[libvirt] [PATCH 3/4] nwfilter: force filters reinstantiation on firewalld reload
Nikolay Shirokovskiy
nshirokovskiy at virtuozzo.com
Thu Oct 18 06:49:33 UTC 2018
We need reinstantiation because reload will flush rules installed
by libvirtd.
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy at virtuozzo.com>
---
src/nwfilter/nwfilter_driver.c | 6 +++---
src/nwfilter/nwfilter_gentech_driver.c | 13 +++++++++----
src/nwfilter/nwfilter_gentech_driver.h | 3 ++-
3 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 5d25d65..db04868 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -168,7 +168,7 @@ virNWFilterTriggerRebuildImpl(void *opaque)
{
virNWFilterDriverStatePtr nwdriver = opaque;
- return virNWFilterBuildAll(nwdriver, true);
+ return virNWFilterBuildAll(nwdriver, true, false);
}
@@ -264,7 +264,7 @@ nwfilterStateInitialize(bool privileged,
if (virNWFilterBindingObjListLoadAllConfigs(driver->bindings, driver->bindingDir) < 0)
goto error;
- if (virNWFilterBuildAll(driver, false) < 0)
+ if (virNWFilterBuildAll(driver, false, false) < 0)
goto error;
nwfilterDriverUnlock();
@@ -319,7 +319,7 @@ nwfilterStateReload(void)
virNWFilterUnlockFilterUpdates();
- virNWFilterBuildAll(driver, false);
+ virNWFilterBuildAll(driver, false, true);
nwfilterDriverUnlock();
diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
index 46b1144..a5b3e1a 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -984,7 +984,8 @@ static int
virNWFilterBuildOne(virNWFilterDriverStatePtr driver,
virNWFilterBindingObjPtr bindingobj,
virHashTablePtr skipInterfaces,
- int step)
+ int step,
+ bool force)
{
virNWFilterBindingDefPtr binding = virNWFilterBindingObjGetDef(bindingobj);
virNWFilterObjPtr filter;
@@ -1020,7 +1021,8 @@ virNWFilterBuildOne(virNWFilterDriverStatePtr driver,
break;
case STEP_APPLY_CURRENT:
- if ((filter = virNWFilterObjListFindByName(driver->nwfilters,
+ if (!force &&
+ (filter = virNWFilterObjListFindByName(driver->nwfilters,
binding->filter))) {
char *filterhash = virNWFilterObjGetHash(filter);
char *bindinghash = virNWFilterBindingObjGetFilterhash(bindingobj);
@@ -1055,6 +1057,7 @@ struct virNWFilterBuildData {
virNWFilterDriverStatePtr driver;
virHashTablePtr skipInterfaces;
int step;
+ bool force;
};
static int
@@ -1063,15 +1066,17 @@ virNWFilterBuildIter(virNWFilterBindingObjPtr binding, void *opaque)
struct virNWFilterBuildData *data = opaque;
return virNWFilterBuildOne(data->driver, binding,
- data->skipInterfaces, data->step);
+ data->skipInterfaces, data->step, data->force);
}
int
virNWFilterBuildAll(virNWFilterDriverStatePtr driver,
- bool newFilters)
+ bool newFilters,
+ bool force)
{
struct virNWFilterBuildData data = {
.driver = driver,
+ .force = force,
};
int ret = 0;
diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
index 3c96c34..bdf3daa 100644
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -55,7 +55,8 @@ virHashTablePtr virNWFilterCreateVarHashmap(const char *macaddr,
const virNWFilterVarValue *value);
int virNWFilterBuildAll(virNWFilterDriverStatePtr driver,
- bool newFilters);
+ bool newFilters,
+ bool force);
void virNWFilterBindingUpdateHash(virNWFilterObjListPtr nwfilters,
virNWFilterBindingObjPtr binding);
--
1.8.3.1
More information about the libvir-list
mailing list