Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/nwfilter/nwfilter_dhcpsnoop.c | 91 ++++--------
src/nwfilter/nwfilter_ebiptables_driver.c | 170 +++++++++-------------
src/nwfilter/nwfilter_gentech_driver.c | 19 +--
src/nwfilter/nwfilter_learnipaddr.c | 9 +-
4 files changed, 108 insertions(+), 181 deletions(-)
diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index f54e1a88e0..32cd6492ad 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -292,18 +292,17 @@ static const unsigned char dhcp_magic[4] = { 99, 130, 83, 99 };
static char *
virNWFilterSnoopActivate(virNWFilterSnoopReqPtr req)
{
- char *key;
-
- key = g_strdup_printf("%p-%d", req, req->ifindex);
+ g_autofree char *key = g_strdup_printf("%p-%d", req, req->ifindex);
+ char *ret = NULL;
virNWFilterSnoopActiveLock();
- if (virHashAddEntry(virNWFilterSnoopState.active, key, (void *)0x1) < 0)
- VIR_FREE(key);
+ if (virHashAddEntry(virNWFilterSnoopState.active, key, (void *)0x1) == 0)
+ ret = g_steal_pointer(&key);
virNWFilterSnoopActiveUnlock();
- return key;
+ return ret;
}
static void
@@ -442,11 +441,10 @@ static int
virNWFilterSnoopIPLeaseInstallRule(virNWFilterSnoopIPLeasePtr ipl,
bool instantiate)
{
- char *ipaddr;
+ g_autofree char *ipaddr = virSocketAddrFormat(&ipl->ipAddress);
int rc = -1;
virNWFilterSnoopReqPtr req;
- ipaddr = virSocketAddrFormat(&ipl->ipAddress);
if (!ipaddr)
return -1;
@@ -473,9 +471,6 @@ virNWFilterSnoopIPLeaseInstallRule(virNWFilterSnoopIPLeasePtr ipl,
exit_snooprequnlock:
virNWFilterSnoopReqUnlock(req);
-
- VIR_FREE(ipaddr);
-
return rc;
}
@@ -551,7 +546,7 @@ virNWFilterSnoopReqGet(virNWFilterSnoopReqPtr req)
static virNWFilterSnoopReqPtr
virNWFilterSnoopReqNew(const char *ifkey)
{
- virNWFilterSnoopReqPtr req;
+ g_autofree virNWFilterSnoopReqPtr req = g_new0(virNWFilterSnoopReq, 1);
if (ifkey == NULL || strlen(ifkey) != VIR_IFKEY_LEN - 1) {
virReportError(VIR_ERR_INTERNAL_ERROR,
@@ -562,28 +557,20 @@ virNWFilterSnoopReqNew(const char *ifkey)
return NULL;
}
- req = g_new0(virNWFilterSnoopReq, 1);
-
req->threadStatus = THREAD_STATUS_NONE;
- if (virStrcpyStatic(req->ifkey, ifkey) < 0||
- virMutexInitRecursive(&req->lock) < 0)
- goto err_free_req;
+ if (virStrcpyStatic(req->ifkey, ifkey) < 0 ||
+ virMutexInitRecursive(&req->lock) < 0) {
+ return NULL;
+ }
- if (virCondInit(&req->threadStatusCond) < 0)
- goto err_destroy_mutex;
+ if (virCondInit(&req->threadStatusCond) < 0) {
+ virMutexDestroy(&req->lock);
+ return NULL;
+ }
virNWFilterSnoopReqGet(req);
-
- return req;
-
- err_destroy_mutex:
- virMutexDestroy(&req->lock);
-
- err_free_req:
- VIR_FREE(req);
-
- return NULL;
+ return g_steal_pointer(&req);
}
/*
@@ -815,7 +802,7 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req,
{
int ret = 0;
virNWFilterSnoopIPLeasePtr ipl;
- char *ipstr = NULL;
+ g_autofree char *ipstr = NULL;
/* protect req->start, req->ifname and the lease */
virNWFilterSnoopReqLock(req);
@@ -868,8 +855,6 @@ virNWFilterSnoopReqLeaseDel(virNWFilterSnoopReqPtr req,
ignore_value(!!g_atomic_int_dec_and_test(&virNWFilterSnoopState.nLeases));
lease_not_found:
- VIR_FREE(ipstr);
-
virNWFilterSnoopReqUnlock(req);
return ret;
@@ -1045,7 +1030,7 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac,
pcap_t *handle = NULL;
struct bpf_program fp;
char pcap_errbuf[PCAP_ERRBUF_SIZE];
