[libvirt] [PATCH v2 0/2] nwfilter: Fix a couple of session mode issues
John Ferlan
jferlan at redhat.com
Thu Aug 30 15:06:06 UTC 2018
v1: https://www.redhat.com/archives/libvir-list/2018-August/msg01464.html
Changes in v2 - different approach as review pointed out we should
never open the nwfilter driver in session mode (although driver
initialization does set up some barebones list infrastructure).
First, let's make sure we don't allow creation of the nwfilter
filter binding similar to how nwfiler filter creation is not
allowed.
Second, rather than blindly open the nwfilter during the
teardown processing, let's first ensure a filter exists for
the network. It's not possible to call instantiation when
net->filter == NULL. Rather than alter all the callers, just
alter the two teardown API's to check if !net->filter and
return prior to opening the nwfilter connection. Since we
cannot create a filter nor can we create a binding, this
filtering works. Keeps the changes minimal too.
John Ferlan (2):
nwfilter: Disallow binding creation in session mode
nwfilter: Check for filter presence before open connect during
teardown
src/conf/domain_nwfilter.c | 22 +++++++++++++++-------
src/nwfilter/nwfilter_driver.c | 6 ++++++
2 files changed, 21 insertions(+), 7 deletions(-)
--
2.17.1
More information about the libvir-list
mailing list