Use the actual names of chains in data structure

Use the name of the chain rather than its type index (enum). This pushes the later enablement of chains with user-given names into the XML parser. For now we still only allow those names that are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6'). Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2025-03-20 06:50:22 +03:00 · 2011-11-18 11:58:17 -05:00 · 2011-11-18 11:58:17 -05:00 · 19028ad6dc
commit 19028ad6dc
parent 4a410218a0
4 changed files with 21 additions and 12 deletions
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@ -309,6 +309,7 @@ virNWFilterDefFree(virNWFilterDefPtr def) {
        virNWFilterEntryFree(def->filterEntries[i]);

    VIR_FREE(def->filterEntries);
+    VIR_FREE(def->chainsuffix);

    VIR_FREE(def);
 }
@ -2027,21 +2028,28 @@ virNWFilterDefParseXML(xmlXPathContextPtr ctxt) {
        goto cleanup;
    }

-    ret->chainsuffix = VIR_NWFILTER_CHAINSUFFIX_ROOT;
    chain = virXPathString("string(./@chain)", ctxt);
    if (chain) {
-        if ((ret->chainsuffix =
-             virNWFilterChainSuffixTypeFromString(chain)) < 0) {
+        if (virNWFilterChainSuffixTypeFromString(chain) < 0) {
            virNWFilterReportError(VIR_ERR_INTERNAL_ERROR,
                                   _("unknown chain suffix '%s'"), chain);
            goto cleanup;
        }
+        ret->chainsuffix = chain;
        /* assign an implicit priority -- support XML attribute later */
        if (!intMapGetByString(chain_priorities, chain, 0,
                               &ret->chainPriority)) {
            ret->chainPriority = (NWFILTER_MAX_FILTER_PRIORITY +
                                  NWFILTER_MIN_FILTER_PRIORITY) / 2;
        }
+        chain = NULL;
+    } else {
+        ret->chainsuffix = strdup(virNWFilterChainSuffixTypeToString(
+                                  VIR_NWFILTER_CHAINSUFFIX_ROOT));
+        if (ret->chainsuffix == NULL) {
+            virReportOOMError();
+            goto cleanup;
+        }
    }

    uuid = virXPathString("string(./uuid)", ctxt);
@ -2843,7 +2851,7 @@ virNWFilterDefFormat(virNWFilterDefPtr def)

    virBufferAsprintf(&buf, "<filter name='%s' chain='%s'",
                      def->name,
-                      virNWFilterChainSuffixTypeToString(def->chainsuffix));
+                      def->chainsuffix);
    virBufferAddLit(&buf, ">\n");

    virUUIDFormat(def->uuid, uuid);
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@ -455,7 +455,7 @@ struct _virNWFilterDef {
    char *name;
    unsigned char uuid[VIR_UUID_BUFLEN];

-    int chainsuffix; /*enum virNWFilterChainSuffixType */
+    char *chainsuffix;
    virNWFilterChainPriority chainPriority;

    int nentries;
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@ -385,7 +385,7 @@ ebiptablesRuleInstFree(ebiptablesRuleInstPtr inst)
 static int
 ebiptablesAddRuleInst(virNWFilterRuleInstPtr res,
                      char *commandTemplate,
-                      enum virNWFilterChainSuffixType neededChain,
+                      const char *neededChain,
                      virNWFilterChainPriority chainPriority,
                      char chainprefix,
                      unsigned int priority,
@ -1961,11 +1961,13 @@ ebtablesCreateRuleInstance(char chainPrefix,
        goto err_exit;
    }

-    if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
+    if (STREQ(nwfilter->chainsuffix,
+              virNWFilterChainSuffixTypeToString(
+                  VIR_NWFILTER_CHAINSUFFIX_ROOT)))
        PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
    else
        PRINT_CHAIN(chain, chainPrefix, ifname,
-                    virNWFilterChainSuffixTypeToString(nwfilter->chainsuffix));
+                    nwfilter->chainsuffix);


    switch (rule->prtclType) {
@ -2532,7 +2534,7 @@ ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED,
    ebiptablesRuleInstPtr inst = (ebiptablesRuleInstPtr)_inst;
    VIR_INFO("Command Template: '%s', Needed protocol: '%s'",
             inst->commandTemplate,
-             virNWFilterChainSuffixTypeToString(inst->neededProtocolChain));
+             inst->neededProtocolChain);
    return 0;
 }

@ -3350,8 +3352,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED,
    for (i = 0; i < nruleInstances; i++) {
        sa_assert (inst);
        if (inst[i]->ruleType == RT_EBTABLES) {
-            const char *name = virNWFilterChainSuffixTypeToString(
-                                      inst[i]->neededProtocolChain);
+            const char *name = inst[i]->neededProtocolChain;
            if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP) {
                if (virHashUpdateEntry(chains_in_set, name,
                                       &inst[i]->chainPriority)) {
--- a/src/nwfilter/nwfilter_ebiptables_driver.h
+++ b/src/nwfilter/nwfilter_ebiptables_driver.h
@ -35,7 +35,7 @@ typedef struct _ebiptablesRuleInst ebiptablesRuleInst;
 typedef ebiptablesRuleInst *ebiptablesRuleInstPtr;
 struct _ebiptablesRuleInst {
    char *commandTemplate;
-    enum virNWFilterChainSuffixType neededProtocolChain;
+    const char *neededProtocolChain;
    virNWFilterChainPriority chainPriority;
    char chainprefix;    /* I for incoming, O for outgoing */
    unsigned int priority;