mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-02-02 09:55:18 +00:00
nwfilter: remove unneeded cleanup labels
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Daniel Henrique Barboza
Ján Tomko
parent
abd2899d73
commit
7868643275
@ -364,13 +364,12 @@ ebtablesHandleEthHdr(virFirewallPtr fw,
|
|||||||
{
|
{
|
||||||
char macaddr[VIR_MAC_STRING_BUFLEN];
|
char macaddr[VIR_MAC_STRING_BUFLEN];
|
||||||
char macmask[VIR_MAC_STRING_BUFLEN];
|
char macmask[VIR_MAC_STRING_BUFLEN];
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
if (HAS_ENTRY_ITEM(ðHdr->dataSrcMACAddr)) {
|
if (HAS_ENTRY_ITEM(ðHdr->dataSrcMACAddr)) {
|
||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
macaddr, sizeof(macaddr),
|
macaddr, sizeof(macaddr),
|
||||||
ðHdr->dataSrcMACAddr) < 0)
|
ðHdr->dataSrcMACAddr) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
reverse ? "-d" : "-s",
|
reverse ? "-d" : "-s",
|
||||||
@ -382,7 +381,7 @@ ebtablesHandleEthHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
macmask, sizeof(macmask),
|
macmask, sizeof(macmask),
|
||||||
ðHdr->dataSrcMACMask) < 0)
|
ðHdr->dataSrcMACMask) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgFormat(fw, fwrule,
|
virFirewallRuleAddArgFormat(fw, fwrule,
|
||||||
"%s/%s", macaddr, macmask);
|
"%s/%s", macaddr, macmask);
|
||||||
@ -395,7 +394,7 @@ ebtablesHandleEthHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
macaddr, sizeof(macaddr),
|
macaddr, sizeof(macaddr),
|
||||||
ðHdr->dataDstMACAddr) < 0)
|
ðHdr->dataDstMACAddr) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
reverse ? "-s" : "-d",
|
reverse ? "-s" : "-d",
|
||||||
@ -407,7 +406,7 @@ ebtablesHandleEthHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
macmask, sizeof(macmask),
|
macmask, sizeof(macmask),
|
||||||
ðHdr->dataDstMACMask) < 0)
|
ðHdr->dataDstMACMask) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgFormat(fw, fwrule,
|
virFirewallRuleAddArgFormat(fw, fwrule,
|
||||||
"%s/%s", macaddr, macmask);
|
"%s/%s", macaddr, macmask);
|
||||||
@ -416,9 +415,7 @@ ebtablesHandleEthHdr(virFirewallPtr fw,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = 0;
|
return 0;
|
||||||
cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -786,7 +783,6 @@ iptablesHandleSrcMacAddr(virFirewallPtr fw,
|
|||||||
bool *srcmacskipped)
|
bool *srcmacskipped)
|
||||||
{
|
{
|
||||||
char macaddr[VIR_MAC_STRING_BUFLEN];
|
char macaddr[VIR_MAC_STRING_BUFLEN];
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
*srcmacskipped = false;
|
*srcmacskipped = false;
|
||||||
|
|
||||||
@ -799,7 +795,7 @@ iptablesHandleSrcMacAddr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
macaddr, sizeof(macaddr),
|
macaddr, sizeof(macaddr),
|
||||||
srcMacAddr) < 0)
|
srcMacAddr) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
"-m", "mac",
|
"-m", "mac",
|
||||||
@ -812,9 +808,7 @@ iptablesHandleSrcMacAddr(virFirewallPtr fw,
|
|||||||
NULL);
|
NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = 0;
|
return 0;
|
||||||
cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -834,7 +828,6 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
const char *dst = "--destination";
|
const char *dst = "--destination";
|
||||||
const char *srcrange = "--src-range";
|
const char *srcrange = "--src-range";
|
||||||
const char *dstrange = "--dst-range";
|
const char *dstrange = "--dst-range";
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
if (directionIn) {
|
if (directionIn) {
|
||||||
src = "--destination";
|
src = "--destination";
|
||||||
@ -847,7 +840,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
ipaddr, sizeof(ipaddr),
|
ipaddr, sizeof(ipaddr),
|
||||||
&ipHdr->dataSrcIPAddr) < 0)
|
&ipHdr->dataSrcIPAddr) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataSrcIPAddr))
|
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataSrcIPAddr))
|
||||||
virFirewallRuleAddArg(fw, fwrule, "!");
|
virFirewallRuleAddArg(fw, fwrule, "!");
|
||||||
@ -858,7 +851,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
number, sizeof(number),
|
number, sizeof(number),
|
||||||
&ipHdr->dataSrcIPMask) < 0)
|
&ipHdr->dataSrcIPMask) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgFormat(fw, fwrule,
|
virFirewallRuleAddArgFormat(fw, fwrule,
|
||||||
"%s/%s", ipaddr, number);
|
"%s/%s", ipaddr, number);
|
||||||
@ -869,7 +862,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
ipaddr, sizeof(ipaddr),
|
ipaddr, sizeof(ipaddr),
|
||||||
&ipHdr->dataSrcIPFrom) < 0)
|
&ipHdr->dataSrcIPFrom) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
"-m", "iprange",
|
"-m", "iprange",
|
||||||
@ -883,7 +876,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
ipaddralt, sizeof(ipaddralt),
|
ipaddralt, sizeof(ipaddralt),
|
||||||
&ipHdr->dataSrcIPTo) < 0)
|
&ipHdr->dataSrcIPTo) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgFormat(fw, fwrule,
|
virFirewallRuleAddArgFormat(fw, fwrule,
|
||||||
"%s-%s", ipaddr, ipaddralt);
|
"%s-%s", ipaddr, ipaddralt);
|
||||||
@ -896,7 +889,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
ipaddr, sizeof(ipaddr),
|
ipaddr, sizeof(ipaddr),
|
||||||
&ipHdr->dataDstIPAddr) < 0)
|
&ipHdr->dataDstIPAddr) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataDstIPAddr))
|
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataDstIPAddr))
|
||||||
virFirewallRuleAddArg(fw, fwrule, "!");
|
virFirewallRuleAddArg(fw, fwrule, "!");
|
||||||
@ -906,7 +899,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
number, sizeof(number),
|
number, sizeof(number),
|
||||||
&ipHdr->dataDstIPMask) < 0)
|
&ipHdr->dataDstIPMask) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgFormat(fw, fwrule,
|
virFirewallRuleAddArgFormat(fw, fwrule,
|
||||||
"%s/%s", ipaddr, number);
|
"%s/%s", ipaddr, number);
|
||||||
@ -917,7 +910,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
ipaddr, sizeof(ipaddr),
|
ipaddr, sizeof(ipaddr),
|
||||||
&ipHdr->dataDstIPFrom) < 0)
|
&ipHdr->dataDstIPFrom) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
"-m", "iprange",
|
"-m", "iprange",
|
||||||
@ -930,7 +923,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
ipaddralt, sizeof(ipaddralt),
|
ipaddralt, sizeof(ipaddralt),
|
||||||
&ipHdr->dataDstIPTo) < 0)
|
&ipHdr->dataDstIPTo) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgFormat(fw, fwrule,
|
virFirewallRuleAddArgFormat(fw, fwrule,
|
||||||
"%s-%s", ipaddr, ipaddralt);
|
"%s-%s", ipaddr, ipaddralt);
|
||||||
@ -943,7 +936,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
number, sizeof(number),
|
number, sizeof(number),
|
||||||
&ipHdr->dataDSCP) < 0)
|
&ipHdr->dataDSCP) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
"-m", "dscp",
|
"-m", "dscp",
|
||||||
@ -964,9 +957,7 @@ iptablesHandleIPHdr(virFirewallPtr fw,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = 0;
|
return 0;
|
||||||
cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -980,7 +971,6 @@ iptablesHandleIPHdrAfterStateMatch(virFirewallPtr fw,
|
|||||||
char number[MAX(INT_BUFSIZE_BOUND(uint32_t),
|
char number[MAX(INT_BUFSIZE_BOUND(uint32_t),
|
||||||
INT_BUFSIZE_BOUND(int))];
|
INT_BUFSIZE_BOUND(int))];
|
||||||
char str[MAX_IPSET_NAME_LENGTH];
|
char str[MAX_IPSET_NAME_LENGTH];
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
if (HAS_ENTRY_ITEM(&ipHdr->dataIPSet) &&
|
if (HAS_ENTRY_ITEM(&ipHdr->dataIPSet) &&
|
||||||
HAS_ENTRY_ITEM(&ipHdr->dataIPSetFlags)) {
|
HAS_ENTRY_ITEM(&ipHdr->dataIPSetFlags)) {
|
||||||
@ -988,7 +978,7 @@ iptablesHandleIPHdrAfterStateMatch(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
