util: rename iptables operators to something less generic

Rather than calling these "ADD" and "REMOVE", which could be confused
with some other random items with the same names, make them more
specific by prepending "VIR_NETFILTER_" (because they will also be
used by the nftables backend) and rename them to match the
iptables/nftables operators they signify, i.e. INSERT and DELETE, just
to eliminate confusion (in particular, in case someone ever decides
that we need to also use the nftables "add" operator, which appends a
rule to a chain rather than inserting it at the beginning of the
chain).

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 78d979cfe804d7a20f2ca270e82d53689cd624f4..d2bc10a6524eaa3f941176959119d32d58382199 100644 (file)
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -43,8 +43,8 @@ VIR_LOG_INIT("util.iptables");
 #define VIR_FROM_THIS VIR_FROM_NONE
 
 enum {
-    ADD = 0,
-    REMOVE
+    VIR_NETFILTER_INSERT = 0,
+    VIR_NETFILTER_DELETE
 };
 
 typedef struct {
@@ -175,7 +175,7 @@ iptablesInput(virFirewall *fw,
 
     virFirewallAddRule(fw, layer,
                        "--table", "filter",
-                       action == ADD ? "--insert" : "--delete",
+                       action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                        "LIBVIRT_INP",
                        "--in-interface", iface,
                        "--protocol", tcp ? "tcp" : "udp",
@@ -199,7 +199,7 @@ iptablesOutput(virFirewall *fw,
 
     virFirewallAddRule(fw, layer,
                        "--table", "filter",
-                       action == ADD ? "--insert" : "--delete",
+                       action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                        "LIBVIRT_OUT",
                        "--out-interface", iface,
                        "--protocol", tcp ? "tcp" : "udp",
@@ -223,7 +223,7 @@ iptablesAddTcpInput(virFirewall *fw,
                     const char *iface,
                     int port)
 {
-    iptablesInput(fw, layer, iface, port, ADD, 1);
+    iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1);
 }
 
 /**
@@ -241,7 +241,7 @@ iptablesRemoveTcpInput(virFirewall *fw,
                        const char *iface,
                        int port)
 {
-    iptablesInput(fw, layer, iface, port, REMOVE, 1);
+    iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1);
 }
 
 /**
@@ -259,7 +259,7 @@ iptablesAddUdpInput(virFirewall *fw,
                     const char *iface,
                     int port)
 {
-    iptablesInput(fw, layer, iface, port, ADD, 0);
+    iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0);
 }
 
 /**
@@ -277,7 +277,7 @@ iptablesRemoveUdpInput(virFirewall *fw,
                        const char *iface,
                        int port)
 {
-    iptablesInput(fw, layer, iface, port, REMOVE, 0);
+    iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0);
 }
 
 /**
@@ -295,7 +295,7 @@ iptablesAddTcpOutput(virFirewall *fw,
                      const char *iface,
                      int port)
 {
-    iptablesOutput(fw, layer, iface, port, ADD, 1);
+    iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1);
 }
 
 /**
@@ -313,7 +313,7 @@ iptablesRemoveTcpOutput(virFirewall *fw,
                         const char *iface,
                         int port)
 {
-    iptablesOutput(fw, layer, iface, port, REMOVE, 1);
+    iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1);
 }
 
 /**
@@ -331,7 +331,7 @@ iptablesAddUdpOutput(virFirewall *fw,
                      const char *iface,
                      int port)
 {
-    iptablesOutput(fw, layer, iface, port, ADD, 0);
+    iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0);
 }
 
 /**
@@ -349,7 +349,7 @@ iptablesRemoveUdpOutput(virFirewall *fw,
                         const char *iface,
                         int port)
 {
-    iptablesOutput(fw, layer, iface, port, REMOVE, 0);
+    iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0);
 }
 
 
@@ -374,7 +374,7 @@ iptablesForwardAllowOut(virFirewall *fw,
     if (physdev && physdev[0])
         virFirewallAddRule(fw, layer,
                            "--table", "filter",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_FWO",
                            "--source", networkstr,
                            "--in-interface", iface,
@@ -384,7 +384,7 @@ iptablesForwardAllowOut(virFirewall *fw,
     else
         virFirewallAddRule(fw, layer,
                            "--table", "filter",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_FWO",
                            "--source", networkstr,
                            "--in-interface", iface,
@@ -414,7 +414,8 @@ iptablesAddForwardAllowOut(virFirewall *fw,
                            const char *iface,
                            const char *physdev)
 {
-    return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, ADD);
+    return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev,
+                                   VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -437,7 +438,8 @@ iptablesRemoveForwardAllowOut(virFirewall *fw,
                               const char *iface,
                               const char *physdev)
 {
-    return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, REMOVE);
+    return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev,
+                                   VIR_NETFILTER_DELETE);
 }
 
