[libvirt] [PATCH 0/5] libvirt_nss: Report newer addresses first
See the last patch for explanation. Michal Prívozník (5): libvirt_nss: Use VIR_STEAL_PTR() in findLease() libvirt_nss: Use VIR_AUTOPTR and VIR_AUTOFREE libvirt_nss: Drop some needless cleanup labels libvirt_nss: Pass @name to appendAddr() libvirt_nss: Report newer addresses first tests/nssdata/virbr0.status | 6 +-- tests/nsstest.c | 21 ++++------ tools/nss/libvirt_nss.c | 80 +++++++++++++++++++++++-------------- 3 files changed, 60 insertions(+), 47 deletions(-) -- 2.21.0
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- tools/nss/libvirt_nss.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index 3ff1bada31..4de960d6f1 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -332,9 +332,8 @@ findLease(const char *name, #endif /* defined(LIBVIRT_NSS_GUEST) */ - *address = tmpAddress; + VIR_STEAL_PTR(*address, tmpAddress); *naddress = ntmpAddress; - tmpAddress = NULL; ntmpAddress = 0; ret = 0; -- 2.21.0
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- tools/nss/libvirt_nss.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index 4de960d6f1..e55bf144bc 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -244,11 +244,11 @@ findLease(const char *name, int ret = -1; const char *leaseDir = LEASEDIR; struct dirent *entry; - virJSONValuePtr leases_array = NULL; + VIR_AUTOPTR(virJSONValue) leases_array = NULL; ssize_t nleases; - leaseAddress *tmpAddress = NULL; + VIR_AUTOFREE(leaseAddress *) tmpAddress = NULL; size_t ntmpAddress = 0; - virMacMapPtr *macmaps = NULL; + VIR_AUTOFREE(virMacMapPtr *) macmaps = NULL; size_t nMacmaps = 0; *address = NULL; @@ -340,12 +340,9 @@ findLease(const char *name, cleanup: *errnop = errno; - VIR_FREE(tmpAddress); - virJSONValueFree(leases_array); VIR_DIR_CLOSE(dir); while (nMacmaps) virObjectUnref(macmaps[--nMacmaps]); - VIR_FREE(macmaps); return ret; } @@ -389,7 +386,7 @@ NSS_NAME(gethostbyname3)(const char *name, int af, struct hostent *result, { enum nss_status ret = NSS_STATUS_UNAVAIL; char *r_name, **r_aliases, *r_addr, *r_addr_next, **r_addr_list; - leaseAddress *addr = NULL; + VIR_AUTOFREE(leaseAddress *) addr = NULL; size_t naddr, i; bool found = false; size_t nameLen, need, idx = 0; @@ -495,7 +492,6 @@ NSS_NAME(gethostbyname3)(const char *name, int af, struct hostent *result, ret = NSS_STATUS_SUCCESS; cleanup: - VIR_FREE(addr); return ret; } -- 2.21.0
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- tools/nss/libvirt_nss.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index e55bf144bc..3b2583669b 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -85,7 +85,6 @@ appendAddr(leaseAddress **tmpAddress, virJSONValuePtr lease, int af) { - int ret = -1; const char *ipAddr; virSocketAddr sa; int family; @@ -93,21 +92,20 @@ appendAddr(leaseAddress **tmpAddress, if (!(ipAddr = virJSONValueObjectGetString(lease, "ip-address"))) { ERROR("ip-address field missing for %s", name); - goto cleanup; + return -1; } DEBUG("IP address: %s", ipAddr); if (virSocketAddrParse(&sa, ipAddr, AF_UNSPEC) < 0) { ERROR("Unable to parse %s", ipAddr); - goto cleanup; + return -1; } family = VIR_SOCKET_ADDR_FAMILY(&sa); if (af != AF_UNSPEC && af != family) { DEBUG("Skipping address which family is %d, %d requested", family, af); - ret = 0; - goto cleanup; + return 0; } for (i = 0; i < *ntmpAddress; i++) { @@ -117,14 +115,13 @@ appendAddr(leaseAddress **tmpAddress, (void *) &sa.data.inet6.sin6_addr.s6_addr), FAMILY_ADDRESS_SIZE(family)) == 0) { DEBUG("IP address already in the list"); - ret = 0; - goto cleanup; + return 0; } } if (VIR_REALLOC_N_QUIET(*tmpAddress, *ntmpAddress + 1) < 