These toplevel functions have no iptables-specific code, except that
they each call a lower-level internal function that *is* iptables
specific. As a preparation to supporting use of either iptables or
nftables, rename these functions from iptablesXXX to virNetfilterXXX.
Signed-off-by: Laine Stump <laine@redhat.com>
---
src/libvirt_private.syms | 48 +++---
src/network/bridge_driver_linux.c | 124 +++++++-------
src/util/viriptables.c | 260 +++++++++++++++---------------
src/util/viriptables.h | 96 +++++------
4 files changed, 264 insertions(+), 264 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 73cccf38a1..9f3868bbac 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2547,33 +2547,33 @@ virInitctlSetRunLevel;
# util/viriptables.h
-iptablesAddDontMasquerade;
-iptablesAddForwardAllowCross;
-iptablesAddForwardAllowIn;
-iptablesAddForwardAllowOut;
-iptablesAddForwardAllowRelatedIn;
-iptablesAddForwardMasquerade;
-iptablesAddForwardRejectIn;
-iptablesAddForwardRejectOut;
iptablesAddOutputFixUdpChecksum;
-iptablesAddTcpInput;
-iptablesAddTcpOutput;
-iptablesAddUdpInput;
-iptablesAddUdpOutput;
-iptablesRemoveDontMasquerade;
-iptablesRemoveForwardAllowCross;
-iptablesRemoveForwardAllowIn;
-iptablesRemoveForwardAllowOut;
-iptablesRemoveForwardAllowRelatedIn;
-iptablesRemoveForwardMasquerade;
-iptablesRemoveForwardRejectIn;
-iptablesRemoveForwardRejectOut;
iptablesRemoveOutputFixUdpChecksum;
-iptablesRemoveTcpInput;
-iptablesRemoveTcpOutput;
-iptablesRemoveUdpInput;
-iptablesRemoveUdpOutput;
iptablesSetupPrivateChains;
+virNetfilterAddDontMasquerade;
+virNetfilterAddForwardAllowCross;
+virNetfilterAddForwardAllowIn;
+virNetfilterAddForwardAllowOut;
+virNetfilterAddForwardAllowRelatedIn;
+virNetfilterAddForwardMasquerade;
+virNetfilterAddForwardRejectIn;
+virNetfilterAddForwardRejectOut;
+virNetfilterAddTcpInput;
+virNetfilterAddTcpOutput;
+virNetfilterAddUdpInput;
+virNetfilterAddUdpOutput;
+virNetfilterRemoveDontMasquerade;
+virNetfilterRemoveForwardAllowCross;
+virNetfilterRemoveForwardAllowIn;
+virNetfilterRemoveForwardAllowOut;
+virNetfilterRemoveForwardAllowRelatedIn;
+virNetfilterRemoveForwardMasquerade;
+virNetfilterRemoveForwardRejectIn;
+virNetfilterRemoveForwardRejectOut;
+virNetfilterRemoveTcpInput;
+virNetfilterRemoveTcpOutput;
+virNetfilterRemoveUdpInput;
+virNetfilterRemoveUdpOutput;
# util/viriscsi.h
diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index 1ef5b9d917..da7d78a40a 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -322,7 +322,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw,
}
/* allow forwarding packets from the bridge interface */
- if (iptablesAddForwardAllowOut(fw,
+ if (virNetfilterAddForwardAllowOut(fw,
&ipdef->address,
prefix,
def->bridge,
@@ -332,7 +332,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw,
/* allow forwarding packets to the bridge interface if they are
* part of an existing connection
*/
- if (iptablesAddForwardAllowRelatedIn(fw,
+ if (virNetfilterAddForwardAllowRelatedIn(fw,
&ipdef->address,
prefix,
def->bridge,
@@ -372,7 +372,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw,
*/
/* First the generic masquerade rule for other protocols */
- if (iptablesAddForwardMasquerade(fw,
+ if (virNetfilterAddForwardMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -382,7 +382,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw,
return -1;
/* UDP with a source port restriction */
- if (iptablesAddForwardMasquerade(fw,
+ if (virNetfilterAddForwardMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -392,7 +392,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw,
return -1;
/* TCP with a source port restriction */
- if (iptablesAddForwardMasquerade(fw,
+ if (virNetfilterAddForwardMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -403,7 +403,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw,
/* exempt local network broadcast address as destination */
if (isIPv4 &&
- iptablesAddDontMasquerade(fw,
+ virNetfilterAddDontMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -411,7 +411,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw,
return -1;
/* exempt local multicast range as destination */
- if (iptablesAddDontMasquerade(fw,
+ if (virNetfilterAddDontMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -434,7 +434,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw,
if (prefix < 0)
return 0;
- if (iptablesRemoveDontMasquerade(fw,
+ if (virNetfilterRemoveDontMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -443,14 +443,14 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw,
return -1;
if (isIPv4 &&
- iptablesRemoveDontMasquerade(fw,
+ virNetfilterRemoveDontMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
networkLocalBroadcast) < 0)
return -1;
- if (iptablesRemoveForwardMasquerade(fw,
+ if (virNetfilterRemoveForwardMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -459,7 +459,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw,
