Remove broken error reporting in QEMU mac filtering

The qemu_bridge_filter.c file had some helpers for calling
the ebtablesXXX functions todo bridge filtering. The only
thing these helpers did was to overwrite the original error
message from the ebtables code. For added fun, the callers
of these helpers overwrote the errors yet again. For even
more fun, one of the helpers called another helper and
overwrite its errors too.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

diff --git a/po/POTFILES.in b/po/POTFILES.in
index a8a59758deea1f265b41f4ce4c26c939c5429e32..efac7b2d8beacfaf951eb91c5af5b080f16298d8 100644 (file)
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -96,7 +96,6 @@ src/parallels/parallels_utils.h
 src/parallels/parallels_storage.c
 src/phyp/phyp_driver.c
 src/qemu/qemu_agent.c
-src/qemu/qemu_bridge_filter.c
 src/qemu/qemu_capabilities.c
 src/qemu/qemu_cgroup.c
 src/qemu/qemu_command.c

diff --git a/src/Makefile.am b/src/Makefile.am
index 4bc2df4bc4b134cc9658e243da36291a8e8dfe43..a88b258b7291ad7531ec91ddb48d937c80193b93 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -688,9 +688,7 @@ QEMU_DRIVER_SOURCES =                                                       \
                qemu/qemu_monitor_text.h                                \
                qemu/qemu_monitor_json.c                                \
                qemu/qemu_monitor_json.h                                \
-               qemu/qemu_driver.c qemu/qemu_driver.h                   \
-               qemu/qemu_bridge_filter.c                               \
-               qemu/qemu_bridge_filter.h
+               qemu/qemu_driver.c qemu/qemu_driver.h
 
 XENAPI_DRIVER_SOURCES =                                                \
                xenapi/xenapi_driver.c xenapi/xenapi_driver.h   \

diff --git a/src/qemu/qemu_bridge_filter.c b/src/qemu/qemu_bridge_filter.c
deleted file mode 100644 (file)
index 49954c6..0000000
--- a/src/qemu/qemu_bridge_filter.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright (C) 2007-2009, 2013 Red Hat, Inc.
- * Copyright (C) 2009 IBM Corp.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Authors:
- *     Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
- */
-
-#include <config.h>
-
-#include "virebtables.h"
-#include "qemu_conf.h"
-#include "qemu_driver.h"
-#include "virerror.h"
-#include "virlog.h"
-
-#include "qemu_bridge_filter.h"
-
-#define VIR_FROM_THIS VIR_FROM_QEMU
-
-int
-networkAddEbtablesRules(virQEMUDriverPtr driver) {
-    int err;
-
-    /* Set forward policy to DROP */
-    if ((err = ebtablesAddForwardPolicyReject(driver->ebtables))) {
-        virReportSystemError(err,
-         _("failed to add ebtables rule to set default policy to drop on '%s'"),
-                             __FILE__);
-        return err;
-    }
-
-    return 0;
-}
-
-
-int
-networkDisableAllFrames(virQEMUDriverPtr driver) {
-    int err;
-
-    /* add default rules */
-    if ((err = networkAddEbtablesRules(driver))) {
-        virReportSystemError(err,
-                             _("cannot filter mac addresses on bridge '%s'"),
-                             __FILE__);
-        return err;
-    }
-    return 0;
-}
-
-int
-networkAllowMacOnPort(virQEMUDriverPtr driver,
-                      const char * ifname,
-                      const virMacAddr *mac)
-{
-    int err;
-
-    /* allow this combination of macaddr and ifname */
-    ebtablesContext * ebtablescontext = driver->ebtables;
-    if ((err = ebtablesAddForwardAllowIn(ebtablescontext,
-                                         ifname,
-                                         mac))) {
-        virReportSystemError(err,
-                     _("failed to add ebtables rule to allow routing to '%s'"),
-                             ifname);
-    }
-
-    return 0;
-}
-
-
-int
-networkDisallowMacOnPort(virQEMUDriverPtr driver,
-                         const char * ifname,
-                         const virMacAddr *mac)
-{
-    int err;
-
-    /* disallow this combination of macaddr and ifname */
-    ebtablesContext * ebtablescontext = driver->ebtables;
-    if ((err = ebtablesRemoveForwardAllowIn(ebtablescontext,
-                                         ifname,
-                                         mac))) {
-        virReportSystemError(err,
-                     _("failed to add ebtables rule to allow routing to '%s'"),
-                             ifname);
-    }
-
-    return 0;
-}

diff --git a/src/qemu/qemu_bridge_filter.h b/src/qemu/qemu_bridge_filter.h
deleted file mode 100644 (file)
index bacced8..0000000
--- a/src/qemu/qemu_bridge_filter.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2007-2009, 2013 Red Hat, Inc.
- * Copyright (C) 2009 IBM Corp.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * Authors:
- *     Gerhard Stenzel <gerhard.stenzel@de.ibm.com>
- */
-
-#ifndef __QEMUD_BRIDGE_FILTER_H__
-# define __QEMUD_BRIDGE_FILTER_H__
-
-
-int networkAllowMacOnPort(virQEMUDriverPtr driver,
-                          const char *ifname,
-                          const virMacAddr *mac);
-int networkDisallowMacOnPort(virQEMUDriverPtr driver,
-                             const char *ifname,
-                             const virMacAddr *mac);
-int networkDisableAllFrames(virQEMUDriverPtr driver);
-int networkAddEbtablesRules(virQEMUDriverPtr driver);
-
-
-#endif /* __QEMUD_BRIDGE_FILTER_H__ */

