git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Laine Stump <laine@redhat.com>
	Sat, 20 Apr 2024 02:19:42 +0000 (22:19 -0400)
committer	Laine Stump <laine@redhat.com>
	Thu, 23 May 2024 03:19:18 +0000 (23:19 -0400)
commit	01fd85fed930f56273e9fe266cd370b42a82bd9e
tree	1b4552b71aaf945a3908898bcb3680d9ae72584b	tree \| snapshot
parent	e1f6d2c20522fc0a9ebc2c3b8860bdc97a0e89fa	commit \| diff

network: move all functions manipulating iptables rules into network_iptables.c

Although initially we will add exactly the same rules for the nftables
backend, the two may (hopefully) soon diverge as we take advantage of
nftables features that weren't available in iptables. When we do that,
there will need to be a different version of these functions (currently in
bridge_driver_linux.c) for each backend:

  networkAddFirewallRules()
  networkRemoveFirewallRules()
  networkSetupPrivateChains()

Although it will mean duplicating some amount of code (with just the
function names changed) for the nftables backend, this patch moves all
of the rule-related code in the above three functions into iptables*()
functions in network_iptables.c, and changes the functions in
bridge_driver_linux.c to call the iptables*() functions. When we make
a different backend, it will only need to make equivalents of those 3
functions publicly available to the upper layer.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>

src/network/bridge_driver_linux.c		diff \| blob \| blame \| history
src/network/network_iptables.c		diff \| blob \| blame \| history
src/network/network_iptables.h		diff \| blob \| blame \| history