|
 |
99cbc7 |
From 81d6db6e7af7d9f159cfb1c5b7bfc7b6f16b4b23 Mon Sep 17 00:00:00 2001
|
|
|
99cbc7 |
Message-Id: <81d6db6e7af7d9f159cfb1c5b7bfc7b6f16b4b23@dist-git>
|
|
|
99cbc7 |
From: John Ferlan <jferlan@redhat.com>
|
|
|
99cbc7 |
Date: Wed, 3 Apr 2019 07:04:46 -0400
|
|
|
99cbc7 |
Subject: [PATCH] nwfilter: Add extra verbiage for binding create/delete
|
|
|
99cbc7 |
MIME-Version: 1.0
|
|
|
99cbc7 |
Content-Type: text/plain; charset=UTF-8
|
|
|
99cbc7 |
Content-Transfer-Encoding: 8bit
|
|
|
99cbc7 |
|
|
|
99cbc7 |
https://bugzilla.redhat.com/show_bug.cgi?id=1609454
|
|
|
99cbc7 |
|
|
|
99cbc7 |
Add some cautionary words related to the create and delete
|
|
|
99cbc7 |
NWFilter Binding use cases and possible issues that may result
|
|
|
99cbc7 |
to the virsh nwfilter-binding-{create|delete} descriptions
|
|
|
99cbc7 |
and the virNWFilterBinding{CreateXML|Delete) API descriptions.
|
|
|
99cbc7 |
|
|
|
99cbc7 |
Essentially summarizing commit 2d9318b6c without using the
|
|
|
99cbc7 |
shoot yourself in the foot wording.
|
|
|
99cbc7 |
|
|
|
99cbc7 |
Signed-off-by: John Ferlan <jferlan@redhat.com>
|
|
|
99cbc7 |
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
99cbc7 |
(cherry picked from commit b4833917f12a0ffa4b5957ef77edea737cb8ad58)
|
|
|
99cbc7 |
Message-Id: <20190403110446.15118-1-jferlan@redhat.com>
|
|
|
99cbc7 |
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
|
|
99cbc7 |
---
|
|
|
99cbc7 |
src/libvirt-nwfilter.c | 16 ++++++++++++++--
|
|
|
99cbc7 |
tools/virsh.pod | 14 ++++++++++++--
|
|
|
99cbc7 |
2 files changed, 26 insertions(+), 4 deletions(-)
|
|
|
99cbc7 |
|
|
|
99cbc7 |
diff --git a/src/libvirt-nwfilter.c b/src/libvirt-nwfilter.c
|
|
|
99cbc7 |
index e572d46c18..3da85adc9e 100644
|
|
|
99cbc7 |
--- a/src/libvirt-nwfilter.c
|
|
|
99cbc7 |
+++ b/src/libvirt-nwfilter.c
|
|
|
99cbc7 |
@@ -678,7 +678,14 @@ virNWFilterBindingGetFilterName(virNWFilterBindingPtr binding)
|
|
|
99cbc7 |
* @flags: currently unused, pass 0
|
|
|
99cbc7 |
*
|
|
|
99cbc7 |
* Define a new network filter, based on an XML description
|
|
|
99cbc7 |
- * similar to the one returned by virNWFilterGetXMLDesc()
|
|
|
99cbc7 |
+ * similar to the one returned by virNWFilterGetXMLDesc(). This
|
|
|
99cbc7 |
+ * API may be used to associate a filter with a currently running
|
|
|
99cbc7 |
+ * guest that does not have a filter defined for a specific network
|
|
|
99cbc7 |
+ * port. Since the bindings are generally automatically managed by
|
|
|
99cbc7 |
+ * the hypervisor, using this command to define a filter for a network
|
|
|
99cbc7 |
+ * port and then starting the guest afterwards may prevent the guest
|
|
|
99cbc7 |
+ * from starting if it attempts to use the network port and finds a
|
|
|
99cbc7 |
+ * filter already defined.
|
|
|
99cbc7 |
*
|
|
|
99cbc7 |
* virNWFilterFree should be used to free the resources after the
|
|
|
99cbc7 |
* binding object is no longer needed.
|
|
|
99cbc7 |
@@ -717,7 +724,12 @@ virNWFilterBindingCreateXML(virConnectPtr conn, const char *xml, unsigned int fl
|
|
|
99cbc7 |
* @binding: a binding object
|
|
|
99cbc7 |
*
|
|
|
99cbc7 |
* Delete the binding object. This does not free the
|
|
|
99cbc7 |
- * associated virNWFilterBindingPtr object.
|
|
|
99cbc7 |
+ * associated virNWFilterBindingPtr object. This API
|
|
|
99cbc7 |
+ * may be used to remove the network port binding filter
|
|
|
99cbc7 |
+ * currently in use for the guest while the guest is
|
|
|
99cbc7 |
+ * running without needing to restart the guest. Restoring
|
|
|
99cbc7 |
+ * the network port binding filter for the running guest
|
|
|
99cbc7 |
+ * would be accomplished by using virNWFilterBindingCreateXML.
|
|
|
99cbc7 |
*
|
|
|
99cbc7 |
* Returns 0 in case of success and -1 in case of failure.
|
|
|
99cbc7 |
*/
|
|
|
99cbc7 |
diff --git a/tools/virsh.pod b/tools/virsh.pod
|
|
|
99cbc7 |
index 368ce89ed8..0e704bc407 100644
|
|
|
99cbc7 |
--- a/tools/virsh.pod
|
|
|
99cbc7 |
+++ b/tools/virsh.pod
|
|
|
99cbc7 |
@@ -4825,13 +4825,23 @@ of the network filters directly.
|
|
|
99cbc7 |
=item B<nwfilter-binding-create> I<xmlfile>
|
|
|
99cbc7 |
|
|
|
99cbc7 |
Associate a network port with a network filter. The network filter backend
|
|
|
99cbc7 |
-will immediately attempt to instantiate the filter rules on the port.
|
|
|
99cbc7 |
+will immediately attempt to instantiate the filter rules on the port. This
|
|
|
99cbc7 |
+command may be used to associate a filter with a currently running guest
|
|
|
99cbc7 |
+that does not have a filter defined for a specific network port. Since the
|
|
|
99cbc7 |
+bindings are generally automatically managed by the hypervisor, using this
|
|
|
99cbc7 |
+command to define a filter for a network port and then starting the guest
|
|
|
99cbc7 |
+afterwards may prevent the guest from starting if it attempts to use the
|
|
|
99cbc7 |
+network port and finds a filter already defined.
|
|
|
99cbc7 |
|
|
|
99cbc7 |
=item B<nwfilter-binding-delete> I<port-name>
|
|
|
99cbc7 |
|
|
|
99cbc7 |
Disassociate a network port from a network filter. The network filter
|
|
|
99cbc7 |
backend will immediately tear down the filter rules that exist on the
|
|
|
99cbc7 |
-port.
|
|
|
99cbc7 |
+port. This command may be used to remove the network port binding for
|
|
|
99cbc7 |
+a filter currently in use for the guest while the guest is running
|
|
|
99cbc7 |
+without needing to restart the guest. Restoring the network port binding
|
|
|
99cbc7 |
+filter for the running guest would be accomplished by using
|
|
|
99cbc7 |
+I<nwfilter-binding-create>.
|
|
|
99cbc7 |
|
|
|
99cbc7 |
=item B<nwfilter-binding-list>
|
|
|
99cbc7 |
|
|
|
99cbc7 |
--
|
|
|
99cbc7 |
2.21.0
|
|
|
99cbc7 |
|