static int ebtablesCleanAll(const char *ifname);
static int ebiptablesAllTeardown(const char *ifname);
-struct ushort_map {
+struct virNWFilterUShortMap {
unsigned short attr;
const char *val;
};
-enum l3_proto_idx {
- L3_PROTO_IPV4_IDX = 0,
- L3_PROTO_IPV6_IDX,
- L3_PROTO_ARP_IDX,
- L3_PROTO_RARP_IDX,
- L2_PROTO_MAC_IDX,
- L2_PROTO_VLAN_IDX,
- L2_PROTO_STP_IDX,
- L3_PROTO_LAST_IDX
+enum virNWFilterProtoIdx {
+ VIR_NWFILTER_PROTO_IDX_IPV4 = 0,
+ VIR_NWFILTER_PROTO_IDX_IPV6,
+ VIR_NWFILTER_PROTO_IDX_ARP,
+ VIR_NWFILTER_PROTO_IDX_RARP,
+ VIR_NWFILTER_PROTO_IDX_MAC,
+ VIR_NWFILTER_PROTO_IDX_VLAN,
+ VIR_NWFILTER_PROTO_IDX_STP,
+ VIR_NWFILTER_PROTO_IDX_LAST
};
-#define USHORTMAP_ENTRY_IDX(IDX, ATT, VAL) [IDX] = { .attr = ATT, .val = VAL }
+#define virNWFilterUShortMapEntryIdx(IDX, ATT, VAL) [IDX] = { .attr = ATT, .val = VAL }
/* A lookup table for translating ethernet protocol IDs to human readable
* strings. None of the human readable strings must be found as a prefix
* in another entry here (example 'ab' would be found in 'abc') to allow
* for prefix matching.
*/
-static const struct ushort_map l3_protocols[] = {
- USHORTMAP_ENTRY_IDX(L3_PROTO_IPV4_IDX, ETHERTYPE_IP, "ipv4"),
- USHORTMAP_ENTRY_IDX(L3_PROTO_IPV6_IDX, ETHERTYPE_IPV6, "ipv6"),
- USHORTMAP_ENTRY_IDX(L3_PROTO_ARP_IDX, ETHERTYPE_ARP, "arp"),
- USHORTMAP_ENTRY_IDX(L3_PROTO_RARP_IDX, ETHERTYPE_REVARP, "rarp"),
- USHORTMAP_ENTRY_IDX(L2_PROTO_VLAN_IDX, ETHERTYPE_VLAN, "vlan"),
- USHORTMAP_ENTRY_IDX(L2_PROTO_STP_IDX, 0, "stp"),
- USHORTMAP_ENTRY_IDX(L2_PROTO_MAC_IDX, 0, "mac"),
- USHORTMAP_ENTRY_IDX(L3_PROTO_LAST_IDX, 0, NULL),
+static const struct virNWFilterUShortMap l3_protocols[] = {
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_IPV4, ETHERTYPE_IP, "ipv4"),
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_IPV6, ETHERTYPE_IPV6, "ipv6"),
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_ARP, ETHERTYPE_ARP, "arp"),
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_RARP, ETHERTYPE_REVARP, "rarp"),
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_VLAN, ETHERTYPE_VLAN, "vlan"),
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_STP, 0, "stp"),
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_MAC, 0, "mac"),
+ virNWFilterUShortMapEntryIdx(VIR_NWFILTER_PROTO_IDX_LAST, 0, NULL),
};
const char *ifname;
int nrules;
virNWFilterRuleInst **rules;
-} chainCreateCallbackData;
+} virNWFilterChainCreateCallbackData;
static iptablesBaseChainFW fw_base_chains[] = {
{"FORWARD", "1", VIRT_IN_CHAIN},
};
static int
-printVar(virNWFilterVarCombIter *vars,
- char *buf, int bufsize,
- nwItemDesc *item,
- bool *done)
+virNWFilterPrintVar(virNWFilterVarCombIter *vars,
+ char *buf, int bufsize,
+ nwItemDesc *item,
+ bool *done)
{
*done = false;
static int
-_printDataType(virNWFilterVarCombIter *vars,
+_virNWFilterPrintDataType(virNWFilterVarCombIter *vars,
char *buf, int bufsize,
nwItemDesc *item,
bool asHex, bool directionIn)
g_auto(virBuffer) vb = VIR_BUFFER_INITIALIZER;
g_autofree char *flags = NULL;
- if (printVar(vars, buf, bufsize, item, &done) < 0)
+ if (virNWFilterPrintVar(vars, buf, bufsize, item, &done) < 0)
return -1;
if (done)
static int
-printDataType(virNWFilterVarCombIter *vars,
- char *buf, int bufsize,
- nwItemDesc *item)
+virNWFilterPrintDataType(virNWFilterVarCombIter *vars,
+ char *buf, int bufsize,
+ nwItemDesc *item)
{
- return _printDataType(vars, buf, bufsize, item, 0, 0);
+ return _virNWFilterPrintDataType(vars, buf, bufsize, item, 0, 0);
}
static int
-printDataTypeDirection(virNWFilterVarCombIter *vars,
- char *buf, int bufsize,
- nwItemDesc *item, bool directionIn)
+virNWFilterPrintDataTypeDirection(virNWFilterVarCombIter *vars,
+ char *buf, int bufsize,
+ nwItemDesc *item, bool directionIn)
{
- return _printDataType(vars, buf, bufsize, item, 0, directionIn);
+ return _virNWFilterPrintDataType(vars, buf, bufsize, item, 0, directionIn);
}
static int
-printDataTypeAsHex(virNWFilterVarCombIter *vars,
- char *buf, int bufsize,
- nwItemDesc *item)
+virNWFilterPrintDataTypeAsHex(virNWFilterVarCombIter *vars,
+ char *buf, int bufsize,
