[Libvir] [patch 4/5] iptables: maintain rules in memory even when not writing to disk
Re-factor things a little for the next patch so that we maintain
the rules in memory even when we're not going to write them to
disk.
Signed-off-by: Mark McLoughlin <markmc(a)redhat.com>
Index: libvirt/qemud/iptables.c
===================================================================
--- libvirt.orig/qemud/iptables.c
+++ libvirt/qemud/iptables.c
@@ -51,14 +51,14 @@ typedef struct
char *table;
char *chain;
+ int nrules;
+ char **rules;
+
#ifdef IPTABLES_DIR
char dir[PATH_MAX];
char path[PATH_MAX];
- int nrules;
- char **rules;
-
#endif /* IPTABLES_DIR */
} iptRules;
@@ -171,13 +171,13 @@ buildPath(const char *table,
else
return 0;
}
+#endif /* IPTABLES_DIR */
static int
iptRulesAppend(iptRules *rules,
const char *rule)
{
char **r;
- int err;
if (!(r = (char **)realloc(rules->rules, sizeof(char *) * (rules->nrules+1))))
return ENOMEM;
@@ -189,24 +189,29 @@ iptRulesAppend(iptRules *rules,
rules->nrules++;
- if ((err = ensureDir(rules->dir)))
- return err;
+#ifdef IPTABLES_DIR
+ {
+ int err;
- if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
- return err;
+ if ((err = ensureDir(rules->dir)))
+ return err;
+
+ if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
+ return err;
+ }
+#endif /* IPTABLES_DIR */
return 0;
}
static int
iptRulesRemove(iptRules *rules,
- const char *rule)
+ char *rule)
{
int i;
- int err;
for (i = 0; i < rules->nrules; i++)
- if (!strcmp(rules->rules[i], rule))
+ if (!strcmp(rules->rules[i], strdup(rule)))
break;
if (i >= rules->nrules)
@@ -220,16 +225,23 @@ iptRulesRemove(iptRules *rules,
rules->nrules--;
- if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
- return err;
+#ifdef IPTABLES_DIR
+ {
+ int err;
+
+ if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
+ return err;
+ }
+#endif /* IPTABLES_DIR */
return 0;
}
-#endif /* IPTABLES_DIR */
static void
iptRulesFree(iptRules *rules)
{
+ int i;
+
if (rules->table) {
free(rules->table);
rules->table = NULL;
@@ -240,25 +252,22 @@ iptRulesFree(iptRules *rules)
rules->chain = NULL;
}
-#ifdef IPTABLES_DIR
- {
- int i;
- rules->dir[0] = '\0';
- rules->path[0] = '\0';
-
- for (i = 0; i < rules->nrules; i++) {
- free(rules->rules[i]);
- rules->rules[i] = NULL;
- }
+ for (i = 0; i < rules->nrules; i++) {
+ free(rules->rules[i]);
+ rules->rules[i] = NULL;
+ }
- rules->nrules = 0;
+ rules->nrules = 0;
- if (rules->rules) {
- free(rules->rules);
- rules->rules = NULL;
- }
+ if (rules->rules) {
+ free(rules->rules);
+ rules->rules = NULL;
}
+
+#ifdef IPTABLES_DIR
+ rules->dir[0] = '\0';
+ rules->path[0] = '\0';
#endif /* IPTABLES_DIR */
free(rules);
@@ -279,15 +288,15 @@ iptRulesNew(const char *table,
if (!(rules->chain = strdup(chain)))
goto error;
+ rules->rules = NULL;
+ rules->nrules = 0;
+
#ifdef IPTABLES_DIR
if (buildDir(table, rules->dir, sizeof(rules->dir)))
goto error;
if (buildPath(table, chain, rules->path, sizeof(rules->path)))
goto error;
-
- rules->rules = NULL;
- rules->nrules = 0;
#endif /* IPTABLES_DIR */
return rules;
@@ -464,12 +473,10 @@ iptablesAddRemoveRule(iptRules *rules, i
(retval = iptablesAddRemoveChain(rules, action)))
goto error;
-#ifdef IPTABLES_DIR
if (action == ADD)
retval = iptRulesAppend(rules, rule);
else
retval = iptRulesRemove(rules, rule);
-#endif /* IPTABLES_DIR */
error:
if (rule)
--