Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
libvirt.11700
4330d138-network-refactor-global-chains.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 4330d138-network-refactor-global-chains.patch of Package libvirt.11700
commit 4330d13852d0d49cb14d67c606ecf5255ee00220 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Tue May 21 11:37:37 2019 +0100 network: pull global chain init into separate method Pull the logic for creating global iptables chains into a separate method and protect its invocation with virOnce, to make it possible to reuse it in non-startup paths. Reviewed-by: Jim Fehlig <jfehlig@suse.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Index: libvirt-5.1.0/src/network/bridge_driver_linux.c =================================================================== --- libvirt-5.1.0.orig/src/network/bridge_driver_linux.c +++ libvirt-5.1.0/src/network/bridge_driver_linux.c @@ -35,22 +35,18 @@ VIR_LOG_INIT("network.bridge_driver_linu #define PROC_NET_ROUTE "/proc/net/route" +static virOnceControl createdOnce; +static bool createdChains; static virErrorPtr errInitV4; static virErrorPtr errInitV6; -void networkPreReloadFirewallRules(bool startup) +/* Only call via virOnce */ +static void networkSetupPrivateChains(void) { - bool created = false; int rc; - /* We create global rules upfront as we don't want - * the perf hit of conditionally figuring out whether - * to create them each time a network is started. - * - * Any errors here are saved to be reported at time - * of starting the network though as that makes them - * more likely to be seen by a human - */ + createdChains = false; + rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4); if (rc < 0) { errInitV4 = virSaveLastError(); @@ -58,9 +54,9 @@ void networkPreReloadFirewallRules(bool } else { virFreeError(errInitV4); errInitV4 = NULL; + if (rc) + createdChains = true; } - if (rc) - created = true; rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6); if (rc < 0) { @@ -69,9 +65,22 @@ void networkPreReloadFirewallRules(bool } else { virFreeError(errInitV6); errInitV6 = NULL; + if (rc) + createdChains = true; } - if (rc) - created = true; +} + +void networkPreReloadFirewallRules(bool startup) +{ + /* We create global rules upfront as we don't want + * the perf hit of conditionally figuring out whether + * to create them each time a network is started. + * + * Any errors here are saved to be reported at time + * of starting the network though as that makes them + * more likely to be seen by a human + */ + ignore_value(virOnce(&createdOnce, networkSetupPrivateChains)); /* * If this is initial startup, and we just created the @@ -86,7 +95,7 @@ void networkPreReloadFirewallRules(bool * rules will be present. Thus we can safely just tell it * to always delete from the builin chain */ - if (startup && created) + if (startup && createdChains) iptablesSetDeletePrivate(false); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor