From nobody Mon Feb 9 17:58:04 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639338560; cv=none; d=zohomail.com; s=zohoarc; b=KGJNXCKr6iaEHi05UBkY6RAmRknPzAbS0EMQ/i24ceS4SBZH9915pM2gFgfPoflE2IL+Swic05vVjl9TOS1isHa768kH4SjLsFA2H+1WeIsaesvT/Bmz6kS2TuWz3KIduU/DrRDrl+uv67ZfDvFR28kfvfwYAEtWcVfv3oD0JBg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639338560; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ENMw32m/MWBPKnms3a4hTqIwyR0KJfyMxcvKnZocm9M=; b=X5AKLJ9ZsfCz7AzsI3J34GO2RBXG79InIXPXzSe3HafSn0rLbL89cL+SAtp7UHlLYvFEG9TdiZywuZ4+XJH63i2yaC1QY/TnJDIvfDwdcmPXDU/E7bzNCgsOMqfbQZ6/CNq1BrMcrp9qOVmgVHkB+QTIoEoY2bGyio5gc9/svvU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1639338560646914.5297408276915; Sun, 12 Dec 2021 11:49:20 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-250-mFzlEQgPPNOk6h4s2ZLiPA-1; Sun, 12 Dec 2021 14:48:59 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B11188042E0; Sun, 12 Dec 2021 19:48:54 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9389D22E02; Sun, 12 Dec 2021 19:48:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 66BF84A7C9; Sun, 12 Dec 2021 19:48:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1BCJmYqT018836 for ; Sun, 12 Dec 2021 14:48:34 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8015B5BE03; Sun, 12 Dec 2021 19:48:34 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.2.16.52]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4B0BF5D6D7 for ; Sun, 12 Dec 2021 19:48:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639338559; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ENMw32m/MWBPKnms3a4hTqIwyR0KJfyMxcvKnZocm9M=; b=M77gpgZ9/AELfE3GSat3t0RXssfYL0DfblM3wmhTpsqR7ct+CHuJlWRASlKlNJKensaBTD QH/gBlcSqlY7kywVvJN00JX69gn1Lx9cJYXfK6+TjPvgtHl14v3pw1cwb1nCVFzACoGXgf Em9vVITh4Ld1oXg4MBR6aoKCsZHuYLw= X-MC-Unique: mFzlEQgPPNOk6h4s2ZLiPA-1 From: Laine Stump To: libvir-list@redhat.com Subject: [libvirt PATCH 02/12] util: rename/move iptablesFormatNetwork to virSocketAddrFormatWithPrefix Date: Sun, 12 Dec 2021 14:48:20 -0500 Message-Id: <20211212194830.292379-3-laine@redhat.com> In-Reply-To: <20211212194830.292379-1-laine@redhat.com> References: <20211212194830.292379-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639338561094100001 Content-Type: text/plain; charset="utf-8" This function formats an address + prefix as, e.g. 192.168.122.0/24, which is useful in places other than iptables. Move it to virsocketaddr.c and make it public so that others can use it. While moving, the bit that masks off the host bits of the address is made optional, so that the function is more generally useful. Signed-off-by: Laine Stump --- src/libvirt_private.syms | 1 + src/util/viriptables.c | 41 +++++-------------------------------- src/util/virsocketaddr.c | 44 ++++++++++++++++++++++++++++++++++++++++ src/util/virsocketaddr.h | 3 +++ 4 files changed, 53 insertions(+), 36 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ff6f71054e..72b38a970d 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -3269,6 +3269,7 @@ virSocketAddrCheckNetmask; virSocketAddrEqual; virSocketAddrFormat; virSocketAddrFormatFull; +virSocketAddrFormatWithPrefix; virSocketAddrGetIPPrefix; virSocketAddrGetNumNetmaskBits; virSocketAddrGetPath; diff --git a/src/util/viriptables.c b/src/util/viriptables.c index ac949efba7..78d979cfe8 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -353,37 +353,6 @@ iptablesRemoveUdpOutput(virFirewall *fw, } =20 =20 -static char *iptablesFormatNetwork(virSocketAddr *netaddr, - unsigned int prefix) -{ - virSocketAddr network; - g_autofree char *netstr =3D NULL; - char *ret; - - if (!