0) { ERROR("Out of memory"); - goto cleanup; + return -1; } (*tmpAddress)[*ntmpAddress].af = family; @@ -134,9 +131,7 @@ appendAddr(leaseAddress **tmpAddress, (void *) &sa.data.inet6.sin6_addr.s6_addr), FAMILY_ADDRESS_SIZE(family)); (*ntmpAddress)++; - ret = 0; - cleanup: - return ret; + return 0; } @@ -153,11 +148,10 @@ findLeaseInJSON(leaseAddress **tmpAddress, size_t i; long long expirytime; time_t currtime; - int ret = -1; if ((currtime = time(NULL)) == (time_t) - 1) { ERROR("Failed to get current system time"); - goto cleanup; + return -1; } for (i = 0; i < nleases; i++) { @@ -166,7 +160,7 @@ findLeaseInJSON(leaseAddress **tmpAddress, if (!lease) { /* This should never happen (TM) */ ERROR("Unable to get element %zu of %zu", i, nleases); - goto cleanup; + return -1; } if (macs) { @@ -190,7 +184,7 @@ findLeaseInJSON(leaseAddress **tmpAddress, if (virJSONValueObjectGetNumberLong(lease, "expiry-time", &expirytime) < 0) { /* A lease cannot be present without expiry-time */ ERROR("expiry-time field missing for %s", name); - goto cleanup; + return -1; } /* Do not report expired lease */ @@ -203,12 +197,10 @@ findLeaseInJSON(leaseAddress **tmpAddress, *found = true; if (appendAddr(tmpAddress, ntmpAddress, lease, af) < 0) - goto cleanup; + return -1; } - ret = 0; - cleanup: - return ret; + return 0; } -- 2.21.0
In the nss plugin we have ERROR() macro which by default does nothing. However, at compile time it can be made to report errors (this is useful for debugging because by nature of NSS debugging is hard). Anyway, the appendAddr() function uses @name (which contains name the caller wants us to resolve) for error reporting. But the caller findLeaseInJSON() is not passing it. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- tools/nss/libvirt_nss.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index 3b2583669b..b0e118bf37 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -80,7 +80,8 @@ typedef struct { static int -appendAddr(leaseAddress **tmpAddress, +appendAddr(const char *name ATTRIBUTE_UNUSED, + leaseAddress **tmpAddress, size_t *ntmpAddress, virJSONValuePtr lease, int af) @@ -196,7 +197,7 @@ findLeaseInJSON(leaseAddress **tmpAddress, DEBUG("Found record for %s", name); *found = true; - if (appendAddr(tmpAddress, ntmpAddress, lease, af) < 0) + if (appendAddr(name, tmpAddress, ntmpAddress, lease, af) < 0) return -1; } -- 2.21.0
On Sat, Jul 13, 2019 at 12:58:37PM +0200, Michal Privoznik wrote:
In the nss plugin we have ERROR() macro which by default does nothing. However, at compile time it can be made to report errors (this is useful for debugging because by nature of NSS debugging is hard). Anyway, the appendAddr() function uses @name (which contains name the caller wants us to resolve) for error reporting. But the caller findLeaseInJSON() is not passing it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- Reviewed-by: Erik Skultety <eskultet@redhat.com>
Ideally, a software that's translating domain names would iterate over all addresses the NSS returned, but some software does not bother (e.g. ping). What happens is that for instance when installing a guest, it's assigned one IP address but once it's installed and rebooted it gets a different IP address (because client ID used for the first DHCP traffic when installing the guest was generated dynamically and never saved so after reboot the guest generated new ID which resulted in different IP address to be assigned). This results in 'ping $domain' not working properly as it still pings the old IP address. Well, it might - NSS plugin does not guarantee any order of addresses. To resolve this problem, we can sort the array just before returning it to the caller (ping) so that the newer IP addresses come before older ones. Reported-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- tests/nssdata/virbr0.status | 6 +++--- tests/nsstest.c | 21 ++++++++------------- tools/nss/libvirt_nss.