[libvirt] [PATCH 00/14] nwfilter: refactor the driver to make it independent of virt drivers

Daniel P. Berrangé berrange at redhat.com
Fri Apr 27 15:24:59 UTC 2018 

Today the nwfilter driver is entangled with the virt drivers in both
directions. At various times when rebuilding filters nwfilter will call
out to the virt driver to iterate over running guest's NICs. This has
caused very complicated lock ordering rules to be required. If we are to
split the virt drivers out into separate daemons we need to get rid of
this coupling since we don't want the separate daemons calling each
other, as that risks deadlock if all of the RPC workers are busy.

The obvious way to solve this is to have the nwfilter driver remember
all the filters it has active, avoiding the need to iterate over running
guests.

NB, these patches are all ready for review, but the last patch really
should not be merged at this time. I need to do more work to be able to
serialize the filter state to disk, so the nwfilter driver can keep track
of it across daemon restarts. All except the last patch should be ok to
merge though.

Daniel P. Berrangé (14):
  nwfilter: remove pointless virNWFilterHashTable struct
  nwfilter: remove methods that are trivial wrappers for virHash APIs
  nwfilter: remove virNWFilterHashTable typedefs entirely
  nwfilter: make virNWFilterIPAddrLearnReq type private
  nwfilter: remove obsolete code related to firewalld
  nwfilter: fix leaking of filter parameters upon error
  nwfilter: introduce virNWFilterBinding to decouple from virDomainNet
  nwfilter: pass vm name in when instantiating filters
  nwfilter: convert the gentech driver code to use virNWFilterBinding
  nwfilter: convert IP address learning code to virNWFilterBinding
  nwfilter: convert DHCP address snooping code to virNWFilterBinding
  nwfilter: report an error if nic needs filtering by no driver is
    present
  nwfilter: keep track of active filter bindings
  nwfilter: remove virt driver callback layer for rebuilding filters

 src/conf/domain_conf.c                 |   8 +-
 src/conf/domain_conf.h                 |   2 +-
 src/conf/domain_nwfilter.c             |  14 +-
 src/conf/domain_nwfilter.h             |   6 +-
 src/conf/nwfilter_conf.c               | 224 ++++++++---------
 src/conf/nwfilter_conf.h               |  67 ++---
 src/conf/nwfilter_ipaddrmap.c          |  15 +-
 src/conf/nwfilter_params.c             | 127 +++-------
 src/conf/nwfilter_params.h             |  33 +--
 src/conf/virnwfilterobj.c              |   4 +-
 src/conf/virnwfilterobj.h              |   4 +-
 src/libvirt_private.syms               |   8 +-
 src/lxc/lxc_driver.c                   |  28 ---
 src/lxc/lxc_process.c                  |   2 +-
 src/nwfilter/nwfilter_dhcpsnoop.c      | 153 +++++-------
 src/nwfilter/nwfilter_dhcpsnoop.h      |   7 +-
 src/nwfilter/nwfilter_driver.c         |  97 +++++---
 src/nwfilter/nwfilter_driver.h         |   2 -
 src/nwfilter/nwfilter_gentech_driver.c | 432 ++++++++++++++++++---------------
 src/nwfilter/nwfilter_gentech_driver.h |  28 +--
 src/nwfilter/nwfilter_learnipaddr.c    | 113 ++++-----
 src/nwfilter/nwfilter_learnipaddr.h    |  25 +-
 src/nwfilter/nwfilter_tech_driver.h    |   2 +-
 src/qemu/qemu_driver.c                 |  25 --
 src/qemu/qemu_hotplug.c                |   6 +-
 src/qemu/qemu_interface.c              |   4 +-
 src/qemu/qemu_process.c                |   2 +-
 src/uml/uml_conf.c                     |   2 +-
 src/uml/uml_driver.c                   |  29 ---
 tests/nwfilterxml2firewalltest.c       |  36 +--
 30 files changed, 642 insertions(+), 863 deletions(-)

-- 
2.14.3

More information about the libvir-list mailing list