This just moves around a few things in qemuInterfaceConnect() with no
functional difference (except that a few failures that would have
previously resulted in a "success" audit log will now properly produce
a "fail" audit). The change is so that adding support for unmanaged
tap/macvtap devices will be more easily reviewable.
Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
src/qemu/qemu_interface.c | 69 ++++++++++++++++++++-------------------
1 file changed, 35 insertions(+), 34 deletions(-)
diff --git a/src/qemu/qemu_interface.c b/src/qemu/qemu_interface.c
index 72ed51cb1f..1e3b7f0d06 100644
--- a/src/qemu/qemu_interface.c
+++ b/src/qemu/qemu_interface.c
@@ -414,6 +414,7 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
bool template_ifname = false;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
const char *tunpath = "/dev/net/tun";
+ const char *auditdev = tunpath;
if (net->backend.tap) {
tunpath = net->backend.tap;
@@ -424,43 +425,39 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
}
}
- if (!net->ifname ||
- STRPREFIX(net->ifname, VIR_NET_GENERATED_TAP_PREFIX) ||
- strchr(net->ifname, '%')) {
- VIR_FREE(net->ifname);
- if (VIR_STRDUP(net->ifname, VIR_NET_GENERATED_TAP_PREFIX "%d") < 0)
- goto cleanup;
- /* avoid exposing vnet%d in getXMLDesc or error outputs */
- template_ifname = true;
- }
-
if (virDomainNetIsVirtioModel(net))
tap_create_flags |= VIR_NETDEV_TAP_CREATE_VNET_HDR;
- if (virNetDevTapCreate(&net->ifname, tunpath, tapfd, tapfdSize,
- tap_create_flags) < 0) {
- virDomainAuditNetDevice(def, net, tunpath, false);
- goto cleanup;
- }
-
- virDomainAuditNetDevice(def, net, tunpath, true);
-
- /* The tap device's MAC address cannot match the MAC address
- * used by the guest. This results in "received packet on
- * vnetX with own address as source address" error logs from
- * the kernel.
- */
- virMacAddrSet(&tapmac, &net->mac);
- if (tapmac.addr[0] == 0xFE)
- tapmac.addr[0] = 0xFA;
- else
- tapmac.addr[0] = 0xFE;
-
- if (virNetDevSetMAC(net->ifname, &tapmac) < 0)
- goto cleanup;
-
- if (virNetDevSetOnline(net->ifname, true) < 0)
- goto cleanup;
+ if (!net->ifname ||
+ STRPREFIX(net->ifname, VIR_NET_GENERATED_TAP_PREFIX) ||
+ strchr(net->ifname, '%')) {
+ VIR_FREE(net->ifname);
+ if (VIR_STRDUP(net->ifname, VIR_NET_GENERATED_TAP_PREFIX "%d") < 0)
+ goto cleanup;
+ /* avoid exposing vnet%d in getXMLDesc or error outputs */
+ template_ifname = true;
+ }
+ if (virNetDevTapCreate(&net->ifname, tunpath, tapfd, tapfdSize,
+ tap_create_flags) < 0) {
+ goto cleanup;
+ }
+
+ /* The tap device's MAC address cannot match the MAC address
+ * used by the guest. This results in "received packet on
+ * vnetX with own address as source address" error logs from
+ * the kernel.
+ */
+ virMacAddrSet(&tapmac, &net->mac);
+ if (tapmac.addr[0] == 0xFE)
+ tapmac.addr[0] = 0xFA;
+ else
+ tapmac.addr[0] = 0xFE;
+
+ if (virNetDevSetMAC(net->ifname, &tapmac) < 0)
+ goto cleanup;
+
+ if (virNetDevSetOnline(net->ifname, true) < 0)
+ goto cleanup;
if (net->script &&
virNetDevRunEthernetScript(net->ifname, net->script) < 0)
@@ -477,11 +474,15 @@ qemuInterfaceEthernetConnect(virDomainDefPtr def,
goto cleanup;
}
+ virDomainAuditNetDevice(def, net, auditdev, true);
+
ret = 0;
cleanup:
if (ret < 0) {
size_t i;
+
+ virDomainAuditNetDevice(def, net, auditdev, false);
for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++)
VIR_FORCE_CLOSE(tapfd[i]);
if (template_ifname)
--
2.21.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
