[libvirt] [PATCH v3 00/20] nwfilter: refactor the driver to make it independent of virt drivers

v1: https://www.redhat.com/archives/libvir-list/2018-April/msg02616.html v2: https://www.redhat.com/archives/libvir-list/2018-May/msg01145.html Today the nwfilter driver is entangled with the virt drivers in both directions. At various times when rebuilding filters nwfilter will call out to the virt driver to iterate over running guest's NICs. This has caused very complicated lock ordering rules to be required. If we are to split the virt drivers out into separate daemons we need to get rid of this coupling since we don't want the separate daemons calling each other, as that risks deadlock if all of the RPC workers are busy. The obvious way to solve this is to have the nwfilter driver remember all the filters it has active, avoiding the need to iterate over running guests. Still todo - Document the new XML format Changed in v3: - Updated API version numbers - Use accessors for virNWFilterBindingObjPtr struct - Other fixes John mentioned Changed in v2: - The virNWFilterBindingPtr was renamed virNWFilterBindingDefPtr - New virNWFilterBindingObjPtr & virNWFilterBindingObjListPtr structs added to track the objects in the driver - New virNWFilterBindingPtr public API type was added - New public APIs for listing filter bindings, querying XML, and creating/deleting them - Convert the virt drivers to use the public API for creating and deleting bindings - Persistent active bindings out to disk so they're preserved across restarts - Added RNG schema and XML-2-XML test - New virsh commands for listing/querying XML/creating/deleting bindings Daniel P. Berrangé (20): conf: change virNWFilterBindingPtr to virNWFilterBindingDefPtr conf: add missing virxml.h include for nwfilter_params.h conf: move virNWFilterBindingDefPtr into its own files conf: add support for parsing/formatting virNWFilterBindingDefPtr schemas: add schema for nwfilter binding XML document nwfilter: export port binding concept in the public API access: add nwfilter binding object permissions remote: add support for nwfilter binding objects virsh: add nwfilter binding commands nwfilter: convert the gentech driver code to use virNWFilterBindingDefPtr nwfilter: convert IP address learning code to virNWFilterBindingDefPtr nwfilter: convert DHCP address snooping code to virNWFilterBindingDefPtr conf: report an error if nic needs filtering by no driver is present conf: introduce a virNWFilterBindingObjPtr struct conf: introduce a virNWFilterBindingObjListPtr struct nwfilter: keep track of active filter bindings nwfilter: remove virt driver callback layer for rebuilding filters nwfilter: wire up new APIs for listing and querying filter bindings nwfilter: wire up new APIs for creating and deleting nwfilter bindings nwfilter: convert virt drivers to use public API for nwfilter bindings docs/schemas/domaincommon.rng | 27 +- docs/schemas/nwfilter.rng | 29 +- docs/schemas/nwfilter_params.rng | 32 ++ docs/schemas/nwfilterbinding.rng | 49 ++ include/libvirt/libvirt-nwfilter.h | 39 ++ include/libvirt/virterror.h | 2 + src/access/viraccessdriver.h | 5 + src/access/viraccessdrivernop.c | 10 + src/access/viraccessdriverpolkit.c | 21 + src/access/viraccessdriverstack.c | 24 + src/access/viraccessmanager.c | 15 + src/access/viraccessmanager.h | 5 + src/access/viraccessperm.c | 7 +- src/access/viraccessperm.h | 38 ++ src/conf/Makefile.inc.am | 6 + src/conf/domain_nwfilter.c | 125 ++++- src/conf/domain_nwfilter.h | 13 - src/conf/nwfilter_conf.c | 188 +------ src/conf/nwfilter_conf.h | 68 +-- src/conf/nwfilter_params.h | 1 + src/conf/virnwfilterbindingdef.c | 280 ++++++++++ src/conf/virnwfilterbindingdef.h | 65 +++ src/conf/virnwfilterbindingobj.c | 299 +++++++++++ src/conf/virnwfilterbindingobj.h | 69 +++ src/conf/virnwfilterbindingobjlist.c | 487 ++++++++++++++++++ src/conf/virnwfilterbindingobjlist.h | 69 +++ src/conf/virnwfilterobj.c | 4 +- src/conf/virnwfilterobj.h | 4 + src/datatypes.c | 67 +++ src/datatypes.h | 31 ++ src/driver-nwfilter.h | 30 ++ src/libvirt-nwfilter.c | 305 +++++++++++ src/libvirt_private.syms | 45 +- src/libvirt_public.syms | 9 + src/lxc/lxc_driver.c | 28 - src/nwfilter/nwfilter_dhcpsnoop.c | 158 +++--- src/nwfilter/nwfilter_dhcpsnoop.h | 7 +- src/nwfilter/nwfilter_driver.c | 218 ++++++-- src/nwfilter/nwfilter_gentech_driver.c | 337 ++++++------ src/nwfilter/nwfilter_gentech_driver.h | 22 +- src/nwfilter/nwfilter_learnipaddr.c | 104 ++-- src/nwfilter/nwfilter_learnipaddr.h | 7 +- src/qemu/qemu_driver.c | 25 - src/remote/remote_daemon_dispatch.c | 15 + src/remote/remote_driver.c | 20 + src/remote/remote_protocol.x | 90 +++- src/remote_protocol-structs | 43 ++ src/rpc/gendispatch.pl | 15 +- src/uml/uml_driver.c | 29 -- src/util/virerror.c | 12 + tests/Makefile.am | 7 + .../filter-vars.xml | 11 + .../virnwfilterbindingxml2xmldata/simple.xml | 9 + tests/virnwfilterbindingxml2xmltest.c | 112 ++++ tests/virschematest.c | 1 + tools/virsh-completer.c | 45 ++ tools/virsh-completer.h | 4 + tools/virsh-nwfilter.c | 317 ++++++++++++ tools/virsh-nwfilter.h | 8 + 59 files changed, 3283 insertions(+), 829 deletions(-) create mode 100644 docs/schemas/nwfilter_params.rng create mode 100644 docs/schemas/nwfilterbinding.rng create mode 100644 src/conf/virnwfilterbindingdef.c create mode 100644 src/conf/virnwfilterbindingdef.h create mode 100644 src/conf/virnwfilterbindingobj.c create mode 100644 src/conf/virnwfilterbindingobj.h create mode 100644 src/conf/virnwfilterbindingobjlist.c create mode 100644 src/conf/virnwfilterbindingobjlist.h create mode 100644 tests/virnwfilterbindingxml2xmldata/filter-vars.xml create mode 100644 tests/virnwfilterbindingxml2xmldata/simple.xml create mode 100644 tests/virnwfilterbindingxml2xmltest.c -- 2.17.0