Re: [libvirt] [PATCH 5/5] remove now unneeded iptablesContext
On Thu, 2009-12-10 at 12:08 +0000, Daniel P. Berrange wrote:
On Thu, Dec 10, 2009 at 11:27:55AM +0000, Mark McLoughlin wrote:
> iptablesContext no longer contains any state, so we can drop it
>
> * src/util/iptables.c, src/util/iptables.h: drop iptablesContext
>
> * src/network/bridge_driver.c: update callers
>
> * src/libvirt_private.syms: drop context new/free functions
Ordinarily I'd ACK this, but one of the things I want to try and do
in the future is to move all the libvirt rules out of the main
INPUT/FORWARD/OUPUT chains, and into sub-chains. I think that the
iptablesContxt struct might be useful for this, so can we leave this
patch out for now.
That could done e.g. by using "libvirt-INPUT", which again wouldn't need
any state
It's a very nice simplification, easy to re-instate, so I'd prefer to
see it gone rather than for it to stick around under the guise of "we
might need it in future". Look how long it took us to delete the lokkit
code after we realized it was useless :)
Cheers,
Mark.