The nwfilter_params.h header references the xmlNodePtr type, so must include the virxml.h header to get the libxml2 types defined. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/nwfilter_params.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/conf/nwfilter_params.h b/src/conf/nwfilter_params.h index 9bdf65c033..f7355c37df 100644 --- a/src/conf/nwfilter_params.h +++ b/src/conf/nwfilter_params.h @@ -26,6 +26,7 @@ # include "virhash.h" # include "virbuffer.h" # include "virmacaddr.h" +# include "virxml.h" typedef enum { NWFILTER_VALUE_TYPE_SIMPLE, -- 2.17.0

A typical XML representation of the virNWFilterBindingDefPtr struct looks like this: <filterbinding> <owner> <name>f25arm7</name> <uuid>12ac8b8c-4f23-4248-ae42-fdcd50c400fd</uuid> </owner> <portdev name='vnet1'/> <mac address='52:54:00:9d:81:b1'/> <filterref filter='clean-traffic'> <parameter name='MAC' value='52:54:00:9d:81:b1'/> </filterref> </filterbinding> Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/virnwfilterbindingdef.c | 197 ++++++++++++++++++ src/conf/virnwfilterbindingdef.h | 18 ++ src/libvirt_private.syms | 5 + tests/Makefile.am | 7 + .../filter-vars.xml | 11 + .../virnwfilterbindingxml2xmldata/simple.xml | 9 + tests/virnwfilterbindingxml2xmltest.c | 112 ++++++++++ 7 files changed, 359 insertions(+) create mode 100644 tests/virnwfilterbindingxml2xmldata/filter-vars.xml create mode 100644 tests/virnwfilterbindingxml2xmldata/simple.xml create mode 100644 tests/virnwfilterbindingxml2xmltest.c diff --git a/src/conf/virnwfilterbindingdef.c b/src/conf/virnwfilterbindingdef.c index c7533d4063..facca61833 100644 --- a/src/conf/virnwfilterbindingdef.c +++ b/src/conf/virnwfilterbindingdef.c @@ -25,6 +25,7 @@ #include "virstring.h" #include "nwfilter_params.h" #include "virnwfilterbindingdef.h" +#include "viruuid.h" #define VIR_FROM_THIS VIR_FROM_NWFILTER @@ -81,3 +82,199 @@ virNWFilterBindingDefCopy(virNWFilterBindingDefPtr src) virNWFilterBindingDefFree(ret); return NULL; } + + +static virNWFilterBindingDefPtr +virNWFilterBindingDefParseXML(xmlXPathContextPtr ctxt) +{ + virNWFilterBindingDefPtr ret; + char *uuid = NULL; + char *mac = NULL; + xmlNodePtr node; + + if (VIR_ALLOC(ret) < 0) + return NULL; + + ret->portdevname = virXPathString("string(./portdev/@name)", ctxt); + if (!ret->portdevname) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("filter binding has no port dev name")); + goto cleanup; + } + + if (virXPathNode("./linkdev", ctxt)) { + ret->linkdevname = virXPathString("string(./linkdev/@name)", ctxt); + if (!ret->linkdevname) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("filter binding has no link dev name")); + goto cleanup; + } + } + + ret->ownername = virXPathString("string(./owner/name)", ctxt); + if (!ret->ownername) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("filter binding has no owner name")); + goto cleanup; + } + + uuid = virXPathString("string(./owner/uuid)", ctxt); + if (!uuid) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("filter binding has no owner UUID")); + goto cleanup; + } + + if (virUUIDParse(uuid, ret->owneruuid) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to parse UUID '%s'"), uuid); + VIR_FREE(uuid); + goto cleanup; + } + VIR_FREE(uuid); + + mac = virXPathString("string(./mac/@address)", ctxt); + if (!mac) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("filter binding has no MAC address")); + goto cleanup; + } + + if (virMacAddrParse(mac, &ret->mac) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unable to parse MAC '%s'"), mac); + VIR_FREE(mac); + goto cleanup; + } + VIR_FREE(mac); + + ret->filter = virXPathString("string(./filterref/@filter)", ctxt); + if (!ret->filter) { + virReportError(VIR_ERR_INTERNAL_ERROR, + "%s", _("filter binding has no filter reference")); + goto cleanup; + } + + node = virXPathNode("./filterref", ctxt); + if (node && + !(ret->filterparams = virNWFilterParseParamAttributes(node))) + goto cleanup; + + return ret; + + cleanup: + virNWFilterBindingDefFree(ret); + return NULL; +} + + +virNWFilterBindingDefPtr +virNWFilterBindingDefParseNode(xmlDocPtr xml, + xmlNodePtr root) +{ + xmlXPathContextPtr ctxt = NULL; + virNWFilterBindingDefPtr def = NULL; + + if (STRNEQ((const char *)root->name, "filterbinding")) { + virReportError(VIR_ERR_XML_ERROR, + "%s", + _("unknown root element for nwfilter binding")); + goto cleanup; + } + + ctxt = xmlXPathNewContext(xml); + if (ctxt == NULL) { + virReportOOMError(); + goto cleanup; + } + + ctxt->node = root; + def = virNWFilterBindingDefParseXML(ctxt); + + cleanup: + xmlXPathFreeContext(ctxt); + return def; +} + + +static virNWFilterBindingDefPtr +virNWFilterBindingDefParse(const char *xmlStr, + const char *filename) +{ + virNWFilterBindingDefPtr def = NULL; + xmlDocPtr xml; + + if ((xml = virXMLParse(filename, xmlStr, _("(nwfilterbinding_definition)")))) { + def = virNWFilterBindingDefParseNode(xml, xmlDocGetRootElement(xml)); + xmlFreeDoc(xml); + } + + return def; +} + + +virNWFilterBindingDefPtr +virNWFilterBindingDefParseString(const char *xmlStr) +{ + return virNWFilterBindingDefParse(xmlStr, NULL); +} + + +virNWFilterBindingDefPtr +virNWFilterBindingDefParseFile(const char *filename) +{ + return virNWFilterBindingDefParse(NULL, filename); +} + + +char * +virNWFilterBindingDefFormat(const virNWFilterBindingDef *def) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + + if (virNWFilterBindingDefFormatBuf(&buf, def) < 0) { + virBufferFreeAndReset(&buf); + return NULL; + } + + if (virBufferCheckError(&buf) < 0) + return NULL; + + return virBufferContentAndReset(&buf); +} + + +int +virNWFilterBindingDefFormatBuf(virBufferPtr buf, + const virNWFilterBindingDef *def) +{ + char uuid[VIR_UUID_STRING_BUFLEN]; + char mac[VIR_MAC_STRING_BUFLEN]; + + virBufferAddLit(buf, "<filterbinding>\n"); + + virBufferAdjustIndent(buf, 2); + + virBufferAddLit(buf, "<owner>\n"); + virBufferAdjustIndent(buf, 2); + virBufferEscapeString(buf, "<name>%s</name>\n", def->ownername); + virUUIDFormat(def->owneruuid, uuid); + virBufferAsprintf(buf, "<uuid>%s</uuid>\n", uuid); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</owner>\n"); + + virBufferEscapeString(buf, "<portdev name='%s'/>\n", def->portdevname); + if (def->linkdevname) + virBufferEscapeString(buf, "<linkdev name='%s'/>\n", def->linkdevname); + + virMacAddrFormat(&def->mac, mac); + virBufferAsprintf(buf, "<mac address='%s'/>\n", mac); + + if (virNWFilterFormatParamAttributes(buf, def->filterparams, def->filter) < 0) + return -1; + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</filterbinding>\n"); + + return 0; +} diff --git a/src/conf/virnwfilterbindingdef.h b/src/conf/virnwfilterbindingdef.h index e3b18af151..af7fab6064 100644 --- a/src/conf/virnwfilterbindingdef.h +++ b/src/conf/virnwfilterbindingdef.h @@ -24,6 +24,7 @@ # include "internal.h" # include "virmacaddr.h" # include "virhash.h" +# include "virbuffer.h" typedef struct _virNWFilterBindingDef virNWFilterBindingDef; typedef virNWFilterBindingDef *virNWFilterBindingDefPtr; @@ -44,4 +45,21 @@ virNWFilterBindingDefFree(virNWFilterBindingDefPtr binding); virNWFilterBindingDefPtr virNWFilterBindingDefCopy(virNWFilterBindingDefPtr src); +virNWFilterBindingDefPtr +virNWFilterBindingDefParseNode(xmlDocPtr xml, + xmlNodePtr root); + +virNWFilterBindingDefPtr +virNWFilterBindingDefParseString(const char *xml); + +virNWFilterBindingDefPtr +virNWFilterBindingDefParseFile(const char *filename); + +char * +virNWFilterBindingDefFormat(const virNWFilterBindingDef *def); + +int +virNWFilterBindingDefFormatBuf(virBufferPtr buf, + const virNWFilterBindingDef *def); + #endif /* VIR_NWFILTER_BINDING_DEF_H */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 8518a853ff..7f364ec9a1 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1050,7 +1050,12 @@ virNodeDeviceObjListRemove; # conf/virnwfilterbindingdef.h virNWFilterBindingDefCopy; +virNWFilterBindingDefFormat; +virNWFilterBindingDefFormatBuf; virNWFilterBindingDefFree; +virNWFilterBindingDefParseFile; +virNWFilterBindingDefParseNode; +virNWFilterBindingDefParseString; # conf/virnwfilterobj.h diff --git a/tests/Makefile.am b/tests/Makefile.am index 99c79e3208..f5872fa42b 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -157,6 +157,7 @@ EXTRA_DIST = \ virmock.h \ virnetdaemondata \ virnetdevtestdata \ + virnwfilterbindingxml2xmldata \ virpcitestdata \ virscsidata \ virsh-uriprecedence \ @@ -352,6 +353,7 @@ test_programs += storagebackendsheepdogtest endif WITH_STORAGE_SHEEPDOG test_programs += nwfilterxml2xmltest +test_programs += virnwfilterbindingxml2xmltest if WITH_NWFILTER test_programs += nwfilterebiptablestest @@ -848,6 +850,11 @@ nwfilterxml2xmltest_SOURCES = \ testutils.c testutils.h nwfilterxml2xmltest_LDADD = $(LDADDS) +virnwfilterbindingxml2xmltest_SOURCES = \ + virnwfilterbindingxml2xmltest.c \ + testutils.c testutils.h +virnwfilterbindingxml2xmltest_LDADD = $(LDADDS) + if WITH_NWFILTER nwfilterebiptablestest_SOURCES = \ nwfilterebiptablestest.c \ diff --git a/tests/virnwfilterbindingxml2xmldata/filter-vars.xml b/tests/virnwfilterbindingxml2xmldata/filter-vars.xml new file mode 100644 index 0000000000..dcff9640ce --- /dev/null +++ b/tests/virnwfilterbindingxml2xmldata/filter-vars.xml @@ -0,0 +1,11 @@ +<filterbinding> + <owner> + <name>memtest</name> + <uuid>d54df46f-1ab5-4a22-8618-4560ef5fac2c</uuid> + </owner> + <portdev name='vnet0'/> + <mac address='52:54:00:7b:35:93'/> + <filterref filter='clean-traffic'> + <parameter name='MAC' value='52:54:00:7b:35:93'/> + </filterref> +</filterbinding> diff --git a/tests/virnwfilterbindingxml2xmldata/simple.xml b/tests/virnwfilterbindingxml2xmldata/simple.xml new file mode 100644 index 0000000000..4577729a3c --- /dev/null +++ b/tests/virnwfilterbindingxml2xmldata/simple.xml @@ -0,0 +1,9 @@ +<filterbinding> + <owner> + <name>memtest</name> + <uuid>d54df46f-1ab5-4a22-8618-4560ef5fac2c</uuid> + </owner> + <portdev name='vnet0'/> + <mac address='52:54:00:7b:35:93'/> + <filterref filter='clean-traffic'/> +</filterbinding> diff --git a/tests/virnwfilterbindingxml2xmltest.c b/tests/virnwfilterbindingxml2xmltest.c new file mode 100644 index 0000000000..a3948084af --- /dev/null +++ b/tests/virnwfilterbindingxml2xmltest.c @@ -0,0 +1,112 @@ +/* + * virnwfilterbindingxml2xmltest.c: network filter binding XML testing + * + * Copyright (C) 2018 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> + +#include <sys/types.h> +#include <fcntl.h> + +#include "internal.h" +#include "testutils.h" +#include "virxml.h" +#include "virnwfilterbindingdef.h" +#include "testutilsqemu.h" +#include "virstring.h" + +#define VIR_FROM_THIS VIR_FROM_NONE + +static int +testCompareXMLToXMLFiles(const char *xml) +{ + char *actual = NULL; + int ret = -1; + virNWFilterBindingDefPtr dev = NULL; + + virResetLastError(); + + if (!(dev = virNWFilterBindingDefParseFile(xml))) + goto fail; + + if (!(actual = virNWFilterBindingDefFormat(dev))) + goto fail; + + if (virTestCompareToFile(actual, xml) < 0) + goto fail; + + ret = 0; + + fail: + VIR_FREE(actual); + virNWFilterBindingDefFree(dev); + return ret; +} + +typedef struct test_parms { + const char *name; +} test_parms; + +static int +testCompareXMLToXMLHelper(const void *data) +{ + int result = -1; + const test_parms *tp = data; + char *xml = NULL; + + if (virAsprintf(&xml, "%s/virnwfilterbindingxml2xmldata/%s.xml", + abs_srcdir, tp->name) < 0) { + goto cleanup; + } + + result = testCompareXMLToXMLFiles(xml); + + cleanup: + VIR_FREE(xml); + + return result; +} + +static int +mymain(void) +{ + int ret = 0; + +#define DO_TEST(NAME) \ + do { \ + test_parms tp = { \ + .name = NAME, \ + }; \ + if (virTestRun("NWFilter XML-2-XML " NAME, \ + testCompareXMLToXMLHelper, (&tp)) < 0) \ + ret = -1; \ + } while (0) + + DO_TEST("simple"); + DO_TEST("filter-vars"); + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +} + +VIR_TEST_MAIN(mymain) -- 2.17.0

When the daemons are split there will need to be a way for the virt drivers and/or network driver to create and delete bindings between network ports and network filters. This defines a set of public APIs that are suitable for managing this facility. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- include/libvirt/libvirt-nwfilter.h | 39 ++++ include/libvirt/virterror.h | 2 + src/datatypes.c | 67 +++++++ src/datatypes.h | 31 +++ src/driver-nwfilter.h | 30 +++ src/libvirt-nwfilter.c | 305 +++++++++++++++++++++++++++++ src/libvirt_private.syms | 1 + src/libvirt_public.syms | 9 + src/util/virerror.c | 12 ++ 9 files changed, 496 insertions(+) diff --git a/include/libvirt/libvirt-nwfilter.h b/include/libvirt/libvirt-nwfilter.h index 9f01c175a9..20e6d1ff9a 100644 --- a/include/libvirt/libvirt-nwfilter.h +++ b/include/libvirt/libvirt-nwfilter.h @@ -43,6 +43,23 @@ typedef struct _virNWFilter virNWFilter; */ typedef virNWFilter *virNWFilterPtr; +/** + * virNWFilterBinding: + * + * a virNWFilterBinding is a private structure representing a network + * filter binding to a port + */ +typedef struct _virNWFilterBinding virNWFilterBinding; + +/** + * virNWFilterBindingPtr: + * + * a virNWFilterBindingPtr is pointer to a virNWFilterBinding private + * structure, this is the type used to reference a network filter + * port binding in the API. + */ +typedef virNWFilterBinding *virNWFilterBindingPtr; + /* * List NWFilters @@ -92,4 +109,26 @@ int virNWFilterGetUUIDString (virNWFilterPtr nwfilter, char * virNWFilterGetXMLDesc (virNWFilterPtr nwfilter, unsigned int flags); + +virNWFilterBindingPtr virNWFilterBindingLookupByPortDev(virConnectPtr conn, + const char *portdev); + +const char * virNWFilterBindingGetPortDev(virNWFilterBindingPtr binding); +const char * virNWFilterBindingGetFilterName(virNWFilterBindingPtr binding); + +int virConnectListAllNWFilterBindings(virConnectPtr conn, + virNWFilterBindingPtr **bindings, + unsigned int flags); + +virNWFilterBindingPtr virNWFilterBindingCreateXML(virConnectPtr conn, + const char *xml, + unsigned int flags); + +char * virNWFilterBindingGetXMLDesc(virNWFilterBindingPtr binding, + unsigned int flags); + +int virNWFilterBindingDelete(virNWFilterBindingPtr binding); +int virNWFilterBindingRef(virNWFilterBindingPtr binding); +int virNWFilterBindingFree(virNWFilterBindingPtr binding); + #endif /* __VIR_LIBVIRT_NWFILTER_H__ */ diff --git a/include/libvirt/virterror.h b/include/libvirt/virterror.h index 5e58b6a3f9..57aadb8d16 100644 --- a/include/libvirt/virterror.h +++ b/include/libvirt/virterror.h @@ -321,6 +321,8 @@ typedef enum { to guest-sync command (DEPRECATED)*/ VIR_ERR_LIBSSH = 98, /* error in libssh transport driver */ VIR_ERR_DEVICE_MISSING = 99, /* fail to find the desired device */ + VIR_ERR_INVALID_NWFILTER_BINDING = 100, /* invalid nwfilter binding */ + VIR_ERR_NO_NWFILTER_BINDING = 101, /* no nwfilter binding */ } virErrorNumber; /** diff --git a/src/datatypes.c b/src/datatypes.c index 09b8eea5a2..878a1c5b5f 100644 --- a/src/datatypes.c +++ b/src/datatypes.c @@ -41,6 +41,7 @@ virClassPtr virInterfaceClass; virClassPtr virNetworkClass; virClassPtr virNodeDeviceClass; virClassPtr virNWFilterClass; +virClassPtr virNWFilterBindingClass; virClassPtr virSecretClass; virClassPtr virStreamClass; virClassPtr virStorageVolClass; @@ -54,6 +55,7 @@ static void virInterfaceDispose(void *obj); static void virNetworkDispose(void *obj); static void virNodeDeviceDispose(void *obj); static void virNWFilterDispose(void *obj); +static void virNWFilterBindingDispose(void *obj); static void virSecretDispose(void *obj); static void virStreamDispose(void *obj); static void virStorageVolDispose(void *obj); @@ -89,6 +91,7 @@ virDataTypesOnceInit(void) DECLARE_CLASS(virNetwork); DECLARE_CLASS(virNodeDevice); DECLARE_CLASS(virNWFilter); + DECLARE_CLASS(virNWFilterBinding); DECLARE_CLASS(virSecret); DECLARE_CLASS(virStream); DECLARE_CLASS(virStorageVol); @@ -830,6 +833,70 @@ virNWFilterDispose(void *obj) } +/** + * virGetNWFilterBinding: + * @conn: the hypervisor connection + * @portdev: pointer to the network filter port device name + * @filtername: name of the network filter + * + * Allocates a new network filter binding object. When the object is no longer + * needed, virObjectUnref() must be called in order to not leak data. + * + * Returns a pointer to the network filter binding object, or NULL on error. + */ +virNWFilterBindingPtr +virGetNWFilterBinding(virConnectPtr conn, const char *portdev, + const char *filtername) +{ + virNWFilterBindingPtr ret = NULL; + + if (virDataTypesInitialize() < 0) + return NULL; + + virCheckConnectGoto(conn, error); + virCheckNonNullArgGoto(portdev, error); + + if (!