Prevent updating and tearing down of filter while the IP
address learning thread is running and has its own filtering
rules applied.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c
@@ -610,6 +610,8 @@ virNWFilterInstantiate(virConnectPtr con
} else if (virHashSize(missing_vars->hashTable) > 1) {
rc = 1;
goto err_exit;
+ } else if (virNWFilterLookupLearnReq(ifindex) == NULL) {
+ goto err_exit;
}
rc = _virNWFilterInstantiateRec(conn,
@@ -890,7 +892,9 @@ int virNWFilterRollbackUpdateFilter(virC
const virDomainNetDefPtr net)
{
const char *drvname = EBIPTABLES_DRIVER_ID;
+ int ifindex;
virNWFilterTechDriverPtr techdriver;
+
techdriver = virNWFilterTechDriverForName(drvname);
if (!techdriver) {
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
@@ -900,6 +904,11 @@ int virNWFilterRollbackUpdateFilter(virC
return 1;
}
+ /* don't tear anything while the address is being learned */
+ if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 &&
+ virNWFilterLookupLearnReq(ifindex) != NULL)
+ return 0;
+
return techdriver->tearNewRules(conn, net->ifname);
}
@@ -909,7 +918,9 @@ virNWFilterTearOldFilter(virConnectPtr c
virDomainNetDefPtr net)
{
const char *drvname = EBIPTABLES_DRIVER_ID;
+ int ifindex;
virNWFilterTechDriverPtr techdriver;
+
techdriver = virNWFilterTechDriverForName(drvname);
if (!techdriver) {
virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
@@ -919,6 +930,11 @@ virNWFilterTearOldFilter(virConnectPtr c
return 1;
}
+ /* don't tear anything while the address is being learned */
+ if (ifaceGetIndex(true, net->ifname, &ifindex) == 0 &&
+ virNWFilterLookupLearnReq(ifindex) != NULL)
+ return 0;
+
return techdriver->tearOldRules(conn, net->ifname);
}
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list