For the decision on whether to instantiate the rules, the check for a
pending IP address learn request is not sufficient since then only the
thread could instantiate the rules. So, a boolean needs to be passed
when the thread instantiates the filter rules late and the IP address
learn request is still pending in order to override the check for the
pending learn request. If the rules are to be updated while the thread
is active, this will not be done immediately but the thread will do that
later on.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
src/nwfilter/nwfilter_gentech_driver.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c
===================================================================
--- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c
+++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c
@@ -543,6 +543,8 @@ virNWFilterRuleInstancesToArray(int nEnt
* @ifname: The name of the interface to apply the rules to
* @vars: A map holding variable names and values used for instantiating
* the filter and its subfilters.
+ * @forceWithPendingReq: Ignore the check whether a pending learn request
+ * is active; 'true' only when the rules are applied late
*
* Returns 0 on success, a value otherwise.
*
@@ -563,7 +565,8 @@ virNWFilterInstantiate(virConnectPtr con
enum instCase useNewFilter, int *foundNewFilter,
bool teardownOld,
const unsigned char *macaddr,
- virNWFilterDriverStatePtr driver)
+ virNWFilterDriverStatePtr driver,
+ bool forceWithPendingReq)
{
int rc;
int j, nptrs;
@@ -610,7 +613,8 @@ virNWFilterInstantiate(virConnectPtr con
} else if (virHashSize(missing_vars->hashTable) > 1) {
rc = 1;
goto err_exit;
- } else if (virNWFilterLookupLearnReq(ifindex) == NULL) {
+ } else if (!forceWithPendingReq &&
+ virNWFilterLookupLearnReq(ifindex) != NULL) {
goto err_exit;
}
@@ -688,7 +692,8 @@ __virNWFilterInstantiateFilter(virConnec
const char *filtername,
virNWFilterHashTablePtr filterparams,
enum instCase useNewFilter,
- virNWFilterDriverStatePtr driver)
+ virNWFilterDriverStatePtr driver,
+ bool forceWithPendingReq)
{
int rc;
const char *drvname = EBIPTABLES_DRIVER_ID;
@@ -789,7 +794,8 @@ __virNWFilterInstantiateFilter(virConnec
useNewFilter, &foundNewFilter,
teardownOld,
macaddr,
- driver);
+ driver,
+ forceWithPendingReq);
virNWFilterHashTableFree(vars);
@@ -830,7 +836,8 @@ _virNWFilterInstantiateFilter(virConnect
net->filter,
net->filterparams,
useNewFilter,
- conn->nwfilterPrivateData);
+ conn->nwfilterPrivateData,
+ false);
}
@@ -856,7 +863,8 @@ virNWFilterInstantiateFilterLate(virConn
filtername,
filterparams,
INSTANTIATE_ALWAYS,
- driver);
+ driver,
+ true);
if (rc) {
//something went wrong... 'DOWN' the interface
if (ifaceCheck(false, ifname, NULL, ifindex) != 0 ||
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list