(ret = virObjectNew(virNWFilterBindingClass))) + goto error; + + if (VIR_STRDUP(ret->portdev, portdev) < 0) + goto error; + + if (VIR_STRDUP(ret->filtername, filtername) < 0) + goto error; + + ret->conn = virObjectRef(conn); + + return ret; + + error: + virObjectUnref(ret); + return NULL; +} + + +/** + * virNWFilterBindingDispose: + * @obj: the network filter binding to release + * + * Unconditionally release all memory associated with a nwfilter binding. + * The nwfilter binding object must not be used once this method returns. + * + * It will also unreference the associated connection object, + * which may also be released if its ref count hits zero. + */ +static void +virNWFilterBindingDispose(void *obj) +{ + virNWFilterBindingPtr binding = obj; + + VIR_DEBUG("release binding %p %s", binding, binding->portdev); + + VIR_FREE(binding->portdev); + virObjectUnref(binding->conn); +} + + /** * virGetDomainSnapshot: * @domain: the domain to snapshot diff --git a/src/datatypes.h b/src/datatypes.h index 192c86be80..e1b38706dc 100644 --- a/src/datatypes.h +++ b/src/datatypes.h @@ -36,6 +36,7 @@ extern virClassPtr virInterfaceClass; extern virClassPtr virNetworkClass; extern virClassPtr virNodeDeviceClass; extern virClassPtr virNWFilterClass; +extern virClassPtr virNWFilterBindingClass; extern virClassPtr virSecretClass; extern virClassPtr virStreamClass; extern virClassPtr virStorageVolClass; @@ -277,6 +278,20 @@ extern virClassPtr virAdmClientClass; } \ } while (0) +# define virCheckNWFilterBindingReturn(obj, retval) \ + do { \ + virNWFilterBindingPtr _nw = (obj); \ + if (!virObjectIsClass(_nw, virNWFilterBindingClass) || \ + !virObjectIsClass(_nw->conn, virConnectClass)) { \ + virReportErrorHelper(VIR_FROM_NWFILTER, \ + VIR_ERR_INVALID_NWFILTER_BINDING, \ + __FILE__, __FUNCTION__, __LINE__, \ + __FUNCTION__); \ + virDispatchError(NULL); \ + return retval; \ + } \ + } while (0) + # define virCheckDomainSnapshotReturn(obj, retval) \ do { \ virDomainSnapshotPtr _snap = (obj); \ @@ -676,6 +691,19 @@ struct _virNWFilter { }; +/** +* _virNWFilterBinding: +* +* Internal structure associated to a network filter port binding +*/ +struct _virNWFilterBinding { + virObject parent; + virConnectPtr conn; /* pointer back to the connection */ + char *portdev; /* the network filter port device name */ + char *filtername; /* the network filter name */ +}; + + /* * Helper APIs for allocating new object instances */ @@ -712,6 +740,9 @@ virStreamPtr virGetStream(virConnectPtr conn); virNWFilterPtr virGetNWFilter(virConnectPtr conn, const char *name, const unsigned char *uuid); +virNWFilterBindingPtr virGetNWFilterBinding(virConnectPtr conn, + const char *portdev, + const char *filtername); virDomainSnapshotPtr virGetDomainSnapshot(virDomainPtr domain, const char *name); diff --git a/src/driver-nwfilter.h b/src/driver-nwfilter.h index cb49542f92..2c3e480a32 100644 --- a/src/driver-nwfilter.h +++ b/src/driver-nwfilter.h @@ -57,6 +57,31 @@ typedef char * (*virDrvNWFilterGetXMLDesc)(virNWFilterPtr nwfilter, unsigned int flags); +typedef virNWFilterBindingPtr +(*virDrvNWFilterBindingLookupByPortDev)(virConnectPtr conn, + const char *portdev); + +typedef int +(*virDrvConnectListAllNWFilterBindings)(virConnectPtr conn, + virNWFilterBindingPtr **bindings, + unsigned int flags); + +typedef virNWFilterBindingPtr +(*virDrvNWFilterBindingCreateXML)(virConnectPtr conn, + const char *xml, + unsigned int flags); + +typedef char * +(*virDrvNWFilterBindingGetXMLDesc)(virNWFilterBindingPtr binding, + unsigned int flags); + +typedef int +(*virDrvNWFilterBindingDelete)(virNWFilterBindingPtr binding); +typedef int +(*virDrvNWFilterBindingRef)(virNWFilterBindingPtr binding); +typedef int +(*virDrvNWFilterBindingFree)(virNWFilterBindingPtr binding); + typedef struct _virNWFilterDriver virNWFilterDriver; typedef virNWFilterDriver *virNWFilterDriverPtr; @@ -77,6 +102,11 @@ struct _virNWFilterDriver { virDrvNWFilterDefineXML nwfilterDefineXML; virDrvNWFilterUndefine nwfilterUndefine; virDrvNWFilterGetXMLDesc nwfilterGetXMLDesc; + virDrvConnectListAllNWFilterBindings connectListAllNWFilterBindings; + virDrvNWFilterBindingLookupByPortDev nwfilterBindingLookupByPortDev; + virDrvNWFilterBindingCreateXML nwfilterBindingCreateXML; + virDrvNWFilterBindingDelete nwfilterBindingDelete; + virDrvNWFilterBindingGetXMLDesc nwfilterBindingGetXMLDesc; }; diff --git a/src/libvirt-nwfilter.c b/src/libvirt-nwfilter.c index 948c30deef..e572d46c18 100644 --- a/src/libvirt-nwfilter.c +++ b/src/libvirt-nwfilter.c @@ -513,3 +513,308 @@ virNWFilterRef(virNWFilterPtr nwfilter) virObjectRef(nwfilter); return 0; } + + +/** + * virConnectListAllNWFilterBindings: + * @conn: Pointer to the hypervisor connection. + * @bindings: Pointer to a variable to store the array containing the network + * filter objects or NULL if the list is not required (just returns + * number of network filters). + * @flags: extra flags; not used yet, so callers should always pass 0 + * + * Collect the list of network filters, and allocate an array to store those + * objects. + * + * Returns the number of network filters found or -1 and sets @filters to NULL + * in case of error. On success, the array stored into @filters is guaranteed to + * have an extra allocated element set to NULL but not included in the return count, + * to make iteration easier. The caller is responsible for calling + * virNWFilterFree() on each array element, then calling free() on @filters. + */ +int +virConnectListAllNWFilterBindings(virConnectPtr conn, + virNWFilterBindingPtr **bindings, + unsigned int flags) +{ + VIR_DEBUG("conn=%p, bindings=%p, flags=0x%x", conn, bindings, flags); + + virResetLastError(); + + if (bindings) + *bindings = NULL; + + virCheckConnectReturn(conn, -1); + + if (conn->nwfilterDriver && + conn->nwfilterDriver->connectListAllNWFilterBindings) { + int ret; + ret = conn->nwfilterDriver->connectListAllNWFilterBindings(conn, bindings, flags); + if (ret < 0) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(conn); + return -1; +} + + +/** + * virNWFilterBindingLookupByPortDev: + * @conn: pointer to the hypervisor connection + * @portdev: name for the network port device + * + * Try to lookup a network filter binding on the given hypervisor based + * on network port device name. + * + * virNWFilterBindingFree should be used to free the resources after the + * binding object is no longer needed. + * + * Returns a new binding object or NULL in case of failure. If the + * network filter cannot be found, then VIR_ERR_NO_NWFILTER_BINDING + * error is raised. + */ +virNWFilterBindingPtr +virNWFilterBindingLookupByPortDev(virConnectPtr conn, const char *portdev) +{ + VIR_DEBUG("conn=%p, name=%s", conn, NULLSTR(portdev)); + + virResetLastError(); + + virCheckConnectReturn(conn, NULL); + virCheckNonNullArgGoto(portdev, error); + + if (conn->nwfilterDriver && conn->nwfilterDriver->nwfilterBindingLookupByPortDev) { + virNWFilterBindingPtr ret; + ret = conn->nwfilterDriver->nwfilterBindingLookupByPortDev(conn, portdev); + if (!ret) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(conn); + return NULL; +} + + +/** + * virNWFilterBindingFree: + * @binding: a binding object + * + * Free the binding object. The running instance is kept alive. + * The data structure is freed and should not be used thereafter. + * + * Returns 0 in case of success and -1 in case of failure. + */ +int +virNWFilterBindingFree(virNWFilterBindingPtr binding) +{ + VIR_DEBUG("binding=%p", binding); + + virResetLastError(); + + virCheckNWFilterBindingReturn(binding, -1); + + virObjectUnref(binding); + return 0; +} + + +/** + * virNWFilterBindingGetPortDev: + * @binding: a binding object + * + * Get the port dev name for the network filter binding + * + * Returns a pointer to the name or NULL, the string need not be deallocated + * its lifetime will be the same as the binding object. + */ +const char * +virNWFilterBindingGetPortDev(virNWFilterBindingPtr binding) +{ + VIR_DEBUG("binding=%p", binding); + + virResetLastError(); + + virCheckNWFilterBindingReturn(binding, NULL); + + return binding->portdev; +} + + +/** + * virNWFilterBindingGetFilterName: + * @binding: a binding object + * + * Get the filter name for the network filter binding + * + * Returns a pointer to the name or NULL, the string need not be deallocated + * its lifetime will be the same as the binding object. + */ +const char * +virNWFilterBindingGetFilterName(virNWFilterBindingPtr binding) +{ + VIR_DEBUG("binding=%p", binding); + + virResetLastError(); + + virCheckNWFilterBindingReturn(binding, NULL); + + return binding->filtername; +} + + +/** + * virNWFilterBindingCreateXML: + * @conn: pointer to the hypervisor connection + * @xml: an XML description of the binding + * @flags: currently unused, pass 0 + * + * Define a new network filter, based on an XML description + * similar to the one returned by virNWFilterGetXMLDesc() + * + * virNWFilterFree should be used to free the resources after the + * binding object is no longer needed. + * + * Returns a new binding object or NULL in case of failure + */ +virNWFilterBindingPtr +virNWFilterBindingCreateXML(virConnectPtr conn, const char *xml, unsigned int flags) +{ + VIR_DEBUG("conn=%p, xml=%s", conn, NULLSTR(xml)); + + virResetLastError(); + + virCheckConnectReturn(conn, NULL); + virCheckNonNullArgGoto(xml, error); + virCheckReadOnlyGoto(conn->flags, error); + + if (conn->nwfilterDriver && conn->nwfilterDriver->nwfilterBindingCreateXML) { + virNWFilterBindingPtr ret; + ret = conn->nwfilterDriver->nwfilterBindingCreateXML(conn, xml, flags); + if (!ret) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(conn); + return NULL; +} + + +/** + * virNWFilterBindingDelete: + * @binding: a binding object + * + * Delete the binding object. This does not free the + * associated virNWFilterBindingPtr object. + * + * Returns 0 in case of success and -1 in case of failure. + */ +int +virNWFilterBindingDelete(virNWFilterBindingPtr binding) +{ + virConnectPtr conn; + VIR_DEBUG("binding=%p", binding); + + virResetLastError(); + + virCheckNWFilterBindingReturn(binding, -1); + conn = binding->conn; + + virCheckReadOnlyGoto(conn->flags, error); + + if (conn->nwfilterDriver && conn->nwfilterDriver->nwfilterBindingDelete) { + int ret; + ret = conn->nwfilterDriver->nwfilterBindingDelete(binding); + if (ret < 0) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(binding->conn); + return -1; +} + + +/** + * virNWFilterBindingGetXMLDesc: + * @binding: a binding object + * @flags: extra flags; not used yet, so callers should always pass 0 + * + * Provide an XML description of the network filter. The description may be + * reused later to redefine the network filter with virNWFilterCreateXML(). + * + * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of error. + * the caller must free() the returned value. + */ +char * +virNWFilterBindingGetXMLDesc(virNWFilterBindingPtr binding, unsigned int flags) +{ + virConnectPtr conn; + VIR_DEBUG("binding=%p, flags=0x%x", binding, flags); + + virResetLastError(); + + virCheckNWFilterBindingReturn(binding, NULL); + conn = binding->conn; + + if (conn->nwfilterDriver && conn->nwfilterDriver->nwfilterBindingGetXMLDesc) { + char *ret; + ret = conn->nwfilterDriver->nwfilterBindingGetXMLDesc(binding, flags); + if (!ret) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(binding->conn); + return NULL; +} + + +/** + * virNWFilterBindingRef: + * @binding: the binding to hold a reference on + * + * Increment the reference count on the binding. For each + * additional call to this method, there shall be a corresponding + * call to virNWFilterFree to release the reference count, once + * the caller no longer needs the reference to this object. + * + * This method is typically useful for applications where multiple + * threads are using a connection, and it is required that the + * connection remain open until all threads have finished using + * it. ie, each new thread using an binding would increment + * the reference count. + * + * Returns 0 in case of success, -1 in case of failure. + */ +int +virNWFilterBindingRef(virNWFilterBindingPtr binding) +{ + VIR_DEBUG("binding=%p refs=%d", binding, + binding ? binding->parent.u.s.refs : 0); + + virResetLastError(); + + virCheckNWFilterBindingReturn(binding, -1); + + virObjectRef(binding); + return 0; +} diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 7f364ec9a1..a323316607 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1200,6 +1200,7 @@ virGetInterface; virGetNetwork; virGetNodeDevice; virGetNWFilter; +virGetNWFilterBinding; virGetSecret; virGetStoragePool; virGetStorageVol; diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 3bf3c3f916..d4cdbd8b32 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -798,6 +798,15 @@ LIBVIRT_4.5.0 { virGetLastErrorDomain; virNodeGetSEVInfo; virDomainGetLaunchSecurityInfo; + virNWFilterBindingLookupByPortDev; + virConnectListAllNWFilterBindings; + virNWFilterBindingCreateXML; + virNWFilterBindingGetXMLDesc; + virNWFilterBindingDelete; + virNWFilterBindingRef; + virNWFilterBindingFree; + virNWFilterBindingGetPortDev; + virNWFilterBindingGetFilterName; } LIBVIRT_4.4.0; # .... define new API here using predicted next version number .... diff --git a/src/util/virerror.c b/src/util/virerror.c index 93632dbdf7..f198f27957 100644 --- a/src/util/virerror.c +++ b/src/util/virerror.c @@ -1494,6 +1494,18 @@ virErrorMsg(virErrorNumber error, const char *info) else errmsg = _("device not found: %s"); break; + case VIR_ERR_INVALID_NWFILTER_BINDING: + if (info == NULL) + errmsg = _("Invalid network filter binding"); + else + errmsg = _("Invalid network filter binding: %s"); + break; + case VIR_ERR_NO_NWFILTER_BINDING: + if (info == NULL) + errmsg = _("Network filter binding not found"); + else + errmsg = _("Network filter binding not found: %s"); + break; } return errmsg; } -- 2.17.0

Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/remote/remote_daemon_dispatch.c | 15 +++++ src/remote/remote_driver.c | 20 +++++++ src/remote/remote_protocol.x | 90 ++++++++++++++++++++++++++++- src/remote_protocol-structs | 43 ++++++++++++++ src/rpc/gendispatch.pl | 12 ++-- 5 files changed, 173 insertions(+), 7 deletions(-) diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index f1a5ba2590..4a93f09a7d 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -90,6 +90,7 @@ static virStoragePoolPtr get_nonnull_storage_pool(virConnectPtr conn, remote_non static virStorageVolPtr get_nonnull_storage_vol(virConnectPtr conn, remote_nonnull_storage_vol vol); static virSecretPtr get_nonnull_secret(virConnectPtr conn, remote_nonnull_secret secret); static virNWFilterPtr get_nonnull_nwfilter(virConnectPtr conn, remote_nonnull_nwfilter nwfilter); +static virNWFilterBindingPtr get_nonnull_nwfilter_binding(virConnectPtr conn, remote_nonnull_nwfilter_binding binding); static virDomainSnapshotPtr get_nonnull_domain_snapshot(virDomainPtr dom, remote_nonnull_domain_snapshot snapshot); static virNodeDevicePtr get_nonnull_node_device(virConnectPtr conn, remote_nonnull_node_device dev); static void make_nonnull_domain(remote_nonnull_domain *dom_dst, virDomainPtr dom_src); @@ -100,6 +101,7 @@ static void make_nonnull_storage_vol(remote_nonnull_storage_vol *vol_dst, virSto static void make_nonnull_node_device(remote_nonnull_node_device *dev_dst, virNodeDevicePtr dev_src); static void make_nonnull_secret(remote_nonnull_secret *secret_dst, virSecretPtr secret_src); static void make_nonnull_nwfilter(remote_nonnull_nwfilter *net_dst, virNWFilterPtr nwfilter_src); +static void make_nonnull_nwfilter_binding(remote_nonnull_nwfilter_binding *binding_dst, virNWFilterBindingPtr binding_src); static void make_nonnull_domain_snapshot(remote_nonnull_domain_snapshot *snapshot_dst, virDomainSnapshotPtr snapshot_src); static int @@ -7087,6 +7089,12 @@ get_nonnull_nwfilter(virConnectPtr conn, remote_nonnull_nwfilter nwfilter) return virGetNWFilter(conn, nwfilter.name, BAD_CAST nwfilter.uuid); } +static virNWFilterBindingPtr +get_nonnull_nwfilter_binding(virConnectPtr conn, remote_nonnull_nwfilter_binding binding) +{ + return virGetNWFilterBinding(conn, binding.portdev, binding.filtername); +} + static virDomainSnapshotPtr get_nonnull_domain_snapshot(virDomainPtr dom, remote_nonnull_domain_snapshot snapshot) { @@ -7159,6 +7167,13 @@ make_nonnull_nwfilter(remote_nonnull_nwfilter *nwfilter_dst, virNWFilterPtr nwfi memcpy(nwfilter_dst->uuid, nwfilter_src->uuid, VIR_UUID_BUFLEN); } +static void +make_nonnull_nwfilter_binding(remote_nonnull_nwfilter_binding *binding_dst, virNWFilterBindingPtr binding_src) +{ + ignore_value(VIR_STRDUP_QUIET(binding_dst->portdev, binding_src->portdev)); + ignore_value(VIR_STRDUP_QUIET(binding_dst->filtername, binding_src->filtername)); +} + static void make_nonnull_domain_snapshot(remote_nonnull_domain_snapshot *snapshot_dst, virDomainSnapshotPtr snapshot_src) { diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 1328f910b0..1d94c2e42d 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -141,6 +141,7 @@ static int remoteAuthPolkit(virConnectPtr conn, struct private_data *priv, static virDomainPtr get_nonnull_domain(virConnectPtr conn, remote_nonnull_domain domain); static virNetworkPtr get_nonnull_network(virConnectPtr conn, remote_nonnull_network network); static virNWFilterPtr get_nonnull_nwfilter(virConnectPtr conn, remote_nonnull_nwfilter nwfilter); +static virNWFilterBindingPtr get_nonnull_nwfilter_binding(virConnectPtr conn, remote_nonnull_nwfilter_binding binding); static virInterfacePtr get_nonnull_interface(virConnectPtr conn, remote_nonnull_interface iface); static virStoragePoolPtr get_nonnull_storage_pool(virConnectPtr conn, remote_nonnull_storage_pool pool); static virStorageVolPtr get_nonnull_storage_vol(virConnectPtr conn, remote_nonnull_storage_vol vol); @@ -156,6 +157,7 @@ static void make_nonnull_node_device(remote_nonnull_node_device *dev_dst, virNodeDevicePtr dev_src); static void make_nonnull_secret(remote_nonnull_secret *secret_dst, virSecretPtr secret_src); static void make_nonnull_nwfilter(remote_nonnull_nwfilter *nwfilter_dst, virNWFilterPtr nwfilter_src); +static void make_nonnull_nwfilter_binding(remote_nonnull_nwfilter_binding *binding_dst, virNWFilterBindingPtr binding_src); static void make_nonnull_domain_snapshot(remote_nonnull_domain_snapshot *snapshot_dst, virDomainSnapshotPtr snapshot_src); /*----------------------------------------------------------------------*/ @@ -8206,6 +8208,12 @@ get_nonnull_nwfilter(virConnectPtr conn, remote_nonnull_nwfilter nwfilter) return virGetNWFilter(conn, nwfilter.name, BAD_CAST nwfilter.uuid); } +static virNWFilterBindingPtr +get_nonnull_nwfilter_binding(virConnectPtr conn, remote_nonnull_nwfilter_binding binding) +{ + return virGetNWFilterBinding(conn, binding.portdev, binding.filtername); +} + static virDomainSnapshotPtr get_nonnull_domain_snapshot(virDomainPtr domain, remote_nonnull_domain_snapshot snapshot) { @@ -8273,6 +8281,13 @@ make_nonnull_nwfilter(remote_nonnull_nwfilter *nwfilter_dst, virNWFilterPtr nwfi memcpy(nwfilter_dst->uuid, nwfilter_src->uuid, VIR_UUID_BUFLEN); } +static void +make_nonnull_nwfilter_binding(remote_nonnull_nwfilter_binding *binding_dst, virNWFilterBindingPtr binding_src) +{ + binding_dst->portdev = binding_src->portdev; + binding_dst->filtername = binding_src->filtername; +} + static void make_nonnull_domain_snapshot(remote_nonnull_domain_snapshot *snapshot_dst, virDomainSnapshotPtr snapshot_src) { @@ -8656,6 +8671,11 @@ static virNWFilterDriver nwfilter_driver = { .connectNumOfNWFilters = remoteConnectNumOfNWFilters, /* 0.8.0 */ .connectListNWFilters = remoteConnectListNWFilters, /* 0.8.0 */ .connectListAllNWFilters = remoteConnectListAllNWFilters, /* 0.10.2 */ + .connectListAllNWFilterBindings = remoteConnectListAllNWFilterBindings, /* 4.5.0 */ + .nwfilterBindingLookupByPortDev = remoteNWFilterBindingLookupByPortDev, /* 4.5.0 */ + .nwfilterBindingCreateXML = remoteNWFilterBindingCreateXML, /* 4.5.0 */ + .nwfilterBindingDelete = remoteNWFilterBindingDelete, /* 4.5.0 */ + .nwfilterBindingGetXMLDesc = remoteNWFilterBindingGetXMLDesc, /* 4.5.0 */ }; static virConnectDriver connect_driver = { diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 162cf5e61b..28c8febabd 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -94,6 +94,9 @@ const REMOTE_NODE_DEVICE_CAPS_LIST_MAX = 65536; /* Upper limit on lists of network filters. */ const REMOTE_NWFILTER_LIST_MAX = 16384; +/* Upper limit on lists of network filter bindings. */ +const REMOTE_NWFILTER_BINDING_LIST_MAX = 16384; + /* Upper limit on list of scheduler parameters. */ const REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX = 16; @@ -281,6 +284,12 @@ struct remote_nonnull_nwfilter { remote_uuid uuid; }; +/* A network filter binding which may not be NULL. */ +struct remote_nonnull_nwfilter_binding { + remote_nonnull_string portdev; + remote_nonnull_string filtername; +}; + /* An interface which may not be NULL. */ struct remote_nonnull_interface { remote_nonnull_string name; @@ -322,6 +331,7 @@ struct remote_nonnull_domain_snapshot { typedef remote_nonnull_domain *remote_domain; typedef remote_nonnull_network *remote_network; typedef remote_nonnull_nwfilter *remote_nwfilter; +typedef remote_nonnull_nwfilter_binding *remote_nwfilter_binding; typedef remote_nonnull_storage_pool *remote_storage_pool; typedef remote_nonnull_storage_vol *remote_storage_vol; typedef remote_nonnull_node_device *remote_node_device; @@ -3505,6 +3515,48 @@ struct remote_domain_get_launch_security_info_ret { remote_typed_param params<REMOTE_DOMAIN_LAUNCH_SECURITY_INFO_PARAMS_MAX>; }; +/* nwfilter binding */ + +struct remote_nwfilter_binding_lookup_by_port_dev_args { + remote_nonnull_string name; +}; + +struct remote_nwfilter_binding_lookup_by_port_dev_ret { + remote_nonnull_nwfilter_binding nwfilter; +}; + +struct remote_nwfilter_binding_create_xml_args { + remote_nonnull_string xml; + unsigned int flags; +}; + +struct remote_nwfilter_binding_create_xml_ret { + remote_nonnull_nwfilter_binding nwfilter; +}; + +struct remote_nwfilter_binding_delete_args { + remote_nonnull_nwfilter_binding nwfilter; +}; + +struct remote_nwfilter_binding_get_xml_desc_args { + remote_nonnull_nwfilter_binding nwfilter; + unsigned int flags; +}; + +struct remote_nwfilter_binding_get_xml_desc_ret { + remote_nonnull_string xml; +}; + +struct remote_connect_list_all_nwfilter_bindings_args { + int need_results; + unsigned int flags; +}; + +struct remote_connect_list_all_nwfilter_bindings_ret { /* insert@1 */ + remote_nonnull_nwfilter_binding bindings<REMOTE_NWFILTER_BINDING_LIST_MAX>; + unsigned int ret; +}; + /*----- Protocol. -----*/ /* Define the program number, protocol version and procedure numbers here. */ @@ -6224,5 +6276,41 @@ enum remote_procedure { * @generate: none * @acl: domain:read */ - REMOTE_PROC_DOMAIN_GET_LAUNCH_SECURITY_INFO = 396 + REMOTE_PROC_DOMAIN_GET_LAUNCH_SECURITY_INFO = 396, + + /** + * @generate: both + * @priority: high + * @acl: nwfilter_binding:getattr + */ + REMOTE_PROC_NWFILTER_BINDING_LOOKUP_BY_PORT_DEV = 397, + + /** + * @generate: both + * @priority: high + * @acl: nwfilter_binding:read + */ + REMOTE_PROC_NWFILTER_BINDING_GET_XML_DESC = 398, + + /** + * @generate: both + * @priority: high + * @acl: nwfilter_binding:create + */ + REMOTE_PROC_NWFILTER_BINDING_CREATE_XML = 399, + + /** + * @generate: both + * @priority: high + * @acl: nwfilter_binding:delete + */ + REMOTE_PROC_NWFILTER_BINDING_DELETE = 400, + + /** + * @generate: both + * @priority: high + * @acl: connect:search_nwfilter_bindings + * @aclfilter: nwfilter_binding:getattr + */ + REMOTE_PROC_CONNECT_LIST_ALL_NWFILTER_BINDINGS = 401 }; diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index 0c75ad2305..6343e14638 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -21,6 +21,10 @@ struct remote_nonnull_nwfilter { remote_nonnull_string name; remote_uuid uuid; }; +struct remote_nonnull_nwfilter_binding { + remote_nonnull_string portdev; + remote_nonnull_string filtername; +}; struct remote_nonnull_interface { remote_nonnull_string name; remote_nonnull_string mac; @@ -2928,6 +2932,40 @@ struct remote_domain_get_launch_security_info_ret { remote_typed_param * params_val; } params; }; +struct remote_nwfilter_binding_lookup_by_port_dev_args { + remote_nonnull_string name; +}; +struct remote_nwfilter_binding_lookup_by_port_dev_ret { + remote_nonnull_nwfilter_binding nwfilter; +}; +struct remote_nwfilter_binding_create_xml_args { + remote_nonnull_string xml; + u_int flags; +}; +struct remote_nwfilter_binding_create_xml_ret { + remote_nonnull_nwfilter_binding nwfilter; +}; +struct remote_nwfilter_binding_delete_args { + remote_nonnull_nwfilter_binding nwfilter; +}; +struct remote_nwfilter_binding_get_xml_desc_args { + remote_nonnull_nwfilter_binding nwfilter; + u_int flags; +}; +struct remote_nwfilter_binding_get_xml_desc_ret { + remote_nonnull_string xml; +}; +struct remote_connect_list_all_nwfilter_bindings_args { + int need_results; + u_int flags; +}; +struct remote_connect_list_all_nwfilter_bindings_ret { + struct { + u_int bindings_len; + remote_nonnull_nwfilter_binding * bindings_val; + } bindings; + u_int ret; +}; enum remote_procedure { REMOTE_PROC_CONNECT_OPEN = 1, REMOTE_PROC_CONNECT_CLOSE = 2, @@ -3325,4 +3363,9 @@ enum remote_procedure { REMOTE_PROC_CONNECT_BASELINE_HYPERVISOR_CPU = 394, REMOTE_PROC_NODE_GET_SEV_INFO = 395, REMOTE_PROC_DOMAIN_GET_LAUNCH_SECURITY_INFO = 396, + REMOTE_PROC_NWFILTER_BINDING_LOOKUP_BY_PORT_DEV = 397, + REMOTE_PROC_NWFILTER_BINDING_GET_XML_DESC = 398, + REMOTE_PROC_NWFILTER_BINDING_CREATE_XML = 399, + REMOTE_PROC_NWFILTER_BINDING_DELETE = 400, + REMOTE_PROC_CONNECT_LIST_ALL_NWFILTER_BINDINGS = 401, }; diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl index 480ebe7b00..0c4648c0fb 100755 --- a/src/rpc/gendispatch.pl +++ b/src/rpc/gendispatch.pl @@ -557,7 +557,7 @@ elsif ($mode eq "server") { if ($args_member =~ m/^remote_nonnull_string name;/ and $has_node_device) { # ignore the name arg for node devices next - } elsif ($args_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|interface|secret|nwfilter) (\S+);/) { + } elsif ($args_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|interface|secret|nwfilter|nwfilter_binding) (\S+);/) { my $type_name = name_to_TypeName($1); push(@vars_list, "vir${type_name}Ptr $2 = NULL"); @@ -722,7 +722,7 @@ elsif ($mode eq "server") { if (!$modern_ret_as_list) { push(@ret_list, "ret->$3 = tmp.$3;"); } - } elsif ($ret_member =~ m/(?:admin|remote)_nonnull_(secret|nwfilter|node_device|interface|network|storage_vol|storage_pool|domain_snapshot|domain|server|client) (\S+)<(\S+)>;/) { + } elsif ($ret_member =~ m/(?:admin|remote)_nonnull_(secret|nwfilter|nwfilter_binding|node_device|interface|network|storage_vol|storage_pool|domain_snapshot|domain|server|client) (\S+)<(\S+)>;/) { $modern_ret_struct_name = $1; $single_ret_list_error_msg_type = $1; $single_ret_list_name = $2; @@ -780,7 +780,7 @@ elsif ($mode eq "server") { $single_ret_var = $1; $single_ret_by_ref = 0; $single_ret_check = " == NULL"; - } elsif ($ret_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|interface|node_device|secret|nwfilter|domain_snapshot) (\S+);/) { + } elsif ($ret_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|interface|node_device|secret|nwfilter|nwfilter_binding|domain_snapshot) (\S+);/) { my $type_name = name_to_TypeName($1); if ($call->{ProcName} eq "DomainCreateWithFlags") { @@ -1325,7 +1325,7 @@ elsif ($mode eq "client") { $priv_src = "dev->conn"; push(@args_list, "virNodeDevicePtr dev"); push(@setters_list, "args.name = dev->name;"); - } elsif ($args_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|interface|secret|nwfilter|domain_snapshot) (\S+);/) { + } elsif ($args_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|interface|secret|nwfilter|nwfilter_binding|domain_snapshot) (\S+);/) { my $name = $1; my $arg_name = $2; my $type_name = name_to_TypeName($name); @@ -1518,7 +1518,7 @@ elsif ($mode eq "client") { } push(@ret_list, "memcpy(result->$3, ret.$3, sizeof(result->$3));"); - } elsif ($ret_member =~ m/(?:admin|remote)_nonnull_(secret|nwfilter|node_device|interface|network|storage_vol|storage_pool|domain_snapshot|domain|server|client) (\S+)<(\S+)>;/) { + } elsif ($ret_member =~ m/(?:admin|remote)_nonnull_(secret|nwfilter|nwfilter_binding|node_device|interface|network|storage_vol|storage_pool|domain_snapshot|domain|server|client) (\S+)<(\S+)>;/) { my $proc_name = name_to_TypeName($1); if ($structprefix eq "admin") { @@ -1571,7 +1571,7 @@ elsif ($mode eq "client") { push(@ret_list, "VIR_FREE(ret.$1);"); $single_ret_var = "char *rv = NULL"; $single_ret_type = "char *"; - } elsif ($ret_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|node_device|interface|secret|nwfilter|domain_snapshot) (\S+);/) { + } elsif ($ret_member =~ m/^remote_nonnull_(domain|network|storage_pool|storage_vol|node_device|interface|secret|nwfilter|nwfilter_binding|domain_snapshot) (\S+);/) { my $name = $1; my $arg_name = $2; my $type_name = name_to_TypeName($name); -- 2.17.0

