nwfilter: Force instantiation of filters upon driver reload

Introduce a function that rebuilds all running VMs' filters. Call
this function when reloading the nwfilter driver.

This addresses a problem introduced by the 2nd patch that typically
causes no filters to be reinstantiate anymore upon driver reload
since their XML has not changed. Yet the current behavior is that
upon a SIGHUP all filters get reinstantiated.

src/conf/nwfilter_conf.c

@@ -2723,6 +2723,29 @@ virNWFilterCallbackDriversUnlock(void)
 
 static virHashIterator virNWFilterDomainFWUpdateCB;
 
+/**
+ * virNWFilterInstFiltersOnAllVMs:
+ * Apply all filters on all running VMs. Don't terminate in case of an
+ * error. This should be called upon reloading of the driver.
+ */
+int
+virNWFilterInstFiltersOnAllVMs(virConnectPtr conn)
+{
+    int i;
+    struct domUpdateCBStruct cb = {
+        .conn = conn,
+        .err = 0, /* ignored here */
+        .step = STEP_APPLY_CURRENT,
+        .skipInterfaces = NULL, /* not needed */
+    };
+
+    for (i = 0; i < nCallbackDriver; i++)
+        callbackDrvArray[i]->vmFilterRebuild(conn,
+                                             virNWFilterDomainFWUpdateCB,
+                                             &cb);
+
+    return 0;
+}
 
 static int
 virNWFilterTriggerVMFilterRebuild(virConnectPtr conn)

src/conf/nwfilter_conf.h

@@ -577,6 +577,7 @@ enum UpdateStep {
     STEP_APPLY_NEW,
     STEP_TEAR_NEW,
     STEP_TEAR_OLD,
+    STEP_APPLY_CURRENT,
 };
 
 struct domUpdateCBStruct {
@@ -722,6 +723,8 @@ void virNWFilterUnlockFilterUpdates(void);
 int virNWFilterConfLayerInit(virHashIterator domUpdateCB);
 void virNWFilterConfLayerShutdown(void);
 
+int virNWFilterInstFiltersOnAllVMs(virConnectPtr conn);
+
 # define virNWFilterReportError(code, fmt...)                      \
         virReportErrorHelper(VIR_FROM_NWFILTER, code, __FILE__,    \
                              __FUNCTION__, __LINE__, fmt)

src/libvirt_private.syms

@@ -811,6 +811,7 @@ virNWFilterConfLayerShutdown;
 virNWFilterDefFormat;
 virNWFilterDefFree;
 virNWFilterDefParseString;
+virNWFilterInstFiltersOnAllVMs;
 virNWFilterJumpTargetTypeToString;
 virNWFilterLoadAllConfigs;
 virNWFilterLockFilterUpdates;

src/nwfilter/nwfilter_driver.c

@@ -162,6 +162,8 @@ nwfilterDriverReload(void) {
         virNWFilterCallbackDriversUnlock();
         nwfilterDriverUnlock(driverState);
 
+        virNWFilterInstFiltersOnAllVMs(conn);
+
         virConnectClose(conn);
     }
 

src/nwfilter/nwfilter_gentech_driver.c

@@ -1122,7 +1122,7 @@ virNWFilterDomainFWUpdateCB(void *payload,
     virDomainObjPtr obj = payload;
     virDomainDefPtr vm = obj->def;
     struct domUpdateCBStruct *cb = data;
-    int i;
+    int i, err;
     bool skipIface;
 
     virDomainObjLock(obj);
@@ -1156,6 +1156,16 @@ virNWFilterDomainFWUpdateCB(void *payload,
                         cb->err = virNWFilterTearOldFilter(net);
                     }
                     break;
+
+                case STEP_APPLY_CURRENT:
+                    err = virNWFilterInstantiateFilter(cb->conn,
+                                                       vm->uuid,
+                                                       net);
+                    if (err)
+                        virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
+                            _("Failure while applying current filter on "
+                            "VM %s"), vm->name);
+                    break;
                 }
                 if (cb->err)
                     break;