{
char macaddr[VIR_MAC_STRING_BUFLEN];
char macmask[VIR_MAC_STRING_BUFLEN];
- int ret = -1;
if (HAS_ENTRY_ITEM(ðHdr->dataSrcMACAddr)) {
if (printDataType(vars,
macaddr, sizeof(macaddr),
ðHdr->dataSrcMACAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
reverse ? "-d" : "-s",
if (printDataType(vars,
macmask, sizeof(macmask),
ðHdr->dataSrcMACMask) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", macaddr, macmask);
if (printDataType(vars,
macaddr, sizeof(macaddr),
ðHdr->dataDstMACAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
reverse ? "-s" : "-d",
if (printDataType(vars,
macmask, sizeof(macmask),
ðHdr->dataDstMACMask) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", macaddr, macmask);
}
}
- ret = 0;
- cleanup:
- return ret;
+ return 0;
}
bool *srcmacskipped)
{
char macaddr[VIR_MAC_STRING_BUFLEN];
- int ret = -1;
*srcmacskipped = false;
if (printDataType(vars,
macaddr, sizeof(macaddr),
srcMacAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-m", "mac",
NULL);
}
- ret = 0;
- cleanup:
- return ret;
+ return 0;
}
const char *dst = "--destination";
const char *srcrange = "--src-range";
const char *dstrange = "--dst-range";
- int ret = -1;
if (directionIn) {
src = "--destination";
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&ipHdr->dataSrcIPAddr) < 0)
- goto cleanup;
+ return -1;
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataSrcIPAddr))
virFirewallRuleAddArg(fw, fwrule, "!");
if (printDataType(vars,
number, sizeof(number),
&ipHdr->dataSrcIPMask) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", ipaddr, number);
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&ipHdr->dataSrcIPFrom) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-m", "iprange",
if (printDataType(vars,
ipaddralt, sizeof(ipaddralt),
&ipHdr->dataSrcIPTo) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s-%s", ipaddr, ipaddralt);
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&ipHdr->dataDstIPAddr) < 0)
- goto cleanup;
+ return -1;
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataDstIPAddr))
virFirewallRuleAddArg(fw, fwrule, "!");
if (printDataType(vars,
number, sizeof(number),
&ipHdr->dataDstIPMask) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", ipaddr, number);
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&ipHdr->dataDstIPFrom) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-m", "iprange",
if (printDataType(vars,
ipaddralt, sizeof(ipaddralt),
&ipHdr->dataDstIPTo) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s-%s", ipaddr, ipaddralt);
if (printDataType(vars,
number, sizeof(number),
&ipHdr->dataDSCP) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-m", "dscp",
}
}
- ret = 0;
- cleanup:
- return ret;
+ return 0;
}
char number[MAX(INT_BUFSIZE_BOUND(uint32_t),
INT_BUFSIZE_BOUND(int))];
char str[MAX_IPSET_NAME_LENGTH];
- int ret = -1;
if (HAS_ENTRY_ITEM(&ipHdr->dataIPSet) &&
HAS_ENTRY_ITEM(&ipHdr->dataIPSetFlags)) {
if (printDataType(vars,
str, sizeof(str),
&ipHdr->dataIPSet) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-m", "set",
if (printDataTypeDirection(vars,
str, sizeof(str),
&ipHdr->dataIPSetFlags, directionIn) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, str);
}
if (printDataType(vars,
number, sizeof(number),
&ipHdr->dataConnlimitAbove) < 0)
- goto cleanup;
+ return -1;
/* place connlimit after potential -m state --state ...
since this is the most useful order */
NULL);
}
- ret = 0;
- cleanup:
- return ret;
+ return 0;
}
bool hasICMPType = false;
virFirewallRulePtr fwrule;
size_t fwruleargs;
- int ret = -1;
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
&rule->p.tcpHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.tcpHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPFlags)) {
char *flags;
virFirewallRuleAddArg(fw, fwrule, "--tcp-flags");
if (!(flags = virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.mask)))
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, flags);
VIR_FREE(flags);
if (!(flags = virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.flags)))
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, flags);
VIR_FREE(flags);
}
vars,
&rule->p.tcpHdrFilter.portData,
directionIn) < 0)
- goto cleanup;
+ return -1;
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPOption)) {
if (printDataType(vars,
number, sizeof(number),
&rule->p.tcpHdrFilter.dataTCPOption) < 0)
- goto cleanup;
+ return -1;
if (ENTRY_WANT_NEG_SIGN(&rule->p.tcpHdrFilter.dataTCPOption))
virFirewallRuleAddArg(fw, fwrule, "!");
&rule->p.udpHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.udpHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandlePortData(fw, fwrule,
vars,
&rule->p.udpHdrFilter.portData,
directionIn) < 0)
- goto cleanup;
+ return -1;
break;
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
&rule->p.udpliteHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.udpliteHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
break;
&rule->p.espHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.espHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
break;
&rule->p.ahHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.ahHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
break;
&rule->p.sctpHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.sctpHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandlePortData(fw, fwrule,
vars,
&rule->p.sctpHdrFilter.portData,
directionIn) < 0)
- goto cleanup;
+ return -1;
break;
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
&rule->p.icmpHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.icmpHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPType)) {
const char *parm;
if (maySkipICMP) {
virFirewallRemoveRule(fw, fwrule);
- ret = 0;
- goto cleanup;
+ return 0;
}
if (rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ICMP)
if (printDataType(vars,
number, sizeof(number),
&rule->p.icmpHdrFilter.dataICMPType) < 0)
- goto cleanup;
+ return -1;
if (ENTRY_WANT_NEG_SIGN(&rule->p.icmpHdrFilter.dataICMPType))
virFirewallRuleAddArg(fw, fwrule, "!");
if (printDataType(vars,
numberalt, sizeof(numberalt),
&rule->p.icmpHdrFilter.dataICMPCode) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", number, numberalt);
&rule->p.igmpHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.igmpHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
break;
&rule->p.allHdrFilter.dataSrcMACAddr,
directionIn,
&srcMacSkipped) < 0)
- goto cleanup;
+ return -1;
if (iptablesHandleIPHdr(fw, fwrule,
vars,
&rule->p.allHdrFilter.ipHdr,
directionIn,
&skipRule, &skipMatch) < 0)
- goto cleanup;
+ return -1;
break;
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Unexpected protocol %d"),
rule->prtclType);
- goto cleanup;
+ return -1;
}
if ((srcMacSkipped &&
vars,
&rule->p.allHdrFilter.ipHdr,
directionIn) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-j", target, NULL);
- ret = 0;
- cleanup:
- return ret;
+ return 0;
}
const char *ifname,
virNWFilterVarCombIterPtr vars)
{
- int ret = -1;
-
if (virNWFilterRuleIsProtocolEthernet(rule)) {
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
ifname,
vars,
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) < 0)
- goto cleanup;
+ return -1;
}
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_IN ||
ifname,
vars,
false) < 0)
- goto cleanup;
+ return -1;
}
} else {
virFirewallLayer layer;
} else {
virReportError(VIR_ERR_OPERATION_FAILED,
"%s", _("unexpected protocol type"));
- goto cleanup;
+ return -1;
}
if (iptablesCreateRuleInstance(fw,
rule,
ifname,
vars) < 0)
- goto cleanup;
+ return -1;
}
- ret = 0;
- cleanup:
- return ret;
+ return 0;
}
projects / thirdparty / libvirt.git / commitdiff
