12:29 p.m.
Now that the toplevel iptables functions have been moved out of the
linux bridge driver into network_iptables.c, all of the utility
functions are used only within that same file, so simplify it.
Signed-off-by: Laine Stump <laine(a)redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/network/network_iptables.c | 52 ++++++-------
src/network/network_iptables.h | 130 ---------------------------------
2 files changed, 26 insertions(+), 156 deletions(-)
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
index 7338237c21..697ad5d8d6 100644
--- a/src/network/network_iptables.c
+++ b/src/network/network_iptables.c
@@ -207,7 +207,7 @@ iptablesOutput(virFirewall *fw,
* Add an input to the IP table allowing access to the given @port on
* the given @iface interface for TCP packets
*/
-void
+static void
iptablesAddTcpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -225,7 +225,7 @@ iptablesAddTcpInput(virFirewall *fw,
* Removes an input from the IP table, hence forbidding access to the given
* @port on the given @iface interface for TCP packets
*/
-void
+static void
iptablesRemoveTcpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -243,7 +243,7 @@ iptablesRemoveTcpInput(virFirewall *fw,
* Add an input to the IP table allowing access to the given @port on
* the given @iface interface for UDP packets
*/
-void
+static void
iptablesAddUdpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -261,7 +261,7 @@ iptablesAddUdpInput(virFirewall *fw,
* Removes an input from the IP table, hence forbidding access to the given
* @port on the given @iface interface for UDP packets
*/
-void
+static void
iptablesRemoveUdpInput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -279,7 +279,7 @@ iptablesRemoveUdpInput(virFirewall *fw,
* Add an output to the IP table allowing access to the given @port from
* the given @iface interface for TCP packets
*/
-void
+static void
iptablesAddTcpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -297,7 +297,7 @@ iptablesAddTcpOutput(virFirewall *fw,
* Removes an output from the IP table, hence forbidding access to the given
* @port from the given @iface interface for TCP packets
*/
-void
+static void
iptablesRemoveTcpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -315,7 +315,7 @@ iptablesRemoveTcpOutput(virFirewall *fw,
* Add an output to the IP table allowing access to the given @port from
* the given @iface interface for UDP packets
*/
-void
+static void
iptablesAddUdpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -333,7 +333,7 @@ iptablesAddUdpOutput(virFirewall *fw,
* Removes an output from the IP table, hence forbidding access to the given
* @port from the given @iface interface for UDP packets
*/
-void
+static void
iptablesRemoveUdpOutput(virFirewall *fw,
virFirewallLayer layer,
const char *iface,
@@ -397,7 +397,7 @@ iptablesForwardAllowOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardAllowOut(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -421,7 +421,7 @@ iptablesAddForwardAllowOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardAllowOut(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -491,7 +491,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardAllowRelatedIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -515,7 +515,7 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardAllowRelatedIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -578,7 +578,7 @@ iptablesForwardAllowIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardAllowIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -602,7 +602,7 @@ iptablesAddForwardAllowIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardAllowIn(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -640,7 +640,7 @@ iptablesForwardAllowCross(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesAddForwardAllowCross(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -659,7 +659,7 @@ iptablesAddForwardAllowCross(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesRemoveForwardAllowCross(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -692,7 +692,7 @@ iptablesForwardRejectOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesAddForwardRejectOut(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -710,7 +710,7 @@ iptablesAddForwardRejectOut(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesRemoveForwardRejectOut(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -744,7 +744,7 @@ iptablesForwardRejectIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesAddForwardRejectIn(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -762,7 +762,7 @@ iptablesAddForwardRejectIn(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-void
+static void
iptablesRemoveForwardRejectIn(virFirewall *fw,
virFirewallLayer layer,
const char *iface)
@@ -882,7 +882,7 @@ iptablesForwardMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesAddForwardMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -909,7 +909,7 @@ iptablesAddForwardMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise
*/
-int
+static int
iptablesRemoveForwardMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -979,7 +979,7 @@ iptablesForwardDontMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise.
*/
-int
+static int
iptablesAddDontMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -1004,7 +1004,7 @@ iptablesAddDontMasquerade(virFirewall *fw,
*
* Returns 0 in case of success or an error code otherwise.
*/
-int
+static int
iptablesRemoveDontMasquerade(virFirewall *fw,
virSocketAddr *netaddr,
unsigned int prefix,
@@ -1047,7 +1047,7 @@ iptablesOutputFixUdpChecksum(virFirewall *fw,
* the given @iface interface for TCP packets.
*
*/
-void
+static void
iptablesAddOutputFixUdpChecksum(virFirewall *fw,
const char *iface,
int port)
@@ -1064,7 +1064,7 @@ iptablesAddOutputFixUdpChecksum(virFirewall *fw,
* Removes the checksum fixup rule that was previous added with
* iptablesAddOutputFixUdpChecksum.
*/
-void
+static void
iptablesRemoveOutputFixUdpChecksum(virFirewall *fw,
const char *iface,
int port)
diff --git a/src/network/network_iptables.h b/src/network/network_iptables.h
index d3f6b48437..cdc143f154 100644
--- a/src/network/network_iptables.h
+++ b/src/network/network_iptables.h
@@ -20,7 +20,6 @@
#pragma once
-#include "virsocketaddr.h"
#include "virfirewall.h"
#include "network_conf.h"
@@ -29,132 +28,3 @@ int iptablesAddFirewallRules(virNetworkDef *def);
void iptablesRemoveFirewallRules(virNetworkDef *def);
int iptablesSetupPrivateChains(virFirewallLayer layer);
-
-void iptablesAddTcpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveTcpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-
-void iptablesAddUdpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveUdpInput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-
-void iptablesAddTcpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveTcpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesAddUdpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-void iptablesRemoveUdpOutput (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface,
- int port);
-
-int iptablesAddForwardAllowOut (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowOut (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesAddForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-
-int iptablesAddForwardAllowIn (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardAllowIn (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *iface,
- const char *physdev)
- G_GNUC_WARN_UNUSED_RESULT;
-
-void iptablesAddForwardAllowCross (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardAllowCross (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-
-void iptablesAddForwardRejectOut (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardRejectOut (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-
-void iptablesAddForwardRejectIn (virFirewall *fw,
- virFirewallLayer layer,
- const char *iface);
-void iptablesRemoveForwardRejectIn (virFirewall *fw,
- virFirewallLayer layery,
- const char *iface);
-
-int iptablesAddForwardMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- virSocketAddrRange *addr,
- virPortRange *port,
- const char *protocol)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveForwardMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- virSocketAddrRange *addr,
- virPortRange *port,
- const char *protocol)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesAddDontMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- const char *destaddr)
- G_GNUC_WARN_UNUSED_RESULT;
-int iptablesRemoveDontMasquerade (virFirewall *fw,
- virSocketAddr *netaddr,
- unsigned int prefix,
- const char *physdev,
- const char *destaddr)
- G_GNUC_WARN_UNUSED_RESULT;
-void iptablesAddOutputFixUdpChecksum (virFirewall *fw,
- const char *iface,
- int port);
-void iptablesRemoveOutputFixUdpChecksum (virFirewall *fw,
- const char *iface,
- int port);
--
2.45.0