1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-11 09:17:52 +03:00

Replace virNetworkObjPtr with virNetworkDefPtr in network platform APIs

The networkCheckRouteCollision, networkAddFirewallRules and
networkRemoveFirewallRules APIs all take a virNetworkObjPtr
instance, but only ever access the 'def' member. It thus
simplifies testing if the APIs are changed to just take a
virNetworkDefPtr instead

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2014-03-19 16:56:35 +00:00
parent a66fc27d89
commit c13a952f69
4 changed files with 128 additions and 128 deletions

View File

@ -1650,8 +1650,8 @@ networkReloadFirewallRules(virNetworkDriverStatePtr driver)
/* Only the three L3 network types that are configured by libvirt
* need to have iptables rules reloaded.
*/
networkRemoveFirewallRules(network);
if (networkAddFirewallRules(network) < 0) {
networkRemoveFirewallRules(network->def);
if (networkAddFirewallRules(network->def) < 0) {
/* failed to add but already logged */
}
}
@ -1833,7 +1833,7 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
int tapfd = -1;
/* Check to see if any network IP collides with an existing route */
if (networkCheckRouteCollision(network) < 0)
if (networkCheckRouteCollision(network->def) < 0)
return -1;
/* Create and configure the bridge device */
@ -1882,7 +1882,7 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
goto err1;
/* Add "once per network" rules */
if (networkAddFirewallRules(network) < 0)
if (networkAddFirewallRules(network->def) < 0)
goto err1;
for (i = 0;
@ -1975,7 +1975,7 @@ networkStartNetworkVirtual(virNetworkDriverStatePtr driver,
err2:
if (!save_err)
save_err = virSaveLastError();
networkRemoveFirewallRules(network);
networkRemoveFirewallRules(network->def);
err1:
if (!save_err)
@ -2029,7 +2029,7 @@ static int networkShutdownNetworkVirtual(virNetworkDriverStatePtr driver ATTRIBU
ignore_value(virNetDevSetOnline(network->def->bridge, 0));
networkRemoveFirewallRules(network);
networkRemoveFirewallRules(network->def);
ignore_value(virNetDevBridgeDelete(network->def->bridge));
@ -2897,7 +2897,7 @@ networkUpdate(virNetworkPtr net,
* old rules (and remember to load new ones after the
* update).
*/
networkRemoveFirewallRules(network);
networkRemoveFirewallRules(network->def);
needFirewallRefresh = true;
break;
default:
@ -2909,11 +2909,11 @@ networkUpdate(virNetworkPtr net,
/* update the network config in memory/on disk */
if (virNetworkObjUpdate(network, command, section, parentIndex, xml, flags) < 0) {
if (needFirewallRefresh)
ignore_value(networkAddFirewallRules(network));
ignore_value(networkAddFirewallRules(network->def));
goto cleanup;
}
if (needFirewallRefresh && networkAddFirewallRules(network) < 0)
if (needFirewallRefresh && networkAddFirewallRules(network->def) < 0)
goto cleanup;
if (flags & VIR_NETWORK_UPDATE_AFFECT_CONFIG) {

