4:11 a.m.
Basically, the idea is copied from domain code, where tainting
exists for a while. Currently, only one taint reason exists -
VIR_NETWORK_TAINT_HOOK to mark those networks which caused invoking
of hook script.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/conf/network_conf.c | 16 ++++++++++++++++
src/conf/network_conf.h | 17 +++++++++++++++++
src/libvirt_private.syms | 3 +++
src/network/bridge_driver.c | 26 ++++++++++++++++++++++++++
4 files changed, 62 insertions(+)
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index e59938c..aa881d8 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -72,6 +72,22 @@ VIR_ENUM_IMPL(virNetworkDNSForwardPlainNames,
"yes",
"no")
+VIR_ENUM_IMPL(virNetworkTaint, VIR_NETWORK_TAINT_LAST,
+ "hook-script");
+
+bool
+virNetworkObjTaint(virNetworkObjPtr obj,
+ enum virNetworkTaintFlags taint)
+{
+ unsigned int flag = (1 << taint);
+
+ if (obj->taint & flag)
+ return false;
+
+ obj->taint |= flag;
+ return true;
+}
+
virNetworkObjPtr virNetworkFindByUUID(virNetworkObjListPtr nets,
const unsigned char *uuid)
{
diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
index b84762a..edcc49f 100644
--- a/src/conf/network_conf.h
+++ b/src/conf/network_conf.h
@@ -287,6 +287,8 @@ struct _virNetworkObj {
virBitmapPtr class_id; /* bitmap of class IDs for QoS */
unsigned long long floor_sum; /* sum of all 'floor'-s of attached NICs */
+
+ unsigned int taint;
};
typedef struct _virNetworkObjList virNetworkObjList;
@@ -296,12 +298,26 @@ struct _virNetworkObjList {
virNetworkObjPtr *objs;
};
+enum virNetworkTaintFlags {
+ VIR_NETWORK_TAINT_HOOK, /* Hook script was executed over
+ network. We can't guarantee
+ connectivity or other settings
+ as the script may have played
+ with iptables, tc, you name it.
+ */
+
+ VIR_NETWORK_TAINT_LAST
+};
+
static inline int
virNetworkObjIsActive(const virNetworkObj *net)
{
return net->active;
}
+bool virNetworkObjTaint(virNetworkObjPtr obj,
+ enum virNetworkTaintFlags taint);
+
virNetworkObjPtr virNetworkFindByUUID(virNetworkObjListPtr nets,
const unsigned char *uuid);
virNetworkObjPtr virNetworkFindByName(virNetworkObjListPtr nets,
@@ -452,4 +468,5 @@ virNetworkDefUpdateSection(virNetworkDefPtr def,
const char *xml,
unsigned int flags); /* virNetworkUpdateFlags */
+VIR_ENUM_DECL(virNetworkTaint)
#endif /* __NETWORK_CONF_H__ */
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c5a7637..0759d73 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -525,6 +525,7 @@ virNetworkObjListFree;
virNetworkObjLock;
virNetworkObjReplacePersistentDef;
virNetworkObjSetDefTransient;
+virNetworkObjTaint;
virNetworkObjUnlock;
virNetworkObjUnsetDefTransient;
virNetworkObjUpdate;
@@ -533,6 +534,8 @@ virNetworkSaveConfig;
virNetworkSaveStatus;
virNetworkSetBridgeMacAddr;
virNetworkSetBridgeName;
+virNetworkTaintTypeFromString;
+virNetworkTaintTypeToString;
virPortGroupFindByName;
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 1ba2b2d..f2aef48 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -112,6 +112,9 @@ static int networkPlugBandwidth(virNetworkObjPtr net,
static int networkUnplugBandwidth(virNetworkObjPtr net,
virDomainNetDefPtr iface);
+static void networkNetworkObjTaint(virNetworkObjPtr net,
+ enum virNetworkTaintFlags taint);
+
static virNetworkDriverStatePtr driverState = NULL;
static virNetworkObjPtr
@@ -2024,6 +2027,8 @@ networkStartNetwork(virNetworkDriverStatePtr driver,
*/
if (hookret < 0)
goto cleanup;
+
+ networkNetworkObjTaint(network, VIR_NETWORK_TAINT_HOOK);
}
switch (network->def->forward.type) {
@@ -2067,6 +2072,8 @@ networkStartNetwork(virNetworkDriverStatePtr driver,
*/
if (hookret < 0)
goto cleanup;
+
+ networkNetworkObjTaint(network, VIR_NETWORK_TAINT_HOOK);
}
network->active = 1;
@@ -3649,6 +3656,8 @@ validate:
*/
if (hookret < 0)
goto error;
+
+ networkNetworkObjTaint(network, VIR_NETWORK_TAINT_HOOK);
}
if (dev) {
@@ -4023,6 +4032,8 @@ success:
VIR_HOOK_NETWORK_OP_IFACE_UNPLUGGED,
VIR_HOOK_SUBOP_BEGIN, NULL, xml, NULL);
VIR_FREE(xml);
+
+ networkNetworkObjTaint(network, VIR_NETWORK_TAINT_HOOK);
}
VIR_DEBUG("Releasing network %s, %d connections",
@@ -4359,3 +4370,18 @@ networkUnplugBandwidth(virNetworkObjPtr net,
cleanup:
return ret;
}
+
+static void
+networkNetworkObjTaint(virNetworkObjPtr net,
+ enum virNetworkTaintFlags taint)
+{
+ if (virNetworkObjTaint(net, taint)) {
+ char uuidstr[VIR_UUID_STRING_BUFLEN];
+ virUUIDFormat(net->def->uuid, uuidstr);
+
+ VIR_WARN("Network name='%s' uuid=%s is tainted: %s",
+ net->def->name,
+ uuidstr,
+ virNetworkTaintTypeToString(taint));
+ }
+}
--
1.8.5.2