[patch 4/5] iptables: maintain rules in memory even when not writing to disk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Re-factor things a little for the next patch so that we maintain
the rules in memory even when we're not going to write them to
disk.

Signed-off-by: Mark McLoughlin <markmc@xxxxxxxxxx>

Index: libvirt/qemud/iptables.c
===================================================================
--- libvirt.orig/qemud/iptables.c
+++ libvirt/qemud/iptables.c
@@ -51,14 +51,14 @@ typedef struct
     char  *table;
     char  *chain;
 
+    int    nrules;
+    char **rules;
+
 #ifdef IPTABLES_DIR
 
     char   dir[PATH_MAX];
     char   path[PATH_MAX];
 
-    int    nrules;
-    char **rules;
-
 #endif /* IPTABLES_DIR */
 
 } iptRules;
@@ -171,13 +171,13 @@ buildPath(const char *table,
     else
         return 0;
 }
+#endif /* IPTABLES_DIR */
 
 static int
 iptRulesAppend(iptRules *rules,
                const char *rule)
 {
     char **r;
-    int err;
 
     if (!(r = (char **)realloc(rules->rules, sizeof(char *) * (rules->nrules+1))))
         return ENOMEM;
@@ -189,24 +189,29 @@ iptRulesAppend(iptRules *rules,
 
     rules->nrules++;
 
-    if ((err = ensureDir(rules->dir)))
-        return err;
+#ifdef IPTABLES_DIR
+    {
+        int err;
 
-    if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
-        return err;
+        if ((err = ensureDir(rules->dir)))
+            return err;
+
+        if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
+            return err;
+    }
+#endif /* IPTABLES_DIR */
 
     return 0;
 }
 
 static int
 iptRulesRemove(iptRules *rules,
-               const char *rule)
+               char *rule)
 {
     int i;
-    int err;
 
     for (i = 0; i < rules->nrules; i++)
-        if (!strcmp(rules->rules[i], rule))
+        if (!strcmp(rules->rules[i], strdup(rule)))
             break;
 
     if (i >= rules->nrules)
@@ -220,16 +225,23 @@ iptRulesRemove(iptRules *rules,
 
     rules->nrules--;
 
-    if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
-        return err;
+#ifdef IPTABLES_DIR
+    {
+        int err;
+
+        if ((err = writeRules(rules->path, rules->rules, rules->nrules)))
+            return err;
+    }
+#endif /* IPTABLES_DIR */
 
     return 0;
 }
-#endif /* IPTABLES_DIR */
 
 static void
 iptRulesFree(iptRules *rules)
 {
+    int i;
+
     if (rules->table) {
         free(rules->table);
         rules->table = NULL;
@@ -240,25 +252,22 @@ iptRulesFree(iptRules *rules)
         rules->chain = NULL;
     }
 
-#ifdef IPTABLES_DIR
-    {
-        int i;
 
-        rules->dir[0] = '\0';
-        rules->path[0] = '\0';
-
-        for (i = 0; i < rules->nrules; i++) {
-            free(rules->rules[i]);
-            rules->rules[i] = NULL;
-        }
+    for (i = 0; i < rules->nrules; i++) {
+        free(rules->rules[i]);
+        rules->rules[i] = NULL;
+    }
 
-        rules->nrules = 0;
+    rules->nrules = 0;
 
-        if (rules->rules) {
-            free(rules->rules);
-            rules->rules = NULL;
-        }
+    if (rules->rules) {
+        free(rules->rules);
+        rules->rules = NULL;
     }
+
+#ifdef IPTABLES_DIR
+    rules->dir[0] = '\0';
+    rules->path[0] = '\0';
 #endif /* IPTABLES_DIR */
 
     free(rules);
@@ -279,15 +288,15 @@ iptRulesNew(const char *table,
     if (!(rules->chain = strdup(chain)))
         goto error;
 
+    rules->rules = NULL;
+    rules->nrules = 0;
+
 #ifdef IPTABLES_DIR
     if (buildDir(table, rules->dir, sizeof(rules->dir)))
         goto error;
 
     if (buildPath(table, chain, rules->path, sizeof(rules->path)))
         goto error;
-
-    rules->rules = NULL;
-    rules->nrules = 0;
 #endif /* IPTABLES_DIR */
 
     return rules;
@@ -464,12 +473,10 @@ iptablesAddRemoveRule(iptRules *rules, i
         (retval = iptablesAddRemoveChain(rules, action)))
         goto error;
 
-#ifdef IPTABLES_DIR
     if (action == ADD)
         retval = iptRulesAppend(rules, rule);
     else
         retval = iptRulesRemove(rules, rule);
-#endif /* IPTABLES_DIR */
 
  error:
     if (rule)

-- 


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]