From 33eb3567dd35934a9f4cde49bcb92fe0830fcd9d Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 8 Dec 2011 21:35:20 -0500 Subject: [PATCH] Pass the VM's UUID into the nwfilter subsystem A preparatory patch for DHCP snooping where we want to be able to differentiate between a VM's interface using the tuple of . We assume that MAC addresses could possibly be re-used between different networks (VLANs) thus do not only want to rely on the MAC address to identify an interface. At the current 'final destination' in virNWFilterInstantiate I am leaving the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive. (we may not post the DHCP snooping patches for 0.9.9, though) Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver and uml_conf, I am passing the virDomainDefPtr around until I am passing only the VM's uuid into the NWFilter calls. --- src/conf/domain_nwfilter.c | 3 ++- src/conf/domain_nwfilter.h | 2 ++ src/lxc/lxc_driver.c | 5 ++++- src/nwfilter/nwfilter_driver.c | 6 ++++-- src/nwfilter/nwfilter_gentech_driver.c | 27 ++++++++++++++++++-------- src/nwfilter/nwfilter_gentech_driver.h | 5 ++++- src/nwfilter/nwfilter_learnipaddr.c | 3 ++- src/qemu/qemu_command.c | 2 +- src/qemu/qemu_process.c | 2 +- src/uml/uml_conf.c | 11 +++++++---- 10 files changed, 46 insertions(+), 20 deletions(-) diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c index 9590c87bb7..644b57c17d 100644 --- a/src/conf/domain_nwfilter.c +++ b/src/conf/domain_nwfilter.c @@ -37,9 +37,10 @@ virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver) { int virDomainConfNWFilterInstantiate(virConnectPtr conn, + const unsigned char *vmuuid, virDomainNetDefPtr net) { if (nwfilterDriver != NULL) - return nwfilterDriver->instantiateFilter(conn, net); + return nwfilterDriver->instantiateFilter(conn, vmuuid, net); /* driver module not available -- don't indicate failure */ return 0; } diff --git a/src/conf/domain_nwfilter.h b/src/conf/domain_nwfilter.h index 1e70639c6d..9330c223ad 100644 --- a/src/conf/domain_nwfilter.h +++ b/src/conf/domain_nwfilter.h @@ -24,6 +24,7 @@ # define DOMAIN_NWFILTER_H typedef int (*virDomainConfInstantiateNWFilter)(virConnectPtr conn, + const unsigned char *vmuuid, virDomainNetDefPtr net); typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net); @@ -36,6 +37,7 @@ typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr; void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver); int virDomainConfNWFilterInstantiate(virConnectPtr conn, + const unsigned char *vmuuid, virDomainNetDefPtr net); void virDomainConfNWFilterTeardown(virDomainNetDefPtr net); void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm); diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 6cd5bf8141..b16cfd8116 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1185,6 +1185,7 @@ static void lxcVmCleanup(lxc_driver_t *driver, static int lxcSetupInterfaceBridged(virConnectPtr conn, + virDomainDefPtr vm, virDomainNetDefPtr net, const char *brname, unsigned int *nveths, @@ -1229,7 +1230,7 @@ static int lxcSetupInterfaceBridged(virConnectPtr conn, } if (net->filter && - virDomainConfNWFilterInstantiate(conn, net) < 0) + virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) goto cleanup; ret = 0; @@ -1349,6 +1350,7 @@ static int lxcSetupInterfaces(virConnectPtr conn, goto cleanup; if (lxcSetupInterfaceBridged(conn, + def, def->nets[i], brname, nveths, @@ -1367,6 +1369,7 @@ static int lxcSetupInterfaces(virConnectPtr conn, goto cleanup; } if (lxcSetupInterfaceBridged(conn, + def, def->nets[i], brname, nveths, diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 4b040175d5..ed5028de9d 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -443,8 +443,10 @@ cleanup: static int nwfilterInstantiateFilter(virConnectPtr conn, - virDomainNetDefPtr net) { - return virNWFilterInstantiateFilter(conn, net); + const unsigned char *vmuuid, + virDomainNetDefPtr net) +{ + return virNWFilterInstantiateFilter(conn, vmuuid, net); } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index 2a195cab8b..5385d91268 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -607,6 +607,7 @@ virNWFilterRuleInstancesToArray(int nEntries, /** * virNWFilterInstantiate: + * @vmuuid: The UUID of the VM * @techdriver: The driver to use for instantiation * @filter: The filter to instantiate * @ifname: The name of the interface to apply the rules to @@ -625,7 +626,8 @@ virNWFilterRuleInstancesToArray(int nEntries, * Call this function while holding the NWFilter filter update lock */ static int -virNWFilterInstantiate(virNWFilterTechDriverPtr techdriver, +virNWFilterInstantiate(const unsigned char *vmuuid ATTRIBUTE_UNUSED, + virNWFilterTechDriverPtr techdriver, enum virDomainNetType nettype, virNWFilterDefPtr filter, const char *ifname, @@ -761,7 +763,8 @@ err_unresolvable_vars: * Call this function while holding the NWFilter filter update lock */ static int -__virNWFilterInstantiateFilter(bool teardownOld, +__virNWFilterInstantiateFilter(const unsigned char *vmuuid, + bool teardownOld, const char *ifname, int ifindex, const char *linkdev, @@ -853,7 +856,8 @@ __virNWFilterInstantiateFilter(bool teardownOld, break; } - rc = virNWFilterInstantiate(techdriver, + rc = virNWFilterInstantiate(vmuuid, + techdriver, nettype, filter, ifname, @@ -883,6 +887,7 @@ err_exit: static int _virNWFilterInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net, bool teardownOld, enum instCase useNewFilter, @@ -908,7 +913,8 @@ _virNWFilterInstantiateFilter(virConnectPtr conn, goto cleanup; } - rc = __virNWFilterInstantiateFilter(teardownOld, + rc = __virNWFilterInstantiateFilter(vmuuid, + teardownOld, net->ifname, ifindex, linkdev, @@ -929,7 +935,8 @@ cleanup: int -virNWFilterInstantiateFilterLate(const char *ifname, +virNWFilterInstantiateFilterLate(const unsigned char *vmuuid, + const char *ifname, int ifindex, const char *linkdev, enum virDomainNetType nettype, @@ -943,7 +950,8 @@ virNWFilterInstantiateFilterLate(const char *ifname, virNWFilterLockFilterUpdates(); - rc = __virNWFilterInstantiateFilter(true, + rc = __virNWFilterInstantiateFilter(vmuuid, + true, ifname, ifindex, linkdev, @@ -973,11 +981,12 @@ virNWFilterInstantiateFilterLate(const char *ifname, int virNWFilterInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net) { bool foundNewFilter = false; - return _virNWFilterInstantiateFilter(conn, net, + return _virNWFilterInstantiateFilter(conn, vmuuid, net, 1, INSTANTIATE_ALWAYS, &foundNewFilter); @@ -986,12 +995,13 @@ virNWFilterInstantiateFilter(virConnectPtr conn, int virNWFilterUpdateInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net, bool *skipIface) { bool foundNewFilter = false; - int rc = _virNWFilterInstantiateFilter(conn, net, + int rc = _virNWFilterInstantiateFilter(conn, vmuuid, net, 0, INSTANTIATE_FOLLOW_NEWFILTER, &foundNewFilter); @@ -1109,6 +1119,7 @@ virNWFilterDomainFWUpdateCB(void *payload, switch (cb->step) { case STEP_APPLY_NEW: cb->err = virNWFilterUpdateInstantiateFilter(cb->conn, + vm->uuid, net, &skipIface); if (cb->err == 0 && skipIface) { diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h index 756597edae..0579a9a27e 100644 --- a/src/nwfilter/nwfilter_gentech_driver.h +++ b/src/nwfilter/nwfilter_gentech_driver.h @@ -38,12 +38,15 @@ enum instCase { int virNWFilterInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net); int virNWFilterUpdateInstantiateFilter(virConnectPtr conn, + const unsigned char *vmuuid, const virDomainNetDefPtr net, bool *skipIface); -int virNWFilterInstantiateFilterLate(const char *ifname, +int virNWFilterInstantiateFilterLate(const unsigned char *vmuuid, + const char *ifname, int ifindex, const char *linkdev, enum virDomainNetType nettype, diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c index 38362fb761..93f8f6ea5b 100644 --- a/src/nwfilter/nwfilter_learnipaddr.c +++ b/src/nwfilter/nwfilter_learnipaddr.c @@ -704,7 +704,8 @@ learnIPAddressThread(void *arg) "cache for interface %s"), inetaddr, req->ifname); } - ret = virNWFilterInstantiateFilterLate(req->ifname, + ret = virNWFilterInstantiateFilterLate(NULL, + req->ifname, req->ifindex, req->linkdev, req->nettype, diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index d7eef7a68b..97d2463e91 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -275,7 +275,7 @@ qemuNetworkIfaceConnect(virDomainDefPtr def, if (tapfd >= 0) { if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(conn, net) < 0) + if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) VIR_FORCE_CLOSE(tapfd); } } diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index f58144139a..d4271d0ccc 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2355,7 +2355,7 @@ qemuProcessFiltersInstantiate(virConnectPtr conn, for (i = 0 ; i < def->nnets ; i++) { virDomainNetDefPtr net = def->nets[i]; if ((net->filter) && (net->ifname)) { - if (virDomainConfNWFilterInstantiate(conn, net) < 0) { + if (virDomainConfNWFilterInstantiate(conn, def->uuid, net) < 0) { err = 1; break; } diff --git a/src/uml/uml_conf.c b/src/uml/uml_conf.c index 48904ad7a5..86ca191de0 100644 --- a/src/uml/uml_conf.c +++ b/src/uml/uml_conf.c @@ -122,6 +122,7 @@ virCapsPtr umlCapsInit(void) { static int umlConnectTapDevice(virConnectPtr conn, + virDomainDefPtr vm, virDomainNetDefPtr net, const char *bridge) { @@ -148,7 +149,7 @@ umlConnectTapDevice(virConnectPtr conn, } if (net->filter) { - if (virDomainConfNWFilterInstantiate(conn, net) < 0) { + if (virDomainConfNWFilterInstantiate(conn, vm->uuid, net) < 0) { if (template_ifname) VIR_FREE(net->ifname); goto error; @@ -165,6 +166,7 @@ error: static char * umlBuildCommandLineNet(virConnectPtr conn, + virDomainDefPtr vm, virDomainNetDefPtr def, int idx) { @@ -230,7 +232,7 @@ umlBuildCommandLineNet(virConnectPtr conn, goto error; } - if (umlConnectTapDevice(conn, def, bridge) < 0) { + if (umlConnectTapDevice(conn, vm, def, bridge) < 0) { VIR_FREE(bridge); goto error; } @@ -241,7 +243,8 @@ umlBuildCommandLineNet(virConnectPtr conn, } case VIR_DOMAIN_NET_TYPE_BRIDGE: - if (umlConnectTapDevice(conn, def, def->data.bridge.brname) < 0) + if (umlConnectTapDevice(conn, vm, def, + def->data.bridge.brname) < 0) goto error; /* ethNNN=tuntap,tapname,macaddr,gateway */ @@ -434,7 +437,7 @@ virCommandPtr umlBuildCommandLine(virConnectPtr conn, } for (i = 0 ; i < vm->def->nnets ; i++) { - char *ret = umlBuildCommandLineNet(conn, vm->def->nets[i], i); + char *ret = umlBuildCommandLineNet(conn, vm->def, vm->def->nets[i], i); if (!ret) goto error; virCommandAddArg(cmd, ret); -- GitLab