[libvirt PATCH 04/28] util: rename iptables helpers that will become the frontend for ip&nftables

These toplevel functions have no iptables-specific code, except that they each call a lower-level internal function that *is* iptables specific. As a preparation to supporting use of either iptables or nftables, rename these functions from iptablesXXX to virNetfilterXXX. Signed-off-by: Laine Stump <laine(a)redhat.com&gt; --- src/libvirt_private.syms | 48 +++--- src/network/bridge_driver_linux.c | 124 +++++++------- src/util/viriptables.c | 260 +++++++++++++++--------------- src/util/viriptables.h | 96 +++++------ 4 files changed, 264 insertions(+), 264 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 73cccf38a1..9f3868bbac 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2547,33 +2547,33 @@ virInitctlSetRunLevel; # util/viriptables.h -iptablesAddDontMasquerade; -iptablesAddForwardAllowCross; -iptablesAddForwardAllowIn; -iptablesAddForwardAllowOut; -iptablesAddForwardAllowRelatedIn; -iptablesAddForwardMasquerade; -iptablesAddForwardRejectIn; -iptablesAddForwardRejectOut; iptablesAddOutputFixUdpChecksum; -iptablesAddTcpInput; -iptablesAddTcpOutput; -iptablesAddUdpInput; -iptablesAddUdpOutput; -iptablesRemoveDontMasquerade; -iptablesRemoveForwardAllowCross; -iptablesRemoveForwardAllowIn; -iptablesRemoveForwardAllowOut; -iptablesRemoveForwardAllowRelatedIn; -iptablesRemoveForwardMasquerade; -iptablesRemoveForwardRejectIn; -iptablesRemoveForwardRejectOut; iptablesRemoveOutputFixUdpChecksum; -iptablesRemoveTcpInput; -iptablesRemoveTcpOutput; -iptablesRemoveUdpInput; -iptablesRemoveUdpOutput; iptablesSetupPrivateChains; +virNetfilterAddDontMasquerade; +virNetfilterAddForwardAllowCross; +virNetfilterAddForwardAllowIn; +virNetfilterAddForwardAllowOut; +virNetfilterAddForwardAllowRelatedIn; +virNetfilterAddForwardMasquerade; +virNetfilterAddForwardRejectIn; +virNetfilterAddForwardRejectOut; +virNetfilterAddTcpInput; +virNetfilterAddTcpOutput; +virNetfilterAddUdpInput; +virNetfilterAddUdpOutput; +virNetfilterRemoveDontMasquerade; +virNetfilterRemoveForwardAllowCross; +virNetfilterRemoveForwardAllowIn; +virNetfilterRemoveForwardAllowOut; +virNetfilterRemoveForwardAllowRelatedIn; +virNetfilterRemoveForwardMasquerade; +virNetfilterRemoveForwardRejectIn; +virNetfilterRemoveForwardRejectOut; +virNetfilterRemoveTcpInput; +virNetfilterRemoveTcpOutput; +virNetfilterRemoveUdpInput; +virNetfilterRemoveUdpOutput; # util/viriscsi.h diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c index 1ef5b9d917..da7d78a40a 100644 --- a/src/network/bridge_driver_linux.c +++ b/src/network/bridge_driver_linux.c @@ -322,7 +322,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, } /* allow forwarding packets from the bridge interface */ - if (iptablesAddForwardAllowOut(fw, + if (virNetfilterAddForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -332,7 +332,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, /* allow forwarding packets to the bridge interface if they are * part of an existing connection */ - if (iptablesAddForwardAllowRelatedIn(fw, + if (virNetfilterAddForwardAllowRelatedIn(fw, &ipdef->address, prefix, def->bridge, @@ -372,7 +372,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, */ /* First the generic masquerade rule for other protocols */ - if (iptablesAddForwardMasquerade(fw, + if (virNetfilterAddForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -382,7 +382,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, return -1; /* UDP with a source port restriction */ - if (iptablesAddForwardMasquerade(fw, + if (virNetfilterAddForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -392,7 +392,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, return -1; /* TCP with a source port restriction */ - if (iptablesAddForwardMasquerade(fw, + if (virNetfilterAddForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -403,7 +403,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, /* exempt local network broadcast address as destination */ if (isIPv4 && - iptablesAddDontMasquerade(fw, + virNetfilterAddDontMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -411,7 +411,7 @@ networkAddMasqueradingFirewallRules(virFirewall *fw, return -1; /* exempt local multicast range as destination */ - if (iptablesAddDontMasquerade(fw, + if (virNetfilterAddDontMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -434,7 +434,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, if (prefix < 0) return 0; - if (iptablesRemoveDontMasquerade(fw, + if (virNetfilterRemoveDontMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -443,14 +443,14 