April 2010 - Devel - libvirt List Archives

[libvirt] Sys::Virt Perl bindings - calling newSVpv with unsafe length
by Richard W.M. Jones 06 Apr '10

06 Apr '10

Dan, After tracking down a very obscure bug in hivex & libguestfs Perl bindings, I started looking for places where we call newSVpv with a variable length argument that could be zero. In such cases, one should call newSVpvn instead, otherwise Perl will try to use strlen() to calculate the length of the data buffer when length is passed in as zero [I'm sure you are aware of this already]. There seems to be one such case in the Sys::Virt bindings: http://cpansearch.perl.org/src/DANBERR/Sys-Virt-0.2.3/Virt.xs CODE: if ((bytes = virSecretGetValue(sec, &len, flags)) == NULL) { _croak_error(virConnGetLastError(virSecretGetConnect(sec))); } RETVAL = newSVpv((char*)bytes, len); Maybe 'len' can never be zero here, but I think it's safer to turn this into a call to newSVpvn anyway. Also, if you look at the source to newSVpv: http://github.com/mirrors/perl/blob/blead/sv.c#L7752 You'll see there is an extra test, not present with newSVpvn. So it's better to always call newSVpvn wherever there is a constant-sized buffer, eg in code like this: if ((virDomainGetUUID(dom, rawuuid)) < 0) { _croak_error(virConnGetLastError(virDomainGetConnect(dom))); } RETVAL = newSVpv((char*)rawuuid, sizeof(rawuuid)); Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones New in Fedora 11: Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 70 libraries supprt'd http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw

2 1

[libvirt] [PATCH] [0/4] Managed save APIs version 2
by Daniel Veillard 06 Apr '10

06 Apr '10

Change w.r.t. version 1 is the saving path under /var/lib and not /var/run, the restore bug fix spotted by Laine and the various typo and improvement from Eric. As posted earlier, I have implemented the small set of managed save APIs, where libvirt stores the domain state itself and can then recover that state when the domain is started up. I think the code is complete, but not really tested (I still need to debug a failure which seems unrelated), with the exception of the virsh commands which probably need to be extended for convenience. Also I implemented it only for the qemu driver, I would not be surprized if an ESX backend could be implemented since there is no file path in this API. A command "virsh saveall" would be convenient, to be added later. More documentation is needed too. Thanks to Chris Lalancette who wrote a large part of this code ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/

5 22

[libvirt] [PATCH] Fix compiler warning about non-literal format string
by Matthias Bolte 05 Apr '10

05 Apr '10

--- I just pushed this patch. src/security/security_apparmor.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index db04d5c..8e1c794 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -483,7 +483,7 @@ AppArmorSetSecurityProcessLabel(virSecurityDriverPtr drv, virDomainObjPtr vm) } if (aa_change_profile(profile_name) < 0) { - virSecurityReportError(VIR_ERR_INTERNAL_ERROR, + virSecurityReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("error calling aa_change_profile()")); goto clean; } -- 1.6.3.3

1 0

[libvirt] Build fails on RHEL-5
by Chris Lalancette 05 Apr '10

05 Apr '10

Hey Stefan, When trying to build libvirt head on RHEL-5, I'm getting this error: gcc -DHAVE_CONFIG_H -I. -I. -I.. -I../gnulib/lib -I../gnulib/lib -I../include -I../src/util -I../include -I/usr/include/libxml2 -DLIBDIR=\"/usr/local/lib\" -DBINDIR=\"/usr/local/libexec\" -DSBINDIR=\"/usr/local/sbin\" -DSYSCONF_DIR=\"/usr/local/etc\" -DLOCALEBASEDIR=\"/usr/local/share/locale\" -DPKGDATADIR=\"/usr/local/share/libvirt\" -DLOCAL_STATE_DIR=\"/usr/local/var\" -DGETTEXT_PACKAGE=\"libvirt\" -Wall -Wformat -Wformat-security -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wextra -Wshadow -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Winline -Wredundant-decls -Wno-sign-compare -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option -Werror -DIN_LIBVIRT -g -O2 -MT libvirt_conf_la-nwfilter_conf.lo -MD -MP -MF .deps/libvirt_conf_la-nwfilter_conf.Tpo -c conf/nwfilter_conf.c -fPIC -DPIC -o .libs/libvirt_conf_la-nwfilter_conf.o conf/nwfilter_conf.c:395: error: 'ETHERTYPE_IPV6' undeclared here (not in a function) make[3]: *** [libvirt_conf_la-nwfilter_conf.lo] Error 1 It seems that ETHERTYPE_IPV6 is not declared in /usr/include/net/ethernet.h in RHEL-5. We can probably get around this by adding (untested): #ifndef ETHERTYPE_IPV6 #define ETHERTYPE_IPV6 0x86dd #endif At the top of nwfilter_conf.c -- Chris Lalancette

2 2

[libvirt] [PATCH] Only parse 'CPU XML' in virCPUDefParseXML()
by Jim Fehlig 05 Apr '10

05 Apr '10

I received a report of user crashing libvirtd with virsh capabilities > capabilities.xml virsh cpu-compare capabilities.xml Breakpoint 1, x86ModelFind (map=0x6fb6f0, name=0x0) at cpu/cpu_x86.c:501 501 model = map->models; (gdb) bt #0 x86ModelFind (map=0x6fb6f0, name=0x0) at cpu/cpu_x86.c:501 #1 0x00007ffff70d0832 in x86ModelFromCPU (cpu=0x712070, map=0x6fb6f0, policy=1) at cpu/cpu_x86.c:541 #2 0x00007ffff70d12e9 in x86Compute (host=0x6ea610, cpu=0x712070, guest=0x0) at cpu/cpu_x86.c:822 #3 0x00007ffff70d1750 in x86Compare (host=0x6ea610, cpu=0x712070) at cpu/cpu_x86.c:927 #4 0x00007ffff70cf0c9 in cpuCompare (conn=0x6f69a0, host=0x6ea610, cpu=0x712070) at cpu/cpu.c:118 #5 0x00007ffff70ceff4 in cpuCompareXML (conn=0x6f69a0, host=0x6ea610, xml=0x6fa3e0 "<capabilities>\n\n <host>\n <cpu>\n <arch>x86_64</arch>\n <features>\n <pae/>\n </features>\n </cpu>\n <migration_features>\n <live/>\n <uri_transports>\n <uri_tra"...) at cpu/cpu.c:90 .. (gdb) n 503 if (STREQ(model->name, name)) (gdb) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4ff4960 in strcmp () from /lib64/libc.so.6 name, passed to x86ModelFind(), is NULL because virCPUDefParseXML() failed to parse anything meaningful from the "malformed" CPU XML. I waffled for quite a while on how to fix this and in the end decided to ensure the CPU XML passed to virCPUDefParseXML() does in fact contain an element named 'cpu'. AFAICT, all consumers of virCPUDefParseXML() pass an xmlNodePtr rooted at 'cpu' element. NB: I will be offline until Monday so if this patch is satisfactory please include it for 0.7.8/0.8.0 release :-). Otherwise I'll respin with suggested changes next week. Thanks! Jim

2 3

[libvirt] .so version number question
by Eric Blake 05 Apr '10

05 Apr '10

On IRC, Chris raised the question on what version number we should be using for libvirt.so. The libtool manual has an entire chapter on the matter: http://www.gnu.org/software/libtool/manual/libtool.html#Release-numbers In particular, it states that if you are using the -version-info flag to libtool (which our src/Makefile.am currently does), then you are promising to abide by the libtool versioning rules, where the .so version is treated as current:revision:age (and not major.minor.micro). In fact, libtool goes so far as to state that "Never try to set the interface numbers so that they correspond to the release number of your package. This is an abuse that only fosters misunderstanding of the purpose of library versions. Instead, use the -release flag (see Release numbers), but be warned that every release of your package will not be binary compatible with any other release." Should we be using -release instead of -version-info? Or should we continue using -version-info, but follow the advice of divorcing the .so version number from the release number? For example, according to the libtool rules, if the two version numbers are independent, then going from libtool 0.7.7 to 0.8.0 (that is, a minor version number bump in terms of packaging numbering), should go from libvirt.so.0:7:7 (we are at API version 0, with seven revisions of the code implementing that API, and are compatible back to -7:0:0, which is nonsense, so it effectively works out that we are compatible back to 0:0:0) to libvirt.so.1:0:1 (we added API, this is the first implementation of that new API, and we are compatible back to 0.x.x). Going by the libtool rules means that the c.r.a field will increment 'c' rather frequently (basically, every time we add an API!), but as long as 'a' increments just as frequently, then we are not making any backwards incompatible changes. But if you don't like that, the we should be going by the -release flag to libtool, where the .so numbering matches the libvirt release numbering. On the other hand, libtool states that using the -release flag means that anyone that uses libtool to link against libvirt.so is treated as being an incompatible change (basically, even though we are striving hard to maintain backwards compatibility, libtool can't exploit that). Again from the manual, "Note that this option causes a modification of the library name, so do not use it unless you want to break binary compatibility with any past library releases. In general, you should only use -release for package-internal libraries or for ones whose interfaces change very frequently." Libvirt's interface changes frequently, but libvirt.so is not a package-internal library so I don't think that -release is the way to go. Should I try to prepare a patch to start making better use of the -version-info libtool flag according to the libtool rules? And if so, is everyone okay with just punting on this issue until after 0.8.0 is out the door? -- Eric Blake eblake(a)redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org

1 0

[libvirt] clarified syntax-check error message
by Dave Allan 05 Apr '10

05 Apr '10

I pushed the attached trivial patch after noticing that I had a tab in one of my RNG schemas and that the error message was not quite right in that case. Dave

1 0

[libvirt] [PATCH Java] Add finalize to automatically free libvirt objects
by Matthias Bolte 05 Apr '10

05 Apr '10

The Connect and Network classes already had finalize, add it to all other classes that wrap libvirt objects to unify the behavior. --- src/main/java/org/libvirt/Device.java | 5 +++++ src/main/java/org/libvirt/Domain.java | 5 +++++ src/main/java/org/libvirt/Interface.java | 5 +++++ src/main/java/org/libvirt/Network.java | 1 + src/main/java/org/libvirt/StoragePool.java | 5 +++++ src/main/java/org/libvirt/StorageVol.java | 5 +++++ 6 files changed, 26 insertions(+), 0 deletions(-) diff --git a/src/main/java/org/libvirt/Device.java b/src/main/java/org/libvirt/Device.java index b4f9a0c..5329be5 100644 --- a/src/main/java/org/libvirt/Device.java +++ b/src/main/java/org/libvirt/Device.java @@ -132,6 +132,11 @@ public class Device { return desc; } + @Override + public void finalize() throws LibvirtException { + free(); + } + /** * Frees this device object. The running instance is kept alive. The data * structure is freed and should not be used thereafter. diff --git a/src/main/java/org/libvirt/Domain.java b/src/main/java/org/libvirt/Domain.java index e7b24ef..a80800c 100644 --- a/src/main/java/org/libvirt/Domain.java +++ b/src/main/java/org/libvirt/Domain.java @@ -162,6 +162,11 @@ public class Domain { processError(); } + @Override + public void finalize() throws LibvirtException { + free(); + } + /** * Frees this domain object. The running instance is kept alive. The data * structure is freed and should not be used thereafter. diff --git a/src/main/java/org/libvirt/Interface.java b/src/main/java/org/libvirt/Interface.java index 44bcad5..8b97925 100644 --- a/src/main/java/org/libvirt/Interface.java +++ b/src/main/java/org/libvirt/Interface.java @@ -112,6 +112,11 @@ public class Interface { return returnValue; } + @Override + public void finalize() throws LibvirtException { + free(); + } + /** * Frees this interface object. The running instance is kept alive. The data * structure is freed and should not be used thereafter. diff --git a/src/main/java/org/libvirt/Network.java b/src/main/java/org/libvirt/Network.java index 3c6f313..63b1f12 100644 --- a/src/main/java/org/libvirt/Network.java +++ b/src/main/java/org/libvirt/Network.java @@ -64,6 +64,7 @@ public class Network { processError(); } + @Override public void finalize() throws LibvirtException { free(); } diff --git a/src/main/java/org/libvirt/StoragePool.java b/src/main/java/org/libvirt/StoragePool.java index 7de7d50..54468bd 100644 --- a/src/main/java/org/libvirt/StoragePool.java +++ b/src/main/java/org/libvirt/StoragePool.java @@ -115,6 +115,11 @@ public class StoragePool { processError(); } + @Override + public void finalize() throws LibvirtException { + free(); + } + /** * Free a storage pool object, releasing all memory associated with it. Does * not change the state of the pool on the host. diff --git a/src/main/java/org/libvirt/StorageVol.java b/src/main/java/org/libvirt/StorageVol.java index 5ae5f5c..c5a3717 100644 --- a/src/main/java/org/libvirt/StorageVol.java +++ b/src/main/java/org/libvirt/StorageVol.java @@ -75,6 +75,11 @@ public class StorageVol { processError(); } + @Override + public void finalize() throws LibvirtException { + free(); + } + /** * Release the storage volume handle. The underlying storage volume contains * to exist -- 1.6.3.3

3 4

[libvirt] [PATCH] nwfilter: remove virConnectPtr conn from functions where it is not necessary
by Stefan Berger 05 Apr '10

