From nobody Fri Dec 12 14:07:31 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1765462136; cv=none; d=zohomail.com; s=zohoarc; b=Mrz8dMLwp+P/9+RLCAZcImxpBHwfBvsfa3T4nu+o/iZMnMbc3iZa4HAH9jdgYJ9P5Yb2hqE9P+e81SK0D0aroMyeeX0rxdH443WBsJOySEbwRHBvQ2AVjevl+gsxErSDkv2oDq901dBD+/gfhRskG/JpcyxxOjt3zU4cnVz9PMs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1765462136; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=69TfP9Mc0+eI7XsKmnb5lIdq/VWMppgIzbg3OvclzIY=; b=kYupVeHaSWAPBoRDDD7msvs7ORMQupo419vlc8/Lyy5s3UsdL/fon4r8qS1OPTaGM+kEmLLB/fG2rJKJf9oP5nm3FA4G2B7Qeh/Q4cpEtVZmM5y8seKbfzSQZT4h+8rx7NxjKur1Clu9rjXPh3sYTMa0alQZ8HjgoGKTbYiBVKQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1765462136508529.0383952884489; Thu, 11 Dec 2025 06:08:56 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 86BA341909; Thu, 11 Dec 2025 09:08:55 -0500 (EST) Received: from [172.19.199.80] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id AA54843DF4; Thu, 11 Dec 2025 09:01:51 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 3466541A13; Thu, 11 Dec 2025 09:01:03 -0500 (EST) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E1DE0418F8 for ; Thu, 11 Dec 2025 09:01:00 -0500 (EST) Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-6418738efa0so224174a12.1 for ; Thu, 11 Dec 2025 06:01:00 -0800 (PST) Received: from thinkiepadje.home (2a02-a470-a384-0-b2ea-abac-e33-4609.fixed6.kpn.net. [2a02:a470:a384:0:b2ea:abac:e33:4609]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b7cfa517558sm278382066b.34.2025.12.11.06.00.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Dec 2025 06:00:58 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765461660; x=1766066460; darn=lists.libvirt.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=69TfP9Mc0+eI7XsKmnb5lIdq/VWMppgIzbg3OvclzIY=; b=TKkndDGHg5Ar5XGp9kZsFFArEcgho1htfCwdSOVJjre4l/bPHEmHzagr1cKvaHxMQU d48RJIqGJ/XEuvk82xYevrY/KekMO9wvEP/zrfxrqQRBfvOnw7W/ivEcJexe9VYIE2+y MXpFPcz+SS0lqyAYCz+d42GoBod/9pbz14YfGXFJ6Xk9LUst+dbCHdxUMiR3m9NQlrjZ X48kBG4ngOmub/ymMUrZu5NEHLK7RqSlgTWOOQVdA8g/T9IF4ac8u/oKRpD5APY9uf1e pJtbw/6JsJn/oDPz/s160ZyIO8tumGSNrQfgPlY4550a5/dIaPZ//5n7d6weSOwLxtJ0 dFYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765461660; x=1766066460; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=69TfP9Mc0+eI7XsKmnb5lIdq/VWMppgIzbg3OvclzIY=; b=Ydea97qHKYjhnq/Jhvx2IHI7rlkooaltoWnvWytEd2es9d9BL7+dUEJ/7euPCprpdb qNpIvuUFR/9fwNkQEE4necY4ITRPszjdUhyJdC+yQTqDfimKgETBCWIIXgm2AVqqNmA0 4BHorNCqlLDSJVNn69F3f34G3BByXY1RfQnCpRwKwpZdblFvol4sdsPIehsRxXmlI0TN 0X1c0hB0tKoJKl92/dSRXDHsM8JkqGNBexSboAo+W05iFws9SzOCF7L4hgpVgHCVnQjf XPsjAG11GQp6fMkkjp88KiisdBOy95CF+pl5l82bruNFNuqFIAny82KzroxsFVBQNOoI ohnA== X-Gm-Message-State: AOJu0YyNgoC8GikLageBQmwCicOOSTGqLgfJBeeSe6qYd4Jml9CSigxS /PO7OgWwAlDx1Ja7a3FM03aagdx4VEZyBJUxEmmRCVhsbDhLpOqzgvUVVXGwacg= X-Gm-Gg: ASbGncuYYUz8u2+JJvWDJaHdhNrSpcyO+gHGiFURX0pNggdFsVPNt8a7OncgZOeG9+X 8C8bVz1xZrYni+SjazYB/aXXYQW3LyJ0RiV4PEP4assTPp5k5T6q1S3zd81+ZlbGJDHOn/II9+E tiw6Sjsu+aTX9R3G+kT+hQa0SaOBvb1BoAaLxhTD0q0+8SapKtze3dFs8h0sIdiqkOKTeWktxq2 1PO+t2m6MBBVJqgqD/Be0jfAthSBwzhPKEtge7A7PrXUw4UVP5/mP6HvnYnbBn4WyU2BC4OYaBK KRPRXp9I+OSQ5LzoJ7H0RvHQ+9/KGNKKTroyKXayuJui/f6yURHZ77Z1y67NtYmCFY6uLzqYKeN /OtopTNg7pJtLaGSgrG5qlH153wt9vjWlw/YjaaTAtDIhrNBrxjcXBr3Ie0dWX/65PXTMKnAUUt vKB1pCRiyFiveTb9o3U99CeBOEhRprJe2eNUZMwMYCRYau/Ac9UjgRfVCbZ9dN/8AaJJ59cbgAY D3yYT7WVg== X-Google-Smtp-Source: AGHT+IFsimVwhzWwlIxfgwqlOKYYlsJ+DNEjEzFQjrisxe7IRCfyvO138yNCbqH9PQZisMoWXzjOCg== X-Received: by 2002:a17:907:7ba7:b0:b76:d89d:3710 with SMTP id a640c23a62f3a-b7ce82b604dmr677400366b.8.1765461658992; Thu, 11 Dec 2025 06:00:58 -0800 (PST) From: Dion Bosschieter To: devel@lists.libvirt.org Subject: [PATCH v2 2/5] nwfilter: move shared nwfilter driver functions into nwfilter_tech_driver.c Date: Thu, 11 Dec 2025 15:00:51 +0100 Message-ID: <20251211140054.35822-3-dionbosschieter@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251211140054.35822-1-dionbosschieter@gmail.com> References: <20251211140054.35822-1-dionbosschieter@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: BRYXF3WTUV6OJR32MGXLE4VWEJ2AOTR3 X-Message-ID-Hash: BRYXF3WTUV6OJR32MGXLE4VWEJ2AOTR3 X-MailFrom: dionbosschieter@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: jean-louis@dupond.be, Dion Bosschieter X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1765462138259158500 Content-Type: text/plain; charset="utf-8" Introduce nwfilter_tech_driver.c which holds shared non driver specific methods. The following logic can be reused by new nwfilter drivers, which are not ebiptables specific: - data type print logic, used for constructing ascii cli arguments out of nwfilter data; - chain jump proto type l3_proto_idx logic; - virNWFilterRule sorting. Signed-off-by: Dion Bosschieter --- src/nwfilter/meson.build | 1 + src/nwfilter/nwfilter_ebiptables_driver.c | 262 +--------------------- src/nwfilter/nwfilter_tech_driver.c | 250 +++++++++++++++++++++ src/nwfilter/nwfilter_tech_driver.h | 50 ++++- 4 files changed, 299 insertions(+), 264 deletions(-) create mode 100644 src/nwfilter/nwfilter_tech_driver.c diff --git a/src/nwfilter/meson.build b/src/nwfilter/meson.build index de3d202267..9e8a4797c5 100644 --- a/src/nwfilter/meson.build +++ b/src/nwfilter/meson.build @@ -1,6 +1,7 @@ nwfilter_driver_sources =3D [ 'nwfilter_driver.c', 'nwfilter_gentech_driver.c', + 'nwfilter_tech_driver.c', 'nwfilter_dhcpsnoop.c', 'nwfilter_ebiptables_driver.c', 'nwfilter_learnipaddr.c', diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfil= ter_ebiptables_driver.c index 859347409c..faa27ae9be 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -25,7 +25,6 @@ #include #include #include -#include =20 #include "internal.h" =20 @@ -35,6 +34,7 @@ #include "virerror.h" #include "nwfilter_conf.h" #include "nwfilter_ebiptables_driver.h" +#include "nwfilter_tech_driver.h" #include "virfile.h" #include "configmake.h" #include "virstring.h" @@ -83,24 +83,6 @@ static void ebiptablesDriverShutdown(void); static int ebtablesCleanAll(const char *ifname); static int ebiptablesAllTeardown(const char *ifname); =20 -struct ushort_map { - unsigned short attr; - const char *val; -}; - - -enum l3_proto_idx { - L3_PROTO_IPV4_IDX =3D 0, - L3_PROTO_IPV6_IDX, - L3_PROTO_ARP_IDX, - L3_PROTO_RARP_IDX, - L2_PROTO_MAC_IDX, - L2_PROTO_VLAN_IDX, - L2_PROTO_STP_IDX, - L3_PROTO_LAST_IDX -}; - -#define USHORTMAP_ENTRY_IDX(IDX, ATT, VAL) [IDX] =3D { .attr =3D ATT, .val= =3D VAL } =20 /* A lookup table for translating ethernet protocol IDs to human readable * strings. None of the human readable strings must be found as a prefix @@ -118,7 +100,6 @@ static const struct ushort_map l3_protocols[] =3D { USHORTMAP_ENTRY_IDX(L3_PROTO_LAST_IDX, 0, NULL), }; =20 - static char chainprefixes_host[3] =3D { CHAINPREFIX_HOST_IN, CHAINPREFIX_HOST_OUT, @@ -137,12 +118,6 @@ typedef struct { const char *targetChain; } iptablesBaseChainFW; =20 -typedef struct { - const char *ifname; - int nrules; - virNWFilterRuleInst **rules; -} chainCreateCallbackData; - static iptablesBaseChainFW fw_base_chains[] =3D { {"FORWARD", "1", VIRT_IN_CHAIN}, {"FORWARD", "2", VIRT_OUT_CHAIN}, @@ -150,206 +125,6 @@ static iptablesBaseChainFW fw_base_chains[] =3D { {"INPUT", "1", HOST_IN_CHAIN}, }; =20 -static int -printVar(virNWFilterVarCombIter *vars, - char *buf, int bufsize, - nwItemDesc *item, - bool *done) -{ - *done =3D false; - - if ((item->flags & NWFILTER_ENTRY_ITEM_FLAG_HAS_VAR)) { - const char *val; - - val =3D virNWFilterVarCombIterGetVarValue(vars, item->varAccess); - if (!val) { - /* error has been reported */ - return -1; - } - - if (virStrcpy(buf, val, bufsize) < 0) { - const char *varName; - - varName =3D virNWFilterVarAccessGetVarName(item->varAccess); - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Buffer too small to print variable '%1$s' in= to"), - varName); - return -1; - } - - *done =3D true; - } - return 0; -} - - -static int -_printDataType(virNWFilterVarCombIter *vars, - char *buf, int bufsize, - nwItemDesc *item, - bool asHex, bool directionIn) -{ - bool done; - g_autofree char *data =3D NULL; - uint8_t ctr; - g_auto(virBuffer) vb =3D VIR_BUFFER_INITIALIZER; - g_autofree char *flags =3D NULL; - - if (printVar(vars, buf, bufsize, item, &done) < 0) - return -1; - - if (done) - return 0; - - switch (item->datatype) { - case DATATYPE_IPADDR: - data =3D virSocketAddrFormat(&item->u.ipaddr); - if (!data) - return -1; - if (g_snprintf(buf, bufsize, "%s", data) >=3D bufsize) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("buffer too small for IP address")); - return -1; - } - break; - - case DATATYPE_IPV6ADDR: - data =3D virSocketAddrFormat(&item->u.ipaddr); - if (!data) - return -1; - - if (g_snprintf(buf, bufsize, "%s", data) >=3D bufsize) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("buffer too small for IPv6 address")); - return -1; - } - break; - - case DATATYPE_MACADDR: - case DATATYPE_MACMASK: - if (bufsize < VIR_MAC_STRING_BUFLEN) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Buffer too small for MAC address")); - return -1; - } - - virMacAddrFormat(&item->u.macaddr, buf); - break; - - case DATATYPE_IPV6MASK: - case DATATYPE_IPMASK: - if (g_snprintf(buf, bufsize, "%d", - item->u.u8) >=3D bufsize) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Buffer too small for uint8 type")); - return -1; - } - break; - - case DATATYPE_UINT32: - case DATATYPE_UINT32_HEX: - if (g_snprintf(buf, bufsize, asHex ? "0x%x" : "%u", - item->u.u32) >=3D bufsize) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Buffer too small for uint32 type")); - return -1; - } - break; - - case DATATYPE_UINT16: - case DATATYPE_UINT16_HEX: - if (g_snprintf(buf, bufsize, asHex ? "0x%x" : "%d", - item->u.u16) >=3D bufsize) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Buffer too small for uint16 type")); - return -1; - } - break; - - case DATATYPE_UINT8: - case DATATYPE_UINT8_HEX: - if (g_snprintf(buf, bufsize, asHex ? "0x%x" : "%d", - item->u.u8) >=3D bufsize) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Buffer too small for uint8 type")); - return -1; - } - break; - - case DATATYPE_IPSETNAME: - if (virStrcpy(buf, item->u.ipset.setname, bufsize) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Buffer to small for ipset name")); - return -1; - } - break; - - case DATATYPE_IPSETFLAGS: - for (ctr =3D 0; ctr < item->u.ipset.numFlags; ctr++) { - if (ctr !