static int iptablesLinkIPTablesBaseChain(virBufferPtr buf,
const char *udchain,
const char *syschain,
- unsigned int pos,
- int stopOnError)
+ unsigned int pos)
{
virBufferAsprintf(buf,
"res=$($IPT -L %s -n --line-number | %s '%s')\n"
pos,
syschain, pos, udchain,
- CMD_STOPONERR(stopOnError),
+ CMD_STOPONERR(true),
syschain,
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
return 0;
}
"$IPT -N " VIRT_IN_POST_CHAIN CMD_SEPARATOR
"$IPT -N " HOST_IN_CHAIN CMD_SEPARATOR);
iptablesLinkIPTablesBaseChain(buf,
- VIRT_IN_CHAIN, "FORWARD", 1, 1);
+ VIRT_IN_CHAIN, "FORWARD", 1);
iptablesLinkIPTablesBaseChain(buf,
- VIRT_OUT_CHAIN, "FORWARD", 2, 1);
+ VIRT_OUT_CHAIN, "FORWARD", 2);
iptablesLinkIPTablesBaseChain(buf,
- VIRT_IN_POST_CHAIN, "FORWARD", 3, 1);
+ VIRT_IN_POST_CHAIN, "FORWARD", 3);
iptablesLinkIPTablesBaseChain(buf,
- HOST_IN_CHAIN, "INPUT", 1, 1);
+ HOST_IN_CHAIN, "INPUT", 1);
return 0;
}
static int
iptablesCreateTmpRootChain(virBufferPtr buf,
char prefix,
- bool incoming, const char *ifname,
- int stopOnError)
+ bool incoming, const char *ifname)
{
char chain[MAX_CHAINNAME_LENGTH];
char chainPrefix[2] = {
CMD_EXEC
"%s",
chain,
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
return 0;
}
iptablesCreateTmpRootChains(virBufferPtr buf,
const char *ifname)
{
- iptablesCreateTmpRootChain(buf, 'F', false, ifname, 1);
- iptablesCreateTmpRootChain(buf, 'F', true, ifname, 1);
- iptablesCreateTmpRootChain(buf, 'H', true, ifname, 1);
+ iptablesCreateTmpRootChain(buf, 'F', false, ifname);
+ iptablesCreateTmpRootChain(buf, 'F', true, ifname);
+ iptablesCreateTmpRootChain(buf, 'H', true, ifname);
return 0;
}
iptablesLinkTmpRootChain(virBufferPtr buf,
const char *basechain,
char prefix,
- bool incoming, const char *ifname,
- int stopOnError)
+ bool incoming, const char *ifname)
{
char chain[MAX_CHAINNAME_LENGTH];
char chainPrefix[2] = {
basechain,
match, ifname, chain,
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
return 0;
}
iptablesLinkTmpRootChains(virBufferPtr buf,
const char *ifname)
{
- iptablesLinkTmpRootChain(buf, VIRT_OUT_CHAIN, 'F', false, ifname, 1);
- iptablesLinkTmpRootChain(buf, VIRT_IN_CHAIN, 'F', true, ifname, 1);
- iptablesLinkTmpRootChain(buf, HOST_IN_CHAIN, 'H', true, ifname, 1);
+ iptablesLinkTmpRootChain(buf, VIRT_OUT_CHAIN, 'F', false, ifname);
+ iptablesLinkTmpRootChain(buf, VIRT_IN_CHAIN, 'F', true, ifname);
+ iptablesLinkTmpRootChain(buf, HOST_IN_CHAIN, 'H', true, ifname);
return 0;
}
static void
iptablesInstCommand(virBufferPtr buf,
- const char *templ, char cmd, int pos,
- int stopOnError)
+ const char *templ, char cmd, int pos)
{
char position[10] = { 0 };
if (pos >= 0)
snprintf(position, sizeof(position), "%d", pos);
virBufferAsprintf(buf, templ, cmd, position);
virBufferAsprintf(buf, CMD_SEPARATOR "%s",
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
}
static int
ebtablesCreateTmpRootChain(virBufferPtr buf,
- bool incoming, const char *ifname,
- int stopOnError)
+ bool incoming, const char *ifname)
{
char chain[MAX_CHAINNAME_LENGTH];
char chainPrefix = incoming ? CHAINPREFIX_HOST_IN_TEMP
CMD_EXEC
"%s",
chain,
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
return 0;
}
static int
ebtablesLinkTmpRootChain(virBufferPtr buf,
- bool incoming, const char *ifname,
- int stopOnError)
+ bool incoming, const char *ifname)
{
char chain[MAX_CHAINNAME_LENGTH];
char chainPrefix = incoming ? CHAINPREFIX_HOST_IN_TEMP
: EBTABLES_CHAIN_OUTGOING,
iodev, ifname, chain,
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
return 0;
}
const char *ifname,
enum l3_proto_idx protoidx,
const char *filtername,
- int stopOnError,
virNWFilterChainPriority priority)
{
virBuffer buf = VIR_BUFFER_INITIALIZER;
chain,
chain,
- CMD_STOPONERR(stopOnError),
+ CMD_STOPONERR(true),
rootchain, protostr, chain,
- CMD_STOPONERR(stopOnError));
