[libvirt PATCH 07/10] qemu/lxc: plumb isolatedPort from config down through bridge attachment

Wed Feb 19 03:09:54 UTC 2020

On 2/18/20 12:46 PM, Ján Tomko wrote:
> On Sun, Feb 16, 2020 at 11:22:56PM -0500, Laine Stump wrote:
>> This patch pushes the isolatedPort setting from the <interface> down
>> all the way to the callers of virNetDevBridgeAddPort(), and sets
>> BR_ISOLATED on the port (using virNetDevBridgePortSetIsolated()) after
>> the port has been successfully added to the bridge.
>>
>> Signed-off-by: Laine Stump <laine at redhat.com>
>> ---
>> src/bhyve/bhyve_command.c   |  1 +
>> src/conf/domain_conf.c      |  1 +
>> src/lxc/lxc_process.c       | 10 ++++++++++
>> src/network/bridge_driver.c |  1 +
>> src/qemu/qemu_hotplug.c     | 16 ++++++++++++++++
>> src/qemu/qemu_interface.c   |  1 +
>> src/util/virnetdevtap.c     | 17 ++++++++++++++++-
>> src/util/virnetdevtap.h     |  3 +++
>> tests/bhyvexml2argvmock.c   |  1 +
>> 9 files changed, 50 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
>> index 6395826c69..af892255c7 100644
>> --- a/src/qemu/qemu_hotplug.c
>> +++ b/src/qemu/qemu_hotplug.c
>> @@ -3350,12 +3350,28 @@ qemuDomainChangeNetBridge(virDomainObjPtr vm,
>>     }
>>
>>     ret = virNetDevBridgeAddPort(newbridge, olddev->ifname);
>> +    if (ret == 0 &&
>> +        virDomainNetGetActualPortOptionsIsolated(newdev) == 
>> VIR_TRISTATE_BOOL_YES) {
>> +
>> +        ret = virNetDevBridgePortSetIsolated(newbridge, 
>> olddev->ifname, true);
>> +        if (ret < 0) {
>> +            virErrorPtr err;
>> +
>> +            virErrorPreserveLast(&err);
>> +            ignore_value(virNetDevBridgeRemovePort(newbridge, 
>> olddev->ifname));
>> +            virErrorRestore(&err);
>> +        }
>> +    }
>>     virDomainAuditNet(vm, NULL, newdev, "attach", ret == 0);
>>     if (ret < 0) {
>>         virErrorPtr err;
>>
>>         virErrorPreserveLast(&err);
>>         ret = virNetDevBridgeAddPort(oldbridge, olddev->ifname);
>> +        if (ret == 0 &&
>> +            virDomainNetGetActualPortOptionsIsolated(olddev) == 
>> VIR_TRISTATE_BOOL_YES) {
>> +            ignore_value(virNetDevBridgePortSetIsolated(newbridge, 
>> olddev->ifname, true));
> 
> Should this use 'oldbridge' instead of 'newbridge'?

Whoops! Cut/paste error. (At least I removed the part about being a Navy 
Seal and having a certain set of skills)

> 
>> +        }
>>         virDomainAuditNet(vm, NULL, olddev, "attach", ret == 0);
>>         virErrorRestore(&err);
>>         return -1;
> 
> Reviewed-by: Ján Tomko <jtomko at redhat.com>
> 
> Jano