Remove the virConnectPtr from the nwfilter's internal API calls as far as possible. --- src/conf/nwfilter_conf.h | 18 ++----- src/nwfilter/nwfilter_ebiptables_driver.c | 34 ++++---------- src/nwfilter/nwfilter_gentech_driver.c | 72 ++++++++++-------------------- src/nwfilter/nwfilter_gentech_driver.h | 9 +-- src/nwfilter/nwfilter_learnipaddr.c | 3 - 5 files changed, 45 insertions(+), 91 deletions(-) Index: libvirt-acl/src/conf/nwfilter_conf.h =================================================================== --- libvirt-acl.orig/src/conf/nwfilter_conf.h +++ libvirt-acl/src/conf/nwfilter_conf.h @@ -592,27 +592,22 @@ typedef void (*virNWFilterTechDrvShutdow enum virDomainNetType; -typedef int (*virNWFilterRuleCreateInstance)(virConnectPtr conn, - enum virDomainNetType nettype, +typedef int (*virNWFilterRuleCreateInstance)(enum virDomainNetType nettype, virNWFilterDefPtr filter, virNWFilterRuleDefPtr rule, const char *ifname, virNWFilterHashTablePtr vars, virNWFilterRuleInstPtr res); -typedef int (*virNWFilterRuleApplyNewRules)(virConnectPtr conn, - const char *ifname, +typedef int (*virNWFilterRuleApplyNewRules)(const char *ifname, int nruleInstances, void **_inst); -typedef int (*virNWFilterRuleTeardownNewRules)(virConnectPtr conn, - const char *ifname); +typedef int (*virNWFilterRuleTeardownNewRules)(const char *ifname); -typedef int (*virNWFilterRuleTeardownOldRules)(virConnectPtr conn, - const char *ifname); +typedef int (*virNWFilterRuleTeardownOldRules)(const char *ifname); -typedef int (*virNWFilterRuleRemoveRules)(virConnectPtr conn, - const char *ifname, +typedef int (*virNWFilterRuleRemoveRules)(const char *ifname, int nruleInstances, void **_inst); @@ -620,8 +615,7 @@ typedef int (*virNWFilterRuleAllTeardown typedef int (*virNWFilterRuleFreeInstanceData)(void * _inst); -typedef int (*virNWFilterRuleDisplayInstanceData)(virConnectPtr conn, - void *_inst); +typedef int (*virNWFilterRuleDisplayInstanceData)(void *_inst); typedef int (*virNWFilterCanApplyBasicRules)(void); Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -1188,8 +1188,7 @@ iptablesEnforceDirection(int directionIn * Convert a single rule into its representation for later instantiation * * Returns 0 in case of success with the result stored in the data structure - * pointed to by res, != 0 otherwise with the error message stored in the - * virConnect object. + * pointed to by res, != 0 otherwise. */ static int _iptablesCreateRuleInstance(int directionIn, @@ -1917,8 +1916,7 @@ iptablesCreateRuleInstance(virNWFilterDe * Convert a single rule into its representation for later instantiation * * Returns 0 in case of success with the result stored in the data structure - * pointed to by res, != 0 otherwise with the error message stored in the - * virConnect object. + * pointed to by res, != 0 otherwise. */ static int ebtablesCreateRuleInstance(char chainPrefix, @@ -2503,7 +2501,6 @@ err_exit: /* * ebiptablesCreateRuleInstance: - * @conn : Pointer to a virConnect object * @nwfilter : The filter * @rule: The rule of the filter to convert * @ifname : The name of the interface to apply the rule to @@ -2513,12 +2510,10 @@ err_exit: * Convert a single rule into its representation for later instantiation * * Returns 0 in case of success with the result stored in the data structure - * pointed to by res, != 0 otherwise with the error message stored in the - * virConnect object. + * pointed to by res, != 0 otherwise. */ static int -ebiptablesCreateRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED, - enum virDomainNetType nettype ATTRIBUTE_UNUSED, +ebiptablesCreateRuleInstance(enum virDomainNetType nettype ATTRIBUTE_UNUSED, virNWFilterDefPtr