View File

@ -40,7 +40,7 @@ VIR_LOG_INIT("network.bridge_driver_linux");
* other scenarios where we can ruin host network connectivity.
* XXX: Using a proper library is preferred over parsing /proc
*/
int networkCheckRouteCollision(virNetworkObjPtr network)
int networkCheckRouteCollision(virNetworkDefPtr def)
{
int ret = 0, len;
char *cur, *buf = NULL;
@ -100,7 +100,7 @@ int networkCheckRouteCollision(virNetworkObjPtr network)
addr_val &= mask_val;
for (i = 0;
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_INET, i));
(ipdef = virNetworkDefGetIpByIndex(def, AF_INET, i));
i++) {
unsigned int net_dest;
@ -108,7 +108,7 @@ int networkCheckRouteCollision(virNetworkObjPtr network)
if (virNetworkIpDefNetmask(ipdef, &netmask) < 0) {
VIR_WARN("Failed to get netmask of '%s'",
network->def->bridge);
def->bridge);
continue;
}
@ -136,16 +136,16 @@ static const char networkLocalBroadcast[] = "255.255.255.255/32";
static int
networkAddMasqueradingFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network,
virNetworkDefPtr def,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
const char *forwardIf = virNetworkDefForwardIf(network->def, 0);
const char *forwardIf = virNetworkDefForwardIf(def, 0);
if (prefix < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Invalid prefix or netmask for '%s'"),
network->def->bridge);
def->bridge);
return -1;
}
@ -153,7 +153,7 @@ networkAddMasqueradingFirewallRules(virFirewallPtr fw,
if (iptablesAddForwardAllowOut(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
@ -163,7 +163,7 @@ networkAddMasqueradingFirewallRules(virFirewallPtr fw,
if (iptablesAddForwardAllowRelatedIn(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
@ -204,8 +204,8 @@ networkAddMasqueradingFirewallRules(virFirewallPtr fw,
&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
&def->forward.addr,
&def->forward.port,
NULL) < 0)
return -1;
@ -214,8 +214,8 @@ networkAddMasqueradingFirewallRules(virFirewallPtr fw,
&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
&def->forward.addr,
&def->forward.port,
"udp") < 0)
return -1;
@ -224,8 +224,8 @@ networkAddMasqueradingFirewallRules(virFirewallPtr fw,
&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
&def->forward.addr,
&def->forward.port,
"tcp") < 0)
return -1;
@ -250,11 +250,11 @@ networkAddMasqueradingFirewallRules(virFirewallPtr fw,
static int
networkRemoveMasqueradingFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network,
virNetworkDefPtr def,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
const char *forwardIf = virNetworkDefForwardIf(network->def, 0);
const char *forwardIf = virNetworkDefForwardIf(def, 0);
if (prefix < 0)
return 0;
@ -277,8 +277,8 @@ networkRemoveMasqueradingFirewallRules(virFirewallPtr fw,
&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
&def->forward.addr,
&def->forward.port,
"tcp") < 0)
return -1;
@ -286,8 +286,8 @@ networkRemoveMasqueradingFirewallRules(virFirewallPtr fw,
&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
&def->forward.addr,
&def->forward.port,
"udp") < 0)
return -1;
@ -295,22 +295,22 @@ networkRemoveMasqueradingFirewallRules(virFirewallPtr fw,
&ipdef->address,
prefix,
forwardIf,
&network->def->forward.addr,
&network->def->forward.port,
&def->forward.addr,
&def->forward.port,
NULL) < 0)
return -1;
if (iptablesRemoveForwardAllowRelatedIn(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
if (iptablesRemoveForwardAllowOut(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
@ -320,16 +320,16 @@ networkRemoveMasqueradingFirewallRules(virFirewallPtr fw,
static int
networkAddRoutingFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network,
virNetworkDefPtr def,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
const char *forwardIf = virNetworkDefForwardIf(network->def, 0);
const char *forwardIf = virNetworkDefForwardIf(def, 0);
if (prefix < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Invalid prefix or netmask for '%s'"),
network->def->bridge);
def->bridge);
return -1;
}
@ -337,7 +337,7 @@ networkAddRoutingFirewallRules(virFirewallPtr fw,
if (iptablesAddForwardAllowOut(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
@ -345,7 +345,7 @@ networkAddRoutingFirewallRules(virFirewallPtr fw,
if (iptablesAddForwardAllowIn(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
@ -355,11 +355,11 @@ networkAddRoutingFirewallRules(virFirewallPtr fw,
static int
networkRemoveRoutingFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network,
virNetworkDefPtr def,
virNetworkIpDefPtr ipdef)
{
int prefix = virNetworkIpDefPrefix(ipdef);
const char *forwardIf = virNetworkDefForwardIf(network->def, 0);
const char *forwardIf = virNetworkDefForwardIf(def, 0);
if (prefix < 0)
return 0;
@ -367,14 +367,14 @@ networkRemoveRoutingFirewallRules(virFirewallPtr fw,
if (iptablesRemoveForwardAllowIn(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
if (iptablesRemoveForwardAllowOut(fw,
&ipdef->address,
prefix,
network->def->bridge,
def->bridge,
forwardIf) < 0)
return -1;
@ -384,7 +384,7 @@ networkRemoveRoutingFirewallRules(virFirewallPtr fw,
static void
networkAddGeneralIPv4FirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
size_t i;
virNetworkIpDefPtr ipv4def;
@ -392,60 +392,60 @@ networkAddGeneralIPv4FirewallRules(virFirewallPtr fw,
/* First look for first IPv4 address that has dhcp or tftpboot defined. */
/* We support dhcp config on 1 IPv4 interface only. */
