forked from rpms/libvirt
165 lines
5.4 KiB
Diff
165 lines
5.4 KiB
Diff
|
From a8234641ad57553aa054bded71ed97c94f3100f1 Mon Sep 17 00:00:00 2001
|
||
|
|
Message-Id: <a8234641ad57553aa054bded71ed97c94f3100f1@dist-git>
|
||
|
|
From: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
|
||
|
|
Date: Wed, 5 Jun 2019 14:51:10 +0200
|
||
|
|
Subject: [PATCH] nwfilter: fix adding std MAC and IP values to filter binding
|
||
|
|
MIME-Version: 1.0
|
||
|
|
Content-Type: text/plain; charset=UTF-8
|
||
|
|
Content-Transfer-Encoding: 8bit
|
||
|
|
|
||
|
|
Commit d1a7c08eb changed filter instantiation code to ignore MAC and IP
|
||
|
|
variables explicitly specified for filter binding. It just replaces
|
||
|
|
explicit values with values associated with the binding. Before the
|
||
|
|
commit virNWFilterCreateVarsFrom was used so that explicit value
|
||
|
|
take precedence. Let's bring old behavior back.
|
||
|
|
|
||
|
|
This is useful. For example if domain has two interfaces it makes
|
||
|
|
sense to list both mac adresses in MAC var of every interface
|
||
|
|
filterref. So that if guest make a bond of these interfaces
|
||
|
|
and start sending frames with one of the mac adresses from
|
||
|
|
both interfaces we can pass outgress traffic from both
|
||
|
|
interfaces too.
|
||
|
|
|
||
|
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||
|
|
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
|
||
|
|
(cherry picked from commit 01e11ebcb6e8f24662b7c67b70134c192785691c)
|
||
|
|
|
||
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1691356
|
||
|
|
|
||
|
|
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
||
|
|
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
|
||
|
|
---
|
||
|
|
src/nwfilter/nwfilter_gentech_driver.c | 92 +++++++++-----------------
|
||
|
|
1 file changed, 32 insertions(+), 60 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
|
||
|
|
index e5dea91f83..ece5d28f41 100644
|
||
|
|
--- a/src/nwfilter/nwfilter_gentech_driver.c
|
||
|
|
+++ b/src/nwfilter/nwfilter_gentech_driver.c
|
||
|
|
@@ -128,60 +128,6 @@ virNWFilterRuleInstFree(virNWFilterRuleInstPtr inst)
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
-/**
|
||
|
|
- * virNWFilterVarHashmapAddStdValues:
|
||
|
|
- * @tables: pointer to hash tabel to add values to
|
||
|
|
- * @macaddr: The string of the MAC address to add to the hash table,
|
||
|
|
- * may be NULL
|
||
|
|
- * @ipaddr: The string of the IP address to add to the hash table;
|
||
|
|
- * may be NULL
|
||
|
|
- *
|
||
|
|
- * Returns 0 in case of success, -1 in case an error happened with
|
||
|
|
- * error having been reported.
|
||
|
|
- *
|
||
|
|
- * Adds a couple of standard keys (MAC, IP) to the hash table.