Use the virNWFilterBindingDefPtr struct in the gentech driver code directly. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/nwfilter/nwfilter_dhcpsnoop.c | 39 ++-- src/nwfilter/nwfilter_driver.c | 24 ++- src/nwfilter/nwfilter_gentech_driver.c | 236 ++++++++++++------------- src/nwfilter/nwfilter_gentech_driver.h | 22 ++- src/nwfilter/nwfilter_learnipaddr.c | 18 +- 5 files changed, 175 insertions(+), 164 deletions(-) diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c index aff062ca7c..7274b03c2a 100644 --- a/src/nwfilter/nwfilter_dhcpsnoop.c +++ b/src/nwfilter/nwfilter_dhcpsnoop.c @@ -497,15 +497,20 @@ virNWFilterSnoopIPLeaseInstallRule(virNWFilterSnoopIPLeasePtr ipl, /* instantiate the filters */ - if (req->ifname) + if (req->ifname) { + virNWFilterBindingDef binding = { + .portdevname = req->ifname, + .linkdevname = req->linkdev, + .mac = req->macaddr, + .filter = req->filtername, + .filterparams = req->vars, + .ownername = NULL, + .owneruuid = {0}, + }; rc = virNWFilterInstantiateFilterLate(req->driver, - NULL, - req->ifname, - req->ifindex, - req->linkdev, - &req->macaddr, - req->filtername, - req->vars); + &binding, + req->ifindex); + } exit_snooprequnlock: virNWFilterSnoopReqUnlock(req); @@ -884,14 +889,18 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req, goto skip_instantiate; if (ipAddrLeft) { + virNWFilterBindingDef binding = { + .portdevname = req->ifname, + .linkdevname = req->linkdev, + .mac = req->macaddr, + .filter = req->filtername, + .filterparams = req->vars, + .ownername = NULL, + .owneruuid = {0}, + }; ret = virNWFilterInstantiateFilterLate(req->driver, - NULL, - req->ifname, - req->ifindex, - req->linkdev, - &req->macaddr, - req->filtername, - req->vars); + &binding, + req->ifindex); } else { virNWFilterVarValuePtr dhcpsrvrs = virHashLookup(req->vars, NWFILTER_VARNAME_DHCPSERVER); diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index d17a8ec00b..7202691646 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -38,6 +38,7 @@ #include "domain_conf.h" #include "domain_nwfilter.h" #include "nwfilter_driver.h" +#include "virnwfilterbindingdef.h" #include "nwfilter_gentech_driver.h" #include "configmake.h" #include "virfile.h" @@ -642,19 +643,36 @@ nwfilterGetXMLDesc(virNWFilterPtr nwfilter, static int -nwfilterInstantiateFilter(const char *vmname ATTRIBUTE_UNUSED, +nwfilterInstantiateFilter(const char *vmname, const unsigned char *vmuuid, virDomainNetDefPtr net) { - return virNWFilterInstantiateFilter(driver, vmuuid, net); + virNWFilterBindingDefPtr binding; + int ret; + + if (!(binding = virNWFilterBindingDefForNet(vmname, vmuuid, net))) + return -1; + ret = virNWFilterInstantiateFilter(driver, binding); + virNWFilterBindingDefFree(binding); + return ret; } static void nwfilterTeardownFilter(virDomainNetDefPtr net) { + virNWFilterBindingDef binding = { + .portdevname = net->ifname, + .linkdevname = (net->type == VIR_DOMAIN_NET_TYPE_DIRECT ? + net->data.direct.linkdev : NULL), + .mac = net->mac, + .filter = net->filter, + .filterparams = net->filterparams, + .ownername = NULL, + .owneruuid = {0}, + }; if ((net->ifname) && (net->filter)) - virNWFilterTeardownFilter(net); + virNWFilterTeardownFilter(&binding); } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index af4411d4db..23e9998f53 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -182,33 +182,6 @@ virNWFilterVarHashmapAddStdValues(virHashTablePtr table, } -/** - * virNWFilterCreateVarHashmap: - * @macaddr: pointer to string containing formatted MAC address of interface - * @ipaddr: pointer to string containing formatted IP address used by - * VM on this interface; may be NULL - * - * Create a hashmap used for evaluating the firewall rules. Initializes - * it with the standard variable 'MAC' and 'IP' if provided. - * - * Returns pointer to hashmap, NULL if an error occurred. - */ -virHashTablePtr -virNWFilterCreateVarHashmap(const char *macaddr, - const virNWFilterVarValue *ipaddr) -{ - virHashTablePtr table = virNWFilterHashTableCreate(0); - if (!table) - return NULL; - - if (virNWFilterVarHashmapAddStdValues(table, macaddr, ipaddr) < 0) { - virHashFree(table); - return NULL; - } - return table; -} - - /** * Convert a virHashTable into a string of comma-separated * variable names. @@ -577,12 +550,9 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter, /** * virNWFilterDoInstantiate: - * @vmuuid: The UUID of the VM * @techdriver: The driver to use for instantiation + * @binding: description of port to bind the filter to * @filter: The filter to instantiate - * @ifname: The name of the interface to apply the rules to - * @vars: A map holding variable names and values used for instantiating - * the filter and its subfilters. * @forceWithPendingReq: Ignore the check whether a pending learn request * is active; 'true' only when the rules are applied late * @@ -596,17 +566,13 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter, * Call this function while holding the NWFilter filter update lock */ static int -virNWFilterDoInstantiate(const unsigned char *vmuuid, - virNWFilterTechDriverPtr techdriver, +virNWFilterDoInstantiate(virNWFilterTechDriverPtr techdriver, + virNWFilterBindingDefPtr binding, virNWFilterDefPtr filter, - const char *ifname, int ifindex, - const char *linkdev, - virHashTablePtr vars, enum instCase useNewFilter, bool *foundNewFilter, bool teardownOld, - const virMacAddr *macaddr, virNWFilterDriverStatePtr driver, bool forceWithPendingReq) { @@ -628,14 +594,14 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid, } rc = virNWFilterDetermineMissingVarsRec(filter, - vars, + binding->filterparams, missing_vars, useNewFilter, driver); if (rc < 0) goto err_exit; - lv = virHashLookup(vars, NWFILTER_VARNAME_CTRL_IP_LEARNING); + lv = virHashLookup(binding->filterparams, NWFILTER_VARNAME_CTRL_IP_LEARNING); if (lv) learning = virNWFilterVarValueGetNthValue(lv, 0); else @@ -652,19 +618,20 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid, goto err_unresolvable_vars; } if (STRCASEEQ(learning, "dhcp")) { - rc = virNWFilterDHCPSnoopReq(techdriver, ifname, linkdev, - vmuuid, macaddr, - filter->name, vars, driver); + rc = virNWFilterDHCPSnoopReq(techdriver, binding->portdevname, + binding->linkdevname, + binding->owneruuid, &binding->mac, + filter->name, binding->filterparams, driver); goto err_exit; } else if (STRCASEEQ(learning, "any")) { if (!virNWFilterHasLearnReq(ifindex)) { rc = virNWFilterLearnIPAddress(techdriver, - ifname, + binding->portdevname, ifindex, - linkdev, - macaddr, + binding->linkdevname, + &binding->mac, filter->name, - vars, driver, + binding->filterparams, driver, DETECT_DHCP|DETECT_STATIC); } goto err_exit; @@ -688,7 +655,7 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid, rc = virNWFilterDefToInst(driver, filter, - vars, + binding->filterparams, useNewFilter, foundNewFilter, &inst); @@ -705,22 +672,22 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid, } if (instantiate) { - if (virNWFilterLockIface(ifname) < 0) + if (virNWFilterLockIface(binding->portdevname) < 0) goto err_exit; - rc = techdriver->applyNewRules(ifname, inst.rules, inst.nrules); + rc = techdriver->applyNewRules(binding->portdevname, inst.rules, inst.nrules); if (teardownOld && rc == 0) - techdriver->tearOldRules(ifname); + techdriver->tearOldRules(binding->portdevname); - if (rc == 0 && (virNetDevValidateConfig(ifname, NULL, ifindex) <= 0)) { + if (rc == 0 && (virNetDevValidateConfig(binding->portdevname, NULL, ifindex) <= 0)) { virResetLastError(); /* interface changed/disppeared */ - techdriver->allTeardown(ifname); + techdriver->allTeardown(binding->portdevname); rc = -1; } - virNWFilterUnlockIface(ifname); + virNWFilterUnlockIface(binding->portdevname); } err_exit: @@ -749,14 +716,9 @@ virNWFilterDoInstantiate(const unsigned char *vmuuid, */ static int virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, bool teardownOld, - const char *ifname, + virNWFilterBindingDefPtr binding, int ifindex, - const char *linkdev, - const virMacAddr *macaddr, - const char *filtername, - virHashTablePtr filterparams, enum instCase useNewFilter, bool forceWithPendingReq, bool *foundNewFilter) @@ -765,7 +727,6 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, const char *drvname = EBIPTABLES_DRIVER_ID; virNWFilterTechDriverPtr techdriver; virNWFilterObjPtr obj; - virHashTablePtr vars, vars1; virNWFilterDefPtr filter; virNWFilterDefPtr newFilter; char vmmacaddr[VIR_MAC_STRING_BUFLEN] = {0}; @@ -781,29 +742,22 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, return -1; } - VIR_DEBUG("filter name: %s", filtername); + VIR_DEBUG("filter name: %s", binding->filter); if (!(obj = virNWFilterObjListFindInstantiateFilter(driver->nwfilters, - filtername))) + binding->filter))) return -1; - virMacAddrFormat(macaddr, vmmacaddr); + virMacAddrFormat(&binding->mac, vmmacaddr); - ipaddr = virNWFilterIPAddrMapGetIPAddr(ifname); + ipaddr = virNWFilterIPAddrMapGetIPAddr(binding->portdevname); - vars1 = virNWFilterCreateVarHashmap(vmmacaddr, ipaddr); - if (!vars1) { + if (virNWFilterVarHashmapAddStdValues(binding->filterparams, + vmmacaddr, ipaddr) < 0) { rc = -1; goto err_exit; } - vars = virNWFilterCreateVarsFrom(vars1, - filterparams); - if (!vars) { - rc = -1; - goto err_exit_vars1; - } - filter = virNWFilterObjGetDef(obj); switch (useNewFilter) { @@ -819,17 +773,11 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, break; } - rc = virNWFilterDoInstantiate(vmuuid, techdriver, filter, - ifname, ifindex, linkdev, - vars, useNewFilter, foundNewFilter, - teardownOld, macaddr, driver, + rc = virNWFilterDoInstantiate(techdriver, binding, filter, + ifindex, useNewFilter, foundNewFilter, + teardownOld, driver, forceWithPendingReq); - virHashFree(vars); - - err_exit_vars1: - virHashFree(vars1); - err_exit: virNWFilterObjUnlock(obj); @@ -839,15 +787,11 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, static int virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, - const virDomainNetDef *net, + virNWFilterBindingDefPtr binding, bool teardownOld, enum instCase useNewFilter, bool *foundNewFilter) { - const char *linkdev = (net->type == VIR_DOMAIN_NET_TYPE_DIRECT) - ? net->data.direct.linkdev - : NULL; int ifindex; int rc; @@ -856,8 +800,8 @@ virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver, /* after grabbing the filter update lock check for the interface; if it's not there anymore its filters will be or are being removed (while holding the lock) and we don't want to build new ones */ - if (virNetDevExists(net->ifname) != 1 || - virNetDevGetIndex(net->ifname, &ifindex) < 0) { + if (virNetDevExists(binding->portdevname) != 1 || + virNetDevGetIndex(binding->portdevname, &ifindex) < 0) { /* interfaces / VMs can disappear during filter instantiation; don't mark it as an error */ virResetLastError(); @@ -865,10 +809,10 @@ virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver, goto cleanup; } - rc = virNWFilterInstantiateFilterUpdate(driver, vmuuid, teardownOld, - net->ifname, ifindex, linkdev, - &net->mac, net->filter, - net->filterparams, useNewFilter, + rc = virNWFilterInstantiateFilterUpdate(driver, teardownOld, + binding, + ifindex, + useNewFilter, false, foundNewFilter); cleanup: @@ -880,13 +824,8 @@ virNWFilterInstantiateFilterInternal(virNWFilterDriverStatePtr driver, int virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, - const char *ifname, - int ifindex, - const char *linkdev, - const virMacAddr *macaddr, - const char *filtername, - virHashTablePtr filterparams) + virNWFilterBindingDefPtr binding, + int ifindex) { int rc; bool foundNewFilter = false; @@ -894,18 +833,17 @@ virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, virNWFilterReadLockFilterUpdates(); virMutexLock(&updateMutex); - rc = virNWFilterInstantiateFilterUpdate(driver, vmuuid, true, - ifname, ifindex, linkdev, - macaddr, filtername, filterparams, + rc = virNWFilterInstantiateFilterUpdate(driver, true, + binding, ifindex, INSTANTIATE_ALWAYS, true, &foundNewFilter); if (rc < 0) { /* something went wrong... 