- char *ext_filter = NULL;
+ g_autofree char *ext_filter = NULL;
char macaddr[VIR_MAC_STRING_BUFLEN];
virMacAddrFormat(mac, macaddr);
@@ -1075,7 +1060,7 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac,
if (handle == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("pcap_create failed"));
- goto cleanup_nohandle;
+ return NULL;
}
if (pcap_set_snaplen(handle, PCAP_PBUFSIZE) < 0 ||
@@ -1107,17 +1092,12 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac,
}
pcap_freecode(&fp);
- VIR_FREE(ext_filter);
-
return handle;
cleanup_freecode:
pcap_freecode(&fp);
cleanup:
pcap_close(handle);
- cleanup_nohandle:
- VIR_FREE(ext_filter);
-
return NULL;
}
@@ -1128,7 +1108,7 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac,
static void virNWFilterDHCPDecodeWorker(void *jobdata, void *opaque)
{
virNWFilterSnoopReqPtr req = opaque;
- virNWFilterDHCPDecodeJobPtr job = jobdata;
+ g_autofree virNWFilterDHCPDecodeJobPtr job = jobdata;
virNWFilterSnoopEthHdrPtr packet = (virNWFilterSnoopEthHdrPtr)job->packet;
if (virNWFilterSnoopDHCPDecode(req, packet,
@@ -1140,7 +1120,6 @@ static void virNWFilterDHCPDecodeWorker(void *jobdata, void
*opaque)
"interface '%s'"),
req->binding->portdevname);
}
ignore_value(!!g_atomic_int_dec_and_test(job->qCtr));
- VIR_FREE(job);
}
/*
@@ -1307,7 +1286,7 @@ virNWFilterDHCPSnoopThread(void *req0)
int errcount = 0;
int tmp = -1, rv, n, pollTo;
size_t i;
- char *threadkey = NULL;
+ g_autofree char *threadkey = NULL;
virThreadPoolPtr worker = NULL;
time_t last_displayed = 0, last_displayed_queue = 0;
virNWFilterSnoopPcapConf pcapConf[] = {
@@ -1533,8 +1512,6 @@ virNWFilterDHCPSnoopThread(void *req0)
virNWFilterSnoopReqPut(req);
- VIR_FREE(threadkey);
-
for (i = 0; i < G_N_ELEMENTS(pcapConf); i++) {
if (pcapConf[i].handle)
pcap_close(pcapConf[i].handle);
@@ -1721,18 +1698,13 @@ static int
virNWFilterSnoopLeaseFileWrite(int lfd, const char *ifkey,
virNWFilterSnoopIPLeasePtr ipl)
{
- char *lbuf = NULL;
- char *ipstr, *dhcpstr;
+ g_autofree char *lbuf = NULL;
+ g_autofree char *ipstr = virSocketAddrFormat(&ipl->ipAddress);
+ g_autofree char *dhcpstr = virSocketAddrFormat(&ipl->ipServer);
int len;
- int ret = 0;
- ipstr = virSocketAddrFormat(&ipl->ipAddress);
- dhcpstr = virSocketAddrFormat(&ipl->ipServer);
-
- if (!dhcpstr || !ipstr) {
- ret = -1;
- goto cleanup;
- }
+ if (!dhcpstr || !ipstr)
+ return -1;
/* time intf ip dhcpserver */
lbuf = g_strdup_printf("%u %s %s %s\n", ipl->timeout, ifkey, ipstr,
dhcpstr);
@@ -1740,18 +1712,11 @@ virNWFilterSnoopLeaseFileWrite(int lfd, const char *ifkey,
if (safewrite(lfd, lbuf, len) != len) {
virReportSystemError(errno, "%s", _("lease file write
failed"));
- ret = -1;
- goto cleanup;
+ return -1;
}
ignore_value(g_fsync(lfd));
-
- cleanup:
- VIR_FREE(lbuf);
- VIR_FREE(dhcpstr);
- VIR_FREE(ipstr);
-
- return ret;
+ return 0;
}
/*
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c
b/src/nwfilter/nwfilter_ebiptables_driver.c
index 8fdc8e8897..b382b9405d 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -188,10 +188,10 @@ _printDataType(virNWFilterVarCombIterPtr vars,
bool asHex, bool directionIn)
{
bool done;
- char *data;
+ g_autofree char *data = NULL;
uint8_t ctr;
- virBuffer vb = VIR_BUFFER_INITIALIZER;
- char *flags;
+ g_auto(virBuffer) vb = VIR_BUFFER_INITIALIZER;
