From nobody Thu Sep 19 01:15:21 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1715967386067188.74272091684622; Fri, 17 May 2024 10:36:26 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id F271E1C91; Fri, 17 May 2024 13:36:24 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id E78FF1CB4; Fri, 17 May 2024 13:30:33 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 019BC1A29; Fri, 17 May 2024 13:30:13 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 883CE1779 for ; Fri, 17 May 2024 13:30:10 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-450-V4P5QoT_OgWKfeQP8AfLrA-1; Fri, 17 May 2024 13:30:08 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B21361C0007C for ; Fri, 17 May 2024 17:30:08 +0000 (UTC) Received: from vhost3.router.laine.org (unknown [10.22.16.223]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9CAA840C6EB7 for ; Fri, 17 May 2024 17:30:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1715967010; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BiQ//2YjcwunkguNUkoCj28U9r5N38R4jK3/kUsYo7o=; b=c22mTm9ve1p6cAQr8ID+fh4z1064SOalwXqtATqGWwp8F9ocpJGFcT5aZaoePU4sVBXQrd +1YnuN7DcYISt32L1AcMQK+FeNGIDLc1OFXu2EA3tFG2TU41K4vJ5YyiK2CVgnWecJj5E6 /8WL1plB1NMCuzyUSekad3+4+w9MGWo= X-MC-Unique: V4P5QoT_OgWKfeQP8AfLrA-1 From: Laine Stump To: devel@lists.libvirt.org Subject: [PATCH v5 06/30] util: rename virNetFilterAction to iptablesAction, and add VIR_ENUM_DECL/IMPL Date: Fri, 17 May 2024 13:29:43 -0400 Message-ID: <20240517173007.8125-7-laine@redhat.com> In-Reply-To: <20240517173007.8125-1-laine@redhat.com> References: <20240517173007.8125-1-laine@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: WRKLHGDGIJYR3NMMRMQEPRQOSF5ENQM3 X-Message-ID-Hash: WRKLHGDGIJYR3NMMRMQEPRQOSF5ENQM3 X-MailFrom: laine@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1715967387228100001 Content-Type: text/plain; charset="utf-8" I had originally named these as VIR_NETFILTER_* because I assumed the same enum would eventually be used by our nftables backend as well as iptables. But it turns out that in most cases it's not possible to delete an nftables rule, so we just never used the enum anyway, so this patch is renaming the values to IPTABLES_ACTION_*, and taking advantage of the newly defined (via VIR_ENUM_DECL/IMPL) iptablesActionTypeToString() to replace all the ternary operators used to translate the enum into a string for the iptables commandline with iptablesActionTypeToString(). Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrang=C3=A9 --- src/network/network_iptables.c | 126 ++++++++++++++++++--------------- 1 file changed, 69 insertions(+), 57 deletions(-) diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c index 5c16683cff..d7e749adf0 100644 --- a/src/network/network_iptables.c +++ b/src/network/network_iptables.c @@ -32,6 +32,7 @@ #include "virerror.h" #include "virlog.h" #include "virhash.h" +#include "virenum.h" #include "network_iptables.h" =20 VIR_LOG_INIT("network.iptables"); @@ -45,10 +46,21 @@ VIR_LOG_INIT("network.iptables"); #define VIR_IPTABLES_FWD_X_CHAIN "LIBVIRT_FWX" #define VIR_IPTABLES_NAT_POSTROUTE_CHAIN "LIBVIRT_PRT" =20 -enum { - VIR_NETFILTER_INSERT =3D 0, - VIR_NETFILTER_DELETE -}; +typedef enum { + IPTABLES_ACTION_INSERT, + IPTABLES_ACTION_APPEND, + IPTABLES_ACTION_DELETE, + + IPTABLES_ACTION_LAST +} iptablesAction; + +VIR_ENUM_DECL(iptablesAction); +VIR_ENUM_IMPL(iptablesAction, + IPTABLES_ACTION_LAST, + "--insert", + "--append", + "--delete", +); =20 typedef struct { const char *parent; @@ -168,14 +180,14 @@ iptablesInput(virFirewall *fw, virFirewallLayer layer, const char *iface, int port, - int action, + iptablesAction action, int tcp) { g_autofree char *portstr =3D g_strdup_printf("%d", port); =20 virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "-= -delete", + iptablesActionTypeToString(action), VIR_IPTABLES_INPUT_CHAIN, "--in-interface", iface, "--protocol", tcp ? "tcp" : "udp", @@ -189,14 +201,14 @@ iptablesOutput(virFirewall *fw, virFirewallLayer layer, const char *iface, int port, - int action, + iptablesAction action, int tcp) { g_autofree char *portstr =3D g_strdup_printf("%d", port); =20 virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "-= -delete", + iptablesActionTypeToString(action), VIR_IPTABLES_OUTPUT_CHAIN, "--out-interface", iface, "--protocol", tcp ? "tcp" : "udp", @@ -220,7 +232,7 @@ iptablesAddTcpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); + iptablesInput(fw, layer, iface, port, IPTABLES_ACTION_INSERT, 1); } =20 /** @@ -238,7 +250,7 @@ iptablesRemoveTcpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); + iptablesInput(fw, layer, iface, port, IPTABLES_ACTION_DELETE, 1); } =20 /** @@ -256,7 +268,7 @@ iptablesAddUdpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); + iptablesInput(fw, layer, iface, port, IPTABLES_ACTION_INSERT, 0); } =20 /** @@ -274,7 +286,7 @@ iptablesRemoveUdpInput(virFirewall *fw, const char *iface, int port) { - iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); + iptablesInput(fw, layer, iface, port, IPTABLES_ACTION_DELETE, 0); } =20 /** @@ -292,7 +304,7 @@ iptablesAddTcpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); + iptablesOutput(fw, layer, iface, port, IPTABLES_ACTION_INSERT, 1); } =20 /** @@ -310,7 +322,7 @@ iptablesRemoveTcpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); + iptablesOutput(fw, layer, iface, port, IPTABLES_ACTION_DELETE, 1); } =20 /** @@ -328,7 +340,7 @@ iptablesAddUdpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); + iptablesOutput(fw, layer, iface, port, IPTABLES_ACTION_INSERT, 0); } =20 /** @@ -346,7 +358,7 @@ iptablesRemoveUdpOutput(virFirewall *fw, const char *iface, int port) { - iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); + iptablesOutput(fw, layer, iface, port, IPTABLES_ACTION_DELETE, 0); } =20 =20 @@ -359,7 +371,7 @@ iptablesForwardAllowOut(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action) + iptablesAction action) { g_autofree char *networkstr =3D NULL; virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? @@ -371,7 +383,7 @@ iptablesForwardAllowOut(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_OUT_CHAIN, "--source", networkstr, "--in-interface", iface, @@ -381,7 +393,7 @@ iptablesForwardAllowOut(virFirewall *fw, else virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_OUT_CHAIN, "--source", networkstr, "--in-interface", iface, @@ -412,7 +424,7 @@ iptablesAddForwardAllowOut(virFirewall *fw, const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_INSERT); + IPTABLES_ACTION_INSERT); } =20 /** @@ -436,7 +448,7 @@ iptablesRemoveForwardAllowOut(virFirewall *fw, const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_DELETE); + IPTABLES_ACTION_DELETE); } =20 =20 @@ -449,7 +461,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action) + iptablesAction action) { virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; @@ -461,7 +473,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_IN_CHAIN, "--destination", networkstr, "--in-interface", physdev, @@ -473,7 +485,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, else virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_IN_CHAIN, "--destination", networkstr, "--out-interface", iface, @@ -506,7 +518,7 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physd= ev, - VIR_NETFILTER_INSERT); + IPTABLES_ACTION_INSERT); } =20 /** @@ -530,7 +542,7 @@ iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physd= ev, - VIR_NETFILTER_DELETE); + IPTABLES_ACTION_DELETE); } =20 /* Allow all traffic destined to the bridge, with a valid network address @@ -541,7 +553,7 @@ iptablesForwardAllowIn(virFirewall *fw, unsigned int prefix, const char *iface, const char *physdev, - int action) + iptablesAction action) { virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6; @@ -553,7 +565,7 @@ iptablesForwardAllowIn(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_IN_CHAIN, "--destination", networkstr, "--in-interface", physdev, @@ -563,7 +575,7 @@ iptablesForwardAllowIn(virFirewall *fw, else virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_IN_CHAIN, "--destination", networkstr, "--out-interface", iface, @@ -593,7 +605,7 @@ iptablesAddForwardAllowIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_INSERT); + IPTABLES_ACTION_INSERT); } =20 /** @@ -617,18 +629,18 @@ iptablesRemoveForwardAllowIn(virFirewall *fw, const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, - VIR_NETFILTER_DELETE); + IPTABLES_ACTION_DELETE); } =20 static void iptablesForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action) + iptablesAction action) { virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "-= -delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_X_CHAIN, "--in-interface", iface, "--out-interface", iface, @@ -652,7 +664,7 @@ iptablesAddForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_INSERT); + iptablesForwardAllowCross(fw, layer, iface, IPTABLES_ACTION_INSERT); } =20 /** @@ -671,18 +683,18 @@ iptablesRemoveForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_DELETE); + iptablesForwardAllowCross(fw, layer, iface, IPTABLES_ACTION_DELETE); } =20 static void iptablesForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action) + iptablesAction action) { virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "-= -delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_OUT_CHAIN, "--in-interface", iface, "--jump", "REJECT", @@ -704,7 +716,7 @@ iptablesAddForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_INSERT); + iptablesForwardRejectOut(fw, layer, iface, IPTABLES_ACTION_INSERT); } =20 /** @@ -722,7 +734,7 @@ iptablesRemoveForwardRejectOut(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_DELETE); + iptablesForwardRejectOut(fw, layer, iface, IPTABLES_ACTION_DELETE); } =20 =20 @@ -730,11 +742,11 @@ static void iptablesForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface, - int action) + iptablesAction action) { virFirewallAddCmd(fw, layer, "--table", "filter", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "-= -delete", + iptablesActionTypeToString(action), VIR_IPTABLES_FWD_IN_CHAIN, "--out-interface", iface, "--jump", "REJECT", @@ -756,7 +768,7 @@ iptablesAddForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_INSERT); + iptablesForwardRejectIn(fw, layer, iface, IPTABLES_ACTION_INSERT); } =20 /** @@ -774,7 +786,7 @@ iptablesRemoveForwardRejectIn(virFirewall *fw, virFirewallLayer layer, const char *iface) { - iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_DELETE); + iptablesForwardRejectIn(fw, layer, iface, IPTABLES_ACTION_DELETE); } =20 =20 @@ -789,7 +801,7 @@ iptablesForwardMasquerade(virFirewall *fw, virSocketAddrRange *addr, virPortRange *port, const char *protocol, - int action) + iptablesAction action) { g_autofree char *networkstr =3D NULL; g_autofree char *addrStartStr =3D NULL; @@ -816,7 +828,7 @@ iptablesForwardMasquerade(virFirewall *fw, if (protocol && protocol[0]) { fwCmd =3D virFirewallAddCmd(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--= insert" : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_NAT_POSTROUTE_CHAIN, "--source", networkstr, "-p", protocol, @@ -825,7 +837,7 @@ iptablesForwardMasquerade(virFirewall *fw, } else { fwCmd =3D virFirewallAddCmd(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--= insert" : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_NAT_POSTROUTE_CHAIN, "--source", networkstr, "!", "--destination", networkstr, @@ -900,7 +912,7 @@ iptablesAddForwardMasquerade(virFirewall *fw, { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, - VIR_NETFILTER_INSERT); + IPTABLES_ACTION_INSERT); } =20 /** @@ -927,7 +939,7 @@ iptablesRemoveForwardMasquerade(virFirewall *fw, { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, - VIR_NETFILTER_DELETE); + IPTABLES_ACTION_DELETE); } =20 =20 @@ -940,7 +952,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, unsigned int prefix, const char *physdev, const char *destaddr, - int action) + iptablesAction action) { g_autofree char *networkstr =3D NULL; virFirewallLayer layer =3D VIR_SOCKET_ADDR_FAMILY(netaddr) =3D=3D AF_I= NET ? @@ -952,7 +964,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, if (physdev && physdev[0]) virFirewallAddCmd(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_NAT_POSTROUTE_CHAIN, "--out-interface", physdev, "--source", networkstr, @@ -962,7 +974,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, else virFirewallAddCmd(fw, layer, "--table", "nat", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" = : "--delete", + iptablesActionTypeToString(action), VIR_IPTABLES_NAT_POSTROUTE_CHAIN, "--source", networkstr, "--destination", destaddr, @@ -994,7 +1006,7 @@ iptablesAddDontMasquerade(virFirewall *fw, const char *destaddr) { return iptablesForwardDontMasquerade(fw, netaddr, prefix, - physdev, destaddr, VIR_NETFILTER_= INSERT); + physdev, destaddr, IPTABLES_ACTIO= N_INSERT); } =20 /** @@ -1020,7 +1032,7 @@ iptablesRemoveDontMasquerade(virFirewall *fw, { return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, - VIR_NETFILTER_DELETE); + IPTABLES_ACTION_DELETE); } =20 =20 @@ -1028,13 +1040,13 @@ static void iptablesOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port, - int action) + iptablesAction action) { g_autofree char *portstr =3D g_strdup_printf("%d", port); =20 virFirewallAddCmd(fw, VIR_FIREWALL_LAYER_IPV4, "--table", "mangle", - action =3D=3D VIR_NETFILTER_INSERT ? "--insert" : "-= -delete", + iptablesActionTypeToString(action), VIR_IPTABLES_NAT_POSTROUTE_CHAIN, "--out-interface", iface, "--protocol", "udp", @@ -1059,7 +1071,7 @@ iptablesAddOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) { - iptablesOutputFixUdpChecksum(fw, iface, port, VIR_NETFILTER_INSERT); + iptablesOutputFixUdpChecksum(fw, iface, port, IPTABLES_ACTION_INSERT); } =20 /** @@ -1076,7 +1088,7 @@ iptablesRemoveOutputFixUdpChecksum(virFirewall *fw, const char *iface, int port) { - iptablesOutputFixUdpChecksum(fw, iface, port, VIR_NETFILTER_DELETE); + iptablesOutputFixUdpChecksum(fw, iface, port, IPTABLES_ACTION_DELETE); } =20 =20 --=20 2.45.0