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, return -1; if (isIPv4 && - iptablesRemoveDontMasquerade(fw, + virNetfilterRemoveDontMasquerade(fw, &ipdef->address, prefix, forwardIf, networkLocalBroadcast) < 0) return -1; - if (iptablesRemoveForwardMasquerade(fw, + if (virNetfilterRemoveForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -459,7 +459,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, "tcp") < 0) return -1; - if (iptablesRemoveForwardMasquerade(fw, + if (virNetfilterRemoveForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -468,7 +468,7 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, "udp") < 0) return -1; - if (iptablesRemoveForwardMasquerade(fw, + if (virNetfilterRemoveForwardMasquerade(fw, &ipdef->address, prefix, forwardIf, @@ -477,14 +477,14 @@ networkRemoveMasqueradingFirewallRules(virFirewall *fw, NULL) < 0) return -1; - if (iptablesRemoveForwardAllowRelatedIn(fw, + if (virNetfilterRemoveForwardAllowRelatedIn(fw, &ipdef->address, prefix, def->bridge, forwardIf) < 0) return -1; - if (iptablesRemoveForwardAllowOut(fw, + if (virNetfilterRemoveForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -511,7 +511,7 @@ networkAddRoutingFirewallRules(virFirewall *fw, } /* allow routing packets from the bridge interface */ - if (iptablesAddForwardAllowOut(fw, + if (virNetfilterAddForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -519,7 +519,7 @@ networkAddRoutingFirewallRules(virFirewall *fw, return -1; /* allow routing packets to the bridge interface */ - if (iptablesAddForwardAllowIn(fw, + if (virNetfilterAddForwardAllowIn(fw, &ipdef->address, prefix, def->bridge, @@ -541,14 +541,14 @@ networkRemoveRoutingFirewallRules(virFirewall *fw, if (prefix < 0) return 0; - if (iptablesRemoveForwardAllowIn(fw, + if (virNetfilterRemoveForwardAllowIn(fw, &ipdef->address, prefix, def->bridge, forwardIf) < 0) return -1; - if (iptablesRemoveForwardAllowOut(fw, + if (virNetfilterRemoveForwardAllowOut(fw, &ipdef->address, prefix, def->bridge, @@ -576,29 +576,29 @@ networkAddGeneralIPv4FirewallRules(virFirewall *fw, } /* allow DHCP requests through to dnsmasq & back out */ - iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); - iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); + virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); + virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); /* allow DNS requests through to dnsmasq & back out */ - iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); /* allow TFTP requests through to dnsmasq if necessary & back out */ if (ipv4def && ipv4def->tftproot) { - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); } /* Catch all rules to block forwarding to/from bridges */ - iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); - iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); /* Allow traffic between guests on the same bridge */ - iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); } static void @@ -615,24 +615,24 @@ networkRemoveGeneralIPv4FirewallRules(virFirewall *fw, break; } - iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); - iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); - iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); + virNetfilterRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge); if (ipv4def && ipv4def->tftproot) { - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 69); } - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); + virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 53); - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); - iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); - iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); + virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 68); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); + virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV4, def->bridge, 67); } @@ -651,21 +651,21 @@ networkAddGeneralIPv6FirewallRules(virFirewall *fw, } /* Catch all rules to block forwarding to/from bridges */ - iptablesAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); - iptablesAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterAddForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterAddForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); /* Allow traffic between guests on the same bridge */ - iptablesAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterAddForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); if (virNetworkDefGetIPByIndex(def, AF_INET6, 0)) { /* allow DNS over IPv6 & back out */ - iptablesAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterAddTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterAddTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); /* allow DHCPv6 & back out */ - iptablesAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547); - iptablesAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546); + virNetfilterAddUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547); + virNetfilterAddUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546); } } @@ -679,20 +679,20 @@ networkRemoveGeneralIPv6FirewallRules(virFirewall *fw, } if (virNetworkDefGetIPByIndex(def, AF_INET6, 0)) { - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546); - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547); - iptablesRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); - iptablesRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 546); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 547); + virNetfilterRemoveUdpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterRemoveTcpOutput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterRemoveUdpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); + virNetfilterRemoveTcpInput(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge, 53); } /* the following rules are there if no IPv6 address has been defined * but def->ipv6nogw == true */ - iptablesRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); - iptablesRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); - iptablesRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterRemoveForwardAllowCross(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterRemoveForwardRejectIn(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); + virNetfilterRemoveForwardRejectOut(fw, VIR_FIREWALL_LAYER_IPV6, def->bridge); } diff --git a/src/util/viriptables.c b/src/util/viriptables.c index 018021bc1b..8db5bb3e4b 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -198,7 +198,7 @@ iptablesOutput(virFirewall *fw, } /** - * iptablesAddTcpInput: + * virNetfilterAddTcpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the TCP port to add @@ -207,16 +207,16 @@ iptablesOutput(virFirewall *fw, * the given @iface interface for TCP packets */ void -iptablesAddTcpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddTcpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); } /** - * iptablesRemoveTcpInput: + * virNetfilterRemoveTcpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the TCP port to remove @@ -225,16 +225,16 @@ iptablesAddTcpInput(virFirewall *fw, * @port on the given @iface interface for TCP packets */ void -iptablesRemoveTcpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveTcpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); } /** - * iptablesAddUdpInput: + * virNetfilterAddUdpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to add @@ -243,16 +243,16 @@ iptablesRemoveTcpInput(virFirewall *fw, * the given @iface interface for UDP packets */ void -iptablesAddUdpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddUdpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); } /** - * iptablesRemoveUdpInput: + * virNetfilterRemoveUdpInput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to remove @@ -261,16 +261,16 @@ iptablesAddUdpInput(virFirewall *fw, * @port on the given @iface interface for UDP packets */ void -iptablesRemoveUdpInput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveUdpInput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesInput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); } /** - * iptablesAddTcpOutput: + * virNetfilterAddTcpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the TCP port to add @@ -279,16 +279,16 @@ iptablesRemoveUdpInput(virFirewall *fw, * the given @iface interface for TCP packets */ void -iptablesAddTcpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddTcpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 1); } /** - * iptablesRemoveTcpOutput: + * virNetfilterRemoveTcpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to remove @@ -297,16 +297,16 @@ iptablesAddTcpOutput(virFirewall *fw, * @port from the given @iface interface for TCP packets */ void -iptablesRemoveTcpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveTcpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 1); } /** - * iptablesAddUdpOutput: + * virNetfilterAddUdpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to add @@ -315,16 +315,16 @@ iptablesRemoveTcpOutput(virFirewall *fw, * the given @iface interface for UDP packets */ void -iptablesAddUdpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterAddUdpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_INSERT, 