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 775e139ee3e84e72dfb8b156bd8ba979ab0f0aa8..dbb8499bf72afdca3cf8ee290a2b9542a851ce46 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -26,7 +26,6 @@
 #include "qemu_command.h"
 #include "qemu_hostdev.h"
 #include "qemu_capabilities.h"
-#include "qemu_bridge_filter.h"
 #include "cpu/cpu.h"
 #include "dirname.h"
 #include "passfd.h"
@@ -380,12 +379,10 @@ qemuNetworkIfaceConnect(virDomainDefPtr def,
     virDomainAuditNetDevice(def, net, "/dev/net/tun", true);
 
     if (cfg->macFilter &&
-        (ret = networkAllowMacOnPort(driver, net->ifname, &net->mac)) < 0) {
-        virReportSystemError(ret,
-                             _("failed to add ebtables rule "
-                               "to allow MAC address on '%s'"),
-                             net->ifname);
-    }
+        ebtablesAddForwardAllowIn(driver->ebtables,
+                                  net->ifname,
+                                  &net->mac) < 0)
+        goto cleanup;
 
     if (virNetDevBandwidthSet(net->ifname,
                               virDomainNetGetActualBandwidth(net),

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 20fd62dda24a0bd5e90664e78f63d1ab19f3b24d..bdba7d48dc7c2759b4d163c8aec27e7e8cb4bd38 100644 (file)
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -38,7 +38,6 @@
 #include "qemu_conf.h"
 #include "qemu_command.h"
 #include "qemu_capabilities.h"
-#include "qemu_bridge_filter.h"
 #include "viruuid.h"
 #include "virbuffer.h"
 #include "virconf.h"

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 7fea07c72d2e581d567235cd35bb373eeb9acd51..aa7b129b3bbc5bd4cda920ea17b28a37f80134b1 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -53,7 +53,6 @@
 #include "qemu_hostdev.h"
 #include "qemu_hotplug.h"
 #include "qemu_monitor.h"
-#include "qemu_bridge_filter.h"
 #include "qemu_process.h"
 #include "qemu_migration.h"
 
@@ -663,12 +662,8 @@ qemuStateInitialize(bool privileged,
             goto error;
         }
 
-        if ((errno = networkDisableAllFrames(qemu_driver))) {
-            virReportSystemError(errno,
-                                 _("failed to add rule to drop all frames in '%s'"),
-                                 __FILE__);
+        if (ebtablesAddForwardPolicyReject(qemu_driver->ebtables) < 0)
             goto error;
-        }
    }
 
     /* Allocate bitmap for remote display port reservations. We cannot

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 6ff2489d2f5ca291ae3b2b17fb142b5d57b35573..4abf9b3f5c678ac90f0d37ea9deee667bb2861d2 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -29,7 +29,6 @@
 #include "qemu_capabilities.h"
 #include "qemu_domain.h"
 #include "qemu_command.h"
-#include "qemu_bridge_filter.h"
 #include "qemu_hostdev.h"
 #include "domain_audit.h"
 #include "domain_nwfilter.h"
@@ -2710,13 +2709,9 @@ qemuDomainRemoveNetDevice(virQEMUDriverPtr driver,
     }
 
     if (cfg->macFilter && (net->ifname != NULL)) {
-        if ((errno = networkDisallowMacOnPort(driver,
-                                              net->ifname,
-                                              &net->mac))) {
-            virReportSystemError(errno,
-             _("failed to remove ebtables rule on '%s'"),
-                                 net->ifname);
-        }
+        ignore_value(ebtablesRemoveForwardAllowIn(driver->ebtables,
+                                                  net->ifname,
+                                                  &net->mac));
     }
 
     vport = virDomainNetGetActualVirtPortProfile(net);

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index ffa939a9962c1a94ea8e1b4e4b5c624924f4a7fc..1f008409a0ee2caea5b49ea03d1b1909ed864822 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -41,7 +41,6 @@
 #include "qemu_command.h"
 #include "qemu_hostdev.h"
 #include "qemu_hotplug.h"
-#include "qemu_bridge_filter.h"
 #include "qemu_migration.h"
 
 #include "cpu/cpu.h"
@@ -4280,12 +4279,9 @@ void qemuProcessStop(virQEMUDriverPtr driver,
             virDomainNetDefPtr net = def->nets[i];
             if (net->ifname == NULL)
                 continue;
-            if ((errno = networkDisallowMacOnPort(driver, net->ifname,
-                                                  &net->mac))) {
-                virReportSystemError(errno,
-             _("failed to remove ebtables rule to allow MAC address on '%s'"),
-                                     net->ifname);
-            }
+            ignore_value(ebtablesRemoveForwardAllowIn(driver->ebtables,
+                                                      net->ifname,
+                                                      &net->mac));
         }
     }