'DOWN' the interface */ - if ((virNetDevValidateConfig(ifname, NULL, ifindex) <= 0) || - (virNetDevSetOnline(ifname, false) < 0)) { + if ((virNetDevValidateConfig(binding->portdevname, NULL, ifindex) <= 0) || + (virNetDevSetOnline(binding->portdevname, false) < 0)) { virResetLastError(); /* assuming interface disappeared... */ - _virNWFilterTeardownFilter(ifname); + _virNWFilterTeardownFilter(binding->portdevname); } } @@ -918,12 +856,11 @@ virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, int virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, - const virDomainNetDef *net) + virNWFilterBindingDefPtr binding) { bool foundNewFilter = false; - return virNWFilterInstantiateFilterInternal(driver, vmuuid, net, + return virNWFilterInstantiateFilterInternal(driver, binding, 1, INSTANTIATE_ALWAYS, &foundNewFilter); @@ -932,13 +869,12 @@ virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver, int virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, - const virDomainNetDef *net, + virNWFilterBindingDefPtr binding, bool *skipIface) { bool foundNewFilter = false; - int rc = virNWFilterInstantiateFilterInternal(driver, vmuuid, net, + int rc = virNWFilterInstantiateFilterInternal(driver, binding, 0, INSTANTIATE_FOLLOW_NEWFILTER, &foundNewFilter); @@ -948,7 +884,7 @@ virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver, } static int -virNWFilterRollbackUpdateFilter(const virDomainNetDef *net) +virNWFilterRollbackUpdateFilter(virNWFilterBindingDefPtr binding) { const char *drvname = EBIPTABLES_DRIVER_ID; int ifindex; @@ -964,17 +900,17 @@ virNWFilterRollbackUpdateFilter(const virDomainNetDef *net) } /* don't tear anything while the address is being learned */ - if (virNetDevGetIndex(net->ifname, &ifindex) < 0) + if (virNetDevGetIndex(binding->portdevname, &ifindex) < 0) virResetLastError(); else if (virNWFilterHasLearnReq(ifindex)) return 0; - return techdriver->tearNewRules(net->ifname); + return techdriver->tearNewRules(binding->portdevname); } static int -virNWFilterTearOldFilter(virDomainNetDefPtr net) +virNWFilterTearOldFilter(virNWFilterBindingDefPtr binding) { const char *drvname = EBIPTABLES_DRIVER_ID; int ifindex; @@ -990,12 +926,12 @@ virNWFilterTearOldFilter(virDomainNetDefPtr net) } /* don't tear anything while the address is being learned */ - if (virNetDevGetIndex(net->ifname, &ifindex) < 0) + if (virNetDevGetIndex(binding->portdevname, &ifindex) < 0) virResetLastError(); else if (virNWFilterHasLearnReq(ifindex)) return 0; - return techdriver->tearOldRules(net->ifname); + return techdriver->tearOldRules(binding->portdevname); } @@ -1032,11 +968,11 @@ _virNWFilterTeardownFilter(const char *ifname) int -virNWFilterTeardownFilter(const virDomainNetDef *net) +virNWFilterTeardownFilter(virNWFilterBindingDefPtr binding) { int ret; virMutexLock(&updateMutex); - ret = _virNWFilterTeardownFilter(net->ifname); + ret = _virNWFilterTeardownFilter(binding->portdevname); virMutexUnlock(&updateMutex); return ret; } @@ -1057,12 +993,16 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj, if (virDomainObjIsActive(obj)) { for (i = 0; i < vm->nnets; i++) { virDomainNetDefPtr net = vm->nets[i]; - if ((net->filter) && (net->ifname)) { + virNWFilterBindingDefPtr binding; + + if ((net->filter) && (net->ifname) && + (binding = virNWFilterBindingDefForNet( + vm->name, vm->uuid, net))) { + switch (cb->step) { case STEP_APPLY_NEW: ret = virNWFilterUpdateInstantiateFilter(cb->opaque, - vm->uuid, - net, + binding, &skipIface); if (ret == 0 && skipIface) { /* filter tree unchanged -- no update needed */ @@ -1074,24 +1014,24 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj, case STEP_TEAR_NEW: if (!virHashLookup(cb->skipInterfaces, net->ifname)) - ret = virNWFilterRollbackUpdateFilter(net); + ret = virNWFilterRollbackUpdateFilter(binding); break; case STEP_TEAR_OLD: if (!virHashLookup(cb->skipInterfaces, net->ifname)) - ret = virNWFilterTearOldFilter(net); + ret = virNWFilterTearOldFilter(binding); break; case STEP_APPLY_CURRENT: ret = virNWFilterInstantiateFilter(cb->opaque, - vm->uuid, - net); + binding); if (ret) virReportError(VIR_ERR_INTERNAL_ERROR, _("Failure while applying current filter on " "VM %s"), vm->name); break; } + virNWFilterBindingDefFree(binding); if (ret) break; } @@ -1101,3 +1041,45 @@ virNWFilterDomainFWUpdateCB(virDomainObjPtr obj, virObjectUnlock(obj); return ret; } + + +virNWFilterBindingDefPtr +virNWFilterBindingDefForNet(const char *vmname, + const unsigned char *vmuuid, + virDomainNetDefPtr net) +{ + virNWFilterBindingDefPtr ret; + + if (VIR_ALLOC(ret) < 0) + return NULL; + + if (VIR_STRDUP(ret->ownername, vmname) < 0) + goto error; + + memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid)); + + if (VIR_STRDUP(ret->portdevname, net->ifname) < 0) + goto error; + + if (net->type == VIR_DOMAIN_NET_TYPE_DIRECT && + VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0) + goto error; + + ret->mac = net->mac; + + if (VIR_STRDUP(ret->filter, net->filter) < 0) + goto error; + + if (!(ret->filterparams = virNWFilterHashTableCreate(0))) + goto error; + + if (net->filterparams && + virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) < 0) + goto error; + + return ret; + + error: + virNWFilterBindingDefFree(ret); + return NULL; +} diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h index 9e43a159c3..6b51096a0d 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -25,6 +25,7 @@ # define __NWFILTER_GENTECH_DRIVER_H # include "virnwfilterobj.h" +# include "virnwfilterbindingdef.h" # include "nwfilter_tech_driver.h" virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name); @@ -39,23 +40,16 @@ enum instCase { int virNWFilterInstantiateFilter(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, - const virDomainNetDef *net); + virNWFilterBindingDefPtr binding); int virNWFilterUpdateInstantiateFilter(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, - const virDomainNetDef *net, + virNWFilterBindingDefPtr binding, bool *skipIface); int virNWFilterInstantiateFilterLate(virNWFilterDriverStatePtr driver, - const unsigned char *vmuuid, - const char *ifname, - int ifindex, - const char *linkdev, - const virMacAddr *macaddr, - const char *filtername, - virHashTablePtr filterparams); + virNWFilterBindingDefPtr binding, + int ifindex); -int virNWFilterTeardownFilter(const virDomainNetDef *net); +int virNWFilterTeardownFilter(virNWFilterBindingDefPtr binding); virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr, const virNWFilterVarValue *value); @@ -63,4 +57,8 @@ virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr, int virNWFilterDomainFWUpdateCB(virDomainObjPtr vm, void *data); +virNWFilterBindingDefPtr virNWFilterBindingDefForNet(const char *vmname, + const unsigned char *vmuuid, + virDomainNetDefPtr net); + #endif diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c index ce58f66f6d..d76d13d8d4 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -672,19 +672,23 @@ learnIPAddressThread(void *arg) virNWFilterUnlockIface(req->ifname); if ((inetaddr = virSocketAddrFormat(&sa)) != NULL) { + virNWFilterBindingDef binding = { + .portdevname = req->ifname, + .linkdevname = req->linkdev, + .mac = req->macaddr, + .filter = req->filtername, + .filterparams = req->filterparams, + .ownername = NULL, + .owneruuid = {0}, + }; if (virNWFilterIPAddrMapAddIPAddr(req->ifname, inetaddr) < 0) { VIR_ERROR(_("Failed to add IP address %s to IP address " "cache for interface %s"), inetaddr, req->ifname); } ret = virNWFilterInstantiateFilterLate(req->driver, - NULL, - req->ifname, - req->ifindex, - req->linkdev, - &req->macaddr, - req->filtername, - req->filterparams); + &binding, + req->ifindex); VIR_DEBUG("Result from applying firewall rules on " "%s with IP addr %s : %d", req->ifname, inetaddr, ret); VIR_FREE(inetaddr); -- 2.17.0

Use the virNWFilterBindingDefPTr struct in the IP address learning code directly. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/nwfilter/nwfilter_gentech_driver.c | 7 +- src/nwfilter/nwfilter_learnipaddr.c | 106 +++++++------------------ src/nwfilter/nwfilter_learnipaddr.h | 7 +- 3 files changed, 32 insertions(+), 88 deletions(-) diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index 23e9998f53..ce45587a44 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -626,12 +626,9 @@ virNWFilterDoInstantiate(virNWFilterTechDriverPtr techdriver, } else if (STRCASEEQ(learning, "any")) { if (!virNWFilterHasLearnReq(ifindex)) { rc = virNWFilterLearnIPAddress(techdriver, - binding->portdevname, + binding, ifindex, - binding->linkdevname, - &binding->mac, - filter->name, - binding->filterparams, driver, + driver, DETECT_DHCP|DETECT_STATIC); } goto err_exit; diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c index d76d13d8d4..55ed0bfc09 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -138,12 +138,8 @@ typedef struct _virNWFilterIPAddrLearnReq virNWFilterIPAddrLearnReq; typedef virNWFilterIPAddrLearnReq *virNWFilterIPAddrLearnReqPtr; struct _virNWFilterIPAddrLearnReq { virNWFilterTechDriverPtr techdriver; - char ifname[IF_NAMESIZE]; int ifindex; - char linkdev[IF_NAMESIZE]; - virMacAddr macaddr; - char *filtername; - virHashTablePtr filterparams; + virNWFilterBindingDefPtr binding; virNWFilterDriverStatePtr driver; int howDetect; /* bitmask of enum howDetect */ @@ -233,8 +229,7 @@ virNWFilterIPAddrLearnReqFree(virNWFilterIPAddrLearnReqPtr req) if (!req) return; - VIR_FREE(req->filtername); - virHashFree(req->filterparams); + virNWFilterBindingDefFree(req->binding); VIR_FREE(req); } @@ -405,8 +400,9 @@ learnIPAddressThread(void *arg) virNWFilterIPAddrLearnReqPtr req = arg; uint32_t vmaddr = 0, bcastaddr = 0; unsigned int ethHdrSize; - char *listen_if = (strlen(req->linkdev) != 0) ? req->linkdev - : req->ifname; + char *listen_if = (req->binding->linkdevname ? + req->binding->linkdevname : + req->binding->portdevname); int dhcp_opts_len; char macaddr[VIR_MAC_STRING_BUFLEN]; virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -417,13 +413,13 @@ learnIPAddressThread(void *arg) virNWFilterTechDriverPtr techdriver = req->techdriver; struct pollfd fds[1]; - if (virNWFilterLockIface(req->ifname) < 0) + if (virNWFilterLockIface(req->binding->portdevname) < 0) goto err_no_lock; req->status = 0; /* anything change to the VM's interface -- check at least once */ - if (virNetDevValidateConfig(req->ifname, NULL, req->ifindex) <= 0) { + if (virNetDevValidateConfig(req->binding->portdevname, NULL, req->ifindex) <= 0) { virResetLastError(); req->status = ENODEV; goto done; @@ -440,11 +436,11 @@ learnIPAddressThread(void *arg) fds[0].fd = pcap_fileno(handle); fds[0].events = POLLIN | POLLERR; - virMacAddrFormat(&req->macaddr, macaddr); + virMacAddrFormat(&req->binding->mac, macaddr); if (req->howDetect == DETECT_DHCP) { - if (techdriver->applyDHCPOnlyRules(req->ifname, - &req->macaddr, + if (techdriver->applyDHCPOnlyRules(req->binding->portdevname, + &req->binding->mac, NULL, false) < 0) { VIR_DEBUG("Unable to apply DHCP only rules"); req->status = EINVAL; @@ -452,8 +448,8 @@ learnIPAddressThread(void *arg) } virBufferAddLit(&buf, "src port 67 and dst port 68"); } else { - if (techdriver->applyBasicRules(req->ifname, - &req->macaddr) < 0) { + if (techdriver->applyBasicRules(req->binding->portdevname, + &req->binding->mac) < 0) { VIR_DEBUG("Unable to apply basic rules"); req->status = EINVAL; goto done; @@ -524,7 +520,7 @@ learnIPAddressThread(void *arg) } /* Again, already handled above, but lets be sure */ - if (virNetDevValidateConfig(req->ifname, NULL, req->ifindex) <= 0) { + if (virNetDevValidateConfig(req->binding->portdevname, NULL, req->ifindex) <= 0) { virResetLastError(); req->status = ENODEV; showError = false; @@ -556,7 +552,7 @@ learnIPAddressThread(void *arg) continue; } - if (virMacAddrCmpRaw(&req->macaddr, ether_hdr->ether_shost) == 0) { + if (virMacAddrCmpRaw(&req->binding->mac, ether_hdr->ether_shost) == 0) { /* packets from the VM */ if (etherType == ETHERTYPE_IP && @@ -595,7 +591,7 @@ learnIPAddressThread(void *arg) break; } } - } else if (virMacAddrCmpRaw(&req->macaddr, + } else if (virMacAddrCmpRaw(&req->binding->mac, ether_hdr->ether_dhost) == 0 || /* allow Broadcast replies from DHCP server */ virMacAddrIsBroadcastRaw(ether_hdr->ether_dhost)) { @@ -625,7 +621,7 @@ learnIPAddressThread(void *arg) ((char *)udphdr + sizeof(udphdr)); if (dhcp->op == 2 /* BOOTREPLY */ && virMacAddrCmpRaw( - &req->macaddr, + &req->binding->mac, &dhcp->chaddr[0]) == 0) { dhcp_opts_len = header.len - (ethHdrSize + iphdr->ihl * 4 + @@ -669,28 +665,19 @@ learnIPAddressThread(void *arg) * Also it is safe to unlock interface here because we stopped * capturing and applied necessary rules on the interface, while * instantiating a new filter doesn't require a locked interface.*/ - virNWFilterUnlockIface(req->ifname); + virNWFilterUnlockIface(req->binding->portdevname); if ((inetaddr = virSocketAddrFormat(&sa)) != NULL) { - virNWFilterBindingDef binding = { - .portdevname = req->ifname, - .linkdevname = req->linkdev, - .mac = req->macaddr, - .filter = req->filtername, - .filterparams = req->filterparams, - .ownername = NULL, - .owneruuid = {0}, - }; - if (virNWFilterIPAddrMapAddIPAddr(req->ifname, inetaddr) < 0) { + if (virNWFilterIPAddrMapAddIPAddr(req->binding->portdevname, inetaddr) < 0) { VIR_ERROR(_("Failed to add IP address %s to IP address " - "cache for interface %s"), inetaddr, req->ifname); + "cache for interface %s"), inetaddr, req->binding->portdevname); } ret = virNWFilterInstantiateFilterLate(req->driver, - &binding, + req->binding, req->ifindex); VIR_DEBUG("Result from applying firewall rules on " - "%s with IP addr %s : %d", req->ifname, inetaddr, ret); + "%s with IP addr %s : %d", req->binding->portdevname, inetaddr, ret); VIR_FREE(inetaddr); } } else { @@ -698,13 +685,13 @@ learnIPAddressThread(void *arg) virReportSystemError(req->status, _("encountered an error on interface %s " "index %d"), - req->ifname, req->ifindex); + req->binding->portdevname, req->ifindex); - techdriver->applyDropAllRules(req->ifname); - virNWFilterUnlockIface(req->ifname); + techdriver->applyDropAllRules(req->binding->portdevname); + virNWFilterUnlockIface(req->binding->portdevname); } - VIR_DEBUG("pcap thread terminating for interface %s", req->ifname); + VIR_DEBUG("pcap thread terminating for interface %s", req->binding->portdevname); err_no_lock: @@ -737,19 +724,14 @@ learnIPAddressThread(void *arg) */ int virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver, - const char *ifname, + virNWFilterBindingDefPtr binding, int ifindex, - const char *linkdev, - const virMacAddr *macaddr, - const char *filtername, - virHashTablePtr filterparams, virNWFilterDriverStatePtr driver, int howDetect) { int rc; virThread thread; virNWFilterIPAddrLearnReqPtr req = NULL; - virHashTablePtr ht = NULL; if (howDetect == 0) return -1; @@ -765,37 +747,11 @@ virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver, if (VIR_ALLOC(req) < 0) goto err_no_req; - ht = virNWFilterHashTableCreate(0); - if (ht == NULL) + if (!(req->binding = virNWFilterBindingDefCopy(binding))) goto err_free_req; - if (virNWFilterHashTablePutAll(filterparams, ht) < 0) - goto err_free_ht; - - if (VIR_STRDUP(req->filtername, filtername) < 0) - goto err_free_ht; - - if (virStrcpyStatic(req->ifname, ifname) == NULL) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Destination buffer for ifname ('%s') " - "not large enough"), ifname); - goto err_free_ht; - } - - if (linkdev) { - if (virStrcpyStatic(req->linkdev, linkdev) == NULL) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Destination buffer for linkdev ('%s') " - "not large enough"), linkdev); - goto err_free_ht; - } - } - req->ifindex = ifindex; - virMacAddrSet(&req->macaddr, macaddr); req->driver = driver; - req->filterparams = ht; - ht = NULL; req->howDetect = howDetect; req->techdriver = techdriver; @@ -814,8 +770,6 @@ virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver, err_dereg_req: virNWFilterDeregisterLearnReq(ifindex); - err_free_ht: - virHashFree(ht); err_free_req: virNWFilterIPAddrLearnReqFree(req); err_no_req: @@ -826,12 +780,8 @@ virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver, int virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver ATTRIBUTE_UNUSED, - const char *ifname ATTRIBUTE_UNUSED, + virNWFilterBindingDefPtr binding ATTRIBUTE_UNUSED, int ifindex ATTRIBUTE_UNUSED, - const char *linkdev ATTRIBUTE_UNUSED, - const virMacAddr *macaddr ATTRIBUTE_UNUSED, - const char *filtername ATTRIBUTE_UNUSED, - virHashTablePtr filterparams ATTRIBUTE_UNUSED, virNWFilterDriverStatePtr driver ATTRIBUTE_UNUSED, int howDetect ATTRIBUTE_UNUSED) { diff --git a/src/nwfilter/nwfilter_learnipaddr.h b/src/nwfilter/nwfilter_learnipaddr.h index 753aabc594..7f17244100 100644 --- a/src/nwfilter/nwfilter_learnipaddr.h +++ b/src/nwfilter/nwfilter_learnipaddr.h @@ -28,6 +28,7 @@ # include "conf/nwfilter_params.h" # include "nwfilter_tech_driver.h" +# include "virnwfilterbindingdef.h" # include <net/if.h> enum howDetect { @@ -36,12 +37,8 @@ enum howDetect { }; int virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver, - const char *ifname, + virNWFilterBindingDefPtr binding, int ifindex, - const char *linkdev, - const virMacAddr *macaddr, - const char *filtername, - virHashTablePtr filterparams, virNWFilterDriverStatePtr driver, int howDetect); -- 2.17.0