|
||
|
|
- */
|
||
|
|
-static int
|
||
|
|
-virNWFilterVarHashmapAddStdValues(virHashTablePtr table,
|
||
|
|
- const char *macaddr,
|
||
|
|
- const virNWFilterVarValue *ipaddr)
|
||
|
|
-{
|
||
|
|
- virNWFilterVarValue *val;
|
||
|
|
-
|
||
|
|
- if (macaddr) {
|
||
|
|
- val = virNWFilterVarValueCreateSimpleCopyValue(macaddr);
|
||
|
|
- if (!val)
|
||
|
|
- return -1;
|
||
|
|
-
|
||
|
|
- if (virHashUpdateEntry(table,
|
||
|
|
- NWFILTER_STD_VAR_MAC,
|
||
|
|
- val) < 0) {
|
||
|
|
- virNWFilterVarValueFree(val);
|
||
|
|
- virReportError(VIR_ERR_INTERNAL_ERROR,
|
||
|
|
- "%s", _("Could not add variable 'MAC' to hashmap"));
|
||
|
|
- return -1;
|
||
|
|
- }
|
||
|
|
- }
|
||
|
|
-
|
||
|
|
- if (ipaddr) {
|
||
|
|
- val = virNWFilterVarValueCopy(ipaddr);
|
||
|
|
- if (!val)
|
||
|
|
- return -1;
|
||
|
|
-
|
||
|
|
- if (virHashUpdateEntry(table,
|
||
|
|
- NWFILTER_STD_VAR_IP,
|
||
|
|
- val) < 0) {
|
||
|
|
- virNWFilterVarValueFree(val);
|
||
|
|
- virReportError(VIR_ERR_INTERNAL_ERROR,
|
||
|
|
- "%s", _("Could not add variable 'IP' to hashmap"));
|
||
|
|
- return -1;
|
||
|
|
- }
|
||
|
|
- }
|
||
|
|
-
|
||
|
|
- return 0;
|
||
|
|
-}
|
||
|
|
-
|
||
|
|
-
|
||
|
|
/**
|
||
|
|
* Convert a virHashTable into a string of comma-separated
|
||
|
|
* variable names.
|
||
|
|
@@ -707,6 +653,28 @@ virNWFilterDoInstantiate(virNWFilterTechDriverPtr techdriver,
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
+static int
|
||
|
|
+virNWFilterVarHashmapAddStdValue(virHashTablePtr table,
|
||
|
|
+ const char *var,
|
||
|
|
+ const char *value)
|
||
|
|
+{
|
||
|
|
+ virNWFilterVarValue *val;
|
||
|
|
+
|
||
|
|
+ if (virHashLookup(table, var))
|
||
|
|
+ return 0;
|
||
|
|
+
|
||
|
|
+ if (!(val = virNWFilterVarValueCreateSimpleCopyValue(value)))
|
||
|
|
+ return -1;
|
||
|
|
+
|
||
|
|
+ if (virHashAddEntry(table, var, val) < 0) {
|
||
|
|
+ virNWFilterVarValueFree(val);
|
||
|
|
+ return -1;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
+ return 0;
|
||
|
|
+}
|
||
|
|
+
|
||
|
|
+
|
||
|
|
/*
|
||
|
|
* Call this function while holding the NWFilter filter update lock
|
||
|
|
*/
|
||
|
|
@@ -719,7 +687,7 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver,
|
||
|
|
bool forceWithPendingReq,
|
||
|
|
bool *foundNewFilter)
|
||
|
|
{
|
||
|
|
- int rc;
|
||
|
|
+ int rc = -1;
|
||
|
|
const char *drvname = EBIPTABLES_DRIVER_ID;
|
||
|
|
virNWFilterTechDriverPtr techdriver;
|
||
|
|
virNWFilterObjPtr obj;
|
||
|
|
@@ -745,14 +713,18 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver,
|
||
|
|
return -1;
|
||
|
|
|
||
|
|
virMacAddrFormat(&binding->mac, vmmacaddr);
|
||
|
|
+ if (virNWFilterVarHashmapAddStdValue(binding->filterparams,
|
||
|
|
+ NWFILTER_STD_VAR_MAC,
|
||
|
|
+ vmmacaddr) < 0)
|
||
|
|
+ goto err_exit;
|
||
|
|
|
||
|
|
ipaddr = virNWFilterIPAddrMapGetIPAddr(binding->portdevname);
|
||
|
|
-
|
||
|
|
- if (virNWFilterVarHashmapAddStdValues(binding->filterparams,
|
||
|
|
- vmmacaddr, ipaddr) < 0) {
|
||
|
|
- rc = -1;
|
||
|
|
+ if (ipaddr &&
|
||
|
|
+ virNWFilterVarHashmapAddStdValue(binding->filterparams,
|
||
|
|
+ NWFILTER_STD_VAR_IP,
|
||
|
|
+ virNWFilterVarValueGetSimple(ipaddr)) < 0)
|
||
|
|
goto err_exit;
|
||
|
|
- }
|
||
|
|
+
|
||
|
|
|
||
|
|
filter = virNWFilterObjGetDef(obj);
|
||
|
|
|
||
|
|
--
|
||
|
|
2.22.0
|
||
|
|
|