05 Apr '10

This patch removes the virConnectPtr parameter from all functions where it's not necessary starting out with removing it as a parameter to the error reporting function. Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com> --- src/conf/nwfilter_conf.c | 154 ++---- src/conf/nwfilter_conf.h | 24 src/conf/nwfilter_params.c | 7 src/conf/nwfilter_params.h | 3 src/nwfilter/nwfilter_driver.c | 24 src/nwfilter/nwfilter_ebiptables_driver.c | 760 ++++++++++++------------------ src/nwfilter/nwfilter_gentech_driver.c | 51 -- src/nwfilter/nwfilter_gentech_driver.h | 6 tests/nwfilterxml2xmltest.c | 2 9 files changed, 423 insertions(+), 608 deletions(-) Index: libvirt-acl/src/conf/nwfilter_conf.h =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.h +++ libvirt-acl/src/conf/nwfilter_conf.h @@ -518,13 +518,11 @@ virNWFilterPoolObjPtr const char *name); -int virNWFilterPoolObjSaveDef(virConnectPtr conn, - virNWFilterDriverStatePtr driver, +int virNWFilterPoolObjSaveDef(virNWFilterDriverStatePtr driver, virNWFilterPoolObjPtr pool, virNWFilterDefPtr def); -int virNWFilterPoolObjDeleteDef(virConnectPtr conn, - virNWFilterPoolObjPtr pool); +int virNWFilterPoolObjDeleteDef(virNWFilterPoolObjPtr pool); virNWFilterPoolObjPtr virNWFilterPoolObjAssignDef(virConnectPtr conn, virNWFilterPoolObjListPtr pools, @@ -533,28 +531,23 @@ virNWFilterPoolObjPtr virNWFilterPoolObj int virNWFilterTestUnassignDef(virConnectPtr conn, virNWFilterPoolObjPtr pool); -virNWFilterDefPtr virNWFilterDefParseNode(virConnectPtr conn, - xmlDocPtr xml, +virNWFilterDefPtr virNWFilterDefParseNode(xmlDocPtr xml, xmlNodePtr root); -char *virNWFilterDefFormat(virConnectPtr conn, - virNWFilterDefPtr def); +char *virNWFilterDefFormat(virNWFilterDefPtr def); -int virNWFilterSaveXML(virConnectPtr conn, - const char *configDir, +int virNWFilterSaveXML(const char *configDir, virNWFilterDefPtr def, const char *xml); -int virNWFilterSaveConfig(virConnectPtr conn, - const char *configDir, +int virNWFilterSaveConfig(const char *configDir, virNWFilterDefPtr def); int virNWFilterPoolLoadAllConfigs(virConnectPtr conn, virNWFilterPoolObjListPtr pools, const char *configDir); -char *virNWFilterConfigFile(virConnectPtr conn, - const char *dir, +char *virNWFilterConfigFile(const char *dir, const char *name); virNWFilterDefPtr virNWFilterDefParseString(virConnectPtr conn, @@ -568,8 +561,7 @@ void virNWFilterPoolObjUnlock(virNWFilte int virNWFilterConfLayerInit(virHashIterator domUpdateCB); void virNWFilterConfLayerShutdown(void); -# define virNWFilterReportError(conn, code, fmt...) \ - (void)conn; \ +# define virNWFilterReportError(code, fmt...) \ virReportErrorHelper(NULL, VIR_FROM_NWFILTER, code, __FILE__, \ __FUNCTION__, __LINE__, fmt) Index: libvirt-acl/src/conf/nwfilter_conf.c =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.c +++ libvirt-acl/src/conf/nwfilter_conf.c @@ -310,8 +310,7 @@ virNWFilterPoolObjListFree(virNWFilterPo static int -virNWFilterRuleDefAddVar(virConnectPtr conn ATTRIBUTE_UNUSED, - virNWFilterRuleDefPtr nwf, +virNWFilterRuleDefAddVar(virNWFilterRuleDefPtr nwf, nwItemDesc *item, const char *var) { @@ -1112,8 +1111,7 @@ virNWIPv6AddressParser(const char *input static int -virNWFilterRuleDetailsParse(virConnectPtr conn ATTRIBUTE_UNUSED, - xmlNodePtr node, +virNWFilterRuleDetailsParse(xmlNodePtr node, virNWFilterRuleDefPtr nwf, const virXMLAttr2Struct *att) { @@ -1152,8 +1150,7 @@ virNWFilterRuleDetailsParse(virConnectPt flags_set |= NWFILTER_ENTRY_ITEM_FLAG_HAS_VAR; storage_ptr = NULL; - if (virNWFilterRuleDefAddVar(conn, - nwf, + if (virNWFilterRuleDefAddVar(nwf, item, &prop[1])) rc = -1; @@ -1325,7 +1322,7 @@ virNWFilterRuleDetailsParse(virConnectPt } if (!found || rc) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("%s has illegal value %s"), att[idx].name, prop); rc = -1; @@ -1348,8 +1345,7 @@ virNWFilterRuleDetailsParse(virConnectPt static virNWFilterIncludeDefPtr -virNWFilterIncludeParse(virConnectPtr conn, - xmlNodePtr cur) +virNWFilterIncludeParse(xmlNodePtr cur) { virNWFilterIncludeDefPtr ret; @@ -1360,7 +1356,7 @@ virNWFilterIncludeParse(virConnectPtr co ret->filterref = virXMLPropString(cur, "filter"); if (!ret->filterref) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("rule node requires action attribute")); goto err_exit; @@ -1548,8 +1544,7 @@ virNWFilterRuleDefFixup(virNWFilterRuleD static virNWFilterRuleDefPtr -virNWFilterRuleParse(virConnectPtr conn, - xmlNodePtr node) +virNWFilterRuleParse(xmlNodePtr node) { char *action; char *direction; @@ -1571,28 +1566,28 @@ virNWFilterRuleParse(virConnectPtr conn, prio = virXMLPropString(node, "priority"); if (!action) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("rule node requires action attribute")); goto err_exit; } if ((ret->action = virNWFilterRuleActionTypeFromString(action)) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("unknown rule action attribute value")); goto err_exit; } if (!direction) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("rule node requires direction attribute")); goto err_exit; } if ((ret->tt = virNWFilterRuleDirectionTypeFromString(direction)) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("unknown rule direction attribute value")); goto err_exit; @@ -1624,8 +1619,7 @@ virNWFilterRuleParse(virConnectPtr conn, found = 1; ret->prtclType = virAttr[i].prtclType; - if (virNWFilterRuleDetailsParse(conn, - cur, + if (virNWFilterRuleDetailsParse(cur, ret, virAttr[i].att) < 0) { /* we ignore malformed rules @@ -1663,8 +1657,7 @@ err_exit: static virNWFilterDefPtr -virNWFilterDefParseXML(virConnectPtr conn, - xmlXPathContextPtr ctxt) { +virNWFilterDefParseXML(xmlXPathContextPtr ctxt) { virNWFilterDefPtr ret; xmlNodePtr curr = ctxt->node; char *uuid = NULL; @@ -1678,7 +1671,7 @@ virNWFilterDefParseXML(virConnectPtr con ret->name = virXPathString("string(./@name)", ctxt); if (!ret->name) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("filter has no name")); goto cleanup; } @@ -1688,7 +1681,7 @@ virNWFilterDefParseXML(virConnectPtr con if (chain) { if ((ret->chainsuffix = virNWFilterChainSuffixTypeFromString(chain)) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("unknown chain suffix '%s'"), chain); goto cleanup; } @@ -1697,13 +1690,13 @@ virNWFilterDefParseXML(virConnectPtr con uuid = virXPathString("string(./uuid)", ctxt); if (uuid == NULL) { if (virUUIDGenerate(ret->uuid) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("unable to generate uuid")); goto cleanup; } } else { if (virUUIDParse(uuid, ret->uuid) < 0) { - virNWFilterReportError(conn, VIR_ERR_XML_ERROR, + virNWFilterReportError(VIR_ERR_XML_ERROR, "%s", _("malformed uuid element")); goto cleanup; } @@ -1721,9 +1714,9 @@ virNWFilterDefParseXML(virConnectPtr con /* ignore malformed rule and include elements */ if (xmlStrEqual(curr->name, BAD_CAST "rule")) - entry->rule = virNWFilterRuleParse(conn, curr); + entry->rule = virNWFilterRuleParse(curr); else if (xmlStrEqual(curr->name, BAD_CAST "filterref")) - entry->include = virNWFilterIncludeParse(conn, curr); + entry->include = virNWFilterIncludeParse(curr); if (entry->rule || entry->include) { if (VIR_REALLOC_N(ret->filterEntries, ret->nentries+1) < 0) { @@ -1762,7 +1755,7 @@ catchXMLError (void *ctx, const char *ms conn->err.code == VIR_ERR_NONE && ctxt->lastError.level == XML_ERR_FATAL && ctxt->lastError.message != NULL) { - virNWFilterReportError(conn, VIR_ERR_XML_DETAIL, + virNWFilterReportError(VIR_ERR_XML_DETAIL, _("at line %d: %s"), ctxt->lastError.line, ctxt->lastError.message); @@ -1772,14 +1765,13 @@ catchXMLError (void *ctx, const char *ms virNWFilterDefPtr -virNWFilterDefParseNode(virConnectPtr conn, - xmlDocPtr xml, +virNWFilterDefParseNode(xmlDocPtr xml, xmlNodePtr root) { xmlXPathContextPtr ctxt = NULL; virNWFilterDefPtr def = NULL; if (STRNEQ((const char *)root->name, "filter")) { - virNWFilterReportError(conn, VIR_ERR_XML_ERROR, + virNWFilterReportError(VIR_ERR_XML_ERROR, "%s", _("unknown root element for nw filter pool")); goto cleanup; @@ -1792,7 +1784,7 @@ virNWFilterDefParseNode(virConnectPtr co } ctxt->node = root; - def = virNWFilterDefParseXML(conn, ctxt); + def = virNWFilterDefParseXML(ctxt); cleanup: xmlXPathFreeContext(ctxt); @@ -1802,8 +1794,8 @@ cleanup: static virNWFilterDefPtr virNWFilterDefParse(virConnectPtr conn, - const char *xmlStr, - const char *filename) { + const char *xmlStr, + const char *filename) { virNWFilterDefPtr ret = NULL; xmlParserCtxtPtr pctxt; xmlDocPtr xml = NULL; @@ -1830,19 +1822,19 @@ virNWFilterDefParse(virConnectPtr conn, if (!xml) { if (conn && conn->err.code == VIR_ERR_NONE) - virNWFilterReportError(conn, VIR_ERR_XML_ERROR, + virNWFilterReportError(VIR_ERR_XML_ERROR, "%s",_("failed to parse xml document")); goto cleanup; } node = xmlDocGetRootElement(xml); if (node == NULL) { - virNWFilterReportError(conn, VIR_ERR_XML_ERROR, + virNWFilterReportError(VIR_ERR_XML_ERROR, "%s", _("missing root element")); goto cleanup; } - ret = virNWFilterDefParseNode(conn, xml, node); + ret = virNWFilterDefParseNode(xml, node); xmlFreeParserCtxt (pctxt); xmlFreeDoc(xml); @@ -1858,7 +1850,7 @@ virNWFilterDefParse(virConnectPtr conn, virNWFilterDefPtr virNWFilterDefParseString(virConnectPtr conn, - const char *xmlStr) + const char *xmlStr) { return virNWFilterDefParse(conn, xmlStr, NULL); } @@ -1874,7 +1866,7 @@ virNWFilterDefParseFile(virConnectPtr co virNWFilterPoolObjPtr virNWFilterPoolObjFindByUUID(virNWFilterPoolObjListPtr pools, - const unsigned char *uuid) + const unsigned char *uuid) { unsigned int i; @@ -1891,7 +1883,7 @@ virNWFilterPoolObjFindByUUID(virNWFilter virNWFilterPoolObjPtr virNWFilterPoolObjFindByName(virNWFilterPoolObjListPtr pools, - const char *name) + const char *name) { unsigned int i; @@ -1906,8 +1898,7 @@ virNWFilterPoolObjFindByName(virNWFilter } -int virNWFilterSaveXML(virConnectPtr conn, - const char *configDir, +int virNWFilterSaveXML(const char *configDir, virNWFilterDefPtr def, const char *xml) { @@ -1916,7 +1907,7 @@ int virNWFilterSaveXML(virConnectPtr con size_t towrite; int err; - if ((configFile = virNWFilterConfigFile(conn, configDir, def->name)) == NULL) + if ((configFile = virNWFilterConfigFile(configDir, def->name)) == NULL) goto cleanup; if ((err = virFileMakePath(configDir))) { @@ -1962,17 +1953,16 @@ int virNWFilterSaveXML(virConnectPtr con } -int virNWFilterSaveConfig(virConnectPtr conn, - const char *configDir, +int virNWFilterSaveConfig(const char *configDir, virNWFilterDefPtr def) { int ret = -1; char *xml; - if (!(xml = virNWFilterDefFormat(conn, def))) + if (!