From 23b1d0c07d3cc16a0cb9a056bd3db6c746754301 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Tue, 25 Mar 2014 11:50:18 +0000 Subject: [PATCH] Add helper methods for determining what protocol layer is used Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods to avoid having to write a giant switch statements with many cases. Signed-off-by: Daniel P. Berrange --- src/conf/nwfilter_conf.c | 26 ++++++++++ src/conf/nwfilter_conf.h | 14 ++++++ src/libvirt_private.syms | 3 ++ src/nwfilter/nwfilter_ebiptables_driver.c | 58 +++++------------------ 4 files changed, 55 insertions(+), 46 deletions(-) diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c index f5a75e4553..efe6288de2 100644 --- a/src/conf/nwfilter_conf.c +++ b/src/conf/nwfilter_conf.c @@ -3484,3 +3484,29 @@ void virNWFilterObjUnlock(virNWFilterObjPtr obj) { virMutexUnlock(&obj->lock); } + + +bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule) +{ + if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP && + rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALL) + return true; + return false; +} + + +bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule) +{ + if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6 && + rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6) + return true; + return false; +} + + +bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule) +{ + if (rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_IPV6) + return true; + return false; +} diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h index aded4de4e5..9f9deaba66 100644 --- a/src/conf/nwfilter_conf.h +++ b/src/conf/nwfilter_conf.h @@ -373,7 +373,13 @@ enum virNWFilterChainPolicyType { VIR_NWFILTER_CHAIN_POLICY_LAST, }; + +/* + * If adding protocols be sure to update the + * virNWFilterRuleIsProtocolXXXX function impls + */ enum virNWFilterRuleProtocolType { + /* Ethernet layer protocols */ VIR_NWFILTER_RULE_PROTOCOL_NONE = 0, VIR_NWFILTER_RULE_PROTOCOL_MAC, VIR_NWFILTER_RULE_PROTOCOL_VLAN, @@ -382,6 +388,8 @@ enum virNWFilterRuleProtocolType { VIR_NWFILTER_RULE_PROTOCOL_RARP, VIR_NWFILTER_RULE_PROTOCOL_IP, VIR_NWFILTER_RULE_PROTOCOL_IPV6, + + /* IPv4 layer protocols */ VIR_NWFILTER_RULE_PROTOCOL_TCP, VIR_NWFILTER_RULE_PROTOCOL_ICMP, VIR_NWFILTER_RULE_PROTOCOL_IGMP, @@ -391,6 +399,8 @@ enum virNWFilterRuleProtocolType { VIR_NWFILTER_RULE_PROTOCOL_AH, VIR_NWFILTER_RULE_PROTOCOL_SCTP, VIR_NWFILTER_RULE_PROTOCOL_ALL, + + /* IPv6 layer protocols */ VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6, VIR_NWFILTER_RULE_PROTOCOL_ICMPV6, VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6, @@ -667,6 +677,10 @@ void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask, char sep, uint8_t flags); +bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule); +bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule); +bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule); + VIR_ENUM_DECL(virNWFilterRuleAction); VIR_ENUM_DECL(virNWFilterRuleDirection); VIR_ENUM_DECL(virNWFilterRuleProtocol); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 6c48234252..c5ffe05b10 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -595,6 +595,9 @@ virNWFilterReadLockFilterUpdates; virNWFilterRegisterCallbackDriver; virNWFilterRuleActionTypeToString; virNWFilterRuleDirectionTypeToString; +virNWFilterRuleIsProtocolEthernet; +virNWFilterRuleIsProtocolIPv4; +virNWFilterRuleIsProtocolIPv6; virNWFilterRuleProtocolTypeToString; virNWFilterTestUnassignDef; virNWFilterUnlockFilterUpdates; diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 0885bb117e..410f0e1ee8 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -2656,18 +2656,8 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter, virNWFilterRuleInstPtr res) { int rc = 0; - bool isIPv6; - - switch (rule->prtclType) { - case VIR_NWFILTER_RULE_PROTOCOL_IP: - case VIR_NWFILTER_RULE_PROTOCOL_MAC: - case VIR_NWFILTER_RULE_PROTOCOL_VLAN: - case VIR_NWFILTER_RULE_PROTOCOL_STP: - case VIR_NWFILTER_RULE_PROTOCOL_ARP: - case VIR_NWFILTER_RULE_PROTOCOL_RARP: - case VIR_NWFILTER_RULE_PROTOCOL_NONE: - case VIR_NWFILTER_RULE_PROTOCOL_IPV6: + if (virNWFilterRuleIsProtocolEthernet(rule)) { if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT || rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) { rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_IN_TEMP, @@ -2691,48 +2681,24 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter, res, false); } - break; + } else { + bool isIPv6; + if (virNWFilterRuleIsProtocolIPv6(rule)) { + isIPv6 = true; + } else if (virNWFilterRuleIsProtocolIPv4(rule)) { + isIPv6 = false; + } else { + virReportError(VIR_ERR_OPERATION_FAILED, + "%s", _("unexpected protocol type")); + return -1; + } - case VIR_NWFILTER_RULE_PROTOCOL_TCP: - case VIR_NWFILTER_RULE_PROTOCOL_UDP: - case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE: - case VIR_NWFILTER_RULE_PROTOCOL_ESP: - case VIR_NWFILTER_RULE_PROTOCOL_AH: - case VIR_NWFILTER_RULE_PROTOCOL_SCTP: - case VIR_NWFILTER_RULE_PROTOCOL_ICMP: - case VIR_NWFILTER_RULE_PROTOCOL_IGMP: - case VIR_NWFILTER_RULE_PROTOCOL_ALL: - isIPv6 = false; rc = iptablesCreateRuleInstance(nwfilter, rule, ifname, vars, res, isIPv6); - break; - - case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6: - case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6: - case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6: - case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6: - case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6: - case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6: - case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6: - case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6: - isIPv6 = true; - rc = iptablesCreateRuleInstance(nwfilter, - rule, - ifname, - vars, - res, - isIPv6); - break; - - case VIR_NWFILTER_RULE_PROTOCOL_LAST: - virReportError(VIR_ERR_OPERATION_FAILED, - "%s", _("illegal protocol type")); - rc = -1; - break; } return rc;