+ g_autofree char *flags = NULL;
if (printVar(vars, buf, bufsize, item, &done) < 0)
return -1;
@@ -207,10 +207,8 @@ _printDataType(virNWFilterVarCombIterPtr vars,
if (g_snprintf(buf, bufsize, "%s", data) >= bufsize) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("buffer too small for IP address"));
- VIR_FREE(data);
return -1;
}
- VIR_FREE(data);
break;
case DATATYPE_IPV6ADDR:
@@ -221,10 +219,8 @@ _printDataType(virNWFilterVarCombIterPtr vars,
if (g_snprintf(buf, bufsize, "%s", data) >= bufsize) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("buffer too small for IPv6 address"));
- VIR_FREE(data);
return -1;
}
- VIR_FREE(data);
break;
case DATATYPE_MACADDR:
@@ -308,10 +304,8 @@ _printDataType(virNWFilterVarCombIterPtr vars,
if (virStrcpy(buf, flags, bufsize) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Buffer too small for IPSETFLAGS type"));
- VIR_FREE(flags);
return -1;
}
- VIR_FREE(flags);
break;
case DATATYPE_STRING:
@@ -1187,19 +1181,19 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
return -1;
if (HAS_ENTRY_ITEM(&rule->p.tcpHdrFilter.dataTCPFlags)) {
- char *flags;
+ g_autofree char *mask = NULL;
+ g_autofree char *flags = NULL;
if (ENTRY_WANT_NEG_SIGN(&rule->p.tcpHdrFilter.dataTCPFlags))
virFirewallRuleAddArg(fw, fwrule, "!");
virFirewallRuleAddArg(fw, fwrule, "--tcp-flags");
- if (!(flags =
virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.mask)))
+ if (!(mask =
virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.mask)))
return -1;
- virFirewallRuleAddArg(fw, fwrule, flags);
- VIR_FREE(flags);
+ virFirewallRuleAddArg(fw, fwrule, mask);
+
if (!(flags =
virNWFilterPrintTCPFlags(rule->p.tcpHdrFilter.dataTCPFlags.u.tcpFlags.flags)))
return -1;
virFirewallRuleAddArg(fw, fwrule, flags);
- VIR_FREE(flags);
}
if (iptablesHandlePortData(fw, fwrule,
@@ -1528,7 +1522,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
static int
printStateMatchFlags(int32_t flags, char **bufptr)
{
- virBuffer buf = VIR_BUFFER_INITIALIZER;
+ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
virNWFilterPrintStateMatchFlags(&buf,
"",
flags,
@@ -1548,7 +1542,9 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
bool directionIn = false;
char chainPrefix[2];
bool maySkipICMP, inout = false;
- char *matchState = NULL;
+ g_autofree char *matchState1 = NULL;
+ g_autofree char *matchState2 = NULL;
+ g_autofree char *matchState3 = NULL;
bool create;
if ((rule->tt == VIR_NWFILTER_RULE_DIRECTION_IN) ||
@@ -1562,7 +1558,6 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
maySkipICMP = directionIn || inout;
create = true;
- matchState = NULL;
if (directionIn && !inout) {
if ((rule->flags & IPTABLES_STATE_FLAGS))
@@ -1570,7 +1565,7 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
}
if (create && (rule->flags & IPTABLES_STATE_FLAGS)) {
- if (printStateMatchFlags(rule->flags, &matchState) < 0)
+ if (printStateMatchFlags(rule->flags, &matchState1) < 0)
return -1;
}
@@ -1583,11 +1578,10 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
rule,
ifname,
vars,
- matchState, false,
+ matchState1, false,
"RETURN",
maySkipICMP);
- VIR_FREE(matchState);
if (rc < 0)
return rc;
}
@@ -1601,7 +1595,7 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
}
if (create && (rule->flags & IPTABLES_STATE_FLAGS)) {
- if (printStateMatchFlags(rule->flags, &matchState) < 0)