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 16 deletions(-) diff --git a/tests/nssdata/virbr0.status b/tests/nssdata/virbr0.status index d040774269..783efb1dfb 100644 --- a/tests/nssdata/virbr0.status +++ b/tests/nssdata/virbr0.status @@ -3,19 +3,19 @@ "ip-address": "192.168.122.197", "mac-address": "52:54:00:a4:6f:91", "hostname": "fedora", - "expiry-time": 1900000000 + "expiry-time": 1900000003 }, { "ip-address": "192.168.122.198", "mac-address": "52:54:00:a4:6f:92", "hostname": "fedora", - "expiry-time": 1900000000 + "expiry-time": 1900000002 }, { "ip-address": "192.168.122.254", "mac-address": "52:54:00:3a:b5:0c", "hostname": "gentoo", - "expiry-time": 2000000000 + "expiry-time": 2000000001 }, { "ip-address": "192.168.122.2", diff --git a/tests/nsstest.c b/tests/nsstest.c index d43c59c4a2..4118c31cef 100644 --- a/tests/nsstest.c +++ b/tests/nsstest.c @@ -46,7 +46,7 @@ testGetHostByName(const void *opaque) char buf[BUF_SIZE] = { 0 }; char **addrList; int rv, tmp_errno = 0, tmp_herrno = 0; - size_t i = 0, j = 0; + size_t i = 0; memset(&resolved, 0, sizeof(resolved)); @@ -117,6 +117,7 @@ testGetHostByName(const void *opaque) } addrList = resolved.h_addr_list; + i = 0; while (*addrList) { virSocketAddr sa; char *ipAddr; @@ -135,14 +136,10 @@ testGetHostByName(const void *opaque) goto cleanup; } - for (j = 0; data->ipAddr[j]; j++) { - if (STREQ(data->ipAddr[j], ipAddr)) - break; - } - - if (!data->ipAddr[j]) { + if (STRNEQ_NULLABLE(data->ipAddr[i], ipAddr)) { virReportError(VIR_ERR_INTERNAL_ERROR, - "Unexpected address %s", ipAddr); + "Unexpected address %s, expecting %s", + ipAddr, NULLSTR(data->ipAddr[i])); VIR_FREE(ipAddr); goto cleanup; } @@ -152,12 +149,10 @@ testGetHostByName(const void *opaque) i++; } - for (j = 0; data->ipAddr[j]; j++) - ; - - if (i != j) { + if (data->ipAddr[i]) { virReportError(VIR_ERR_INTERNAL_ERROR, - "Expected %zu addresses, got %zu", j, i); + "Expected %s address, got NULL", + data->ipAddr[i]); goto cleanup; } diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c index b0e118bf37..519046a4e0 100644 --- a/tools/nss/libvirt_nss.c +++ b/tools/nss/libvirt_nss.c @@ -76,9 +76,29 @@ do { \ typedef struct { unsigned char addr[16]; int af; + long long expirytime; } leaseAddress; +static int +leaseAddressSorter(const void *a, + const void *b) +{ + const leaseAddress *la = a; + const leaseAddress *lb = b; + + return lb->expirytime - la->expirytime; +} + + +static void +sortAddr(leaseAddress *tmpAddress, + size_t ntmpAddress) +{ + qsort(tmpAddress, ntmpAddress, sizeof(*tmpAddress), leaseAddressSorter); +} + + static int appendAddr(const char *name ATTRIBUTE_UNUSED, leaseAddress **tmpAddress, @@ -89,6 +109,7 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, const char *ipAddr; virSocketAddr sa; int family; + long long expirytime; size_t i; if (!(ipAddr = virJSONValueObjectGetString(lease, "ip-address"))) { @@ -109,6 +130,12 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, return 0; } + if (virJSONValueObjectGetNumberLong(lease, "expiry-time", &expirytime) < 0) { + /* A lease cannot be present without expiry-time */ + ERROR("expiry-time field missing for %s", name); + return -1; + } + for (i = 0; i < *ntmpAddress; i++) { if (memcmp((*tmpAddress)[i].addr, (family == AF_INET ? @@ -125,6 +152,7 @@ appendAddr(const char *name ATTRIBUTE_UNUSED, return -1; } + (*tmpAddress)[*ntmpAddress].expirytime = expirytime; (*tmpAddress)[*ntmpAddress].af = family; memcpy((*tmpAddress)[*ntmpAddress].addr, (family == AF_INET ? @@ -325,6 +353,8 @@ findLease(const char *name, #endif /* defined(LIBVIRT_NSS_GUEST) */ + sortAddr(tmpAddress, ntmpAddress); + VIR_STEAL_PTR(*address, tmpAddress); *naddress = ntmpAddress; ntmpAddress = 0; -- 2.21.0