(xml = virNWFilterDefFormat(def))) goto cleanup; - if (virNWFilterSaveXML(conn, configDir, def, xml)) + if (virNWFilterSaveXML(configDir, def, xml)) goto cleanup; ret = 0; @@ -2119,13 +2109,13 @@ virNWFilterTestUnassignDef(virConnectPtr virNWFilterPoolObjPtr virNWFilterPoolObjAssignDef(virConnectPtr conn, - virNWFilterPoolObjListPtr pools, - virNWFilterDefPtr def) + virNWFilterPoolObjListPtr pools, + virNWFilterDefPtr def) { virNWFilterPoolObjPtr pool; if (virNWFilterDefLoopDetect(conn, pools, def)) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, "%s", _("filter would introduce a loop")); return NULL; } @@ -2154,7 +2144,7 @@ virNWFilterPoolObjAssignDef(virConnectPt } if (virMutexInitRecursive(&pool->lock) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot initialize mutex")); VIR_FREE(pool); return NULL; @@ -2178,9 +2168,9 @@ virNWFilterPoolObjAssignDef(virConnectPt static virNWFilterPoolObjPtr virNWFilterPoolObjLoad(virConnectPtr conn, - virNWFilterPoolObjListPtr pools, - const char *file, - const char *path) + virNWFilterPoolObjListPtr pools, + const char *file, + const char *path) { virNWFilterDefPtr def; virNWFilterPoolObjPtr pool; @@ -2190,7 +2180,7 @@ virNWFilterPoolObjLoad(virConnectPtr con } if (!virFileMatchesNameSuffix(file, def->name, ".xml")) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, _("network filter pool config filename '%s' does not match pool name '%s'"), path, def->name); virNWFilterDefFree(def); @@ -2215,8 +2205,8 @@ virNWFilterPoolObjLoad(virConnectPtr con int virNWFilterPoolLoadAllConfigs(virConnectPtr conn, - virNWFilterPoolObjListPtr pools, - const char *configDir) + virNWFilterPoolObjListPtr pools, + const char *configDir) { DIR *dir; struct dirent *entry; @@ -2242,7 +2232,7 @@ virNWFilterPoolLoadAllConfigs(virConnect if (virFileBuildPath(configDir, entry->d_name, NULL, path, PATH_MAX) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("config filename '%s/%s' is too long"), configDir, entry->d_name); continue; @@ -2260,10 +2250,9 @@ virNWFilterPoolLoadAllConfigs(virConnect int -virNWFilterPoolObjSaveDef(virConnectPtr conn, - virNWFilterDriverStatePtr driver, - virNWFilterPoolObjPtr pool, - virNWFilterDefPtr def) +virNWFilterPoolObjSaveDef(virNWFilterDriverStatePtr driver, + virNWFilterPoolObjPtr pool, + virNWFilterDefPtr def) { char *xml; int fd = -1, ret = -1; @@ -2282,7 +2271,7 @@ virNWFilterPoolObjSaveDef(virConnectPtr if (virFileBuildPath(driver->configDir, def->name, ".xml", path, sizeof(path)) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot construct config file path")); return -1; } @@ -2292,8 +2281,8 @@ virNWFilterPoolObjSaveDef(virConnectPtr } } - if (!(xml = virNWFilterDefFormat(conn, def))) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + if (!(xml = virNWFilterDefFormat(def))) { + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("failed to generate XML")); return -1; } @@ -2335,19 +2324,18 @@ virNWFilterPoolObjSaveDef(virConnectPtr int -virNWFilterPoolObjDeleteDef(virConnectPtr conn, - virNWFilterPoolObjPtr pool) +virNWFilterPoolObjDeleteDef(virNWFilterPoolObjPtr pool) { if (!pool->configFile) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, - _("no config file for %s"), pool->def->name); + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, + _("no config file for %s"), pool->def->name); return -1; } if (unlink(pool->configFile) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, - _("cannot remove config for %s"), - pool->def->name); + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot remove config for %s"), + pool->def->name); return -1; } @@ -2369,8 +2357,7 @@ virNWIPAddressFormat(virBufferPtr buf, n static void -virNWFilterRuleDefDetailsFormat(virConnectPtr conn, - virBufferPtr buf, +virNWFilterRuleDefDetailsFormat(virBufferPtr buf, const char *type, const virXMLAttr2Struct *att, virNWFilterRuleDefPtr def) @@ -2420,7 +2407,7 @@ virNWFilterRuleDefDetailsFormat(virConne att[i].name); if (att[i].formatter) { if (!att[i].formatter(buf, def)) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("formatter for %s %s reported error"), type, att[i].name); @@ -2484,8 +2471,7 @@ err_exit: static char * -virNWFilterRuleDefFormat(virConnectPtr conn, - virNWFilterRuleDefPtr def) +virNWFilterRuleDefFormat(virNWFilterRuleDefPtr def) { int i; virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -2500,8 +2486,7 @@ virNWFilterRuleDefFormat(virConnectPtr c i = 0; while (virAttr[i].id) { if (virAttr[i].prtclType == def->prtclType) { - virNWFilterRuleDefDetailsFormat(conn, - &buf2, + virNWFilterRuleDefDetailsFormat(&buf2, virAttr[i].id, virAttr[i].att, def); @@ -2563,18 +2548,16 @@ virNWFilterIncludeDefFormat(virNWFilterI static char * -virNWFilterEntryFormat(virConnectPtr conn, - virNWFilterEntryPtr entry) +virNWFilterEntryFormat(virNWFilterEntryPtr entry) { if (entry->rule) - return virNWFilterRuleDefFormat(conn, entry->rule); + return virNWFilterRuleDefFormat(entry->rule); return virNWFilterIncludeDefFormat(entry->include); } char * -virNWFilterDefFormat(virConnectPtr conn, - virNWFilterDefPtr def) +virNWFilterDefFormat(virNWFilterDefPtr def) { virBuffer buf = VIR_BUFFER_INITIALIZER; char uuid[VIR_UUID_STRING_BUFLEN]; @@ -2590,7 +2573,7 @@ virNWFilterDefFormat(virConnectPtr conn, virBufferVSprintf(&buf," <uuid>%s</uuid>\n", uuid); for (i = 0; i < def->nentries; i++) { - xml = virNWFilterEntryFormat(conn, def->filterEntries[i]); + xml = virNWFilterEntryFormat(def->filterEntries[i]); if (!xml) goto err_exit; virBufferVSprintf(&buf, "%s", xml); @@ -2613,8 +2596,7 @@ virNWFilterDefFormat(virConnectPtr conn, } -char *virNWFilterConfigFile(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *dir, +char *virNWFilterConfigFile(const char *dir, const char *name) { char *ret = NULL; Index: libvirt-acl/src/nwfilter/nwfilter_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_driver.c @@ -194,8 +194,8 @@ nwfilterLookupByUUID(virConnectPtr conn, nwfilterDriverUnlock(driver); if (!pool) { - virNWFilterReportError(conn, VIR_ERR_NO_NWFILTER, - "%s", _("no pool with matching uuid")); + virNWFilterReportError(VIR_ERR_NO_NWFILTER, + "%s", _("no pool with matching uuid")); goto cleanup; } @@ -220,8 +220,8 @@ nwfilterLookupByName(virConnectPtr conn, nwfilterDriverUnlock(driver); if (!pool) { - virNWFilterReportError(conn, VIR_ERR_NO_NWFILTER, - _("no pool with matching name '%s'"), name); + virNWFilterReportError(VIR_ERR_NO_NWFILTER, + _("no pool with matching name '%s'"), name); goto cleanup; } @@ -306,7 +306,7 @@ nwfilterDefine(virConnectPtr conn, if (!(pool = virNWFilterPoolObjAssignDef(conn, &driver->pools, def))) goto cleanup; - if (virNWFilterPoolObjSaveDef(conn, driver, pool, def) < 0) { + if (virNWFilterPoolObjSaveDef(driver, pool, def) < 0) { virNWFilterPoolObjRemove(&driver->pools, pool); def = NULL; goto cleanup; @@ -333,19 +333,19 @@ nwfilterUndefine(virNWFilterPtr obj) { nwfilterDriverLock(driver); pool = virNWFilterPoolObjFindByUUID(&driver->pools, obj->uuid); if (!pool) { - virNWFilterReportError(obj->conn, VIR_ERR_INVALID_NWFILTER, - "%s", _("no nwfilter pool with matching uuid")); + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, + "%s", _("no nwfilter pool with matching uuid")); goto cleanup; } if (virNWFilterTestUnassignDef(obj->conn, pool)) { - virNWFilterReportError(obj->conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, "%s", _("nwfilter is in use")); goto cleanup; } - if (virNWFilterPoolObjDeleteDef(obj->conn, pool) < 0) + if (virNWFilterPoolObjDeleteDef(pool) < 0) goto cleanup; VIR_FREE(pool->configFile); @@ -374,12 +374,12 @@ nwfilterDumpXML(virNWFilterPtr obj, nwfilterDriverUnlock(driver); if (!pool) { - virNWFilterReportError(obj->conn, VIR_ERR_INVALID_NWFILTER, - "%s", _("no nwfilter pool with matching uuid")); + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, + "%s", _("no nwfilter pool with matching uuid")); goto cleanup; } - ret = virNWFilterDefFormat(obj->conn, pool->def); + ret = virNWFilterDefFormat(pool->def); cleanup: if (pool) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -106,8 +106,7 @@ static const char *supported_protocols[] static int -printVar(virConnectPtr conn, - virNWFilterHashTablePtr vars, +printVar(virNWFilterHashTablePtr vars, char *buf, int bufsize, nwItemDescPtr item, int *done) @@ -117,14 +116,14 @@ printVar(virConnectPtr conn, if ((item->flags & NWFILTER_ENTRY_ITEM_FLAG_HAS_VAR)) { char *val = (char *)virHashLookup(vars->hashTable, item->var); if (!val) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, _("cannot find value for '%s'"), item->var); return 1; } if (!virStrcpy(buf, val, bufsize)) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, _("Buffer to small to print MAC address " "'%s' into"), item->var); @@ -138,8 +137,7 @@ printVar(virConnectPtr conn, static int -_printDataType(virConnectPtr conn, - virNWFilterHashTablePtr vars, +_printDataType(virNWFilterHashTablePtr vars, char *buf, int bufsize, nwItemDescPtr item, bool asHex) @@ -147,7 +145,7 @@ _printDataType(virConnectPtr conn, int done; char *data; - if (printVar(conn, vars, buf, bufsize, item, &done)) + if (printVar(vars, buf, bufsize, item, &done)) return 1; if (done) @@ -157,13 +155,13 @@ _printDataType(virConnectPtr conn, case DATATYPE_IPADDR: data = virSocketFormatAddr(&item->u.ipaddr.addr); if (!data) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("internal IPv4 address representation " "is bad")); return 1; } if (snprintf(buf, bufsize, "%s", data) >= bufsize) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("buffer too small for IP address")); VIR_FREE(data); return 1; @@ -174,14 +172,14 @@ _printDataType(virConnectPtr conn, case DATATYPE_IPV6ADDR: data = virSocketFormatAddr(&item->u.ipaddr.addr); if (!data) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("internal IPv6 address representation " "is bad")); return 1; } if (snprintf(buf, bufsize, "%s", data) >= bufsize) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s", + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("buffer too small for IPv6 address")); VIR_FREE(data); return 1; @@ -192,7 +190,7 @@ _printDataType(virConnectPtr conn, case DATATYPE_MACADDR: case DATATYPE_MACMASK: if (bufsize < VIR_MAC_STRING_BUFLEN) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, "%s", + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, "%s", _("Buffer too small for MAC address")); return 1; } @@ -204,7 +202,7 @@ _printDataType(virConnectPtr conn, case DATATYPE_IPMASK: if (snprintf(buf, bufsize, "%d", item->u.u8) >= bufsize) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, _("Buffer too small for uint8 type")); return 1; } @@ -213,7 +211,7 @@ _printDataType(virConnectPtr conn, case DATATYPE_UINT16: if (snprintf(buf, bufsize, asHex ? "0x%x" : "%d", item->u.u16) >= bufsize) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, "%s", + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, "%s", _("Buffer too small for uint16 type")); return 1; } @@ -222,14 +220,14 @@ _printDataType(virConnectPtr conn, case DATATYPE_UINT8: if (snprintf(buf, bufsize, asHex ? "0x%x" : "%d", item->u.u8) >= bufsize) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, "%s", + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, "%s", _("Buffer too small for uint8 type")); return 1; } break; default: - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, _("Unhandled datatype %x"), item->datatype); return 1; break; @@ -240,22 +238,20 @@ _printDataType(virConnectPtr conn, static int -printDataType(virConnectPtr conn, - virNWFilterHashTablePtr vars, +printDataType(virNWFilterHashTablePtr vars, char *buf, int bufsize, nwItemDescPtr item) { - return _printDataType(conn, vars, buf, bufsize, item, 0); + return _printDataType(vars, buf, bufsize, item, 0); } static int -printDataTypeAsHex(virConnectPtr conn, - virNWFilterHashTablePtr vars, +printDataTypeAsHex(virNWFilterHashTablePtr vars, char *buf, int bufsize, nwItemDescPtr item) { - return _printDataType(conn, vars, buf, bufsize, item, 1); + return _printDataType(vars, buf, bufsize, item, 1); } @@ -271,8 +267,7 @@ ebiptablesRuleInstFree(ebiptablesRuleIns static int -ebiptablesAddRuleInst(virConnectPtr conn, - virNWFilterRuleInstPtr res, +ebiptablesAddRuleInst(virNWFilterRuleInstPtr res, char *commandTemplate, enum virNWFilterChainSuffixType neededChain, char chainprefix, @@ -292,21 +287,19 @@ ebiptablesAddRuleInst(virConnectPtr conn inst->priority = priority; inst->ruleType = ruleType; - return virNWFilterRuleInstAddData(conn, res, inst); + return virNWFilterRuleInstAddData(res, inst); } static int -ebtablesHandleEthHdr(virConnectPtr conn, - virBufferPtr buf, +ebtablesHandleEthHdr(virBufferPtr buf, virNWFilterHashTablePtr vars, ethHdrDataDefPtr ethHdr) { char macaddr[VIR_MAC_STRING_BUFLEN]; if (HAS_ENTRY_ITEM(&ethHdr->dataSrcMACAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, macaddr, sizeof(macaddr), &ethHdr->dataSrcMACAddr)) goto