If a <interface> includes a filter name but the nwfilter driver is not present we silently do nothing. This is very bad, because an application that thinks it is protected by malicious guest traffic will in fact be vulnerable. Reporting an error gives the administrator the ability to know there is a problem and fix it. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/domain_nwfilter.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c index e360aceeba..7570e0ae83 100644 --- a/src/conf/domain_nwfilter.c +++ b/src/conf/domain_nwfilter.c @@ -28,6 +28,9 @@ #include "datatypes.h" #include "domain_conf.h" #include "domain_nwfilter.h" +#include "virerror.h" + +#define VIR_FROM_THIS VIR_FROM_NWFILTER static virDomainConfNWFilterDriverPtr nwfilterDriver; @@ -44,8 +47,10 @@ virDomainConfNWFilterInstantiate(const char *vmname, { if (nwfilterDriver != NULL) return nwfilterDriver->instantiateFilter(vmname, vmuuid, net); - /* driver module not available -- don't indicate failure */ - return 0; + + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("No network filter driver available")); + return -1; } void -- 2.17.0

Introduce a new struct to act as the stateful owner of the virNWFilterBindingDefPtr objects. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/Makefile.inc.am | 2 + src/conf/virnwfilterbindingobj.c | 299 +++++++++++++++++++++++++++++++ src/conf/virnwfilterbindingobj.h | 69 +++++++ src/libvirt_private.syms | 14 ++ 4 files changed, 384 insertions(+) create mode 100644 src/conf/virnwfilterbindingobj.c create mode 100644 src/conf/virnwfilterbindingobj.h diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am index f5fb323233..3d55ba688d 100644 --- a/src/conf/Makefile.inc.am +++ b/src/conf/Makefile.inc.am @@ -87,6 +87,8 @@ NWFILTER_CONF_SOURCES = \ conf/virnwfilterobj.h \ conf/virnwfilterbindingdef.c \ conf/virnwfilterbindingdef.h \ + conf/virnwfilterbindingobj.c \ + conf/virnwfilterbindingobj.h \ $(NULL) STORAGE_CONF_SOURCES = \ diff --git a/src/conf/virnwfilterbindingobj.c b/src/conf/virnwfilterbindingobj.c new file mode 100644 index 0000000000..b6c05daf09 --- /dev/null +++ b/src/conf/virnwfilterbindingobj.c @@ -0,0 +1,299 @@ +/* + * virnwfilterbindingobj.c: network filter binding object processing + * + * Copyright (C) 2018 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include "viralloc.h" +#include "virerror.h" +#include "virstring.h" +#include "nwfilter_params.h" +#include "virnwfilterbindingobj.h" +#include "viruuid.h" +#include "virfile.h" + + +#define VIR_FROM_THIS VIR_FROM_NWFILTER + +struct _virNWFilterBindingObj { + virObjectLockable parent; + + bool removing; + virNWFilterBindingDefPtr def; +}; + + +static virClassPtr virNWFilterBindingObjClass; +static void virNWFilterBindingObjDispose(void *obj); + +static int +virNWFilterBindingObjOnceInit(void) +{ + if (!VIR_CLASS_NEW(virNWFilterBindingObj, virClassForObjectLockable())) + return -1; + + return 0; +} + +VIR_ONCE_GLOBAL_INIT(virNWFilterBindingObj) + +virNWFilterBindingObjPtr +virNWFilterBindingObjNew(void) +{ + if (virNWFilterBindingObjInitialize() < 0) + return NULL; + + return virObjectNew(virNWFilterBindingObjClass); +} + + +static void +virNWFilterBindingObjDispose(void *obj) +{ + virNWFilterBindingObjPtr bobj = obj; + + virNWFilterBindingDefFree(bobj->def); +} + + +virNWFilterBindingDefPtr +virNWFilterBindingObjGetDef(virNWFilterBindingObjPtr obj) +{ + return obj->def; +} + + +void +virNWFilterBindingObjSetDef(virNWFilterBindingObjPtr obj, + virNWFilterBindingDefPtr def) +{ + virNWFilterBindingDefFree(obj->def); + obj->def = def; +} + + +bool +virNWFilterBindingObjGetRemoving(virNWFilterBindingObjPtr obj) +{ + return obj->removing; +} + + +void +virNWFilterBindingObjSetRemoving(virNWFilterBindingObjPtr obj, + bool removing) +{ + obj->removing = removing; +} + + +/** + * virNWFilterBindingObjEndAPI: + * @obj: binding object + * + * Finish working with a binding object in an API. This function + * clears whatever was left of a domain that was gathered using + * virNWFilterBindingObjListFindByPortDev(). Currently that means + * only unlocking and decrementing the reference counter of that + * object. And in order to make sure the caller does not access + * the object, the pointer is cleared. + */ +void +virNWFilterBindingObjEndAPI(virNWFilterBindingObjPtr *obj) +{ + if (!*obj) + return; + + virObjectUnlock(*obj); + virObjectUnref(*obj); + *obj = NULL; +} + + +char * +virNWFilterBindingObjConfigFile(const char *dir, + const char *name) +{ + char *ret; + + ignore_value(virAsprintf(&ret, "%s/%s.xml", dir, name)); + return ret; +} + + +int +virNWFilterBindingObjSave(const virNWFilterBindingObj *obj, + const char *statusDir) +{ + char *filename; + char *xml = NULL; + int ret = -1; + + if (!(filename = virNWFilterBindingObjConfigFile(statusDir, + obj->def->portdevname))) + return -1; + + if (!(xml = virNWFilterBindingObjFormat(obj))) + goto cleanup; + + if (virFileMakePath(statusDir) < 0) { + virReportSystemError(errno, + _("cannot create config directory '%s'"), + statusDir); + goto cleanup; + } + + ret = virXMLSaveFile(filename, + obj->def->portdevname, "nwfilter-binding-create", + xml); + + cleanup: + VIR_FREE(xml); + VIR_FREE(filename); + return ret; +} + + +int +virNWFilterBindingObjDelete(const virNWFilterBindingObj *obj, + const char *statusDir) +{ + char *filename; + int ret = -1; + + if (!(filename = virNWFilterBindingObjConfigFile(statusDir, + obj->def->portdevname))) + return -1; + + if (unlink(filename) < 0 && + errno != ENOENT) { + virReportSystemError(errno, + _("Unable to remove status '%s' for nwfilter binding %s'"), + filename, obj->def->portdevname); + goto cleanup; + } + + ret = 0; + + cleanup: + VIR_FREE(filename); + return ret; +} + + +static virNWFilterBindingObjPtr +virNWFilterBindingObjParseXML(xmlDocPtr doc, + xmlXPathContextPtr ctxt) +{ + virNWFilterBindingObjPtr ret; + xmlNodePtr node; + + if (!(ret = virNWFilterBindingObjNew())) + return NULL; + + if (!(node = virXPathNode("./filterbinding", ctxt))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("filter binding status missing content")); + goto cleanup; + } + + if (!(ret->def = virNWFilterBindingDefParseNode(doc, node))) + goto cleanup; + + return ret; + + cleanup: + virObjectUnref(ret); + return NULL; +} + + +static virNWFilterBindingObjPtr +virNWFilterBindingObjParseNode(xmlDocPtr doc, + xmlNodePtr root) +{ + xmlXPathContextPtr ctxt = NULL; + virNWFilterBindingObjPtr obj = NULL; + + if (STRNEQ((const char *)root->name, "filterbinding")) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("unknown root element for filter binding")); + goto cleanup; + } + + ctxt = xmlXPathNewContext(doc); + if (ctxt == NULL) { + virReportOOMError(); + goto cleanup; + } + + ctxt->node = root; + obj = virNWFilterBindingObjParseXML(doc, ctxt); + + cleanup: + xmlXPathFreeContext(ctxt); + return obj; +} + + +static virNWFilterBindingObjPtr +virNWFilterBindingObjParse(const char *xmlStr, + const char *filename) +{ + virNWFilterBindingObjPtr obj = NULL; + xmlDocPtr xml; + + if ((xml = virXMLParse(filename, xmlStr, _("(nwfilterbinding_status)")))) { + obj = virNWFilterBindingObjParseNode(xml, xmlDocGetRootElement(xml)); + xmlFreeDoc(xml); + } + + return obj; +} + + +virNWFilterBindingObjPtr +virNWFilterBindingObjParseFile(const char *filename) +{ + return virNWFilterBindingObjParse(NULL, filename); +} + + +char * +virNWFilterBindingObjFormat(const virNWFilterBindingObj *obj) +{ + virBuffer buf = VIR_BUFFER_INITIALIZER; + + virBufferAddLit(&buf, "<filterbindingstatus>\n"); + + virBufferAdjustIndent(&buf, 2); + + if (virNWFilterBindingDefFormatBuf(&buf, obj->def) < 0) { + virBufferFreeAndReset(&buf); + return NULL; + } + + virBufferAdjustIndent(&buf, -2); + virBufferAddLit(&buf, "</filterbindingstatus>\n"); + + if (virBufferCheckError(&buf) < 0) + return NULL; + + return virBufferContentAndReset(&buf); +} diff --git a/src/conf/virnwfilterbindingobj.h b/src/conf/virnwfilterbindingobj.h new file mode 100644 index 0000000000..21ae85b064 --- /dev/null +++ b/src/conf/virnwfilterbindingobj.h @@ -0,0 +1,69 @@ +/* + * virnwfilterbindingobj.h: network filter binding object processing + * + * Copyright (C) 2018 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + */ +#ifndef VIR_NWFILTER_BINDING_OBJ_H +# define VIR_NWFILTER_BINDING_OBJ_H + +# include "internal.h" +# include "virnwfilterbindingdef.h" +# include "virobject.h" + +typedef struct _virNWFilterBindingObj virNWFilterBindingObj; +typedef virNWFilterBindingObj *virNWFilterBindingObjPtr; + +virNWFilterBindingObjPtr +virNWFilterBindingObjNew(void); + +virNWFilterBindingDefPtr +virNWFilterBindingObjGetDef(virNWFilterBindingObjPtr obj); + +void +virNWFilterBindingObjSetDef(virNWFilterBindingObjPtr obj, + virNWFilterBindingDefPtr def); + +bool +virNWFilterBindingObjGetRemoving(virNWFilterBindingObjPtr obj); + +void +virNWFilterBindingObjSetRemoving(virNWFilterBindingObjPtr obj, + bool removing); + +void +virNWFilterBindingObjEndAPI(virNWFilterBindingObjPtr *obj); + +char * +virNWFilterBindingObjConfigFile(const char *dir, + const char *name); + +int +virNWFilterBindingObjSave(const virNWFilterBindingObj *obj, + const char *statusDir); + +int +virNWFilterBindingObjDelete(const virNWFilterBindingObj *obj, + const char *statusDir); + +virNWFilterBindingObjPtr +virNWFilterBindingObjParseFile(const char *filename); + +char * +virNWFilterBindingObjFormat(const virNWFilterBindingObj *obj); + +#endif /* VIR_NWFILTER_BINDING_OBJ_H */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index a323316607..4ad2116238 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1058,6 +1058,20 @@ virNWFilterBindingDefParseNode; virNWFilterBindingDefParseString; +# conf/virnwfilterbindingobj.h +virNWFilterBindingObjConfigFile; +virNWFilterBindingObjDelete; +virNWFilterBindingObjEndAPI; +virNWFilterBindingObjFormat; +virNWFilterBindingObjGetDef; +virNWFilterBindingObjGetRemoving; +virNWFilterBindingObjNew; +virNWFilterBindingObjParseFile; +virNWFilterBindingObjSave; +virNWFilterBindingObjSetDef; +virNWFilterBindingObjSetRemoving; + + # conf/virnwfilterobj.h virNWFilterObjGetDef; virNWFilterObjGetNewDef; -- 2.17.0

Introduce a new struct to act as the manager of a collection of virNWFilterBindingObjPtr objects. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/Makefile.inc.am | 2 + src/conf/virnwfilterbindingobjlist.c | 487 +++++++++++++++++++++++++++ src/conf/virnwfilterbindingobjlist.h | 69 ++++ src/libvirt_private.syms | 10 + 4 files changed, 568 insertions(+) create mode 100644 src/conf/virnwfilterbindingobjlist.c create mode 100644 src/conf/virnwfilterbindingobjlist.h diff --git a/src/conf/Makefile.inc.am b/src/conf/Makefile.inc.am index 3d55ba688d..af23810640 100644 --- a/src/conf/Makefile.inc.am +++ b/src/conf/Makefile.inc.am @@ -89,6 +89,8 @@ NWFILTER_CONF_SOURCES = \ conf/virnwfilterbindingdef.h \ conf/virnwfilterbindingobj.c \ conf/virnwfilterbindingobj.h \ + conf/virnwfilterbindingobjlist.c \ + conf/virnwfilterbindingobjlist.h \ $(NULL) STORAGE_CONF_SOURCES = \ diff --git a/src/conf/virnwfilterbindingobjlist.c b/src/conf/virnwfilterbindingobjlist.c new file mode 100644 index 0000000000..7ce59f7c6e --- /dev/null +++ b/src/conf/virnwfilterbindingobjlist.c @@ -0,0 +1,487 @@ +/* + * virnwfilterbindingobjlist.c: nwfilter binding object list utilities + * + * Copyright (C) 2018 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + * Author: Daniel P. Berrange <berrange@redhat.com> + */ + +#include <config.h> + +#include "internal.h" +#include "datatypes.h" +#include "virnwfilterbindingobjlist.h" +#include "viralloc.h" +#include "virfile.h" +#include "virlog.h" +#include "virstring.h" + +#define VIR_FROM_THIS VIR_FROM_NWFILTER + +VIR_LOG_INIT("conf.virnwfilterbindingobjlist"); + +static virClassPtr virNWFilterBindingObjListClass; +static void virNWFilterBindingObjListDispose(void *obj); + +struct _virNWFilterBindingObjList { + virObjectRWLockable parent; + + /* port dev name -> virNWFilterBindingObj mapping + * for O(1), lockless lookup-by-port dev */ + virHashTable *objs; +}; + + +static int virNWFilterBindingObjListOnceInit(void) +{ + if (!VIR_CLASS_NEW(virNWFilterBindingObjList, virClassForObjectRWLockable())) + return -1; + + return 0; +} + +VIR_ONCE_GLOBAL_INIT(virNWFilterBindingObjList) + + +virNWFilterBindingObjListPtr +virNWFilterBindingObjListNew(void) +{ + virNWFilterBindingObjListPtr bindings; + + if (virNWFilterBindingObjListInitialize() < 0) + return NULL; + + if (!(bindings = virObjectRWLockableNew(virNWFilterBindingObjListClass))) + return NULL; + + if (!