11:42 a.m.
Changed in v2:
- Use if() instead of switch()
Daniel P. Berrangé (2):
nwfilter: fix IP address learning
nwfilter: directly use poll to wait for packets instead of pcap_next
src/nwfilter/nwfilter_learnipaddr.c | 55 ++++++++++++++++++++++-------
src/nwfilter/nwfilter_learnipaddr.h | 2 +-
2 files changed, 43 insertions(+), 14 deletions(-)
--
2.17.0
11:42 a.m.
New subject: [libvirt] [PATCH v2 1/2] nwfilter: fix IP address learning
In a previous commit:
commit d4bf8f415074759baf051644559e04fe78888f8b
Author: Daniel P. Berrangé <berrange(a)redhat.com>
Date: Wed Feb 14 09:43:59 2018 +0000
nwfilter: handle missing switch enum cases
Ensure all enum cases are listed in switch statements, or cast away
enum type in places where we don't wish to cover all cases.
Reviewed-by: John Ferlan <jferlan(a)redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
we changed a switch in the nwfilter learning thread so that it had
explict cases for all enum entries. Unfortunately the parameters in the
method had been declared with incorrect type. The "howDetect" parameter
does *not* accept "enum howDetect" values, rather it accepts a bitmask
of "enum howDetect" values, so it should have been an "int" type.
The caller always passes DETECT_STATIC|DETECT_DHCP, so essentially the
IP addressing learning was completely broken by the above change, as it
never matched any switch case, hitting the default leading to EINVAL.
Stop using a typedef for the parameter name this this is a bitmask,
not a plain enum value. Also stop using switch() since that's misleading
with bitmasks too.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/nwfilter/nwfilter_learnipaddr.c | 18 +++++++-----------
src/nwfilter/nwfilter_learnipaddr.h | 2 +-
2 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c
index cc3bfd971c..085af7892e 100644
--- a/src/nwfilter/nwfilter_learnipaddr.c
+++ b/src/nwfilter/nwfilter_learnipaddr.c
@@ -144,7 +144,7 @@ struct _virNWFilterIPAddrLearnReq {
char *filtername;
virHashTablePtr filterparams;
virNWFilterDriverStatePtr driver;
- enum howDetect howDetect;
+ int howDetect; /* bitmask of enum howDetect */
int status;
volatile bool terminate;
@@ -437,28 +437,24 @@ learnIPAddressThread(void *arg)
virMacAddrFormat(&req->macaddr, macaddr);
- switch (req->howDetect) {
- case DETECT_DHCP:
+ if (req->howDetect == DETECT_DHCP) {
if (techdriver->applyDHCPOnlyRules(req->ifname,
&req->macaddr,
NULL, false) < 0) {
+ VIR_DEBUG("Unable to apply DHCP only rules");
req->status = EINVAL;
goto done;
}
virBufferAddLit(&buf, "src port 67 and dst port 68");
- break;
- case DETECT_STATIC:
+ } else {
if (techdriver->applyBasicRules(req->ifname,
&req->macaddr) < 0) {
+ VIR_DEBUG("Unable to apply basic rules");
req->status = EINVAL;
goto done;
}
virBufferAsprintf(&buf, "ether host %s or ether dst
ff:ff:ff:ff:ff:ff",
macaddr);
- break;
- default:
- req->status = EINVAL;
- goto done;
}
if (virBufferError(&buf)) {
@@ -693,7 +689,7 @@ learnIPAddressThread(void *arg)
* once its IP address has been detected
* @driver : the network filter driver
* @howDetect : the method on how the thread is supposed to detect the
- * IP address; must choose any of the available flags
+ * IP address; bitmask of "enum howDetect" flags.
*
* Instruct to learn the IP address being used on a given interface (ifname).
* Unless there already is a thread attempting to learn the IP address
@@ -711,7 +707,7 @@ virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver,
const char *filtername,
virHashTablePtr filterparams,
virNWFilterDriverStatePtr driver,
- enum howDetect howDetect)
+ int howDetect)
{
int rc;
virThread thread;
diff --git a/src/nwfilter/nwfilter_learnipaddr.h b/src/nwfilter/nwfilter_learnipaddr.h
index 06fea5bff8..753aabc594 100644
--- a/src/nwfilter/nwfilter_learnipaddr.h
+++ b/src/nwfilter/nwfilter_learnipaddr.h
@@ -43,7 +43,7 @@ int virNWFilterLearnIPAddress(virNWFilterTechDriverPtr techdriver,
const char *filtername,
virHashTablePtr filterparams,
virNWFilterDriverStatePtr driver,
- enum howDetect howDetect);
+ int howDetect);
bool virNWFilterHasLearnReq(int ifindex);
int virNWFilterTerminateLearnReq(const char *ifname);
--
2.17.0
11:42 a.m.
