From nobody Mon Sep 16 20:12:23 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1682911282; cv=none; d=zohomail.com; s=zohoarc; b=GayZmfgsSVVfy+Rhr+J0B9oHhhp5QlKESdjaE8FVVBL0SgU5D/Vdk2Yz7IPS6PxoIBGJed1UjEawpOrlqE8rx1kGzP6g+u2nZBbS3VOkMkvD5NiJpT9unw1Ho23jTOyk6WlLC86HSvvWPAMy4RolumEvuzDgWOApOZghWsAmBrM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1682911282; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=0boVLfDwy4w/fXIzsZ1bz3TC1asO9ayRx6x1hConAWU=; b=htt91jKoE3Ipdc2H3MMZx9qIS2tt9K8k5btUeWItAoLsrSfDlTdfWT3MUDwjkPaGZygTG8ThK74fXe9RHcHqmE0sVK8nkVTP9QQV6mPTsm1N3imAL7rNrdzVcxPXnUySOzatTNTZN4I2trwffK610vFSE2F2c1mn6oypiAZrCIg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1682911282042880.3862806690767; Sun, 30 Apr 2023 20:21:22 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-155-LzbinBDlNmC6zg6b-ZhGFw-1; Sun, 30 Apr 2023 23:20:31 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CB98D852AF8; Mon, 1 May 2023 03:20:21 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id AF84CC16026; Mon, 1 May 2023 03:20:21 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E32D4194F275; Mon, 1 May 2023 03:20:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C7724194658F for ; Mon, 1 May 2023 03:20:05 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 05A0A4750B3; Mon, 1 May 2023 03:19:45 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.8.105]) by smtp.corp.redhat.com (Postfix) with ESMTP id E160040D1C8 for ; Mon, 1 May 2023 03:19:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1682911281; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0boVLfDwy4w/fXIzsZ1bz3TC1asO9ayRx6x1hConAWU=; b=Xry6qn34jjHVtMjtTpz2vYQHkUY1Vpg9F6kQKrvsnFMri4VLiY88v9/FFlOcNa7UWwO6uW 3kXugsii7qnaskyN97gFs6GLfThBXYUU/wQWIeAixQPhRvGqVUVtJQ8hjgv/lIzZ2kh1h7 IQA5Gjb3cuHXBetSISd17IqNjrhF2JU= X-MC-Unique: LzbinBDlNmC6zg6b-ZhGFw-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Laine Stump To: libvir-list@redhat.com Subject: [libvirt PATCH 06/28] util: make netfilter action a proper typedefed (virFirewall) enum Date: Sun, 30 Apr 2023 23:19:21 -0400 Message-Id: <20230501031943.288145-7-laine@redhat.com> In-Reply-To: <20230501031943.288145-1-laine@redhat.com> References: <20230501031943.288145-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1682911282304100015 Content-Type: text/plain; charset="utf-8"; x-default="true" and take advantage of this to replace all the ternary operators when calling virFirewallAddRule() with virIptablesActionTypeToString(). (NB: the VIR_ENUM declaration uses "virIptablesAction" rather than "virFirewallAction" because the string it produces is specific to the iptables backend. A separate VIR_ENUM for "virNftablesAction", producing slightly different strings, will be added later for the nftables backend.) Signed-off-by: Laine Stump --- src/util/virfirewall.h | 8 +++++ src/util/viriptables.c | 69 ++++++++++++++++++++++++----------------- src/util/viriptables.h | 21 +++++++------ src/util/virnetfilter.c | 49 +++++++++++++++-------------- src/util/virnetfilter.h | 5 --- 5 files changed, 84 insertions(+), 68 deletions(-) diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h index 0f40dae859..ed0bc8b6f7 100644 --- a/src/util/virfirewall.h +++ b/src/util/virfirewall.h @@ -34,6 +34,14 @@ typedef enum { VIR_FIREWALL_LAYER_LAST, } virFirewallLayer; =20 +typedef enum { + VIR_FIREWALL_ACTION_INSERT, + VIR_FIREWALL_ACTION_APPEND, + VIR_FIREWALL_ACTION_DELETE, + + VIR_FIREWALL_ACTION_LAST +} virFirewallAction; + virFirewall *virFirewallNew(void); =20 void virFirewallFree(virFirewall *firewall); diff --git a/src/util/viriptables.c b/src/util/viriptables.c index a85f3ea603..dc2a4335bf 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -33,11 +33,22 @@ #include "virerror.h" #include "virlog.h" #include "virhash.h" +#include "virenum.h" =20 VIR_LOG_INIT("util.iptables"); =20 #define VIR_FROM_THIS VIR_FROM_NONE =20 + +VIR_ENUM_DECL(virIptablesAction); +VIR_ENUM_IMPL(virIptablesAction, + VIR_FIREWALL_ACTION_LAST, + "--insert", + "--append", + "--delete", +); + + typedef struct { const char *parent; const char *child; @@ -156,14 +167,14 @@ iptablesInput(virFirewall *fw, virFirewallLayer layer, const char *iface, int port, - int