On Sat, Jul 13, 2019 at 12:58:38PM +0200, Michal Privoznik wrote:
Ideally, a software that's translating domain names would iterate over all addresses the NSS returned, but some software does not bother (e.g. ping). What happens is that for instance when installing a guest, it's assigned one IP address but once it's installed and rebooted it gets a different IP address (because client ID used for the first DHCP traffic when installing the guest was generated dynamically and never saved so after reboot the guest generated new ID which resulted in different IP address to be assigned). This results in 'ping $domain' not working properly as it still pings the old IP address. Well, it might - NSS plugin does not guarantee any order of addresses.
To resolve this problem, we can sort the array just before returning it to the caller (ping) so that the newer IP addresses come before older ones.
Reported-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- ...
{ "ip-address": "192.168.122.254", "mac-address": "52:54:00:3a:b5:0c", "hostname": "gentoo", - "expiry-time": 2000000000 + "expiry-time": 2000000001
So, why is ^this specific change needed? In the test, you're expecting 192.168.122.[197-199], 192.168.122.199 has expiry time of 1900000000, so the test would still work. 192.168.122.254 is only assumed in a gentoo test twice, but there are no other addresses to sort in those cases, so the expiry time in there should not matter right? With the explanation of the above: Reviewed-by: Erik Skultety <eskultet@redhat.com>
On 7/15/19 10:16 AM, Erik Skultety wrote:
On Sat, Jul 13, 2019 at 12:58:38PM +0200, Michal Privoznik wrote:
Ideally, a software that's translating domain names would iterate over all addresses the NSS returned, but some software does not bother (e.g. ping). What happens is that for instance when installing a guest, it's assigned one IP address but once it's installed and rebooted it gets a different IP address (because client ID used for the first DHCP traffic when installing the guest was generated dynamically and never saved so after reboot the guest generated new ID which resulted in different IP address to be assigned). This results in 'ping $domain' not working properly as it still pings the old IP address. Well, it might - NSS plugin does not guarantee any order of addresses.
To resolve this problem, we can sort the array just before returning it to the caller (ping) so that the newer IP addresses come before older ones.
Reported-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- ...
{ "ip-address": "192.168.122.254", "mac-address": "52:54:00:3a:b5:0c", "hostname": "gentoo", - "expiry-time": 2000000000 + "expiry-time": 2000000001
So, why is ^this specific change needed? In the test, you're expecting 192.168.122.[197-199], 192.168.122.199 has expiry time of 1900000000, so the test would still work.
192.168.122.254 is only assumed in a gentoo test twice, but there are no other addresses to sort in those cases, so the expiry time in there should not matter right?
With the explanation of the above: Reviewed-by: Erik Skultety <eskultet@redhat.com>
Oh right, I don't understand how it got there. I'm removing it before pushing. Thanks for the review! Michal
participants (2)
-
Erik Skultety -
Michal Privoznik