diff mbox

[RFC,7/7] net/filter: prevent the default filter to be deleted

Message ID 1453451811-11860-8-git-send-email-zhang.zhanghailiang@huawei.com (mailing list archive)
State New, archived
Headers show

Commit Message

Zhanghailiang Jan. 22, 2016, 8:36 a.m. UTC 
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
 net/filter.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Jason Wang Jan. 25, 2016, 5:25 a.m. UTC | #1 
On 01/22/2016 04:36 PM, zhanghailiang wrote:
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  net/filter.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/net/filter.c b/net/filter.c
> index a126a3b..4aafff0 100644
> --- a/net/filter.c
> +++ b/net/filter.c
> @@ -323,11 +323,19 @@ static void netfilter_finalize(Object *obj)
>      g_free(nf->netdev_id);
>  }
>  
> +static bool netfilter_can_be_deleted(UserCreatable *uc, Error **errp)
> +{
> +    NetFilterState *nf = NETFILTER(uc);
> +    /* Forbid the default filter to be deleted */
> +    return !nf->is_default;
> +}
> +
>  static void netfilter_class_init(ObjectClass *oc, void *data)
>  {
>      UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
>  
>      ucc->complete = netfilter_complete;
> +    ucc->can_be_deleted = netfilter_can_be_deleted;
>  }
>  
>  static const TypeInfo netfilter_info = {

This looks unnecessary. As I replied in previous mails, there's no need
to differ default netfilter from others. For COLO specifically, I know
it's a kind of mis-configuration you want to avoid, but that's not the
business of qemu. (Even if this is accepted, user could still mis
configure the netfitler that can break COLO).
Zhanghailiang Jan. 25, 2016, 7:43 a.m. UTC | #2 
On 2016/1/25 13:25, Jason Wang wrote:
>
>
> On 01/22/2016 04:36 PM, zhanghailiang wrote:
>> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
>> ---
>>   net/filter.c | 8 ++++++++
>>   1 file changed, 8 insertions(+)
>>
>> diff --git a/net/filter.c b/net/filter.c
>> index a126a3b..4aafff0 100644
>> --- a/net/filter.c
>> +++ b/net/filter.c
>> @@ -323,11 +323,19 @@ static void netfilter_finalize(Object *obj)
>>       g_free(nf->netdev_id);
>>   }
>>
>> +static bool netfilter_can_be_deleted(UserCreatable *uc, Error **errp)
>> +{
>> +    NetFilterState *nf = NETFILTER(uc);
>> +    /* Forbid the default filter to be deleted */
>> +    return !nf->is_default;
>> +}
>> +
>>   static void netfilter_class_init(ObjectClass *oc, void *data)
>>   {
>>       UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
>>
>>       ucc->complete = netfilter_complete;
>> +    ucc->can_be_deleted = netfilter_can_be_deleted;
>>   }
>>
>>   static const TypeInfo netfilter_info = {
>
> This looks unnecessary. As I replied in previous mails, there's no need
> to differ default netfilter from others. For COLO specifically, I know
> it's a kind of mis-configuration you want to avoid, but that's not the
> business of qemu. (Even if this is accepted, user could still mis
> configure the netfitler that can break COLO).
>

Got it, will drop this patch in next version, thanks.
diff mbox

Patch

diff --git a/net/filter.c b/net/filter.c
index a126a3b..4aafff0 100644
--- a/net/filter.c
+++ b/net/filter.c
@@ -323,11 +323,19 @@  static void netfilter_finalize(Object *obj)
     g_free(nf->netdev_id);
 }
 
+static bool netfilter_can_be_deleted(UserCreatable *uc, Error **errp)
+{
+    NetFilterState *nf = NETFILTER(uc);
+    /* Forbid the default filter to be deleted */
+    return !nf->is_default;
+}
+
 static void netfilter_class_init(ObjectClass *oc, void *data)
 {
     UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
 
     ucc->complete = netfilter_complete;
+    ucc->can_be_deleted = netfilter_can_be_deleted;
 }
 
 static const TypeInfo netfilter_info = {