On 29.10.2018 22:37, John Ferlan wrote: > > > On 10/15/18 4:26 AM, Nikolay Shirokovskiy wrote: >> Before using filters binding filters instantiation was done by hypervisors >> drivers initialization code (qemu was the only such hypervisor). Now qemu >> reconnection done supposes it should be done by nwfilter driver probably. >> Let's add this missing step. >> >> Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@xxxxxxxxxxxxx> >> --- >> src/nwfilter/nwfilter_driver.c | 3 +++ >> 1 file changed, 3 insertions(+) >> > > If there's research you've done where the instantiation was done before > introduction of the nwfilter bindings that would be really helpful... > > I found that virNWFilterBuildAll was introduced in commit 3df907bfff. > There were 2 callers for it: > > 1. virNWFilterTriggerRebuildImpl > 2. nwfilterStateReload > > The former called as part of the virNWFilterConfLayerInit callback > during nwfilterStateInitialize (about 50 lines earlier). Right but virNWFilterTriggerRebuildImpl is not actually called, it is set as rebuild callback. This rebuild callback can be called in virNWFilterObjTestUnassignDef and virNWFilterObjListAssignDef. The former is not called during nwfilter driver init. The latter is called as part of virNWFilterObjListLoadAllConfigs but rebuild callback is never called on this path because the list is empty (callback is called only on updates when filter with same name is already present in the list). So virNWFilterBuildAll is not called on nwfilter driver init. > > So how does calling this now w/ @false help things during the state > initialize processing? Before filters bindings nwfilter driver only loads filters on it's init function. Then qemu driver for example on reconnection called: qemuProcessFiltersInstantiate virDomainConfNWFilterInstantiate nwfilterInstantiateFilter virNWFilterInstantiateFilter and filter rules gets [re]instantiated. Now virNWFilterInstantiateFilter returns without actual instantiating because virNWFilterBindingLookupByPortDev finds binding which is loaded on nwfilter driver initialization. The consequences is that if somebody cleans rules between libvirtd stop and start then rules won't get instantiated again. The fix is to [re]instantiate bindings in nwfilter driver init right after binding and filters are loaded. With @false argument virNWFilterBuildAll call virNWFilterInstantiateFilter for each binding - just what we need to. @true is used by virNWFilterObjListAssignDef/virNWFilterObjTestUnassignDef to use @newDef of object filter during instantiation etc. Nikolay > > John > >> diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c >> index 1ee5162..1ab906f 100644 >> --- a/src/nwfilter/nwfilter_driver.c >> +++ b/src/nwfilter/nwfilter_driver.c >> @@ -264,6 +264,9 @@ nwfilterStateInitialize(bool privileged, >> if (virNWFilterBindingObjListLoadAllConfigs(driver->bindings, driver->bindingDir) < 0) >> goto error; >> >> + if (virNWFilterBuildAll(driver, false) < 0) >> + goto error; >> + >> nwfilterDriverUnlock(); >> >> return 0; >> -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
