From nobody Thu Sep 19 01:23:30 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1715968465442943.0590375020874; Fri, 17 May 2024 10:54:25 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 651341A65; Fri, 17 May 2024 13:54:24 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 9B9A61C9B; Fri, 17 May 2024 13:31:36 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 6A0BF1A43; Fri, 17 May 2024 13:30:19 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 4F16019DD for ; Fri, 17 May 2024 13:30:12 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-691-OVHyZxrKNs6sJw9vS5-geQ-1; Fri, 17 May 2024 13:30:10 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 758BD1C0514F for ; Fri, 17 May 2024 17:30:10 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.16.223]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5F9EE40C6EB7 for ; Fri, 17 May 2024 17:30:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715967012; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P/1AGdF+/KAxAL6VNNXXIbgFmfWxyfdPyXImLyyh5/Y=; b=S7WXfblQxX3gSgTPvTWD5V5mo6fZDQVTh4sOz5/UAmU0n5otYh23vzeGZf3D/fCccyzCTw HinzcmZ7z2Cy0gyqCBSrmrTllN4W3m5nJB260BRWWk1l3TcqPjCgF1+kknPu5K+SLC+W6z XoOKkPBrNLEYsYCAQfo1dP4cBhV0/8Y= X-MC-Unique: OVHyZxrKNs6sJw9vS5-geQ-1 From: Laine Stump To: devel@lists.libvirt.org Subject: [PATCH v5 18/30] util: new function virFirewallNewFromRollback() Date: Fri, 17 May 2024 13:29:55 -0400 Message-ID: <20240517173007.8125-19-laine@redhat.com> In-Reply-To: <20240517173007.8125-1-laine@redhat.com> References: <20240517173007.8125-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: XNLD4QAZ4HY75L3Z7FDBUDBMAEVKEPIU X-Message-ID-Hash: XNLD4QAZ4HY75L3Z7FDBUDBMAEVKEPIU X-MailFrom: laine@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1715968465644100001 Content-Type: text/plain; charset="utf-8"; x-default="true" virFirewallNewFromRollback() creates a new virFirewall object that contains a copy of the "rollback" commands from an existing virFirewall object, but in reverse order. The intent is that this virFirewall be saved and used later to remove the firewall rules that were added for a network. Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- src/libvirt_private.syms | 1 + src/util/virfirewall.c | 59 ++++++++++++++++++++++++++++++++++++++++ src/util/virfirewall.h | 1 + 3 files changed, 61 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 9897caea21..4e6a113ba1 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2419,6 +2419,7 @@ virFirewallFree; virFirewallGetBackend; virFirewallGetName; virFirewallNew; +virFirewallNewFromRollback; virFirewallRemoveCmd; virFirewallSetName; virFirewallStartRollback; diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index fe8c09c0ed..2f4f128cd1 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -768,3 +768,62 @@ virFirewallApply(virFirewall *firewall) =20 return 0; } + + +/** + * virFirewallNewFromRollback: + + * @original: the original virFirewall object containing the rollback + * of interest + * @fwRemoval: a firewall object that, when applied, will remove @original + * + * Copy the rollback rules from the current virFirewall object as a + * new virFirewall. This virFirewall can then be saved to apply later + * and counteract everything done by the original. + * + * Returns 0 on success, -1 on error + */ +int +virFirewallNewFromRollback(virFirewall *original, + virFirewall **fwRemoval) +{ + size_t g; + g_autoptr(virFirewall) firewall =3D NULL; + + if (original->err) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("error in original firewall object")); + return -1; + } + + firewall =3D virFirewallNew(original->backend); + + /* add the rollback commands in reverse order of actions/groups of + * what was applied in the original firewall. + */ + for (g =3D original->ngroups; g > 0; g--) { + size_t r; + virFirewallGroup *group =3D original->groups[g - 1]; + + if (group->nrollback =3D=3D 0) + continue; + + virFirewallStartTransaction(firewall, VIR_FIREWALL_TRANSACTION_IGN= ORE_ERRORS); + + for (r =3D group->nrollback; r > 0; r--) { + size_t i; + virFirewallCmd *origCmd =3D group->rollback[r - 1]; + virFirewallCmd *rbCmd =3D virFirewallAddCmd(firewall, origCmd-= >layer, NULL); + + for (i =3D 0; i < origCmd->argsLen; i++) + ADD_ARG(rbCmd, origCmd->args[i]); + } + } + + if (firewall->ngroups =3D=3D 0) + VIR_DEBUG("original firewall object is empty"); + else + *fwRemoval =3D g_steal_pointer(&firewall); + + return 0; +} diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h index e8ad81056f..931dfb04cf 100644 --- a/src/util/virfirewall.h +++ b/src/util/virfirewall.h @@ -44,6 +44,7 @@ typedef enum { VIR_ENUM_DECL(virFirewallBackend); =20 virFirewall *virFirewallNew(virFirewallBackend backend); +int virFirewallNewFromRollback(virFirewall *original, virFirewall **fwRemo= val); void virFirewallFree(virFirewall *firewall); virFirewallBackend virFirewallGetBackend(virFirewall *firewall); const char *virFirewallGetName(virFirewall *firewall); --=20 2.45.0