Wed Mar 30 17:24:48 IST 2007 Mark McLoughlin <markmc@redhat.com>

* qemud/iptables.c: Re-factor things a little so that we
        maintain the rules in memory even when we're not going
        to write them to disk.
This commit is contained in:
Mark McLoughlin 2007-03-30 16:24:13 +00:00
parent 42d4b85d86
commit 812b34fdd8
2 changed files with 49 additions and 36 deletions

View File

@ -1,3 +1,9 @@
Wed Mar 30 17:24:48 IST 2007 Mark McLoughlin <markmc@redhat.com>
* qemud/iptables.c: Re-factor things a little so that we
maintain the rules in memory even when we're not going
to write them to disk.
Wed Mar 30 17:21:08 IST 2007 Mark McLoughlin <markmc@redhat.com> Wed Mar 30 17:21:08 IST 2007 Mark McLoughlin <markmc@redhat.com>
* qemud/iptables.c: Remove the target interface parameter * qemud/iptables.c: Remove the target interface parameter

View File

@ -51,14 +51,14 @@ typedef struct
char *table; char *table;
char *chain; char *chain;
int nrules;
char **rules;
#ifdef IPTABLES_DIR #ifdef IPTABLES_DIR
char dir[PATH_MAX]; char dir[PATH_MAX];
char path[PATH_MAX]; char path[PATH_MAX];
int nrules;
char **rules;
#endif /* IPTABLES_DIR */ #endif /* IPTABLES_DIR */
} iptRules; } iptRules;
@ -171,13 +171,13 @@ buildPath(const char *table,
else else
return 0; return 0;
} }
#endif /* IPTABLES_DIR */
static int static int
iptRulesAppend(iptRules *rules, iptRulesAppend(iptRules *rules,
const char *rule) const char *rule)
{ {
char **r; char **r;
int err;
if (!(r = (char **)realloc(rules->rules, sizeof(char *) * (rules->nrules+1)))) if (!(r = (char **)realloc(rules->rules, sizeof(char *) * (rules->nrules+1))))
return ENOMEM; return ENOMEM;
@ -189,24 +189,29 @@ iptRulesAppend(iptRules *rules,
rules->nrules++; rules->nrules++;
#ifdef IPTABLES_DIR
{
int err;
if ((err = ensureDir(rules->dir))) if ((err = ensureDir(rules->dir)))
return err; return err;
if ((err = writeRules(rules->path, rules->rules, rules->nrules))) if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
return err; return err;
}
#endif /* IPTABLES_DIR */
return 0; return 0;
} }
static int static int
iptRulesRemove(iptRules *rules, iptRulesRemove(iptRules *rules,
const char *rule) char *rule)
{ {
int i; int i;
int err;
for (i = 0; i < rules->nrules; i++) for (i = 0; i < rules->nrules; i++)
if (!strcmp(rules->rules[i], rule)) if (!strcmp(rules->rules[i], strdup(rule)))
break; break;
if (i >= rules->nrules) if (i >= rules->nrules)
@ -220,16 +225,23 @@ iptRulesRemove(iptRules *rules,
rules->nrules--; rules->nrules--;
#ifdef IPTABLES_DIR
{
int err;
if ((err = writeRules(rules->path, rules->rules, rules->nrules))) if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
return err; return err;
}
#endif /* IPTABLES_DIR */
return 0; return 0;
} }
#endif /* IPTABLES_DIR */
static void static void
iptRulesFree(iptRules *rules) iptRulesFree(iptRules *rules)
{ {
int i;
if (rules->table) { if (rules->table) {
free(rules->table); free(rules->table);
rules->table = NULL; rules->table = NULL;
@ -240,12 +252,6 @@ iptRulesFree(iptRules *rules)
rules->chain = NULL; rules->chain = NULL;
} }
#ifdef IPTABLES_DIR
{
int i;
rules->dir[0] = '\0';
rules->path[0] = '\0';
for (i = 0; i < rules->nrules; i++) { for (i = 0; i < rules->nrules; i++) {
free(rules->rules[i]); free(rules->rules[i]);
@ -258,7 +264,10 @@ iptRulesFree(iptRules *rules)
free(rules->rules); free(rules->rules);
rules->rules = NULL; rules->rules = NULL;
} }
}
#ifdef IPTABLES_DIR
rules->dir[0] = '\0';
rules->path[0] = '\0';
#endif /* IPTABLES_DIR */ #endif /* IPTABLES_DIR */
free(rules); free(rules);
@ -279,15 +288,15 @@ iptRulesNew(const char *table,
if (!(rules->chain = strdup(chain))) if (!(rules->chain = strdup(chain)))
goto error; goto error;
rules->rules = NULL;
rules->nrules = 0;
#ifdef IPTABLES_DIR #ifdef IPTABLES_DIR
if (buildDir(table, rules->dir, sizeof(rules->dir))) if (buildDir(table, rules->dir, sizeof(rules->dir)))
goto error; goto error;
if (buildPath(table, chain, rules->path, sizeof(rules->path))) if (buildPath(table, chain, rules->path, sizeof(rules->path)))
goto error; goto error;
rules->rules = NULL;
rules->nrules = 0;
#endif /* IPTABLES_DIR */ #endif /* IPTABLES_DIR */
return rules; return rules;
@ -464,12 +473,10 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
(retval = iptablesAddRemoveChain(rules, action))) (retval = iptablesAddRemoveChain(rules, action)))
goto error; goto error;
#ifdef IPTABLES_DIR
if (action == ADD) if (action == ADD)
retval = iptRulesAppend(rules, rule); retval = iptRulesAppend(rules, rule);
else else
retval = iptRulesRemove(rules, rule); retval = iptRulesRemove(rules, rule);
#endif /* IPTABLES_DIR */
error: error:
if (rule) if (rule)