Pass the VM's UUID into the nwfilter subsystem

A preparatory patch for DHCP snooping where we want to be able to differentiate between a VM's interface using the tuple of <VM UUID, Interface MAC address>. We assume that MAC addresses could possibly be re-used between different networks (VLANs) thus do not only want to rely on the MAC address to identify an interface. At the current 'final destination' in virNWFilterInstantiate I am leaving the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive. (we may not post the DHCP snooping patches for 0.9.9, though) Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver and uml_conf, I am passing the virDomainDefPtr around until I am passing only the VM's uuid into the NWFilter calls.

Pass the VM's UUID into the nwfilter subsystem
A preparatory patch for DHCP snooping where we want to be able to differentiate between a VM's interface using the tuple of <VM UUID, Interface MAC address>. We assume that MAC addresses could possibly be re-used between different networks (VLANs) thus do not only want to rely on the MAC address to identify an interface. At the current 'final destination' in virNWFilterInstantiate I am leaving the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive. (we may not post the DHCP snooping patches for 0.9.9, though) Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver and uml_conf, I am passing the virDomainDefPtr around until I am passing only the VM's uuid into the NWFilter calls.
33eb3567 · Stefan Berger · Stefan Berger · 95ff5899 · 33eb3567 · 33eb3567
10 changed file
--- a/src/conf/domain_nwfilter.c
+++ b/src/conf/domain_nwfilter.c
@@ -37,9 +37,10 @@ virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) {

 int
 virDomainConfNWFilterInstantiate(virConnectPtr conn,
+                                 const unsigned char *vmuuid,
                                 virDomainNetDefPtr net) {
    if (nwfilterDriver != NULL)
-        return nwfilterDriver->instantiateFilter(conn, net);
+        return nwfilterDriver->instantiateFilter(conn, vmuuid, net);
    /* driver module not available -- don't indicate failure */
    return 0;
 }

--- a/src/conf/domain_nwfilter.h
+++ b/src/conf/domain_nwfilter.h
@@ -24,6 +24,7 @@
 # define DOMAIN_NWFILTER_H

 typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn,
+                                                const unsigned char *vmuuid,
                                                virDomainNetDefPtr net);
 typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net);

@@ -36,6 +37,7 @@ typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr;
 void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver);

 int virDomainConfNWFilterInstantiate(virConnectPtr conn,
+                                     const unsigned char *vmuuid,
                                     virDomainNetDefPtr net);
 void virDomainConfNWFilterTeardown(virDomainNetDefPtr net);
 void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm);

--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1185,6 +1185,7 @@ static void lxcVmCleanup(lxc_driver_t *driver,


 static int lxcSetupInterfaceBridged(virConnectPtr conn,
+                                    virDomainDefPtr vm,
                                    virDomainNetDefPtr net,
                                    const char *brname,
                                    unsigned int *nveths,
@@ -1229,7 +1230,7 @@ static int lxcSetupInterfaceBridged(virConnectPtr conn,
    }

    if (net->filter &&
-        virDomainConfNWFilterInstantiate(conn, net) < 0)
+        virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0)
        goto cleanup;

    ret = 0;
@@ -1349,6 +1350,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
                goto cleanup;

            if (lxcSetupInterfaceBridged(conn,
+                                         def,
                                         def->nets[i],
                                         brname,
                                         nveths,
@@ -1367,6 +1369,7 @@ static int lxcSetupInterfaces(virConnectPtr conn,
                goto cleanup;
            }
            if (lxcSetupInterfaceBridged(conn,
+                                         def,
                                         def->nets[i],
                                         brname,
                                         nveths,

--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -443,8 +443,10 @@ cleanup:

 static int
 nwfilterInstantiateFilter(virConnectPtr conn,
-                          virDomainNetDefPtr net) {
-    return virNWFilterInstantiateFilter(conn, net);
+                          const unsigned char *vmuuid,
+                          virDomainNetDefPtr net)
+{
+    return virNWFilterInstantiateFilter(conn, vmuuid, net);
 }



--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -607,6 +607,7 @@ virNWFilterRuleInstancesToArray(int nEntries,