(bindings->objs = virHashCreate(50, virObjectFreeHashData))) { + virObjectUnref(bindings); + return NULL; + } + + return bindings; +} + + +static void +virNWFilterBindingObjListDispose(void *obj) +{ + virNWFilterBindingObjListPtr bindings = obj; + + virHashFree(bindings->objs); +} + + +static virNWFilterBindingObjPtr +virNWFilterBindingObjListFindByPortDevLocked(virNWFilterBindingObjListPtr bindings, + const char *name) +{ + virNWFilterBindingObjPtr obj; + + obj = virHashLookup(bindings->objs, name); + virObjectRef(obj); + if (obj) { + virObjectLock(obj); + if (virNWFilterBindingObjGetRemoving(obj)) { + virObjectUnlock(obj); + virObjectUnref(obj); + obj = NULL; + } + } + return obj; +} + + +/** + * @bindings: NWFilterBinding object list + * @name: Name to search the bindings->objs table + * + * Lookup the @name in the bindings->objs hash table and return a + * locked and ref counted binding object if found. Caller is expected + * to use the virNWFilterBindingObjEndAPI when done with the object. + */ +virNWFilterBindingObjPtr +virNWFilterBindingObjListFindByPortDev(virNWFilterBindingObjListPtr bindings, + const char *name) +{ + virNWFilterBindingObjPtr obj; + + virObjectRWLockRead(bindings); + obj = virNWFilterBindingObjListFindByPortDevLocked(bindings, name); + virObjectRWUnlock(bindings); + + return obj; +} + + +/** + * @bindings: NWFilterBinding object list pointer + * @binding: NWFilterBinding object to be added + * + * Upon entry @binding should have at least 1 ref and be locked. + * + * Add the @binding into the @bindings->objs hash + * tables. Once successfully added into a table, increase the + * reference count since upon removal in virHashRemoveEntry + * the virObjectUnref will be called since the hash tables were + * configured to call virObjectFreeHashData when the object is + * removed from the hash table. + * + * Returns 0 on success with 2 references and locked + * -1 on failure with 1 reference and locked + */ +static int +virNWFilterBindingObjListAddObjLocked(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingObjPtr binding) +{ + virNWFilterBindingDefPtr def = virNWFilterBindingObjGetDef(binding); + if (virHashAddEntry(bindings->objs, def->portdevname, binding) < 0) + return -1; + virObjectRef(binding); + + return 0; +} + + +/* + * virNWFilterBindingObjListAddLocked: + * + * The returned @binding from this function will be locked and ref + * counted. The caller is expected to use virNWFilterBindingObjEndAPI + * when it completes usage. + */ +static virNWFilterBindingObjPtr +virNWFilterBindingObjListAddLocked(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingDefPtr def) +{ + virNWFilterBindingObjPtr binding; + + /* See if a binding with matching portdev already exists */ + if ((binding = virNWFilterBindingObjListFindByPortDevLocked( + bindings, def->portdevname))) { + virReportError(VIR_ERR_OPERATION_FAILED, + _("binding '%s' already exists"), + def->portdevname); + goto error; + } + + if (!(binding = virNWFilterBindingObjNew())) + goto error; + + virNWFilterBindingObjSetDef(binding, def); + + if (virNWFilterBindingObjListAddObjLocked(bindings, binding) < 0) + goto error; + + return binding; + + error: + virNWFilterBindingObjEndAPI(&binding); + return NULL; +} + + +virNWFilterBindingObjPtr +virNWFilterBindingObjListAdd(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingDefPtr def) +{ + virNWFilterBindingObjPtr ret; + + virObjectRWLockWrite(bindings); + ret = virNWFilterBindingObjListAddLocked(bindings, def); + virObjectRWUnlock(bindings); + return ret; +} + + +/* The caller must hold lock on 'bindings' in addition to 'virNWFilterBindingObjListRemove' + * requirements + * + * Can be used to remove current element while iterating with + * virNWFilterBindingObjListForEach + */ +static void +virNWFilterBindingObjListRemoveLocked(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingObjPtr binding) +{ + virNWFilterBindingDefPtr def = virNWFilterBindingObjGetDef(binding); + virHashRemoveEntry(bindings->objs, def->portdevname); +} + + +/** + * @bindings: Pointer to the binding object list + * @binding: NWFilterBinding pointer from either after Add or FindBy* API where the + * @binding was successfully added to the bindings->objs + * hash tables that now would need to be removed. + * + * The caller must hold a lock on the driver owning 'bindings', + * and must also have locked and ref counted 'binding', to ensure + * no one else is either waiting for 'binding' or still using it. + * + * When this function returns, @binding will be removed from the hash + * tables and returned with lock and refcnt that was present upon entry. + */ +void +virNWFilterBindingObjListRemove(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingObjPtr binding) +{ + virNWFilterBindingObjSetRemoving(binding, true); + virObjectRef(binding); + virObjectUnlock(binding); + virObjectRWLockWrite(bindings); + virObjectLock(binding); + virNWFilterBindingObjListRemoveLocked(bindings, binding); + virObjectUnref(binding); + virObjectRWUnlock(bindings); +} + + +static virNWFilterBindingObjPtr +virNWFilterBindingObjListLoadStatus(virNWFilterBindingObjListPtr bindings, + const char *statusDir, + const char *name) +{ + char *statusFile = NULL; + virNWFilterBindingObjPtr obj = NULL; + virNWFilterBindingDefPtr def; + + if ((statusFile = virNWFilterBindingObjConfigFile(statusDir, name)) == NULL) + goto error; + + if (!(obj = virNWFilterBindingObjParseFile(statusFile))) + goto error; + + def = virNWFilterBindingObjGetDef(obj); + if (virHashLookup(bindings->objs, def->portdevname) != NULL) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected binding %s already exists"), + def->portdevname); + goto error; + } + + if (virNWFilterBindingObjListAddObjLocked(bindings, obj) < 0) + goto error; + + VIR_FREE(statusFile); + return obj; + + error: + virNWFilterBindingObjEndAPI(&obj); + VIR_FREE(statusFile); + return NULL; +} + + +int +virNWFilterBindingObjListLoadAllConfigs(virNWFilterBindingObjListPtr bindings, + const char *configDir) +{ + DIR *dir; + struct dirent *entry; + int ret = -1; + int rc; + + VIR_INFO("Scanning for configs in %s", configDir); + + if ((rc = virDirOpenIfExists(&dir, configDir)) <= 0) + return rc; + + virObjectRWLockWrite(bindings); + + while ((ret = virDirRead(dir, &entry, configDir)) > 0) { + virNWFilterBindingObjPtr binding; + + if (!virFileStripSuffix(entry->d_name, ".xml")) + continue; + + /* NB: ignoring errors, so one malformed config doesn't + kill the whole process */ + VIR_INFO("Loading config file '%s.xml'", entry->d_name); + binding = virNWFilterBindingObjListLoadStatus(bindings, + configDir, + entry->d_name); + if (binding) + virNWFilterBindingObjEndAPI(&binding); + else + VIR_ERROR(_("Failed to load config for binding '%s'"), entry->d_name); + } + + VIR_DIR_CLOSE(dir); + virObjectRWUnlock(bindings); + return ret; +} + + +struct virNWFilterBindingListIterData { + virNWFilterBindingObjListIterator callback; + void *opaque; + int ret; +}; + + +static int +virNWFilterBindingObjListHelper(void *payload, + const void *name ATTRIBUTE_UNUSED, + void *opaque) +{ + struct virNWFilterBindingListIterData *data = opaque; + + if (data->callback(payload, data->opaque) < 0) + data->ret = -1; + return 0; +} + + +int +virNWFilterBindingObjListForEach(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingObjListIterator callback, + void *opaque) +{ + struct virNWFilterBindingListIterData data = { + callback, opaque, 0, + }; + virObjectRWLockRead(bindings); + virHashForEach(bindings->objs, virNWFilterBindingObjListHelper, &data); + virObjectRWUnlock(bindings); + return data.ret; +} + + +struct virNWFilterBindingListData { + virNWFilterBindingObjPtr *bindings; + size_t nbindings; +}; + + +static int +virNWFilterBindingObjListCollectIterator(void *payload, + const void *name ATTRIBUTE_UNUSED, + void *opaque) +{ + struct virNWFilterBindingListData *data = opaque; + + data->bindings[data->nbindings++] = virObjectRef(payload); + return 0; +} + + +static void +virNWFilterBindingObjListFilter(virNWFilterBindingObjPtr **list, + size_t *nbindings, + virConnectPtr conn, + virNWFilterBindingObjListACLFilter filter) +{ + size_t i = 0; + + while (i < *nbindings) { + virNWFilterBindingObjPtr binding = (*list)[i]; + virNWFilterBindingDefPtr def; + + virObjectLock(binding); + + def = virNWFilterBindingObjGetDef(binding); + /* do not list the object if: + * 1) it's being removed. + * 2) connection does not have ACL to see it + * 3) it doesn't match the filter + */ + if (virNWFilterBindingObjGetRemoving(binding) || + (filter && !filter(conn, def))) { + virObjectUnlock(binding); + virObjectUnref(binding); + VIR_DELETE_ELEMENT(*list, i, *nbindings); + continue; + } + + virObjectUnlock(binding); + i++; + } +} + + +static int +virNWFilterBindingObjListCollect(virNWFilterBindingObjListPtr domlist, + virConnectPtr conn, + virNWFilterBindingObjPtr **bindings, + size_t *nbindings, + virNWFilterBindingObjListACLFilter filter) +{ + struct virNWFilterBindingListData data = { NULL, 0 }; + + virObjectRWLockRead(domlist); + sa_assert(domlist->objs); + if (VIR_ALLOC_N(data.bindings, virHashSize(domlist->objs)) < 0) { + virObjectRWUnlock(domlist); + return -1; + } + + virHashForEach(domlist->objs, virNWFilterBindingObjListCollectIterator, &data); + virObjectRWUnlock(domlist); + + virNWFilterBindingObjListFilter(&data.bindings, &data.nbindings, conn, filter); + + *nbindings = data.nbindings; + *bindings = data.bindings; + + return 0; +} + + +int +virNWFilterBindingObjListExport(virNWFilterBindingObjListPtr bindings, + virConnectPtr conn, + virNWFilterBindingPtr **bindinglist, + virNWFilterBindingObjListACLFilter filter) +{ + virNWFilterBindingObjPtr *bindingobjs = NULL; + size_t nbindings = 0; + size_t i; + int ret = -1; + + if (virNWFilterBindingObjListCollect(bindings, conn, &bindingobjs, + &nbindings, filter) < 0) + return -1; + + if (bindinglist) { + if (VIR_ALLOC_N(*bindinglist, nbindings + 1) < 0) + goto cleanup; + + for (i = 0; i < nbindings; i++) { + virNWFilterBindingObjPtr binding = bindingobjs[i]; + virNWFilterBindingDefPtr def = virNWFilterBindingObjGetDef(binding); + + virObjectLock(binding); + (*bindinglist)[i] = virGetNWFilterBinding(conn, def->portdevname, + def->filter); + virObjectUnlock(binding); + + if (!(*bindinglist)[i]) + goto cleanup; + } + } + + ret = nbindings; + + cleanup: + virObjectListFreeCount(bindingobjs, nbindings); + if (ret < 0) { + virObjectListFreeCount(*bindinglist, nbindings); + *bindinglist = NULL; + } + return ret; +} diff --git a/src/conf/virnwfilterbindingobjlist.h b/src/conf/virnwfilterbindingobjlist.h new file mode 100644 index 0000000000..dfda2bea85 --- /dev/null +++ b/src/conf/virnwfilterbindingobjlist.h @@ -0,0 +1,69 @@ +/* + * virnwfilterbindingobjlist.h: nwfilter binding object list utilities + * + * Copyright (C) 2018 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * <http://www.gnu.org/licenses/>. + * + * Author: Daniel P. Berrange <berrange@redhat.com> + */ + +#ifndef __VIR_NWFILTER_BINDING_OBJ_LIST_H__ +# define __VIR_NWFILTER_BINDING_OBJ_LIST_H__ + +# include "virnwfilterbindingobj.h" + +typedef struct _virNWFilterBindingObjList virNWFilterBindingObjList; +typedef virNWFilterBindingObjList *virNWFilterBindingObjListPtr; + +virNWFilterBindingObjListPtr +virNWFilterBindingObjListNew(void); + +virNWFilterBindingObjPtr +virNWFilterBindingObjListFindByPortDev(virNWFilterBindingObjListPtr bindings, + const char *name); + +virNWFilterBindingObjPtr +virNWFilterBindingObjListAdd(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingDefPtr def); + +void +virNWFilterBindingObjListRemove(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingObjPtr binding); + +int +virNWFilterBindingObjListLoadAllConfigs(virNWFilterBindingObjListPtr bindings, + const char *configDir); + + +typedef int (*virNWFilterBindingObjListIterator)(virNWFilterBindingObjPtr binding, + void *opaque); + +int +virNWFilterBindingObjListForEach(virNWFilterBindingObjListPtr bindings, + virNWFilterBindingObjListIterator callback, + void *opaque); + +typedef bool (*virNWFilterBindingObjListACLFilter)(virConnectPtr conn, + virNWFilterBindingDefPtr def); + +int +virNWFilterBindingObjListExport(virNWFilterBindingObjListPtr bindings, + virConnectPtr conn, + virNWFilterBindingPtr **bindinglist, + virNWFilterBindingObjListACLFilter filter); + + +#endif /* __VIR_NWFILTER_BINDING_OBJ_LIST_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 4ad2116238..43c0ee75a4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1072,6 +1072,16 @@ virNWFilterBindingObjSetDef; virNWFilterBindingObjSetRemoving; +# conf/virnwfilterbindingobjlist.h +virNWFilterBindingObjListAdd; +virNWFilterBindingObjListExport; +virNWFilterBindingObjListFindByPortDev; +virNWFilterBindingObjListForEach; +virNWFilterBindingObjListLoadAllConfigs; +virNWFilterBindingObjListNew; +virNWFilterBindingObjListRemove; + + # conf/virnwfilterobj.h virNWFilterObjGetDef; virNWFilterObjGetNewDef; -- 2.17.0

Currently the nwfilter driver does not keep any record of what filter bindings it has active. This means that when it needs to recreate filters, it has to rely on triggering callbacks provided by the virt drivers. This introduces a hash table recording the virNWFilterBinding objects so the driver has a record of all active filters. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/virnwfilterobj.h | 4 ++ src/nwfilter/nwfilter_driver.c | 86 ++++++++++++++++++++++++---------- 2 files changed, 65 insertions(+), 25 deletions(-) diff --git a/src/conf/virnwfilterobj.h b/src/conf/virnwfilterobj.h index 433b0402d0..4a54dd50da 100644 --- a/src/conf/virnwfilterobj.h +++ b/src/conf/virnwfilterobj.h @@ -22,6 +22,7 @@ # include "internal.h" # include "nwfilter_conf.h" +# include "virnwfilterbindingobjlist.h" typedef struct _virNWFilterObj virNWFilterObj; typedef virNWFilterObj *virNWFilterObjPtr; @@ -37,7 +38,10 @@ struct _virNWFilterDriverState { virNWFilterObjListPtr nwfilters; + virNWFilterBindingObjListPtr bindings; + char *configDir; + char *bindingDir; }; virNWFilterDefPtr diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 7202691646..2388e925fc 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -38,7 +38,6 @@ #include "domain_conf.h" #include "domain_nwfilter.h" #include "nwfilter_driver.h" -#include "virnwfilterbindingdef.h" #include "nwfilter_gentech_driver.h" #include "configmake.h" #include "virfile.h" @@ -174,7 +173,6 @@ nwfilterStateInitialize(bool privileged, virStateInhibitCallback callback ATTRIBUTE_UNUSED, void *opaque ATTRIBUTE_UNUSED) { - char *base = NULL; DBusConnection *sysbus = NULL; if (virDBusHasSystemBus() && @@ -191,6 +189,9 @@ nwfilterStateInitialize(bool privileged, if (!(driver->nwfilters = virNWFilterObjListNew())) goto error; + if (!(driver->bindings = virNWFilterBindingObjListNew())) + goto error; + if (!privileged) return 0; @@ -230,30 +231,35 @@ nwfilterStateInitialize(bool privileged, goto error; } - if (VIR_STRDUP(base, SYSCONFDIR "/libvirt") < 0) + if (VIR_STRDUP(driver->configDir, SYSCONFDIR "/libvirt/nwfilter") < 0) goto error; - if (virAsprintf(&driver->configDir, - "%s/nwfilter", base) == -1) + if (virFileMakePathWithMode(driver->configDir, S_IRWXU) < 0) { + virReportSystemError(errno, _("cannot create config directory '%s'"), + driver->configDir); goto error; + } - VIR_FREE(base); + if (VIR_STRDUP(driver->bindingDir, LOCALSTATEDIR "/run/libvirt/nwfilter-binding") < 0) + goto error; - if (virFileMakePathWithMode(driver->configDir, S_IRWXU) < 0) { + if (virFileMakePathWithMode(driver->bindingDir, S_IRWXU) < 0) { virReportSystemError(errno, _("cannot create config directory '%s'"), - driver->configDir); + driver->bindingDir); goto error; } if (virNWFilterObjListLoadAllConfigs(driver->nwfilters, driver->configDir) < 0) goto error; + if (virNWFilterBindingObjListLoadAllConfigs(driver->bindings, driver->bindingDir) < 0) + goto error; + nwfilterDriverUnlock(); return 0; error: - VIR_FREE(base); nwfilterDriverUnlock(); nwfilterStateCleanup(); @@ -333,9 +339,12 @@ nwfilterStateCleanup(void) nwfilterDriverRemoveDBusMatches(); VIR_FREE(driver->configDir); + VIR_FREE(driver->bindingDir); nwfilterDriverUnlock(); } + virObjectUnref(driver->bindings); + /* free inactive nwfilters */ virNWFilterObjListFree(driver->nwfilters); @@ -647,13 +656,37 @@ nwfilterInstantiateFilter(const char *vmname, const unsigned char *vmuuid, virDomainNetDefPtr net) { - virNWFilterBindingDefPtr binding; + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; int ret; - if (!(binding = virNWFilterBindingDefForNet(vmname, vmuuid, net))) + obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, net->ifname); + if (obj) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Filter already present for NIC %s"), net->ifname); + virNWFilterBindingObjEndAPI(&obj); + return -1; + } + + if (!(def = virNWFilterBindingDefForNet(vmname, vmuuid, net))) return -1; - ret = virNWFilterInstantiateFilter(driver, binding); - virNWFilterBindingDefFree(binding); + + obj = virNWFilterBindingObjListAdd(driver->bindings, + def); + if (!obj) { + virNWFilterBindingDefFree(def); + return -1; + } + + ret = virNWFilterInstantiateFilter(driver, def); + + if (ret >= 0) + virNWFilterBindingObjSave(obj, driver->bindingDir); + else + virNWFilterBindingObjListRemove(driver->bindings, obj); + + virNWFilterBindingObjEndAPI(&obj); + return ret; } @@ -661,18 +694,21 @@ nwfilterInstantiateFilter(const char *vmname, static void nwfilterTeardownFilter(virDomainNetDefPtr net) { - virNWFilterBindingDef binding = { - .portdevname = net->ifname, - .linkdevname = (net->type == VIR_DOMAIN_NET_TYPE_DIRECT ? - net->data.direct.linkdev : NULL), - .mac = net->mac, - .filter = net->filter, - .filterparams = net->filterparams, - .ownername = NULL, - .owneruuid = {0}, - }; - if ((net->ifname) && (net->filter)) - virNWFilterTeardownFilter(&binding); + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + if (!net->ifname) + return; + + obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, net->ifname); + if (!obj) + return; + + def = virNWFilterBindingObjGetDef(obj); + virNWFilterTeardownFilter(def); + virNWFilterBindingObjDelete(obj, driver->bindingDir); + + virNWFilterBindingObjListRemove(driver->bindings, obj); + virNWFilterBindingObjEndAPI(&obj); } -- 2.17.0

