External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 11:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: new function virFirewallNewFromRollback()

Browse Source 
virFirewallNewFromRollback() creates a new virFirewall object that
contains a copy of the "rollback" commands from an existing
virFirewall object, but in reverse order. The intent is that this
virFirewall be saved and used later to remove the firewall rules that
were added for a network.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Laine Stump 2024-04-19 22:19:42 -04:00
parent d24b7501dc
commit b77b2fc314
3 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/libvirt_private.syms
View File

@ -2419,6 +2419,7 @@ virFirewallFree;
virFirewallGetBackend;
virFirewallGetName;
virFirewallNew;
virFirewallNewFromRollback;
virFirewallRemoveCmd;
virFirewallSetName;
virFirewallStartRollback;

59
src/util/virfirewall.c
View File

@ -768,3 +768,62 @@ virFirewallApply(virFirewall *firewall)
return 0;
}
/**
* virFirewallNewFromRollback:
* @original: the original virFirewall object containing the rollback
* of interest
* @fwRemoval: a firewall object that, when applied, will remove @original
*
* Copy the rollback rules from the current virFirewall object as a
* new virFirewall. This virFirewall can then be saved to apply later
* and counteract everything done by the original.
*
* Returns 0 on success, -1 on error
*/
int
virFirewallNewFromRollback(virFirewall *original,
virFirewall **fwRemoval)
{
size_t g;
g_autoptr(virFirewall) firewall = NULL;
if (original->err) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("error in original firewall object"));
return -1;
}
firewall = virFirewallNew(original->backend);
/* add the rollback commands in reverse order of actions/groups of
* what was applied in the original firewall.
*/
for (g = original->ngroups; g > 0; g--) {
size_t r;
virFirewallGroup *group = original->groups[g - 1];
if (group->nrollback == 0)
continue;
virFirewallStartTransaction(firewall, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
for (r = group->nrollback; r > 0; r--) {
size_t i;
virFirewallCmd *origCmd = group->rollback[r - 1];
virFirewallCmd *rbCmd = virFirewallAddCmd(firewall, origCmd->layer, NULL);
for (i = 0; i < origCmd->argsLen; i++)
ADD_ARG(rbCmd, origCmd->args[i]);
}
}
if (firewall->ngroups == 0)
VIR_DEBUG("original firewall object is empty");
else
*fwRemoval = g_steal_pointer(&firewall);
return 0;
}

1
src/util/virfirewall.h
View File

@ -44,6 +44,7 @@ typedef enum {
VIR_ENUM_DECL(virFirewallBackend);
virFirewall *virFirewallNew(virFirewallBackend backend);
int virFirewallNewFromRollback(virFirewall *original, virFirewall **fwRemoval);
void virFirewallFree(virFirewall *firewall);
virFirewallBackend virFirewallGetBackend(virFirewall *firewall);
const char *virFirewallGetName(virFirewall *firewall);