Re: [libvirt] [patch 3/3] Prevent updates while IP address learn thread is running

Prevent updating and tearing down of filter while the IP address learning thread is running and has its own filtering rules applied. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com&gt; Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c @@ -610,6 +610,8 @@ virNWFilterInstantiate(virConnectPtr con } else if (virHashSize(missing_vars->hashTable) > 1) { rc = 1; goto err_exit; + } else if (virNWFilterLookupLearnReq(ifindex) == NULL) { + goto err_exit; } rc = _virNWFilterInstantiateRec(conn, @@ -890,7 +892,9 @@ int virNWFilterRollbackUpdateFilter(virC const virDomainNetDefPtr net) { const char *drvname = EBIPTABLES_DRIVER_ID; + int ifindex; virNWFilterTechDriverPtr techdriver; + techdriver = virNWFilterTechDriverForName(drvname); if (!techdriver) { virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, @@ -900,6 +904,11 @@ int virNWFilterRollbackUpdateFilter(virC return 1; } + /* don't tear anything while the address is being learned */ + if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 && + virNWFilterLookupLearnReq(ifindex) != NULL) + return 0; + return techdriver->tearNewRules(conn, net->ifname); } @@ -909,7 +918,9 @@ virNWFilterTearOldFilter(virConnectPtr c virDomainNetDefPtr net) { const char *drvname = EBIPTABLES_DRIVER_ID; + int ifindex; virNWFilterTechDriverPtr techdriver; + techdriver = virNWFilterTechDriverForName(drvname); if (!techdriver) { virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, @@ -919,6 +930,11 @@ virNWFilterTearOldFilter(virConnectPtr c return 1; } + /* don't tear anything while the address is being learned */ + if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 && + virNWFilterLookupLearnReq(ifindex) != NULL) + return 0; + return techdriver->tearOldRules(conn, net->ifname); }