remove iptablesReloadRules() and related code

author Mark McLoughlin <markmc@redhat.com>

Thu, 10 Dec 2009 11:27:18 +0000 (11:27 +0000)

committer Mark McLoughlin <markmc@redhat.com>

Thu, 10 Dec 2009 11:27:18 +0000 (11:27 +0000)
author Mark McLoughlin <markmc@redhat.com>
Thu, 10 Dec 2009 11:27:18 +0000 (11:27 +0000)
committer Mark McLoughlin <markmc@redhat.com>
Thu, 10 Dec 2009 11:27:18 +0000 (11:27 +0000)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms

index 8d64b15d0fa7061df9a7fef04ee8c52f09017103..e5ba365426b2537318b1c2d5b00ee05d18bb182c 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -237,7 +237,6 @@ iptablesAddTcpInput;
  iptablesAddUdpInput;
  iptablesContextFree;
  iptablesContextNew;
-iptablesReloadRules;
  iptablesRemoveForwardAllowCross;
  iptablesRemoveForwardAllowIn;
  iptablesRemoveForwardAllowOut;
diff --git a/src/util/iptables.c b/src/util/iptables.c

index 8ac7786d68b0080358b3e2c78034580be671b33a..3c02ea6bc2e4d0b6a0fef11d1e4a36fdc7e66f78 100644 (file)
--- a/src/util/iptables.c
+++ b/src/util/iptables.c
@@ -52,20 +52,10 @@ enum {
      REMOVE
  };
  
-typedef struct
-{
-    char  *rule;
-    const char **argv;
-    int    command_idx;
-} iptRule;
-
  typedef struct
  {
      char  *table;
      char  *chain;
-
-    int      nrules;
-    iptRule *rules;
  } iptRules;
  
  struct _iptablesContext
@@ -75,83 +65,11 @@ struct _iptablesContext
      iptRules *nat_postrouting;
  };
  
-static void
-iptRuleFree(iptRule *rule)
-{
-    VIR_FREE(rule->rule);
-
-    if (rule->argv) {
-        int i = 0;
-        while (rule->argv[i])
-            VIR_FREE(rule->argv[i++]);
-        VIR_FREE(rule->argv);
-    }
-}
-
-static int
-iptRulesAppend(iptRules *rules,
-               char *rule,
-               const char **argv,
-               int command_idx)
-{
-    if (VIR_REALLOC_N(rules->rules, rules->nrules+1) < 0) {
-        int i = 0;
-        while (argv[i])
-            VIR_FREE(argv[i++]);
-        VIR_FREE(argv);
-        return ENOMEM;
-    }
-
-    rules->rules[rules->nrules].rule        = rule;
-    rules->rules[rules->nrules].argv        = argv;
-    rules->rules[rules->nrules].command_idx = command_idx;
-
-    rules->nrules++;
-
-    return 0;
-}
-
-static int
-iptRulesRemove(iptRules *rules,
-               char *rule)
-{
-    int i;
-
-    for (i = 0; i < rules->nrules; i++)
-        if (STREQ(rules->rules[i].rule, rule))
-            break;
-
-    if (i >= rules->nrules)
-        return EINVAL;
-
-    iptRuleFree(&rules->rules[i]);
-
-    memmove(&rules->rules[i],
-            &rules->rules[i+1],
-            (rules->nrules - i - 1) * sizeof (iptRule));
-
-    rules->nrules--;
-
-    return 0;
-}
-
  static void
  iptRulesFree(iptRules *rules)
  {
-    int i;
-
      VIR_FREE(rules->table);
      VIR_FREE(rules->chain);
-
-    if (rules->rules) {
-        for (i = 0; i < rules->nrules; i++)
-            iptRuleFree(&rules->rules[i]);
-
-        VIR_FREE(rules->rules);
-
-        rules->nrules = 0;
-    }
-
      VIR_FREE(rules);
  }
  
@@ -170,9 +88,6 @@ iptRulesNew(const char *table,
      if (!(rules->chain = strdup(chain)))
          goto error;
  
-    rules->rules = NULL;
-    rules->nrules = 0;
-
      return rules;
  
   error:
@@ -186,9 +101,8 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
      va_list args;
      int retval = ENOMEM;
      const char **argv;
-    char *rule = NULL;
      const char *s;
-    int n, command_idx;
+    int n;
  
      n = 1 + /* /sbin/iptables  */
          2 + /*   --table foo   */
@@ -215,9 +129,7 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
      if (!(argv[n++] = strdup(rules->table)))
          goto error;
  
