From f6e6fee82c36159f5f4b52c3926c95b1f6e40e5d Mon Sep 17 00:00:00 2001 Message-Id: From: Nikolay Shirokovskiy Date: Tue, 30 Apr 2019 18:00:59 +0100 Subject: [PATCH] nwfilter: fix adding std MAC and IP values to filter binding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d1a7c08eb changed filter instantiation code to ignore MAC and IP variables explicitly specified for filter binding. It just replaces explicit values with values associated with the binding. Before the commit virNWFilterCreateVarsFrom was used so that explicit value take precedence. Let's bring old behavior back. This is useful. For example if domain has two interfaces it makes sense to list both mac adresses in MAC var of every interface filterref. So that if guest make a bond of these interfaces and start sending frames with one of the mac adresses from both interfaces we can pass outgress traffic from both interfaces too. Reviewed-by: Daniel P. Berrangé Signed-off-by: Nikolay Shirokovskiy (cherry picked from commit 01e11ebcb6e8f24662b7c67b70134c192785691c) https://bugzilla.redhat.com/show_bug.cgi?id=1691358 Message-Id: <20190430170059.25891-1-berrange@redhat.com> Reviewed-by: Jiri Denemark --- src/nwfilter/nwfilter_gentech_driver.c | 92 +++++++++----------------- 1 file changed, 32 insertions(+), 60 deletions(-) diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c index e5dea91f83..ece5d28f41 100644 --- a/src/nwfilter/nwfilter_gentech_driver.c +++ b/src/nwfilter/nwfilter_gentech_driver.c @@ -128,60 +128,6 @@ virNWFilterRuleInstFree(virNWFilterRuleInstPtr inst) } -/** - * virNWFilterVarHashmapAddStdValues: - * @tables: pointer to hash tabel to add values to - * @macaddr: The string of the MAC address to add to the hash table, - * may be NULL - * @ipaddr: The string of the IP address to add to the hash table; - * may be NULL - * - * Returns 0 in case of success, -1 in case an error happened with - * error having been reported. - * - * Adds a couple of standard keys (MAC, IP) to the hash table. - */ -static int -virNWFilterVarHashmapAddStdValues(virHashTablePtr table, - const char *macaddr, - const virNWFilterVarValue *ipaddr) -{ - virNWFilterVarValue *val; - - if (macaddr) { - val = virNWFilterVarValueCreateSimpleCopyValue(macaddr); - if (!val) - return -1; - - if (virHashUpdateEntry(table, - NWFILTER_STD_VAR_MAC, - val) < 0) { - virNWFilterVarValueFree(val); - virReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("Could not add variable 'MAC' to hashmap")); - return -1; - } - } - - if (ipaddr) { - val = virNWFilterVarValueCopy(ipaddr); - if (!val) - return -1; - - if (virHashUpdateEntry(table, - NWFILTER_STD_VAR_IP, - val) < 0) { - virNWFilterVarValueFree(val); - virReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("Could not add variable 'IP' to hashmap")); - return -1; - } - } - - return 0; -} - - /** * Convert a virHashTable into a string of comma-separated * variable names. @@ -707,6 +653,28 @@ virNWFilterDoInstantiate(virNWFilterTechDriverPtr techdriver, } +static int +virNWFilterVarHashmapAddStdValue(virHashTablePtr table, + const char *var, + const char *value) +{ + virNWFilterVarValue *val; + + if (virHashLookup(table, var)) + return 0; + + if (!(val = virNWFilterVarValueCreateSimpleCopyValue(value))) + return -1; + + if (virHashAddEntry(table, var, val) < 0) { + virNWFilterVarValueFree(val); + return -1; + } + + return 0; +} + + /* * Call this function while holding the NWFilter filter update lock */ @@ -719,7 +687,7 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, bool forceWithPendingReq, bool *foundNewFilter) { - int rc; + int rc = -1; const char *drvname = EBIPTABLES_DRIVER_ID; virNWFilterTechDriverPtr techdriver; virNWFilterObjPtr obj; @@ -745,14 +713,18 @@ virNWFilterInstantiateFilterUpdate(virNWFilterDriverStatePtr driver, return -1; virMacAddrFormat(&binding->mac, vmmacaddr); + if (virNWFilterVarHashmapAddStdValue(binding->filterparams, + NWFILTER_STD_VAR_MAC, + vmmacaddr) < 0) + goto err_exit; ipaddr = virNWFilterIPAddrMapGetIPAddr(binding->portdevname); - - if (virNWFilterVarHashmapAddStdValues(binding->filterparams, - vmmacaddr, ipaddr) < 0) { - rc = -1; + if (ipaddr && + virNWFilterVarHashmapAddStdValue(binding->filterparams, + NWFILTER_STD_VAR_IP, + virNWFilterVarValueGetSimple(ipaddr)) < 0) goto err_exit; - } + filter = virNWFilterObjGetDef(obj); -- 2.21.0