External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-26 18:41:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Convert nwfilter ebiptablesApplyNewRules to virFirewall

Browse Source 
Convert the nwfilter ebtablesApplyNewRules method to use the
virFirewall object APIs instead of creating shell scripts
using virBuffer APIs. This provides a performance improvement
through allowing direct use of firewalld dbus APIs and will
facilitate automated testing.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2014-03-25 14:33:19 +00:00
parent 051eb0238a
commit 001130c096
4 changed files with 1120 additions and 1741 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/conf/nwfilter_conf.c
View File

@ -962,13 +962,16 @@ printTCPFlags(virBufferPtr buf, uint8_t flags)
} }
void char *
virNWFilterPrintTCPFlags(virBufferPtr buf, virNWFilterPrintTCPFlags(uint8_t flags)
uint8_t mask, char sep, uint8_t flags)
{ {
printTCPFlags(buf, mask); virBuffer buf = VIR_BUFFER_INITIALIZER;
virBufferAddChar(buf, sep); printTCPFlags(&buf, flags);
printTCPFlags(buf, flags); if (virBufferError(&buf)) {
virReportOOMError();
return NULL;
}
return virBufferContentAndReset(&buf);
} }
@ -977,10 +980,9 @@ tcpFlagsFormatter(virBufferPtr buf,
virNWFilterRuleDefPtr nwf ATTRIBUTE_UNUSED, virNWFilterRuleDefPtr nwf ATTRIBUTE_UNUSED,
nwItemDesc *item) nwItemDesc *item)
{ {
virNWFilterPrintTCPFlags(buf, printTCPFlags(buf, item->u.tcpFlags.mask);
item->u.tcpFlags.mask, virBufferAddLit(buf, "/");
'/', printTCPFlags(buf, item->u.tcpFlags.flags);
item->u.tcpFlags.flags);
return true; return true;
} }

7
src/conf/nwfilter_conf.h
View File

@ -82,8 +82,8 @@ enum virNWFilterEntryItemFlags {
# define HAS_ENTRY_ITEM(data) \ # define HAS_ENTRY_ITEM(data) \
(((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_EXISTS) (((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_EXISTS)
# define ENTRY_GET_NEG_SIGN(data) \ # define ENTRY_WANT_NEG_SIGN(data) \
((((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_IS_NEG) ? "!" : "") (((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_IS_NEG)
/* datatypes appearing in rule attributes */ /* datatypes appearing in rule attributes */
enum attrDatatype { enum attrDatatype {
@ -673,8 +673,7 @@ void virNWFilterCallbackDriversLock(void);
void virNWFilterCallbackDriversUnlock(void); void virNWFilterCallbackDriversUnlock(void);
void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask, char *virNWFilterPrintTCPFlags(uint8_t flags);
char sep, uint8_t flags);
bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule); bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule);

2733
src/nwfilter/nwfilter_ebiptables_driver.c
View File

File diff suppressed because it is too large Load Diff

17
src/nwfilter/nwfilter_ebiptables_driver.h
View File

@ -27,23 +27,6 @@
# define MAX_CHAINNAME_LENGTH 32 /* see linux/netfilter_bridge/ebtables.h */ # define MAX_CHAINNAME_LENGTH 32 /* see linux/netfilter_bridge/ebtables.h */
enum RuleType {
RT_EBTABLES,
RT_IPTABLES,
RT_IP6TABLES,
};
typedef struct _ebiptablesRuleInst ebiptablesRuleInst;
typedef ebiptablesRuleInst *ebiptablesRuleInstPtr;
struct _ebiptablesRuleInst {
char *commandTemplate;
const char *neededProtocolChain;
virNWFilterChainPriority chainPriority;
char chainprefix; /* I for incoming, O for outgoing */
virNWFilterRulePriority priority;
enum RuleType ruleType;
};
extern virNWFilterTechDriver ebiptables_driver; extern virNWFilterTechDriver ebiptables_driver;
# define EBIPTABLES_DRIVER_ID "ebiptables" # define EBIPTABLES_DRIVER_ID "ebiptables"