+ nwItemDesc *item)
{
- return _printDataType(vars, buf, bufsize, item, 1, 0);
+ return _virNWFilterPrintDataType(vars, buf, bufsize, item, 1, 0);
}
char macmask[VIR_MAC_STRING_BUFLEN];
if (HAS_ENTRY_ITEM(ðHdr->dataSrcMACAddr)) {
- if (printDataType(vars,
- macaddr, sizeof(macaddr),
- ðHdr->dataSrcMACAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ macaddr, sizeof(macaddr),
+ ðHdr->dataSrcMACAddr) < 0)
return -1;
virFirewallCmdAddArgList(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(ðHdr->dataSrcMACMask)) {
- if (printDataType(vars,
- macmask, sizeof(macmask),
- ðHdr->dataSrcMACMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ macmask, sizeof(macmask),
+ ðHdr->dataSrcMACMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
}
if (HAS_ENTRY_ITEM(ðHdr->dataDstMACAddr)) {
- if (printDataType(vars,
- macaddr, sizeof(macaddr),
- ðHdr->dataDstMACAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ macaddr, sizeof(macaddr),
+ ðHdr->dataDstMACAddr) < 0)
return -1;
virFirewallCmdAddArgList(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(ðHdr->dataDstMACMask)) {
- if (printDataType(vars,
- macmask, sizeof(macmask),
- ðHdr->dataDstMACMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ macmask, sizeof(macmask),
+ ðHdr->dataDstMACMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
return 0;
}
- if (printDataType(vars,
- macaddr, sizeof(macaddr),
- srcMacAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ macaddr, sizeof(macaddr),
+ srcMacAddr) < 0)
return -1;
virFirewallCmdAddArgList(fw, fwrule,
}
if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPAddr)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &ipHdr->dataSrcIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &ipHdr->dataSrcIPAddr) < 0)
return -1;
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataSrcIPAddr))
if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPMask)) {
- if (printDataType(vars,
- number, sizeof(number),
- &ipHdr->dataSrcIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &ipHdr->dataSrcIPMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, ipaddr);
}
} else if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPFrom)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &ipHdr->dataSrcIPFrom) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &ipHdr->dataSrcIPFrom) < 0)
return -1;
virFirewallCmdAddArgList(fw, fwrule,
if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPTo)) {
- if (printDataType(vars,
- ipaddralt, sizeof(ipaddralt),
- &ipHdr->dataSrcIPTo) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddralt, sizeof(ipaddralt),
+ &ipHdr->dataSrcIPTo) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
}
if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPAddr)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &ipHdr->dataDstIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &ipHdr->dataDstIPAddr) < 0)
return -1;
if (ENTRY_WANT_NEG_SIGN(&ipHdr->dataDstIPAddr))
virFirewallCmdAddArg(fw, fwrule, dst);
if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPMask)) {
- if (printDataType(vars,
- number, sizeof(number),
- &ipHdr->dataDstIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &ipHdr->dataDstIPMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, ipaddr);
}
} else if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPFrom)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &ipHdr->dataDstIPFrom) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &ipHdr->dataDstIPFrom) < 0)
return -1;
virFirewallCmdAddArgList(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, dstrange);
if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPTo)) {
- if (printDataType(vars,
- ipaddralt, sizeof(ipaddralt),
- &ipHdr->dataDstIPTo) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddralt, sizeof(ipaddralt),
+ &ipHdr->dataDstIPTo) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
}
if (HAS_ENTRY_ITEM(&ipHdr->dataDSCP)) {
- if (printDataType(vars,
- number, sizeof(number),
- &ipHdr->dataDSCP) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &ipHdr->dataDSCP) < 0)
return -1;