 
@@ -462,7 +464,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw,
     if (physdev && physdev[0])
         virFirewallAddRule(fw, layer,
                            "--table", "filter",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_FWI",
                            "--destination", networkstr,
                            "--in-interface", physdev,
@@ -474,7 +476,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw,
     else
         virFirewallAddRule(fw, layer,
                            "--table", "filter",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_FWI",
                            "--destination", networkstr,
                            "--out-interface", iface,
@@ -506,7 +508,8 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw,
                                  const char *iface,
                                  const char *physdev)
 {
-    return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev, ADD);
+    return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev,
+                                         VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -529,7 +532,8 @@ iptablesRemoveForwardAllowRelatedIn(virFirewall *fw,
                                     const char *iface,
                                     const char *physdev)
 {
-    return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev, REMOVE);
+    return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev,
+                                         VIR_NETFILTER_DELETE);
 }
 
 /* Allow all traffic destined to the bridge, with a valid network address
@@ -552,7 +556,7 @@ iptablesForwardAllowIn(virFirewall *fw,
     if (physdev && physdev[0])
         virFirewallAddRule(fw, layer,
                            "--table", "filter",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_FWI",
                            "--destination", networkstr,
                            "--in-interface", physdev,
@@ -562,7 +566,7 @@ iptablesForwardAllowIn(virFirewall *fw,
     else
         virFirewallAddRule(fw, layer,
                            "--table", "filter",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_FWI",
                            "--destination", networkstr,
                            "--out-interface", iface,
@@ -591,7 +595,8 @@ iptablesAddForwardAllowIn(virFirewall *fw,
                           const char *iface,
                           const char *physdev)
 {
-    return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, ADD);
+    return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev,
+                                  VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -614,7 +619,8 @@ iptablesRemoveForwardAllowIn(virFirewall *fw,
                              const char *iface,
                              const char *physdev)
 {
-    return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, REMOVE);
+    return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev,
+                                  VIR_NETFILTER_DELETE);
 }
 
 static void
@@ -625,7 +631,7 @@ iptablesForwardAllowCross(virFirewall *fw,
 {
     virFirewallAddRule(fw, layer,
                        "--table", "filter",
-                       action == ADD ? "--insert" : "--delete",
+                       action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                        "LIBVIRT_FWX",
                        "--in-interface", iface,
                        "--out-interface", iface,
@@ -649,7 +655,7 @@ iptablesAddForwardAllowCross(virFirewall *fw,
                              virFirewallLayer layer,
                              const char *iface)
 {
-    iptablesForwardAllowCross(fw, layer, iface, ADD);
+    iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -668,7 +674,7 @@ iptablesRemoveForwardAllowCross(virFirewall *fw,
                                 virFirewallLayer layer,
                                 const char *iface)
 {
-    iptablesForwardAllowCross(fw, layer, iface, REMOVE);
+    iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_DELETE);
 }
 
 static void
@@ -679,7 +685,7 @@ iptablesForwardRejectOut(virFirewall *fw,
 {
     virFirewallAddRule(fw, layer,
                        "--table", "filter",
-                       action == ADD ? "--insert" : "--delete",
+                       action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                        "LIBVIRT_FWO",
                        "--in-interface", iface,
                        "--jump", "REJECT",
@@ -701,7 +707,7 @@ iptablesAddForwardRejectOut(virFirewall *fw,
                             virFirewallLayer layer,
                             const char *iface)
 {
-    iptablesForwardRejectOut(fw, layer, iface, ADD);
+    iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -719,7 +725,7 @@ iptablesRemoveForwardRejectOut(virFirewall *fw,
                                virFirewallLayer layer,
                                const char *iface)
 {
-    iptablesForwardRejectOut(fw, layer, iface, REMOVE);
+    iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_DELETE);
 }
 
