From nobody Thu Sep 19 01:25:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1715967132673167.002501489034; Fri, 17 May 2024 10:32:12 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 723C51C3F; Fri, 17 May 2024 13:32:11 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 0863F1799; Fri, 17 May 2024 13:30:19 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 1B662178D; Fri, 17 May 2024 13:30:11 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2ED8C16D6 for ; Fri, 17 May 2024 13:30:10 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-149-w2MAipEEP0eAmEHgtXMGyg-1; Fri, 17 May 2024 13:30:08 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 43429801211 for ; Fri, 17 May 2024 17:30:08 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.16.223]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2DC8040C6EB7 for ; Fri, 17 May 2024 17:30:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715967009; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F0jdGGX4rymqSbWu2YwmUX8CrrGVBkTidYihjOuCel4=; b=QU8IfxMt2RrhtsdFnBKl1Z63qHFwc1Iy8K0nk1/9NQSNbS4oMJwC9FTLa0fZpPFt3PnZye Xc3k+/KIbkYAbFcXTLkMFJHoOnaN/k/MgYYgJPgHKuqftuLeF9mtE0dYYVDqrJFBBod/ki ypCzbGXvuNDJJ/Yn3Ygf4s7On6osdVE= X-MC-Unique: w2MAipEEP0eAmEHgtXMGyg-1 From: Laine Stump To: devel@lists.libvirt.org Subject: [PATCH v5 03/30] network: make all iptables functions used only in network_iptables.c static Date: Fri, 17 May 2024 13:29:40 -0400 Message-ID: <20240517173007.8125-4-laine@redhat.com> In-Reply-To: <20240517173007.8125-1-laine@redhat.com> References: <20240517173007.8125-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: UL3ASDPVFPRR44QXIX6C6ZVM33WTSRMN X-Message-ID-Hash: UL3ASDPVFPRR44QXIX6C6ZVM33WTSRMN X-MailFrom: laine@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1715967134071100001 Content-Type: text/plain; charset="utf-8" Now that the toplevel iptables functions have been moved out of the linux bridge driver into network_iptables.c, all of the utility functions are used only within that same file, so simplify it. Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- src/network/network_iptables.c | 52 ++++++------- src/network/network_iptables.h | 130 --------------------------------- 2 files changed, 26 insertions(+), 156 deletions(-) diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c index 7338237c21..697ad5d8d6 100644 --- a/src/network/network_iptables.c +++ b/src/network/network_iptables.c @@ -207,7 +207,7 @@ iptablesOutput(virFirewall *fw, * Add an input to the IP table allowing access to the given @port on * the given @iface interface for TCP packets */ -void +static void iptablesAddTcpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -225,7 +225,7 @@ iptablesAddTcpInput(virFirewall *fw, * Removes an input from the IP table, hence forbidding access to the given * @port on the given @iface interface for TCP packets */ -void +static void iptablesRemoveTcpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -243,7 +243,7 @@ iptablesRemoveTcpInput(virFirewall *fw, * Add an input to the IP table allowing access to the given @port on * the given @iface interface for UDP packets */ -void +static void iptablesAddUdpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -261,7 +261,7 @@ iptablesAddUdpInput(virFirewall *fw, * Removes an input from the IP table, hence forbidding access to the given * @port on the given @iface interface for UDP packets */ -void +static void iptablesRemoveUdpInput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -279,7 +279,7 @@ iptablesRemoveUdpInput(virFirewall *fw, * Add an output to the IP table allowing access to the given @port from * the given @iface interface for TCP packets */ -void +static void iptablesAddTcpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -297,7 +297,7 @@ iptablesAddTcpOutput(virFirewall *fw, * Removes an output from the IP table, hence forbidding access to the giv= en * @port from the given @iface interface for TCP packets */ -void +static void iptablesRemoveTcpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -315,7 +315,7 @@ iptablesRemoveTcpOutput(virFirewall *fw, * Add an output to the IP table allowing access to the given @port from * the given @iface interface for UDP packets */ -void +static void iptablesAddUdpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -333,7 +333,7 @@ iptablesAddUdpOutput(virFirewall *fw, * Removes an output from the IP table, hence forbidding access to the giv= en * @port from the given @iface interface for UDP packets */ -void +static void iptablesRemoveUdpOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, @@ -397,7 +397,7 @@ iptablesForwardAllowOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardAllowOut(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -421,7 +421,7 @@ iptablesAddForwardAllowOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardAllowOut(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -491,7 +491,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardAllowRelatedIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -515,7 +515,7 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -578,7 +578,7 @@ iptablesForwardAllowIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardAllowIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -602,7 +602,7 @@ iptablesAddForwardAllowIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardAllowIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -640,7 +640,7 @@ iptablesForwardAllowCross(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesAddForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -659,7 +659,7 @@ iptablesAddForwardAllowCross(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesRemoveForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -692,7 +692,7 @@ iptablesForwardRejectOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesAddForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -710,7 +710,7 @@ iptablesAddForwardRejectOut(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesRemoveForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -744,7 +744,7 @@ iptablesForwardRejectIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesAddForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -762,7 +762,7 @@ iptablesAddForwardRejectIn(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -void +static void iptablesRemoveForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) @@ -882,7 +882,7 @@ iptablesForwardMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesAddForwardMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -909,7 +909,7 @@ iptablesAddForwardMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise */ -int +static int iptablesRemoveForwardMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -979,7 +979,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise. */ -int +static int iptablesAddDontMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -1004,7 +1004,7 @@ iptablesAddDontMasquerade(virFirewall *fw, * * Returns 0 in case of success or an error code otherwise. */ -int +static int iptablesRemoveDontMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, @@ -1047,7 +1047,7 @@ iptablesOutputFixUdpChecksum(virFirewall *fw, * the given @iface interface for TCP packets. * */ -void +static void iptablesAddOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) @@ -1064,7 +1064,7 @@ iptablesAddOutputFixUdpChecksum(virFirewall *fw, * Removes the checksum fixup rule that was previous added with * iptablesAddOutputFixUdpChecksum. */ -void +static void iptablesRemoveOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) diff --git a/src/network/network_iptables.h b/src/network/network_iptables.h index d3f6b48437..cdc143f154 100644 --- a/src/network/network_iptables.h +++ b/src/network/network_iptables.h @@ -20,7 +20,6 @@ =20 #pragma once =20 -#include "virsocketaddr.h" #include "virfirewall.h" #include "network_conf.h" =20 @@ -29,132 +28,3 @@ int iptablesAddFirewallRules(virNetworkDef *def); void iptablesRemoveFirewallRules(virNetworkDef *def); =20 int iptablesSetupPrivateChains(virFirewallLayer layer); - -void iptablesAddTcpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveTcpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); - -void iptablesAddUdpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveUdpInput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); - -void iptablesAddTcpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveTcpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesAddUdpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); -void iptablesRemoveUdpOutput (virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port); - -int iptablesAddForwardAllowOut (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowOut (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netadd= r, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; - -int iptablesAddForwardAllowIn (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowIn (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) - G_GNUC_WARN_UNUSED_RESULT; - -void iptablesAddForwardAllowCross (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardAllowCross (virFirewall *fw, - virFirewallLayer layer, - const char *iface); - -void iptablesAddForwardRejectOut (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardRejectOut (virFirewall *fw, - virFirewallLayer layer, - const char *iface); - -void iptablesAddForwardRejectIn (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardRejectIn (virFirewall *fw, - virFirewallLayer layery, - const char *iface); - -int iptablesAddForwardMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddDontMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) - G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveDontMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) - G_GNUC_WARN_UNUSED_RESULT; -void iptablesAddOutputFixUdpChecksum (virFirewall *fw, - const char *iface, - int port); -void iptablesRemoveOutputFixUdpChecksum (virFirewall *fw, - const char *iface, - int port); --=20 2.45.0