提交 5054e892 编写于 作者: S Stefan Berger

Prevent updates while IP address learn thread is running

Prevent updating and tearing down of filter while the IP
address learning thread is running and has its own filtering
rules applied.
上级 ebacb31f
...@@ -610,6 +610,8 @@ virNWFilterInstantiate(virConnectPtr conn, ...@@ -610,6 +610,8 @@ virNWFilterInstantiate(virConnectPtr conn,
} else if (virHashSize(missing_vars->hashTable) > 1) { } else if (virHashSize(missing_vars->hashTable) > 1) {
rc = 1; rc = 1;
goto err_exit; goto err_exit;
} else if (virNWFilterLookupLearnReq(ifindex) == NULL) {
goto err_exit;
} }
rc = _virNWFilterInstantiateRec(conn, rc = _virNWFilterInstantiateRec(conn,
...@@ -890,7 +892,9 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn, ...@@ -890,7 +892,9 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
const virDomainNetDefPtr net) const virDomainNetDefPtr net)
{ {
const char *drvname = EBIPTABLES_DRIVER_ID; const char *drvname = EBIPTABLES_DRIVER_ID;
int ifindex;
virNWFilterTechDriverPtr techdriver; virNWFilterTechDriverPtr techdriver;
techdriver = virNWFilterTechDriverForName(drvname); techdriver = virNWFilterTechDriverForName(drvname);
if (!techdriver) { if (!techdriver) {
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
...@@ -900,6 +904,11 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn, ...@@ -900,6 +904,11 @@ int virNWFilterRollbackUpdateFilter(virConnectPtr conn,
return 1; return 1;
} }
/* don't tear anything while the address is being learned */
if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 &&
virNWFilterLookupLearnReq(ifindex) != NULL)
return 0;
return techdriver->tearNewRules(conn, net->ifname); return techdriver->tearNewRules(conn, net->ifname);
} }
...@@ -909,7 +918,9 @@ virNWFilterTearOldFilter(virConnectPtr conn, ...@@ -909,7 +918,9 @@ virNWFilterTearOldFilter(virConnectPtr conn,
virDomainNetDefPtr net) virDomainNetDefPtr net)
{ {
const char *drvname = EBIPTABLES_DRIVER_ID; const char *drvname = EBIPTABLES_DRIVER_ID;
int ifindex;
virNWFilterTechDriverPtr techdriver; virNWFilterTechDriverPtr techdriver;
techdriver = virNWFilterTechDriverForName(drvname); techdriver = virNWFilterTechDriverForName(drvname);
if (!techdriver) { if (!techdriver) {
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
...@@ -919,6 +930,11 @@ virNWFilterTearOldFilter(virConnectPtr conn, ...@@ -919,6 +930,11 @@ virNWFilterTearOldFilter(virConnectPtr conn,
return 1; return 1;
} }
/* don't tear anything while the address is being learned */
if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 &&
virNWFilterLookupLearnReq(ifindex) != NULL)
return 0;
return techdriver->tearOldRules(conn, net->ifname); return techdriver->tearOldRules(conn, net->ifname);
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册