 /**
 * virNWFilterInstantiate:
+ * @vmuuid: The UUID of the VM
 * @techdriver: The driver to use for instantiation
 * @filter: The filter to instantiate
 * @ifname: The name of the interface to apply the rules to
@@ -625,7 +626,8 @@ virNWFilterRuleInstancesToArray(int nEntries,
 * Call this function while holding the NWFilter filter update lock
 */
 static int
-virNWFilterInstantiate(virNWFilterTechDriverPtr techdriver,
+virNWFilterInstantiate(const unsigned char *vmuuid ATTRIBUTE_UNUSED,
+                       virNWFilterTechDriverPtr techdriver,
                       enum virDomainNetType nettype,
                       virNWFilterDefPtr filter,
                       const char *ifname,
@@ -761,7 +763,8 @@ err_unresolvable_vars:
 * Call this function while holding the NWFilter filter update lock
 */
 static int
-__virNWFilterInstantiateFilter(bool teardownOld,
+__virNWFilterInstantiateFilter(const unsigned char *vmuuid,
+                               bool teardownOld,
                               const char *ifname,
                               int ifindex,
                               const char *linkdev,
@@ -853,7 +856,8 @@ __virNWFilterInstantiateFilter(bool teardownOld,
    break;
    }

-    rc = virNWFilterInstantiate(techdriver,
+    rc = virNWFilterInstantiate(vmuuid,
+                                techdriver,
                                nettype,
                                filter,
                                ifname,
@@ -883,6 +887,7 @@ err_exit:

 static int
 _virNWFilterInstantiateFilter(virConnectPtr conn,
+                              const unsigned char *vmuuid,
                              const virDomainNetDefPtr net,
                              bool teardownOld,
                              enum instCase useNewFilter,
@@ -908,7 +913,8 @@ _virNWFilterInstantiateFilter(virConnectPtr conn,
        goto cleanup;
    }

-    rc = __virNWFilterInstantiateFilter(teardownOld,
+    rc = __virNWFilterInstantiateFilter(vmuuid,
+                                        teardownOld,
                                        net->ifname,
                                        ifindex,
                                        linkdev,
@@ -929,7 +935,8 @@ cleanup:


 int
-virNWFilterInstantiateFilterLate(const char *ifname,
+virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
+                                 const char *ifname,
                                 int ifindex,
                                 const char *linkdev,
                                 enum virDomainNetType nettype,
@@ -943,7 +950,8 @@ virNWFilterInstantiateFilterLate(const char *ifname,

    virNWFilterLockFilterUpdates();

-    rc = __virNWFilterInstantiateFilter(true,
+    rc = __virNWFilterInstantiateFilter(vmuuid,
+                                        true,
                                        ifname,
                                        ifindex,
                                        linkdev,
@@ -973,11 +981,12 @@ virNWFilterInstantiateFilterLate(const char *ifname,

 int
 virNWFilterInstantiateFilter(virConnectPtr conn,
+                             const unsigned char *vmuuid,
                             const virDomainNetDefPtr net)
 {
    bool foundNewFilter = false;

-    return _virNWFilterInstantiateFilter(conn, net,
+    return _virNWFilterInstantiateFilter(conn, vmuuid, net,
                                         1,
                                         INSTANTIATE_ALWAYS,
                                         &foundNewFilter);
@@ -986,12 +995,13 @@ virNWFilterInstantiateFilter(virConnectPtr conn,

 int
 virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
+                                   const unsigned char *vmuuid,
                                   const virDomainNetDefPtr net,
                                   bool *skipIface)
 {
    bool foundNewFilter = false;

-    int rc = _virNWFilterInstantiateFilter(conn, net,
+    int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net,
                                           0,
                                           INSTANTIATE_FOLLOW_NEWFILTER,
                                           &foundNewFilter);
@@ -1109,6 +1119,7 @@ virNWFilterDomainFWUpdateCB(void *payload,
                switch (cb->step) {
                case STEP_APPLY_NEW:
                    cb->err = virNWFilterUpdateInstantiateFilter(cb->conn,
+                                                                 vm->uuid,
                                                                 net,
                                                                 &skipIface);
                    if (cb->err == 0 && skipIface) {