virFirewallCmdAddArgList(fw, fwrule,
if (HAS_ENTRY_ITEM(&ipHdr->dataIPSet) &&
HAS_ENTRY_ITEM(&ipHdr->dataIPSetFlags)) {
- if (printDataType(vars,
- str, sizeof(str),
- &ipHdr->dataIPSet) < 0)
+ if (virNWFilterPrintDataType(vars,
+ str, sizeof(str),
+ &ipHdr->dataIPSet) < 0)
return -1;
virFirewallCmdAddArgList(fw, fwrule,
"--match-set", str,
NULL);
- if (printDataTypeDirection(vars,
- str, sizeof(str),
- &ipHdr->dataIPSetFlags, directionIn) < 0)
+ if (virNWFilterPrintDataTypeDirection(vars,
+ str, sizeof(str),
+ &ipHdr->dataIPSetFlags, directionIn) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, str);
if (HAS_ENTRY_ITEM(&ipHdr->dataConnlimitAbove)) {
if (!directionIn) {
- if (printDataType(vars,
- number, sizeof(number),
- &ipHdr->dataConnlimitAbove) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &ipHdr->dataConnlimitAbove) < 0)
return -1;
/* place connlimit after potential -m state --state ...
}
if (HAS_ENTRY_ITEM(&portData->dataSrcPortStart)) {
- if (printDataType(vars,
- portstr, sizeof(portstr),
- &portData->dataSrcPortStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ portstr, sizeof(portstr),
+ &portData->dataSrcPortStart) < 0)
return -1;
if (ENTRY_WANT_NEG_SIGN(&portData->dataSrcPortStart))
virFirewallCmdAddArg(fw, fwrule, sport);
if (HAS_ENTRY_ITEM(&portData->dataSrcPortEnd)) {
- if (printDataType(vars,
- portstralt, sizeof(portstralt),
- &portData->dataSrcPortEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ portstralt, sizeof(portstralt),
+ &portData->dataSrcPortEnd) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
}
if (HAS_ENTRY_ITEM(&portData->dataDstPortStart)) {
- if (printDataType(vars,
- portstr, sizeof(portstr),
- &portData->dataDstPortStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ portstr, sizeof(portstr),
+ &portData->dataDstPortStart) < 0)
return -1;
if (ENTRY_WANT_NEG_SIGN(&portData->dataDstPortStart))
virFirewallCmdAddArg(fw, fwrule, dport);
if (HAS_ENTRY_ITEM(&portData->dataDstPortEnd)) {
- if (printDataType(vars,
- portstralt, sizeof(portstralt),
- &portData->dataDstPortEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ portstralt, sizeof(portstralt),
+ &portData->dataDstPortEnd) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
return -1;
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPOption)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.tcpHdrFilter.dataTCPOption) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.tcpHdrFilter.dataTCPOption) < 0)
return -1;
if (ENTRY_WANT_NEG_SIGN(&rule->p.tcpHdrFilter.dataTCPOption))
else
parm = "--icmpv6-type";
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.icmpHdrFilter.dataICMPType) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.icmpHdrFilter.dataICMPType) < 0)
return -1;
if (ENTRY_WANT_NEG_SIGN(&rule->p.icmpHdrFilter.dataICMPType))
virFirewallCmdAddArg(fw, fwrule, parm);
if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPCode)) {
- if (printDataType(vars,
- numberalt, sizeof(numberalt),
- &rule->p.icmpHdrFilter.dataICMPCode) < 0)
+ if (virNWFilterPrintDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.icmpHdrFilter.dataICMPCode) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
#define INST_ITEM(STRUCT, ITEM, CLI) \
if (HAS_ENTRY_ITEM(&rule->p.STRUCT.ITEM)) { \
- if (printDataType(vars, \
- field, sizeof(field), \
- &rule->p.STRUCT.ITEM) < 0) \
+ if (virNWFilterPrintDataType(vars, \
+ field, sizeof(field), \
+ &rule->p.STRUCT.ITEM) < 0) \
return -1; \
virFirewallCmdAddArg(fw, fwrule, CLI); \
if (ENTRY_WANT_NEG_SIGN(&rule->p.STRUCT.ITEM)) \
#define INST_ITEM_2PARMS(STRUCT, ITEM, ITEM_HI, CLI, SEP) \
if (HAS_ENTRY_ITEM(&rule->p.STRUCT.ITEM)) { \
- if (printDataType(vars, \
- field, sizeof(field), \
- &rule->p.STRUCT.ITEM) < 0) \
+ if (virNWFilterPrintDataType(vars, \
+ field, sizeof(field), \
+ &rule->p.STRUCT.ITEM) < 0) \
return -1; \
virFirewallCmdAddArg(fw, fwrule, CLI); \
if (ENTRY_WANT_NEG_SIGN(&rule->p.STRUCT.ITEM)) \
virFirewallCmdAddArg(fw, fwrule, "!"); \
if (HAS_ENTRY_ITEM(&rule->p.STRUCT.ITEM_HI)) { \
- if (printDataType(vars, \
- fieldalt, sizeof(fieldalt), \
- &rule->p.STRUCT.ITEM_HI) < 0) \
