From: Laine Stump Date: Sat, 20 Apr 2024 02:19:42 +0000 (-0400) Subject: util: add -w/--concurrent when applying a FirewallCmd rather than when building it X-Git-Tag: v10.4.0-rc1~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ee30ecd577156e19e486d1eb551ccc4574d4ad3;p=thirdparty%2Flibvirt.git util: add -w/--concurrent when applying a FirewallCmd rather than when building it We will already need a separate function for virFirewallApplyCmd for iptables vs. nftables, but the only reason for needing a separate function for virFirewallAddCmd* is that iptables/ebtables need to have an extra arg added for locking (to prevent multiple iptables commands from running at the same time). We can just as well add in the -w/--concurrent during virFirewallApplyCmd, so move the arg-add to ApplyCmd to keep AddCmd simple. Signed-off-by: Laine Stump Reviewed-by: Daniel P. Berrangé --- diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index 1897a66070..a57a79d4ce 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -213,20 +213,6 @@ virFirewallAddCmdFullV(virFirewall *firewall, fwCmd->queryOpaque = opaque; fwCmd->ignoreErrors = ignoreErrors; - switch (fwCmd->layer) { - case VIR_FIREWALL_LAYER_ETHERNET: - ADD_ARG(fwCmd, "--concurrent"); - break; - case VIR_FIREWALL_LAYER_IPV4: - ADD_ARG(fwCmd, "-w"); - break; - case VIR_FIREWALL_LAYER_IPV6: - ADD_ARG(fwCmd, "-w"); - break; - case VIR_FIREWALL_LAYER_LAST: - break; - } - while ((str = va_arg(args, char *)) != NULL) ADD_ARG(fwCmd, str); @@ -499,6 +485,19 @@ virFirewallApplyCmdDirect(virFirewallCmd *fwCmd, cmd = virCommandNewArgList(bin, NULL); + /* lock to assure nobody else is messing with the tables while we are */ + switch (fwCmd->layer) { + case VIR_FIREWALL_LAYER_ETHERNET: + virCommandAddArg(cmd, "--concurrent"); + break; + case VIR_FIREWALL_LAYER_IPV4: + case VIR_FIREWALL_LAYER_IPV6: + virCommandAddArg(cmd, "-w"); + break; + case VIR_FIREWALL_LAYER_LAST: + break; + } + for (i = 0; i < fwCmd->argsLen; i++) virCommandAddArg(cmd, fwCmd->args[i]);