External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

remove iptablesReloadRules() and related code

Browse Source 
We don't use this method of reloading rules anymore, so we can just
kill the code.

This simplifies things a lot because we no longer need to keep a
table of the rules we've added.

* src/util/iptables.c: kill iptablesReloadRules()
This commit is contained in:
Mark McLoughlin 2009-12-10 11:27:18 +00:00
parent 3b3305d859
commit 4ecf9c653e
3 changed files with 3 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libvirt_private.syms
View File

@ -237,7 +237,6 @@ iptablesAddTcpInput;
iptablesAddUdpInput; iptablesAddUdpInput;
iptablesContextFree; iptablesContextFree;
iptablesContextNew; iptablesContextNew;
iptablesReloadRules;
iptablesRemoveForwardAllowCross; iptablesRemoveForwardAllowCross;
iptablesRemoveForwardAllowIn; iptablesRemoveForwardAllowIn;
iptablesRemoveForwardAllowOut; iptablesRemoveForwardAllowOut;

155
src/util/iptables.c
View File

@ -52,20 +52,10 @@ enum {
REMOVE REMOVE
}; };
typedef struct
{
char *rule;
const char **argv;
int command_idx;
} iptRule;
typedef struct typedef struct
{ {
char *table; char *table;
char *chain; char *chain;
int nrules;
iptRule *rules;
} iptRules; } iptRules;
struct _iptablesContext struct _iptablesContext
@ -75,83 +65,11 @@ struct _iptablesContext
iptRules *nat_postrouting; iptRules *nat_postrouting;
}; };
static void
iptRuleFree(iptRule *rule)
{
VIR_FREE(rule->rule);
if (rule->argv) {
int i = 0;
while (rule->argv[i])
VIR_FREE(rule->argv[i++]);
VIR_FREE(rule->argv);
}
}
static int
iptRulesAppend(iptRules *rules,
char *rule,
const char **argv,
int command_idx)
{
if (VIR_REALLOC_N(rules->rules, rules->nrules+1) < 0) {
int i = 0;
while (argv[i])
VIR_FREE(argv[i++]);
VIR_FREE(argv);
return ENOMEM;
}
rules->rules[rules->nrules].rule = rule;
rules->rules[rules->nrules].argv = argv;
rules->rules[rules->nrules].command_idx = command_idx;
rules->nrules++;
return 0;
}
static int
iptRulesRemove(iptRules *rules,
char *rule)
{
int i;
for (i = 0; i < rules->nrules; i++)
if (STREQ(rules->rules[i].rule, rule))
break;
if (i >= rules->nrules)
return EINVAL;
iptRuleFree(&rules->rules[i]);
memmove(&rules->rules[i],
&rules->rules[i+1],
(rules->nrules - i - 1) * sizeof (iptRule));
rules->nrules--;
return 0;
}
static void static void
iptRulesFree(iptRules *rules) iptRulesFree(iptRules *rules)
{ {
int i;
VIR_FREE(rules->table); VIR_FREE(rules->table);
VIR_FREE(rules->chain); VIR_FREE(rules->chain);
if (rules->rules) {
for (i = 0; i < rules->nrules; i++)
iptRuleFree(&rules->rules[i]);
VIR_FREE(rules->rules);
rules->nrules = 0;
}
VIR_FREE(rules); VIR_FREE(rules);
} }
@ -170,9 +88,6 @@ iptRulesNew(const char *table,
if (!(rules->chain = strdup(chain))) if (!(rules->chain = strdup(chain)))
goto error; goto error;
rules->rules = NULL;
rules->nrules = 0;
return rules; return rules;
error: error:
@ -186,9 +101,8 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
va_list args; va_list args;
int retval = ENOMEM; int retval = ENOMEM;
const char **argv; const char **argv;
char *rule = NULL;
const char *s; const char *s;
int n, command_idx; int n;
n = 1 + /* /sbin/iptables */ n = 1 + /* /sbin/iptables */
2 + /* --table foo */ 2 + /* --table foo */
@ -215,9 +129,7 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
if (!(argv[n++] = strdup(rules->table))) if (!(argv[n++] = strdup(rules->table)))
goto error; goto error;
command_idx = n; if (!(argv[n++] = strdup(action == ADD ? "--insert" : "--delete")))
if (!(argv[n++] = strdup("--insert")))
goto error; goto error;
if (!(argv[n++] = strdup(rules->chain))) if (!(argv[n++] = strdup(rules->chain)))
@ -234,31 +146,14 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
va_end(args); va_end(args);
if (!(rule = virArgvToString(&argv[command_idx])))
goto error;
if (action == REMOVE) {
VIR_FREE(argv[command_idx]);
if (!(argv[command_idx] = strdup("--delete")))
goto error;
}
if (virRun(NULL, argv, NULL) < 0) { if (virRun(NULL, argv, NULL) < 0) {
retval = errno; retval = errno;
goto error; goto error;
} }
if (action == ADD) { retval = 0;
retval = iptRulesAppend(rules, rule, argv, command_idx);
rule = NULL;
argv = NULL;
} else {
retval = iptRulesRemove(rules, rule);
}
error: error:
VIR_FREE(rule);
if (argv) { if (argv) {
n = 0; n = 0;
while (argv[n]) while (argv[n])
@ -318,50 +213,6 @@ iptablesContextFree(iptablesContext *ctx)
VIR_FREE(ctx); VIR_FREE(ctx);
} }
static void
iptRulesReload(iptRules *rules)
{
int i;
char ebuf[1024];
for (i = 0; i < rules->nrules; i++) {
iptRule *rule = &rules->rules[i];
const char *orig;
orig = rule->argv[rule->command_idx];
rule->argv[rule->command_idx] = (char *) "--delete";
if (virRun(NULL, rule->argv, NULL) < 0)
VIR_WARN(_("Failed to remove iptables rule '%s'"
" from chain '%s' in table '%s': %s"),
rule->rule, rules->chain, rules->table,
virStrerror(errno, ebuf, sizeof ebuf));
rule->argv[rule->command_idx] = orig;
}
for (i = 0; i < rules->nrules; i++)
if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
VIR_WARN(_("Failed to add iptables rule '%s'"
" to chain '%s' in table '%s': %s"),
rules->rules[i].rule, rules->chain, rules->table,
virStrerror(errno, ebuf, sizeof ebuf));
}
/**
* iptablesReloadRules:
* @ctx: pointer to the IP table context
*
* Reloads all the IP table rules associated to a context
*/
void
iptablesReloadRules(iptablesContext *ctx)
{
iptRulesReload(ctx->input_filter);
iptRulesReload(ctx->forward_filter);
iptRulesReload(ctx->nat_postrouting);
}
static int static int
iptablesInput(iptablesContext *ctx, iptablesInput(iptablesContext *ctx,
const char *iface, const char *iface,

2
src/util/iptables.h
View File

@ -27,8 +27,6 @@ typedef struct _iptablesContext iptablesContext;
iptablesContext *iptablesContextNew (void); iptablesContext *iptablesContextNew (void);
void iptablesContextFree (iptablesContext *ctx); void iptablesContextFree (iptablesContext *ctx);
void iptablesReloadRules (iptablesContext *ctx);
int iptablesAddTcpInput (iptablesContext *ctx, int iptablesAddTcpInput (iptablesContext *ctx,
const char *iface, const char *iface,
int port); int port);