+ if (virNWFilterPrintDataType(vars, \
+ fieldalt, sizeof(fieldalt), \
+ &rule->p.STRUCT.ITEM_HI) < 0) \
return -1; \
virFirewallCmdAddArgFormat(fw, fwrule, \
"%s%s%s", field, SEP, fieldalt); \
return -1;
if (HAS_ENTRY_ITEM(&rule->p.ethHdrFilter.dataProtocolID)) {
- if (printDataTypeAsHex(vars,
- number, sizeof(number),
- &rule->p.ethHdrFilter.dataProtocolID) < 0)
+ if (virNWFilterPrintDataTypeAsHex(vars,
+ number, sizeof(number),
+ &rule->p.ethHdrFilter.dataProtocolID) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, "-p");
if (ENTRY_WANT_NEG_SIGN(&rule->p.ethHdrFilter.dataProtocolID))
virFirewallCmdAddArg(fw, fwrule, "-p");
virFirewallCmdAddArgFormat(fw, fwrule, "0x%x",
(rule->prtclType == VIR_NWFILTER_RULE_PROTOCOL_ARP)
- ? l3_protocols[L3_PROTO_ARP_IDX].attr
- : l3_protocols[L3_PROTO_RARP_IDX].attr);
+ ? l3_protocols[VIR_NWFILTER_PROTO_IDX_ARP].attr
+ : l3_protocols[VIR_NWFILTER_PROTO_IDX_RARP].attr);
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataHWType)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.arpHdrFilter.dataHWType) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.arpHdrFilter.dataHWType) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, "--arp-htype");
if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataHWType))
}
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataOpcode)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.arpHdrFilter.dataOpcode) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.arpHdrFilter.dataOpcode) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, "--arp-opcode");
if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataOpcode))
}
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataProtocolType)) {
- if (printDataTypeAsHex(vars,
- number, sizeof(number),
- &rule->p.arpHdrFilter.dataProtocolType) < 0)
+ if (virNWFilterPrintDataTypeAsHex(vars,
+ number, sizeof(number),
+ &rule->p.arpHdrFilter.dataProtocolType) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, "--arp-ptype");
if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataProtocolType))
}
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcIPAddr)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &rule->p.arpHdrFilter.dataARPSrcIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &rule->p.arpHdrFilter.dataARPSrcIPAddr) < 0)
return -1;
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcIPMask)) {
- if (printDataType(vars,
- ipmask, sizeof(ipmask),
- &rule->p.arpHdrFilter.dataARPSrcIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipmask, sizeof(ipmask),
+ &rule->p.arpHdrFilter.dataARPSrcIPMask) < 0)
return -1;
hasMask = true;
}
}
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPAddr)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &rule->p.arpHdrFilter.dataARPDstIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &rule->p.arpHdrFilter.dataARPDstIPAddr) < 0)
return -1;
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPMask)) {
- if (printDataType(vars,
- ipmask, sizeof(ipmask),
- &rule->p.arpHdrFilter.dataARPDstIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipmask, sizeof(ipmask),
+ &rule->p.arpHdrFilter.dataARPDstIPMask) < 0)
return -1;
hasMask = true;
}
}
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcMACAddr)) {
- if (printDataType(vars,
- macaddr, sizeof(macaddr),
- &rule->p.arpHdrFilter.dataARPSrcMACAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ macaddr, sizeof(macaddr),
+ &rule->p.arpHdrFilter.dataARPSrcMACAddr) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
}
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstMACAddr)) {
- if (printDataType(vars,
- macaddr, sizeof(macaddr),
- &rule->p.arpHdrFilter.dataARPDstMACAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ macaddr, sizeof(macaddr),
+ &rule->p.arpHdrFilter.dataARPDstMACAddr) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
"-p", "ipv4", NULL);
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataSrcIPMask)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipHdrFilter.ipHdr.dataSrcIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipHdrFilter.ipHdr.dataSrcIPMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
