10:37 a.m.
Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods
to avoid having to write a giant switch statements with many cases.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/conf/nwfilter_conf.c | 27 ++++++++++++++
src/conf/nwfilter_conf.h | 14 ++++++++
src/libvirt_private.syms | 3 ++
src/nwfilter/nwfilter_ebiptables_driver.c | 58 +++++++------------------------
4 files changed, 56 insertions(+), 46 deletions(-)
diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index f5a75e4..968e045 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -3484,3 +3484,30 @@ void virNWFilterObjUnlock(virNWFilterObjPtr obj)
{
virMutexUnlock(&obj->lock);
}
+
+
+bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule)
+{
+ if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCP &&
+ rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALL)
+ return true;
+ return false;
+}
+
+
+bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule)
+{
+ if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6 &&
+ rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6)
+ return true;
+ return false;
+}
+
+
+bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule)
+{
+ if (rule->prtclType >= VIR_NWFILTER_RULE_PROTOCOL_NONE &&
+ rule->prtclType <= VIR_NWFILTER_RULE_PROTOCOL_IPV6)
+ return true;
+ return false;
+}
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index aded4de..9f9deab 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -373,7 +373,13 @@ enum virNWFilterChainPolicyType {
VIR_NWFILTER_CHAIN_POLICY_LAST,
};
+
+/*
+ * If adding protocols be sure to update the
+ * virNWFilterRuleIsProtocolXXXX function impls
+ */
enum virNWFilterRuleProtocolType {
+ /* Ethernet layer protocols */
VIR_NWFILTER_RULE_PROTOCOL_NONE = 0,
VIR_NWFILTER_RULE_PROTOCOL_MAC,
VIR_NWFILTER_RULE_PROTOCOL_VLAN,
@@ -382,6 +388,8 @@ enum virNWFilterRuleProtocolType {
VIR_NWFILTER_RULE_PROTOCOL_RARP,
VIR_NWFILTER_RULE_PROTOCOL_IP,
VIR_NWFILTER_RULE_PROTOCOL_IPV6,
+
+ /* IPv4 layer protocols */
VIR_NWFILTER_RULE_PROTOCOL_TCP,
VIR_NWFILTER_RULE_PROTOCOL_ICMP,
VIR_NWFILTER_RULE_PROTOCOL_IGMP,
@@ -391,6 +399,8 @@ enum virNWFilterRuleProtocolType {
VIR_NWFILTER_RULE_PROTOCOL_AH,
VIR_NWFILTER_RULE_PROTOCOL_SCTP,
VIR_NWFILTER_RULE_PROTOCOL_ALL,
+
+ /* IPv6 layer protocols */
VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6,
VIR_NWFILTER_RULE_PROTOCOL_ICMPV6,
VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6,
@@ -667,6 +677,10 @@ void virNWFilterPrintTCPFlags(virBufferPtr buf, uint8_t mask,
char sep, uint8_t flags);
+bool virNWFilterRuleIsProtocolIPv4(virNWFilterRuleDefPtr rule);
+bool virNWFilterRuleIsProtocolIPv6(virNWFilterRuleDefPtr rule);
+bool virNWFilterRuleIsProtocolEthernet(virNWFilterRuleDefPtr rule);
+
VIR_ENUM_DECL(virNWFilterRuleAction);
VIR_ENUM_DECL(virNWFilterRuleDirection);
VIR_ENUM_DECL(virNWFilterRuleProtocol);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 55aa586..0c2cf75 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -597,6 +597,9 @@ virNWFilterReadLockFilterUpdates;
virNWFilterRegisterCallbackDriver;
virNWFilterRuleActionTypeToString;
virNWFilterRuleDirectionTypeToString;
+virNWFilterRuleIsProtocolEthernet;
+virNWFilterRuleIsProtocolIPv4;
+virNWFilterRuleIsProtocolIPv6;
virNWFilterRuleProtocolTypeToString;
virNWFilterTestUnassignDef;
virNWFilterUnlockFilterUpdates;
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
index 0885bb1..410f0e1 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -2656,18 +2656,8 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
virNWFilterRuleInstPtr res)
{
int rc = 0;
- bool isIPv6;
-
- switch (rule->prtclType) {
- case VIR_NWFILTER_RULE_PROTOCOL_IP:
- case VIR_NWFILTER_RULE_PROTOCOL_MAC:
- case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
- case VIR_NWFILTER_RULE_PROTOCOL_STP:
- case VIR_NWFILTER_RULE_PROTOCOL_ARP:
- case VIR_NWFILTER_RULE_PROTOCOL_RARP:
- case VIR_NWFILTER_RULE_PROTOCOL_NONE:
- case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
+ if (virNWFilterRuleIsProtocolEthernet(rule)) {
if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT ||
rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) {
rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_IN_TEMP,
@@ -2691,48 +2681,24 @@ ebiptablesCreateRuleInstance(virNWFilterDefPtr nwfilter,
res,
false);
}
- break;
-
- case VIR_NWFILTER_RULE_PROTOCOL_TCP:
- case VIR_NWFILTER_RULE_PROTOCOL_UDP:
- case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
- case VIR_NWFILTER_RULE_PROTOCOL_ESP:
- case VIR_NWFILTER_RULE_PROTOCOL_AH:
- case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
- case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
- case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
- case VIR_NWFILTER_RULE_PROTOCOL_ALL:
- isIPv6 = false;
- rc = iptablesCreateRuleInstance(nwfilter,
- rule,
- ifname,
- vars,
- res,
- isIPv6);
- break;
+ } else {
+ bool isIPv6;
+ if (virNWFilterRuleIsProtocolIPv6(rule)) {
+ isIPv6 = true;
+ } else if (virNWFilterRuleIsProtocolIPv4(rule)) {
+ isIPv6 = false;
+ } else {
+ virReportError(VIR_ERR_OPERATION_FAILED,
+ "%s", _("unexpected protocol type"));
+ return -1;
+ }
- case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
- case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
- case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
- case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
- case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
- case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
- case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
- case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
- isIPv6 = true;
rc = iptablesCreateRuleInstance(nwfilter,
rule,
ifname,
vars,
res,
isIPv6);
- break;
-
- case VIR_NWFILTER_RULE_PROTOCOL_LAST:
- virReportError(VIR_ERR_OPERATION_FAILED,
- "%s", _("illegal protocol type"));
- rc = -1;
- break;
}
return rc;
--
1.9.0