2:42 a.m.
Add BSD-specific platform flavor of the bridge driver which will be used
as a base for Packet Filter (pf) based NAT networking implementation.
Signed-off-by: Roman Bogorodskiy <bogorodskiy(a)gmail.com>
---
po/POTFILES | 1 +
src/network/bridge_driver_bsd.c | 101 +++++++++++++++++++++++++++
src/network/bridge_driver_platform.c | 2 +
3 files changed, 104 insertions(+)
create mode 100644 src/network/bridge_driver_bsd.c
diff --git a/po/POTFILES b/po/POTFILES
index 9747c38951..90664fe6e7 100644
--- a/po/POTFILES
+++ b/po/POTFILES
@@ -145,6 +145,7 @@ src/lxc/lxc_hostdev.c
src/lxc/lxc_native.c
src/lxc/lxc_process.c
src/network/bridge_driver.c
+src/network/bridge_driver_bsd.c
src/network/bridge_driver_conf.c
src/network/bridge_driver_linux.c
src/network/bridge_driver_nop.c
diff --git a/src/network/bridge_driver_bsd.c b/src/network/bridge_driver_bsd.c
new file mode 100644
index 0000000000..93312fe6db
--- /dev/null
+++ b/src/network/bridge_driver_bsd.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright (C) 2025 FreeBSD Foundation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library. If not, see
+ * <http://www.gnu.org/licenses/>;.
+ */
+
+#include <config.h>
+
+#include "virlog.h"
+
+#define VIR_FROM_THIS VIR_FROM_NONE
+
+VIR_LOG_INIT("network.bridge_driver_bsd");
+
+static virErrorPtr errInitV4;
+static virErrorPtr errInitV6;
+
+void networkPreReloadFirewallRules(virNetworkDriverState *driver G_GNUC_UNUSED,
+ bool startup G_GNUC_UNUSED,
+ bool force G_GNUC_UNUSED)
+{
+}
+
+
+void networkPostReloadFirewallRules(bool startup G_GNUC_UNUSED)
+{
+}
+
+
+int networkCheckRouteCollision(virNetworkDef *def G_GNUC_UNUSED)
+{
+ return 0;
+}
+
+int networkAddFirewallRules(virNetworkDef *def G_GNUC_UNUSED,
+ virFirewallBackend firewallBackend,
+ virFirewall **fwRemoval G_GNUC_UNUSED)
+{
+ if (def->forward.type == VIR_NETWORK_FORWARD_OPEN) {
+ VIR_DEBUG("No firewall rules to add for mode='open' network
'%s'", def->name);
+ } else {
+ VIR_DEBUG("Adding firewall rules for mode='%s' network '%s'
using %s",
+ virNetworkForwardTypeToString(def->forward.type),
+ def->name,
+ virFirewallBackendTypeToString(firewallBackend));
+
+ if (errInitV4 &&
+ (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
+ virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
+ virSetError(errInitV4);
+ return -1;
+ }
+
+ if (errInitV6 &&
+ (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
+ virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
+ def->ipv6nogw)) {
+ virSetError(errInitV6);
+ return -1;
+ }
+
+ /* now actually add the rules */
+ switch (firewallBackend) {
+ case VIR_FIREWALL_BACKEND_NONE:
+ virReportError(VIR_ERR_NO_SUPPORT, "%s",
+ _("No firewall backend is available"));
+ return -1;
+
+ case VIR_FIREWALL_BACKEND_IPTABLES:
+ case VIR_FIREWALL_BACKEND_NFTABLES:
+ case VIR_FIREWALL_BACKEND_LAST:
+ virReportEnumRangeError(virFirewallBackend, firewallBackend);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+void
+networkRemoveFirewallRules(virNetworkObj *obj,
+ bool unsetZone G_GNUC_UNUSED)
+{
+ virNetworkDef *def = virNetworkObjGetDef(obj);
+ if (def->forward.type == VIR_NETWORK_FORWARD_OPEN) {
+ VIR_DEBUG("No firewall rules to remove for mode='open' network
'%s'",
+ def->name);
+ return;
+ }
+}
diff --git a/src/network/bridge_driver_platform.c b/src/network/bridge_driver_platform.c
index 9ddcb71063..42fbcdbc0b 100644
--- a/src/network/bridge_driver_platform.c
+++ b/src/network/bridge_driver_platform.c
@@ -25,6 +25,8 @@
#if defined(__linux__)
# include "bridge_driver_linux.c"
+#elif defined(__FreeBSD__)
+# include "bridge_driver_bsd.c"
#else
# include "bridge_driver_nop.c"
#endif
--
2.49.0