util: add -w/--concurrent when applying a FirewallCmd rather than when building it

We will already need a separate function for virFirewallApplyCmd for
iptables vs. nftables, but the only reason for needing a separate
function for virFirewallAddCmd* is that iptables/ebtables need to have
an extra arg added for locking (to prevent multiple iptables commands
from running at the same time). We can just as well add in the
-w/--concurrent during virFirewallApplyCmd, so move the arg-add to
ApplyCmd to keep AddCmd simple.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Laine Stump 2024-04-19 22:19:42 -04:00
parent ad96ee74ce
commit 4ee30ecd57

View File

@ -213,20 +213,6 @@ virFirewallAddCmdFullV(virFirewall *firewall,
fwCmd->queryOpaque = opaque;
fwCmd->ignoreErrors = ignoreErrors;
switch (fwCmd->layer) {
case VIR_FIREWALL_LAYER_ETHERNET:
ADD_ARG(fwCmd, "--concurrent");
break;
case VIR_FIREWALL_LAYER_IPV4:
ADD_ARG(fwCmd, "-w");
break;
case VIR_FIREWALL_LAYER_IPV6:
ADD_ARG(fwCmd, "-w");
break;
case VIR_FIREWALL_LAYER_LAST:
break;
}
while ((str = va_arg(args, char *)) != NULL)
ADD_ARG(fwCmd, str);
@ -499,6 +485,19 @@ virFirewallApplyCmdDirect(virFirewallCmd *fwCmd,
cmd = virCommandNewArgList(bin, NULL);
/* lock to assure nobody else is messing with the tables while we are */
switch (fwCmd->layer) {
case VIR_FIREWALL_LAYER_ETHERNET:
virCommandAddArg(cmd, "--concurrent");
break;
case VIR_FIREWALL_LAYER_IPV4:
case VIR_FIREWALL_LAYER_IPV6:
virCommandAddArg(cmd, "-w");
break;
case VIR_FIREWALL_LAYER_LAST:
break;
}
for (i = 0; i < fwCmd->argsLen; i++)
virCommandAddArg(cmd, fwCmd->args[i]);