Prior to this patch, a network device of a running domain could be updated to change the portForwards list, and libvirt wouldn't complain, but the change would be silently ignored. This list is only used by the passt backend, and passt can only change the list of portForwards by killing and re-running the passt process, which we don't want to do because that would destroy any open tcp session flows in passt (ie. it would disrupt guest network traffic); we don't want to do *that*, but we should at least let the user know that their requested change isn't possible.
This patch checks if the portForwards list of the updated network device exactly matches the portForwards list of the current network device, and fails the update if they don't match. Resolves: https://issues.redhat.com/browse/RHEL-7338 Signed-off-by: Laine Stump <[email protected]> --- src/qemu/qemu_hotplug.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index fccbef5d0c..cfc586e17d 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -3966,6 +3966,15 @@ qemuDomainChangeNet(virQEMUDriver *driver, goto cleanup; } + if (olddev->nPortForwards != newdev->nPortForwards || + !virDomainNetPortForwardsIsEqual(olddev->portForwards, + newdev->portForwards, + olddev->nPortForwards)) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("cannot modify network device portForward settings")); + goto cleanup; + } + /* allocate new actual device to compare to old - we will need to * free it if we fail for any reason */ -- 2.52.0