=3D 0) - virBufferAddLit(&vb, ","); - if ((item->u.ipset.flags & (1 << ctr))) { - if (directionIn) - virBufferAddLit(&vb, "dst"); - else - virBufferAddLit(&vb, "src"); - } else { - if (directionIn) - virBufferAddLit(&vb, "src"); - else - virBufferAddLit(&vb, "dst"); - } - } - - flags =3D virBufferContentAndReset(&vb); - - if (virStrcpy(buf, flags, bufsize) < 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Buffer too small for IPSETFLAGS type")); - return -1; - } - break; - - case DATATYPE_STRING: - case DATATYPE_STRINGCOPY: - case DATATYPE_BOOLEAN: - virReportError(VIR_ERR_INTERNAL_ERROR, - _("Cannot print data type %1$x"), item->datatype); - return -1; - case DATATYPE_LAST: - default: - virReportEnumRangeError(virNWFilterAttrDataType, item->datatype); - return -1; - } - - return 0; -} - - -static int -printDataType(virNWFilterVarCombIter *vars, - char *buf, int bufsize, - nwItemDesc *item) -{ - return _printDataType(vars, buf, bufsize, item, 0, 0); -} - -static int -printDataTypeDirection(virNWFilterVarCombIter *vars, - char *buf, int bufsize, - nwItemDesc *item, bool directionIn) -{ - return _printDataType(vars, buf, bufsize, item, 0, directionIn); -} - -static int -printDataTypeAsHex(virNWFilterVarCombIter *vars, - char *buf, int bufsize, - nwItemDesc *item) -{ - return _printDataType(vars, buf, bufsize, item, 1, 0); -} - =20 static int ebtablesHandleEthHdr(virFirewall *fw, @@ -3041,41 +2816,6 @@ ebtablesCleanAll(const char *ifname) } =20 =20 -static int -virNWFilterRuleInstSort(const void *a, const void *b) -{ - const virNWFilterRuleInst *insta =3D a; - const virNWFilterRuleInst *instb =3D b; - const char *root =3D virNWFilterChainSuffixTypeToString( - VIR_NWFILTER_CHAINSUFFIX_ROOT); - bool root_a =3D STREQ(insta->chainSuffix, root); - bool root_b =3D STREQ(instb->chainSuffix, root); - - /* ensure root chain commands appear before all others since - we will need them to create the child chains */ - if (root_a) { - if (!root_b) - return -1; /* a before b */ - } else if (root_b) { - return 1; /* b before a */ - } - - /* priorities are limited to range [-1000, 1000] */ - return insta->priority - instb->priority; -} - - -static int -virNWFilterRuleInstSortPtr(const void *a, - const void *b, - void *opaque G_GNUC_UNUSED) -{ - virNWFilterRuleInst * const *insta =3D a; - virNWFilterRuleInst * const *instb =3D b; - return virNWFilterRuleInstSort(*insta, *instb); -} - - static int ebiptablesFilterOrderSort(const void *va, const void *vb, diff --git a/src/nwfilter/nwfilter_tech_driver.c b/src/nwfilter/nwfilter_te= ch_driver.c new file mode 100644 index 0000000000..7b3edff8e6 --- /dev/null +++ b/src/nwfilter/nwfilter_tech_driver.c @@ -0,0 +1,250 @@ +/* + * nwfilter_tech_driver.c: common/shared functions used in nwfilter gentec= h drivers + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include + +#include "nwfilter_tech_driver.h" +#include "nwfilter_conf.h" + +#define VIR_FROM_THIS VIR_FROM_NWFILTER + +int virNWFilterRuleInstSort(const void *a, const void *b) +{ + const virNWFilterRuleInst *insta =3D a; + const virNWFilterRuleInst *instb =3D b; + const char *root =3D virNWFilterChainSuffixTypeToString( + VIR_NWFILTER_CHAINSUFFIX_ROOT); + bool root_a =3D STREQ(insta->chainSuffix, root); + bool root_b =3D STREQ(instb->chainSuffix, root); + + /* ensure root chain commands appear before all others since + we will need them to create the child chains */ + if (root_a) { + if (!root_b) + return -1; /* a before b */ + } else if (root_b) { + return 1; /* b before a */ + } + + /* priorities are limited to range [-1000, 1000] */ + return insta->priority - instb->priority; +} + + +int virNWFilterRuleInstSortPtr(const void *a, + const void *b, + void *opaque G_GNUC_UNUSED) +{ + virNWFilterRuleInst * const *insta =3D a; + virNWFilterRuleInst * const *instb =3D b; + return virNWFilterRuleInstSort(*insta, *instb); +} + +int printVar(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item, + bool *done) +{ + *done =3D false; + + if ((item->flags & NWFILTER_ENTRY_ITEM_FLAG_HAS_VAR)) { + const char *val; + + val =3D virNWFilterVarCombIterGetVarValue(vars, item->varAccess); + if (!val) { + /* error has been reported */ + return -1; + } + + if (virStrcpy(buf, val, bufsize) < 0) { + const char *varName; + + varName =3D virNWFilterVarAccessGetVarName(item->varAccess); + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Buffer too small to print variable '%1$s' in= to"), + varName); + return -1; + } + + *done =3D true; + } + return 0; +} + +static int +_printDataType(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item, + bool asHex, bool directionIn) +{ + bool done; + g_autofree char *data =3D NULL; + uint8_t ctr; + g_auto(virBuffer) vb =3D VIR_BUFFER_INITIALIZER; + g_autofree char *flags =3D NULL; + + if (printVar(vars, buf, bufsize, item, &done) < 0) + return -1; + + if (done) + return 0; + + switch (item->datatype) { + case DATATYPE_IPADDR: + data =3D virSocketAddrFormat(&item->u.ipaddr); + if (!data) + return -1; + if (g_snprintf(buf, bufsize, "%s", data) >=3D bufsize) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("buffer too small for IP address")); + return -1; + } + break; + + case DATATYPE_IPV6ADDR: + data =3D virSocketAddrFormat(&item->u.ipaddr); + if (!data) + return -1; + + if (g_snprintf(buf, bufsize, "%s", data) >=3D bufsize) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("buffer too small for IPv6 address")); + return -1; + } + break; + + case DATATYPE_MACADDR: + case DATATYPE_MACMASK: + if (bufsize < VIR_MAC_STRING_BUFLEN) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Buffer too small for MAC address")); + return -1; + } + + virMacAddrFormat(&item->u.macaddr, buf); + break; + + case DATATYPE_IPV6MASK: + case DATATYPE_IPMASK: + if (g_snprintf(buf, bufsize, "%d", + item->u.u8) >=3D bufsize) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Buffer too small for uint8 type")); + return -1; + } + break; + + case DATATYPE_UINT32: + case DATATYPE_UINT32_HEX: + if (g_snprintf(buf, bufsize, asHex ? "0x%x" : "%u", + item->u.u32) >=3D bufsize) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Buffer too small for uint32 type")); + return -1; + } + break; + + case DATATYPE_UINT16: + case DATATYPE_UINT16_HEX: + if (g_snprintf(buf, bufsize, asHex ? "0x%x" : "%d", + item->u.u16) >=3D bufsize) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Buffer too small for uint16 type")); + return -1; + } + break; + + case DATATYPE_UINT8: + case DATATYPE_UINT8_HEX: + if (g_snprintf(buf, bufsize, asHex ? "0x%x" : "%d", + item->u.u8) >=3D bufsize) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Buffer too small for uint8 type")); + return -1; + } + break; + + case DATATYPE_IPSETNAME: + if (virStrcpy(buf, item->u.ipset.setname, bufsize) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Buffer to small for ipset name")); + return -1; + } + break; + + case DATATYPE_IPSETFLAGS: + for (ctr =3D 0; ctr < item->u.ipset.numFlags; ctr++) { + if (ctr !