action, + virFirewallAction action, int tcp) { g_autofree char *portstr =3D g_strdup_printf("%d", port); =20 virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "= --delete", + virIptablesActionTypeToString(action), "LIBVIRT_INP", "--in-interface", iface, "--protocol", tcp ? "tcp" : "udp", @@ -177,14 +188,14 @@ iptablesOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, int port, - int action, + virFirewallAction action, int tcp) { g_autofree char *portstr =3D g_strdup_printf("%d", port); =20 virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "= --delete", + virIptablesActionTypeToString(action), "LIBVIRT_OUT", "--out-interface", iface, "--protocol", tcp ? "tcp" : "udp", @@ -203,7 +214,7 @@ iptablesForwardAllowOut(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action) + virFirewallAction action) { g_autofree char *networkstr =3D NULL; virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? @@ -215,7 +226,7 @@ iptablesForwardAllowOut(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWO", "--source", networkstr, "--in-interface", iface, @@ -225,7 +236,7 @@ iptablesForwardAllowOut(virFirewall *fw, else virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWO", "--source", networkstr, "--in-interface", iface, @@ -245,7 +256,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action) + virFirewallAction action) { virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; @@ -257,7 +268,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWI", "--destination", networkstr, "--in-interface", physdev, @@ -269,7 +280,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, else virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWI", "--destination", networkstr, "--out-interface", iface, @@ -290,7 +301,7 @@ iptablesForwardAllowIn(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action) + virFirewallAction action) { virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; @@ -302,7 +313,7 @@ iptablesForwardAllowIn(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWI", "--destination", networkstr, "--in-interface", physdev, @@ -312,7 +323,7 @@ iptablesForwardAllowIn(virFirewall *fw, else virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWI", "--destination", networkstr, "--out-interface", iface, @@ -326,11 +337,11 @@ void iptablesForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action) + virFirewallAction action) { virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "= --delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWX", "--in-interface", iface, "--out-interface", iface, @@ -343,11 +354,11 @@ void iptablesForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action) + virFirewallAction action) { virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "= --delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWO", "--in-interface", iface, "--jump", "REJECT", @@ -359,11 +370,11 @@ void iptablesForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action) + virFirewallAction action) { virFirewallAddRule(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "= --delete", + virIptablesActionTypeToString(action), "LIBVIRT_FWI", "--out-interface", iface, "--jump", "REJECT", @@ -382,7 +393,7 @@ iptablesForwardMasquerade(virFirewall *fw, virSocketAddrRange *addr, virPortRange *port, const char *protocol, - int action) + virFirewallAction action) { g_autofree char *networkstr =3D NULL; g_autofree char *addrStartStr =3D NULL; @@ -409,7 +420,7 @@ iptablesForwardMasquerade(virFirewall *fw, if (protocol && protocol[0]) { rule =3D virFirewallAddRule(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--= insert" : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_PRT", "--source", networkstr, "-p", protocol, @@ -418,7 +429,7 @@ iptablesForwardMasquerade(virFirewall *fw, } else { rule =3D virFirewallAddRule(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--= insert" : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_PRT", "--source", networkstr, "!", "--destination", networkstr, @@ -479,7 +490,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, unsigned int prefix, const char *physdev, const char *destaddr, - int action) + virFirewallAction action) { g_autofree char *networkstr =3D NULL; virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? @@ -491,7 +502,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddRule(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_PRT", "--out-interface", physdev, "--source", networkstr, @@ -501,7 +512,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, else virFirewallAddRule(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert"= : "--delete", + virIptablesActionTypeToString(action), "LIBVIRT_PRT", "--source", networkstr, "--destination", destaddr, @@ -516,13 +527,13 @@ static void iptablesOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port, - int action) + virFirewallAction action) { g_autofree char *portstr =3D g_strdup_printf("%d", port); =20 virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4, "--table", "mangle", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "= --delete", + virIptablesActionTypeToString(action), "LIBVIRT_PRT", "--out-interface", iface, "--protocol", "udp", @@ -547,7 +558,7 @@ iptablesAddOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) { - iptablesOutputFixUdpChecksum(fw, iface, port, VIR_NETFILTER_INSERT); + iptablesOutputFixUdpChecksum(fw, iface, port, VIR_FIREWALL_ACTION_INSE= RT); } =20 /** @@ -564,5 +575,5 @@ iptablesRemoveOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) { - iptablesOutputFixUdpChecksum(fw, iface, port, VIR_NETFILTER_DELETE); + iptablesOutputFixUdpChecksum(fw, iface, port, VIR_FIREWALL_ACTION_DELE= TE); } diff --git a/src/util/viriptables.h b/src/util/viriptables.h index 6ea589121e..17f43a8fa8 100644 --- a/src/util/viriptables.h +++ b/src/util/viriptables.h @@ -22,6 +22,7 @@ =20 #include "virsocketaddr.h" #include "virfirewall.h" +#include "virnetfilter.h" =20 /* These functions are (currently) called directly from the consumer * (e.g. the network driver), and only when the iptables backend is @@ -50,7 +51,7 @@ iptablesInput(virFirewall *fw, virFirewallLayer layer, const char *iface, int port, - int action, + virFirewallAction action, int tcp); =20 void @@ -58,7 +59,7 @@ iptablesOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, int port, - int action, + virFirewallAction action, int tcp); =20 int @@ -67,7 +68,7 @@ iptablesForwardAllowOut(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action); + virFirewallAction action); =20 int iptablesForwardAllowRelatedIn(virFirewall *fw, @@ -75,7 +76,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action); + virFirewallAction action); =20 int iptablesForwardAllowIn(virFirewall *fw, @@ -83,26 +84,26 @@ iptablesForwardAllowIn(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action); + virFirewallAction action); =20 =20 void iptablesForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action); + virFirewallAction action); =20 void iptablesForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action); + virFirewallAction action); =20 void iptablesForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action); + virFirewallAction action); =20 int iptablesForwardMasquerade(virFirewall *fw, @@ -112,7 +113,7 @@ iptablesForwardMasquerade(virFirewall *fw, virSocketAddrRange *addr, virPortRange *port, const char *protocol, - int action); + virFirewallAction action); =20 int iptablesForwardDontMasquerade(virFirewall *fw, @@ -120,4 +121,4 @@ iptablesForwardDontMasquerade(virFirewall *fw, unsigned int prefix, const char *physdev, const char *destaddr, - int action); + virFirewallAction action); diff --git a/src/util/virnetfilter.c b/src/util/virnetfilter.c index efe2ca01dc..10c1a54e26 100644 --- a/src/util/virnetfilter.c +++ b/src/util/virnetfilter.c @@ -59,7 +59,7 @@ virNetfilterAddTcpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); + iptablesInput(fw, layer, iface, port, VIR_FIREWALL_ACTION_INSERT, 1); } =20 =20 @@ -78,7 +78,7 @@ virNetfilterRemoveTcpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); + iptablesInput(fw, layer, iface, port, VIR_FIREWALL_ACTION_DELETE, 1); } =20 =20 @@ -97,7 +97,7 @@ virNetfilterAddUdpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); + iptablesInput(fw, layer, iface, port, VIR_FIREWALL_ACTION_INSERT, 0); } =20 =20 @@ -116,7 +116,7 @@ virNetfilterRemoveUdpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); + iptablesInput(fw, layer, iface, port, VIR_FIREWALL_ACTION_DELETE, 0); } =20 =20 @@ -135,7 +135,7 @@ virNetfilterAddTcpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); + iptablesOutput(fw, layer, iface, port, VIR_FIREWALL_ACTION_INSERT, 1); } =20 =20 @@ -154,7 +154,7 @@ virNetfilterRemoveTcpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); + iptablesOutput(fw, layer, iface, port, VIR_FIREWALL_ACTION_DELETE, 1); } =20 =20 @@ -173,7 +173,7 @@ virNetfilterAddUdpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); + iptablesOutput(fw, layer, iface, port, VIR_FIREWALL_ACTION_INSERT, 0); } =20 =20 @@ -192,7 +192,7 @@ virNetfilterRemoveUdpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); + iptablesOutput(fw, layer, iface, port, VIR_FIREWALL_ACTION_DELETE, 0); } =20 =20 @@ -217,7 +217,7 @@ virNetfilterAddForwardAllowOut(virFirewall *fw, const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_INSERT); + VIR_FIREWALL_ACTION_INSERT); } =20 =20 @@ -242,7 +242,7 @@ virNetfilterRemoveForwardAllowOut(virFirewall *fw, const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_DELETE); + VIR_FIREWALL_ACTION_DELETE); } =20 =20 @@ -267,7 +267,7 @@ virNetfilterAddForwardAllowRelatedIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physd= ev, - VIR_NETFILTER_INSERT); + VIR_FIREWALL_ACTION_INSERT); } =20 =20 @@ -292,7 +292,7 @@ virNetfilterRemoveForwardAllowRelatedIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physd= ev, - VIR_NETFILTER_DELETE); + VIR_FIREWALL_ACTION_DELETE); } =20 =20 @@ -317,7 +317,7 @@ virNetfilterAddForwardAllowIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_INSERT); + VIR_FIREWALL_ACTION_INSERT); } =20 =20 @@ -342,7 +342,7 @@ virNetfilterRemoveForwardAllowIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_DELETE); + VIR_FIREWALL_ACTION_DELETE); } =20 =20 @@ -362,7 +362,7 @@ virNetfilterAddForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_INSERT); + iptablesForwardAllowCross(fw, layer, iface, VIR_FIREWALL_ACTION_INSERT= ); } =20 =20 @@ -382,7 +382,7 @@ virNetfilterRemoveForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_DELETE); + iptablesForwardAllowCross(fw, layer, iface, VIR_FIREWALL_ACTION_DELETE= ); } =20 =20 @@ -401,7 +401,7 @@ virNetfilterAddForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_INSERT); + iptablesForwardRejectOut(fw, layer, iface, VIR_FIREWALL_ACTION_INSERT); } =20 /** @@ -419,7 +419,7 @@ virNetfilterRemoveForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_DELETE); + iptablesForwardRejectOut(fw, layer, iface, VIR_FIREWALL_ACTION_DELETE); } =20 =20 @@ -438,7 +438,7 @@ virNetfilterAddForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_INSERT); + iptablesForwardRejectIn(fw, layer, iface, VIR_FIREWALL_ACTION_INSERT); } =20 =20 @@ -457,7 +457,7 @@ virNetfilterRemoveForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_DELETE); + iptablesForwardRejectIn(fw, layer, iface, VIR_FIREWALL_ACTION_DELETE); } =20 =20 @@ -485,7 +485,7 @@ virNetfilterAddForwardMasquerade(virFirewall *fw, { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, - VIR_NETFILTER_INSERT); + VIR_FIREWALL_ACTION_INSERT); } =20 =20 @@ -513,7 +513,7 @@ virNetfilterRemoveForwardMasquerade(virFirewall *fw, { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, - VIR_NETFILTER_DELETE); + VIR_FIREWALL_ACTION_DELETE); } =20 =20 @@ -539,7 +539,8 @@ virNetfilterAddDontMasquerade(virFirewall *fw, const char *destaddr) { return iptablesForwardDontMasquerade(fw, netaddr, prefix, - physdev, destaddr, VIR_NETFILTER_= INSERT); + physdev, destaddr, + VIR_FIREWALL_ACTION_INSERT); } =20 =20 @@ -566,5 +567,5 @@ virNetfilterRemoveDontMasquerade(virFirewall *fw, { return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, - VIR_NETFILTER_DELETE); + VIR_FIREWALL_ACTION_DELETE); } diff --git a/src/util/virnetfilter.h b/src/util/virnetfilter.h index c75f7eccbd..c8b91f16eb 100644 --- a/src/util/virnetfilter.h +++ b/src/util/virnetfilter.h @@ -23,11 +23,6 @@ #include "virsocketaddr.h" #include "virfirewall.h" =20 -enum { - VIR_NETFILTER_INSERT =3D 0, - VIR_NETFILTER_DELETE -}; - void virNetfilterAddTcpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, --=20 2.39.2