str, sizeof(str),
|
str, sizeof(str),
|
||||||
&ipHdr->dataIPSet) < 0)
|
&ipHdr->dataIPSet) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
"-m", "set",
|
"-m", "set",
|
||||||
@ -998,7 +988,7 @@ iptablesHandleIPHdrAfterStateMatch(virFirewallPtr fw,
|
|||||||
if (printDataTypeDirection(vars,
|
if (printDataTypeDirection(vars,
|
||||||
str, sizeof(str),
|
str, sizeof(str),
|
||||||
&ipHdr->dataIPSetFlags, directionIn) < 0)
|
&ipHdr->dataIPSetFlags, directionIn) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArg(fw, fwrule, str);
|
virFirewallRuleAddArg(fw, fwrule, str);
|
||||||
}
|
}
|
||||||
@ -1008,7 +998,7 @@ iptablesHandleIPHdrAfterStateMatch(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
number, sizeof(number),
|
number, sizeof(number),
|
||||||
&ipHdr->dataConnlimitAbove) < 0)
|
&ipHdr->dataConnlimitAbove) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
/* place connlimit after potential -m state --state ...
|
/* place connlimit after potential -m state --state ...
|
||||||
since this is the most useful order */
|
since this is the most useful order */
|
||||||
@ -1032,9 +1022,7 @@ iptablesHandleIPHdrAfterStateMatch(virFirewallPtr fw,
|
|||||||
NULL);
|
NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = 0;
|
return 0;
|
||||||
cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1178,7 +1166,6 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
bool hasICMPType = false;
|
bool hasICMPType = false;
|
||||||
virFirewallRulePtr fwrule;
|
virFirewallRulePtr fwrule;
|
||||||
size_t fwruleargs;
|
size_t fwruleargs;
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
|
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
|
||||||
|
|
||||||
@ -1197,14 +1184,14 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.tcpHdrFilter.dataSrcMACAddr,
|
&rule->p.tcpHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.tcpHdrFilter.ipHdr,
|
&rule->p.tcpHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPFlags)) {
|
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPFlags)) {
|
||||||
char *flags;
|
char *flags;
|
||||||
@ -1213,11 +1200,11 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
virFirewallRuleAddArg(fw, fwrule, "--tcp-flags");
|
virFirewallRuleAddArg(fw, fwrule, "--tcp-flags");
|
||||||
|
|
||||||
if (!(flags = virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.mask)))
|
if (!(flags = virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.mask)))
|
||||||
goto cleanup;
|
return -1;
|
||||||
virFirewallRuleAddArg(fw, fwrule, flags);
|
virFirewallRuleAddArg(fw, fwrule, flags);
|
||||||
VIR_FREE(flags);
|
VIR_FREE(flags);
|
||||||
if (!(flags = virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.flags)))
|
if (!(flags = virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.flags)))
|
||||||
goto cleanup;
|
return -1;
|
||||||
virFirewallRuleAddArg(fw, fwrule, flags);
|
virFirewallRuleAddArg(fw, fwrule, flags);
|
||||||
VIR_FREE(flags);
|
VIR_FREE(flags);
|
||||||
}
|
}
|
||||||
@ -1226,13 +1213,13 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
vars,
|
vars,
|
||||||
&rule->p.tcpHdrFilter.portData,
|
&rule->p.tcpHdrFilter.portData,
|
||||||
directionIn) < 0)
|
directionIn) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPOption)) {
|
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPOption)) {
|
||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
number, sizeof(number),
|
number, sizeof(number),
|
||||||
&rule->p.tcpHdrFilter.dataTCPOption) < 0)
|
&rule->p.tcpHdrFilter.dataTCPOption) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (ENTRY_WANT_NEG_SIGN(&rule->p.tcpHdrFilter.dataTCPOption))
|
if (ENTRY_WANT_NEG_SIGN(&rule->p.tcpHdrFilter.dataTCPOption))
|
||||||
