Re: [libvirt] [PATCH 11/26] Introduce an object for managing firewall rulesets

On 8.4.2014 17:38, Daniel P. Berrange wrote: > The network and nwfilter drivers both have a need to update > firewall rules. The currently share no code for interacting > with iptables / firewalld. The nwfilter driver is fairly > tied to the concept of creating shell scripts to execute > which makes it very hard to port to talk to firewalld via > DBus APIs. > > This patch introduces a virFirewallPtr object which is able > to represent a complete sequence of rule changes, with the > ability to have multiple transactional checkpoints with > rollbacks. By formally separating the definition of the rules > to be applied from the mechanism used to apply them, it is > also possible to write a firewall engine that uses firewalld > DBus APIs natively instead of via the slow firewalld-cmd. > > Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt;

> +void virFirewallStartRollback(virFirewallPtr firewall, > + unsigned int flags) > +{ > + virFirewallGroupPtr group; > + > + VIR_FIREWALL_RETURN_IF_ERROR(firewall); > + > + if (firewall->ngroups == 0) { > + firewall->err = ENODATA; > + return; > + } > + > + group = firewall->groups[firewall->ngroups-1]; > + group->rollbackFlags = flags; > + group->addingRollback = true; > +} Hi Dan, The ENODATA error is not defined in freebsd and I'm wondering whether it should be compiled there? If yes, than we have to add: #ifndef ENODATA # define ENODATA ENOMSG #endif into that file.