nwfilter: convert virt drivers to use public API for nwfilter bindings

Remove the callbacks that the nwfilter driver registers with the domain object config layer. Instead make the current helper methods call into the public API for creating/deleting nwfilter bindings. Reviewed-by: N John Ferlan <jferlan@redhat.com> Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>

nwfilter: convert virt drivers to use public API for nwfilter bindings
Remove the callbacks that the nwfilter driver registers with the domain object config layer. Instead make the current helper methods call into the public API for creating/deleting nwfilter bindings. Reviewed-by: N John Ferlan <jferlan@redhat.com> Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>
f14c37ce · Daniel P. Berrangé · 2d9318b6 · f14c37ce · f14c37ce · f14c37ce
12 changed file
--- a/src/conf/domain_nwfilter.c
+++ b/src/conf/domain_nwfilter.c
@@ -28,45 +28,146 @@
 #include "datatypes.h"
 #include "domain_conf.h"
 #include "domain_nwfilter.h"
+#include "virnwfilterbindingdef.h"
 #include "virerror.h"
+#include "viralloc.h"
+#include "virstring.h"
+#include "virlog.h"
-#define VIR_FROM_THIS VIR_FROM_NWFILTER
-static virDomainConfNWFilterDriverPtr nwfilterDriver;
+VIR_LOG_INIT("conf.domain_nwfilter");
-void
+#define VIR_FROM_THIS VIR_FROM_NWFILTER
-virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver)
+static virNWFilterBindingDefPtr
+virNWFilterBindingDefForNet(const char *vmname,
+                            const unsigned char *vmuuid,
+                            virDomainNetDefPtr net)
 {
-    nwfilterDriver = driver;
+    virNWFilterBindingDefPtr ret;
+    if (VIR_ALLOC(ret) < 0)
+        return NULL;
+    if (VIR_STRDUP(ret->ownername, vmname) < 0)
+        goto error;
+    memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid));
+    if (VIR_STRDUP(ret->portdevname, net->ifname) < 0)
+        goto error;
+    if (net->type == VIR_DOMAIN_NET_TYPE_DIRECT &&
+        VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0)
+        goto error;
+    ret->mac = net->mac;
+    if (VIR_STRDUP(ret->filter, net->filter) < 0)
+        goto error;
+    if (!(ret->filterparams = virNWFilterHashTableCreate(0)))
+        goto error;
+    if (net->filterparams &&
+        virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) < 0)
+        goto error;
+    return ret;
+ error:
+    virNWFilterBindingDefFree(ret);
+    return NULL;
 }
 int
 virDomainConfNWFilterInstantiate(const char *vmname,
                                 const unsigned char *vmuuid,
-                                 virDomainNetDefPtr net)
+                                 virDomainNetDefPtr net,
+                                 bool ignoreExists)
 {
-    if (nwfilterDriver != NULL)
+    virConnectPtr conn = virGetConnectNWFilter();
-        return nwfilterDriver->instantiateFilter(vmname, vmuuid, net);
+    virNWFilterBindingDefPtr def = NULL;
+    virNWFilterBindingPtr binding = NULL;
+    char *xml;
+    int ret = -1;
+    VIR_DEBUG("vmname=%s portdev=%s filter=%s ignoreExists=%d",
+              vmname, NULLSTR(net->ifname), NULLSTR(net->filter), ignoreExists);
+    if (!conn)
+        goto cleanup;
+    if (ignoreExists) {
+        binding = virNWFilterBindingLookupByPortDev(conn, net->ifname);
+        if (binding) {
+            ret = 0;
+            goto cleanup;
+        }
+    }
-    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+    if (!(def = virNWFilterBindingDefForNet(vmname, vmuuid, net)))
-                   _("No network filter driver available"));
+        goto cleanup;
-    return -1;
+    if (!(xml = virNWFilterBindingDefFormat(def)))
+        goto cleanup;
+    if (!(binding = virNWFilterBindingCreateXML(conn, xml, 0)))
+        goto cleanup;
+    ret = 0;
+ cleanup:
+    VIR_FREE(xml);
+    virNWFilterBindingDefFree(def);
+    virObjectUnref(binding);
+    virObjectUnref(conn);
+    return ret;
 }
+static void
+virDomainConfNWFilterTeardownImpl(virConnectPtr conn,
+                                  virDomainNetDefPtr net)
+{
+    virNWFilterBindingPtr binding;
+    binding = virNWFilterBindingLookupByPortDev(conn, net->ifname);
+    if (!binding)
+        return;
+    virNWFilterBindingDelete(binding);
+    virObjectUnref(binding);
+}
 void
 virDomainConfNWFilterTeardown(virDomainNetDefPtr net)
 {
-    if (nwfilterDriver != NULL)
+    virConnectPtr conn = virGetConnectNWFilter();
-        nwfilterDriver->teardownFilter(net);
+    if (!conn)
+        return;
+    virDomainConfNWFilterTeardownImpl(conn, net);
+    virObjectUnref(conn);
 }
 void
 virDomainConfVMNWFilterTeardown(virDomainObjPtr vm)
 {
    size_t i;
+    virConnectPtr conn = virGetConnectNWFilter();
-    if (nwfilterDriver != NULL) {
+    if (!conn)
-        for (i = 0; i < vm->def->nnets; i++)
+        return;
-            virDomainConfNWFilterTeardown(vm->def->nets[i]);
-    }
+    for (i = 0; i < vm->def->nnets; i++)
+        virDomainConfNWFilterTeardownImpl(conn, vm->def->nets[i]);
+    virObjectUnref(conn);
 }
--- a/src/conf/domain_nwfilter.h
+++ b/src/conf/domain_nwfilter.h
@@ -23,22 +23,10 @@
 #ifndef DOMAIN_NWFILTER_H
 # define DOMAIN_NWFILTER_H
-typedef int (*virDomainConfInstantiateNWFilter)(const char *vmname,
-                                                const unsigned char *vmuuid,
-                                                virDomainNetDefPtr net);
-typedef void (*virDomainConfTeardownNWFilter)(virDomainNetDefPtr net);
-typedef struct {
-    virDomainConfInstantiateNWFilter instantiateFilter;
-    virDomainConfTeardownNWFilter    teardownFilter;
-} virDomainConfNWFilterDriver;
-typedef virDomainConfNWFilterDriver *virDomainConfNWFilterDriverPtr;
-void virDomainConfNWFilterRegister(virDomainConfNWFilterDriverPtr driver);
 int virDomainConfNWFilterInstantiate(const char *vmname,
                                     const unsigned char *vmuuid,
-                                     virDomainNetDefPtr net);
+                                     virDomainNetDefPtr net,
+                                     bool ignoreExists);
 void virDomainConfNWFilterTeardown(virDomainNetDefPtr net);
 void virDomainConfVMNWFilterTeardown(virDomainObjPtr vm);