+ if (printStateMatchFlags(rule->flags, &matchState2) < 0)
return -1;
}
@@ -1614,12 +1608,9 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
rule,
ifname,
vars,
- matchState, false,
+ matchState2, false,
"ACCEPT",
maySkipICMP);
-
- VIR_FREE(matchState);
-
if (rc < 0)
return rc;
}
@@ -1633,7 +1624,7 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
create = false;
} else {
if ((rule->flags & IPTABLES_STATE_FLAGS)) {
- if (printStateMatchFlags(rule->flags, &matchState) < 0)
+ if (printStateMatchFlags(rule->flags, &matchState3) < 0)
return -1;
}
}
@@ -1648,10 +1639,9 @@ iptablesCreateRuleInstanceStateCtrl(virFirewallPtr fw,
rule,
ifname,
vars,
- matchState, false,
+ matchState3, false,
"RETURN",
maySkipICMP);
- VIR_FREE(matchState);
}
return rc;
@@ -1797,8 +1787,6 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
const char *target;
bool hasMask = false;
virFirewallRulePtr fwrule;
- int ret = -1;
- virBuffer buf = VIR_BUFFER_INITIALIZER;
if (STREQ(chainSuffix,
virNWFilterChainSuffixTypeToString(
@@ -1813,7 +1801,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars, \
field, sizeof(field), \
&rule->p.STRUCT.ITEM) < 0) \
- goto cleanup; \
+ return -1; \
virFirewallRuleAddArg(fw, fwrule, CLI); \
if (ENTRY_WANT_NEG_SIGN(&rule->p.STRUCT.ITEM)) \
virFirewallRuleAddArg(fw, fwrule, "!"); \
@@ -1825,7 +1813,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars, \
field, sizeof(field), \
&rule->p.STRUCT.ITEM) < 0) \
- goto cleanup; \
+ return -1; \
virFirewallRuleAddArg(fw, fwrule, CLI); \
if (ENTRY_WANT_NEG_SIGN(&rule->p.STRUCT.ITEM)) \
virFirewallRuleAddArg(fw, fwrule, "!"); \
@@ -1833,7 +1821,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars, \
fieldalt, sizeof(fieldalt), \
&rule->p.STRUCT.ITEM_HI) < 0) \
- goto cleanup; \
+ return -1; \
virFirewallRuleAddArgFormat(fw, fwrule, \
"%s%s%s", field, SEP, fieldalt); \
} else { \
@@ -1855,13 +1843,13 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
vars,
&rule->p.ethHdrFilter.ethHdr,
reverse) < 0)
- goto cleanup;
+ return -1;
if (HAS_ENTRY_ITEM(&rule->p.ethHdrFilter.dataProtocolID)) {
if (printDataTypeAsHex(vars,
number, sizeof(number),
&rule->p.ethHdrFilter.dataProtocolID) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "-p");
if (ENTRY_WANT_NEG_SIGN(&rule->p.ethHdrFilter.dataProtocolID))
virFirewallRuleAddArg(fw, fwrule, "!");
@@ -1877,7 +1865,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
vars,
&rule->p.vlanHdrFilter.ethHdr,
reverse) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-p", "0x8100", NULL);
@@ -1906,7 +1894,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
vars,
&rule->p.stpHdrFilter.ethHdr,
reverse) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-d", NWFILTER_MAC_BGA, NULL);
@@ -1942,7 +1930,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
vars,
&rule->p.arpHdrFilter.ethHdr,
reverse) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "-p");
virFirewallRuleAddArgFormat(fw, fwrule, "0x%x",
@@ -1954,7 +1942,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.arpHdrFilter.dataHWType) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "--arp-htype");
if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataHWType))
virFirewallRuleAddArg(fw, fwrule, "!");