err_exit; @@ -317,8 +310,7 @@ ebtablesHandleEthHdr(virConnectPtr conn, macaddr); if (HAS_ENTRY_ITEM(&ethHdr->dataSrcMACMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, macaddr, sizeof(macaddr), &ethHdr->dataSrcMACMask)) goto err_exit; @@ -330,8 +322,7 @@ ebtablesHandleEthHdr(virConnectPtr conn, } if (HAS_ENTRY_ITEM(&ethHdr->dataDstMACAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, macaddr, sizeof(macaddr), &ethHdr->dataDstMACAddr)) goto err_exit; @@ -342,8 +333,7 @@ ebtablesHandleEthHdr(virConnectPtr conn, macaddr); if (HAS_ENTRY_ITEM(&ethHdr->dataDstMACMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, macaddr, sizeof(macaddr), &ethHdr->dataDstMACMask)) goto err_exit; @@ -365,8 +355,7 @@ ebtablesHandleEthHdr(virConnectPtr conn, /************************ iptables support ************************/ -static int iptablesLinkIPTablesBaseChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +static int iptablesLinkIPTablesBaseChain(const char *iptables_cmd, virBufferPtr buf, const char *udchain, const char *syschain, @@ -407,8 +396,7 @@ static int iptablesLinkIPTablesBaseChain } -static int iptablesCreateBaseChains(virConnectPtr conn, - const char *iptables_cmd, +static int iptablesCreateBaseChains(const char *iptables_cmd, virBufferPtr buf) { virBufferVSprintf(buf,"%s -N " VIRT_IN_CHAIN CMD_SEPARATOR @@ -419,13 +407,13 @@ static int iptablesCreateBaseChains(virC iptables_cmd, iptables_cmd, iptables_cmd); - iptablesLinkIPTablesBaseChain(conn, iptables_cmd, buf, + iptablesLinkIPTablesBaseChain(iptables_cmd, buf, VIRT_IN_CHAIN , "FORWARD", 1, 1); - iptablesLinkIPTablesBaseChain(conn, iptables_cmd, buf, + iptablesLinkIPTablesBaseChain(iptables_cmd, buf, VIRT_OUT_CHAIN , "FORWARD", 2, 1); - iptablesLinkIPTablesBaseChain(conn, iptables_cmd, buf, + iptablesLinkIPTablesBaseChain(iptables_cmd, buf, VIRT_IN_POST_CHAIN, "FORWARD", 3, 1); - iptablesLinkIPTablesBaseChain(conn, iptables_cmd, buf, + iptablesLinkIPTablesBaseChain(iptables_cmd, buf, HOST_IN_CHAIN , "INPUT" , 1, 1); return 0; @@ -433,8 +421,7 @@ static int iptablesCreateBaseChains(virC static int -iptablesCreateTmpRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesCreateTmpRootChain(const char *iptables_cmd, virBufferPtr buf, char prefix, int incoming, const char *ifname, @@ -462,21 +449,19 @@ iptablesCreateTmpRootChain(virConnectPtr static int -iptablesCreateTmpRootChains(virConnectPtr conn, - const char *iptables_cmd, +iptablesCreateTmpRootChains(const char *iptables_cmd, virBufferPtr buf, const char *ifname) { - iptablesCreateTmpRootChain(conn, iptables_cmd, buf, 'F', 0, ifname, 1); - iptablesCreateTmpRootChain(conn, iptables_cmd, buf, 'F', 1, ifname, 1); - iptablesCreateTmpRootChain(conn, iptables_cmd, buf, 'H', 1, ifname, 1); + iptablesCreateTmpRootChain(iptables_cmd, buf, 'F', 0, ifname, 1); + iptablesCreateTmpRootChain(iptables_cmd, buf, 'F', 1, ifname, 1); + iptablesCreateTmpRootChain(iptables_cmd, buf, 'H', 1, ifname, 1); return 0; } static int -_iptablesRemoveRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +_iptablesRemoveRootChain(const char *iptables_cmd, virBufferPtr buf, char prefix, int incoming, const char *ifname, @@ -507,60 +492,55 @@ _iptablesRemoveRootChain(virConnectPtr c static int -iptablesRemoveRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesRemoveRootChain(const char *iptables_cmd, virBufferPtr buf, char prefix, int incoming, const char *ifname) { - return _iptablesRemoveRootChain(conn, iptables_cmd, + return _iptablesRemoveRootChain(iptables_cmd, buf, prefix, incoming, ifname, 0); } static int -iptablesRemoveTmpRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesRemoveTmpRootChain(const char *iptables_cmd, virBufferPtr buf, char prefix, int incoming, const char *ifname) { - return _iptablesRemoveRootChain(conn, iptables_cmd, buf, prefix, + return _iptablesRemoveRootChain(iptables_cmd, buf, prefix, incoming, ifname, 1); } static int -iptablesRemoveTmpRootChains(virConnectPtr conn, - const char *iptables_cmd, +iptablesRemoveTmpRootChains(const char *iptables_cmd, virBufferPtr buf, const char *ifname) { - iptablesRemoveTmpRootChain(conn, iptables_cmd, buf, 'F', 0, ifname); - iptablesRemoveTmpRootChain(conn, iptables_cmd, buf, 'F', 1, ifname); - iptablesRemoveTmpRootChain(conn, iptables_cmd, buf, 'H', 1, ifname); + iptablesRemoveTmpRootChain(iptables_cmd, buf, 'F', 0, ifname); + iptablesRemoveTmpRootChain(iptables_cmd, buf, 'F', 1, ifname); + iptablesRemoveTmpRootChain(iptables_cmd, buf, 'H', 1, ifname); return 0; } static int -iptablesRemoveRootChains(virConnectPtr conn, - const char *iptables_cmd, +iptablesRemoveRootChains(const char *iptables_cmd, virBufferPtr buf, const char *ifname) { - iptablesRemoveRootChain(conn, iptables_cmd, buf, 'F', 0, ifname); - iptablesRemoveRootChain(conn, iptables_cmd, buf, 'F', 1, ifname); - iptablesRemoveRootChain(conn, iptables_cmd, buf, 'H', 1, ifname); + iptablesRemoveRootChain(iptables_cmd, buf, 'F', 0, ifname); + iptablesRemoveRootChain(iptables_cmd, buf, 'F', 1, ifname); + iptablesRemoveRootChain(iptables_cmd, buf, 'H', 1, ifname); return 0; } static int -iptablesLinkTmpRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesLinkTmpRootChain(const char *iptables_cmd, virBufferPtr buf, const char *basechain, char prefix, @@ -594,22 +574,20 @@ iptablesLinkTmpRootChain(virConnectPtr c static int -iptablesLinkTmpRootChains(virConnectPtr conn, - const char *cmd, +iptablesLinkTmpRootChains(const char *cmd, virBufferPtr buf, const char *ifname) { - iptablesLinkTmpRootChain(conn, cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname, 1); - iptablesLinkTmpRootChain(conn, cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname, 1); - iptablesLinkTmpRootChain(conn, cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname, 1); + iptablesLinkTmpRootChain(cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname, 1); + iptablesLinkTmpRootChain(cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname, 1); + iptablesLinkTmpRootChain(cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname, 1); return 0; } static int -iptablesSetupVirtInPost(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesSetupVirtInPost(const char *iptables_cmd, virBufferPtr buf, const char *ifname) { @@ -634,8 +612,7 @@ iptablesSetupVirtInPost(virConnectPtr co static int -iptablesClearVirtInPost(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesClearVirtInPost(const char *iptables_cmd, virBufferPtr buf, const char *ifname) { @@ -649,13 +626,12 @@ iptablesClearVirtInPost(virConnectPtr co } static int -_iptablesUnlinkRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, - virBufferPtr buf, - const char *basechain, - char prefix, - int incoming, const char *ifname, - int isTempChain) +_iptablesUnlinkRootChain(const char *iptables_cmd, + virBufferPtr buf, + const char *basechain, + char prefix, + int incoming, const char *ifname, + int isTempChain) { char chain[MAX_CHAINNAME_LENGTH]; char chainPrefix[2] = { @@ -684,61 +660,56 @@ _iptablesUnlinkRootChain(virConnectPtr c static int -iptablesUnlinkRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesUnlinkRootChain(const char *iptables_cmd, virBufferPtr buf, const char *basechain, char prefix, int incoming, const char *ifname) { - return _iptablesUnlinkRootChain(conn, iptables_cmd, buf, + return _iptablesUnlinkRootChain(iptables_cmd, buf, basechain, prefix, incoming, ifname, 0); } static int -iptablesUnlinkTmpRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesUnlinkTmpRootChain(const char *iptables_cmd, virBufferPtr buf, const char *basechain, char prefix, int incoming, const char *ifname) { - return _iptablesUnlinkRootChain(conn, iptables_cmd, buf, + return _iptablesUnlinkRootChain(iptables_cmd, buf, basechain, prefix, incoming, ifname, 1); } static int -iptablesUnlinkRootChains(virConnectPtr conn, - const char *cmd, +iptablesUnlinkRootChains(const char *cmd, virBufferPtr buf, const char *ifname) { - iptablesUnlinkRootChain(conn, cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname); - iptablesUnlinkRootChain(conn, cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname); - iptablesUnlinkRootChain(conn, cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname); + iptablesUnlinkRootChain(cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname); + iptablesUnlinkRootChain(cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname); + iptablesUnlinkRootChain(cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname); return 0; } static int -iptablesUnlinkTmpRootChains(virConnectPtr conn, - const char *cmd, +iptablesUnlinkTmpRootChains(const char *cmd, virBufferPtr buf, const char *ifname) { - iptablesUnlinkTmpRootChain(conn, cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname); - iptablesUnlinkTmpRootChain(conn, cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname); - iptablesUnlinkTmpRootChain(conn, cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname); + iptablesUnlinkTmpRootChain(cmd, buf, VIRT_OUT_CHAIN, 'F', 0, ifname); + iptablesUnlinkTmpRootChain(cmd, buf, VIRT_IN_CHAIN , 'F', 1, ifname); + iptablesUnlinkTmpRootChain(cmd, buf, HOST_IN_CHAIN , 'H', 1, ifname); return 0; } static int -iptablesRenameTmpRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *iptables_cmd, +iptablesRenameTmpRootChain(const char *iptables_cmd, virBufferPtr buf, char prefix, int incoming, @@ -769,21 +740,19 @@ iptablesRenameTmpRootChain(virConnectPtr static int -iptablesRenameTmpRootChains(virConnectPtr conn, - const char *iptables_cmd, +iptablesRenameTmpRootChains(const char *iptables_cmd, virBufferPtr buf, const char *ifname) { - iptablesRenameTmpRootChain(conn, iptables_cmd, buf, 'F', 0, ifname); - iptablesRenameTmpRootChain(conn, iptables_cmd, buf, 'F', 1, ifname); - iptablesRenameTmpRootChain(conn, iptables_cmd, buf, 'H', 1, ifname); + iptablesRenameTmpRootChain(iptables_cmd, buf, 'F', 0, ifname); + iptablesRenameTmpRootChain(iptables_cmd, buf, 'F', 1, ifname); + iptablesRenameTmpRootChain(iptables_cmd, buf, 'H', 1, ifname); return 0; } static void -iptablesInstCommand(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +iptablesInstCommand(virBufferPtr buf, const char *templ, char cmd, int pos, int stopOnError) { @@ -797,8 +766,7 @@ iptablesInstCommand(virConnectPtr conn A static int -iptablesHandleSrcMacAddr(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +iptablesHandleSrcMacAddr(virBufferPtr buf, virNWFilterHashTablePtr vars, nwItemDescPtr srcMacAddr, int directionIn ATTRIBUTE_UNUSED) @@ -806,8 +774,7 @@ iptablesHandleSrcMacAddr(virConnectPtr c char macaddr[VIR_MAC_STRING_BUFLEN]; if (HAS_ENTRY_ITEM(srcMacAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, macaddr, sizeof(macaddr), srcMacAddr)) goto err_exit; @@ -828,8 +795,7 @@ err_exit: static int -iptablesHandleIpHdr(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +iptablesHandleIpHdr(virBufferPtr buf, virNWFilterHashTablePtr vars, ipHdrDataDefPtr ipHdr, int directionIn) @@ -849,8 +815,7 @@ iptablesHandleIpHdr(virConnectPtr conn A if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &ipHdr->dataSrcIPAddr)) goto err_exit; @@ -863,8 +828,7 @@ iptablesHandleIpHdr(virConnectPtr conn A if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &ipHdr->dataSrcIPMask)) goto err_exit; @@ -875,8 +839,7 @@ iptablesHandleIpHdr(virConnectPtr conn A } } else if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPFrom)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &ipHdr->dataSrcIPFrom)) goto err_exit; @@ -889,8 +852,7 @@ iptablesHandleIpHdr(virConnectPtr conn A if (HAS_ENTRY_ITEM(&ipHdr->dataSrcIPTo)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &ipHdr->dataSrcIPTo)) goto err_exit; @@ -903,8 +865,7 @@ iptablesHandleIpHdr(virConnectPtr