Today the nwfilter driver is entangled with the virt drivers in both
directions. At various times when rebuilding filters nwfilter will call
out to the virt driver to iterate over running guest's NICs. This has
caused very complicated lock ordering rules to be required. If we are to
split the virt drivers out into separate daemons we need to get rid of
this coupling since we don't want the separate daemons calling each
other, as that risks deadlock if all of the RPC workers are busy.
The obvious way to solve this is to have the nwfilter driver remember
all the filters it has active, avoiding the need to iterate over running
guests.
NB, these patches are all ready for review, but the last patch really
should not be merged at this time. I need to do more work to be able to
serialize the filter state to disk, so the nwfilter driver can keep track
of it across daemon restarts. All except the last patch should be ok to
merge though.
Daniel P. Berrangé (14):
nwfilter: remove pointless virNWFilterHashTable struct
nwfilter: remove methods that are trivial wrappers for virHash APIs
nwfilter: remove virNWFilterHashTable typedefs entirely
nwfilter: make virNWFilterIPAddrLearnReq type private
nwfilter: remove obsolete code related to firewalld
nwfilter: fix leaking of filter parameters upon error
nwfilter: introduce virNWFilterBinding to decouple from virDomainNet
nwfilter: pass vm name in when instantiating filters
nwfilter: convert the gentech driver code to use virNWFilterBinding
nwfilter: convert IP address learning code to virNWFilterBinding
nwfilter: convert DHCP address snooping code to virNWFilterBinding
nwfilter: report an error if nic needs filtering by no driver is
present
nwfilter: keep track of active filter bindings
nwfilter: remove virt driver callback layer for rebuilding filters
src/conf/domain_conf.c | 8 +-
src/conf/domain_conf.h | 2 +-
src/conf/domain_nwfilter.c | 14 +-
src/conf/domain_nwfilter.h | 6 +-
src/conf/nwfilter_conf.c | 224 ++++++++---------
src/conf/nwfilter_conf.h | 67 ++---
src/conf/nwfilter_ipaddrmap.c | 15 +-
src/conf/nwfilter_params.c | 127 +++-------
src/conf/nwfilter_params.h | 33 +--
src/conf/virnwfilterobj.c | 4 +-
src/conf/virnwfilterobj.h | 4 +-
src/libvirt_private.syms | 8 +-
src/lxc/lxc_driver.c | 28 ---
src/lxc/lxc_process.c | 2 +-
src/nwfilter/nwfilter_dhcpsnoop.c | 153 +++++-------
src/nwfilter/nwfilter_dhcpsnoop.h | 7 +-
src/nwfilter/nwfilter_driver.c | 97 +++++---
src/nwfilter/nwfilter_driver.h | 2 -
src/nwfilter/nwfilter_gentech_driver.c | 432 ++++++++++++++++++---------------
src/nwfilter/nwfilter_gentech_driver.h | 28 +--
src/nwfilter/nwfilter_learnipaddr.c | 113 ++++-----
src/nwfilter/nwfilter_learnipaddr.h | 25 +-
src/nwfilter/nwfilter_tech_driver.h | 2 +-
src/qemu/qemu_driver.c | 25 --
src/qemu/qemu_hotplug.c | 6 +-
src/qemu/qemu_interface.c | 4 +-
src/qemu/qemu_process.c | 2 +-
src/uml/uml_conf.c | 2 +-
src/uml/uml_driver.c | 29 ---
tests/nwfilterxml2firewalltest.c | 36 +--
30 files changed, 642 insertions(+), 863 deletions(-)
--
2.14.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
