[libvirt] [PATCH v2 0/2] nwfilter: fix IP address learning - Devel - libvirt List Archives

newer
[libvirt] [PATCH] qemu: Fix double...

[libvirt] [PATCH v2 0/2] nwfilter: fix IP address learning

older
[libvirt] [perl PATCH 0/6] Update...

Daniel P. Berrangé

5 Jun 2018 5 Jun '18

12:42 p.m.

Changed in v2: - Use if() instead of switch() Daniel P. Berrangé (2): nwfilter: fix IP address learning nwfilter: directly use poll to wait for packets instead of pcap_next src/nwfilter/nwfilter_learnipaddr.c | 55 ++++++++++++++++++++++------- src/nwfilter/nwfilter_learnipaddr.h | 2 +- 2 files changed, 43 insertions(+), 14 deletions(-) -- 2.17.0

Reply

Sign in to reply online Use email software

Show replies by date

Daniel P. Berrangé

5 Jun 5 Jun

12:42 p.m.

New subject: [libvirt] [PATCH v2 1/2] nwfilter: fix IP address learning

In a previous commit: commit d4bf8f415074759baf051644559e04fe78888f8b Author: Daniel P. Berrangé <berrange@redhat.com> Date: Wed Feb 14 09:43:59 2018 +0000 nwfilter: handle missing switch enum cases Ensure all enum cases are listed in switch statements, or cast away enum type in places where we don't wish to cover all cases. Reviewed-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> we changed a switch in the nwfilter learning thread so that it had explict cases for all enum entries. Unfortunately the parameters in the method had been declared with incorrect type. The "howDetect" parameter does *not* accept "enum howDetect" values, rather it accepts a bitmask of "enum howDetect" values, so it should have been an "int" type. The caller always passes DETECT_STATIC|DETECT_DHCP, so essentially the IP addressing learning was completely broken by the above change, as it never matched any switch case, hitting the default leading to EINVAL. Stop using a typedef for the parameter name this this is a bitmask, not a plain enum value. Also stop using switch() since that's misleading with bitmasks too. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/nwfilter/nwfilter_learnipaddr.c | 18 +++++++----------- src/nwfilter/nwfilter_learnipaddr.h | 2 +- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c index cc3bfd971c..085af7892e 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -144,7 +144,7 @@ struct _virNWFilterIPAddrLearnReq { char *filtername; virHashTablePtr filterparams; virNWFilterDriverStatePtr driver; - enum howDetect howDetect; + int howDetect; /* bitmask of enum howDetect */ int status; volatile bool terminate; @@ -437,28 +437,24 @@ learnIPAddressThread(void *arg) virMacAddrFormat(&req->macaddr, macaddr); - switch (req->howDetect) { - case DETECT_DHCP: + if (req->howDetect == DETECT_DHCP) { if (techdriver->applyDHCPOnlyRules(req->ifname, &req->macaddr, NULL, false) < 0) { + VIR_DEBUG("Unable to apply DHCP only rules"); req->status = EINVAL; goto done; } virBufferAddLit(&buf, "src port 67 and dst port 68"); - break; - case DETECT_STATIC: + } else { if (techdriver->applyBasicRules(req->ifname, &req->macaddr) < 0) { + VIR_DEBUG("Unable to apply basic rules"); req->status = EINVAL; goto done; } virBufferAsprintf(&buf, "ether host %s or ether dst ff:ff:ff:ff:ff:ff", macaddr); - break; - default: - req->status = EINVAL; - goto done; } if (virBufferError(&buf)) { @@ -693,7 +689,7 @@ learnIPAddressThread(void *arg) * once its IP address has been detected * @driver : the network filter driver * @howDetect : the method on how the thread is supposed to detect the - * IP address; must choose any of the available flags + * IP address; bitmask of "enum howDetect" flags. * * Instruct to learn the IP address being used on a given interface (ifname). * Unless there already is a thread attempting to learn the IP address @@ -711,7 +707,7 @@ virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver, const char *filtername, virHashTablePtr filterparams, virNWFilterDriverStatePtr driver, - enum howDetect howDetect) + int howDetect) { int rc; virThread thread; diff --git a/src/nwfilter/nwfilter_learnipaddr.h b/src/nwfilter/nwfilter_learnipaddr.h index 06fea5bff8..753aabc594 100644 --- a/src/nwfilter/nwfilter_learnipaddr.h +++ b/src/nwfilter/nwfilter_learnipaddr.h @@ -43,7 +43,7 @@ int virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver, const char *filtername, virHashTablePtr filterparams, virNWFilterDriverStatePtr driver, - enum howDetect howDetect); + int howDetect); bool virNWFilterHasLearnReq(int ifindex); int virNWFilterTerminateLearnReq(const char *ifname); -- 2.17.0