for (i = 0;
(ipv4def = virNetworkDefGetIpByIndex(network->def, AF_INET, i));
(ipv4def = virNetworkDefGetIpByIndex(def, AF_INET, i));
i++) {
if (ipv4def->nranges || ipv4def->nhosts || ipv4def->tftproot)
break;
}
/* allow DHCP requests through to dnsmasq */
iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 67);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 67);
iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 68);
iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
/* allow DNS requests through to dnsmasq */
iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 53);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 53);
iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
/* allow TFTP requests through to dnsmasq if necessary */
if (ipv4def && ipv4def->tftproot)
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 69);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
/* Catch all rules to block forwarding to/from bridges */
iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge);
iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge);
iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
/* Allow traffic between guests on the same bridge */
iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge);
iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
}
static void
networkRemoveGeneralIPv4FirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
size_t i;
virNetworkIpDefPtr ipv4def;
for (i = 0;
(ipv4def = virNetworkDefGetIpByIndex(network->def, AF_INET, i));
(ipv4def = virNetworkDefGetIpByIndex(def, AF_INET, i));
i++) {
if (ipv4def->nranges || ipv4def->nhosts || ipv4def->tftproot)
break;
}
iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge);
iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge);
iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge);
iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
if (ipv4def && ipv4def->tftproot)
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 69);
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 53);
iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 53);
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 68);
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 67);
iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, network->def->bridge, 67);
iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
}
@ -456,73 +456,73 @@ networkRemoveGeneralIPv4FirewallRules(virFirewallPtr fw,
*/
static void
networkAddGeneralIPv6FirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0) &&
!network->def->ipv6nogw) {
if (!virNetworkDefGetIpByIndex(def, AF_INET6, 0) &&
!def->ipv6nogw) {
return;
}
/* Catch all rules to block forwarding to/from bridges */
iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge);
iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge);
iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
/* Allow traffic between guests on the same bridge */
iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge);
iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
if (virNetworkDefGetIpByIndex(network->def, AF_INET6, 0)) {
if (virNetworkDefGetIpByIndex(def, AF_INET6, 0)) {
/* allow DNS over IPv6 */
iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge, 53);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge, 53);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge, 547);
iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547);
}
}
static void
networkRemoveGeneralIPv6FirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
if (!virNetworkDefGetIpByIndex(network->def, AF_INET6, 0) &&
!network->def->ipv6nogw) {
if (!virNetworkDefGetIpByIndex(def, AF_INET6, 0) &&
!def->ipv6nogw) {
return;
}
if (virNetworkDefGetIpByIndex(network->def, AF_INET6, 0)) {
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge, 547);
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge, 53);
iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge, 53);
if (virNetworkDefGetIpByIndex(def, AF_INET6, 0)) {
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547);
iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
}
/* the following rules are there if no IPv6 address has been defined
* but network->def->ipv6nogw == true
* but def->ipv6nogw == true
*/
iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge);
iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge);
iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, network->def->bridge);
iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
}
static void
networkAddGeneralFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
networkAddGeneralIPv4FirewallRules(fw, network);
networkAddGeneralIPv6FirewallRules(fw, network);
networkAddGeneralIPv4FirewallRules(fw, def);
networkAddGeneralIPv6FirewallRules(fw, def);
}
static void
networkRemoveGeneralFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
networkRemoveGeneralIPv4FirewallRules(fw, network);
networkRemoveGeneralIPv6FirewallRules(fw, network);
networkRemoveGeneralIPv4FirewallRules(fw, def);
networkRemoveGeneralIPv6FirewallRules(fw, def);
}
static void
networkAddChecksumFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
size_t i;
virNetworkIpDefPtr ipv4def;
@ -530,7 +530,7 @@ networkAddChecksumFirewallRules(virFirewallPtr fw,
/* First look for first IPv4 address that has dhcp or tftpboot defined. */
/* We support dhcp config on 1 IPv4 interface only. */
for (i = 0;