conn A if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &ipHdr->dataDstIPAddr)) goto err_exit; @@ -917,8 +878,7 @@ iptablesHandleIpHdr(virConnectPtr conn A if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &ipHdr->dataDstIPMask)) goto err_exit; @@ -930,8 +890,7 @@ iptablesHandleIpHdr(virConnectPtr conn A } } else if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPFrom)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &ipHdr->dataDstIPFrom)) goto err_exit; @@ -944,8 +903,7 @@ iptablesHandleIpHdr(virConnectPtr conn A if (HAS_ENTRY_ITEM(&ipHdr->dataDstIPTo)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &ipHdr->dataDstIPTo)) goto err_exit; @@ -958,8 +916,7 @@ iptablesHandleIpHdr(virConnectPtr conn A if (HAS_ENTRY_ITEM(&ipHdr->dataDSCP)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &ipHdr->dataDSCP)) goto err_exit; @@ -980,8 +937,7 @@ err_exit: static int -iptablesHandlePortData(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +iptablesHandlePortData(virBufferPtr buf, virNWFilterHashTablePtr vars, portDataDefPtr portData, int directionIn) @@ -995,8 +951,7 @@ iptablesHandlePortData(virConnectPtr con } if (HAS_ENTRY_ITEM(&portData->dataSrcPortStart)) { - if (printDataType(conn, - vars, + if (printDataType(vars, portstr, sizeof(portstr), &portData->dataSrcPortStart)) goto err_exit; @@ -1008,8 +963,7 @@ iptablesHandlePortData(virConnectPtr con portstr); if (HAS_ENTRY_ITEM(&portData->dataSrcPortEnd)) { - if (printDataType(conn, - vars, + if (printDataType(vars, portstr, sizeof(portstr), &portData->dataSrcPortEnd)) goto err_exit; @@ -1021,8 +975,7 @@ iptablesHandlePortData(virConnectPtr con } if (HAS_ENTRY_ITEM(&portData->dataDstPortStart)) { - if (printDataType(conn, - vars, + if (printDataType(vars, portstr, sizeof(portstr), &portData->dataDstPortStart)) goto err_exit; @@ -1034,8 +987,7 @@ iptablesHandlePortData(virConnectPtr con portstr); if (HAS_ENTRY_ITEM(&portData->dataDstPortEnd)) { - if (printDataType(conn, - vars, + if (printDataType(vars, portstr, sizeof(portstr), &portData->dataDstPortEnd)) goto err_exit; @@ -1054,7 +1006,6 @@ err_exit: /* * _iptablesCreateRuleInstance: - * @conn : Pointer to a virConnect object * @chainPrefix : The prefix to put in front of the name of the chain * @nwfilter : The filter * @rule: The rule of the filter to convert @@ -1069,8 +1020,7 @@ err_exit: * virConnect object. */ static int -_iptablesCreateRuleInstance(virConnectPtr conn, - int directionIn, +_iptablesCreateRuleInstance(int directionIn, const char *chainPrefix, virNWFilterDefPtr nwfilter, virNWFilterRuleDefPtr rule, @@ -1099,30 +1049,26 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p tcp"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.tcpHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.tcpHdrFilter.ipHdr, directionIn)) goto err_exit; - if (iptablesHandlePortData(conn, - &buf, + if (iptablesHandlePortData(&buf, vars, &rule->p.tcpHdrFilter.portData, directionIn)) goto err_exit; if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPOption)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.tcpHdrFilter.dataTCPOption)) goto err_exit; @@ -1144,22 +1090,19 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p udp"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.udpHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.udpHdrFilter.ipHdr, directionIn)) goto err_exit; - if (iptablesHandlePortData(conn, - &buf, + if (iptablesHandlePortData(&buf, vars, &rule->p.udpHdrFilter.portData, directionIn)) @@ -1175,15 +1118,13 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p udplite"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.udpliteHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.udpliteHdrFilter.ipHdr, directionIn)) @@ -1200,15 +1141,13 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p esp"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.espHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.espHdrFilter.ipHdr, directionIn)) @@ -1225,15 +1164,13 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p ah"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.ahHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.ahHdrFilter.ipHdr, directionIn)) @@ -1250,22 +1187,19 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p sctp"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.sctpHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.sctpHdrFilter.ipHdr, directionIn)) goto err_exit; - if (iptablesHandlePortData(conn, - &buf, + if (iptablesHandlePortData(&buf, vars, &rule->p.sctpHdrFilter.portData, directionIn)) @@ -1284,15 +1218,13 @@ _iptablesCreateRuleInstance(virConnectPt else virBufferAddLit(&buf, " -p icmpv6"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.icmpHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.icmpHdrFilter.ipHdr, directionIn)) @@ -1305,8 +1237,7 @@ _iptablesCreateRuleInstance(virConnectPt else parm = "--icmpv6-type"; - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.icmpHdrFilter.dataICMPType)) goto err_exit; @@ -1318,8 +1249,7 @@ _iptablesCreateRuleInstance(virConnectPt number); if (HAS_ENTRY_ITEM(&rule->p.icmpHdrFilter.dataICMPCode)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.icmpHdrFilter.dataICMPCode)) goto err_exit; @@ -1339,15 +1269,13 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p igmp"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.igmpHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.igmpHdrFilter.ipHdr, directionIn)) @@ -1364,15 +1292,13 @@ _iptablesCreateRuleInstance(virConnectPt virBufferAddLit(&buf, " -p all"); - if (iptablesHandleSrcMacAddr(conn, - &buf, + if (iptablesHandleSrcMacAddr(&buf, vars, &rule->p.allHdrFilter.dataSrcMACAddr, directionIn)) goto err_exit; - if (iptablesHandleIpHdr(conn, - &buf, + if (iptablesHandleIpHdr(&buf, vars, &rule->p.allHdrFilter.ipHdr, directionIn)) @@ -1403,8 +1329,7 @@ _iptablesCreateRuleInstance(virConnectPt return -1; } - return ebiptablesAddRuleInst(conn, - res, + return ebiptablesAddRuleInst(res, virBufferContentAndReset(&buf), nwfilter->chainsuffix, '\0', @@ -1421,8 +1346,7 @@ err_exit: static int -iptablesCreateRuleInstance(virConnectPtr conn, - virNWFilterDefPtr nwfilter, +iptablesCreateRuleInstance(virNWFilterDefPtr nwfilter, virNWFilterRuleDefPtr rule, const char *ifname, virNWFilterHashTablePtr vars, @@ -1443,8 +1367,7 @@ iptablesCreateRuleInstance(virConnectPtr chainPrefix[0] = 'F'; chainPrefix[1] = CHAINPREFIX_HOST_IN_TEMP; - rc = _iptablesCreateRuleInstance(conn, - directionIn, + rc = _iptablesCreateRuleInstance(directionIn, chainPrefix, nwfilter, rule, @@ -1459,8 +1382,7 @@ iptablesCreateRuleInstance(virConnectPtr return rc; chainPrefix[1] = CHAINPREFIX_HOST_OUT_TEMP; - rc = _iptablesCreateRuleInstance(conn, - !directionIn, + rc = _iptablesCreateRuleInstance(!directionIn, chainPrefix, nwfilter, rule, @@ -1476,8 +1398,7 @@ iptablesCreateRuleInstance(virConnectPtr chainPrefix[0] = 'H'; chainPrefix[1] = CHAINPREFIX_HOST_IN_TEMP; - rc = _iptablesCreateRuleInstance(conn, - directionIn, + rc = _iptablesCreateRuleInstance(directionIn, chainPrefix, nwfilter, rule, @@ -1498,7 +1419,6 @@ iptablesCreateRuleInstance(virConnectPtr /* * ebtablesCreateRuleInstance: - * @conn : Pointer to a virConnect object * @chainPrefix : The prefix to put in front of the name of the chain * @nwfilter : The filter * @rule: The rule of the filter to convert @@ -1513,8 +1433,7 @@ iptablesCreateRuleInstance(virConnectPtr * virConnect object. */ static int -ebtablesCreateRuleInstance(virConnectPtr conn, - char chainPrefix, +ebtablesCreateRuleInstance(char chainPrefix, virNWFilterDefPtr nwfilter, virNWFilterRuleDefPtr rule, const char *ifname, @@ -1543,15 +1462,13 @@ ebtablesCreateRuleInstance(virConnectPtr EBTABLES_DEFAULT_TABLE, chain); - if (ebtablesHandleEthHdr(conn, - &buf, + if (ebtablesHandleEthHdr(&buf, vars, &rule->p.ethHdrFilter.ethHdr)) goto err_exit; if (HAS_ENTRY_ITEM(&rule->p.ethHdrFilter.dataProtocolID)) { - if (printDataTypeAsHex(conn, - vars, + if (printDataTypeAsHex(vars, number, sizeof(number), &rule->p.ethHdrFilter.dataProtocolID)) goto err_exit; @@ -1568,8 +1485,7 @@ ebtablesCreateRuleInstance(virConnectPtr CMD_DEF_PRE EBTABLES_CMD " -t %s -%%c %s %%s", EBTABLES_DEFAULT_TABLE, chain); - if (ebtablesHandleEthHdr(conn, - &buf, + if (ebtablesHandleEthHdr(&buf, vars, &rule->p.arpHdrFilter.ethHdr)) goto err_exit; @@ -1577,10 +1493,9 @@ ebtablesCreateRuleInstance(virConnectPtr virBufferAddLit(&buf, " -p arp"); if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataHWType)) { - if (printDataType(conn, - vars, - number, sizeof(number), - &rule->p.arpHdrFilter.dataHWType)) + if (printDataType(vars, + number, sizeof(number), + &rule->p.arpHdrFilter.dataHWType)) goto err_exit; virBufferVSprintf(&buf, " --arp-htype %s %s", @@ -1589,8 +1504,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataOpcode)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.arpHdrFilter.dataOpcode)) goto err_exit; @@ -1601,8 +1515,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataProtocolType)) { - if (printDataTypeAsHex(conn, - vars, + if (printDataTypeAsHex(vars, number, sizeof(number), &rule->p.arpHdrFilter.dataProtocolType)) goto err_exit; @@ -1613,8 +1526,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.arpHdrFilter.dataARPSrcIPAddr)) goto err_exit; @@ -1626,8 +1538,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.arpHdrFilter.dataARPDstIPAddr)) goto err_exit; @@ -1639,8 +1550,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcMACAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, macaddr, sizeof(macaddr), &rule->p.arpHdrFilter.dataARPSrcMACAddr)) goto err_exit; @@ -1652,8 +1562,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstMACAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, macaddr, sizeof(macaddr), &rule->p.arpHdrFilter.dataARPDstMACAddr)) goto err_exit; @@ -1670,8 +1579,7 @@ ebtablesCreateRuleInstance(virConnectPtr CMD_DEF_PRE EBTABLES_CMD " -t %s -%%c %s %%s", EBTABLES_DEFAULT_TABLE, chain); - if (ebtablesHandleEthHdr(conn, - &buf, + if (ebtablesHandleEthHdr(&buf, vars, &rule->p.ipHdrFilter.ethHdr)) goto err_exit; @@ -1680,8 +1588,7 @@ ebtablesCreateRuleInstance(virConnectPtr " -p ipv4"); if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr)) goto err_exit; @@ -1692,8 +1599,7 @@ ebtablesCreateRuleInstance(virConnectPtr ipaddr); if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataSrcIPMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataSrcIPMask)) goto err_exit; @@ -1705,8 +1611,7 @@ ebtablesCreateRuleInstance(virConnectPtr if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataDstIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipaddr, sizeof(ipaddr), &rule->p.ipHdrFilter.ipHdr.dataDstIPAddr)) goto err_exit; @@ -1717,8 +1622,7 @@ ebtablesCreateRuleInstance(virConnectPtr ipaddr); if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataDstIPMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataDstIPMask)) goto err_exit; @@ -1729,8 +1633,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataProtocolID)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataProtocolID)) goto err_exit; @@ -1743,8 +1646,7 @@ ebtablesCreateRuleInstance(virConnectPtr if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataSrcPortStart)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.portData.dataSrcPortStart)) goto err_exit; @@ -1755,8 +1657,7 @@ ebtablesCreateRuleInstance(virConnectPtr number); if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataSrcPortEnd)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.portData.dataSrcPortEnd)) goto err_exit; @@ -1769,8 +1670,7 @@ ebtablesCreateRuleInstance(virConnectPtr