Reply

Sign in to reply online Use email software

Daniel P. Berrangé

12:42 p.m.

New subject: [libvirt] [PATCH v2 2/2] nwfilter: directly use poll to wait for packets instead of pcap_next

When a QEMU VM shuts down its TAP device gets deleted while nwfilter IP address learning thread is still capturing packets. It is seen that with TPACKET_V3 support in libcap, the pcap_next() call will not always exit its poll() when the NIC is removed. This prevents the learning thread from exiting which blocks the rest of libvirtd waiting on mutex acquisition. By switching to do poll() in libvirt code, we can ensure that we always exit the poll() at a time that is right for libvirt. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/nwfilter/nwfilter_learnipaddr.c | 37 +++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c index 085af7892e..52adc37389 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -31,6 +31,7 @@ #include <fcntl.h> #include <sys/ioctl.h> +#include <poll.h> #include <arpa/inet.h> #include <net/ethernet.h> @@ -414,6 +415,7 @@ learnIPAddressThread(void *arg) bool showError = true; enum howDetect howDetected = 0; virNWFilterTechDriverPtr techdriver = req->techdriver; + struct pollfd fds[1]; if (virNWFilterLockIface(req->ifname) < 0) goto err_no_lock; @@ -435,6 +437,9 @@ learnIPAddressThread(void *arg) goto done; } + fds[0].fd = pcap_fileno(handle); + fds[0].events = POLLIN | POLLERR; + virMacAddrFormat(&req->macaddr, macaddr); if (req->howDetect == DETECT_DHCP) { @@ -480,17 +485,45 @@ learnIPAddressThread(void *arg) pcap_freecode(&fp); while (req->status == 0 && vmaddr == 0) { + int n = poll(fds, ARRAY_CARDINALITY(fds), PKT_TIMEOUT_MS); + + if (n < 0) { + if (errno == EAGAIN || errno == EINTR) + continue; + + req->status = errno; + showError = true; + break; + } + + if (n == 0) { + if (threadsTerminate || req->terminate) { + VIR_DEBUG("Terminate request seen, cancelling pcap"); + req->status = ECANCELED; + showError = false; + break; + } + continue; + } + + if (fds[0].revents & (POLLHUP | POLLERR)) { + VIR_DEBUG("Error from FD probably dev deleted"); + req->status = ENODEV; + showError = false; + break; + } + packet = pcap_next(handle, &header); if (!packet) { - + /* Already handled with poll, but lets be sure */ if (threadsTerminate || req->terminate) { req->status = ECANCELED; showError = false; break; } - /* check whether VM's dev is still there */ + /* Again, already handled above, but lets be sure */ if (virNetDevValidateConfig(req->ifname, NULL, req->ifindex) <= 0) { virResetLastError(); req->status = ENODEV; -- 2.17.0

Reply

Sign in to reply online Use email software

John Ferlan

3:19 p.m.

On 06/05/2018 12:42 PM, Daniel P. Berrangé wrote:

Changed in v2:

- Use if() instead of switch()

Daniel P. Berrangé (2): nwfilter: fix IP address learning nwfilter: directly use poll to wait for packets instead of pcap_next

src/nwfilter/nwfilter_learnipaddr.c | 55 ++++++++++++++++++++++------- src/nwfilter/nwfilter_learnipaddr.h | 2 +- 2 files changed, 43 insertions(+), 14 deletions(-)

Reviewed-by: John Ferlan <jferlan@redhat.com> (series) John

Reply

Sign in to reply online Use email software

2652

Age (days ago)

2652

Last active (days ago)

Download

3 comments

2 participants

tags

participants (2)

Daniel P. Berrangé
John Ferlan