(VIR_SOCKET_ADDR_IS_FAMILY(netaddr, AF_INET) || - VIR_SOCKET_ADDR_IS_FAMILY(netaddr, AF_INET6))) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("Only IPv4 or IPv6 addresses can be used with ipt= ables")); - return NULL; - } - - if (virSocketAddrMaskByPrefix(netaddr, prefix, &network) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Failure to mask address")); - return NULL; - } - - netstr =3D virSocketAddrFormat(&network); - - if (!netstr) - return NULL; - - ret =3D g_strdup_printf("%s/%d", netstr, prefix); - - return ret; -} - - /* Allow all traffic coming from the bridge, with a valid network address * to proceed to WAN */ @@ -399,7 +368,7 @@ iptablesForwardAllowOut(virFirewall *fw, virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; =20 - if (!(networkstr =3D iptablesFormatNetwork(netaddr, prefix))) + if (!(networkstr =3D virSocketAddrFormatWithPrefix(netaddr, prefix, tr= ue))) return -1; =20 if (physdev && physdev[0]) @@ -487,7 +456,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; g_autofree char *networkstr =3D NULL; =20 - if (!(networkstr =3D iptablesFormatNetwork(netaddr, prefix))) + if (!(networkstr =3D virSocketAddrFormatWithPrefix(netaddr, prefix, tr= ue))) return -1; =20 if (physdev && physdev[0]) @@ -577,7 +546,7 @@ iptablesForwardAllowIn(virFirewall *fw, VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; g_autofree char *networkstr =3D NULL; =20 - if (!(networkstr =3D iptablesFormatNetwork(netaddr, prefix))) + if (!(networkstr =3D virSocketAddrFormatWithPrefix(netaddr, prefix, tr= ue))) return -1; =20 if (physdev && physdev[0]) @@ -829,7 +798,7 @@ iptablesForwardMasquerade(virFirewall *fw, virFirewallLayer layer =3D af =3D=3D AF_INET ? VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; =20 - if (!(networkstr =3D iptablesFormatNetwork(netaddr, prefix))) + if (!(networkstr =3D virSocketAddrFormatWithPrefix(netaddr, prefix, tr= ue))) return -1; =20 if (VIR_SOCKET_ADDR_IS_FAMILY(&addr->start, af)) { @@ -972,7 +941,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; =20 - if (!(networkstr =3D iptablesFormatNetwork(netaddr, prefix))) + if (!(networkstr =3D virSocketAddrFormatWithPrefix(netaddr, prefix, tr= ue))) return -1; =20 if (physdev && physdev[0]) diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c index 94cbfc6264..430e43f2eb 100644 --- a/src/util/virsocketaddr.c +++ b/src/util/virsocketaddr.c @@ -511,6 +511,50 @@ virSocketAddrFormatFull(const virSocketAddr *addr, } =20 =20 +/* + * virSocketAddrFormatWithPrefix: + * @addr: an initialized virSocketAddr * + * @prefix: an IP network prefix (0-32 if IPv4, 0-128 if IPv6) + * @masked: true to mask off the host bits of the address + * + * Returns a string representation of the IP network described by + * @netaddr/@prefix. If @masked is true, the address is masked to + * remove the host bits according to prefix. So, for example, sending + * f(1.2.3.4, 24, true) would return "1.2.3.0/24", but f(1.2.3.4, 24, + * false) would return "1.2.3.4/24". + * + * returns false on failure (and logs an error message) + */ +char * +virSocketAddrFormatWithPrefix(virSocketAddr *addr, + unsigned int prefix, + bool masked) +{ + virSocketAddr network; + g_autofree char *netstr =3D NULL; + + if (!(VIR_SOCKET_ADDR_IS_FAMILY(addr, AF_INET) || + VIR_SOCKET_ADDR_IS_FAMILY(addr, AF_INET6))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Only IPv4 or IPv6 addresses can be used with a p= refix")); + return NULL; + } + + if (masked && virSocketAddrMaskByPrefix(addr, prefix, &network) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Failure to mask address")); + return NULL; + } + + netstr =3D virSocketAddrFormat(&network); + + if (!netstr) + return NULL; + + return g_strdup_printf("%s/%d", netstr, prefix); +} + + /* * virSocketAddrSetPort: * @addr: an initialized virSocketAddr * diff --git a/src/util/virsocketaddr.h b/src/util/virsocketaddr.h index f76e229730..ec265d6e44 100644 --- a/src/util/virsocketaddr.h +++ b/src/util/virsocketaddr.h @@ -88,6 +88,9 @@ char *virSocketAddrFormat(const virSocketAddr *addr); char *virSocketAddrFormatFull(const virSocketAddr *addr, bool withService, const char *separator); +char *virSocketAddrFormatWithPrefix(virSocketAddr *addr, + unsigned int prefix, + bool masked); =20 char *virSocketAddrGetPath(virSocketAddr *addr); =20 --=20 2.33.1