"tcp") < 0)
return -1;
- if (iptablesRemoveForwardMasquerade(fw,
+ if (virNetfilterRemoveForwardMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -468,7 +468,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw,
"udp") < 0)
return -1;
- if (iptablesRemoveForwardMasquerade(fw,
+ if (virNetfilterRemoveForwardMasquerade(fw,
&ipdef->address,
prefix,
forwardIf,
@@ -477,14 +477,14 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw,
NULL) < 0)
return -1;
- if (iptablesRemoveForwardAllowRelatedIn(fw,
+ if (virNetfilterRemoveForwardAllowRelatedIn(fw,
&ipdef->address,
prefix,
def->bridge,
forwardIf) < 0)
return -1;
- if (iptablesRemoveForwardAllowOut(fw,
+ if (virNetfilterRemoveForwardAllowOut(fw,
&ipdef->address,
prefix,
def->bridge,
@@ -511,7 +511,7 @@ networkAddRoutingFirewallRules(virFirewall *fw,
}
/* allow routing packets from the bridge interface */
- if (iptablesAddForwardAllowOut(fw,
+ if (virNetfilterAddForwardAllowOut(fw,
&ipdef->address,
prefix,
def->bridge,
@@ -519,7 +519,7 @@ networkAddRoutingFirewallRules(virFirewall *fw,
return -1;
/* allow routing packets to the bridge interface */
- if (iptablesAddForwardAllowIn(fw,
+ if (virNetfilterAddForwardAllowIn(fw,
&ipdef->address,
prefix,
def->bridge,
@@ -541,14 +541,14 @@ networkRemoveRoutingFirewallRules(virFirewall *fw,
if (prefix < 0)
return 0;
- if (iptablesRemoveForwardAllowIn(fw,
+ if (virNetfilterRemoveForwardAllowIn(fw,
&ipdef->address,
prefix,
def->bridge,
forwardIf) < 0)
return -1;
- if (iptablesRemoveForwardAllowOut(fw,
+ if (virNetfilterRemoveForwardAllowOut(fw,
&ipdef->address,
prefix,
def->bridge,
@@ -576,29 +576,29 @@ networkAddGeneralIPv4FirewallRules(virFirewall *fw,
}
/* allow DHCP requests through to dnsmasq & back out */
- iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
- iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
- iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
- iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
+ virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
+ virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
+ virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
+ virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
/* allow DNS requests through to dnsmasq & back out */
- iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
- iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
- iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
- iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
/* allow TFTP requests through to dnsmasq if necessary & back out */
if (ipv4def && ipv4def->tftproot) {
- iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
- iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
+ virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
+ virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
}
/* Catch all rules to block forwarding to/from bridges */
- iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
- iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
+ virNetfilterAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
+ virNetfilterAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
/* Allow traffic between guests on the same bridge */
- iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
+ virNetfilterAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
}
static void
@@ -615,24 +615,24 @@ networkRemoveGeneralIPv4FirewallRules(virFirewall *fw,
break;
}
- iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
- iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
- iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
+ virNetfilterRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
+ virNetfilterRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
+ virNetfilterRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge);
if (ipv4def && ipv4def->tftproot) {
- iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
- iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
+ virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
+ virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69);
}
- iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
- iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
- iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
- iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
+ virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53);
- iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
- iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
- iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
- iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
+ virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
+ virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68);
+ virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
+ virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67);
}
@@ -651,21 +651,21 @@ networkAddGeneralIPv6FirewallRules(virFirewall *fw,
}
/* Catch all rules to block forwarding to/from bridges */
- iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
- iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
+ virNetfilterAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
+ virNetfilterAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
/* Allow traffic between guests on the same bridge */
- iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
+ virNetfilterAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
if (virNetworkDefGetIPByIndex(def, AF_INET6, 0)) {
/* allow DNS over IPv6 & back out */
- iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
- iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
- iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
- iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
/* allow DHCPv6 & back out */
- iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547);
- iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546);
+ virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547);
+ virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546);
}
}
@@ -679,20 +679,20 @@ networkRemoveGeneralIPv6FirewallRules(virFirewall *fw,
}
if (virNetworkDefGetIPByIndex(def, AF_INET6, 0)) {
- iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546);
- iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547);
- iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
- iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
- iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
- iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546);
+ virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547);
+ virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
+ virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53);
}
/* the following rules are there if no IPv6 address has been defined
* but def->ipv6nogw == true
*/
- iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
- iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
- iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
+ virNetfilterRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
+ virNetfilterRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
+ virNetfilterRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge);
}
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 018021bc1b..8db5bb3e4b 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -198,7 +198,7 @@ iptablesOutput(virFirewall *fw,
}
/**
- * iptablesAddTcpInput:
+ * virNetfilterAddTcpInput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the TCP port to add
@@ -207,16 +207,16 @@ iptablesOutput(virFirewall *fw,
* the given @iface interface for TCP packets
*/
void
-iptablesAddTcpInput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterAddTcpInput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1);
}
/**
- * iptablesRemoveTcpInput:
+ * virNetfilterRemoveTcpInput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the TCP port to remove
@@ -225,16 +225,16 @@ iptablesAddTcpInput(virFirewall *fw,
* @port on the given @iface interface for TCP packets
*/
void
-iptablesRemoveTcpInput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterRemoveTcpInput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1);
}
/**
- * iptablesAddUdpInput:
+ * virNetfilterAddUdpInput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the UDP port to add
@@ -243,16 +243,16 @@ iptablesRemoveTcpInput(virFirewall *fw,
* the given @iface interface for UDP packets
*/
void
-iptablesAddUdpInput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterAddUdpInput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0);
}
/**
- * iptablesRemoveUdpInput:
+ * virNetfilterRemoveUdpInput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the UDP port to remove
@@ -261,16 +261,16 @@ iptablesAddUdpInput(virFirewall *fw,
* @port on the given @iface interface for UDP packets
*/
void
-iptablesRemoveUdpInput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterRemoveUdpInput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0);
}
/**
- * iptablesAddTcpOutput:
+ * virNetfilterAddTcpOutput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the TCP port to add
@@ -279,16 +279,16 @@ iptablesRemoveUdpInput(virFirewall *fw,
* the given @iface interface for TCP packets
*/
void
-iptablesAddTcpOutput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterAddTcpOutput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1);
}
/**
- * iptablesRemoveTcpOutput:
+ * virNetfilterRemoveTcpOutput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the UDP port to remove
@@ -297,16 +297,16 @@ iptablesAddTcpOutput(virFirewall *fw,
* @port from the given @iface interface for TCP packets
*/
void
