[PATCH v5 22/30] network: save network status when firewall rules are reloaded

Friday, 17 May 2024

In the case that a new version of libvirt is started that uses
different rules to build the network firewall, we need to re-save the
status so that when the network is destroyed (or the *next* time
libvirt is restarted and wants to remove/re-add the firewall), it will
have the proper information to perform the firewall removal.

Signed-off-by: Laine Stump <laine(a)redhat.com&gt;
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com&gt;
---
 src/conf/virnetworkobj.c    | 1 +
 src/network/bridge_driver.c | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/conf/virnetworkobj.c b/src/conf/virnetworkobj.c
index f5db4c5804..19305798cb 100644
--- a/src/conf/virnetworkobj.c
+++ b/src/conf/virnetworkobj.c
@@ -834,6 +834,7 @@ virNetworkObjSaveStatus(const char *statusDir,
     int flags = 0;
     g_autofree char *xml = NULL;
 
+    VIR_DEBUG("Writing network status to disk");
     if (!(xml = virNetworkObjFormat(obj, xmlopt, flags)))
         return -1;
 
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 1b4c5aedf2..53a896feb9 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1686,6 +1686,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
     VIR_LOCK_GUARD lock = virObjectLockGuard(obj);
     virNetworkDef *def = virNetworkObjGetDef(obj);
     virFirewall *fwRemoval = NULL;
+    bool saveStatus = false;
 
     if (virNetworkObjIsActive(obj)) {
         switch ((virNetworkForwardType) def->forward.type) {
@@ -1700,6 +1701,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
             networkRemoveFirewallRules(obj);
             ignore_value(networkAddFirewallRules(def, cfg->firewallBackend,
&fwRemoval));
             virNetworkObjSetFwRemoval(obj, fwRemoval);
+            saveStatus = true;
             break;
 
         case VIR_NETWORK_FORWARD_OPEN:
@@ -1717,6 +1719,11 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
         }
     }
 
+    if (saveStatus) {
+        ignore_value(virNetworkObjSaveStatus(cfg->stateDir, obj,
+                                             network_driver->xmlopt));
+    }
+
     return 0;
 }
 
@@ -2366,7 +2373,6 @@ networkStartNetwork(virNetworkDriverState *driver,
     /* Persist the live configuration now that anything autogenerated
      * is setup.
      */
-    VIR_DEBUG("Writing network status to disk");
     if (virNetworkObjSaveStatus(cfg->stateDir,
                                 obj, network_driver->xmlopt) < 0)
         goto cleanup;
-- 
2.45.0

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH v5 22/30] network: save network status when firewall rules are reloaded