGetLibvirtCtime;
virNWFilterBindingObjGetRemoving;
virNWFilterBindingObjNew;
virNWFilterBindingObjParseFile;
diff --git a/src/nwfilter/nwfilter_gentech_driver.c
b/src/nwfilter/nwfilter_gentech_driver.c
index a5b3e1a..94c2c5b 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -1026,8 +1026,10 @@ virNWFilterBuildOne(virNWFilterDriverStatePtr driver,
binding->filter))) {
char *filterhash = virNWFilterObjGetHash(filter);
char *bindinghash = virNWFilterBindingObjGetFilterhash(bindingobj);
+ time_t libvirtCtime = virNWFilterBindingObjGetLibvirtCtime(bindingobj);
- if (filterhash && bindinghash && STREQ(filterhash,
bindinghash)) {
+ if (libvirtCtime == virGetSelfLastChanged() &&
+ filterhash && bindinghash && STREQ(filterhash,
bindinghash)) {
VIR_DEBUG("skip binding reinstantiating owner=%s
portdevname=%s"
" filter=%s",
binding->ownername, binding->portdevname,
--
1.8.3.1