From 812b34fdd8649ea50a4b43a8e265fd978f23b69e Mon Sep 17 00:00:00 2001 From: Mark McLoughlin Date: Fri, 30 Mar 2007 16:24:13 +0000 Subject: [PATCH] Wed Mar 30 17:24:48 IST 2007 Mark McLoughlin * qemud/iptables.c: Re-factor things a little so that we maintain the rules in memory even when we're not going to write them to disk. --- ChangeLog | 6 ++++ qemud/iptables.c | 79 ++++++++++++++++++++++++++---------------------- 2 files changed, 49 insertions(+), 36 deletions(-) diff --git a/ChangeLog b/ChangeLog index d404a94dbe..e8bbc0a184 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Wed Mar 30 17:24:48 IST 2007 Mark McLoughlin + + * qemud/iptables.c: Re-factor things a little so that we + maintain the rules in memory even when we're not going + to write them to disk. + Wed Mar 30 17:21:08 IST 2007 Mark McLoughlin * qemud/iptables.c: Remove the target interface parameter diff --git a/qemud/iptables.c b/qemud/iptables.c index cbd2b8f345..1458b36c59 100644 --- a/qemud/iptables.c +++ b/qemud/iptables.c @@ -51,14 +51,14 @@ typedef struct char *table; char *chain; + int nrules; + char **rules; + #ifdef IPTABLES_DIR char dir[PATH_MAX]; char path[PATH_MAX]; - int nrules; - char **rules; - #endif /* IPTABLES_DIR */ } iptRules; @@ -171,13 +171,13 @@ buildPath(const char *table, else return 0; } +#endif /* IPTABLES_DIR */ static int iptRulesAppend(iptRules *rules, const char *rule) { char **r; - int err; if (!(r = (char **)realloc(rules->rules, sizeof(char *) * (rules->nrules+1)))) return ENOMEM; @@ -189,24 +189,29 @@ iptRulesAppend(iptRules *rules, rules->nrules++; - if ((err = ensureDir(rules->dir))) - return err; +#ifdef IPTABLES_DIR + { + int err; - if ((err = writeRules(rules->path, rules->rules, rules->nrules))) - return err; + if ((err = ensureDir(rules->dir))) + return err; + + if ((err = writeRules(rules->path, rules->rules, rules->nrules))) + return err; + } +#endif /* IPTABLES_DIR */ return 0; } static int iptRulesRemove(iptRules *rules, - const char *rule) + char *rule) { int i; - int err; for (i = 0; i < rules->nrules; i++) - if (!strcmp(rules->rules[i], rule)) + if (!strcmp(rules->rules[i], strdup(rule))) break; if (i >= rules->nrules) @@ -220,16 +225,23 @@ iptRulesRemove(iptRules *rules, rules->nrules--; - if ((err = writeRules(rules->path, rules->rules, rules->nrules))) - return err; +#ifdef IPTABLES_DIR + { + int err; + + if ((err = writeRules(rules->path, rules->rules, rules->nrules))) + return err; + } +#endif /* IPTABLES_DIR */ return 0; } -#endif /* IPTABLES_DIR */ static void iptRulesFree(iptRules *rules) { + int i; + if (rules->table) { free(rules->table); rules->table = NULL; @@ -240,25 +252,22 @@ iptRulesFree(iptRules *rules) rules->chain = NULL; } -#ifdef IPTABLES_DIR - { - int i; - rules->dir[0] = '\0'; - rules->path[0] = '\0'; - - for (i = 0; i < rules->nrules; i++) { - free(rules->rules[i]); - rules->rules[i] = NULL; - } - - rules->nrules = 0; - - if (rules->rules) { - free(rules->rules); - rules->rules = NULL; - } + for (i = 0; i < rules->nrules; i++) { + free(rules->rules[i]); + rules->rules[i] = NULL; } + + rules->nrules = 0; + + if (rules->rules) { + free(rules->rules); + rules->rules = NULL; + } + +#ifdef IPTABLES_DIR + rules->dir[0] = '\0'; + rules->path[0] = '\0'; #endif /* IPTABLES_DIR */ free(rules); @@ -279,15 +288,15 @@ iptRulesNew(const char *table, if (!(rules->chain = strdup(chain))) goto error; + rules->rules = NULL; + rules->nrules = 0; + #ifdef IPTABLES_DIR if (buildDir(table, rules->dir, sizeof(rules->dir))) goto error; if (buildPath(table, chain, rules->path, sizeof(rules->path))) goto error; - - rules->rules = NULL; - rules->nrules = 0; #endif /* IPTABLES_DIR */ return rules; @@ -464,12 +473,10 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...) (retval = iptablesAddRemoveChain(rules, action))) goto error; -#ifdef IPTABLES_DIR if (action == ADD) retval = iptRulesAppend(rules, rule); else retval = iptRulesRemove(rules, rule); -#endif /* IPTABLES_DIR */ error: if (rule)