=3D 0) + virBufferAddLit(&vb, ","); + if ((item->u.ipset.flags & (1 << ctr))) { + if (directionIn) + virBufferAddLit(&vb, "dst"); + else + virBufferAddLit(&vb, "src"); + } else { + if (directionIn) + virBufferAddLit(&vb, "src"); + else + virBufferAddLit(&vb, "dst"); + } + } + + flags =3D virBufferContentAndReset(&vb); + + if (virStrcpy(buf, flags, bufsize) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Buffer too small for IPSETFLAGS type")); + return -1; + } + break; + + case DATATYPE_STRING: + case DATATYPE_STRINGCOPY: + case DATATYPE_BOOLEAN: + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Cannot print data type %1$x"), item->datatype); + return -1; + case DATATYPE_LAST: + default: + virReportEnumRangeError(virNWFilterAttrDataType, item->datatype); + return -1; + } + + return 0; +} + +int printDataType(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item) +{ + return _printDataType(vars, buf, bufsize, item, 0, 0); +} + +int printDataTypeDirection(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item, bool directionIn) +{ + return _printDataType(vars, buf, bufsize, item, 0, directionIn); +} + +int printDataTypeAsHex(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item) +{ + return _printDataType(vars, buf, bufsize, item, 1, 0); +} diff --git a/src/nwfilter/nwfilter_tech_driver.h b/src/nwfilter/nwfilter_te= ch_driver.h index a4af0bf6d5..7a85c46339 100644 --- a/src/nwfilter/nwfilter_tech_driver.h +++ b/src/nwfilter/nwfilter_tech_driver.h @@ -24,9 +24,7 @@ #pragma once =20 #include "virnwfilterobj.h" - -typedef struct _virNWFilterTechDriver virNWFilterTechDriver; - +#include "virstring.h" =20 typedef struct _virNWFilterRuleInst virNWFilterRuleInst; struct _virNWFilterRuleInst { @@ -38,6 +36,31 @@ struct _virNWFilterRuleInst { }; =20 =20 +typedef struct _chainCreateCallbackData chainCreateCallbackData; +struct _chainCreateCallbackData { + const char *ifname; + int nrules; + virNWFilterRuleInst **rules; +}; + +struct ushort_map { + unsigned short attr; + const char *val; +}; + +#define USHORTMAP_ENTRY_IDX(IDX, ATT, VAL) [IDX] =3D { .attr =3D ATT, .val= =3D VAL } + +enum l3_proto_idx { + L3_PROTO_IPV4_IDX =3D 0, + L3_PROTO_IPV6_IDX, + L3_PROTO_ARP_IDX, + L3_PROTO_RARP_IDX, + L2_PROTO_MAC_IDX, + L2_PROTO_VLAN_IDX, + L2_PROTO_STP_IDX, + L3_PROTO_LAST_IDX +}; + typedef int (*virNWFilterTechDrvInit)(bool privileged); typedef void (*virNWFilterTechDrvShutdown)(void); =20 @@ -69,6 +92,7 @@ enum techDrvFlags { TECHDRV_FLAG_INITIALIZED =3D (1 << 0), }; =20 +typedef struct _virNWFilterTechDriver virNWFilterTechDriver; struct _virNWFilterTechDriver { const char *name; enum techDrvFlags flags; @@ -87,3 +111,23 @@ struct _virNWFilterTechDriver { virNWFilterDropAllRules applyDropAllRules; virNWFilterRemoveBasicRules removeBasicRules; }; + +int virNWFilterRuleInstSort(const void *a, const void *b); +int virNWFilterRuleInstSortPtr(const void *a, + const void *b, + void *opaque); +int printVar(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item, + bool *done); + +int printDataType(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item); + +int printDataTypeDirection(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item, bool directionIn); +int printDataTypeAsHex(virNWFilterVarCombIter *vars, + char *buf, int bufsize, + nwItemDesc *item); --=20 2.43.0