On 05/15/2018 01:43 PM, Daniel P. Berrangé wrote:
> This allows the virsh commands nwfilter-binding-create and
> nwfilter-binding-delete to be used.
>
> Note using these commands lets you delete filters that were
> previously created automatically by the virt drivers, or add
> filters for VM nics that were not there before. Generally it
> is expected these new APIs will only be used by virt drivers.
> It is the admin's responsibility to not shoot themselves in
> the foot.
>
> Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> ---
> src/nwfilter/nwfilter_driver.c | 77 ++++++++++++++++++++++++++++++++++
> 1 file changed, 77 insertions(+)
>
> diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
> index 6544261b38..c3c52ae5f3 100644
> --- a/src/nwfilter/nwfilter_driver.c
> +++ b/src/nwfilter/nwfilter_driver.c
> @@ -782,6 +782,81 @@ nwfilterBindingGetXMLDesc(virNWFilterBindingPtr binding,
> }
>
>
> +static virNWFilterBindingPtr
> +nwfilterBindingCreateXML(virConnectPtr conn,
> + const char *xml,
> + unsigned int flags)
> +{
> + virNWFilterBindingObjPtr obj;
> + virNWFilterBindingDefPtr def;
> + virNWFilterBindingPtr ret = NULL;
> +
> + virCheckFlags(0, NULL);
> +
> + def = virNWFilterBindingDefParseString(xml);
> + if (!def)
> + return NULL;
> +
> + if (virNWFilterBindingCreateXMLEnsureACL(conn, def) < 0)
> + goto cleanup;
> +
> + obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, def->portdevname);
> + if (obj) {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("Filter already present for NIC %s"), def->portdevname);
> + goto cleanup;
> + }
> +
> + obj = virNWFilterBindingObjListAdd(driver->bindings,
> + def);
> + if (!obj)
> + goto cleanup;
> + def = NULL;
Use an accessor and assign to a new @objdef, and then use instead of
obj->def
> +
> + if (!(ret = virGetNWFilterBinding(conn, obj->def->portdevname, obj->def->filter)))
> + goto cleanup;
> +
> + if (virNWFilterInstantiateFilter(driver, obj->def) < 0) {
> + virNWFilterBindingObjListRemove(driver->bindings, obj);
> + virObjectUnref(ret);
> + ret = NULL;
> + goto cleanup;
> + }
> + virNWFilterBindingObjSave(obj, driver->bindingDir);
> +
> + cleanup:
> + virNWFilterBindingDefFree(def);
> + virNWFilterBindingObjEndAPI(&obj);
> +
> + return ret;
> +}
> +
> +
> +static int
> +nwfilterBindingDelete(virNWFilterBindingPtr binding)
> +{
> + virNWFilterBindingObjPtr obj;
> + int ret = -1;
> +
> + obj = virNWFilterBindingObjListFindByPortDev(driver->bindings, binding->portdev);
> + if (!obj)
> + return -1;
Probably should message here that we couldn't find an object for the
binding->portdev since virNWFilterBindingObjListFindByPortDev doesn't
message anything.
And of course usage of an accessor for obj->def
For the logic,
Reviewed-by: John Ferlan <jferlan@xxxxxxxxxx>
John
> +
> + if (virNWFilterBindingDeleteEnsureACL(binding->conn, obj->def) < 0)
> + goto cleanup;
> +
> + virNWFilterTeardownFilter(obj->def);
> + virNWFilterBindingObjDelete(obj, driver->bindingDir);
> + virNWFilterBindingObjListRemove(driver->bindings, obj);
> +
> + ret = 0;
> +
> + cleanup:
> + virNWFilterBindingObjEndAPI(&obj);
> + return ret;
> +}
> +
> +
> static virNWFilterDriver nwfilterDriver = {
> .name = "nwfilter",
> .connectNumOfNWFilters = nwfilterConnectNumOfNWFilters, /* 0.8.0 */
> @@ -795,6 +870,8 @@ static virNWFilterDriver nwfilterDriver = {
> .nwfilterBindingLookupByPortDev = nwfilterBindingLookupByPortDev, /* 4.4.0 */
> .connectListAllNWFilterBindings = nwfilterConnectListAllNWFilterBindings, /* 4.4.0 */
> .nwfilterBindingGetXMLDesc = nwfilterBindingGetXMLDesc, /* 4.4.0 */
> + .nwfilterBindingCreateXML = nwfilterBindingCreateXML, /* 4.4.0 */
> + .nwfilterBindingDelete = nwfilterBindingDelete, /* 4.4.0 */
> };
>
>
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
