diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index 5db4562128182c37bd6d68696b407d10e2a03b45..684e270a78dec01bd4056695150a9e8696b4068e 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -2723,6 +2723,29 @@ virNWFilterCallbackDriversUnlock(void) static virHashIterator virNWFilterDomainFWUpdateCB; +/** + * virNWFilterInstFiltersOnAllVMs: + * Apply all filters on all running VMs. Don't terminate in case of an + * error. This should be called upon reloading of the driver. + */ +int +virNWFilterInstFiltersOnAllVMs(virConnectPtr conn) +{ + int i; + struct domUpdateCBStruct cb = { + .conn = conn, + .err = 0, /* ignored here */ + .step = STEP_APPLY_CURRENT, + .skipInterfaces = NULL, /* not needed */ + }; + + for (i = 0; i < nCallbackDriver; i++) + callbackDrvArray[i]->vmFilterRebuild(conn, + virNWFilterDomainFWUpdateCB, + &cb); + + return 0; +} static int virNWFilterTriggerVMFilterRebuild(virConnectPtr conn) diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index 3cb4b82f379ec688d0d53f225562c22ba5c79638..4816a9c6fe8d4e236687a312bde400516e2b00b7 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -577,6 +577,7 @@ enum UpdateStep { STEP_APPLY_NEW, STEP_TEAR_NEW, STEP_TEAR_OLD, + STEP_APPLY_CURRENT, }; struct domUpdateCBStruct { @@ -722,6 +723,8 @@ void virNWFilterUnlockFilterUpdates(void); int virNWFilterConfLayerInit(virHashIterator domUpdateCB); void virNWFilterConfLayerShutdown(void); +int virNWFilterInstFiltersOnAllVMs(virConnectPtr conn); + # define virNWFilterReportError(code, fmt...) \ virReportErrorHelper(VIR_FROM_NWFILTER, code, __FILE__, \ __FUNCTION__, __LINE__, fmt) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 915a43f12e9c578c232747d9c38c9c2fbb58dd71..e1ee23fa923b696c498e2aeebd715f1dd34bb722 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -811,6 +811,7 @@ virNWFilterConfLayerShutdown; virNWFilterDefFormat; virNWFilterDefFree; virNWFilterDefParseString; +virNWFilterInstFiltersOnAllVMs; virNWFilterJumpTargetTypeToString; virNWFilterLoadAllConfigs; virNWFilterLockFilterUpdates; diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index ed5028de9d4a55b119bea075cc50102ccf518262..ffb4b5df78777a4a2146179052b4b1b773f01e16 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -162,6 +162,8 @@ nwfilterDriverReload(void) { virNWFilterCallbackDriversUnlock(); nwfilterDriverUnlock(driverState); + virNWFilterInstFiltersOnAllVMs(conn); + virConnectClose(conn); } diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index 17fdd39ff05a12ae8e7ba23964410b85975ff1fa..c35b74975dbdc551dadbef27a25bb9302d82332f 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -1122,7 +1122,7 @@ virNWFilterDomainFWUpdateCB(void *payload, virDomainObjPtr obj = payload; virDomainDefPtr vm = obj->def; struct domUpdateCBStruct *cb = data; - int i; + int i, err; bool skipIface; virDomainObjLock(obj); @@ -1156,6 +1156,16 @@ virNWFilterDomainFWUpdateCB(void *payload, cb->err = virNWFilterTearOldFilter(net); } break; + + case STEP_APPLY_CURRENT: + err = virNWFilterInstantiateFilter(cb->conn, + vm->uuid, + net); + if (err) + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, + _("Failure while applying current filter on " + "VM %s"), vm->name); + break; } if (cb->err) break;