@@ -1965,7 +1953,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.arpHdrFilter.dataOpcode) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "--arp-opcode");
if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataOpcode))
virFirewallRuleAddArg(fw, fwrule, "!");
@@ -1976,7 +1964,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataTypeAsHex(vars,
number, sizeof(number),
&rule->p.arpHdrFilter.dataProtocolType) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "--arp-ptype");
if (ENTRY_WANT_NEG_SIGN(&rule->p.arpHdrFilter.dataProtocolType))
virFirewallRuleAddArg(fw, fwrule, "!");
@@ -1987,13 +1975,13 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&rule->p.arpHdrFilter.dataARPSrcIPAddr) < 0)
- goto cleanup;
+ return -1;
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPSrcIPMask)) {
if (printDataType(vars,
ipmask, sizeof(ipmask),
&rule->p.arpHdrFilter.dataARPSrcIPMask) < 0)
- goto cleanup;
+ return -1;
hasMask = true;
}
@@ -2009,13 +1997,13 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&rule->p.arpHdrFilter.dataARPDstIPAddr) < 0)
- goto cleanup;
+ return -1;
if (HAS_ENTRY_ITEM(&rule->p.arpHdrFilter.dataARPDstIPMask)) {
if (printDataType(vars,
ipmask, sizeof(ipmask),
&rule->p.arpHdrFilter.dataARPDstIPMask) < 0)
- goto cleanup;
+ return -1;
hasMask = true;
}
@@ -2031,7 +2019,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
macaddr, sizeof(macaddr),
&rule->p.arpHdrFilter.dataARPSrcMACAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--arp-mac-dst" :
"--arp-mac-src");
@@ -2044,7 +2032,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
macaddr, sizeof(macaddr),
&rule->p.arpHdrFilter.dataARPDstMACAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--arp-mac-src" :
"--arp-mac-dst");
@@ -2069,7 +2057,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
vars,
&rule->p.ipHdrFilter.ethHdr,
reverse) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-p", "ipv4", NULL);
@@ -2078,7 +2066,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&rule->p.ipHdrFilter.ipHdr.dataSrcIPAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip-destination" :
"--ip-source");
@@ -2089,7 +2077,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipHdrFilter.ipHdr.dataSrcIPMask) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", ipaddr, number);
} else {
@@ -2102,7 +2090,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
ipaddr, sizeof(ipaddr),
&rule->p.ipHdrFilter.ipHdr.dataDstIPAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip-source" :
"--ip-destination");
@@ -2113,7 +2101,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipHdrFilter.ipHdr.dataDstIPMask) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", ipaddr, number);
} else {
@@ -2125,7 +2113,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipHdrFilter.ipHdr.dataProtocolID) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "--ip-protocol");
if (ENTRY_WANT_NEG_SIGN(&rule->p.ipHdrFilter.ipHdr.dataProtocolID))
@@ -2137,7 +2125,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipHdrFilter.portData.dataSrcPortStart) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip-destination-port" :
"--ip-source-port");
@@ -2148,7 +2136,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
numberalt, sizeof(numberalt),
&rule->p.ipHdrFilter.portData.dataSrcPortEnd)