if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataDstPortStart)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.portData.dataDstPortStart)) goto err_exit; @@ -1781,8 +1681,7 @@ ebtablesCreateRuleInstance(virConnectPtr number); if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.portData.dataDstPortEnd)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.portData.dataDstPortEnd)) goto err_exit; @@ -1794,8 +1693,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.ipHdrFilter.ipHdr.dataDSCP)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipHdrFilter.ipHdr.dataDSCP)) goto err_exit; @@ -1812,8 +1710,7 @@ ebtablesCreateRuleInstance(virConnectPtr CMD_DEF_PRE EBTABLES_CMD " -t %s -%%c %s %%s", EBTABLES_DEFAULT_TABLE, chain); - if (ebtablesHandleEthHdr(conn, - &buf, + if (ebtablesHandleEthHdr(&buf, vars, &rule->p.ipv6HdrFilter.ethHdr)) goto err_exit; @@ -1822,8 +1719,7 @@ ebtablesCreateRuleInstance(virConnectPtr " -p ipv6"); if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipv6addr, sizeof(ipv6addr), &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr)) goto err_exit; @@ -1834,8 +1730,7 @@ ebtablesCreateRuleInstance(virConnectPtr ipv6addr); if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataSrcIPMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.ipHdr.dataSrcIPMask)) goto err_exit; @@ -1847,8 +1742,7 @@ ebtablesCreateRuleInstance(virConnectPtr if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr)) { - if (printDataType(conn, - vars, + if (printDataType(vars, ipv6addr, sizeof(ipv6addr), &rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr)) goto err_exit; @@ -1859,8 +1753,7 @@ ebtablesCreateRuleInstance(virConnectPtr ipv6addr); if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask)) goto err_exit; @@ -1871,8 +1764,7 @@ ebtablesCreateRuleInstance(virConnectPtr } if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.ipHdr.dataProtocolID)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.ipHdr.dataProtocolID)) goto err_exit; @@ -1885,8 +1777,7 @@ ebtablesCreateRuleInstance(virConnectPtr if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataSrcPortStart)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.portData.dataSrcPortStart)) goto err_exit; @@ -1897,8 +1788,7 @@ ebtablesCreateRuleInstance(virConnectPtr number); if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataSrcPortEnd)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.portData.dataSrcPortEnd)) goto err_exit; @@ -1911,8 +1801,7 @@ ebtablesCreateRuleInstance(virConnectPtr if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataDstPortStart)) { - if (printDataType(conn, - vars, + if (printDataType(vars, number, sizeof(number), &rule->p.ipv6HdrFilter.portData.dataDstPortStart)) goto err_exit; @@ -1923,10 +1812,9 @@ ebtablesCreateRuleInstance(virConnectPtr number); if (HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.portData.dataDstPortEnd)) { - if (printDataType(conn, - vars, - number, sizeof(number), - &rule->p.ipv6HdrFilter.portData.dataDstPortEnd)) + if (printDataType(vars, + number, sizeof(number), + &rule->p.ipv6HdrFilter.portData.dataDstPortEnd)) goto err_exit; virBufferVSprintf(&buf, @@ -1957,8 +1845,7 @@ ebtablesCreateRuleInstance(virConnectPtr return -1; } - return ebiptablesAddRuleInst(conn, - res, + return ebiptablesAddRuleInst(res, virBufferContentAndReset(&buf), nwfilter->chainsuffix, chainPrefix, @@ -1988,7 +1875,7 @@ err_exit: * virConnect object. */ static int -ebiptablesCreateRuleInstance(virConnectPtr conn, +ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED, enum virDomainNetType nettype, virNWFilterDefPtr nwfilter, virNWFilterRuleDefPtr rule, @@ -2008,8 +1895,7 @@ ebiptablesCreateRuleInstance(virConnectP if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_OUT || rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) { - rc = ebtablesCreateRuleInstance(conn, - CHAINPREFIX_HOST_IN_TEMP, + rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_IN_TEMP, nwfilter, rule, ifname, @@ -2021,8 +1907,7 @@ ebiptablesCreateRuleInstance(virConnectP if (rule->tt == VIR_NWFILTER_RULE_DIRECTION_IN || rule->tt == VIR_NWFILTER_RULE_DIRECTION_INOUT) { - rc = ebtablesCreateRuleInstance(conn, - CHAINPREFIX_HOST_OUT_TEMP, + rc = ebtablesCreateRuleInstance(CHAINPREFIX_HOST_OUT_TEMP, nwfilter, rule, ifname, @@ -2041,15 +1926,14 @@ ebiptablesCreateRuleInstance(virConnectP case VIR_NWFILTER_RULE_PROTOCOL_IGMP: case VIR_NWFILTER_RULE_PROTOCOL_ALL: if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, _("'%s' protocol not support for net type '%s'"), virNWFilterRuleProtocolTypeToString(rule->prtclType), virDomainNetTypeToString(nettype)); return 1; } isIPv6 = 0; - rc = iptablesCreateRuleInstance(conn, - nwfilter, + rc = iptablesCreateRuleInstance(nwfilter, rule, ifname, vars, @@ -2066,15 +1950,14 @@ ebiptablesCreateRuleInstance(virConnectP case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6: case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6: if (nettype == VIR_DOMAIN_NET_TYPE_DIRECT) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, _("'%s' protocol not support for net type '%s'"), virNWFilterRuleProtocolTypeToString(rule->prtclType), virDomainNetTypeToString(nettype)); return 1; } isIPv6 = 1; - rc = iptablesCreateRuleInstance(conn, - nwfilter, + rc = iptablesCreateRuleInstance(nwfilter, rule, ifname, vars, @@ -2083,7 +1966,7 @@ ebiptablesCreateRuleInstance(virConnectP break; case VIR_NWFILTER_RULE_PROTOCOL_LAST: - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(VIR_ERR_INVALID_NWFILTER, "%s", _("illegal protocol type")); rc = 1; break; @@ -2115,7 +1998,6 @@ ebiptablesDisplayRuleInstance(virConnect /** * ebiptablesWriteToTempFile: - * @conn: pointer to virConnect object * @string : the string to write into the file * * Returns the tempory filename where the string was written into, @@ -2128,8 +2010,7 @@ ebiptablesDisplayRuleInstance(virConnect * set so that the file can be run as an executable script. */ static char * -ebiptablesWriteToTempFile(virConnectPtr conn, - const char *string) { +ebiptablesWriteToTempFile(const char *string) { char filename[] = "/tmp/virtdXXXXXX"; int len; char *filnam; @@ -2139,14 +2020,14 @@ ebiptablesWriteToTempFile(virConnectPtr int fd = mkstemp(filename); if (fd < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot create temporary file")); return NULL; } if (fchmod(fd, S_IXUSR| S_IRUSR | S_IWUSR) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot change permissions on temp. file")); goto err_exit; @@ -2155,7 +2036,7 @@ ebiptablesWriteToTempFile(virConnectPtr len = strlen(header); written = safewrite(fd, header, len); if (written != len) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot write string to file")); goto err_exit; @@ -2164,7 +2045,7 @@ ebiptablesWriteToTempFile(virConnectPtr len = strlen(string); written = safewrite(fd, string, len); if (written != len) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot write string to file")); goto err_exit; @@ -2188,7 +2069,6 @@ err_exit: /** * ebiptablesExecCLI: - * @conn : pointer to virConnect object * @buf : pointer to virBuffer containing the string with the commands to * execute. * @status: Pointer to an integer for returning the status of the @@ -2202,8 +2082,7 @@ err_exit: * script and return the status of the execution. */ static int -ebiptablesExecCLI(virConnectPtr conn, - virBufferPtr buf, +ebiptablesExecCLI(virBufferPtr buf, int *status) { char *cmds; @@ -2226,7 +2105,7 @@ ebiptablesExecCLI(virConnectPtr conn, if (!cmds) return 0; - filename = ebiptablesWriteToTempFile(conn, cmds); + filename = ebiptablesWriteToTempFile(cmds); VIR_FREE(cmds); if (!filename) @@ -2248,8 +2127,7 @@ ebiptablesExecCLI(virConnectPtr conn, static int -ebtablesCreateTmpRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +ebtablesCreateTmpRootChain(virBufferPtr buf, int incoming, const char *ifname, int stopOnError) { @@ -2271,8 +2149,7 @@ ebtablesCreateTmpRootChain(virConnectPtr static int -ebtablesLinkTmpRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +ebtablesLinkTmpRootChain(virBufferPtr buf, int incoming, const char *ifname, int stopOnError) { @@ -2299,8 +2176,7 @@ ebtablesLinkTmpRootChain(virConnectPtr c static int -_ebtablesRemoveRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +_ebtablesRemoveRootChain(virBufferPtr buf, int incoming, const char *ifname, int isTempChain) { @@ -2326,26 +2202,23 @@ _ebtablesRemoveRootChain(virConnectPtr c static int -ebtablesRemoveRootChain(virConnectPtr conn, - virBufferPtr buf, +ebtablesRemoveRootChain(virBufferPtr buf, int incoming, const char *ifname) { - return _ebtablesRemoveRootChain(conn, buf, incoming, ifname, 0); + return _ebtablesRemoveRootChain(buf, incoming, ifname, 0); } static int -ebtablesRemoveTmpRootChain(virConnectPtr conn, - virBufferPtr buf, +ebtablesRemoveTmpRootChain(virBufferPtr buf, int incoming, const char *ifname) { - return _ebtablesRemoveRootChain(conn, buf, incoming, ifname, 1); + return _ebtablesRemoveRootChain(buf, incoming, ifname, 1); } static int -_ebtablesUnlinkRootChain(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +_ebtablesUnlinkRootChain(virBufferPtr buf, int incoming, const char *ifname, int isTempChain) { @@ -2375,26 +2248,23 @@ _ebtablesUnlinkRootChain(virConnectPtr c static int -ebtablesUnlinkRootChain(virConnectPtr conn, - virBufferPtr buf, +ebtablesUnlinkRootChain(virBufferPtr buf, int incoming, const char *ifname) { - return _ebtablesUnlinkRootChain(conn, buf, incoming, ifname, 0); + return _ebtablesUnlinkRootChain(buf, incoming, ifname, 0); } static int -ebtablesUnlinkTmpRootChain(virConnectPtr conn, - virBufferPtr buf, +ebtablesUnlinkTmpRootChain(virBufferPtr buf, int incoming, const char *ifname) { - return _ebtablesUnlinkRootChain(conn, buf, incoming, ifname, 1); + return _ebtablesUnlinkRootChain(buf, incoming, ifname, 1); } static int -ebtablesCreateTmpSubChain(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +ebtablesCreateTmpSubChain(virBufferPtr buf, int incoming, const char *ifname, const char *protocol, @@ -2430,8 +2300,7 @@ ebtablesCreateTmpSubChain(virConnectPtr static int -_ebtablesRemoveSubChain(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +_ebtablesRemoveSubChain(virBufferPtr buf, int incoming, const char *ifname, const char *protocol, @@ -2467,26 +2336,24 @@ _ebtablesRemoveSubChain(virConnectPtr co static int -ebtablesRemoveSubChain(virConnectPtr conn, - virBufferPtr buf, +ebtablesRemoveSubChain(virBufferPtr buf, int incoming, const char *ifname, const char *protocol) { - return _ebtablesRemoveSubChain(conn, buf, + return _ebtablesRemoveSubChain(buf, incoming, ifname, protocol, 0); } static int -ebtablesRemoveSubChains(virConnectPtr conn, - virBufferPtr buf, - const char *ifname) +ebtablesRemoveSubChains(virBufferPtr buf, + const char *ifname) { int i; for (i = 0; supported_protocols[i]; i++) { - ebtablesRemoveSubChain(conn, buf, 1, ifname, supported_protocols[i]); - ebtablesRemoveSubChain(conn, buf, 0, ifname, supported_protocols[i]); + ebtablesRemoveSubChain(buf, 1, ifname, supported_protocols[i]); + ebtablesRemoveSubChain(buf, 0, ifname, supported_protocols[i]); } return 0; @@ -2494,27 +2361,25 @@ ebtablesRemoveSubChains(virConnectPtr co static int -ebtablesRemoveTmpSubChain(virConnectPtr conn, - virBufferPtr buf, +ebtablesRemoveTmpSubChain(virBufferPtr buf, int incoming, const char *ifname, const char *protocol) { - return _ebtablesRemoveSubChain(conn, buf, + return _ebtablesRemoveSubChain(buf, incoming, ifname, protocol, 1); } static int -ebtablesRemoveTmpSubChains(virConnectPtr conn, - virBufferPtr buf, +ebtablesRemoveTmpSubChains(virBufferPtr buf, const char *ifname) { int i; for (i = 0; supported_protocols[i]; i++) { - ebtablesRemoveTmpSubChain(conn, buf, 