nwfilter: extend nwfilter reload support

In this patch I am extending and fixing the nwfilter module's reload support to stop all ongoing threads (for learning IP addresses of interfaces) and rebuild the filtering rules of all interfaces of all VMs when libvirt is started. Now libvirtd rebuilds the filters upon the SIGHUP signal and libvirtd restart.

About the patch: The nwfilter functions require a virConnectPtr. Therefore I am opening a connection in qemudStartup, which later on needs to be closed outside where the driver lock is held since otherwise it ends up in a deadlock due to virConnectClose() trying to lock the driver as well.

I have tested this now for a while with several machines running and needing the IP address learner thread(s). The rebuilding of the firewall rules seems to work fine following libvirtd restart or a SIGHUP. Also the termination of libvirtd worked fine.
This commit is contained in:
Stefan Berger 2010-08-16 12:59:54 -04:00
parent a3bc82dcfb
commit cf6f8b9a97
4 changed files with 77 additions and 13 deletions

View File

@ -143,15 +143,26 @@ conf_init_err:
*/ */
static int static int
nwfilterDriverReload(void) { nwfilterDriverReload(void) {
virConnectPtr conn;
if (!driverState) { if (!driverState) {
return -1; return -1;
} }
nwfilterDriverLock(driverState); conn = virConnectOpen("qemu:///system");
virNWFilterPoolLoadAllConfigs(NULL,
&driverState->pools, if (conn) {
driverState->configDir); /* shut down all threads -- they will be restarted if necessary */
nwfilterDriverUnlock(driverState); virNWFilterLearnThreadsTerminate(true);
nwfilterDriverLock(driverState);
virNWFilterPoolLoadAllConfigs(conn,
&driverState->pools,
driverState->configDir);
nwfilterDriverUnlock(driverState);
virConnectClose(conn);
}
return 0; return 0;
} }

View File

@ -857,6 +857,17 @@ virNWFilterLearnInit(void) {
} }
void
virNWFilterLearnThreadsTerminate(bool allowNewThreads) {
threadsTerminate = true;
while (virHashSize(pendingLearnReq) != 0)
usleep((PKT_TIMEOUT_MS * 1000) / 3);
if (allowNewThreads)
threadsTerminate = false;
}
/** /**
* virNWFilterLearnShutdown * virNWFilterLearnShutdown
* Shutdown of this layer * Shutdown of this layer
@ -864,10 +875,7 @@ virNWFilterLearnInit(void) {
void void
virNWFilterLearnShutdown(void) { virNWFilterLearnShutdown(void) {
threadsTerminate = true; virNWFilterLearnThreadsTerminate(false);
while (virHashSize(pendingLearnReq) != 0)
usleep((PKT_TIMEOUT_MS * 1000) / 3);
virHashFree(pendingLearnReq, freeLearnReqEntry); virHashFree(pendingLearnReq, freeLearnReqEntry);
pendingLearnReq = NULL; pendingLearnReq = NULL;

View File

@ -71,5 +71,6 @@ void virNWFilterUnlockIface(const char *ifname);
int virNWFilterLearnInit(void); int virNWFilterLearnInit(void);
void virNWFilterLearnShutdown(void); void virNWFilterLearnShutdown(void);
void virNWFilterLearnThreadsTerminate(bool allowNewThreads);
#endif /* __NWFILTER_LEARNIPADDR_H */ #endif /* __NWFILTER_LEARNIPADDR_H */