0); } /** - * iptablesRemoveUdpOutput: + * virNetfilterRemoveUdpOutput: * @ctx: pointer to the IP table context * @iface: the interface name * @port: the UDP port to remove @@ -333,10 +333,10 @@ iptablesAddUdpOutput(virFirewall *fw, * @port from the given @iface interface for UDP packets */ void -iptablesRemoveUdpOutput(virFirewall *fw, - virFirewallLayer layer, - const char *iface, - int port) +virNetfilterRemoveUdpOutput(virFirewall *fw, + virFirewallLayer layer, + const char *iface, + int port) { iptablesOutput(fw, layer, iface, port, VIR_NETFILTER_DELETE, 0); } @@ -384,7 +384,7 @@ iptablesForwardAllowOut(virFirewall *fw, } /** - * iptablesAddForwardAllowOut: + * virNetfilterAddForwardAllowOut: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the source interface name @@ -397,18 +397,18 @@ iptablesForwardAllowOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardAllowOut(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterAddForwardAllowOut(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_INSERT); } /** - * iptablesRemoveForwardAllowOut: + * virNetfilterRemoveForwardAllowOut: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the source interface name @@ -421,11 +421,11 @@ iptablesAddForwardAllowOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardAllowOut(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterRemoveForwardAllowOut(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowOut(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_DELETE); @@ -478,7 +478,7 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, } /** - * iptablesAddForwardAllowRelatedIn: + * virNetfilterAddForwardAllowRelatedIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -491,18 +491,18 @@ iptablesForwardAllowRelatedIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterAddForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_INSERT); } /** - * iptablesRemoveForwardAllowRelatedIn: + * virNetfilterRemoveForwardAllowRelatedIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -515,11 +515,11 @@ iptablesAddForwardAllowRelatedIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterRemoveForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowRelatedIn(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_DELETE); @@ -565,7 +565,7 @@ iptablesForwardAllowIn(virFirewall *fw, } /** - * iptablesAddForwardAllowIn: + * virNetfilterAddForwardAllowIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -578,18 +578,18 @@ iptablesForwardAllowIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardAllowIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterAddForwardAllowIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_INSERT); } /** - * iptablesRemoveForwardAllowIn: + * virNetfilterRemoveForwardAllowIn: * @ctx: pointer to the IP table context * @network: the source network name * @iface: the output interface name @@ -602,11 +602,11 @@ iptablesAddForwardAllowIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardAllowIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +virNetfilterRemoveForwardAllowIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) { return iptablesForwardAllowIn(fw, netaddr, prefix, iface, physdev, VIR_NETFILTER_DELETE); @@ -629,7 +629,7 @@ iptablesForwardAllowCross(virFirewall *fw, } /** - * iptablesAddForwardAllowCross: + * virNetfilterAddForwardAllowCross: * @ctx: pointer to the IP table context * @iface: the input/output interface name * @@ -640,15 +640,15 @@ iptablesForwardAllowCross(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesAddForwardAllowCross(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterAddForwardAllowCross(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_INSERT); } /** - * iptablesRemoveForwardAllowCross: + * virNetfilterRemoveForwardAllowCross: * @ctx: pointer to the IP table context * @iface: the input/output interface name * @@ -659,9 +659,9 @@ iptablesAddForwardAllowCross(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesRemoveForwardAllowCross(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterRemoveForwardAllowCross(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardAllowCross(fw, layer, iface, VIR_NETFILTER_DELETE); } @@ -682,7 +682,7 @@ iptablesForwardRejectOut(virFirewall *fw, } /** - * iptablesAddForwardRejectOut: + * virNetfilterAddForwardRejectOut: * @ctx: pointer to the IP table context * @iface: the output interface name * @@ -692,15 +692,15 @@ iptablesForwardRejectOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesAddForwardRejectOut(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterAddForwardRejectOut(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_INSERT); } /** - * iptablesRemoveForwardRejectOut: + * virNetfilterRemoveForwardRejectOut: * @ctx: pointer to the IP table context * @iface: the output interface name * @@ -710,9 +710,9 @@ iptablesAddForwardRejectOut(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesRemoveForwardRejectOut(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterRemoveForwardRejectOut(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectOut(fw, layer, iface, VIR_NETFILTER_DELETE); } @@ -734,7 +734,7 @@ iptablesForwardRejectIn(virFirewall *fw, } /** - * iptablesAddForwardRejectIn: + * virNetfilterAddForwardRejectIn: * @ctx: pointer to the IP table context * @iface: the input interface name * @@ -744,15 +744,15 @@ iptablesForwardRejectIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesAddForwardRejectIn(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterAddForwardRejectIn(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_INSERT); } /** - * iptablesRemoveForwardRejectIn: + * virNetfilterRemoveForwardRejectIn: * @ctx: pointer to the IP table context * @iface: the input interface name * @@ -762,9 +762,9 @@ iptablesAddForwardRejectIn(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ void -iptablesRemoveForwardRejectIn(virFirewall *fw, - virFirewallLayer layer, - const char *iface) +virNetfilterRemoveForwardRejectIn(virFirewall *fw, + virFirewallLayer layer, + const char *iface) { iptablesForwardRejectIn(fw, layer, iface, VIR_NETFILTER_DELETE); } @@ -869,7 +869,7 @@ iptablesForwardMasquerade(virFirewall *fw, } /** - * iptablesAddForwardMasquerade: + * virNetfilterAddForwardMasquerade: * @ctx: pointer to the IP table context * @network: the source network name * @physdev: the physical input device or NULL @@ -882,13 +882,13 @@ iptablesForwardMasquerade(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesAddForwardMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) +virNetfilterAddForwardMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + virSocketAddrRange *addr, + virPortRange *port, + const char *protocol) { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, @@ -896,7 +896,7 @@ iptablesAddForwardMasquerade(virFirewall *fw, } /** - * iptablesRemoveForwardMasquerade: + * virNetfilterRemoveForwardMasquerade: * @ctx: pointer to the IP table context * @network: the source network name * @physdev: the physical input device or NULL @@ -909,13 +909,13 @@ iptablesAddForwardMasquerade(virFirewall *fw, * Returns 0 in case of success or an error code otherwise */ int -iptablesRemoveForwardMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) +virNetfilterRemoveForwardMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + virSocketAddrRange *addr, + virPortRange *port, + const char *protocol) { return iptablesForwardMasquerade(fw, netaddr, prefix, physdev, addr, port, protocol, @@ -965,7 +965,7 @@ iptablesForwardDontMasquerade(virFirewall *fw, } /** - * iptablesAddDontMasquerade: + * virNetfilterAddDontMasquerade: * @netaddr: the source network name * @prefix: prefix (# of 1 bits) of netmask to apply to @netaddr * @physdev: the physical output device or NULL @@ -973,24 +973,24 @@ iptablesForwardDontMasquerade(virFirewall *fw, * * Add rules to the IP table context to avoid masquerading from * @netaddr/@prefix to @destaddr on @physdev. @destaddr must be in a format - * directly consumable by iptables, it must not depend on user input or + * directly consumable by iptables/nftables, it must not depend on user input or * configuration. * * Returns 0 in case of success or an error code otherwise. */ int -iptablesAddDontMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) +virNetfilterAddDontMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + const char *destaddr) { return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, VIR_NETFILTER_INSERT); } /** - * iptablesRemoveDontMasquerade: + * virNetfilterRemoveDontMasquerade: * @netaddr: the source network name * @prefix: prefix (# of 1 bits) of netmask to apply to @netaddr * @physdev: the physical output device or NULL @@ -998,17 +998,17 @@ iptablesAddDontMasquerade(virFirewall *fw, * * Remove rules from the IP table context that prevent masquerading from * @netaddr/@prefix to @destaddr on @physdev. @destaddr must be in a format - * directly consumable by iptables, it must not depend on user input or + * directly consumable by iptables/nftables, it must not depend on user input or * configuration. * * Returns 0 in case of success or an error code otherwise. */ int -iptablesRemoveDontMasquerade(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - const char *destaddr) +virNetfilterRemoveDontMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + const char *destaddr) { return iptablesForwardDontMasquerade(fw, netaddr, prefix, physdev, destaddr, diff --git a/src/util/viriptables.h b/src/util/viriptables.h index bb13f3292d..610c4dccde 100644 --- a/src/util/viriptables.h +++ b/src/util/viriptables.h @@ -25,101 +25,101 @@ int iptablesSetupPrivateChains (virFirewallLayer layer); -void iptablesAddTcpInput (virFirewall *fw, +void virNetfilterAddTcpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveTcpInput (virFirewall *fw, +void virNetfilterRemoveTcpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesAddUdpInput (virFirewall *fw, +void virNetfilterAddUdpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveUdpInput (virFirewall *fw, +void virNetfilterRemoveUdpInput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesAddTcpOutput (virFirewall *fw, +void virNetfilterAddTcpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveTcpOutput (virFirewall *fw, +void virNetfilterRemoveTcpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesAddUdpOutput (virFirewall *fw, +void virNetfilterAddUdpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -void iptablesRemoveUdpOutput (virFirewall *fw, +void virNetfilterRemoveUdpOutput (virFirewall *fw, virFirewallLayer layer, const char *iface, int port); -int iptablesAddForwardAllowOut (virFirewall *fw, +int virNetfilterAddForwardAllowOut (virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *iface, const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowOut (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +int virNetfilterRemoveForwardAllowOut(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +int virNetfilterAddForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowRelatedIn(virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *iface, - const char *physdev) +int virNetfilterRemoveForwardAllowRelatedIn(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *iface, + const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddForwardAllowIn (virFirewall *fw, +int virNetfilterAddForwardAllowIn (virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *iface, const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardAllowIn (virFirewall *fw, +int virNetfilterRemoveForwardAllowIn(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *iface, const char *physdev) G_GNUC_WARN_UNUSED_RESULT; -void iptablesAddForwardAllowCross (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardAllowCross (virFirewall *fw, +void virNetfilterAddForwardAllowCross(virFirewall *fw, virFirewallLayer layer, const char *iface); +void virNetfilterRemoveForwardAllowCross(virFirewall *fw, + virFirewallLayer layer, + const char *iface); -void iptablesAddForwardRejectOut (virFirewall *fw, - virFirewallLayer layer, - const char *iface); -void iptablesRemoveForwardRejectOut (virFirewall *fw, +void virNetfilterAddForwardRejectOut (virFirewall *fw, virFirewallLayer layer, const char *iface); +void virNetfilterRemoveForwardRejectOut(virFirewall *fw, + virFirewallLayer layer, + const char *iface); -void iptablesAddForwardRejectIn (virFirewall *fw, +void virNetfilterAddForwardRejectIn (virFirewall *fw, virFirewallLayer layer, const char *iface); -void iptablesRemoveForwardRejectIn (virFirewall *fw, - virFirewallLayer layery, - const char *iface); +void virNetfilterRemoveForwardRejectIn(virFirewall *fw, + virFirewallLayer layery, + const char *iface); -int iptablesAddForwardMasquerade (virFirewall *fw, +int virNetfilterAddForwardMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, @@ -127,21 +127,21 @@ int iptablesAddForwardMasquerade (virFirewall *fw, virPortRange *port, const char *protocol) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveForwardMasquerade (virFirewall *fw, - virSocketAddr *netaddr, - unsigned int prefix, - const char *physdev, - virSocketAddrRange *addr, - virPortRange *port, - const char *protocol) +int virNetfilterRemoveForwardMasquerade(virFirewall *fw, + virSocketAddr *netaddr, + unsigned int prefix, + const char *physdev, + virSocketAddrRange *addr, + virPortRange *port, + const char *protocol) G_GNUC_WARN_UNUSED_RESULT; -int iptablesAddDontMasquerade (virFirewall *fw, +int virNetfilterAddDontMasquerade (virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, const char *destaddr) G_GNUC_WARN_UNUSED_RESULT; -int iptablesRemoveDontMasquerade (virFirewall *fw, +int virNetfilterRemoveDontMasquerade(virFirewall *fw, virSocketAddr *netaddr, unsigned int prefix, const char *physdev, -- 2.39.2