virFirewallRuleAddArg(fw, fwrule, "!");
|
virFirewallRuleAddArg(fw, fwrule, "!");
|
||||||
@ -1256,20 +1243,20 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.udpHdrFilter.dataSrcMACAddr,
|
&rule->p.udpHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.udpHdrFilter.ipHdr,
|
&rule->p.udpHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandlePortData(fw, fwrule,
|
if (iptablesHandlePortData(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.udpHdrFilter.portData,
|
&rule->p.udpHdrFilter.portData,
|
||||||
directionIn) < 0)
|
directionIn) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
|
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
|
||||||
@ -1286,14 +1273,14 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.udpliteHdrFilter.dataSrcMACAddr,
|
&rule->p.udpliteHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.udpliteHdrFilter.ipHdr,
|
&rule->p.udpliteHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1311,14 +1298,14 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.espHdrFilter.dataSrcMACAddr,
|
&rule->p.espHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.espHdrFilter.ipHdr,
|
&rule->p.espHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1336,14 +1323,14 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.ahHdrFilter.dataSrcMACAddr,
|
&rule->p.ahHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.ahHdrFilter.ipHdr,
|
&rule->p.ahHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1361,20 +1348,20 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.sctpHdrFilter.dataSrcMACAddr,
|
&rule->p.sctpHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.sctpHdrFilter.ipHdr,
|
&rule->p.sctpHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandlePortData(fw, fwrule,
|
if (iptablesHandlePortData(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.sctpHdrFilter.portData,
|
&rule->p.sctpHdrFilter.portData,
|
||||||
directionIn) < 0)
|
directionIn) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
|
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
|
||||||
@ -1397,14 +1384,14 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.icmpHdrFilter.dataSrcMACAddr,
|
&rule->p.icmpHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.icmpHdrFilter.ipHdr,
|
&rule->p.icmpHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPType)) {
|
if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPType)) {
|
||||||
const char *parm;
|
const char *parm;
|
||||||
@ -1413,8 +1400,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
|
|
||||||
if (maySkipICMP) {
|
if (maySkipICMP) {
|
||||||
virFirewallRemoveRule(fw, fwrule);
|
virFirewallRemoveRule(fw, fwrule);
|
||||||
ret = 0;
|
return 0;
|
||||||
goto cleanup;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP)
|
if (rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP)
|
||||||
@ -1425,7 +1411,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
number, sizeof(number),
|
number, sizeof(number),
|
||||||
&rule->p.icmpHdrFilter.dataICMPType) < 0)
|
&rule->p.icmpHdrFilter.dataICMPType) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (ENTRY_WANT_NEG_SIGN(&rule->p.icmpHdrFilter.dataICMPType))
|
if (ENTRY_WANT_NEG_SIGN(&rule->p.icmpHdrFilter.dataICMPType))
|
||||||
virFirewallRuleAddArg(fw, fwrule, "!");
|
virFirewallRuleAddArg(fw, fwrule, "!");
|
||||||
@ -1435,7 +1421,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
if (printDataType(vars,
|
if (printDataType(vars,
|
||||||
numberalt, sizeof(numberalt),
|
numberalt, sizeof(numberalt),
|
||||||
&rule->p.icmpHdrFilter.dataICMPCode) < 0)
|
&rule->p.icmpHdrFilter.dataICMPCode) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgFormat(fw, fwrule,
|
virFirewallRuleAddArgFormat(fw, fwrule,
|
||||||
"%s/%s", number, numberalt);
