Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt
提交 a66fc27d 编写于 作者: D Daniel P. Berrange
浏览文件
操作

Convert bridge driver over to use new firewall APIs 

Update the iptablesXXXX methods so that instead of directly
executing iptables commands, they populate rules in an
instance of virFirewallPtr. The bridge driver can thus
construct the ruleset and then invoke it in one operation
having rollback handled automatically.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 3a0ca7de
展开全部 隐藏空白更改
内联 并排
Showing with 619 addition and 796 deletion
src/network/bridge_driver_linux.c
浏览文件 @ a66fc27d
此差异已折叠。
src/util/viriptables.c
浏览文件 @ a66fc27d
此差异已折叠。
src/util/viriptables.h
浏览文件 @ a66fc27d
...@@ -21,97 +21,131 @@ ...@@ -21,97 +21,131 @@
* Mark McLoughlin <markmc@redhat.com> * Mark McLoughlin <markmc@redhat.com>
*/ */
#ifndef __QEMUD_IPTABLES_H__ #ifndef __VIR_IPTABLES_H__
# define __QEMUD_IPTABLES_H__ # define __VIR_IPTABLES_H__
# include "virsocketaddr.h" # include "virsocketaddr.h"
# include "virfirewall.h"
int iptablesAddTcpInput (int family, void iptablesAddTcpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface, const char *iface,
int port); int port);
int iptablesRemoveTcpInput (int family, void iptablesRemoveTcpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface, const char *iface,
int port); int port);
int iptablesAddUdpInput (int family, void iptablesAddUdpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface, const char *iface,
int port); int port);
int iptablesRemoveUdpInput (int family, void iptablesRemoveUdpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface, const char *iface,
int port); int port);
int iptablesAddUdpOutput (int family, void iptablesAddUdpOutput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface, const char *iface,
int port); int port);
int iptablesRemoveUdpOutput (int family, void iptablesRemoveUdpOutput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface, const char *iface,
int port); int port);
int iptablesAddForwardAllowOut (virSocketAddr *netaddr, int iptablesAddForwardAllowOut (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *iface, const char *iface,
const char *physdev); const char *physdev)
int iptablesRemoveForwardAllowOut (virSocketAddr *netaddr, ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardAllowOut (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *iface, const char *iface,
const char *physdev); const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesAddForwardAllowRelatedIn(virSocketAddr *netaddr, int iptablesAddForwardAllowRelatedIn(virFirewallPtr fw,
unsigned int prefix, virSocketAddr *netaddr,
const char *iface,
const char *physdev);
int iptablesRemoveForwardAllowRelatedIn(virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *iface, const char *iface,
const char *physdev); const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardAllowRelatedIn(virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesAddForwardAllowIn (virSocketAddr *netaddr, int iptablesAddForwardAllowIn (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *iface, const char *iface,
const char *physdev); const char *physdev)
int iptablesRemoveForwardAllowIn (virSocketAddr *netaddr, ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardAllowIn (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *iface, const char *iface,
const char *physdev); const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesAddForwardAllowCross (int family, void iptablesAddForwardAllowCross (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface); const char *iface);
int iptablesRemoveForwardAllowCross (int family, void iptablesRemoveForwardAllowCross (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface); const char *iface);
int iptablesAddForwardRejectOut (int family, void iptablesAddForwardRejectOut (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface); const char *iface);
int iptablesRemoveForwardRejectOut (int family, void iptablesRemoveForwardRejectOut (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface); const char *iface);
int iptablesAddForwardRejectIn (int family, void iptablesAddForwardRejectIn (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface); const char *iface);
int iptablesRemoveForwardRejectIn (int family, void iptablesRemoveForwardRejectIn (virFirewallPtr fw,
virFirewallLayer layery,
const char *iface); const char *iface);
int iptablesAddForwardMasquerade (virSocketAddr *netaddr, int iptablesAddForwardMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *physdev, const char *physdev,
virSocketAddrRangePtr addr, virSocketAddrRangePtr addr,
virPortRangePtr port, virPortRangePtr port,
const char *protocol); const char *protocol)
int iptablesRemoveForwardMasquerade (virSocketAddr *netaddr, ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *physdev, const char *physdev,
virSocketAddrRangePtr addr, virSocketAddrRangePtr addr,
virPortRangePtr port, virPortRangePtr port,
const char *protocol); const char *protocol)
int iptablesAddDontMasquerade (virSocketAddr *netaddr, ATTRIBUTE_RETURN_CHECK;
int iptablesAddDontMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *physdev, const char *physdev,
const char *destaddr); const char *destaddr)
int iptablesRemoveDontMasquerade (virSocketAddr *netaddr, ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveDontMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix, unsigned int prefix,
const char *physdev, const char *physdev,
const char *destaddr); const char *destaddr)
int iptablesAddOutputFixUdpChecksum (const char *iface, ATTRIBUTE_RETURN_CHECK;
void iptablesAddOutputFixUdpChecksum (virFirewallPtr fw,
const char *iface,
int port); int port);
int iptablesRemoveOutputFixUdpChecksum (const char *iface, void iptablesRemoveOutputFixUdpChecksum (virFirewallPtr fw,
const char *iface,
int port); int port);
#endif /* __QEMUD_IPTABLES_H__ */ #endif /* __VIR_IPTABLES_H__ */
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册