+ CMD_STOPONERR(true));
VIR_FREE(protostr);
static void
ebiptablesInstCommand(virBufferPtr buf,
const char *templ, char cmd, int pos,
- int stopOnError)
+ bool stopOnError)
{
char position[10] = { 0 };
if (pos >= 0)
NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
- ebtablesCreateTmpRootChain(&buf, true, ifname, 1);
+ ebtablesCreateTmpRootChain(&buf, true, ifname);
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
virBufferAsprintf(&buf,
chain,
CMD_STOPONERR(1));
- ebtablesLinkTmpRootChain(&buf, true, ifname, 1);
+ ebtablesLinkTmpRootChain(&buf, true, ifname);
ebtablesRenameTmpRootChain(&buf, true, ifname);
if (ebiptablesExecCLI(&buf, false, NULL) < 0)
NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
- ebtablesCreateTmpRootChain(&buf, true, ifname, 1);
- ebtablesCreateTmpRootChain(&buf, false, ifname, 1);
+ ebtablesCreateTmpRootChain(&buf, true, ifname);
+ ebtablesCreateTmpRootChain(&buf, false, ifname);
PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
chain_out,
CMD_STOPONERR(1));
- ebtablesLinkTmpRootChain(&buf, true, ifname, 1);
- ebtablesLinkTmpRootChain(&buf, false, ifname, 1);
+ ebtablesLinkTmpRootChain(&buf, true, ifname);
+ ebtablesLinkTmpRootChain(&buf, false, ifname);
if (!leaveTemporary) {
ebtablesRenameTmpRootChain(&buf, true, ifname);
NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
- ebtablesCreateTmpRootChain(&buf, true, ifname, 1);
- ebtablesCreateTmpRootChain(&buf, false, ifname, 1);
+ ebtablesCreateTmpRootChain(&buf, true, ifname);
+ ebtablesCreateTmpRootChain(&buf, false, ifname);
PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
chain_out,
CMD_STOPONERR(1));
- ebtablesLinkTmpRootChain(&buf, true, ifname, 1);
- ebtablesLinkTmpRootChain(&buf, false, ifname, 1);
+ ebtablesLinkTmpRootChain(&buf, true, ifname);
+ ebtablesLinkTmpRootChain(&buf, false, ifname);
ebtablesRenameTmpRootChain(&buf, true, ifname);
ebtablesRenameTmpRootChain(&buf, false, ifname);
virHashKeyValuePairPtr filter_names;
const virNWFilterChainPriority *priority;
- if (ebtablesCreateTmpRootChain(buf, incoming, ifname, 1) < 0)
+ if (ebtablesCreateTmpRootChain(buf, incoming, ifname) < 0)
return -1;
filter_names = virHashGetItems(chains,
priority = (const virNWFilterChainPriority *)filter_names[i].value;
rc = ebtablesCreateTmpSubChain(inst, nRuleInstances,
incoming, ifname, idx,
- filter_names[i].key, 1,
+ filter_names[i].key,
*priority);
if (rc < 0)
break;
ebtChains[j].priority <= inst[i]->priority) {
ebiptablesInstCommand(&buf,
ebtChains[j++].commandTemplate,
- 'A', -1, 1);
+ 'A', -1, true);
}
ebiptablesInstCommand(&buf,
inst[i]->commandTemplate,
- 'A', -1, 1);
+ 'A', -1, true);
break;
case RT_IPTABLES:
haveIptables = true;
while (j < nEbtChains)
ebiptablesInstCommand(&buf,
ebtChains[j++].commandTemplate,
- 'A', -1, 1);
+ 'A', -1, true);
if (ebiptablesExecCLI(&buf, false, &errmsg) < 0)
goto tear_down_tmpebchains;
if (inst[i]->ruleType == RT_IPTABLES)
iptablesInstCommand(&buf,
inst[i]->commandTemplate,
- 'A', -1, 1);
+ 'A', -1);
}
if (ebiptablesExecCLI(&buf, false, &errmsg) < 0)
if (inst[i]->ruleType == RT_IP6TABLES)
iptablesInstCommand(&buf,
inst[i]->commandTemplate,
- 'A', -1, 1);
+ 'A', -1);
}
if (ebiptablesExecCLI(&buf, false, &errmsg) < 0)
NWFILTER_SET_EBTABLES_SHELLVAR(&buf);
if (virHashSize(chains_in_set) != 0)
- ebtablesLinkTmpRootChain(&buf, true, ifname, 1);
+ ebtablesLinkTmpRootChain(&buf, true, ifname);
if (virHashSize(chains_out_set) != 0)
- ebtablesLinkTmpRootChain(&buf, false, ifname, 1);
+ ebtablesLinkTmpRootChain(&buf, false, ifname);
if (ebiptablesExecCLI(&buf, false, &errmsg) < 0)
goto tear_down_ebsubchains_and_unlink;
ebiptablesInstCommand(&buf,
inst[i]->commandTemplate,
'D', -1,
- 0);
+ false);
if (ebiptablesExecCLI(&buf, true, NULL) < 0)
goto cleanup;
projects / thirdparty / libvirt.git / commitdiff