--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -651,7 +651,6 @@ virDomainQemuMonitorEventStateRegisterID;
 # conf/domain_nwfilter.h
 virDomainConfNWFilterInstantiate;
-virDomainConfNWFilterRegister;
 virDomainConfNWFilterTeardown;
 virDomainConfVMNWFilterTeardown;

--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -303,7 +303,7 @@ virLXCProcessSetupInterfaceTap(virDomainDefPtr vm,
    }
    if (net->filter &&
-        virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net) < 0)
+        virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, false) < 0)
        goto cleanup;
    ret = containerVeth;

--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -655,65 +655,6 @@ nwfilterGetXMLDesc(virNWFilterPtr nwfilter,
 }
-static int
-nwfilterInstantiateFilter(const char *vmname,
-                          const unsigned char *vmuuid,
-                          virDomainNetDefPtr net)
-{
-    virNWFilterBindingObjPtr obj;
-    virNWFilterBindingDefPtr def;
-    int ret;
-    obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, net->ifname);
-    if (obj) {
-        virNWFilterBindingObjEndAPI(&obj);
-        return 0;
-    }
-    if (!(def = virNWFilterBindingDefForNet(vmname, vmuuid, net)))
-        return -1;
-    obj = virNWFilterBindingObjListAdd(driver->bindings,
-                                       def);
-    if (!obj) {
-        virNWFilterBindingDefFree(def);
-        return -1;
-    }
-    ret = virNWFilterInstantiateFilter(driver, def);
-    if (ret >= 0)
-        virNWFilterBindingObjSave(obj, driver->bindingDir);
-    else
-        virNWFilterBindingObjListRemove(driver->bindings, obj);
-    virNWFilterBindingObjEndAPI(&obj);
-    return ret;
-}
-static void
-nwfilterTeardownFilter(virDomainNetDefPtr net)
-{
-    virNWFilterBindingObjPtr obj;
-    virNWFilterBindingDefPtr def;
-    if (!net->ifname)
-        return;
-    obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, net->ifname);
-    if (!obj)
-        return;
-    def = virNWFilterBindingObjGetDef(obj);
-    virNWFilterTeardownFilter(def);
-    virNWFilterBindingObjDelete(obj, driver->bindingDir);
-    virNWFilterBindingObjListRemove(driver->bindings, obj);
-    virNWFilterBindingObjEndAPI(&obj);
-}
 static virNWFilterBindingPtr
 nwfilterBindingLookupByPortDev(virConnectPtr conn,
                               const char *portdev)
@@ -724,8 +665,11 @@ nwfilterBindingLookupByPortDev(virConnectPtr conn,
    obj = virNWFilterBindingObjListFindByPortDev(driver->bindings,
                                                 portdev);
-    if (!obj)
+    if (!obj) {
+        virReportError(VIR_ERR_NO_NWFILTER_BINDING,
+                       _("no nwfilter binding for port dev '%s'"), portdev);
        goto cleanup;
+    }
    def = virNWFilterBindingObjGetDef(obj);
    if (virNWFilterBindingLookupByPortDevEnsureACL(conn, def) < 0)
@@ -772,8 +716,11 @@ nwfilterBindingGetXMLDesc(virNWFilterBindingPtr binding,
    obj = virNWFilterBindingObjListFindByPortDev(driver->bindings,
                                                 binding->portdev);
-    if (!obj)
+    if (!obj) {
+        virReportError(VIR_ERR_NO_NWFILTER_BINDING,
+                       _("no nwfilter binding for port dev '%s'"), binding->portdev);
        goto cleanup;
+    }
    def = virNWFilterBindingObjGetDef(obj);
    if (virNWFilterBindingGetXMLDescEnsureACL(binding->conn, def) < 0)
@@ -852,8 +799,11 @@ nwfilterBindingDelete(virNWFilterBindingPtr binding)
    int ret = -1;
    obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, binding->portdev);
-    if (!obj)
+    if (!obj) {
+        virReportError(VIR_ERR_NO_NWFILTER_BINDING,
+                       _("no nwfilter binding for port dev '%s'"), binding->portdev);
        return -1;
+    }
    def = virNWFilterBindingObjGetDef(obj);
    if (virNWFilterBindingDeleteEnsureACL(binding->conn, def) < 0)
@@ -914,13 +864,6 @@ static virStateDriver stateDriver = {
    .stateReload = nwfilterStateReload,
 };
-static virDomainConfNWFilterDriver domainNWFilterDriver = {
-    .instantiateFilter = nwfilterInstantiateFilter,
-    .teardownFilter = nwfilterTeardownFilter,
-};
 int nwfilterRegister(void)
 {
    if (virRegisterConnectDriver(&nwfilterConnectDriver, false) < 0)
@@ -929,6 +872,5 @@ int nwfilterRegister(void)
        return -1;
    if (virRegisterStateDriver(&stateDriver) < 0)
        return -1;
-    virDomainConfNWFilterRegister(&domainNWFilterDriver);
    return 0;
 }
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -1082,45 +1082,3 @@ virNWFilterBuildAll(virNWFilterDriverStatePtr driver,
    }
    return ret;
 }
-virNWFilterBindingDefPtr
-virNWFilterBindingDefForNet(const char *vmname,
-                            const unsigned char *vmuuid,
-                            virDomainNetDefPtr net)
-{
-    virNWFilterBindingDefPtr ret;
-    if (VIR_ALLOC(ret) < 0)
-        return NULL;
-    if (VIR_STRDUP(ret->ownername, vmname) < 0)
-        goto error;
-    memcpy(ret->owneruuid, vmuuid, sizeof(ret->owneruuid));
-    if (VIR_STRDUP(ret->portdevname, net->ifname) < 0)
-        goto error;
-    if (net->type == VIR_DOMAIN_NET_TYPE_DIRECT &&
-        VIR_STRDUP(ret->linkdevname, net->data.direct.linkdev) < 0)
-        goto error;
-    ret->mac = net->mac;
-    if (VIR_STRDUP(ret->filter, net->filter) < 0)
-        goto error;
-    if (!(ret->filterparams = virNWFilterHashTableCreate(0)))
-        goto error;
-    if (net->filterparams &&
-        virNWFilterHashTablePutAll(net->filterparams, ret->filterparams) < 0)
-        goto error;
-    return ret;
- error:
-    virNWFilterBindingDefFree(ret);
-    return NULL;
-}
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -57,8 +57,4 @@ virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr,
 int virNWFilterBuildAll(virNWFilterDriverStatePtr driver,
                        bool newFilters);
-virNWFilterBindingDefPtr virNWFilterBindingDefForNet(const char *vmname,
-                                                     const unsigned char *vmuuid,
-                                                     virDomainNetDefPtr net);
 #endif
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3009,7 +3009,7 @@ qemuDomainChangeNetFilter(virDomainObjPtr vm,
    if (newdev->filter &&
        virDomainConfNWFilterInstantiate(vm->def->name,
-                                         vm->def->uuid, newdev) < 0) {
+                                         vm->def->uuid, newdev, false) < 0) {
        virErrorPtr errobj;
        virReportError(VIR_ERR_OPERATION_FAILED,
@@ -3018,7 +3018,7 @@ qemuDomainChangeNetFilter(virDomainObjPtr vm,
                       olddev->ifname);
        virErrorPreserveLast(&errobj);
        ignore_value(virDomainConfNWFilterInstantiate(vm->def->name,
-                                                      vm->def->uuid, olddev));
+                                                      vm->def->uuid, olddev, false));
        virErrorRestore(&errobj);
        return -1;
    }