"%s/%s", ipaddr, number);
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataDstIPAddr)) {
- if (printDataType(vars,
- ipaddr, sizeof(ipaddr),
- &rule->p.ipHdrFilter.ipHdr.dataDstIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipaddr, sizeof(ipaddr),
+ &rule->p.ipHdrFilter.ipHdr.dataDstIPAddr) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataDstIPMask)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipHdrFilter.ipHdr.dataDstIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipHdrFilter.ipHdr.dataDstIPMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
"%s/%s", ipaddr, number);
}
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataProtocolID)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipHdrFilter.ipHdr.dataProtocolID) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipHdrFilter.ipHdr.dataProtocolID) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, "--ip-protocol");
}
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataSrcPortStart)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipHdrFilter.portData.dataSrcPortStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipHdrFilter.portData.dataSrcPortStart) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataSrcPortEnd)) {
- if (printDataType(vars,
- numberalt, sizeof(numberalt),
- &rule->p.ipHdrFilter.portData.dataSrcPortEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipHdrFilter.portData.dataSrcPortEnd) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
}
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataDstPortStart)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipHdrFilter.portData.dataDstPortStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipHdrFilter.portData.dataDstPortStart) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataDstPortEnd)) {
- if (printDataType(vars,
- numberalt, sizeof(numberalt),
- &rule->p.ipHdrFilter.portData.dataDstPortEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipHdrFilter.portData.dataDstPortEnd) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
}
if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataDSCP)) {
- if (printDataTypeAsHex(vars,
- number, sizeof(number),
- &rule->p.ipHdrFilter.ipHdr.dataDSCP) < 0)
+ if (virNWFilterPrintDataTypeAsHex(vars,
+ number, sizeof(number),
+ &rule->p.ipHdrFilter.ipHdr.dataDSCP) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, "--ip-tos");
"-p", "ipv6", NULL);
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr)) {
- if (printDataType(vars,
- ipv6addr, sizeof(ipv6addr),
- &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipv6addr, sizeof(ipv6addr),
+ &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataSrcIPMask)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
"%s/%s", ipv6addr, number);
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr)) {
- if (printDataType(vars,
- ipv6addr, sizeof(ipv6addr),
- &rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr) < 0)
+ if (virNWFilterPrintDataType(vars,
+ ipv6addr, sizeof(ipv6addr),
+ &rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
"%s/%s", ipv6addr, number);
}
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataProtocolID)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipv6HdrFilter.ipHdr.dataProtocolID) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.ipHdr.dataProtocolID) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule, "--ip6-protocol");
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataSrcPortStart)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipv6HdrFilter.portData.dataSrcPortStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.portData.dataSrcPortStart) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataSrcPortEnd)) {
- if (printDataType(vars,
- numberalt, sizeof(numberalt),
- &rule->p.ipv6HdrFilter.portData.dataSrcPortEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipv6HdrFilter.portData.dataSrcPortEnd) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataDstPortStart)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipv6HdrFilter.portData.dataDstPortStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.portData.dataDstPortStart) < 0)