< 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s:%s", number, numberalt);
@@ -2161,7 +2149,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipHdrFilter.portData.dataDstPortStart) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip-source-port" :
"--ip-destination-port");
@@ -2172,7 +2160,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
numberalt, sizeof(numberalt),
&rule->p.ipHdrFilter.portData.dataDstPortEnd)
< 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s:%s", number, numberalt);
@@ -2185,7 +2173,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataTypeAsHex(vars,
number, sizeof(number),
&rule->p.ipHdrFilter.ipHdr.dataDSCP) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "--ip-tos");
if (ENTRY_WANT_NEG_SIGN(&rule->p.ipHdrFilter.ipHdr.dataDSCP))
@@ -2202,7 +2190,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
vars,
&rule->p.ipv6HdrFilter.ethHdr,
reverse) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgList(fw, fwrule,
"-p", "ipv6", NULL);
@@ -2211,7 +2199,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
ipv6addr, sizeof(ipv6addr),
&rule->p.ipv6HdrFilter.ipHdr.dataSrcIPAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip6-destination" :
"--ip6-source");
@@ -2222,7 +2210,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipv6HdrFilter.ipHdr.dataSrcIPMask) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", ipv6addr, number);
} else {
@@ -2235,7 +2223,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
ipv6addr, sizeof(ipv6addr),
&rule->p.ipv6HdrFilter.ipHdr.dataDstIPAddr) < 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip6-source" :
"--ip6-destination");
@@ -2246,7 +2234,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipv6HdrFilter.ipHdr.dataDstIPMask) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s/%s", ipv6addr, number);
} else {
@@ -2258,7 +2246,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipv6HdrFilter.ipHdr.dataProtocolID) <
0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule, "--ip6-protocol");
if (ENTRY_WANT_NEG_SIGN(&rule->p.ipv6HdrFilter.ipHdr.dataProtocolID))
@@ -2271,7 +2259,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipv6HdrFilter.portData.dataSrcPortStart)
< 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip6-destination-port" :
"--ip6-source-port");
@@ -2282,7 +2270,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
numberalt, sizeof(numberalt),
&rule->p.ipv6HdrFilter.portData.dataSrcPortEnd)
< 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s:%s", number, numberalt);
@@ -2296,7 +2284,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipv6HdrFilter.portData.dataDstPortStart)
< 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArg(fw, fwrule,
reverse ? "--ip6-source-port" :
"--ip6-destination-port");
@@ -2307,7 +2295,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
numberalt, sizeof(numberalt),
&rule->p.ipv6HdrFilter.portData.dataDstPortEnd)
< 0)
- goto cleanup;
+ return -1;
virFirewallRuleAddArgFormat(fw, fwrule,
"%s:%s", number, numberalt);
@@ -2321,7 +2309,8 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeStart) ||
HAS_ENTRY_ITEM(&rule->p.ipv6HdrFilter.dataICMPCodeEnd)) {
bool lo = false;
- char *r;
+ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+ g_autofree char *r = NULL;
virFirewallRuleAddArg(fw, fwrule,
"--ip6-icmp-type");