1, ifname, + ebtablesRemoveTmpSubChain(buf, 1, ifname, supported_protocols[i]); - ebtablesRemoveTmpSubChain(conn, buf, 0, ifname, + ebtablesRemoveTmpSubChain(buf, 0, ifname, supported_protocols[i]); } @@ -2523,8 +2388,7 @@ ebtablesRemoveTmpSubChains(virConnectPtr static int -ebtablesRenameTmpSubChain(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +ebtablesRenameTmpSubChain(virBufferPtr buf, int incoming, const char *ifname, const char *protocol) @@ -2553,15 +2417,14 @@ ebtablesRenameTmpSubChain(virConnectPtr static int -ebtablesRenameTmpSubChains(virConnectPtr conn, - virBufferPtr buf, +ebtablesRenameTmpSubChains(virBufferPtr buf, const char *ifname) { int i; for (i = 0; supported_protocols[i]; i++) { - ebtablesRenameTmpSubChain (conn, buf, 1, ifname, + ebtablesRenameTmpSubChain (buf, 1, ifname, supported_protocols[i]); - ebtablesRenameTmpSubChain (conn, buf, 0, ifname, + ebtablesRenameTmpSubChain (buf, 0, ifname, supported_protocols[i]); } @@ -2570,18 +2433,16 @@ ebtablesRenameTmpSubChains(virConnectPtr static int -ebtablesRenameTmpRootChain(virConnectPtr conn, - virBufferPtr buf, +ebtablesRenameTmpRootChain(virBufferPtr buf, int incoming, const char *ifname) { - return ebtablesRenameTmpSubChain(conn, buf, incoming, ifname, NULL); + return ebtablesRenameTmpSubChain(buf, incoming, ifname, NULL); } static void -ebiptablesInstCommand(virConnectPtr conn ATTRIBUTE_UNUSED, - virBufferPtr buf, +ebiptablesInstCommand(virBufferPtr buf, const char *templ, char cmd, int pos, int stopOnError) { @@ -2604,7 +2465,7 @@ ebiptablesRuleOrderSort(const void *a, c static int -ebiptablesApplyNewRules(virConnectPtr conn, +ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED, const char *ifname, int nruleInstances, void **_inst) @@ -2630,41 +2491,41 @@ ebiptablesApplyNewRules(virConnectPtr co } } - ebtablesUnlinkTmpRootChain(conn, &buf, 1, ifname); - ebtablesUnlinkTmpRootChain(conn, &buf, 0, ifname); - ebtablesRemoveTmpSubChains(conn, &buf, ifname); - ebtablesRemoveTmpRootChain(conn, &buf, 1, ifname); - ebtablesRemoveTmpRootChain(conn, &buf, 0, ifname); - ebiptablesExecCLI(conn, &buf, &cli_status); + ebtablesUnlinkTmpRootChain(&buf, 1, ifname); + ebtablesUnlinkTmpRootChain(&buf, 0, ifname); + ebtablesRemoveTmpSubChains(&buf, ifname); + ebtablesRemoveTmpRootChain(&buf, 1, ifname); + ebtablesRemoveTmpRootChain(&buf, 0, ifname); + ebiptablesExecCLI(&buf, &cli_status); if (chains_in != 0) - ebtablesCreateTmpRootChain(conn, &buf, 1, ifname, 1); + ebtablesCreateTmpRootChain(&buf, 1, ifname, 1); if (chains_out != 0) - ebtablesCreateTmpRootChain(conn, &buf, 0, ifname, 1); + ebtablesCreateTmpRootChain(&buf, 0, ifname, 1); if (chains_in & (1 << VIR_NWFILTER_CHAINSUFFIX_IPv4)) - ebtablesCreateTmpSubChain(conn, &buf, 1, ifname, "ipv4", 1); + ebtablesCreateTmpSubChain(&buf, 1, ifname, "ipv4", 1); if (chains_out & (1 << VIR_NWFILTER_CHAINSUFFIX_IPv4)) - ebtablesCreateTmpSubChain(conn, &buf, 0, ifname, "ipv4", 1); + ebtablesCreateTmpSubChain(&buf, 0, ifname, "ipv4", 1); if (chains_in & (1 << VIR_NWFILTER_CHAINSUFFIX_IPv6)) - ebtablesCreateTmpSubChain(conn, &buf, 1, ifname, "ipv6", 1); + ebtablesCreateTmpSubChain(&buf, 1, ifname, "ipv6", 1); if (chains_out & (1 << VIR_NWFILTER_CHAINSUFFIX_IPv6)) - ebtablesCreateTmpSubChain(conn, &buf, 0, ifname, "ipv6", 1); + ebtablesCreateTmpSubChain(&buf, 0, ifname, "ipv6", 1); // keep arp as last if (chains_in & (1 << VIR_NWFILTER_CHAINSUFFIX_ARP)) - ebtablesCreateTmpSubChain(conn, &buf, 1, ifname, "arp", 1); + ebtablesCreateTmpSubChain(&buf, 1, ifname, "arp", 1); if (chains_out & (1 << VIR_NWFILTER_CHAINSUFFIX_ARP)) - ebtablesCreateTmpSubChain(conn, &buf, 0, ifname, "arp", 1); + ebtablesCreateTmpSubChain(&buf, 0, ifname, "arp", 1); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpebchains; for (i = 0; i < nruleInstances; i++) switch (inst[i]->ruleType) { case RT_EBTABLES: - ebiptablesInstCommand(conn, &buf, + ebiptablesInstCommand(&buf, inst[i]->commandTemplate, 'A', -1, 1); break; @@ -2676,68 +2537,68 @@ ebiptablesApplyNewRules(virConnectPtr co break; } - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpebchains; // FIXME: establishment of iptables user define table tree goes here if (haveIptables) { - iptablesUnlinkTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); - iptablesRemoveTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); + iptablesUnlinkTmpRootChains(IPTABLES_CMD, &buf, ifname); + iptablesRemoveTmpRootChains(IPTABLES_CMD, &buf, ifname); - iptablesCreateBaseChains(conn, IPTABLES_CMD, &buf); + iptablesCreateBaseChains(IPTABLES_CMD, &buf); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpebchains; - iptablesCreateTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); + iptablesCreateTmpRootChains(IPTABLES_CMD, &buf, ifname); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpiptchains; - iptablesLinkTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); - iptablesSetupVirtInPost(conn, IPTABLES_CMD, &buf, ifname); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + iptablesLinkTmpRootChains(IPTABLES_CMD, &buf, ifname); + iptablesSetupVirtInPost(IPTABLES_CMD, &buf, ifname); + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpiptchains; for (i = 0; i < nruleInstances; i++) { if (inst[i]->ruleType == RT_IPTABLES) - iptablesInstCommand(conn, &buf, + iptablesInstCommand(&buf, inst[i]->commandTemplate, 'A', -1, 1); } - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpiptchains; } if (haveIp6tables) { - iptablesUnlinkTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); - iptablesRemoveTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); + iptablesUnlinkTmpRootChains(IP6TABLES_CMD, &buf, ifname); + iptablesRemoveTmpRootChains(IP6TABLES_CMD, &buf, ifname); - iptablesCreateBaseChains(conn, IP6TABLES_CMD, &buf); + iptablesCreateBaseChains(IP6TABLES_CMD, &buf); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpiptchains; - iptablesCreateTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); + iptablesCreateTmpRootChains(IP6TABLES_CMD, &buf, ifname); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpip6tchains; - iptablesLinkTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); - iptablesSetupVirtInPost(conn, IP6TABLES_CMD, &buf, ifname); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + iptablesLinkTmpRootChains(IP6TABLES_CMD, &buf, ifname); + iptablesSetupVirtInPost(IP6TABLES_CMD, &buf, ifname); + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpip6tchains; for (i = 0; i < nruleInstances; i++) { if (inst[i]->ruleType == RT_IP6TABLES) - iptablesInstCommand(conn, &buf, + iptablesInstCommand(&buf, inst[i]->commandTemplate, 'A', -1, 1); } - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_tmpip6tchains; } @@ -2745,39 +2606,39 @@ ebiptablesApplyNewRules(virConnectPtr co // END IPTABLES stuff if (chains_in != 0) - ebtablesLinkTmpRootChain(conn, &buf, 1, ifname, 1); + ebtablesLinkTmpRootChain(&buf, 1, ifname, 1); if (chains_out != 0) - ebtablesLinkTmpRootChain(conn, &buf, 0, ifname, 1); + ebtablesLinkTmpRootChain(&buf, 0, ifname, 1); - if (ebiptablesExecCLI(conn, &buf, &cli_status) || cli_status != 0) + if (ebiptablesExecCLI(&buf, &cli_status) || cli_status != 0) goto tear_down_ebsubchains_and_unlink; return 0; tear_down_ebsubchains_and_unlink: - ebtablesUnlinkTmpRootChain(conn, &buf, 1, ifname); - ebtablesUnlinkTmpRootChain(conn, &buf, 0, ifname); + ebtablesUnlinkTmpRootChain(&buf, 1, ifname); + ebtablesUnlinkTmpRootChain(&buf, 0, ifname); tear_down_tmpip6tchains: if (haveIp6tables) { - iptablesUnlinkTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); - iptablesRemoveTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); + iptablesUnlinkTmpRootChains(IP6TABLES_CMD, &buf, ifname); + iptablesRemoveTmpRootChains(IP6TABLES_CMD, &buf, ifname); } tear_down_tmpiptchains: if (haveIptables) { - iptablesUnlinkTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); - iptablesRemoveTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); + iptablesUnlinkTmpRootChains(IPTABLES_CMD, &buf, ifname); + iptablesRemoveTmpRootChains(IPTABLES_CMD, &buf, ifname); } tear_down_tmpebchains: - ebtablesRemoveTmpSubChains(conn, &buf, ifname); - ebtablesRemoveTmpRootChain(conn, &buf, 1, ifname); - ebtablesRemoveTmpRootChain(conn, &buf, 0, ifname); + ebtablesRemoveTmpSubChains(&buf, ifname); + ebtablesRemoveTmpRootChain(&buf, 1, ifname); + ebtablesRemoveTmpRootChain(&buf, 0, ifname); - ebiptablesExecCLI(conn, &buf, &cli_status); + ebiptablesExecCLI(&buf, &cli_status); - virNWFilterReportError(conn, VIR_ERR_BUILD_FIREWALL, + virNWFilterReportError(VIR_ERR_BUILD_FIREWALL, "%s", _("Some rules could not be created.")); @@ -2786,64 +2647,64 @@ tear_down_tmpebchains: static int -ebiptablesTearNewRules(virConnectPtr conn, +ebiptablesTearNewRules(virConnectPtr conn ATTRIBUTE_UNUSED, const char *ifname) { int cli_status; virBuffer buf = VIR_BUFFER_INITIALIZER; - iptablesUnlinkTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); - iptablesRemoveTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); + iptablesUnlinkTmpRootChains(IPTABLES_CMD, &buf, ifname); + iptablesRemoveTmpRootChains(IPTABLES_CMD, &buf, ifname); - iptablesUnlinkTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); - iptablesRemoveTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); + iptablesUnlinkTmpRootChains(IP6TABLES_CMD, &buf, ifname); + iptablesRemoveTmpRootChains(IP6TABLES_CMD, &buf, ifname); - ebtablesUnlinkTmpRootChain(conn, &buf, 1, ifname); - ebtablesUnlinkTmpRootChain(conn, &buf, 0, ifname); + ebtablesUnlinkTmpRootChain(&buf, 1, ifname); + ebtablesUnlinkTmpRootChain(&buf, 0, ifname); - ebtablesRemoveTmpSubChains(conn, &buf, ifname); - ebtablesRemoveTmpRootChain(conn, &buf, 1, ifname); - ebtablesRemoveTmpRootChain(conn, &buf, 0, ifname); + ebtablesRemoveTmpSubChains(&buf, ifname); + ebtablesRemoveTmpRootChain(&buf, 1, ifname); + ebtablesRemoveTmpRootChain(&buf, 0, ifname); - ebiptablesExecCLI(conn, &buf, &cli_status); + ebiptablesExecCLI(&buf, &cli_status); return 0; } static int -ebiptablesTearOldRules(virConnectPtr conn, +ebiptablesTearOldRules(virConnectPtr conn ATTRIBUTE_UNUSED, const char *ifname) { int cli_status; virBuffer buf = VIR_BUFFER_INITIALIZER; // switch to new iptables user defined chains - iptablesUnlinkRootChains(conn, IPTABLES_CMD, &buf, ifname); - iptablesRemoveRootChains(conn, IPTABLES_CMD, &buf, ifname); + iptablesUnlinkRootChains(IPTABLES_CMD, &buf, ifname); + iptablesRemoveRootChains(IPTABLES_CMD, &buf, ifname); - iptablesRenameTmpRootChains(conn, IPTABLES_CMD, &buf, ifname); - ebiptablesExecCLI(conn, &buf, &cli_status); + iptablesRenameTmpRootChains(IPTABLES_CMD, &buf, ifname); + ebiptablesExecCLI(&buf, &cli_status); - iptablesUnlinkRootChains(conn, IP6TABLES_CMD, &buf, ifname); - iptablesRemoveRootChains(conn, IP6TABLES_CMD, &buf, ifname); + iptablesUnlinkRootChains(IP6TABLES_CMD, &buf, ifname); + iptablesRemoveRootChains(IP6TABLES_CMD, &buf, ifname); - iptablesRenameTmpRootChains(conn, IP6TABLES_CMD, &buf, ifname); - ebiptablesExecCLI(conn, &buf, &cli_status); + iptablesRenameTmpRootChains(IP6TABLES_CMD, &buf, ifname); + ebiptablesExecCLI(&buf, &cli_status); - ebtablesUnlinkRootChain(conn, &buf, 1, ifname); - ebtablesUnlinkRootChain(conn, &buf, 0, ifname); + ebtablesUnlinkRootChain(&buf, 1, ifname); + ebtablesUnlinkRootChain(&buf, 0, ifname); - ebtablesRemoveSubChains(conn, &buf, ifname); + ebtablesRemoveSubChains(&buf, ifname); - ebtablesRemoveRootChain(conn, &buf, 1, ifname); - ebtablesRemoveRootChain(conn, &buf, 0, ifname); + ebtablesRemoveRootChain(&buf, 1, ifname); + ebtablesRemoveRootChain(&buf, 0, ifname); - ebtablesRenameTmpSubChains(conn, &buf, ifname); - ebtablesRenameTmpRootChain(conn, &buf, 1, ifname); - ebtablesRenameTmpRootChain(conn, &buf, 