From nobody Mon Feb 9 17:34:59 2026 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 171375480622423.775984210703086; Sun, 21 Apr 2024 20:00:06 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 34A661EA8; Sun, 21 Apr 2024 23:00:05 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id D9DD61EA0; Sun, 21 Apr 2024 22:54:07 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 4CC451E11; Sun, 21 Apr 2024 22:53:45 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 0B2661DB2 for ; Sun, 21 Apr 2024 22:53:39 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-206-RhkpixbyPlCvj_T1XG95Hw-1; Sun, 21 Apr 2024 22:53:37 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C1706380009C for ; Mon, 22 Apr 2024 02:53:36 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.8.35]) by smtp.corp.redhat.com (Postfix) with ESMTP id AAB9A1121306 for ; Mon, 22 Apr 2024 02:53:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: RhkpixbyPlCvj_T1XG95Hw-1 From: Laine Stump To: devel@lists.libvirt.org Subject: [PATCH v2 03/27] network: make all iptables functions used only in network_iptables.c static Date: Sun, 21 Apr 2024 22:53:11 -0400 Message-ID: <20240422025335.923272-4-laine@redhat.com> In-Reply-To: <20240422025335.923272-1-laine@redhat.com> References: <20240422025335.923272-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: ID2MWKIFISGARXJRWU3H2XA7RCITOBAY X-Message-ID-Hash: ID2MWKIFISGARXJRWU3H2XA7RCITOBAY X-MailFrom: laine@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8"; x-default="true" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1713754808124100001 Now that the toplevel iptables functions have been moved out of the linux bridge driver into network_iptables.c, all of the utility functions are used only within that same file, so simplify it. Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- src/network/network_iptables.c | 52 ++++++------- src/network/network_iptables.h | 130 --------------------------------- 2 files changed, 26 insertions(+), 156 deletions(-) diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c index 106e8bfabf..8d32d30980 100644 --- a/src/network/network_iptables.c +++ b/src/network/network_iptables.c @@ -208,7 +208,7 @@ iptablesOutput(virFirewall *fw, * Add an input to the IP table allowing access to the given @port on * the given @iface interface for TCP packets */ -void +static void iptablesAddTcpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -226,7 +226,7 @@ iptablesAddTcpInput(virFirewall *fw, * Removes an input from the IP table, hence forbidding access to the given * @port on the given @iface interface for TCP packets */ -void +static void iptablesRemoveTcpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -244,7 +244,7 @@ iptablesRemoveTcpInput(virFirewall *fw, * Add an input to the IP table allowing access to the given @port on * the given @iface interface for UDP packets */ -void +static void iptablesAddUdpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -262,7 +262,7 @@ iptablesAddUdpInput(virFirewall *fw, * Removes an input from the IP table, hence forbidding access to the given * @port on the given @iface interface for UDP packets */ -void +static void iptablesRemoveUdpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -280,7 +280,7 @@ iptablesRemoveUdpInput(virFirewall *fw, * Add an output to the IP table allowing access to the given @port from * the given @iface interface for TCP packets */ -void +static void iptablesAddTcpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -298,7 +298,7 @@ iptablesAddTcpOutput(virFirewall *fw, * Removes an output from the IP table, hence forbidding access to the giv= en * @port from the given @iface interface for TCP packets */ -void +static void iptablesRemoveTcpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -316,7 +316,7 @@ iptablesRemoveTcpOutput(virFirewall *fw, * Add an output to the IP table allowing access to the given @port from * the given @iface interface for UDP packets */ -void +static void iptablesAddUdpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -334,7 +334,7 @@ iptablesAddUdpOutput(virFirewall *fw, * Removes an output from the IP table, hence forbidding access to the giv= en * @port from the given @iface interface for UDP packets */ -void +static void iptablesRemoveUdpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -398,7 +398,7 @@ iptablesForwardAllowOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardAllowOut(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -422,7 +422,7 @@ iptablesAddForwardAllowOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardAllowOut(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -492,7 +492,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardAllowRelatedIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -516,7 +516,7 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -579,7 +579,7 @@ iptablesForwardAllowIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardAllowIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -603,7 +603,7 @@ iptablesAddForwardAllowIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardAllowIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -641,7 +641,7 @@ iptablesForwardAllowCross(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesAddForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -660,7 +660,7 @@ iptablesAddForwardAllowCross(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesRemoveForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -693,7 +693,7 @@ iptablesForwardRejectOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesAddForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -711,7 +711,7 @@ iptablesAddForwardRejectOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesRemoveForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -745,7 +745,7 @@ iptablesForwardRejectIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesAddForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -763,7 +763,7 @@ iptablesAddForwardRejectIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesRemoveForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -883,7 +883,7 @@ iptablesForwardMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -910,7 +910,7 @@ iptablesAddForwardMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -980,7 +980,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise. */ -int +static int iptablesAddDontMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -1005,7 +1005,7 @@ iptablesAddDontMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise. */ -int +static int iptablesRemoveDontMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -1048,7 +1048,7 @@ iptablesOutputFixUdpChecksum(virFirewall *fw, * the given @iface interface for TCP packets. * */ -void +static void iptablesAddOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) @@ -1065,7 +1065,7 @@ iptablesAddOutputFixUdpChecksum(virFirewall *fw, * Removes the checksum fixup rule that was previous added with * iptablesAddOutputFixUdpChecksum. */ -void +static void iptablesRemoveOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) diff --git a/src/network/network_iptables.h b/src/network/network_iptables.h index d3f6b48437..cdc143f154 100644 --- a/src/network/network_iptables.h +++ b/src/network/network_iptables.h @@ -20,7 +20,6 @@ =20 #pragma once =20 -#include "virsocketaddr.h" #include "virfirewall.h" #include "network_conf.h" =20 @@ -29,132 +28,3 @@ int iptablesAddFirewallRules(virNetworkDef *def); void iptablesRemoveFirewallRules(virNetworkDef *def); =20 int iptablesSetupPrivateChains(virFirewallLayer layer); - -void iptablesAddTcpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveTcpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); - -void iptablesAddUdpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveUdpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); - -void iptablesAddTcpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveTcpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesAddUdpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveUdpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); - -int iptablesAddForwardAllowOut (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowOut (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netadd= r, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; - -int iptablesAddForwardAllowIn (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowIn (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; - -void iptablesAddForwardAllowCross (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardAllowCross (virFirewall *fw, - virFirewallLayer layer, - const char *iface); - -void iptablesAddForwardRejectOut (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardRejectOut (virFirewall *fw, - virFirewallLayer layer, - const char *iface); - -void iptablesAddForwardRejectIn (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardRejectIn (virFirewall *fw, - virFirewallLayer layery, - const char *iface); - -int iptablesAddForwardMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddDontMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveDontMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) - G_GNUC_WARN_UNUSED_RESULT; -void iptablesAddOutputFixUdpChecksum (virFirewall *fw, - const char *iface, - int port); -void iptablesRemoveOutputFixUdpChecksum (virFirewall *fw, - const char *iface, - int port); --=20 2.44.0 _______________________________________________ Devel mailing list -- devel@lists.libvirt.org To unsubscribe send an email to devel-leave@lists.libvirt.org