Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt
提交 a66fc27d 编写于 作者: D Daniel P. Berrange
浏览文件
操作

Convert bridge driver over to use new firewall APIs 

Update the iptablesXXXX methods so that instead of directly
executing iptables commands, they populate rules in an
instance of virFirewallPtr. The bridge driver can thus
construct the ruleset and then invoke it in one operation
having rollback handled automatically.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 3a0ca7de
展开全部 隐藏空白更改
内联 并排
Showing with 619 addition and 796 deletion
src/network/bridge_driver_linux.c
浏览文件 @ a66fc27d
此差异已折叠。
src/util/viriptables.c
浏览文件 @ a66fc27d
此差异已折叠。
src/util/viriptables.h
浏览文件 @ a66fc27d
......@@ -21,97 +21,131 @@
* Mark McLoughlin <markmc@redhat.com>
*/
#ifndef __QEMUD_IPTABLES_H__
# define __QEMUD_IPTABLES_H__
#ifndef __VIR_IPTABLES_H__
# define __VIR_IPTABLES_H__
# include "virsocketaddr.h"
# include "virfirewall.h"
int iptablesAddTcpInput (int family,
void iptablesAddTcpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface,
int port);
int iptablesRemoveTcpInput (int family,
void iptablesRemoveTcpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface,
int port);
int iptablesAddUdpInput (int family,
void iptablesAddUdpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface,
int port);
int iptablesRemoveUdpInput (int family,
void iptablesRemoveUdpInput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface,
int port);
int iptablesAddUdpOutput (int family,
void iptablesAddUdpOutput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface,
int port);
int iptablesRemoveUdpOutput (int family,
void iptablesRemoveUdpOutput (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface,
int port);
int iptablesAddForwardAllowOut (virSocketAddr *netaddr,
int iptablesAddForwardAllowOut (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
int iptablesRemoveForwardAllowOut (virSocketAddr *netaddr,
const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardAllowOut (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
int iptablesAddForwardAllowRelatedIn(virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
int iptablesRemoveForwardAllowRelatedIn(virSocketAddr *netaddr,
const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesAddForwardAllowRelatedIn(virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardAllowRelatedIn(virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesAddForwardAllowIn (virSocketAddr *netaddr,
int iptablesAddForwardAllowIn (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
int iptablesRemoveForwardAllowIn (virSocketAddr *netaddr,
const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardAllowIn (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *iface,
const char *physdev);
const char *physdev)
ATTRIBUTE_RETURN_CHECK;
int iptablesAddForwardAllowCross (int family,
void iptablesAddForwardAllowCross (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface);
int iptablesRemoveForwardAllowCross (int family,
void iptablesRemoveForwardAllowCross (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface);
int iptablesAddForwardRejectOut (int family,
void iptablesAddForwardRejectOut (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface);
int iptablesRemoveForwardRejectOut (int family,
void iptablesRemoveForwardRejectOut (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface);
int iptablesAddForwardRejectIn (int family,
void iptablesAddForwardRejectIn (virFirewallPtr fw,
virFirewallLayer layer,
const char *iface);
int iptablesRemoveForwardRejectIn (int family,
void iptablesRemoveForwardRejectIn (virFirewallPtr fw,
virFirewallLayer layery,
const char *iface);
int iptablesAddForwardMasquerade (virSocketAddr *netaddr,
int iptablesAddForwardMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
virSocketAddrRangePtr addr,
virPortRangePtr port,
const char *protocol);
int iptablesRemoveForwardMasquerade (virSocketAddr *netaddr,
const char *protocol)
ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveForwardMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
virSocketAddrRangePtr addr,
virPortRangePtr port,
const char *protocol);
int iptablesAddDontMasquerade (virSocketAddr *netaddr,
const char *protocol)
ATTRIBUTE_RETURN_CHECK;
int iptablesAddDontMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
const char *destaddr);
int iptablesRemoveDontMasquerade (virSocketAddr *netaddr,
const char *destaddr)
ATTRIBUTE_RETURN_CHECK;
int iptablesRemoveDontMasquerade (virFirewallPtr fw,
virSocketAddr *netaddr,
unsigned int prefix,
const char *physdev,
const char *destaddr);
int iptablesAddOutputFixUdpChecksum (const char *iface,
const char *destaddr)
ATTRIBUTE_RETURN_CHECK;
void iptablesAddOutputFixUdpChecksum (virFirewallPtr fw,
const char *iface,
int port);
int iptablesRemoveOutputFixUdpChecksum (const char *iface,
void iptablesRemoveOutputFixUdpChecksum (virFirewallPtr fw,
const char *iface,
int port);
#endif /* __QEMUD_IPTABLES_H__ */
#endif /* __VIR_IPTABLES_H__ */
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册