diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c index 9590c87bb7827f414b51b7932c860eb2eaa1b766..644b57c17de6931400c764af80dafb55fab4ff90 100644 --- a/src/conf/domain_nwfilter.c +++ b/src/conf/domain_nwfilter.c @@ -37,9 +37,10 @@ virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) { int virDomainConfNWFilterInstantiate(virConnectPtr conn, + const unsigned char *vmuuid, virDomainNetDefPtr net) { if (nwfilterDriver != NULL) - return nwfilterDriver->instantiateFilter(conn, net); + return nwfilterDriver->instantiateFilter(conn, vmuuid, net); /* driver module not available -- don't indicate failure */ return 0; } diff --git a/src/conf/domain_nwfilter.h b/src/conf/domain_nwfilter.h index 1e70639c6d21decaa56231b9f008f29ad93c95ea..9330c223addbada32f3fd6d337096dbce424499b 100644 --- a/src/conf/domain_nwfilter.h +++ b/src/conf/domain_nwfilter.h @@ -24,6 +24,7 @@ # define DOMAIN_NWFILTER_H typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn, + const unsigned char *vmuuid, virDomainNetDefPtr net); typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net); @@ -36,6 +37,7 @@ typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr; void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver); int virDomainConfNWFilterInstantiate(virConnectPtr conn, + const unsigned char *vmuuid, virDomainNetDefPtr net); void virDomainConfNWFilterTeardown(virDomainNetDefPtr net); void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm); diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 6cd5bf8141187dbcd73c6583f79ce4419251a6bd..b16cfd8116dc393d275cb04a2266a72dbd165ea9 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1185,6 +1185,7 @@ static void lxcVmCleanup(lxc_driver_t *driver, static int lxcSetupInterfaceBridged(virConnectPtr conn, + virDomainDefPtr vm, virDomainNetDefPtr net, const char *brname, unsigned int *nveths, @@ -1229,7 +1230,7 @@ static int lxcSetupInterfaceBridged(virConnectPtr conn, } if (net->filter && - virDomainConfNWFilterInstantiate(conn, net) < 0) + virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) goto cleanup; ret = 0; @@ -1349,6 +1350,7 @@ static int lxcSetupInterfaces(virConnectPtr conn, goto cleanup; if (lxcSetupInterfaceBridged(conn, + def, def->nets[i], brname, nveths, @@ -1367,6 +1369,7 @@ static int lxcSetupInterfaces(virConnectPtr conn, goto cleanup; } if (lxcSetupInterfaceBridged(conn, + def, def->nets[i], brname, nveths, diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 4b040175d500cb397ebf78e9ba5cd25cf8944a33..ed5028de9d4a55b119bea075cc50102ccf518262 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -443,8 +443,10 @@ cleanup: static int nwfilterInstantiateFilter(virConnectPtr conn, - virDomainNetDefPtr net) { - return virNWFilterInstantiateFilter(conn, net); + const unsigned char *vmuuid, + virDomainNetDefPtr net) +{ + return virNWFilterInstantiateFilter(conn, vmuuid, net); } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index 2a195cab8ba63169ed07323734c86d9dcfb07fad..5385d91268ec0072eb3e8d90b87bbe4997f323e3 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -607,6 +607,7 @@ virNWFilterRuleInstancesToArray(int nEntries, /** * virNWFilterInstantiate: + * @vmuuid: The UUID of the VM * @techdriver: The driver to use for instantiation * @filter: The filter to instantiate * @ifname: The name of the interface to apply the rules to @@ -625,7 +626,8 @@ virNWFilterRuleInstancesToArray(int nEntries, * Call this function while holding the NWFilter filter update lock */ static int -virNWFilterInstantiate(virNWFilterTechDriverPtr techdriver, +virNWFilterInstantiate(const unsigned char *vmuuid ATTRIBUTE_UNUSED, + virNWFilterTechDriverPtr techdriver, enum virDomainNetType nettype, virNWFilterDefPtr filter, const char *ifname, @@ -761,7 +763,8 @@ err_unresolvable_vars: * Call this function while holding the NWFilter filter update lock */ static int -__virNWFilterInstantiateFilter(bool teardownOld, +__virNWFilterInstantiateFilter(const unsigned char *vmuuid, + bool teardownOld, const char *ifname, int ifindex, const char *linkdev, @@ -853,7 +856,8 @@ __virNWFilterInstantiateFilter(bool teardownOld, break; } - rc = virNWFilterInstantiate(techdriver, + rc = virNWFilterInstantiate(vmuuid, + techdriver, nettype, filter, ifname, @@ -883,6 +887,7 @@ err_exit: static int _virNWFilterInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net, bool teardownOld, enum instCase useNewFilter, @@ -908,7 +913,8 @@ _virNWFilterInstantiateFilter(virConnectPtr conn, goto cleanup; } - rc = __virNWFilterInstantiateFilter(teardownOld, + rc = __virNWFilterInstantiateFilter(vmuuid, + teardownOld, net->ifname, ifindex, linkdev, @@ -929,7 +935,8 @@ cleanup: int -virNWFilterInstantiateFilterLate(const char *ifname, +virNWFilterInstantiateFilterLate(const unsigned char *vmuuid, + const char *ifname, int ifindex, const char *linkdev, enum virDomainNetType nettype, @@ -943,7 +950,8 @@ virNWFilterInstantiateFilterLate(const char *ifname, virNWFilterLockFilterUpdates(); - rc = __virNWFilterInstantiateFilter(true, + rc = __virNWFilterInstantiateFilter(vmuuid, + true, ifname, ifindex, linkdev, @@ -973,11 +981,12 @@ virNWFilterInstantiateFilterLate(const char *ifname, int virNWFilterInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net) { bool foundNewFilter = false; - return _virNWFilterInstantiateFilter(conn, net, + return _virNWFilterInstantiateFilter(conn, vmuuid, net, 1, INSTANTIATE_ALWAYS, &foundNewFilter); @@ -986,12 +995,13 @@ virNWFilterInstantiateFilter(virConnectPtr conn, int virNWFilterUpdateInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net, bool *skipIface) { bool foundNewFilter = false; - int rc = _virNWFilterInstantiateFilter(conn, net, + int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net, 0, INSTANTIATE_FOLLOW_NEWFILTER, &foundNewFilter); @@ -1109,6 +1119,7 @@ virNWFilterDomainFWUpdateCB(void *payload, switch (cb->step) { case STEP_APPLY_NEW: cb->err = virNWFilterUpdateInstantiateFilter(cb->conn, + vm->uuid, net, &skipIface); if (cb->err == 0 && skipIface) { diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h index 756597edae7e43463873bc76b2ced5c967e9e480..0579a9a27edc2a009c03e82ad497a00e0511c5ea 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -38,12 +38,15 @@ enum instCase { int virNWFilterInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net); int virNWFilterUpdateInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net, bool *skipIface); -int virNWFilterInstantiateFilterLate(const char *ifname, +int virNWFilterInstantiateFilterLate(const unsigned char *vmuuid, + const char *ifname, int ifindex, const char *linkdev, enum virDomainNetType nettype, diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c index 38362fb7617f18bd5d7a50e9308a2cb970e17550..93f8f6ea5b317d6da415c16a2b74cbac32c93c64 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -704,7 +704,8 @@ learnIPAddressThread(void *arg) "cache for interface %s"), inetaddr, req->ifname); } - ret = virNWFilterInstantiateFilterLate(req->ifname, + ret = virNWFilterInstantiateFilterLate(NULL, + req->ifname, req->ifindex, req->linkdev, req->nettype, diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index d7eef7a68b3e9733971e88b1f8eb6de3f0524acf..97d2463e911c0eacb380d9f7f2f710a09648f021 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -275,7 +275,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, if (tapfd >= 0) { if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(conn, net) < 0) + if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) VIR_FORCE_CLOSE(tapfd); } } diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index f58144139a4093668105b643ce694420b41d90d0..d4271d0cccae47e23dad768f690eae18d57f0ae2 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2355,7 +2355,7 @@ qemuProcessFiltersInstantiate(virConnectPtr conn, for (i = 0 ; i < def->nnets ; i++) { virDomainNetDefPtr net = def->nets[i]; if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(conn, net) < 0) { + if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) { err = 1; break; } diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 48904ad7a5cf7ce8c9bc1727e6e2f94a017cf66f..86ca191de00ab4185f1c93959e8f746dbe8b3d4f 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -122,6 +122,7 @@ virCapsPtr umlCapsInit(void) { static int umlConnectTapDevice(virConnectPtr conn, + virDomainDefPtr vm, virDomainNetDefPtr net, const char *bridge) { @@ -148,7 +149,7 @@ umlConnectTapDevice(virConnectPtr conn, } if (net->filter) { - if (virDomainConfNWFilterInstantiate(conn, net) < 0) { + if (virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) { if (template_ifname) VIR_FREE(net->ifname); goto error; @@ -165,6 +166,7 @@ error: static char * umlBuildCommandLineNet(virConnectPtr conn, + virDomainDefPtr vm, virDomainNetDefPtr def, int idx) { @@ -230,7 +232,7 @@ umlBuildCommandLineNet(virConnectPtr conn, goto error; } - if (umlConnectTapDevice(conn, def, bridge) < 0) { + if (umlConnectTapDevice(conn, vm, def, bridge) < 0) { VIR_FREE(bridge); goto error; } @@ -241,7 +243,8 @@ umlBuildCommandLineNet(virConnectPtr conn, } case VIR_DOMAIN_NET_TYPE_BRIDGE: - if (umlConnectTapDevice(conn, def, def->data.bridge.brname) < 0) + if (umlConnectTapDevice(conn, vm, def, + def->data.bridge.brname) < 0) goto error; /* ethNNN=tuntap,tapname,macaddr,gateway */ @@ -434,7 +437,7 @@ virCommandPtr umlBuildCommandLine(virConnectPtr conn, } for (i = 0 ; i < vm->def->nnets ; i++) { - char *ret = umlBuildCommandLineNet(conn, vm->def->nets[i], i); + char *ret = umlBuildCommandLineNet(conn, vm->def, vm->def->nets[i], i); if (!ret) goto error; virCommandAddArg(cmd, ret);