Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
libvirt.11459
9f4e35dc-network-improve-chain-create-error-rep...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 9f4e35dc-network-improve-chain-create-error-report.patch of Package libvirt.11459
commit 9f4e35dc73ec9e940aa61bc7c140c2b800218ef3 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Mon Mar 18 17:31:21 2019 +0000 network: improve error report when firewall chain creation fails During startup we create some top level chains in which all virtual network firewall rules will be placed. The upfront creation is done to avoid slowing down creation of individual virtual networks by checking for chain existance every time. There are some factors which can cause this upfront creation to fail and while a message will get into the libvirtd log this won't be seen by users who later try to start a virtual network. Instead they'll just get a message saying that the libvirt top level chain does not exist. This message is accurate, but unhelpful for solving the root cause. This patch thus saves any error during daemon startup and reports it when trying to create a virtual network later. Reviewed-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Index: libvirt-5.1.0/src/network/bridge_driver.c =================================================================== --- libvirt-5.1.0.orig/src/network/bridge_driver.c +++ libvirt-5.1.0/src/network/bridge_driver.c @@ -2108,8 +2108,7 @@ static void networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup) { VIR_INFO("Reloading iptables rules"); - if (networkPreReloadFirewallRules(startup) < 0) - return; + networkPreReloadFirewallRules(startup); virNetworkObjListForEach(driver->networks, networkReloadFirewallRulesHelper, NULL); Index: libvirt-5.1.0/src/network/bridge_driver_linux.c =================================================================== --- libvirt-5.1.0.orig/src/network/bridge_driver_linux.c +++ libvirt-5.1.0/src/network/bridge_driver_linux.c @@ -35,11 +35,25 @@ VIR_LOG_INIT("network.bridge_driver_linu #define PROC_NET_ROUTE "/proc/net/route" -int networkPreReloadFirewallRules(bool startup) +static virErrorPtr errInit; + +void networkPreReloadFirewallRules(bool startup) { - int ret = iptablesSetupPrivateChains(); - if (ret < 0) - return -1; + int rc; + + /* We create global rules upfront as we don't want + * the perf hit of conditionally figuring out whether + * to create them each time a network is started. + * + * Any errors here are saved to be reported at time + * of starting the network though as that makes them + * more likely to be seen by a human + */ + rc = iptablesSetupPrivateChains(); + if (rc < 0) { + errInit = virSaveLastError(); + virResetLastError(); + } /* * If this is initial startup, and we just created the @@ -54,10 +68,8 @@ int networkPreReloadFirewallRules(bool s * rules will be present. Thus we can safely just tell it * to always delete from the builin chain */ - if (startup && ret == 1) + if (startup && rc == 1) iptablesSetDeletePrivate(false); - - return 0; } @@ -671,6 +683,11 @@ int networkAddFirewallRules(virNetworkDe virFirewallPtr fw = NULL; int ret = -1; + if (errInit) { + virSetError(errInit); + return -1; + } + if (def->bridgeZone) { /* if a firewalld zone has been specified, fail/log an error Index: libvirt-5.1.0/src/network/bridge_driver_nop.c =================================================================== --- libvirt-5.1.0.orig/src/network/bridge_driver_nop.c +++ libvirt-5.1.0/src/network/bridge_driver_nop.c @@ -19,9 +19,8 @@ #include <config.h> -int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) +void networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED) { - return 0; } Index: libvirt-5.1.0/src/network/bridge_driver_platform.h =================================================================== --- libvirt-5.1.0.orig/src/network/bridge_driver_platform.h +++ libvirt-5.1.0/src/network/bridge_driver_platform.h @@ -58,7 +58,7 @@ struct _virNetworkDriverState { typedef struct _virNetworkDriverState virNetworkDriverState; typedef virNetworkDriverState *virNetworkDriverStatePtr; -int networkPreReloadFirewallRules(bool startup); +void networkPreReloadFirewallRules(bool startup); void networkPostReloadFirewallRules(bool startup); int networkCheckRouteCollision(virNetworkDefPtr def);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor