mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
now that we only use built-in iptables chains, we don't
need to add or delete them
This commit is contained in:
parent
9b29b2a2a5
commit
2d2e410818
@ -1,3 +1,8 @@
|
|||||||
|
Thu Jan 10 13:57:56 GMT 2008 Mark McLoughlin <markmc@redhat.com>
|
||||||
|
|
||||||
|
* src/iptables.c: now that we only use built-in iptables
|
||||||
|
chains, we don't need to add or delete them
|
||||||
|
|
||||||
Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin <markmc@redhat.com>
|
Thu Jan 10 13:56:33 GMT 2008 Mark McLoughlin <markmc@redhat.com>
|
||||||
|
|
||||||
Like --with-iptables-prefix, --with-iptables-dir is no
|
Like --with-iptables-prefix, --with-iptables-dir is no
|
||||||
|
@ -395,53 +395,6 @@ iptRulesNew(const char *table,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
|
||||||
iptablesAddRemoveChain(iptRules *rules, int action)
|
|
||||||
{
|
|
||||||
char **argv;
|
|
||||||
int retval = ENOMEM;
|
|
||||||
int n, status;
|
|
||||||
|
|
||||||
n = 1 + /* /sbin/iptables */
|
|
||||||
2 + /* --table foo */
|
|
||||||
2; /* --new-chain bar */
|
|
||||||
|
|
||||||
if (!(argv = calloc(n + 1, sizeof(*argv))))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
n = 0;
|
|
||||||
|
|
||||||
if (!(argv[n++] = strdup(IPTABLES_PATH)))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (!(argv[n++] = strdup("--table")))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (!(argv[n++] = strdup(rules->table)))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (!(argv[n++] = strdup(action == ADD ? "--new-chain" : "--delete-chain")))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (!(argv[n++] = strdup(rules->chain)))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (virRun(NULL, argv, &status) < 0)
|
|
||||||
retval = errno;
|
|
||||||
|
|
||||||
retval = 0;
|
|
||||||
|
|
||||||
error:
|
|
||||||
if (argv) {
|
|
||||||
n = 0;
|
|
||||||
while (argv[n])
|
|
||||||
free(argv[n++]);
|
|
||||||
free(argv);
|
|
||||||
}
|
|
||||||
|
|
||||||
return retval;
|
|
||||||
}
|
|
||||||
|
|
||||||
static char *
|
static char *
|
||||||
argvToString(char **argv)
|
argvToString(char **argv)
|
||||||
{
|
{
|
||||||
@ -530,19 +483,11 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
|
|||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (action == ADD &&
|
|
||||||
(retval = iptablesAddRemoveChain(rules, action)))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (virRun(NULL, argv, NULL) < 0) {
|
if (virRun(NULL, argv, NULL) < 0) {
|
||||||
retval = errno;
|
retval = errno;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (action == REMOVE &&
|
|
||||||
(retval = iptablesAddRemoveChain(rules, action)))
|
|
||||||
goto error;
|
|
||||||
|
|
||||||
if (action == ADD) {
|
if (action == ADD) {
|
||||||
retval = iptRulesAppend(rules, rule, argv, command_idx);
|
retval = iptRulesAppend(rules, rule, argv, command_idx);
|
||||||
rule = NULL;
|
rule = NULL;
|
||||||
@ -634,11 +579,6 @@ iptRulesReload(iptRules *rules)
|
|||||||
rule->argv[rule->command_idx] = orig;
|
rule->argv[rule->command_idx] = orig;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((retval = iptablesAddRemoveChain(rules, REMOVE)) ||
|
|
||||||
(retval = iptablesAddRemoveChain(rules, ADD)))
|
|
||||||
qemudLog(QEMUD_WARN, "Failed to re-create chain '%s' in table '%s': %s",
|
|
||||||
rules->chain, rules->table, strerror(retval));
|
|
||||||
|
|
||||||
for (i = 0; i < rules->nrules; i++)
|
for (i = 0; i < rules->nrules; i++)
|
||||||
if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
|
if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
|
||||||
qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s",
|
qemudLog(QEMUD_WARN, "Failed to add iptables rule '%s' to chain '%s' in table '%s': %s",
|
||||||
|
Loading…
Reference in New Issue
Block a user