|
"%s/%s", number, numberalt);
|
||||||
@ -1458,14 +1444,14 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.igmpHdrFilter.dataSrcMACAddr,
|
&rule->p.igmpHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.igmpHdrFilter.ipHdr,
|
&rule->p.igmpHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1483,14 +1469,14 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
&rule->p.allHdrFilter.dataSrcMACAddr,
|
&rule->p.allHdrFilter.dataSrcMACAddr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&srcMacSkipped) < 0)
|
&srcMacSkipped) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
if (iptablesHandleIPHdr(fw, fwrule,
|
if (iptablesHandleIPHdr(fw, fwrule,
|
||||||
vars,
|
vars,
|
||||||
&rule->p.allHdrFilter.ipHdr,
|
&rule->p.allHdrFilter.ipHdr,
|
||||||
directionIn,
|
directionIn,
|
||||||
&skipRule, &skipMatch) < 0)
|
&skipRule, &skipMatch) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1498,7 +1484,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
virReportError(VIR_ERR_INTERNAL_ERROR,
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||||
_("Unexpected protocol %d"),
|
_("Unexpected protocol %d"),
|
||||||
rule->prtclType);
|
rule->prtclType);
|
||||||
goto cleanup;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((srcMacSkipped &&
|
if ((srcMacSkipped &&
|
||||||
@ -1537,14 +1523,12 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
vars,
|
vars,
|
||||||
&rule->p.allHdrFilter.ipHdr,
|
&rule->p.allHdrFilter.ipHdr,
|
||||||
directionIn) < 0)
|
directionIn) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
|
|
||||||
virFirewallRuleAddArgList(fw, fwrule,
|
virFirewallRuleAddArgList(fw, fwrule,
|
||||||
"-j", target, NULL);
|
"-j", target, NULL);
|
||||||
|
|
||||||
ret = 0;
|
return 0;
|
||||||
cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2475,8 +2459,6 @@ ebiptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
const char *ifname,
|
const char *ifname,
|
||||||
virNWFilterVarCombIterPtr vars)
|
virNWFilterVarCombIterPtr vars)
|
||||||
{
|
{
|
||||||
int ret = -1;
|
|
||||||
|
|
||||||
if (virNWFilterRuleIsProtocolEthernet(rule)) {
|
if (virNWFilterRuleIsProtocolEthernet(rule)) {
|
||||||
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
|
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
|
||||||
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
|
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
|
||||||
@ -2487,7 +2469,7 @@ ebiptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
ifname,
|
ifname,
|
||||||
vars,
|
vars,
|
||||||
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) < 0)
|
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_IN ||
|
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_IN ||
|
||||||
@ -2499,7 +2481,7 @@ ebiptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
ifname,
|
ifname,
|
||||||
vars,
|
vars,
|
||||||
false) < 0)
|
false) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
virFirewallLayer layer;
|
virFirewallLayer layer;
|
||||||
@ -2510,7 +2492,7 @@ ebiptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
} else {
|
} else {
|
||||||
virReportError(VIR_ERR_OPERATION_FAILED,
|
virReportError(VIR_ERR_OPERATION_FAILED,
|
||||||
"%s", _("unexpected protocol type"));
|
"%s", _("unexpected protocol type"));
|
||||||
goto cleanup;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (iptablesCreateRuleInstance(fw,
|
if (iptablesCreateRuleInstance(fw,
|
||||||
@ -2518,12 +2500,10 @@ ebiptablesCreateRuleInstance(virFirewallPtr fw,
|
|||||||
rule,
|
rule,
|
||||||
ifname,
|
ifname,
|
||||||
vars) < 0)
|
vars) < 0)
|
||||||
goto cleanup;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = 0;
|
return 0;
|
||||||
cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user