[PATCH v3 22/27] network: save network status when firewall rules are reloaded

Laine Stump <laine@xxxxxxxxxx> · Thu, 25 Apr 2024 01:38:28 -0400

In the case that a new version of libvirt is started that uses
different rules to build the network firewall, we need to re-save the
status so that when the network is destroyed (or the *next* time
libvirt is restarted and wants to remove/re-add the firewall), it will
have the proper information to perform the firewall removal.

Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
 src/conf/virnetworkobj.c    | 1 +
 src/network/bridge_driver.c | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/conf/virnetworkobj.c b/src/conf/virnetworkobj.c
index fef4c69004..228d0a6585 100644
--- a/src/conf/virnetworkobj.c
+++ b/src/conf/virnetworkobj.c
@@ -840,6 +840,7 @@ virNetworkObjSaveStatus(const char *statusDir,
     int flags = 0;
     g_autofree char *xml = NULL;
 
+    VIR_DEBUG("Writing network status to disk");
     if (!(xml = virNetworkObjFormat(obj, xmlopt, flags)))
         return -1;
 
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index c54a595d4d..c1dddd0550 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1685,6 +1685,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
     g_autoptr(virNetworkDriverConfig) cfg = virNetworkDriverGetConfig(networkGetDriver());
     VIR_LOCK_GUARD lock = virObjectLockGuard(obj);
     virNetworkDef *def = virNetworkObjGetDef(obj);
+    bool saveStatus = false;
 
     if (virNetworkObjIsActive(obj)) {
         switch ((virNetworkForwardType) def->forward.type) {
@@ -1699,6 +1700,7 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
             networkRemoveFirewallRules(obj);
             ignore_value(networkAddFirewallRules(def, cfg->firewallBackend,
                                                  virNetworkObjGetFwRemovalPtr(obj)));
+            saveStatus = true;
             break;
 
         case VIR_NETWORK_FORWARD_OPEN:
@@ -1716,6 +1718,11 @@ networkReloadFirewallRulesHelper(virNetworkObj *obj,
         }
     }
 
+    if (saveStatus) {
+        ignore_value(virNetworkObjSaveStatus(cfg->stateDir, obj,
+                                             network_driver->xmlopt));
+    }
+
     return 0;
 }
 
@@ -2362,7 +2369,6 @@ networkStartNetwork(virNetworkDriverState *driver,
     /* Persist the live configuration now that anything autogenerated
      * is setup.
      */
-    VIR_DEBUG("Writing network status to disk");
     if (virNetworkObjSaveStatus(cfg->stateDir,
                                 obj, network_driver->xmlopt) < 0)
         goto cleanup;
-- 
2.44.0
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx







