From nobody Wed Jan 15 09:36:23 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1682911297; cv=none;
	d=zohomail.com; s=zohoarc;
	b=emG6GtYXb/wyG9rpdo/afX9q3LzxK25v+iMPYqilJy5Q3/h1q1uXDSRRhH5GKgfQ6JfQ1w0H5ENxRw9yVm3oBZXvUZx0uCWuiO7qX/AVRTPpINaLnpQ3I/uHfxy1dUQqjZguCfkWgxH8RAEoe586tR4GrBOEL5bcfkAsH04HIP8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1682911297;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=88rmEhQ+ZHG4S5k88x6vuAcBmaFjnIwwYgTis/w5EfE=;
	b=YPY+UY9UgYAn5g8kyFkdkT8sTB6KpRAefAKXR0utCA8imBhKuNeV1q48qfB+F6hdjN6BkSOR2gCeOxyLMeMZzCbTGnOAj0pe+HPpyfZbeQ1PImRR8GxDvIeV5KfUho/zXqqLsoDy5EaGo8cfDnEFiHxwtZzQvZQG6Z/JSKDs8A8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<laine@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1682911297355381.3144827355553;
 Sun, 30 Apr 2023 20:21:37 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-632-bPdg1DwRMHi52P5Z2XMuZA-1; Sun, 30 Apr 2023 23:20:32 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3CF791C08977;
	Mon,  1 May 2023 03:20:18 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 20403C16044;
	Mon,  1 May 2023 03:20:18 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id CE1FF194E104;
	Mon,  1 May 2023 03:20:09 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
 [10.11.54.10])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id E10661946A5A for <libvir-list@listman.corp.redhat.com>;
 Mon,  1 May 2023 03:20:05 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id A951A475024; Mon,  1 May 2023 03:19:47 +0000 (UTC)
Received: from vhost3.router.laine.org (unknown [10.22.8.105])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 8F2D2475022
 for <libvir-list@redhat.com>; Mon,  1 May 2023 03:19:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1682911296;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=88rmEhQ+ZHG4S5k88x6vuAcBmaFjnIwwYgTis/w5EfE=;
	b=g3Rn4kfeUGH+iqCtBrU9nyUtR9B7sAAxdl6HxDvRBN9t3vbpqLLo5TXGPhWBwNRJASIhhY
	HOa3azd8bouXmhI7PRC8Cw8B1t1NeQQYJA7L25XTMKTl3WMwNC3qQ0qmLcpVYdQhWQy+2v
	5c2x0b/hIdtGtbAsFnYeC3aYe3eP5QQ=
X-MC-Unique: bPdg1DwRMHi52P5Z2XMuZA-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Laine Stump <laine@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 23/28] util: new function virFirewallNewFromRollback()
Date: Sun, 30 Apr 2023 23:19:38 -0400
Message-Id: <20230501031943.288145-24-laine@redhat.com>
In-Reply-To: <20230501031943.288145-1-laine@redhat.com>
References: <20230501031943.288145-1-laine@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1682911297622100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

virFirewallNewFromRollback() creates a new virFirewall object that
contains a copy of the "rollback" rules from an existing virFirewall
object, but in reverse order. The intent is that this virFirewall be
saved and used later to remove the firewall rules that were added for
a network.

Signed-off-by: Laine Stump <laine@redhat.com>
---
 src/libvirt_private.syms |  1 +
 src/util/virfirewall.c   | 59 ++++++++++++++++++++++++++++++++++++++++
 src/util/virfirewall.h   |  1 +
 3 files changed, 61 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index df84c5520c..7eeed1efd4 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2379,6 +2379,7 @@ virFirewallBackendTypeToString;
 virFirewallFree;
 virFirewallGetBackend;
 virFirewallNew;
+virFirewallNewFromRollback;
 virFirewallRemoveRule;
 virFirewallRuleAddArg;
 virFirewallRuleAddArgFormat;
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index c59166b843..f598cc9d79 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -680,3 +680,62 @@ virFirewallApply(virFirewall *firewall)
=20
     return 0;
 }
+
+
+/**
+ * virFirewallNewFromRollback:
+
+ * @original: the original virFirewall object containing the rollback
+ *            of interest
+ * @fwRemoval: a firewall object that, when applied, will remove @original
+ *
+ * Copy the rollback rules from the current virFirewall object as a
+ * new virFirewall. This virFirewall can then be saved to apply later
+ * and counteract everything done by the original.
+ *
+ * Returns 0 on success, -1 on error
+ */
+int
+virFirewallNewFromRollback(virFirewall *original,
+                           virFirewall **fwRemoval)
+{
+    size_t g;
+    g_autoptr(virFirewall) firewall =3D NULL;
+
+    if (original->err) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("error in original firewall object"));
+        return -1;
+    }
+
+    firewall =3D virFirewallNew(original->backend);
+
+    /* add the rollback commands in reverse order of actions/groups of
+     * what was applied in the original firewall.
+     */
+    for (g =3D original->ngroups; g > 0; g--) {
+        size_t r;
+        virFirewallGroup *group =3D original->groups[g - 1];
+
+        if (group->nrollback =3D=3D 0)
+            continue;
+
+        virFirewallStartTransaction(firewall, VIR_FIREWALL_TRANSACTION_IGN=
ORE_ERRORS);
+
+        for (r =3D group->nrollback; r > 0; r--) {
+            size_t i;
+            virFirewallRule *origRule =3D group->rollback[r - 1];
+            virFirewallRule *rule =3D virFirewallAddRule(firewall, origRul=
e->layer, NULL);
+
+            for (i =3D 0; i < origRule->argsLen; i++)
+                ADD_ARG(rule, origRule->args[i]);
+        }
+    }
+
+    if (firewall->ngroups =3D=3D 0)
+        VIR_DEBUG("original firewall object is empty");
+    else
+        *fwRemoval =3D g_steal_pointer(&firewall);
+
+    return 0;
+}
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index f81b63567a..9017c12b5c 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -54,6 +54,7 @@ typedef enum {
 VIR_ENUM_DECL(virFirewallBackend);
=20
 virFirewall *virFirewallNew(virFirewallBackend backend);
+int virFirewallNewFromRollback(virFirewall *original, virFirewall **fwRemo=
val);
 void virFirewallFree(virFirewall *firewall);
 virFirewallBackend virFirewallGetBackend(virFirewall *firewall);
=20
--=20
2.39.2