View File

@ -170,6 +170,9 @@ static int qemuDetectVcpuPIDs(struct qemud_driver *driver,
static int qemuUpdateActivePciHostdevs(struct qemud_driver *driver, static int qemuUpdateActivePciHostdevs(struct qemud_driver *driver,
virDomainDefPtr def); virDomainDefPtr def);
static int qemudVMFiltersInstantiate(virConnectPtr conn,
virDomainDefPtr def);
static struct qemud_driver *qemu_driver = NULL; static struct qemud_driver *qemu_driver = NULL;
@ -1423,6 +1426,10 @@ error:
return ret; return ret;
} }
struct virReconnectDomainData {
virConnectPtr conn;
struct qemud_driver *driver;
};
/* /*
* Open an existing VM's monitor, re-detect VCPU threads * Open an existing VM's monitor, re-detect VCPU threads
* and re-reserve the security labels in use * and re-reserve the security labels in use
@ -1431,9 +1438,11 @@ static void
qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaque) qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaque)
{ {
virDomainObjPtr obj = payload; virDomainObjPtr obj = payload;
struct qemud_driver *driver = opaque; struct virReconnectDomainData *data = opaque;
struct qemud_driver *driver = data->driver;
qemuDomainObjPrivatePtr priv; qemuDomainObjPrivatePtr priv;
unsigned long long qemuCmdFlags; unsigned long long qemuCmdFlags;
virConnectPtr conn = data->conn;
virDomainObjLock(obj); virDomainObjLock(obj);
@ -1467,6 +1476,9 @@ qemuReconnectDomain(void *payload, const char *name ATTRIBUTE_UNUSED, void *opaq
obj) < 0) obj) < 0)
goto error; goto error;
if (qemudVMFiltersInstantiate(conn, obj->def))
goto error;
if (obj->def->id >= driver->nextvmid) if (obj->def->id >= driver->nextvmid)
driver->nextvmid = obj->def->id + 1; driver->nextvmid = obj->def->id + 1;
@ -1491,9 +1503,10 @@ error:
* about. * about.
*/ */
static void static void
qemuReconnectDomains(struct qemud_driver *driver) qemuReconnectDomains(virConnectPtr conn, struct qemud_driver *driver)
{ {
virHashForEach(driver->domains.objs, qemuReconnectDomain, driver); struct virReconnectDomainData data = {conn, driver};
virHashForEach(driver->domains.objs, qemuReconnectDomain, &data);
} }
@ -1691,6 +1704,7 @@ qemudStartup(int privileged) {
char *base = NULL; char *base = NULL;
char driverConf[PATH_MAX]; char driverConf[PATH_MAX];
int rc; int rc;
virConnectPtr conn = NULL;
if (VIR_ALLOC(qemu_driver) < 0) if (VIR_ALLOC(qemu_driver) < 0)
return -1; return -1;
@ -1912,7 +1926,11 @@ qemudStartup(int privileged) {
1, NULL, NULL) < 0) 1, NULL, NULL) < 0)
goto error; goto error;
qemuReconnectDomains(qemu_driver); conn = virConnectOpen(qemu_driver->privileged ?
"qemu:///system" :
"qemu:///session");
qemuReconnectDomains(conn, qemu_driver);
/* Then inactive persistent configs */ /* Then inactive persistent configs */
if (virDomainLoadAllConfigs(qemu_driver->caps, if (virDomainLoadAllConfigs(qemu_driver->caps,
@ -1930,6 +1948,8 @@ qemudStartup(int privileged) {
qemudAutostartConfigs(qemu_driver); qemudAutostartConfigs(qemu_driver);
if (conn)
virConnectClose(conn);
return 0; return 0;
@ -1938,6 +1958,8 @@ out_of_memory:
error: error:
if (qemu_driver) if (qemu_driver)
qemuDriverUnlock(qemu_driver); qemuDriverUnlock(qemu_driver);
if (conn)
virConnectClose(conn);
VIR_FREE(base); VIR_FREE(base);
qemudShutdown(); qemudShutdown();
return -1; return -1;
@ -12738,6 +12760,28 @@ qemudVMFilterRebuild(virConnectPtr conn ATTRIBUTE_UNUSED,
return 0; return 0;
} }
static int
qemudVMFiltersInstantiate(virConnectPtr conn,
virDomainDefPtr def)
{
int err = 0;
int i;
if (!conn)
return 1;
for (i = 0 ; i < def->nnets ; i++) {
virDomainNetDefPtr net = def->nets[i];
if ((net->filter) && (net->ifname)) {
if (virDomainConfNWFilterInstantiate(conn, net)) {
err = 1;
break;
}
}
}
return err;
}
static virNWFilterCallbackDriver qemuCallbackDriver = { static virNWFilterCallbackDriver qemuCallbackDriver = {
.name = "QEMU", .name = "QEMU",