nwfilter, virNWFilterRuleDefPtr rule, const char *ifname, @@ -2610,7 +2605,6 @@ ebiptablesCreateRuleInstance(virConnectP static int ebiptablesCreateRuleInstanceIterate( - virConnectPtr conn ATTRIBUTE_UNUSED, enum virDomainNetType nettype ATTRIBUTE_UNUSED, virNWFilterDefPtr nwfilter, virNWFilterRuleDefPtr rule, @@ -2630,8 +2624,7 @@ ebiptablesCreateRuleInstanceIterate( return 1; do { - rc = ebiptablesCreateRuleInstance(conn, - nettype, + rc = ebiptablesCreateRuleInstance(nettype, nwfilter, rule, ifname, @@ -2656,8 +2649,7 @@ ebiptablesFreeRuleInstance(void *_inst) static int -ebiptablesDisplayRuleInstance(virConnectPtr conn ATTRIBUTE_UNUSED, - void *_inst) +ebiptablesDisplayRuleInstance(void *_inst) { ebiptablesRuleInstPtr inst = (ebiptablesRuleInstPtr)_inst; VIR_INFO("Command Template: '%s', Needed protocol: '%s'", @@ -3096,7 +3088,6 @@ ebiptablesCanApplyBasicRules(void) { /** * ebtablesApplyBasicRules * - * @conn: virConnect object * @ifname: name of the backend-interface to which to apply the rules * @macaddr: MAC address the VM is using in packets sent through the * interface @@ -3552,8 +3543,7 @@ ebtablesCreateTmpRootAndSubChains(virBuf } static int -ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *ifname, +ebiptablesApplyNewRules(const char *ifname, int nruleInstances, void **_inst) { @@ -3824,8 +3814,7 @@ exit_free_sets: static int -ebiptablesTearNewRules(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *ifname) +ebiptablesTearNewRules(const char *ifname) { int cli_status; virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -3862,8 +3851,7 @@ ebiptablesTearNewRules(virConnectPtr con static int -ebiptablesTearOldRules(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *ifname) +ebiptablesTearOldRules(const char *ifname) { int cli_status; virBuffer buf = VIR_BUFFER_INITIALIZER; @@ -3911,7 +3899,6 @@ ebiptablesTearOldRules(virConnectPtr con /** * ebiptablesRemoveRules: - * @conn : pointer to virConnect object * @ifname : the name of the interface to which the rules apply * @nRuleInstance : the number of given rules * @_inst : array of rule instantiation data @@ -3922,8 +3909,7 @@ ebiptablesTearOldRules(virConnectPtr con * commands failed. */ static int -ebiptablesRemoveRules(virConnectPtr conn ATTRIBUTE_UNUSED, - const char *ifname ATTRIBUTE_UNUSED, +ebiptablesRemoveRules(const char *ifname ATTRIBUTE_UNUSED, int nruleInstances, void **_inst) { Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.c @@ -98,8 +98,7 @@ virNWFilterTechDriverForName(const char * for bidirectional traffic and data needs to be added to the incoming * and outgoing chains. * - * Returns 0 in case of success, 1 in case of an error with the error - * message attached to the virConnect object. + * Returns 0 in case of success, 1 in case of an error. */ int virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res, @@ -190,8 +189,7 @@ virNWFilterVarHashmapAddStdValues(virNWF * Create a hashmap used for evaluating the firewall rules. Initializes * it with the standard variable 'MAC' and 'IP' if provided. * - * Returns pointer to hashmap, NULL if an error occcurred and error message - * is attached to the virConnect object. + * Returns pointer to hashmap, NULL if an error occcurred. */ virNWFilterHashTablePtr virNWFilterCreateVarHashmap(char *macaddr, @@ -274,7 +272,6 @@ virNWFilterPrintVars(virHashTablePtr var /** * virNWFilterRuleInstantiate: - * @conn: pointer to virConnect object * @techdriver: the driver to use for instantiation * @filter: The filter the rule is part of * @rule : The rule that is to be instantiated @@ -289,8 +286,7 @@ virNWFilterPrintVars(virHashTablePtr var * from the instantiation. Returns NULL on error with