1. Patchew
  2. Libvirt
  3. View series

[libvirt PATCH 00/12] Clean up cruft in firewall/iptables code (in preparation for nftables)

Laine Stump posted 12 patches 2 years, 4 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20211212194830.292379-1-laine@redhat.com
src/libvirt_private.syms          |   5 +-
src/network/bridge_driver_linux.c |  37 +--
src/util/virfirewall.c            | 143 +----------
src/util/virfirewall.h            |   2 -
src/util/virfirewalld.c           |  43 ++++
src/util/virfirewalld.h           |   2 +
src/util/virfirewallpriv.h        |  37 ---
src/util/viriptables.c            | 207 +++++++---------
src/util/viriptables.h            |   2 -
src/util/virsocketaddr.c          |  44 ++++
src/util/virsocketaddr.h          |   3 +
tests/networkxml2firewalltest.c   |  14 +-
tests/nwfilterebiptablestest.c    |   7 -
tests/nwfilterxml2firewalltest.c  |   8 +-
tests/virfirewalltest.c           | 390 ++++--------------------------
15 files changed, 247 insertions(+), 697 deletions(-)
delete mode 100644 src/util/virfirewallpriv.h
[libvirt PATCH 00/12] Clean up cruft in firewall/iptables code (in preparation for nftables)
Posted by Laine Stump 2 years, 4 months ago 
These patches make no functional change, they just remove a bunch of
cruft that accumulated over the years and is no longer needed.

This is all in advance of adding support for native nftable support,
but there is nothing nftables-specific being added here; I just wanted
to get these cleanups out of way now so that the eventual nftables
support patchset is smaller and less complicated.

(NB: the concept of a "firewall backend" is being removed here,
implying that it will no longer exist. This is not true, but the way
that it will exist in the future will be different (per-firewall
object rather than per-process) so almost all of the existing code
won't be applicable anyway.)

Laine Stump (12):
  network: eliminate code that uses default iptables chains
  util: rename/move iptablesFormatNetwork to
    virSocketAddrFormatWithPrefix
  util: rename iptables operators to something less generic
  tests: remove firewalld backend tests from virfirewalltest.c
  tests: remove unnecessary ret variables and cleanup labels
  tests: document why virgdbus must be mocked in
    networkxml2firewalltest.c
  util: eliminate pointless switch in virFirewallApplyRule
  util: simplify virFirewallBackendSynchronize()
  util: move and rename virFirewallBackendSynchronize()
  util: remove check for iptables binary during virFirewallInit
  util: remove currentBackend from virfirewall.c
  util: remove virFirewallOnceInit()

 src/libvirt_private.syms          |   5 +-
 src/network/bridge_driver_linux.c |  37 +--
 src/util/virfirewall.c            | 143 +----------
 src/util/virfirewall.h            |   2 -
 src/util/virfirewalld.c           |  43 ++++
 src/util/virfirewalld.h           |   2 +
 src/util/virfirewallpriv.h        |  37 ---
 src/util/viriptables.c            | 207 +++++++---------
 src/util/viriptables.h            |   2 -
 src/util/virsocketaddr.c          |  44 ++++
 src/util/virsocketaddr.h          |   3 +
 tests/networkxml2firewalltest.c   |  14 +-
 tests/nwfilterebiptablestest.c    |   7 -
 tests/nwfilterxml2firewalltest.c  |   8 +-
 tests/virfirewalltest.c           | 390 ++++--------------------------
 15 files changed, 247 insertions(+), 697 deletions(-)
 delete mode 100644 src/util/virfirewallpriv.h

-- 
2.33.1
Re: [libvirt PATCH 00/12] Clean up cruft in firewall/iptables code (in preparation for nftables)
Posted by Michal Prívozník 2 years, 4 months ago 
On 12/12/21 20:48, Laine Stump wrote:
> These patches make no functional change, they just remove a bunch of
> cruft that accumulated over the years and is no longer needed.
> 
> This is all in advance of adding support for native nftable support,
> but there is nothing nftables-specific being added here; I just wanted
> to get these cleanups out of way now so that the eventual nftables
> support patchset is smaller and less complicated.
> 
> (NB: the concept of a "firewall backend" is being removed here,
> implying that it will no longer exist. This is not true, but the way
> that it will exist in the future will be different (per-firewall
> object rather than per-process) so almost all of the existing code
> won't be applicable anyway.)
> 
> Laine Stump (12):
>   network: eliminate code that uses default iptables chains
>   util: rename/move iptablesFormatNetwork to
>     virSocketAddrFormatWithPrefix
>   util: rename iptables operators to something less generic
>   tests: remove firewalld backend tests from virfirewalltest.c
>   tests: remove unnecessary ret variables and cleanup labels
>   tests: document why virgdbus must be mocked in
>     networkxml2firewalltest.c
>   util: eliminate pointless switch in virFirewallApplyRule
>   util: simplify virFirewallBackendSynchronize()
>   util: move and rename virFirewallBackendSynchronize()
>   util: remove check for iptables binary during virFirewallInit
>   util: remove currentBackend from virfirewall.c
>   util: remove virFirewallOnceInit()
> 
>  src/libvirt_private.syms          |   5 +-
>  src/network/bridge_driver_linux.c |  37 +--
>  src/util/virfirewall.c            | 143 +----------
>  src/util/virfirewall.h            |   2 -
>  src/util/virfirewalld.c           |  43 ++++
>  src/util/virfirewalld.h           |   2 +
>  src/util/virfirewallpriv.h        |  37 ---
>  src/util/viriptables.c            | 207 +++++++---------
>  src/util/viriptables.h            |   2 -
>  src/util/virsocketaddr.c          |  44 ++++
>  src/util/virsocketaddr.h          |   3 +
>  tests/networkxml2firewalltest.c   |  14 +-
>  tests/nwfilterebiptablestest.c    |   7 -
>  tests/nwfilterxml2firewalltest.c  |   8 +-
>  tests/virfirewalltest.c           | 390 ++++--------------------------
>  15 files changed, 247 insertions(+), 697 deletions(-)
>  delete mode 100644 src/util/virfirewallpriv.h
> 

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Michal

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.