Add helper methods for determining what protocol layer is used

Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods
to avoid having to write a giant switch statements with many cases.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

src/conf/nwfilter_conf.c

@@ -3484,3 +3484,29 @@ void virNWFilterObjUnlock(virNWFilterObjPtr obj)
 {
     virMutexUnlock(&obj->lock);
 }
+
+
+bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule)
+{
+    if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP &&
+        rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALL)
+        return true;
+    return false;
+}
+
+
+bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule)
+{
+    if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6 &&
+        rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6)
+        return true;
+    return false;
+}
+
+
+bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule)
+{
+    if (rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_IPV6)
+        return true;
+    return false;
+}

src/conf/nwfilter_conf.h

@@ -373,7 +373,13 @@ enum virNWFilterChainPolicyType {
     VIR_NWFILTER_CHAIN_POLICY_LAST,
 };
 
+
+/*
+ * If adding protocols be sure to update the
+ * virNWFilterRuleIsProtocolXXXX function impls
+ */
 enum virNWFilterRuleProtocolType {
+    /* Ethernet layer protocols */
     VIR_NWFILTER_RULE_PROTOCOL_NONE = 0,
     VIR_NWFILTER_RULE_PROTOCOL_MAC,
     VIR_NWFILTER_RULE_PROTOCOL_VLAN,
@@ -382,6 +388,8 @@ enum virNWFilterRuleProtocolType {
     VIR_NWFILTER_RULE_PROTOCOL_RARP,
     VIR_NWFILTER_RULE_PROTOCOL_IP,
     VIR_NWFILTER_RULE_PROTOCOL_IPV6,
+
+    /* IPv4 layer protocols */
     VIR_NWFILTER_RULE_PROTOCOL_TCP,
     VIR_NWFILTER_RULE_PROTOCOL_ICMP,
     VIR_NWFILTER_RULE_PROTOCOL_IGMP,
@@ -391,6 +399,8 @@ enum virNWFilterRuleProtocolType {
     VIR_NWFILTER_RULE_PROTOCOL_AH,
     VIR_NWFILTER_RULE_PROTOCOL_SCTP,
     VIR_NWFILTER_RULE_PROTOCOL_ALL,
+
+    /* IPv6 layer protocols */
     VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6,
     VIR_NWFILTER_RULE_PROTOCOL_ICMPV6,
     VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6,
@@ -667,6 +677,10 @@ void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask,
                               char sep, uint8_t flags);
 
 
+bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule);
+bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule);
+bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule);
+
 VIR_ENUM_DECL(virNWFilterRuleAction);
 VIR_ENUM_DECL(virNWFilterRuleDirection);
 VIR_ENUM_DECL(virNWFilterRuleProtocol);

src/libvirt_private.syms

@@ -595,6 +595,9 @@ virNWFilterReadLockFilterUpdates;
 virNWFilterRegisterCallbackDriver;
 virNWFilterRuleActionTypeToString;
 virNWFilterRuleDirectionTypeToString;
+virNWFilterRuleIsProtocolEthernet;
+virNWFilterRuleIsProtocolIPv4;
+virNWFilterRuleIsProtocolIPv6;
 virNWFilterRuleProtocolTypeToString;
 virNWFilterTestUnassignDef;
 virNWFilterUnlockFilterUpdates;

src/nwfilter/nwfilter_ebiptables_driver.c

@@ -2656,18 +2656,8 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
                              virNWFilterRuleInstPtr res)
 {
     int rc = 0;
-    bool isIPv6;
-
-    switch (rule->prtclType) {
-    case VIR_NWFILTER_RULE_PROTOCOL_IP:
-    case VIR_NWFILTER_RULE_PROTOCOL_MAC:
-    case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
-    case VIR_NWFILTER_RULE_PROTOCOL_STP:
-    case VIR_NWFILTER_RULE_PROTOCOL_ARP:
-    case VIR_NWFILTER_RULE_PROTOCOL_RARP:
-    case VIR_NWFILTER_RULE_PROTOCOL_NONE:
-    case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
 
+    if (virNWFilterRuleIsProtocolEthernet(rule)) {
         if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
             rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
             rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_IN_TEMP,
@@ -2691,48 +2681,24 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
                                             res,
                                             false);
         }
-    break;
-
-    case VIR_NWFILTER_RULE_PROTOCOL_TCP:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDP:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
-    case VIR_NWFILTER_RULE_PROTOCOL_ESP:
-    case VIR_NWFILTER_RULE_PROTOCOL_AH:
-    case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
-    case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
-    case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
-    case VIR_NWFILTER_RULE_PROTOCOL_ALL:
+    } else {
+        bool isIPv6;
+        if (virNWFilterRuleIsProtocolIPv6(rule)) {
+            isIPv6 = true;
+        } else if (virNWFilterRuleIsProtocolIPv4(rule)) {
             isIPv6 = false;
-        rc = iptablesCreateRuleInstance(nwfilter,
-                                        rule,
-                                        ifname,
-                                        vars,
-                                        res,
-                                        isIPv6);
-    break;
+        } else {
+            virReportError(VIR_ERR_OPERATION_FAILED,
+                           "%s", _("unexpected protocol type"));
+            return -1;
+        }
 
-    case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
-    case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
-        isIPv6 = true;
         rc = iptablesCreateRuleInstance(nwfilter,
                                         rule,
                                         ifname,
                                         vars,
                                         res,
                                         isIPv6);
-    break;
-
-    case VIR_NWFILTER_RULE_PROTOCOL_LAST:
-        virReportError(VIR_ERR_OPERATION_FAILED,
-                       "%s", _("illegal protocol type"));
-        rc = -1;
-    break;
     }
 
     return rc;