return -1;
virFirewallCmdAddArg(fw, fwrule,
virFirewallCmdAddArg(fw, fwrule, "!");
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataDstPortEnd)) {
- if (printDataType(vars,
- numberalt, sizeof(numberalt),
- &rule->p.ipv6HdrFilter.portData.dataDstPortEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipv6HdrFilter.portData.dataDstPortEnd) < 0)
return -1;
virFirewallCmdAddArgFormat(fw, fwrule,
"--ip6-icmp-type");
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeStart)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipv6HdrFilter.dataICMPTypeStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.dataICMPTypeStart) < 0)
return -1;
lo = true;
} else {
virBufferStrcat(&buf, number, ":", NULL);
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPTypeEnd)) {
- if (printDataType(vars,
- numberalt, sizeof(numberalt),
- &rule->p.ipv6HdrFilter.dataICMPTypeEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipv6HdrFilter.dataICMPTypeEnd) < 0)
return -1;
} else {
if (lo)
lo = false;
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart)) {
- if (printDataType(vars,
- number, sizeof(number),
- &rule->p.ipv6HdrFilter.dataICMPCodeStart) < 0)
+ if (virNWFilterPrintDataType(vars,
+ number, sizeof(number),
+ &rule->p.ipv6HdrFilter.dataICMPCodeStart) < 0)
return -1;
lo = true;
} else {
virBufferStrcat(&buf, number, ":", NULL);
if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) {
- if (printDataType(vars,
- numberalt, sizeof(numberalt),
- &rule->p.ipv6HdrFilter.dataICMPCodeEnd) < 0)
+ if (virNWFilterPrintDataType(vars,
+ numberalt, sizeof(numberalt),
+ &rule->p.ipv6HdrFilter.dataICMPCodeEnd) < 0)
return -1;
} else {
if (lo)
ebtablesCreateTmpSubChainFW(virFirewall *fw,
bool incoming,
const char *ifname,
- enum l3_proto_idx protoidx,
+ enum virNWFilterProtoIdx protoidx,
const char *filtername)
{
char rootchain[MAX_CHAINNAME_LENGTH], chain[MAX_CHAINNAME_LENGTH];
"-t", "nat", "-A", rootchain, NULL);
switch ((int)protoidx) {
- case L2_PROTO_MAC_IDX:
+ case VIR_NWFILTER_PROTO_IDX_MAC:
break;
- case L2_PROTO_STP_IDX:
+ case VIR_NWFILTER_PROTO_IDX_STP:
virFirewallCmdAddArgList(fw, fwrule,
"-d", NWFILTER_MAC_BGA, NULL);
break;
* Given a filtername determine the protocol it is used for evaluating
* We do prefix-matching to determine the protocol.
*/
-static enum l3_proto_idx
+static enum virNWFilterProtoIdx
ebtablesGetProtoIdxByFiltername(const char *filtername)
{
- enum l3_proto_idx idx;
+ enum virNWFilterProtoIdx idx;
- for (idx = 0; idx < L3_PROTO_LAST_IDX; idx++) {
+ for (idx = 0; idx < VIR_NWFILTER_PROTO_IDX_LAST; idx++) {
if (STRPREFIX(filtername, l3_protocols[idx].val))
return idx;
}
{
size_t i, j;
static bool baseChainDefined[G_N_ELEMENTS(fw_base_chains)] = { false };
- chainCreateCallbackData *cbdata = opaque;
+ virNWFilterChainCreateCallbackData *cbdata = opaque;
bool isIPv6 = layer == VIR_FIREWALL_LAYER_IPV6;
iptablesUnlinkTmpRootChainsFW(fw, layer, cbdata->ifname);
*/
static void iptablesCreateChainsAndRules(virFirewall *fw,
virFirewallLayer layer,
- chainCreateCallbackData *cbdata)
+ virNWFilterChainCreateCallbackData *cbdata)
{
virFirewallAddCmdFull(fw, layer,
false, iptablesHandleCreateChainAndRules,
struct _ebtablesSubChainInst {
virNWFilterChainPriority priority;
bool incoming;
- enum l3_proto_idx protoidx;
+ enum virNWFilterProtoIdx protoidx;
const char *filtername;
};
for (i = 0; filter_names[i].key; i++) {
g_autofree ebtablesSubChainInst *inst = NULL;
- enum l3_proto_idx idx = ebtablesGetProtoIdxByFiltername(
+ enum virNWFilterProtoIdx idx = ebtablesGetProtoIdxByFiltername(
filter_names[i].key);
if ((int)idx < 0)
g_autofree ebtablesSubChainInst **subchains = NULL;
size_t nsubchains = 0;
int ret = -1;
- chainCreateCallbackData chainCallbackData = {ifname, nrules, rules};
+ virNWFilterChainCreateCallbackData chainCallbackData = {ifname, nrules, rules};
if (nrules) {
g_qsort_with_data(rules, nrules, sizeof(rules[0]),
projects / thirdparty / libvirt.git / commitdiff