New subject: [libvirt] [PATCH v2 2/2] nwfilter: directly use poll to wait for packets instead of pcap_next
When a QEMU VM shuts down its TAP device gets deleted while nwfilter
IP address learning thread is still capturing packets. It is seen that
with TPACKET_V3 support in libcap, the pcap_next() call will not always
exit its poll() when the NIC is removed. This prevents the learning
thread from exiting which blocks the rest of libvirtd waiting on mutex
acquisition. By switching to do poll() in libvirt code, we can ensure
that we always exit the poll() at a time that is right for libvirt.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/nwfilter/nwfilter_learnipaddr.c | 37 +++++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c
index 085af7892e..52adc37389 100644
--- a/src/nwfilter/nwfilter_learnipaddr.c
+++ b/src/nwfilter/nwfilter_learnipaddr.c
@@ -31,6 +31,7 @@
#include <fcntl.h>
#include <sys/ioctl.h>
+#include <poll.h>
#include <arpa/inet.h>
#include <net/ethernet.h>
@@ -414,6 +415,7 @@ learnIPAddressThread(void *arg)
bool showError = true;
enum howDetect howDetected = 0;
virNWFilterTechDriverPtr techdriver = req->techdriver;
+ struct pollfd fds[1];
if (virNWFilterLockIface(req->ifname) < 0)
goto err_no_lock;
@@ -435,6 +437,9 @@ learnIPAddressThread(void *arg)
goto done;
}
+ fds[0].fd = pcap_fileno(handle);
+ fds[0].events = POLLIN | POLLERR;
+
virMacAddrFormat(&req->macaddr, macaddr);
if (req->howDetect == DETECT_DHCP) {
@@ -480,17 +485,45 @@ learnIPAddressThread(void *arg)
pcap_freecode(&fp);
while (req->status == 0 && vmaddr == 0) {
+ int n = poll(fds, ARRAY_CARDINALITY(fds), PKT_TIMEOUT_MS);
+
+ if (n < 0) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+
+ req->status = errno;
+ showError = true;
+ break;
+ }
+
+ if (n == 0) {
+ if (threadsTerminate || req->terminate) {
+ VIR_DEBUG("Terminate request seen, cancelling pcap");
+ req->status = ECANCELED;
+ showError = false;
+ break;
+ }
+ continue;
+ }
+
+ if (fds[0].revents & (POLLHUP | POLLERR)) {
+ VIR_DEBUG("Error from FD probably dev deleted");
+ req->status = ENODEV;
+ showError = false;
+ break;
+ }
+
packet = pcap_next(handle, &header);
if (!packet) {
-
+ /* Already handled with poll, but lets be sure */
if (threadsTerminate || req->terminate) {
req->status = ECANCELED;
showError = false;
break;
}
- /* check whether VM's dev is still there */
+ /* Again, already handled above, but lets be sure */
if (virNetDevValidateConfig(req->ifname, NULL, req->ifindex) <= 0)
{
virResetLastError();
req->status = ENODEV;
--
2.17.0
2:19 p.m.
On 06/05/2018 12:42 PM, Daniel P. Berrangé wrote:
Changed in v2:
- Use if() instead of switch()
Daniel P. Berrangé (2):
nwfilter: fix IP address learning
nwfilter: directly use poll to wait for packets instead of pcap_next
src/nwfilter/nwfilter_learnipaddr.c | 55 ++++++++++++++++++++++-------
src/nwfilter/nwfilter_learnipaddr.h | 2 +-
2 files changed, 43 insertions(+), 14 deletions(-)
Reviewed-by: John Ferlan <jferlan(a)redhat.com>
(series)
John
2327
days inactive
2327
days old
3 comments
2 participants
participants (2)
-
Daniel P. Berrangé -
John Ferlan