(ipv4def = virNetworkDefGetIpByIndex(network->def, AF_INET, i));
(ipv4def = virNetworkDefGetIpByIndex(def, AF_INET, i));
i++) {
if (ipv4def->nranges || ipv4def->nhosts)
break;
@ -542,13 +542,13 @@ networkAddChecksumFirewallRules(virFirewallPtr fw,
* aborting, since not all iptables implementations support it).
*/
if (ipv4def)
iptablesAddOutputFixUdpChecksum(fw, network->def->bridge, 68);
iptablesAddOutputFixUdpChecksum(fw, def->bridge, 68);
}
static void
networkRemoveChecksumFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network)
virNetworkDefPtr def)
{
size_t i;
virNetworkIpDefPtr ipv4def;
@ -556,33 +556,33 @@ networkRemoveChecksumFirewallRules(virFirewallPtr fw,
/* First look for first IPv4 address that has dhcp or tftpboot defined. */
/* We support dhcp config on 1 IPv4 interface only. */
for (i = 0;
(ipv4def = virNetworkDefGetIpByIndex(network->def, AF_INET, i));
(ipv4def = virNetworkDefGetIpByIndex(def, AF_INET, i));
i++) {
if (ipv4def->nranges || ipv4def->nhosts)
break;
}
if (ipv4def)
iptablesRemoveOutputFixUdpChecksum(fw, network->def->bridge, 68);
iptablesRemoveOutputFixUdpChecksum(fw, def->bridge, 68);
}
static int
networkAddIpSpecificFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network,
virNetworkDefPtr def,
virNetworkIpDefPtr ipdef)
{
/* NB: in the case of IPv6, routing rules are added when the
* forward mode is NAT. This is because IPv6 has no NAT.
*/
if (network->def->forward.type == VIR_NETWORK_FORWARD_NAT) {
if (def->forward.type == VIR_NETWORK_FORWARD_NAT) {
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET))
return networkAddMasqueradingFirewallRules(fw, network, ipdef);
return networkAddMasqueradingFirewallRules(fw, def, ipdef);
else if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6))
return networkAddRoutingFirewallRules(fw, network, ipdef);
} else if (network->def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
return networkAddRoutingFirewallRules(fw, network, ipdef);
return networkAddRoutingFirewallRules(fw, def, ipdef);
} else if (def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
return networkAddRoutingFirewallRules(fw, def, ipdef);
}
return 0;
}
@ -590,23 +590,23 @@ networkAddIpSpecificFirewallRules(virFirewallPtr fw,
static int
networkRemoveIpSpecificFirewallRules(virFirewallPtr fw,
virNetworkObjPtr network,
virNetworkDefPtr def,
virNetworkIpDefPtr ipdef)
{
if (network->def->forward.type == VIR_NETWORK_FORWARD_NAT) {
if (def->forward.type == VIR_NETWORK_FORWARD_NAT) {
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET))
return networkRemoveMasqueradingFirewallRules(fw, network, ipdef);
return networkRemoveMasqueradingFirewallRules(fw, def, ipdef);
else if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6))
return networkRemoveRoutingFirewallRules(fw, network, ipdef);
} else if (network->def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
return networkRemoveRoutingFirewallRules(fw, network, ipdef);
return networkRemoveRoutingFirewallRules(fw, def, ipdef);
} else if (def->forward.type == VIR_NETWORK_FORWARD_ROUTE) {
return networkRemoveRoutingFirewallRules(fw, def, ipdef);
}
return 0;
}
/* Add all rules for all ip addresses (and general rules) on a network */
int networkAddFirewallRules(virNetworkObjPtr network)
int networkAddFirewallRules(virNetworkDefPtr def)
{
size_t i;
virNetworkIpDefPtr ipdef;
@ -617,27 +617,27 @@ int networkAddFirewallRules(virNetworkObjPtr network)
virFirewallStartTransaction(fw, 0);
networkAddGeneralFirewallRules(fw, network);
networkAddGeneralFirewallRules(fw, def);
for (i = 0;
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, i));
(ipdef = virNetworkDefGetIpByIndex(def, AF_UNSPEC, i));
i++) {
if (networkAddIpSpecificFirewallRules(fw, network, ipdef) < 0)
if (networkAddIpSpecificFirewallRules(fw, def, ipdef) < 0)
goto cleanup;
}
virFirewallStartRollback(fw, 0);
for (i = 0;
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, i));
(ipdef = virNetworkDefGetIpByIndex(def, AF_UNSPEC, i));
i++) {
if (networkRemoveIpSpecificFirewallRules(fw, network, ipdef) < 0)
if (networkRemoveIpSpecificFirewallRules(fw, def, ipdef) < 0)
goto cleanup;
}
networkRemoveGeneralFirewallRules(fw, network);
networkRemoveGeneralFirewallRules(fw, def);
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
networkAddChecksumFirewallRules(fw, network);
networkAddChecksumFirewallRules(fw, def);
if (virFirewallApply(fw) < 0)
goto cleanup;
@ -649,7 +649,7 @@ int networkAddFirewallRules(virNetworkObjPtr network)
}
/* Remove all rules for all ip addresses (and general rules) on a network */
void networkRemoveFirewallRules(virNetworkObjPtr network)
void networkRemoveFirewallRules(virNetworkDefPtr def)
{
size_t i;
virNetworkIpDefPtr ipdef;
@ -658,17 +658,17 @@ void networkRemoveFirewallRules(virNetworkObjPtr network)
fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
networkRemoveChecksumFirewallRules(fw, network);
networkRemoveChecksumFirewallRules(fw, def);
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
for (i = 0;
(ipdef = virNetworkDefGetIpByIndex(network->def, AF_UNSPEC, i));
(ipdef = virNetworkDefGetIpByIndex(def, AF_UNSPEC, i));
i++) {
if (networkRemoveIpSpecificFirewallRules(fw, network, ipdef) < 0)
if (networkRemoveIpSpecificFirewallRules(fw, def, ipdef) < 0)
goto cleanup;
}
networkRemoveGeneralFirewallRules(fw, network);
networkRemoveGeneralFirewallRules(fw, def);
virFirewallApply(fw);