-iptablesRemoveTcpOutput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterRemoveTcpOutput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1);
}
/**
- * iptablesAddUdpOutput:
+ * virNetfilterAddUdpOutput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the UDP port to add
@@ -315,16 +315,16 @@ iptablesRemoveTcpOutput(virFirewall *fw,
* the given @iface interface for UDP packets
*/
void
-iptablesAddUdpOutput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterAddUdpOutput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0);
}
/**
- * iptablesRemoveUdpOutput:
+ * virNetfilterRemoveUdpOutput:
* @ctx: pointer to the IP table context
* @iface: the interface name
* @port: the UDP port to remove
@@ -333,10 +333,10 @@ iptablesAddUdpOutput(virFirewall *fw,
* @port from the given @iface interface for UDP packets
*/
void
-iptablesRemoveUdpOutput(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port)
+virNetfilterRemoveUdpOutput(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface,
+ int port)
{
iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0);
}
@@ -384,7 +384,7 @@ iptablesForwardAllowOut(virFirewall *fw,
}
/**
- * iptablesAddForwardAllowOut:
+ * virNetfilterAddForwardAllowOut:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the source interface name
@@ -397,18 +397,18 @@ iptablesForwardAllowOut(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardAllowOut(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+virNetfilterAddForwardAllowOut(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
{
return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev,
VIR_NETFILTER_INSERT);
}
/**
- * iptablesRemoveForwardAllowOut:
+ * virNetfilterRemoveForwardAllowOut:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the source interface name
@@ -421,11 +421,11 @@ iptablesAddForwardAllowOut(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardAllowOut(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+virNetfilterRemoveForwardAllowOut(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
{
return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev,
VIR_NETFILTER_DELETE);
@@ -478,7 +478,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw,
}
/**
- * iptablesAddForwardAllowRelatedIn:
+ * virNetfilterAddForwardAllowRelatedIn:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the output interface name
@@ -491,18 +491,18 @@ iptablesForwardAllowRelatedIn(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+virNetfilterAddForwardAllowRelatedIn(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
{
return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev,
VIR_NETFILTER_INSERT);
}
/**
- * iptablesRemoveForwardAllowRelatedIn:
+ * virNetfilterRemoveForwardAllowRelatedIn:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the output interface name
@@ -515,11 +515,11 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+virNetfilterRemoveForwardAllowRelatedIn(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
{
return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev,
VIR_NETFILTER_DELETE);
@@ -565,7 +565,7 @@ iptablesForwardAllowIn(virFirewall *fw,
}
/**
- * iptablesAddForwardAllowIn:
+ * virNetfilterAddForwardAllowIn:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the output interface name
@@ -578,18 +578,18 @@ iptablesForwardAllowIn(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardAllowIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+virNetfilterAddForwardAllowIn(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
{
return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev,
VIR_NETFILTER_INSERT);
}
/**
- * iptablesRemoveForwardAllowIn:
+ * virNetfilterRemoveForwardAllowIn:
* @ctx: pointer to the IP table context
* @network: the source network name
* @iface: the output interface name
@@ -602,11 +602,11 @@ iptablesAddForwardAllowIn(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardAllowIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+virNetfilterRemoveForwardAllowIn(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
{
return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev,
VIR_NETFILTER_DELETE);
@@ -629,7 +629,7 @@ iptablesForwardAllowCross(virFirewall *fw,
}
/**
- * iptablesAddForwardAllowCross:
+ * virNetfilterAddForwardAllowCross:
* @ctx: pointer to the IP table context
* @iface: the input/output interface name
*
@@ -640,15 +640,15 @@ iptablesForwardAllowCross(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
void
-iptablesAddForwardAllowCross(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface)
+virNetfilterAddForwardAllowCross(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface)
{
iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_INSERT);
}
/**
- * iptablesRemoveForwardAllowCross:
+ * virNetfilterRemoveForwardAllowCross:
* @ctx: pointer to the IP table context
* @iface: the input/output interface name
*
@@ -659,9 +659,9 @@ iptablesAddForwardAllowCross(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
void
-iptablesRemoveForwardAllowCross(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface)
+virNetfilterRemoveForwardAllowCross(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface)
{
iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_DELETE);
}
@@ -682,7 +682,7 @@ iptablesForwardRejectOut(virFirewall *fw,
}
/**
- * iptablesAddForwardRejectOut:
+ * virNetfilterAddForwardRejectOut:
* @ctx: pointer to the IP table context
* @iface: the output interface name
*
@@ -692,15 +692,15 @@ iptablesForwardRejectOut(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
void
-iptablesAddForwardRejectOut(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface)
+virNetfilterAddForwardRejectOut(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface)
{
iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_INSERT);
}
/**
- * iptablesRemoveForwardRejectOut:
+ * virNetfilterRemoveForwardRejectOut:
* @ctx: pointer to the IP table context
* @iface: the output interface name
*
@@ -710,9 +710,9 @@ iptablesAddForwardRejectOut(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
void
-iptablesRemoveForwardRejectOut(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface)
+virNetfilterRemoveForwardRejectOut(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface)
{
iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_DELETE);
}
@@ -734,7 +734,7 @@ iptablesForwardRejectIn(virFirewall *fw,
}
/**
- * iptablesAddForwardRejectIn:
+ * virNetfilterAddForwardRejectIn:
* @ctx: pointer to the IP table context
* @iface: the input interface name
*
@@ -744,15 +744,15 @@ iptablesForwardRejectIn(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
void
-iptablesAddForwardRejectIn(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface)
+virNetfilterAddForwardRejectIn(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface)
{
iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_INSERT);
}
/**
- * iptablesRemoveForwardRejectIn:
+ * virNetfilterRemoveForwardRejectIn:
* @ctx: pointer to the IP table context
* @iface: the input interface name
*
@@ -762,9 +762,9 @@ iptablesAddForwardRejectIn(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
void
-iptablesRemoveForwardRejectIn(virFirewall *fw,
- virFirewallLayer layer,
- const char *iface)
+virNetfilterRemoveForwardRejectIn(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface)
{
iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_DELETE);
}
@@ -869,7 +869,7 @@ iptablesForwardMasquerade(virFirewall *fw,
}
/**
- * iptablesAddForwardMasquerade:
+ * virNetfilterAddForwardMasquerade:
* @ctx: pointer to the IP table context
* @network: the source network name
* @physdev: the physical input device or NULL
@@ -882,13 +882,13 @@ iptablesForwardMasquerade(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesAddForwardMasquerade(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- virSocketAddrRange *addr,
- virPortRange *port,
- const char *protocol)
+virNetfilterAddForwardMasquerade(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
+ virSocketAddrRange *addr,
+ virPortRange *port,
+ const char *protocol)
{
return iptablesForwardMasquerade(fw, netaddr, prefix,
physdev, addr, port, protocol,
@@ -896,7 +896,7 @@ iptablesAddForwardMasquerade(virFirewall *fw,
}
/**
- * iptablesRemoveForwardMasquerade:
+ * virNetfilterRemoveForwardMasquerade:
* @ctx: pointer to the IP table context
* @network: the source network name
* @physdev: the physical input device or NULL
@@ -909,13 +909,13 @@ iptablesAddForwardMasquerade(virFirewall *fw,
* Returns 0 in case of success or an error code otherwise
*/
int
-iptablesRemoveForwardMasquerade(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- virSocketAddrRange *addr,
- virPortRange *port,
- const char *protocol)
+virNetfilterRemoveForwardMasquerade(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
+ virSocketAddrRange *addr,
+ virPortRange *port,
+ const char *protocol)
{
return iptablesForwardMasquerade(fw, netaddr, prefix,
physdev, addr, port, protocol,
@@ -965,7 +965,7 @@ iptablesForwardDontMasquerade(virFirewall *fw,
}
/**
- * iptablesAddDontMasquerade:
+ * virNetfilterAddDontMasquerade:
* @netaddr: the source network name
* @prefix: prefix (# of 1 bits) of netmask to apply to @netaddr
* @physdev: the physical output device or NULL
@@ -973,24 +973,24 @@ iptablesForwardDontMasquerade(virFirewall *fw,
*
* Add rules to the IP table context to avoid masquerading from
* @netaddr/@prefix to @destaddr on @physdev. @destaddr must be in a format
- * directly consumable by iptables, it must not depend on user input or
+ * directly consumable by iptables/nftables, it must not depend on user input or
* configuration.
*
* Returns 0 in case of success or an error code otherwise.
*/
int
-iptablesAddDontMasquerade(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- const char *destaddr)
+virNetfilterAddDontMasquerade(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
+ const char *destaddr)
{
return iptablesForwardDontMasquerade(fw, netaddr, prefix,
physdev, destaddr, VIR_NETFILTER_INSERT);
}
/**
- * iptablesRemoveDontMasquerade:
+ * virNetfilterRemoveDontMasquerade:
* @netaddr: the source network name
* @prefix: prefix (# of 1 bits) of netmask to apply to @netaddr
* @physdev: the physical output device or NULL
@@ -998,17 +998,17 @@ iptablesAddDontMasquerade(virFirewall *fw,
*
* Remove rules from the IP table context that prevent masquerading from
* @netaddr/@prefix to @destaddr on @physdev. @destaddr must be in a format
- * directly consumable by iptables, it must not depend on user input or
+ * directly consumable by iptables/nftables, it must not depend on user input or
* configuration.
*
* Returns 0 in case of success or an error code otherwise.
*/
int
-iptablesRemoveDontMasquerade(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- const char *destaddr)
+virNetfilterRemoveDontMasquerade(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
+ const char *destaddr)
{
return iptablesForwardDontMasquerade(fw, netaddr, prefix,
physdev, destaddr,
diff --git a/src/util/viriptables.h b/src/util/viriptables.h
index bb13f3292d..610c4dccde 100644
--- a/src/util/viriptables.h
+++ b/src/util/viriptables.h
@@ -25,101 +25,101 @@
int iptablesSetupPrivateChains (virFirewallLayer layer);
-void iptablesAddTcpInput (virFirewall *fw,
+void virNetfilterAddTcpInput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-void iptablesRemoveTcpInput (virFirewall *fw,
+void virNetfilterRemoveTcpInput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-void iptablesAddUdpInput (virFirewall *fw,
+void virNetfilterAddUdpInput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-void iptablesRemoveUdpInput (virFirewall *fw,
+void virNetfilterRemoveUdpInput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-void iptablesAddTcpOutput (virFirewall *fw,
+void virNetfilterAddTcpOutput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-void iptablesRemoveTcpOutput (virFirewall *fw,
+void virNetfilterRemoveTcpOutput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-void iptablesAddUdpOutput (virFirewall *fw,
+void virNetfilterAddUdpOutput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-void iptablesRemoveUdpOutput (virFirewall *fw,
+void virNetfilterRemoveUdpOutput (virFirewall *fw,
virFirewallLayer layer,
const char *iface,
int port);
-int iptablesAddForwardAllowOut (virFirewall *fw,
+int virNetfilterAddForwardAllowOut (virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowOut (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+int virNetfilterRemoveForwardAllowOut(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesAddForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+int virNetfilterAddForwardAllowRelatedIn(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
+int virNetfilterRemoveForwardAllowRelatedIn(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *iface,
+ const char *physdev)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesAddForwardAllowIn (virFirewall *fw,
+int virNetfilterAddForwardAllowIn (virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowIn (virFirewall *fw,
+int virNetfilterRemoveForwardAllowIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
G_GNUC_WARN_UNUSED_RESULT;
-void iptablesAddForwardAllowCross (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardAllowCross (virFirewall *fw,
+void virNetfilterAddForwardAllowCross(virFirewall *fw,
virFirewallLayer layer,
const char *iface);
+void virNetfilterRemoveForwardAllowCross(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface);
-void iptablesAddForwardRejectOut (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardRejectOut (virFirewall *fw,
+void virNetfilterAddForwardRejectOut (virFirewall *fw,
virFirewallLayer layer,
const char *iface);
+void virNetfilterRemoveForwardRejectOut(virFirewall *fw,
+ virFirewallLayer layer,
+ const char *iface);
-void iptablesAddForwardRejectIn (virFirewall *fw,
+void virNetfilterAddForwardRejectIn (virFirewall *fw,
virFirewallLayer layer,
const char *iface);
-void iptablesRemoveForwardRejectIn (virFirewall *fw,
- virFirewallLayer layery,
- const char *iface);
+void virNetfilterRemoveForwardRejectIn(virFirewall *fw,
+ virFirewallLayer layery,
+ const char *iface);
-int iptablesAddForwardMasquerade (virFirewall *fw,
+int virNetfilterAddForwardMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
@@ -127,21 +127,21 @@ int iptablesAddForwardMasquerade (virFirewall *fw,
virPortRange *port,
const char *protocol)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- virSocketAddrRange *addr,
- virPortRange *port,
- const char *protocol)
+int virNetfilterRemoveForwardMasquerade(virFirewall *fw,
+ virSocketAddr *netaddr,
+ unsigned int prefix,
+ const char *physdev,
+ virSocketAddrRange *addr,
+ virPortRange *port,
+ const char *protocol)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesAddDontMasquerade (virFirewall *fw,
+int virNetfilterAddDontMasquerade (virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
const char *destaddr)
G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveDontMasquerade (virFirewall *fw,
+int virNetfilterRemoveDontMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
--
2.39.2
On Sun, Apr 30, 2023 at 11:19:19PM -0400, Laine Stump wrote: > These toplevel functions have no iptables-specific code, except that > they each call a lower-level internal function that *is* iptables > specific. As a preparation to supporting use of either iptables or > nftables, rename these functions from iptablesXXX to virNetfilterXXX. Anyone have any thoughts on virNetfilterXXX vs virNetFilterXXX ? I would probably have gone for the latter, but its pretty minor so not too fussed about it. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 5/3/23 11:54 AM, Daniel P. Berrangé wrote: > On Sun, Apr 30, 2023 at 11:19:19PM -0400, Laine Stump wrote: >> These toplevel functions have no iptables-specific code, except that >> they each call a lower-level internal function that *is* iptables >> specific. As a preparation to supporting use of either iptables or >> nftables, rename these functions from iptablesXXX to virNetfilterXXX. > > Anyone have any thoughts on virNetfilterXXX vs virNetFilterXXX ? > I would probably have gone for the latter, but its pretty minor > so not too fussed about it. Either way is okay with me. "netfilter" is a single word that is usually lower case, which is why I made it "virNetfilter" (first letter of a word in the middle of the identifier has to be capitalized to follow "camelCase"). But of course if you're thinking of it as the generic term "net filter" rather than the specific "netfilter", then "virNetFilter" is better.
On Sun, Apr 30, 2023 at 11:19:19PM -0400, Laine Stump wrote: > These toplevel functions have no iptables-specific code, except that > they each call a lower-level internal function that *is* iptables > specific. As a preparation to supporting use of either iptables or > nftables, rename these functions from iptablesXXX to virNetfilterXXX. > > Signed-off-by: Laine Stump <laine@redhat.com> > --- > src/libvirt_private.syms | 48 +++--- > src/network/bridge_driver_linux.c | 124 +++++++------- > src/util/viriptables.c | 260 +++++++++++++++--------------- > src/util/viriptables.h | 96 +++++------ > 4 files changed, 264 insertions(+), 264 deletions(-) > > diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms > index 73cccf38a1..9f3868bbac 100644 > --- a/src/libvirt_private.syms > +++ b/src/libvirt_private.syms > @@ -2547,33 +2547,33 @@ virInitctlSetRunLevel; > diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c > index 1ef5b9d917..da7d78a40a 100644 > --- a/src/network/bridge_driver_linux.c > +++ b/src/network/bridge_driver_linux.c > @@ -322,7 +322,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, > } > > /* allow forwarding packets from the bridge interface */ > - if (iptablesAddForwardAllowOut(fw, > + if (virNetfilterAddForwardAllowOut(fw, > &ipdef->address, > prefix, > def->bridge, nit-pick - the arguments all need their indentation adjusting for this rename. > diff --git a/src/util/viriptables.h b/src/util/viriptables.h > index bb13f3292d..610c4dccde 100644 > --- a/src/util/viriptables.h > +++ b/src/util/viriptables.h > @@ -25,101 +25,101 @@ > > int iptablesSetupPrivateChains (virFirewallLayer layer); > > -void iptablesAddTcpInput (virFirewall *fw, > +void virNetfilterAddTcpInput (virFirewall *fw, > virFirewallLayer layer, > const char *iface, > int port); I'd be inclined to remove the excessive whitespace between the function name and the parameter list while making this change. This file is a long standing outlier in our codebase and we might as well take this opportunity to fix that. With the whitespace points addressed: Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2024 Red Hat, Inc.