On 5/3/23 11:56 AM, Daniel P. Berrangé wrote:
On Sun, Apr 30, 2023 at 11:19:20PM -0400, Laine Stump wrote:
These function are all moved into virnetfilter.[ch]. The only functions from viriptables.[ch] that are still called from the consumer (network bridge driver) are iptablesSetupPrivateChains() (which creates the private chains that all iptables rules will be added to), and iptablesAddOutputFixUdpChecksum() and iptablesRemoveOutputFixUdpChecksum() (which add/remove rules to fix improper checksum of DHCP packets, which is something not supported by nftables)
Signed-off-by: Laine Stump <laine@redhat.com> --- src/libvirt_private.syms | 51 +-- src/network/bridge_driver_linux.c | 1 + src/util/meson.build | 1 + src/util/viriptables.c | 522 +-------------------------- src/util/viriptables.h | 212 +++++------ src/util/virnetfilter.c | 570 ++++++++++++++++++++++++++++++ src/util/virnetfilter.h | 151 ++++++++ 7 files changed, 849 insertions(+), 659 deletions(-) create mode 100644 src/util/virnetfilter.c create mode 100644 src/util/virnetfilter.h
If we move 'viriptables.{ch}' to 'src/network/bridge_iptables.{ch} as first step in this series, then we would naturally also have 'src/network/bridge_netfilter.{ch}' for this patch.
Yes! Why didn't I think of that? (rhetorical, rhetorical!) viriptables.[ch] has always been used only by the network driver, and in the future it will only be used by the network driver.