v1: https://www.redhat.com/archives/libvir-list/2018-August/msg01464.html Changes in v2 - different approach as review pointed out we should never open the nwfilter driver in session mode (although driver initialization does set up some barebones list infrastructure). First, let's make sure we don't allow creation of the nwfilter filter binding similar to how nwfiler filter creation is not allowed. Second, rather than blindly open the nwfilter during the teardown processing, let's first ensure a filter exists for the network. It's not possible to call instantiation when net->filter == NULL. Rather than alter all the callers, just alter the two teardown API's to check if !net->filter and return prior to opening the nwfilter connection. Since we cannot create a filter nor can we create a binding, this filtering works. Keeps the changes minimal too. John Ferlan (2): nwfilter: Disallow binding creation in session mode nwfilter: Check for filter presence before open connect during teardown src/conf/domain_nwfilter.c | 22 +++++++++++++++------- src/nwfilter/nwfilter_driver.c | 6 ++++++ 2 files changed, 21 insertions(+), 7 deletions(-) -- 2.17.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