View File

@ -21,16 +21,16 @@
#include <config.h>
int networkCheckRouteCollision(virNetworkObjPtr network ATTRIBUTE_UNUSED)
int networkCheckRouteCollision(virNetworkDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
int networkAddFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED)
int networkAddFirewallRules(virNetworkDefPtr def ATTRIBUTE_UNUSED)
{
return 0;
}
void networkRemoveFirewallRules(virNetworkObjPtr network ATTRIBUTE_UNUSED)
void networkRemoveFirewallRules(virNetworkDefPtr def ATTRIBUTE_UNUSED)
{
}

View File

@ -50,10 +50,10 @@ struct _virNetworkDriverState {
typedef struct _virNetworkDriverState virNetworkDriverState;
typedef virNetworkDriverState *virNetworkDriverStatePtr;
int networkCheckRouteCollision(virNetworkObjPtr network);
int networkCheckRouteCollision(virNetworkDefPtr def);
int networkAddFirewallRules(virNetworkObjPtr network);
int networkAddFirewallRules(virNetworkDefPtr def);
void networkRemoveFirewallRules(virNetworkObjPtr network);
void networkRemoveFirewallRules(virNetworkDefPtr def);
#endif /* __VIR_BRIDGE_DRIVER_PLATFORM_H__ */