From nobody Tue Feb 10 03:44:53 2026
Delivered-To: importer@patchew.org
Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied
 by domain of lists.libvirt.org) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain
 of lists.libvirt.org)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1713756208114335.6879548181083;
 Sun, 21 Apr 2024 20:23:28 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 0B2022174; Sun, 21 Apr 2024 23:23:26 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id E850B1F4E;
	Sun, 21 Apr 2024 22:55:21 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 209031E71; Sun, 21 Apr 2024 22:53:53 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 016391E06
	for <devel@lists.libvirt.org>; Sun, 21 Apr 2024 22:53:41 -0400 (EDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-280-x0uKjum0OxiyUI79HBfRmA-1; Sun, 21 Apr 2024 22:53:38 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
 [10.11.54.3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B56708884A1
	for <devel@lists.libvirt.org>; Mon, 22 Apr 2024 02:53:38 +0000 (UTC)
Received: from vhost3.router.laine.org (unknown [10.22.8.35])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 9CA261121306
	for <devel@lists.libvirt.org>; Mon, 22 Apr 2024 02:53:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-1.0 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
X-MC-Unique: x0uKjum0OxiyUI79HBfRmA-1
From: Laine Stump <laine@redhat.com>
To: devel@lists.libvirt.org
Subject: [PATCH v2 17/27] util: new function virFirewallNewFromRollback()
Date: Sun, 21 Apr 2024 22:53:25 -0400
Message-ID: <20240422025335.923272-18-laine@redhat.com>
In-Reply-To: <20240422025335.923272-1-laine@redhat.com>
References: <20240422025335.923272-1-laine@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Message-ID-Hash: TVYLXG65B4NDXZGM3B2OCZF64QNCLTTL
X-Message-ID-Hash: TVYLXG65B4NDXZGM3B2OCZF64QNCLTTL
X-MailFrom: laine@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/TVYLXG65B4NDXZGM3B2OCZF64QNCLTTL/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
Content-Type: text/plain; charset="utf-8"; x-default="true"
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1713756208741100001

virFirewallNewFromRollback() creates a new virFirewall object that
contains a copy of the "rollback" commands from an existing
virFirewall object, but in reverse order. The intent is that this
virFirewall be saved and used later to remove the firewall rules that
were added for a network.

Signed-off-by: Laine Stump <laine@redhat.com>
---
 src/libvirt_private.syms |  1 +
 src/util/virfirewall.c   | 59 ++++++++++++++++++++++++++++++++++++++++
 src/util/virfirewall.h   |  1 +
 3 files changed, 61 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 1a9e996879..e3dcb353b7 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2416,6 +2416,7 @@ virFirewallCmdToString;
 virFirewallFree;
 virFirewallGetBackend;
 virFirewallNew;
+virFirewallNewFromRollback;
 virFirewallRemoveCmd;
 virFirewallStartRollback;
 virFirewallStartTransaction;
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index 8cc551d6e2..57d45abc17 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -751,3 +751,62 @@ virFirewallApply(virFirewall *firewall)
=20
     return 0;
 }
+
+
+/**
+ * virFirewallNewFromRollback:
+
+ * @original: the original virFirewall object containing the rollback
+ *            of interest
+ * @fwRemoval: a firewall object that, when applied, will remove @original
+ *
+ * Copy the rollback rules from the current virFirewall object as a
+ * new virFirewall. This virFirewall can then be saved to apply later
+ * and counteract everything done by the original.
+ *
+ * Returns 0 on success, -1 on error
+ */
+int
+virFirewallNewFromRollback(virFirewall *original,
+                           virFirewall **fwRemoval)
+{
+    size_t g;
+    g_autoptr(virFirewall) firewall =3D NULL;
+
+    if (original->err) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("error in original firewall object"));
+        return -1;
+    }
+
+    firewall =3D virFirewallNew(original->backend);
+
+    /* add the rollback commands in reverse order of actions/groups of
+     * what was applied in the original firewall.
+     */
+    for (g =3D original->ngroups; g > 0; g--) {
+        size_t r;
+        virFirewallGroup *group =3D original->groups[g - 1];
+
+        if (group->nrollback =3D=3D 0)
+            continue;
+
+        virFirewallStartTransaction(firewall, VIR_FIREWALL_TRANSACTION_IGN=
ORE_ERRORS);
+
+        for (r =3D group->nrollback; r > 0; r--) {
+            size_t i;
+            virFirewallCmd *origCmd =3D group->rollback[r - 1];
+            virFirewallCmd *rbCmd =3D virFirewallAddCmd(firewall, origCmd-=
>layer, NULL);
+
+            for (i =3D 0; i < origCmd->argsLen; i++)
+                ADD_ARG(rbCmd, origCmd->args[i]);
+        }
+    }
+
+    if (firewall->ngroups =3D=3D 0)
+        VIR_DEBUG("original firewall object is empty");
+    else
+        *fwRemoval =3D g_steal_pointer(&firewall);
+
+    return 0;
+}
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index a4e62efbeb..7d8b36fa96 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -45,6 +45,7 @@ typedef enum {
 VIR_ENUM_DECL(virFirewallBackend);
=20
 virFirewall *virFirewallNew(virFirewallBackend backend);
+int virFirewallNewFromRollback(virFirewall *original, virFirewall **fwRemo=
val);
 void virFirewallFree(virFirewall *firewall);
 virFirewallBackend virFirewallGetBackend(virFirewall *firewall);
=20
--=20
2.44.0
_______________________________________________
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-leave@lists.libvirt.org