-    command_idx = n;
-
-    if (!(argv[n++] = strdup("--insert")))
+    if (!(argv[n++] = strdup(action == ADD ? "--insert" : "--delete")))
          goto error;
  
      if (!(argv[n++] = strdup(rules->chain)))
@@ -234,31 +146,14 @@ iptablesAddRemoveRule(iptRules *rules, int action, const char *arg, ...)
  
      va_end(args);
  
-    if (!(rule = virArgvToString(&argv[command_idx])))
-        goto error;
-
-    if (action == REMOVE) {
-        VIR_FREE(argv[command_idx]);
-        if (!(argv[command_idx] = strdup("--delete")))
-            goto error;
-    }
-
      if (virRun(NULL, argv, NULL) < 0) {
          retval = errno;
          goto error;
      }
  
-    if (action == ADD) {
-        retval = iptRulesAppend(rules, rule, argv, command_idx);
-        rule = NULL;
-        argv = NULL;
-    } else {
-        retval = iptRulesRemove(rules, rule);
-    }
+    retval = 0;
  
   error:
-    VIR_FREE(rule);
-
      if (argv) {
          n = 0;
          while (argv[n])
@@ -318,50 +213,6 @@ iptablesContextFree(iptablesContext *ctx)
      VIR_FREE(ctx);
  }
  
-static void
-iptRulesReload(iptRules *rules)
-{
-    int i;
-    char ebuf[1024];
-
-    for (i = 0; i < rules->nrules; i++) {
-        iptRule *rule = &rules->rules[i];
-        const char *orig;
-
-        orig = rule->argv[rule->command_idx];
-        rule->argv[rule->command_idx] = (char *) "--delete";
-
-        if (virRun(NULL, rule->argv, NULL) < 0)
-            VIR_WARN(_("Failed to remove iptables rule '%s'"
-                       " from chain '%s' in table '%s': %s"),
-                     rule->rule, rules->chain, rules->table,
-                     virStrerror(errno, ebuf, sizeof ebuf));
-
-        rule->argv[rule->command_idx] = orig;
-    }
-
-    for (i = 0; i < rules->nrules; i++)
-        if (virRun(NULL, rules->rules[i].argv, NULL) < 0)
-            VIR_WARN(_("Failed to add iptables rule '%s'"
-                       " to chain '%s' in table '%s': %s"),
-                     rules->rules[i].rule, rules->chain, rules->table,
-                     virStrerror(errno, ebuf, sizeof ebuf));
-}
-
-/**
- * iptablesReloadRules:
- * @ctx: pointer to the IP table context
- *
- * Reloads all the IP table rules associated to a context
- */
-void
-iptablesReloadRules(iptablesContext *ctx)
-{
-    iptRulesReload(ctx->input_filter);
-    iptRulesReload(ctx->forward_filter);
-    iptRulesReload(ctx->nat_postrouting);
-}
-
  static int
  iptablesInput(iptablesContext *ctx,
                const char *iface,
diff --git a/src/util/iptables.h b/src/util/iptables.h

index 826f4f8f0bab272ade0ff0fc78e8b2ca09b53caa..68d9e0d7d952bdf3cafabefa93d04697b53aa237 100644 (file)
--- a/src/util/iptables.h
+++ b/src/util/iptables.h
@@ -27,8 +27,6 @@ typedef struct _iptablesContext iptablesContext;
  iptablesContext *iptablesContextNew              (void);
  void             iptablesContextFree             (iptablesContext *ctx);
  
-void             iptablesReloadRules             (iptablesContext *ctx);
-
  int              iptablesAddTcpInput             (iptablesContext *ctx,
                                                    const char *iface,
                                                    int port);
author	Mark McLoughlin <markmc@redhat.com>
	Thu, 10 Dec 2009 11:27:18 +0000 (11:27 +0000)
committer	Mark McLoughlin <markmc@redhat.com>
	Thu, 10 Dec 2009 11:27:18 +0000 (11:27 +0000)
src/libvirt_private.syms		patch \| blob \| blame \| history
src/util/iptables.c		patch \| blob \| blame \| history
src/util/iptables.h		patch \| blob \| blame \| history