@@ -2330,7 +2319,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipv6HdrFilter.dataICMPTypeStart) <
0)
- goto cleanup;
+ return -1;
lo = true;
} else {
ignore_value(virStrcpyStatic(number, "0"));
@@ -2342,7 +2331,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
numberalt, sizeof(numberalt),
&rule->p.ipv6HdrFilter.dataICMPTypeEnd) < 0)
- goto cleanup;
+ return -1;
} else {
if (lo)
ignore_value(virStrcpyStatic(numberalt, number));
@@ -2358,7 +2347,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
number, sizeof(number),
&rule->p.ipv6HdrFilter.dataICMPCodeStart) <
0)
- goto cleanup;
+ return -1;
lo = true;
} else {
ignore_value(virStrcpyStatic(number, "0"));
@@ -2370,7 +2359,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
if (printDataType(vars,
numberalt, sizeof(numberalt),
&rule->p.ipv6HdrFilter.dataICMPCodeEnd) < 0)
- goto cleanup;
+ return -1;
} else {
if (lo)
ignore_value(virStrcpyStatic(numberalt, number));
@@ -2386,8 +2375,6 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
r = virBufferContentAndReset(&buf);
virFirewallRuleAddArg(fw, fwrule, r);
-
- VIR_FREE(r);
}
break;
@@ -2421,11 +2408,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
#undef INST_ITEM_2PARMS
#undef INST_ITEM
- ret = 0;
- cleanup:
- virBufferFreeAndReset(&buf);
-
- return ret;
+ return 0;
}
@@ -3301,9 +3284,8 @@ ebtablesGetSubChainInsts(virHashTablePtr chains,
ebtablesSubChainInstPtr **insts,
size_t *ninsts)
{
- virHashKeyValuePairPtr filter_names;
+ g_autofree virHashKeyValuePairPtr filter_names = NULL;
size_t i;
- int ret = -1;
filter_names = virHashGetItems(chains,
ebiptablesFilterOrderSort);
@@ -3311,7 +3293,7 @@ ebtablesGetSubChainInsts(virHashTablePtr chains,
return -1;
for (i = 0; filter_names[i].key; i++) {
- ebtablesSubChainInstPtr inst;
+ g_autofree ebtablesSubChainInstPtr inst = NULL;
enum l3_proto_idx idx = ebtablesGetProtoIdxByFiltername(
filter_names[i].key);
@@ -3324,18 +3306,11 @@ ebtablesGetSubChainInsts(virHashTablePtr chains,
inst->protoidx = idx;
inst->filtername = filter_names[i].key;
- if (VIR_APPEND_ELEMENT(*insts, *ninsts, inst) < 0) {
- VIR_FREE(inst);
- goto cleanup;
- }
+ if (VIR_APPEND_ELEMENT(*insts, *ninsts, inst) < 0)
+ return -1;
}
- ret = 0;
-
- cleanup:
- VIR_FREE(filter_names);
- return ret;
-
+ return 0;
}
static int
@@ -3345,12 +3320,12 @@ ebiptablesApplyNewRules(const char *ifname,
{
size_t i, j;
g_autoptr(virFirewall) fw = virFirewallNew();
- virHashTablePtr chains_in_set = virHashCreate(10, NULL);
- virHashTablePtr chains_out_set = virHashCreate(10, NULL);
+ g_autoptr(virHashTable) chains_in_set = virHashCreate(10, NULL);
+ g_autoptr(virHashTable) chains_out_set = virHashCreate(10, NULL);
bool haveEbtables = false;
bool haveIptables = false;
bool haveIp6tables = false;
- ebtablesSubChainInstPtr *subchains = NULL;
+ g_autofree ebtablesSubChainInstPtr *subchains = NULL;
size_t nsubchains = 0;
int ret = -1;
@@ -3544,9 +3519,6 @@ ebiptablesApplyNewRules(const char *ifname,
cleanup:
for (i = 0; i < nsubchains; i++)
VIR_FREE(subchains[i]);
- VIR_FREE(subchains);
- virHashFree(chains_in_set);
- virHashFree(chains_out_set);
return ret;
}
diff --git a/src/nwfilter/nwfilter_gentech_driver.c
b/src/nwfilter/nwfilter_gentech_driver.c