--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -38,12 +38,15 @@ enum instCase {


 int virNWFilterInstantiateFilter(virConnectPtr conn,
+                                 const unsigned char *vmuuid,
                                 const virDomainNetDefPtr net);
 int virNWFilterUpdateInstantiateFilter(virConnectPtr conn,
+                                       const unsigned char *vmuuid,
                                       const virDomainNetDefPtr net,
                                       bool *skipIface);

-int virNWFilterInstantiateFilterLate(const char *ifname,
+int virNWFilterInstantiateFilterLate(const unsigned char *vmuuid,
+                                     const char *ifname,
                                     int ifindex,
                                     const char *linkdev,
                                     enum virDomainNetType nettype,

--- a/src/nwfilter/nwfilter_learnipaddr.c
+++ b/src/nwfilter/nwfilter_learnipaddr.c
@@ -704,7 +704,8 @@ learnIPAddressThread(void *arg)
                          "cache for interface %s"), inetaddr, req->ifname);
            }

-            ret = virNWFilterInstantiateFilterLate(req->ifname,
+            ret = virNWFilterInstantiateFilterLate(NULL,
+                                                   req->ifname,
                                                   req->ifindex,
                                                   req->linkdev,
                                                   req->nettype,

--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -275,7 +275,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,

    if (tapfd >= 0) {
        if ((net->filter) && (net->ifname)) {
-            if (virDomainConfNWFilterInstantiate(conn, net) < 0)
+            if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0)
                VIR_FORCE_CLOSE(tapfd);
        }
    }

--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2355,7 +2355,7 @@ qemuProcessFiltersInstantiate(virConnectPtr conn,
    for (i = 0 ; i < def->nnets ; i++) {
        virDomainNetDefPtr net = def->nets[i];
        if ((net->filter) && (net->ifname)) {
-           if (virDomainConfNWFilterInstantiate(conn, net) < 0) {
+           if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) {
                err = 1;
                break;
            }

--- a/src/uml/uml_conf.c
+++ b/src/uml/uml_conf.c
@@ -122,6 +122,7 @@ virCapsPtr umlCapsInit(void) {

 static int
 umlConnectTapDevice(virConnectPtr conn,
+                    virDomainDefPtr vm,
                    virDomainNetDefPtr net,
                    const char *bridge)
 {
@@ -148,7 +149,7 @@ umlConnectTapDevice(virConnectPtr conn,
    }

    if (net->filter) {
-        if (virDomainConfNWFilterInstantiate(conn, net) < 0) {
+        if (virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) {
            if (template_ifname)
                VIR_FREE(net->ifname);
            goto error;
@@ -165,6 +166,7 @@ error:

 static char *
 umlBuildCommandLineNet(virConnectPtr conn,
+                       virDomainDefPtr vm,
                       virDomainNetDefPtr def,
                       int idx)
 {
@@ -230,7 +232,7 @@ umlBuildCommandLineNet(virConnectPtr conn,
            goto error;
        }

-        if (umlConnectTapDevice(conn, def, bridge) < 0) {
+        if (umlConnectTapDevice(conn, vm, def, bridge) < 0) {
            VIR_FREE(bridge);
            goto error;
        }
@@ -241,7 +243,8 @@ umlBuildCommandLineNet(virConnectPtr conn,
    }

    case VIR_DOMAIN_NET_TYPE_BRIDGE:
-        if (umlConnectTapDevice(conn, def, def->data.bridge.brname) < 0)
+        if (umlConnectTapDevice(conn, vm, def,
+                                def->data.bridge.brname) < 0)
            goto error;

        /* ethNNN=tuntap,tapname,macaddr,gateway */
@@ -434,7 +437,7 @@ virCommandPtr umlBuildCommandLine(virConnectPtr conn,
    }

    for (i = 0 ; i < vm->def->nnets ; i++) {
-        char *ret = umlBuildCommandLineNet(conn, vm->def->nets[i], i);
+        char *ret = umlBuildCommandLineNet(conn, vm->def, vm->def->nets[i], i);
        if (!ret)
            goto error;
        virCommandAddArg(cmd, ret);