Wire up the ListAll, LookupByPortDev and GetXMLDesc APIs to allow the virsh nwfilter-binding-list & nwfilter-binding-dumpxml commands to work. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/nwfilter/nwfilter_driver.c | 76 ++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 3b111e3dc7..6bfb584b09 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -715,6 +715,79 @@ nwfilterTeardownFilter(virDomainNetDefPtr net) } +static virNWFilterBindingPtr +nwfilterBindingLookupByPortDev(virConnectPtr conn, + const char *portdev) +{ + virNWFilterBindingPtr ret = NULL; + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + + obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, + portdev); + if (!obj) + goto cleanup; + + def = virNWFilterBindingObjGetDef(obj); + if (virNWFilterBindingLookupByPortDevEnsureACL(conn, def) < 0) + goto cleanup; + + ret = virGetNWFilterBinding(conn, def->portdevname, def->filter); + + cleanup: + virNWFilterBindingObjEndAPI(&obj); + return ret; +} + + +static int +nwfilterConnectListAllNWFilterBindings(virConnectPtr conn, + virNWFilterBindingPtr **bindings, + unsigned int flags) +{ + int ret; + + virCheckFlags(0, -1); + + if (virConnectListAllNWFilterBindingsEnsureACL(conn) < 0) + return -1; + + ret = virNWFilterBindingObjListExport(driver->bindings, + conn, + bindings, + virConnectListAllNWFilterBindingsCheckACL); + + return ret; +} + + +static char * +nwfilterBindingGetXMLDesc(virNWFilterBindingPtr binding, + unsigned int flags) +{ + virNWFilterBindingObjPtr obj; + virNWFilterBindingDefPtr def; + char *ret = NULL; + + virCheckFlags(0, NULL); + + obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, + binding->portdev); + if (!obj) + goto cleanup; + + def = virNWFilterBindingObjGetDef(obj); + if (virNWFilterBindingGetXMLDescEnsureACL(binding->conn, def) < 0) + goto cleanup; + + ret = virNWFilterBindingDefFormat(def); + + cleanup: + virNWFilterBindingObjEndAPI(&obj); + return ret; +} + + static virNWFilterDriver nwfilterDriver = { .name = "nwfilter", .connectNumOfNWFilters = nwfilterConnectNumOfNWFilters, /* 0.8.0 */ @@ -725,6 +798,9 @@ static virNWFilterDriver nwfilterDriver = { .nwfilterDefineXML = nwfilterDefineXML, /* 0.8.0 */ .nwfilterUndefine = nwfilterUndefine, /* 0.8.0 */ .nwfilterGetXMLDesc = nwfilterGetXMLDesc, /* 0.8.0 */ + .nwfilterBindingLookupByPortDev = nwfilterBindingLookupByPortDev, /* 4.5.0 */ + .connectListAllNWFilterBindings = nwfilterConnectListAllNWFilterBindings, /* 4.5.0 */ + .nwfilterBindingGetXMLDesc = nwfilterBindingGetXMLDesc, /* 4.5.0 */ }; -- 2.17.0

Remove the callbacks that the nwfilter driver registers with the domain object config layer. Instead make the current helper methods call into the public API for creating/deleting nwfilter bindings. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/domain_nwfilter.c | 124 +++++++++++++++++++++---- src/conf/domain_nwfilter.h | 13 --- src/libvirt_private.syms | 1 - src/nwfilter/nwfilter_driver.c | 84 +++-------------- src/nwfilter/nwfilter_gentech_driver.c | 42 --------- src/nwfilter/nwfilter_gentech_driver.h | 4 - 6 files changed, 120 insertions(+), 148 deletions(-) diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c index 7570e0ae83..ed45394918 100644 --- a/src/conf/domain_nwfilter.c +++ b/src/conf/domain_nwfilter.c @@ -28,45 +28,137 @@ #include "datatypes.h" #include "domain_conf.h" #include "domain_nwfilter.h" +#include "virnwfilterbindingdef.h" #include "virerror.h" +#include "viralloc.h" +#include "virstring.h" +#include "virlog.h" -#define VIR_FROM_THIS VIR_FROM_NWFILTER -static virDomainConfNWFilterDriverPtr nwfilterDriver; +VIR_LOG_INIT("conf.domain_nwfilter"); -void -virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) +#define VIR_FROM_THIS VIR_FROM_NWFILTER + +static virNWFilterBindingDefPtr +virNWFilterBindingDefForNet(const char *vmname, + const unsigned char *vmuuid, + virDomainNetDefPtr net) { - nwfilterDriver = driver; + virNWFilterBindingDefPtr ret; + + if (VIR_ALLOC(ret) < 0) + return NULL; + + if (VIR_STRDUP(ret->ownername, vmname) < 0) + goto error; + + memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid)); + + if (VIR_STRDUP(ret->portdevname, net->ifname) < 0) + goto error; + + if (net->type == VIR_DOMAIN_NET_TYPE_DIRECT && + VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0) + goto error; + + ret->mac = net->mac; + + if (VIR_STRDUP(ret->filter, net->filter) < 0) + goto error; + + if (!(ret->filterparams = virNWFilterHashTableCreate(0))) + goto error; + + if (net->filterparams && + virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) < 0) + goto error; + + return ret; + + error: + virNWFilterBindingDefFree(ret); + return NULL; } + int virDomainConfNWFilterInstantiate(const char *vmname, const unsigned char *vmuuid, virDomainNetDefPtr net) { - if (nwfilterDriver != NULL) - return nwfilterDriver->instantiateFilter(vmname, vmuuid, net); + virConnectPtr conn = virGetConnectNWFilter(); + virNWFilterBindingDefPtr def = NULL; + virNWFilterBindingPtr binding = NULL; + char *xml; + int ret = -1; + + VIR_DEBUG("vmname=%s portdev=%s filter=%s", + vmname, NULLSTR(net->ifname), NULLSTR(net->filter)); + + if (!conn) + goto cleanup; + + if (!(def = virNWFilterBindingDefForNet(vmname, vmuuid, net))) + goto cleanup; + + if (!(xml = virNWFilterBindingDefFormat(def))) + goto cleanup; + + if (!(binding = virNWFilterBindingCreateXML(conn, xml, 0))) + goto cleanup; + + ret = 0; + + cleanup: + VIR_FREE(xml); + virNWFilterBindingDefFree(def); + virObjectUnref(binding); + virObjectUnref(conn); + return ret; +} + + +static void +virDomainConfNWFilterTeardownImpl(virConnectPtr conn, + virDomainNetDefPtr net) +{ + virNWFilterBindingPtr binding; - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("No network filter driver available")); - return -1; + binding = virNWFilterBindingLookupByPortDev(conn, net->ifname); + if (!binding) + return; + + virNWFilterBindingDelete(binding); + + virObjectUnref(binding); } + void virDomainConfNWFilterTeardown(virDomainNetDefPtr net) { - if (nwfilterDriver != NULL) - nwfilterDriver->teardownFilter(net); + virConnectPtr conn = virGetConnectNWFilter(); + + if (!conn) + return; + + virDomainConfNWFilterTeardownImpl(conn, net); + + virObjectUnref(conn); } void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm) { size_t i; + virConnectPtr conn = virGetConnectNWFilter(); + + if (!conn) + return; + + + for (i = 0; i < vm->def->nnets; i++) + virDomainConfNWFilterTeardownImpl(conn, vm->def->nets[i]); - if (nwfilterDriver != NULL) { - for (i = 0; i < vm->def->nnets; i++) - virDomainConfNWFilterTeardown(vm->def->nets[i]); - } + virObjectUnref(conn); } diff --git a/src/conf/domain_nwfilter.h b/src/conf/domain_nwfilter.h index 857cac6c2a..d2ebeff853 100644 --- a/src/conf/domain_nwfilter.h +++ b/src/conf/domain_nwfilter.h @@ -23,19 +23,6 @@ #ifndef DOMAIN_NWFILTER_H # define DOMAIN_NWFILTER_H -typedef int (*virDomainConfInstantiateNWFilter)(const char *vmname, - const unsigned char *vmuuid, - virDomainNetDefPtr net); -typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net); - -typedef struct { - virDomainConfInstantiateNWFilter instantiateFilter; - virDomainConfTeardownNWFilter teardownFilter; -} virDomainConfNWFilterDriver; -typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr; - -void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver); - int virDomainConfNWFilterInstantiate(const char *vmname, const unsigned char *vmuuid, virDomainNetDefPtr net); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ecc60dbe73..9676ad3d13 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -652,7 +652,6 @@ virDomainQemuMonitorEventStateRegisterID; # conf/domain_nwfilter.h virDomainConfNWFilterInstantiate; -virDomainConfNWFilterRegister; virDomainConfNWFilterTeardown; virDomainConfVMNWFilterTeardown; diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 2b6856a36c..26e6e76b3b 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -654,67 +654,6 @@ nwfilterGetXMLDesc(virNWFilterPtr nwfilter, } -static int -nwfilterInstantiateFilter(const char *vmname, - const unsigned char *vmuuid, - virDomainNetDefPtr net) -{ - virNWFilterBindingObjPtr obj; - virNWFilterBindingDefPtr def; - int ret; - - obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, net->ifname); - if (obj) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Filter already present for NIC %s"), net->ifname); - virNWFilterBindingObjEndAPI(&obj); - return -1; - } - - if (!(def = virNWFilterBindingDefForNet(vmname, vmuuid, net))) - return -1; - - obj = virNWFilterBindingObjListAdd(driver->bindings, - def); - if (!obj) { - virNWFilterBindingDefFree(def); - return -1; - } - - ret = virNWFilterInstantiateFilter(driver, def); - - if (ret >= 0) - virNWFilterBindingObjSave(obj, driver->bindingDir); - else - virNWFilterBindingObjListRemove(driver->bindings, obj); - - virNWFilterBindingObjEndAPI(&obj); - - return ret; -} - - -static void -nwfilterTeardownFilter(virDomainNetDefPtr net) -{ - virNWFilterBindingObjPtr obj; - virNWFilterBindingDefPtr def; - if (!net->ifname) - return; - - obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, net->ifname); - if (!obj) - return; - - def = virNWFilterBindingObjGetDef(obj); - virNWFilterTeardownFilter(def); - virNWFilterBindingObjDelete(obj, driver->bindingDir); - - virNWFilterBindingObjListRemove(driver->bindings, obj); - virNWFilterBindingObjEndAPI(&obj); -} - - static virNWFilterBindingPtr nwfilterBindingLookupByPortDev(virConnectPtr conn, const char *portdev) @@ -725,8 +664,11 @@ nwfilterBindingLookupByPortDev(virConnectPtr conn, obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, portdev); - if (!obj) + if (!obj) { + virReportError(VIR_ERR_NO_NWFILTER_BINDING, + _("no nwfilter binding for port dev '%s'"), portdev); goto cleanup; + } def = virNWFilterBindingObjGetDef(obj); if (virNWFilterBindingLookupByPortDevEnsureACL(conn, def) < 0) @@ -773,8 +715,11 @@ nwfilterBindingGetXMLDesc(virNWFilterBindingPtr binding, obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, binding->portdev); - if (!obj) + if (!obj) { + virReportError(VIR_ERR_NO_NWFILTER_BINDING, + _("no nwfilter binding for port dev '%s'"), binding->portdev); goto cleanup; + } def = virNWFilterBindingObjGetDef(obj); if (virNWFilterBindingGetXMLDescEnsureACL(binding->conn, def) < 0) @@ -846,8 +791,11 @@ nwfilterBindingDelete(virNWFilterBindingPtr binding) int ret = -1; obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, binding->portdev); - if (!obj) + if (!obj) { + virReportError(VIR_ERR_NO_NWFILTER_BINDING, + _("no nwfilter binding for port dev '%s'"), binding->portdev); return -1; + } def = virNWFilterBindingObjGetDef(obj); if (virNWFilterBindingDeleteEnsureACL(binding->conn, def) < 0) @@ -908,13 +856,6 @@ static virStateDriver stateDriver = { .stateReload = nwfilterStateReload, }; - -static virDomainConfNWFilterDriver domainNWFilterDriver = { - .instantiateFilter = nwfilterInstantiateFilter, - .teardownFilter = nwfilterTeardownFilter, -}; - - int nwfilterRegister(void) { if (virRegisterConnectDriver(&nwfilterConnectDriver, false) < 0) @@ -923,6 +864,5 @@ int nwfilterRegister(void) return -1; if (virRegisterStateDriver(&stateDriver) < 0) return -1; - virDomainConfNWFilterRegister(&domainNWFilterDriver); return 0; } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index d208d0188e..e5dea91f83 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -1082,45 +1082,3 @@ virNWFilterBuildAll(virNWFilterDriverStatePtr driver, } return ret; } - - -virNWFilterBindingDefPtr -virNWFilterBindingDefForNet(const char *vmname, - const unsigned char *vmuuid, - virDomainNetDefPtr net) -{ - virNWFilterBindingDefPtr ret; - - if (VIR_ALLOC(ret) < 0) - return NULL; - - if (VIR_STRDUP(ret->ownername, vmname) < 0) - goto error; - - memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid)); - - if (VIR_STRDUP(ret->portdevname, net->ifname) < 0) - goto error; - - if (net->type == VIR_DOMAIN_NET_TYPE_DIRECT && - VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0) - goto error; - - ret->mac = net->mac; - - if (VIR_STRDUP(ret->filter, net->filter) < 0) - goto error; - - if (!(ret->filterparams = virNWFilterHashTableCreate(0))) - goto error; - - if (net->filterparams && - virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) < 0) - goto error; - - return ret; - - error: - virNWFilterBindingDefFree(ret); - return NULL; -} diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h index 481fdd2413..2cd19c90fc 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -57,8 +57,4 @@ virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr, int virNWFilterBuildAll(virNWFilterDriverStatePtr driver, bool newFilters); -virNWFilterBindingDefPtr virNWFilterBindingDefForNet(const char *vmname, - const unsigned char *vmuuid, - virDomainNetDefPtr net); - #endif -- 2.17.0