error reported. */ static virNWFilterRuleInstPtr -virNWFilterRuleInstantiate(virConnectPtr conn, - virNWFilterTechDriverPtr techdriver, +virNWFilterRuleInstantiate(virNWFilterTechDriverPtr techdriver, enum virDomainNetType nettype, virNWFilterDefPtr filter, virNWFilterRuleDefPtr rule, @@ -308,7 +304,7 @@ virNWFilterRuleInstantiate(virConnectPtr ret->techdriver = techdriver; - rc = techdriver->createRuleInstance(conn, nettype, filter, + rc = techdriver->createRuleInstance(nettype, filter, rule, ifname, vars, ret); if (rc) { @@ -359,7 +355,6 @@ err_exit: /** * _virNWFilterInstantiateRec: - * @conn: pointer to virConnect object * @techdriver: The driver to use for instantiation * @filter: The filter to instantiate * @ifname: The name of the interface to apply the rules to @@ -382,8 +377,7 @@ err_exit: * resolved -- among other reasons. */ static int -_virNWFilterInstantiateRec(virConnectPtr conn, - virNWFilterTechDriverPtr techdriver, +_virNWFilterInstantiateRec(virNWFilterTechDriverPtr techdriver, enum virDomainNetType nettype, virNWFilterDefPtr filter, const char *ifname, @@ -403,8 +397,7 @@ _virNWFilterInstantiateRec(virConnectPtr virNWFilterRuleDefPtr rule = filter->filterEntries[i]->rule; virNWFilterIncludeDefPtr inc = filter->filterEntries[i]->include; if (rule) { - inst = virNWFilterRuleInstantiate(conn, - techdriver, + inst = virNWFilterRuleInstantiate(techdriver, nettype, filter, rule, @@ -461,8 +454,7 @@ _virNWFilterInstantiateRec(virConnectPtr break; } - rc = _virNWFilterInstantiateRec(conn, - techdriver, + rc = _virNWFilterInstantiateRec(techdriver, nettype, next_filter, ifname, @@ -491,8 +483,7 @@ _virNWFilterInstantiateRec(virConnectPtr static int -virNWFilterDetermineMissingVarsRec(virConnectPtr conn, - virNWFilterDefPtr filter, +virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter, virNWFilterHashTablePtr vars, virNWFilterHashTablePtr missing_vars, int useNewFilter, @@ -559,8 +550,7 @@ virNWFilterDetermineMissingVarsRec(virCo break; } - rc = virNWFilterDetermineMissingVarsRec(conn, - next_filter, + rc = virNWFilterDetermineMissingVarsRec(next_filter, tmpvars, missing_vars, useNewFilter, @@ -617,7 +607,6 @@ virNWFilterRuleInstancesToArray(int nEnt /** * virNWFilterInstantiate: - * @conn: pointer to virConnect object * @techdriver: The driver to use for instantiation * @filter: The filter to instantiate * @ifname: The name of the interface to apply the rules to @@ -636,8 +625,7 @@ virNWFilterRuleInstancesToArray(int nEnt * Call this function while holding the NWFilter filter update lock */ static int -virNWFilterInstantiate(virConnectPtr conn, - virNWFilterTechDriverPtr techdriver, +virNWFilterInstantiate(virNWFilterTechDriverPtr techdriver, enum virDomainNetType nettype, virNWFilterDefPtr filter, const char *ifname, @@ -665,8 +653,7 @@ virNWFilterInstantiate(virConnectPtr con goto err_exit; } - rc = virNWFilterDetermineMissingVarsRec(conn, - filter, + rc = virNWFilterDetermineMissingVarsRec(filter, vars, missing_vars, useNewFilter, @@ -697,8 +684,7 @@ virNWFilterInstantiate(virConnectPtr con goto err_exit; } - rc = _virNWFilterInstantiateRec(conn, - techdriver, + rc = _virNWFilterInstantiateRec(techdriver, nettype, filter, ifname, @@ -729,10 +715,10 @@ virNWFilterInstantiate(virConnectPtr con if (virNWFilterLockIface(ifname)) goto err_exit; - rc = techdriver->applyNewRules(conn, ifname, nptrs, ptrs); + rc = techdriver->applyNewRules(ifname, nptrs, ptrs); if (teardownOld && rc == 0) - techdriver->tearOldRules(conn, ifname); + techdriver->tearOldRules(ifname); if (rc == 0 && (virNetDevValidateConfig(ifname, NULL, ifindex) <= 0)) { virResetLastError(); @@ -775,8 +761,7 @@ err_unresolvable_vars: * Call