diff options
Diffstat (limited to 'main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch')
| -rw-r--r-- | main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch | 210 |
1 files changed, 0 insertions, 210 deletions
diff --git a/main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch b/main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch deleted file mode 100644 index d77da2f2f..000000000 --- a/main/libvirt/0001-util-refactor-iptables-command-construction-into-mul.patch +++ /dev/null @@ -1,210 +0,0 @@ -From f3531a040cf2ea1fc432a7613af4e9e823b2caa1 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Mon, 4 Feb 2013 10:45:23 +0100 -Subject: [PATCH] util: refactor iptables command construction into multiple - steps - -Instead of creating an iptables command in one shot, do it in steps -so we can add conditional options like physdev and protocol. - -This removes code duplication while keeping existing behaviour. - -Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> -Signed-off-by: Eric Blake <eblake@redhat.com> ---- - src/util/viriptables.c | 132 ++++++++++++++++++++++--------------------------- - 1 file changed, 59 insertions(+), 73 deletions(-) - -diff --git a/src/util/viriptables.c b/src/util/viriptables.c -index 2c4290a..41fe780 100644 ---- a/src/util/viriptables.c -+++ b/src/util/viriptables.c -@@ -1,7 +1,7 @@ - /* - * viriptables.c: helper APIs for managing iptables - * -- * Copyright (C) 2007-2012 Red Hat, Inc. -+ * Copyright (C) 2007-2013 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public -@@ -129,15 +129,10 @@ iptRulesNew(const char *table, - return NULL; - } - --static int ATTRIBUTE_SENTINEL --iptablesAddRemoveRule(iptRules *rules, int family, int action, -- const char *arg, ...) -+static virCommandPtr -+iptablesCommandNew(iptRules *rules, int family, int action) - { -- va_list args; -- int ret; - virCommandPtr cmd = NULL; -- const char *s; -- - #if HAVE_FIREWALLD - virIpTablesInitialize(); - if (firewall_cmd_path) { -@@ -154,16 +149,36 @@ iptablesAddRemoveRule(iptRules *rules, int family, int action, - - virCommandAddArgList(cmd, "--table", rules->table, - action == ADD ? "--insert" : "--delete", -- rules->chain, arg, NULL); -+ rules->chain, NULL); -+ return cmd; -+} -+ -+static int -+iptablesCommandRunAndFree(virCommandPtr cmd) -+{ -+ int ret; -+ ret = virCommandRun(cmd, NULL); -+ virCommandFree(cmd); -+ return ret; -+} -+ -+static int ATTRIBUTE_SENTINEL -+iptablesAddRemoveRule(iptRules *rules, int family, int action, -+ const char *arg, ...) -+{ -+ va_list args; -+ virCommandPtr cmd = NULL; -+ const char *s; -+ -+ cmd = iptablesCommandNew(rules, family, action); -+ virCommandAddArg(cmd, arg); - - va_start(args, arg); - while ((s = va_arg(args, const char *))) - virCommandAddArg(cmd, s); - va_end(args); - -- ret = virCommandRun(cmd, NULL); -- virCommandFree(cmd); -- return ret; -+ return iptablesCommandRunAndFree(cmd); - } - - /** -@@ -372,28 +387,24 @@ iptablesForwardAllowOut(iptablesContext *ctx, - { - int ret; - char *networkstr; -+ virCommandPtr cmd = NULL; - - if (!(networkstr = iptablesFormatNetwork(netaddr, prefix))) - return -1; - -- if (physdev && physdev[0]) { -- ret = iptablesAddRemoveRule(ctx->forward_filter, -- VIR_SOCKET_ADDR_FAMILY(netaddr), -- action, -- "--source", networkstr, -- "--in-interface", iface, -- "--out-interface", physdev, -- "--jump", "ACCEPT", -- NULL); -- } else { -- ret = iptablesAddRemoveRule(ctx->forward_filter, -- VIR_SOCKET_ADDR_FAMILY(netaddr), -- action, -- "--source", networkstr, -- "--in-interface", iface, -- "--jump", "ACCEPT", -- NULL); -- } -+ cmd = iptablesCommandNew(ctx->forward_filter, -+ VIR_SOCKET_ADDR_FAMILY(netaddr), -+ action); -+ virCommandAddArgList(cmd, -+ "--source", networkstr, -+ "--in-interface", iface, NULL); -+ -+ if (physdev && physdev[0]) -+ virCommandAddArgList(cmd, "--out-interface", physdev, NULL); -+ -+ virCommandAddArgList(cmd, "--jump", "ACCEPT", NULL); -+ -+ ret = iptablesCommandRunAndFree(cmd); - VIR_FREE(networkstr); - return ret; - } -@@ -799,6 +810,7 @@ iptablesForwardMasquerade(iptablesContext *ctx, - { - int ret; - char *networkstr; -+ virCommandPtr cmd = NULL; - - if (!(networkstr = iptablesFormatNetwork(netaddr, prefix))) - return -1; -@@ -812,49 +824,23 @@ iptablesForwardMasquerade(iptablesContext *ctx, - return -1; - } - -- if (protocol && protocol[0]) { -- if (physdev && physdev[0]) { -- ret = iptablesAddRemoveRule(ctx->nat_postrouting, -- AF_INET, -- action, -- "--source", networkstr, -- "-p", protocol, -- "!", "--destination", networkstr, -- "--out-interface", physdev, -- "--jump", "MASQUERADE", -- "--to-ports", "1024-65535", -- NULL); -- } else { -- ret = iptablesAddRemoveRule(ctx->nat_postrouting, -- AF_INET, -- action, -- "--source", networkstr, -- "-p", protocol, -- "!", "--destination", networkstr, -- "--jump", "MASQUERADE", -- "--to-ports", "1024-65535", -- NULL); -- } -- } else { -- if (physdev && physdev[0]) { -- ret = iptablesAddRemoveRule(ctx->nat_postrouting, -- AF_INET, -- action, -- "--source", networkstr, -- "!", "--destination", networkstr, -- "--out-interface", physdev, -- "--jump", "MASQUERADE", -- NULL); -- } else { -- ret = iptablesAddRemoveRule(ctx->nat_postrouting, -- AF_INET, -- action, -- "--source", networkstr, -- "!", "--destination", networkstr, -- "--jump", "MASQUERADE", -- NULL); -- } -- } -+ cmd = iptablesCommandNew(ctx->nat_postrouting, AF_INET, action); -+ virCommandAddArgList(cmd, "--source", networkstr, NULL); -+ -+ if (protocol && protocol[0]) -+ virCommandAddArgList(cmd, "-p", protocol, NULL); -+ -+ virCommandAddArgList(cmd, "!", "--destination", networkstr, NULL); -+ -+ if (physdev && physdev[0]) -+ virCommandAddArgList(cmd, "--out-interface", physdev, NULL); -+ -+ virCommandAddArgList(cmd, "--jump", "MASQUERADE", NULL); -+ -+ if (protocol && protocol[0]) -+ virCommandAddArgList(cmd, "--to-ports", "1024-65535", NULL); -+ -+ ret = iptablesCommandRunAndFree(cmd); - VIR_FREE(networkstr); - return ret; - } --- -1.8.1.2 - |