mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-27 15:05:17 +00:00
Convert nwfilter ebiptablesApplyNewRules to virFirewall
Convert the nwfilter ebtablesApplyNewRules method to use the virFirewall object APIs instead of creating shell scripts using virBuffer APIs. This provides a performance improvement through allowing direct use of firewalld dbus APIs and will facilitate automated testing. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
051eb0238a
commit
001130c096
@ -962,13 +962,16 @@ printTCPFlags(virBufferPtr buf, uint8_t flags)
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
virNWFilterPrintTCPFlags(virBufferPtr buf,
|
||||
uint8_t mask, char sep, uint8_t flags)
|
||||
char *
|
||||
virNWFilterPrintTCPFlags(uint8_t flags)
|
||||
{
|
||||
printTCPFlags(buf, mask);
|
||||
virBufferAddChar(buf, sep);
|
||||
printTCPFlags(buf, flags);
|
||||
virBuffer buf = VIR_BUFFER_INITIALIZER;
|
||||
printTCPFlags(&buf, flags);
|
||||
if (virBufferError(&buf)) {
|
||||
virReportOOMError();
|
||||
return NULL;
|
||||
}
|
||||
return virBufferContentAndReset(&buf);
|
||||
}
|
||||
|
||||
|
||||
@ -977,10 +980,9 @@ tcpFlagsFormatter(virBufferPtr buf,
|
||||
virNWFilterRuleDefPtr nwf ATTRIBUTE_UNUSED,
|
||||
nwItemDesc *item)
|
||||
{
|
||||
virNWFilterPrintTCPFlags(buf,
|
||||
item->u.tcpFlags.mask,
|
||||
'/',
|
||||
item->u.tcpFlags.flags);
|
||||
printTCPFlags(buf, item->u.tcpFlags.mask);
|
||||
virBufferAddLit(buf, "/");
|
||||
printTCPFlags(buf, item->u.tcpFlags.flags);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
@ -82,8 +82,8 @@ enum virNWFilterEntryItemFlags {
|
||||
# define HAS_ENTRY_ITEM(data) \
|
||||
(((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_EXISTS)
|
||||
|
||||
# define ENTRY_GET_NEG_SIGN(data) \
|
||||
((((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_IS_NEG) ? "!" : "")
|
||||
# define ENTRY_WANT_NEG_SIGN(data) \
|
||||
(((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_IS_NEG)
|
||||
|
||||
/* datatypes appearing in rule attributes */
|
||||
enum attrDatatype {
|
||||
@ -673,8 +673,7 @@ void virNWFilterCallbackDriversLock(void);
|
||||
void virNWFilterCallbackDriversUnlock(void);
|
||||
|
||||
|
||||
void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask,
|
||||
char sep, uint8_t flags);
|
||||
char *virNWFilterPrintTCPFlags(uint8_t flags);
|
||||
|
||||
|
||||
bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule);
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -27,23 +27,6 @@
|
||||
|
||||
# define MAX_CHAINNAME_LENGTH 32 /* see linux/netfilter_bridge/ebtables.h */
|
||||
|
||||
enum RuleType {
|
||||
RT_EBTABLES,
|
||||
RT_IPTABLES,
|
||||
RT_IP6TABLES,
|
||||
};
|
||||
|
||||
typedef struct _ebiptablesRuleInst ebiptablesRuleInst;
|
||||
typedef ebiptablesRuleInst *ebiptablesRuleInstPtr;
|
||||
struct _ebiptablesRuleInst {
|
||||
char *commandTemplate;
|
||||
const char *neededProtocolChain;
|
||||
virNWFilterChainPriority chainPriority;
|
||||
char chainprefix; /* I for incoming, O for outgoing */
|
||||
virNWFilterRulePriority priority;
|
||||
enum RuleType ruleType;
|
||||
};
|
||||
|
||||
extern virNWFilterTechDriver ebiptables_driver;
|
||||
|
||||
# define EBIPTABLES_DRIVER_ID "ebiptables"
|
||||
|
Loading…
x
Reference in New Issue
Block a user