 
@@ -731,7 +737,7 @@ iptablesForwardRejectIn(virFirewall *fw,
 {
     virFirewallAddRule(fw, layer,
                        "--table", "filter",
-                       action == ADD ? "--insert" : "--delete",
+                       action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                        "LIBVIRT_FWI",
                        "--out-interface", iface,
                        "--jump", "REJECT",
@@ -753,7 +759,7 @@ iptablesAddForwardRejectIn(virFirewall *fw,
                            virFirewallLayer layer,
                            const char *iface)
 {
-    iptablesForwardRejectIn(fw, layer, iface, ADD);
+    iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -771,7 +777,7 @@ iptablesRemoveForwardRejectIn(virFirewall *fw,
                               virFirewallLayer layer,
                               const char *iface)
 {
-    iptablesForwardRejectIn(fw, layer, iface, REMOVE);
+    iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_DELETE);
 }
 
 
@@ -813,7 +819,7 @@ iptablesForwardMasquerade(virFirewall *fw,
     if (protocol && protocol[0]) {
         rule = virFirewallAddRule(fw, layer,
                                   "--table", "nat",
-                                  action == ADD ? "--insert" : "--delete",
+                                  action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                                   "LIBVIRT_PRT",
                                   "--source", networkstr,
                                   "-p", protocol,
@@ -822,7 +828,7 @@ iptablesForwardMasquerade(virFirewall *fw,
     } else {
         rule = virFirewallAddRule(fw, layer,
                                   "--table", "nat",
-                                  action == ADD ? "--insert" : "--delete",
+                                  action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                                   "LIBVIRT_PRT",
                                   "--source", networkstr,
                                   "!", "--destination", networkstr,
@@ -896,7 +902,8 @@ iptablesAddForwardMasquerade(virFirewall *fw,
                              const char *protocol)
 {
     return iptablesForwardMasquerade(fw, netaddr, prefix,
-                                     physdev, addr, port, protocol, ADD);
+                                     physdev, addr, port, protocol,
+                                     VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -922,7 +929,8 @@ iptablesRemoveForwardMasquerade(virFirewall *fw,
                                 const char *protocol)
 {
     return iptablesForwardMasquerade(fw, netaddr, prefix,
-                                     physdev, addr, port, protocol, REMOVE);
+                                     physdev, addr, port, protocol,
+                                     VIR_NETFILTER_DELETE);
 }
 
 
@@ -947,7 +955,7 @@ iptablesForwardDontMasquerade(virFirewall *fw,
     if (physdev && physdev[0])
         virFirewallAddRule(fw, layer,
                            "--table", "nat",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_PRT",
                            "--out-interface", physdev,
                            "--source", networkstr,
@@ -957,7 +965,7 @@ iptablesForwardDontMasquerade(virFirewall *fw,
     else
         virFirewallAddRule(fw, layer,
                            "--table", "nat",
-                           action == ADD ? "--insert" : "--delete",
+                           action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                            "LIBVIRT_PRT",
                            "--source", networkstr,
                            "--destination", destaddr,
@@ -989,7 +997,7 @@ iptablesAddDontMasquerade(virFirewall *fw,
                           const char *destaddr)
 {
     return iptablesForwardDontMasquerade(fw, netaddr, prefix,
-                                         physdev, destaddr, ADD);
+                                         physdev, destaddr, VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -1014,7 +1022,8 @@ iptablesRemoveDontMasquerade(virFirewall *fw,
                              const char *destaddr)
 {
     return iptablesForwardDontMasquerade(fw, netaddr, prefix,
-                                         physdev, destaddr, REMOVE);
+                                         physdev, destaddr,
+                                         VIR_NETFILTER_DELETE);
 }
 
 
@@ -1031,7 +1040,7 @@ iptablesOutputFixUdpChecksum(virFirewall *fw,
 
     virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
                        "--table", "mangle",
-                       action == ADD ? "--insert" : "--delete",
+                       action == VIR_NETFILTER_INSERT ? "--insert" : "--delete",
                        "LIBVIRT_PRT",
                        "--out-interface", iface,
                        "--protocol", "udp",
@@ -1056,7 +1065,7 @@ iptablesAddOutputFixUdpChecksum(virFirewall *fw,
                                 const char *iface,
                                 int port)
 {
-    iptablesOutputFixUdpChecksum(fw, iface, port, ADD);
+    iptablesOutputFixUdpChecksum(fw, iface, port, VIR_NETFILTER_INSERT);
 }
 
 /**
@@ -1073,5 +1082,5 @@ iptablesRemoveOutputFixUdpChecksum(virFirewall *fw,
                                    const char *iface,
                                    int port)
 {
-    iptablesOutputFixUdpChecksum(fw, iface, port, REMOVE);
+    iptablesOutputFixUdpChecksum(fw, iface, port, VIR_NETFILTER_DELETE);
 }