this function while holding the NWFilter filter update lock */ static int -__virNWFilterInstantiateFilter(virConnectPtr conn, - bool teardownOld, +__virNWFilterInstantiateFilter(bool teardownOld, const char *ifname, int ifindex, const char *linkdev, @@ -868,8 +853,7 @@ __virNWFilterInstantiateFilter(virConnec break; } - rc = virNWFilterInstantiate(conn, - techdriver, + rc = virNWFilterInstantiate(techdriver, nettype, filter, ifname, @@ -924,8 +908,7 @@ _virNWFilterInstantiateFilter(virConnect goto cleanup; } - rc = __virNWFilterInstantiateFilter(conn, - teardownOld, + rc = __virNWFilterInstantiateFilter(teardownOld, net->ifname, ifindex, linkdev, @@ -946,8 +929,7 @@ cleanup: int -virNWFilterInstantiateFilterLate(virConnectPtr conn, - const char *ifname, +virNWFilterInstantiateFilterLate(const char *ifname, int ifindex, const char *linkdev, enum virDomainNetType nettype, @@ -961,8 +943,7 @@ virNWFilterInstantiateFilterLate(virConn virNWFilterLockFilterUpdates(); - rc = __virNWFilterInstantiateFilter(conn, - 1, + rc = __virNWFilterInstantiateFilter(true, ifname, ifindex, linkdev, @@ -1019,8 +1000,7 @@ virNWFilterUpdateInstantiateFilter(virCo return rc; } -int virNWFilterRollbackUpdateFilter(virConnectPtr conn, - const virDomainNetDefPtr net) +int virNWFilterRollbackUpdateFilter(const virDomainNetDefPtr net) { const char *drvname = EBIPTABLES_DRIVER_ID; int ifindex; @@ -1041,13 +1021,12 @@ int virNWFilterRollbackUpdateFilter(virC else if (virNWFilterLookupLearnReq(ifindex) != NULL) return 0; - return techdriver->tearNewRules(conn, net->ifname); + return techdriver->tearNewRules(net->ifname); } int -virNWFilterTearOldFilter(virConnectPtr conn, - virDomainNetDefPtr net) +virNWFilterTearOldFilter(virDomainNetDefPtr net) { const char *drvname = EBIPTABLES_DRIVER_ID; int ifindex; @@ -1068,7 +1047,7 @@ virNWFilterTearOldFilter(virConnectPtr c else if (virNWFilterLookupLearnReq(ifindex) != NULL) return 0; - return techdriver->tearOldRules(conn, net->ifname); + return techdriver->tearOldRules(net->ifname); } @@ -1141,14 +1120,13 @@ virNWFilterDomainFWUpdateCB(void *payloa case STEP_TEAR_NEW: if ( !virHashLookup(cb->skipInterfaces, net->ifname)) { - cb->err = virNWFilterRollbackUpdateFilter(cb->conn, - net); + cb->err = virNWFilterRollbackUpdateFilter(net); } break; case STEP_TEAR_OLD: if ( !virHashLookup(cb->skipInterfaces, net->ifname)) { - cb->err = virNWFilterTearOldFilter(cb->conn, net); + cb->err = virNWFilterTearOldFilter(net); } break; } Index: libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_gentech_driver.h +++ libvirt-acl/src/nwfilter/nwfilter_gentech_driver.h @@ -42,14 +42,11 @@ int virNWFilterInstantiateFilter(virConn int virNWFilterUpdateInstantiateFilter(virConnectPtr conn, const virDomainNetDefPtr net, bool *skipIface); -int virNWFilterRollbackUpdateFilter(virConnectPtr conn, - const virDomainNetDefPtr net); +int virNWFilterRollbackUpdateFilter(const virDomainNetDefPtr net); -int virNWFilterTearOldFilter(virConnectPtr conn, - const virDomainNetDefPtr net); +int virNWFilterTearOldFilter(const virDomainNetDefPtr net); -int virNWFilterInstantiateFilterLate(virConnectPtr conn, - const char *ifname, +int virNWFilterInstantiateFilterLate(const char *ifname, int ifindex, const char *linkdev, enum virDomainNetType nettype, Index: libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_learnipaddr.c +++ libvirt-acl/src/nwfilter/nwfilter_learnipaddr.c @@ -702,8 +702,7 @@ learnIPAddressThread(void *arg) "cache for interface %s"), inetaddr, req->ifname); } - ret = virNWFilterInstantiateFilterLate(NULL, - req->ifname, + ret = virNWFilterInstantiateFilterLate(req->ifname, req->ifindex, req->linkdev, req->nettype,