9:53 p.m.
Now that the toplevel iptables functions have been moved out of the
linux bridge driver into network_iptables.c, all of the utility
functions are used only within that same file, so simplify it.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/network/network_iptables.c | 52 ++++++-------
src/network/network_iptables.h | 130 ---------------------------------
2 files changed, 26 insertions(+), 156 deletions(-)
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
index 106e8bfabf..8d32d30980 100644
--- a/src/network/network_iptables.c
+++ b/src/network/network_iptables.c
@@ -208,7 +208,7 @@ iptablesOutput(virFirewall *fw,
* Add an input to the IP table allowing access to the given @port on
* the given @iface interface for TCP packets
*/
-void
+static void
iptablesAddTcpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -226,7 +226,7 @@ iptablesAddTcpInput(virFirewall *fw,
* Removes an input from the IP table, hence forbidding access to the given
* @port on the given @iface interface for TCP packets
*/
-void
+static void
iptablesRemoveTcpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -244,7 +244,7 @@ iptablesRemoveTcpInput(virFirewall *fw,
* Add an input to the IP table allowing access to the given @port on
* the given @iface interface for UDP packets
*/
-void
+static void
iptablesAddUdpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -262,7 +262,7 @@ iptablesAddUdpInput(virFirewall *fw,
* Removes an input from the IP table, hence forbidding access to the given
* @port on the given @iface interface for UDP packets
*/
-void
+static void
iptablesRemoveUdpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -280,7 +280,7 @@ iptablesRemoveUdpInput(virFirewall *fw,
* Add an output to the IP table allowing access to the given @port from
* the given @iface interface for TCP packets
*/
-void
+static void
iptablesAddTcpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -298,7 +298,7 @@ iptablesAddTcpOutput(virFirewall *fw,
* Removes an output from the IP table, hence forbidding access to the given
* @port from the given @iface interface for TCP packets
*/
-void
+static void
iptablesRemoveTcpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -316,7 +316,7 @@ iptablesRemoveTcpOutput(virFirewall *fw,
* Add an output to the IP table allowing access to the given @port from
* the given @iface interface for UDP packets
*/
-void
+static void
iptablesAddUdpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -334,7 +334,7 @@ iptablesAddUdpOutput(virFirewall *fw,
* Removes an output from the IP table, hence forbidding access to the given
* @port from the given @iface interface for UDP packets
*/
-void
+static void
iptablesRemoveUdpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -398,7 +398,7 @@ iptablesForwardAllowOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardAllowOut(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -422,7 +422,7 @@ iptablesAddForwardAllowOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardAllowOut(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -492,7 +492,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardAllowRelatedIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -516,7 +516,7 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardAllowRelatedIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -579,7 +579,7 @@ iptablesForwardAllowIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardAllowIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -603,7 +603,7 @@ iptablesAddForwardAllowIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardAllowIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -641,7 +641,7 @@ iptablesForwardAllowCross(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesAddForwardAllowCross(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -660,7 +660,7 @@ iptablesAddForwardAllowCross(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesRemoveForwardAllowCross(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -693,7 +693,7 @@ iptablesForwardRejectOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesAddForwardRejectOut(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -711,7 +711,7 @@ iptablesAddForwardRejectOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesRemoveForwardRejectOut(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -745,7 +745,7 @@ iptablesForwardRejectIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesAddForwardRejectIn(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -763,7 +763,7 @@ iptablesAddForwardRejectIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesRemoveForwardRejectIn(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -883,7 +883,7 @@ iptablesForwardMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -910,7 +910,7 @@ iptablesAddForwardMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -980,7 +980,7 @@ iptablesForwardDontMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise.
*/
-int
+static int
iptablesAddDontMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -1005,7 +1005,7 @@ iptablesAddDontMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise.
*/
-int
+static int
iptablesRemoveDontMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -1048,7 +1048,7 @@ iptablesOutputFixUdpChecksum(virFirewall *fw,
* the given @iface interface for TCP packets.
*
*/
-void
+static void
iptablesAddOutputFixUdpChecksum(virFirewall *fw,
const char *iface,
int port)
@@ -1065,7 +1065,7 @@ iptablesAddOutputFixUdpChecksum(virFirewall *fw,
* Removes the checksum fixup rule that was previous added with
* iptablesAddOutputFixUdpChecksum.
*/
-void
+static void
iptablesRemoveOutputFixUdpChecksum(virFirewall *fw,
const char *iface,
int port)
diff --git a/src/network/network_iptables.h b/src/network/network_iptables.h
index d3f6b48437..cdc143f154 100644
--- a/src/network/network_iptables.h
+++ b/src/network/network_iptables.h
@@ -20,7 +20,6 @@
#pragma once
-#include "virsocketaddr.h"
#include "virfirewall.h"
#include "network_conf.h"
@@ -29,132 +28,3 @@ int iptablesAddFirewallRules(virNetworkDef *def);
void iptablesRemoveFirewallRules(virNetworkDef *def);
int iptablesSetupPrivateChains(virFirewallLayer layer);
-
-void iptablesAddTcpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveTcpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-
-void iptablesAddUdpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveUdpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-
-void iptablesAddTcpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveTcpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesAddUdpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveUdpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-
-int iptablesAddForwardAllowOut (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowOut (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesAddForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-
-int iptablesAddForwardAllowIn (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowIn (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-
-void iptablesAddForwardAllowCross (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardAllowCross (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-
-void iptablesAddForwardRejectOut (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardRejectOut (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-
-void iptablesAddForwardRejectIn (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardRejectIn (virFirewall *fw,
- virFirewallLayer layery,
- const char *iface);
-
-int iptablesAddForwardMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- virSocketAddrRange *addr,
- virPortRange *port,
- const char *protocol)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- virSocketAddrRange *addr,
- virPortRange *port,
- const char *protocol)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesAddDontMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- const char *destaddr)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveDontMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- const char *destaddr)
- G_GNUC_WARN_UNUSED_RESULT;
-void iptablesAddOutputFixUdpChecksum (virFirewall *fw,
- const char *iface,
- int port);
-void iptablesRemoveOutputFixUdpChecksum (virFirewall *fw,
- const char *iface,
- int port);
--
2.44.0