mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-10 14:57:42 +00:00
Add helper methods for determining what protocol layer is used
Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods
to avoid having to write a giant switch statements with many cases.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange
parent
143a8a3038
commit
23b1d0c07d
@ -3484,3 +3484,29 @@ void virNWFilterObjUnlock(virNWFilterObjPtr obj)
|
|||||||
{
|
{
|
||||||
virMutexUnlock(&obj->lock);
|
virMutexUnlock(&obj->lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule)
|
||||||
|
{
|
||||||
|
if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP &&
|
||||||
|
rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALL)
|
||||||
|
return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule)
|
||||||
|
{
|
||||||
|
if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6 &&
|
||||||
|
rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6)
|
||||||
|
return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule)
|
||||||
|
{
|
||||||
|
if (rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_IPV6)
|
||||||
|
return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|||||||
@ -373,7 +373,13 @@ enum virNWFilterChainPolicyType {
|
|||||||
VIR_NWFILTER_CHAIN_POLICY_LAST,
|
VIR_NWFILTER_CHAIN_POLICY_LAST,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If adding protocols be sure to update the
|
||||||
|
* virNWFilterRuleIsProtocolXXXX function impls
|
||||||
|
*/
|
||||||
enum virNWFilterRuleProtocolType {
|
enum virNWFilterRuleProtocolType {
|
||||||
|
/* Ethernet layer protocols */
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_NONE = 0,
|
VIR_NWFILTER_RULE_PROTOCOL_NONE = 0,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_MAC,
|
VIR_NWFILTER_RULE_PROTOCOL_MAC,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_VLAN,
|
VIR_NWFILTER_RULE_PROTOCOL_VLAN,
|
||||||
@ -382,6 +388,8 @@ enum virNWFilterRuleProtocolType {
|
|||||||
VIR_NWFILTER_RULE_PROTOCOL_RARP,
|
VIR_NWFILTER_RULE_PROTOCOL_RARP,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_IP,
|
VIR_NWFILTER_RULE_PROTOCOL_IP,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_IPV6,
|
VIR_NWFILTER_RULE_PROTOCOL_IPV6,
|
||||||
|
|
||||||
|
/* IPv4 layer protocols */
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_TCP,
|
VIR_NWFILTER_RULE_PROTOCOL_TCP,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_ICMP,
|
VIR_NWFILTER_RULE_PROTOCOL_ICMP,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_IGMP,
|
VIR_NWFILTER_RULE_PROTOCOL_IGMP,
|
||||||
@ -391,6 +399,8 @@ enum virNWFilterRuleProtocolType {
|
|||||||
VIR_NWFILTER_RULE_PROTOCOL_AH,
|
VIR_NWFILTER_RULE_PROTOCOL_AH,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_SCTP,
|
VIR_NWFILTER_RULE_PROTOCOL_SCTP,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_ALL,
|
VIR_NWFILTER_RULE_PROTOCOL_ALL,
|
||||||
|
|
||||||
|
/* IPv6 layer protocols */
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6,
|
VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_ICMPV6,
|
VIR_NWFILTER_RULE_PROTOCOL_ICMPV6,
|
||||||
VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6,
|
VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6,
|
||||||
@ -667,6 +677,10 @@ void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask,
|
|||||||
char sep, uint8_t flags);
|
char sep, uint8_t flags);
|
||||||
|
|
||||||
|
|
||||||
|
bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule);
|
||||||
|
bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule);
|
||||||
|
bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule);
|
||||||
|
|
||||||
VIR_ENUM_DECL(virNWFilterRuleAction);
|
VIR_ENUM_DECL(virNWFilterRuleAction);
|
||||||
VIR_ENUM_DECL(virNWFilterRuleDirection);
|
VIR_ENUM_DECL(virNWFilterRuleDirection);
|
||||||
VIR_ENUM_DECL(virNWFilterRuleProtocol);
|
VIR_ENUM_DECL(virNWFilterRuleProtocol);
|
||||||
|
|||||||
@ -595,6 +595,9 @@ virNWFilterReadLockFilterUpdates;
|
|||||||
virNWFilterRegisterCallbackDriver;
|
virNWFilterRegisterCallbackDriver;
|
||||||
virNWFilterRuleActionTypeToString;
|
virNWFilterRuleActionTypeToString;
|
||||||
virNWFilterRuleDirectionTypeToString;
|
virNWFilterRuleDirectionTypeToString;
|
||||||
|
virNWFilterRuleIsProtocolEthernet;
|
||||||
|
virNWFilterRuleIsProtocolIPv4;
|
||||||
|
virNWFilterRuleIsProtocolIPv6;
|
||||||
virNWFilterRuleProtocolTypeToString;
|
virNWFilterRuleProtocolTypeToString;
|
||||||
virNWFilterTestUnassignDef;
|
virNWFilterTestUnassignDef;
|
||||||
virNWFilterUnlockFilterUpdates;
|
virNWFilterUnlockFilterUpdates;
|
||||||
|
|||||||
@ -2656,18 +2656,8 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
|
|||||||
virNWFilterRuleInstPtr res)
|
virNWFilterRuleInstPtr res)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
bool isIPv6;
|
|
||||||
|
|
||||||
switch (rule->prtclType) {
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_IP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_MAC:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_STP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ARP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_RARP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_NONE:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
|
|
||||||
|
|
||||||
|
if (virNWFilterRuleIsProtocolEthernet(rule)) {
|
||||||
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
|
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
|
||||||
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
|
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
|
||||||
rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_IN_TEMP,
|
rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_IN_TEMP,
|
||||||
@ -2691,48 +2681,24 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
|
|||||||
res,
|
res,
|
||||||
false);
|
false);
|
||||||
}
|
}
|
||||||
break;
|
} else {
|
||||||
|
bool isIPv6;
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_TCP:
|
if (virNWFilterRuleIsProtocolIPv6(rule)) {
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_UDP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ESP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_AH:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ALL:
|
|
||||||
isIPv6 = false;
|
|
||||||
rc = iptablesCreateRuleInstance(nwfilter,
|
|
||||||
rule,
|
|
||||||
ifname,
|
|
||||||
vars,
|
|
||||||
res,
|
|
||||||
isIPv6);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
|
|
||||||
isIPv6 = true;
|
isIPv6 = true;
|
||||||
|
} else if (virNWFilterRuleIsProtocolIPv4(rule)) {
|
||||||
|
isIPv6 = false;
|
||||||
|
} else {
|
||||||
|
virReportError(VIR_ERR_OPERATION_FAILED,
|
||||||
|
"%s", _("unexpected protocol type"));
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
rc = iptablesCreateRuleInstance(nwfilter,
|
rc = iptablesCreateRuleInstance(nwfilter,
|
||||||
rule,
|
rule,
|
||||||
ifname,
|
ifname,
|
||||||
vars,
|
vars,
|
||||||
res,
|
res,
|
||||||
isIPv6);
|
isIPv6);
|
||||||
break;
|
|
||||||
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_LAST:
|
|
||||||
virReportError(VIR_ERR_OPERATION_FAILED,
|
|
||||||
"%s", _("illegal protocol type"));
|
|
||||||
rc = -1;
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return rc;
|
return rc;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user