0, ifname); + ebtablesRenameTmpSubChains(&buf, ifname); + ebtablesRenameTmpRootChain(&buf, 1, ifname); + ebtablesRenameTmpRootChain(&buf, 0, ifname); - ebiptablesExecCLI(conn, &buf, &cli_status); + ebiptablesExecCLI(&buf, &cli_status); return 0; } @@ -2862,7 +2723,7 @@ ebiptablesTearOldRules(virConnectPtr con * commands failed. */ static int -ebiptablesRemoveRules(virConnectPtr conn, +ebiptablesRemoveRules(virConnectPtr conn ATTRIBUTE_UNUSED, const char *ifname ATTRIBUTE_UNUSED, int nruleInstances, void **_inst) @@ -2874,16 +2735,16 @@ ebiptablesRemoveRules(virConnectPtr conn ebiptablesRuleInstPtr *inst = (ebiptablesRuleInstPtr *)_inst; for (i = 0; i < nruleInstances; i++) - ebiptablesInstCommand(conn, &buf, + ebiptablesInstCommand(&buf, inst[i]->commandTemplate, 'D', -1, 0); - if (ebiptablesExecCLI(conn, &buf, &cli_status)) + if (ebiptablesExecCLI(&buf, &cli_status)) goto err_exit; if (cli_status) { - virNWFilterReportError(conn, VIR_ERR_BUILD_FIREWALL, + virNWFilterReportError(VIR_ERR_BUILD_FIREWALL, "%s", _("error while executing CLI commands")); rc = 1; @@ -2908,25 +2769,24 @@ ebiptablesAllTeardown(const char *ifname { virBuffer buf = VIR_BUFFER_INITIALIZER; int cli_status; - virConnectPtr conn = NULL; - iptablesUnlinkRootChains(conn, IPTABLES_CMD, &buf, ifname); - iptablesClearVirtInPost (conn, IPTABLES_CMD, &buf, ifname); - iptablesRemoveRootChains(conn, IPTABLES_CMD, &buf, ifname); + iptablesUnlinkRootChains(IPTABLES_CMD, &buf, ifname); + iptablesClearVirtInPost (IPTABLES_CMD, &buf, ifname); + iptablesRemoveRootChains(IPTABLES_CMD, &buf, ifname); - iptablesUnlinkRootChains(conn, IP6TABLES_CMD, &buf, ifname); - iptablesClearVirtInPost (conn, IP6TABLES_CMD, &buf, ifname); - iptablesRemoveRootChains(conn, IP6TABLES_CMD, &buf, ifname); + iptablesUnlinkRootChains(IP6TABLES_CMD, &buf, ifname); + iptablesClearVirtInPost (IP6TABLES_CMD, &buf, ifname); + iptablesRemoveRootChains(IP6TABLES_CMD, &buf, ifname); - ebtablesUnlinkRootChain(conn, &buf, 1, ifname); - ebtablesUnlinkRootChain(conn, &buf, 0, ifname); + ebtablesUnlinkRootChain(&buf, 1, ifname); + ebtablesUnlinkRootChain(&buf, 0, ifname); - ebtablesRemoveRootChain(conn, &buf, 1, ifname); - ebtablesRemoveRootChain(conn, &buf, 0, ifname); + ebtablesRemoveRootChain(&buf, 1, ifname); + ebtablesRemoveRootChain(&buf, 0, ifname); - ebtablesRemoveSubChains(conn, &buf, ifname); + ebtablesRemoveSubChains(&buf, ifname); - ebiptablesExecCLI(conn, &buf, &cli_status); + ebiptablesExecCLI(&buf, &cli_status); return 0; } Index: libvirt-acl/src/conf/nwfilter_params.c =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_params.c +++ libvirt-acl/src/conf/nwfilter_params.c @@ -153,7 +153,6 @@ virNWFilterHashTableRemoveEntry(virNWFil struct addToTableStruct { virNWFilterHashTablePtr target; int errOccurred; - virConnectPtr conn; }; @@ -174,7 +173,7 @@ addToTable(void *payload, const char *na } if (virNWFilterHashTablePut(atts->target, name, val, 1) != 0) { - virNWFilterReportError(atts->conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not put variable '%s' into hashmap"), name); atts->errOccurred = 1; @@ -184,14 +183,12 @@ addToTable(void *payload, const char *na int -virNWFilterHashTablePutAll(virConnectPtr conn, - virNWFilterHashTablePtr src, +virNWFilterHashTablePutAll(virNWFilterHashTablePtr src, virNWFilterHashTablePtr dest) { struct addToTableStruct atts = { .target = dest, .errOccurred = 0, - .conn = conn, }; virHashForEach(src->hashTable, addToTable, &atts); Index: libvirt-acl/tests/nwfilterxml2xmltest.c =================================================================== --- libvirt-acl.orig/tests/nwfilterxml2xmltest.c +++ libvirt-acl/tests/nwfilterxml2xmltest.c @@ -39,7 +39,7 @@ static int testCompareXMLToXMLFiles(cons if (!(dev = virNWFilterDefParseString(NULL, inXmlData))) goto fail; - if (!(actual = virNWFilterDefFormat(NULL, dev))) + if (!(actual = virNWFilterDefFormat(dev))) goto fail; if (STRNEQ(outXmlData, actual)) { Index: libvirt-acl/src/conf/nwfilter_params.h =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_params.h +++ libvirt-acl/src/conf/nwfilter_params.h @@ -46,8 +46,7 @@ int virNWFilterHashTablePut(virNWFilterH int freeName); int virNWFilterHashTableRemoveEntry(virNWFilterHashTablePtr table, const char *name); -int virNWFilterHashTablePutAll(virConnectPtr conn, - virNWFilterHashTablePtr src, +int virNWFilterHashTablePutAll(virNWFilterHashTablePtr src, virNWFilterHashTablePtr dest); # define VALID_VARNAME \ Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c @@ -62,7 +62,6 @@ virNWFilterTechDriverForName(const char /** * virNWFilterRuleInstAddData: - * @conn : pointer to virConnect object * @res : pointer to virNWFilterRuleInst object collecting the instantiation * data of a single firewall rule. * @data : the opaque data that the driver wants to add @@ -77,8 +76,7 @@ virNWFilterTechDriverForName(const char * message attached to the virConnect object. */ int -virNWFilterRuleInstAddData(virConnectPtr conn ATTRIBUTE_UNUSED, - virNWFilterRuleInstPtr res, +virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res, void *data) { if (VIR_REALLOC_N(res->data, res->ndata+1) < 0) { @@ -107,7 +105,6 @@ virNWFilterRuleInstFree(virNWFilterRuleI /** * virNWFilterVarHashmapAddStdValues: - * @conn: Poijter to virConnect object * @tables: pointer to hash tabel to add values to * @macaddr: The string of the MAC address to add to the hash table, * may be NULL @@ -118,15 +115,14 @@ virNWFilterRuleInstFree(virNWFilterRuleI * Adds a couple of standard keys (MAC, IP) to the hash table. */ static int -virNWFilterVarHashmapAddStdValues(virConnectPtr conn, - virNWFilterHashTablePtr table, +virNWFilterVarHashmapAddStdValues(virNWFilterHashTablePtr table, char *macaddr) { if (macaddr) { if (virHashAddEntry(table->hashTable, NWFILTER_STD_VAR_MAC, macaddr) < 0) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not add variable 'MAC' to hashmap")); return 1; } @@ -138,7 +134,6 @@ virNWFilterVarHashmapAddStdValues(virCon /** * virNWFilterCreateVarHashmap: - * @conn: pointer to virConnect object * @macaddr: pointer to string containing formatted MAC address of interface * * Create a hashmap used for evaluating the firewall rules. Initializes @@ -148,15 +143,14 @@ virNWFilterVarHashmapAddStdValues(virCon * is attached to the virConnect object. */ virNWFilterHashTablePtr -virNWFilterCreateVarHashmap(virConnectPtr conn, - char *macaddr) { +virNWFilterCreateVarHashmap(char *macaddr) { virNWFilterHashTablePtr table = virNWFilterHashTableCreate(0); if (!table) { virReportOOMError(); return NULL; } - if (virNWFilterVarHashmapAddStdValues(conn, table, macaddr)) { + if (virNWFilterVarHashmapAddStdValues(table, macaddr)) { virNWFilterHashTableFree(table); return NULL; } @@ -216,7 +210,6 @@ virNWFilterRuleInstantiate(virConnectPtr /** * virNWFilterCreateVarsFrom: - * @conn: pointer to virConnect object * @vars1: pointer to hash table * @vars2: pointer to hash table * @@ -227,8 +220,7 @@ virNWFilterRuleInstantiate(virConnectPtr * contents of var2 will overwrite those of var1. */ static virNWFilterHashTablePtr -virNWFilterCreateVarsFrom(virConnectPtr conn, - virNWFilterHashTablePtr vars1, +virNWFilterCreateVarsFrom(virNWFilterHashTablePtr vars1, virNWFilterHashTablePtr vars2) { virNWFilterHashTablePtr res = virNWFilterHashTableCreate(0); @@ -237,10 +229,10 @@ virNWFilterCreateVarsFrom(virConnectPtr return NULL; } - if (virNWFilterHashTablePutAll(conn, vars1, res)) + if (virNWFilterHashTablePutAll(vars1, res)) goto err_exit; - if (virNWFilterHashTablePutAll(conn, vars2, res)) + if (virNWFilterHashTablePutAll(vars2, res)) goto err_exit; return res; @@ -324,7 +316,7 @@ _virNWFilterInstantiateRec(virConnectPtr if (obj) { if (obj->wantRemoved) { - virNWFilterReportError(conn, VIR_ERR_NO_NWFILTER, + virNWFilterReportError(VIR_ERR_NO_NWFILTER, _("Filter '%s' is in use."), inc->filterref); rc = 1; @@ -334,8 +326,7 @@ _virNWFilterInstantiateRec(virConnectPtr // create a temporary hashmap for depth-first tree traversal virNWFilterHashTablePtr tmpvars = - virNWFilterCreateVarsFrom(conn, - inc->params, + virNWFilterCreateVarsFrom(inc->params, vars); if (!tmpvars) { virReportOOMError(); @@ -373,7 +364,7 @@ _virNWFilterInstantiateRec(virConnectPtr if (rc) break; } else { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("referenced filter '%s' is missing"), inc->filterref); rc = 1; @@ -516,7 +507,7 @@ _virNWFilterInstantiateFilter(virConnect techdriver = virNWFilterTechDriverForName(drvname); if (!techdriver) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not get access to ACL tech " "driver '%s'"), drvname); @@ -527,14 +518,14 @@ _virNWFilterInstantiateFilter(virConnect obj = virNWFilterPoolObjFindByName(&driver->pools, net->filter); if (!obj) { - virNWFilterReportError(conn, VIR_ERR_NO_NWFILTER, + virNWFilterReportError(VIR_ERR_NO_NWFILTER, _("Could not find filter '%s'"), net->filter); return 1; } if (obj->wantRemoved) { - virNWFilterReportError(conn, VIR_ERR_NO_NWFILTER, + virNWFilterReportError(VIR_ERR_NO_NWFILTER, _("Filter '%s' is in use."), net->filter); rc = 1; @@ -549,8 +540,7 @@ _virNWFilterInstantiateFilter(virConnect goto err_exit; } - vars1 = virNWFilterCreateVarHashmap(conn, - str_macaddr); + vars1 = virNWFilterCreateVarHashmap(str_macaddr); if (!vars1) { rc = 1; goto err_exit; @@ -558,8 +548,7 @@ _virNWFilterInstantiateFilter(virConnect str_macaddr = NULL; - vars = virNWFilterCreateVarsFrom(conn, - vars1, + vars = virNWFilterCreateVarsFrom(vars1, net->filterparams); if (!vars) { rc = 1; @@ -630,7 +619,7 @@ int virNWFilterRollbackUpdateFilter(virC virNWFilterTechDriverPtr techdriver; techdriver = virNWFilterTechDriverForName(drvname); if (!techdriver) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not get access to ACL tech " "driver '%s'"), drvname); @@ -649,7 +638,7 @@ virNWFilterTearOldFilter(virConnectPtr c virNWFilterTechDriverPtr techdriver; techdriver = virNWFilterTechDriverForName(drvname); if (!techdriver) { - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not get access to ACL tech " "driver '%s'"), drvname); @@ -668,12 +657,10 @@ virNWFilterTeardownFilter(const virDomai techdriver = virNWFilterTechDriverForName(drvname); if (!techdriver) { -#if 0 - virNWFilterReportError(conn, VIR_ERR_INTERNAL_ERROR, + virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, _("Could not get access to ACL tech " "driver '%s'"), drvname); -#endif return 1; } Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.h +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h @@ -25,8 +25,7 @@ virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name); -int virNWFilterRuleInstAddData(virConnectPtr conn, - virNWFilterRuleInstPtr res, +int virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res, void *data); @@ -48,8 +47,7 @@ int virNWFilterTearOldFilter(virConnectP int virNWFilterTeardownFilter(const virDomainNetDefPtr net); -virNWFilterHashTablePtr virNWFilterCreateVarHashmap(virConnectPtr conn, - char *macaddr); +virNWFilterHashTablePtr virNWFilterCreateVarHashmap(char *macaddr); void virNWFilterDomainFWUpdateCB(void *payload, const char *name ATTRIBUTE_UNUSED,

2 1

[libvirt] [PATCH] Eliminate compiler warning about non-const format string
by Laine Stump 04 Apr '10

04 Apr '10

--- src/nwfilter/nwfilter_ebiptables_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 6d66543..cffe027 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -204,7 +204,7 @@ _printDataType(virConnectPtr conn, case DATATYPE_IPMASK: if (snprintf(buf, bufsize, "%d", item->u.u8) >= bufsize) { - virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, + virNWFilterReportError(conn, VIR_ERR_INVALID_NWFILTER, "%s", _("Buffer too small for uint8 type")); return 1; } -- 1.6.6.1

2 2