--- a/src/qemu/qemu_interface.c
+++ b/src/qemu/qemu_interface.c
@@ -467,7 +467,7 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
        goto cleanup;
    if (net->filter &&
-        virDomainConfNWFilterInstantiate(def->name, def->uuid, net) < 0) {
+        virDomainConfNWFilterInstantiate(def->name, def->uuid, net, false) < 0) {
        goto cleanup;
    }
@@ -586,7 +586,7 @@ qemuInterfaceBridgeConnect(virDomainDefPtr def,
        goto cleanup;
    if (net->filter &&
-        virDomainConfNWFilterInstantiate(def->name, def->uuid, net) < 0) {
+        virDomainConfNWFilterInstantiate(def->name, def->uuid, net, false) < 0) {
        goto cleanup;
    }

--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3018,14 +3018,14 @@ qemuProcessNotifyNets(virDomainDefPtr def)
 }
 static int
-qemuProcessFiltersInstantiate(virDomainDefPtr def)
+qemuProcessFiltersInstantiate(virDomainDefPtr def, bool ignoreExists)
 {
    size_t i;
    for (i = 0; i < def->nnets; i++) {
        virDomainNetDefPtr net = def->nets[i];
        if ((net->filter) && (net->ifname)) {
-            if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net) < 0)
+            if (virDomainConfNWFilterInstantiate(def->name, def->uuid, net, ignoreExists) < 0)
                return 1;
        }
    }
@@ -7650,7 +7650,7 @@ qemuProcessReconnect(void *opaque)
    qemuProcessNotifyNets(obj->def);
-    if (qemuProcessFiltersInstantiate(obj->def))
+    if (qemuProcessFiltersInstantiate(obj->def, true))
        goto error;
    if (qemuProcessRefreshDisks(driver, obj, QEMU_ASYNC_JOB_NONE) < 0)

--- a/src/remote/remote_daemon.c
+++ b/src/remote/remote_daemon.c
@@ -283,6 +283,7 @@ static int daemonErrorLogFilter(virErrorPtr err, int priority)
    case VIR_ERR_NO_NODE_DEVICE:
    case VIR_ERR_NO_INTERFACE:
    case VIR_ERR_NO_NWFILTER:
+    case VIR_ERR_NO_NWFILTER_BINDING:
    case VIR_ERR_NO_SECRET:
    case VIR_ERR_NO_DOMAIN_SNAPSHOT:
    case VIR_ERR_OPERATION_INVALID:

--- a/src/uml/uml_conf.c
+++ b/src/uml/uml_conf.c
@@ -137,7 +137,7 @@ umlConnectTapDevice(virDomainDefPtr vm,
    }
    if (net->filter) {
-        if (virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net) < 0) {
+        if (virDomainConfNWFilterInstantiate(vm->name, vm->uuid, net, false) < 0) {
            if (template_ifname)
                VIR_FREE(net->ifname);
            goto error;