index 8ba555358d..f586c7e938 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -414,7 +414,6 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter,
virNWFilterDefPtr next_filter;
virNWFilterDefPtr newNext_filter;
virNWFilterVarValuePtr val;
- virHashTablePtr tmpvars;
for (i = 0; i < filter->nentries; i++) {
virNWFilterRuleDefPtr rule = filter->filterEntries[i]->rule;
@@ -424,20 +423,16 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter,
for (j = 0; j < rule->nVarAccess; j++) {
if (!virNWFilterVarAccessIsAvailable(rule->varAccess[j],
vars)) {
- char *varAccess;
- virBuffer buf = VIR_BUFFER_INITIALIZER;
+ g_autofree char *varAccess = NULL;
+ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
virNWFilterVarAccessPrint(rule->varAccess[j], &buf);
- val = virNWFilterVarValueCreateSimpleCopyValue("1");
- if (!val) {
- virBufferFreeAndReset(&buf);
+ if (!(val =
virNWFilterVarValueCreateSimpleCopyValue("1")))
return -1;
- }
varAccess = virBufferContentAndReset(&buf);
rc = virHashUpdateEntry(missing_vars, varAccess, val);
- VIR_FREE(varAccess);
if (rc < 0) {
virNWFilterVarValueFree(val);
return -1;
@@ -445,6 +440,8 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter,
}
}
} else if (inc) {
+ g_autoptr(virHashTable) tmpvars = NULL;
+
VIR_DEBUG("Following filter %s", inc->filterref);
if (!(obj = virNWFilterObjListFindInstantiateFilter(driver->nwfilters,
inc->filterref)))
@@ -473,9 +470,6 @@ virNWFilterDetermineMissingVarsRec(virNWFilterDefPtr filter,
missing_vars,
useNewFilter,
driver);
-
- virHashFree(tmpvars);
-
virNWFilterObjUnlock(obj);
if (rc < 0)
return -1;
@@ -516,7 +510,7 @@ virNWFilterDoInstantiate(virNWFilterTechDriverPtr techdriver,
int rc;
virNWFilterInst inst;
bool instantiate = true;
- char *buf;
+ g_autofree char *buf = NULL;
virNWFilterVarValuePtr lv;
const char *learning;
bool reportIP = false;
@@ -636,7 +630,6 @@ virNWFilterDoInstantiate(virNWFilterTechDriverPtr techdriver,
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Cannot instantiate filter due to unresolvable "
"variables or unavailable list elements: %s"), buf);
- VIR_FREE(buf);
}
rc = -1;
diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c
index 3bb8c27167..7bb39c3a66 100644
--- a/src/nwfilter/nwfilter_learnipaddr.c
+++ b/src/nwfilter/nwfilter_learnipaddr.c
@@ -396,8 +396,8 @@ learnIPAddressThread(void *arg)
req->binding->portdevname);
int dhcp_opts_len;
char macaddr[VIR_MAC_STRING_BUFLEN];
- virBuffer buf = VIR_BUFFER_INITIALIZER;
- char *filter = NULL;
+ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+ g_autofree char *filter = NULL;
uint16_t etherType;
bool showError = true;
enum howDetect howDetected = 0;
@@ -622,8 +622,6 @@ learnIPAddressThread(void *arg)
} /* while */
done:
- VIR_FREE(filter);
-
if (handle)
pcap_close(handle);
@@ -633,7 +631,7 @@ learnIPAddressThread(void *arg)
sa.len = sizeof(sa.data.inet4);
sa.data.inet4.sin_family = AF_INET;
sa.data.inet4.sin_addr.s_addr = vmaddr;
- char *inetaddr;
+ g_autofree char *inetaddr = NULL;
/* It is necessary to unlock interface here to avoid updateMutex and
* interface ordering deadlocks. Otherwise we are going to
@@ -656,7 +654,6 @@ learnIPAddressThread(void *arg)
req->ifindex);
VIR_DEBUG("Result from applying firewall rules on "
"%s with IP addr %s : %d",
req->binding->portdevname, inetaddr, ret);
- VIR_FREE(inetaddr);
}
} else {
if (showError)
--
2.25.4