}
-static char *iptablesFormatNetwork(virSocketAddr *netaddr,
- unsigned int prefix)
-{
- virSocketAddr network;
- g_autofree char *netstr = NULL;
- char *ret;
-
- if (!(VIR_SOCKET_ADDR_IS_FAMILY(netaddr, AF_INET) ||
- VIR_SOCKET_ADDR_IS_FAMILY(netaddr, AF_INET6))) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Only IPv4 or IPv6 addresses can be used with iptables"));
- return NULL;
- }
-
- if (virSocketAddrMaskByPrefix(netaddr, prefix, &network) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Failure to mask address"));
- return NULL;
- }
-
- netstr = virSocketAddrFormat(&network);
-
- if (!netstr)
- return NULL;
-
- ret = g_strdup_printf("%s/%d", netstr, prefix);
-
- return ret;
-}
-
-
/* Allow all traffic coming from the bridge, with a valid network address
* to proceed to WAN
*/
virFirewallLayer layer = VIR_SOCKET_ADDR_FAMILY(netaddr) == AF_INET ?
VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6;
- if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
+ if (!(networkstr = virSocketAddrFormatWithPrefix(netaddr, prefix, true)))
return -1;
if (physdev && physdev[0])
VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6;
g_autofree char *networkstr = NULL;
- if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
+ if (!(networkstr = virSocketAddrFormatWithPrefix(netaddr, prefix, true)))
return -1;
if (physdev && physdev[0])
VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6;
g_autofree char *networkstr = NULL;
- if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
+ if (!(networkstr = virSocketAddrFormatWithPrefix(netaddr, prefix, true)))
return -1;
if (physdev && physdev[0])
virFirewallLayer layer = af == AF_INET ?
VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6;
- if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
+ if (!(networkstr = virSocketAddrFormatWithPrefix(netaddr, prefix, true)))
return -1;
if (VIR_SOCKET_ADDR_IS_FAMILY(&addr->start, af)) {
virFirewallLayer layer = VIR_SOCKET_ADDR_FAMILY(netaddr) == AF_INET ?
VIR_FIREWALL_LAYER_IPV4 : VIR_FIREWALL_LAYER_IPV6;
- if (!(networkstr = iptablesFormatNetwork(netaddr, prefix)))
+ if (!(networkstr = virSocketAddrFormatWithPrefix(netaddr, prefix, true)))
return -1;
if (physdev && physdev[0])
}
+/*
+ * virSocketAddrFormatWithPrefix:
+ * @addr: an initialized virSocketAddr *
+ * @prefix: an IP network prefix (0-32 if IPv4, 0-128 if IPv6)
+ * @masked: true to mask off the host bits of the address
+ *
+ * Returns a string representation of the IP network described by
+ * @netaddr/@prefix. If @masked is true, the address is masked to
+ * remove the host bits according to prefix. So, for example, sending
+ * f(1.2.3.4, 24, true) would return "1.2.3.0/24", but f(1.2.3.4, 24,
+ * false) would return "1.2.3.4/24".
+ *
+ * returns false on failure (and logs an error message)
+ */
+char *
+virSocketAddrFormatWithPrefix(virSocketAddr *addr,
+ unsigned int prefix,
+ bool masked)
+{
+ virSocketAddr network;
+ g_autofree char *netstr = NULL;
+
+ if (!(VIR_SOCKET_ADDR_IS_FAMILY(addr, AF_INET) ||
+ VIR_SOCKET_ADDR_IS_FAMILY(addr, AF_INET6))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Only IPv4 or IPv6 addresses can be used with a prefix"));
+ return NULL;
+ }
+
+ if (masked && virSocketAddrMaskByPrefix(addr, prefix, &network) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failure to mask address"));
+ return NULL;
+ }
+
+ netstr = virSocketAddrFormat(&network);
+
+ if (!netstr)
+ return NULL;
+
+ return g_strdup_printf("%s/%d", netstr, prefix);
+}
+
+
/*
* virSocketAddrSetPort:
* @addr: an initialized virSocketAddr *
projects / thirdparty / libvirt.git / commitdiff
