clang 3.8 complains:
util/virfirewall.c:425:30: error: passing an object that undergoes
default argument promotion to 'va_start' has undefined behavior
[-Werror,-Wvarargs]
__builtin_va_start(args, layer);
Exchange the parameters to have a pointer as the last argument.
---
Alternatives:
* make a macro wrapper around virFirewallAddRule which
has a non-enum parameter after layer
* just silence the warning
* ???
src/nwfilter/nwfilter_ebiptables_driver.c | 84 +++++++++++++--------------
src/util/virebtables.c | 8 +--
src/util/virfirewall.c | 8 +--
src/util/virfirewall.h | 4 +-
src/util/viriptables.c | 38 ++++++-------
tests/virfirewalltest.c | 94 +++++++++++++++----------------
6 files changed, 118 insertions(+), 118 deletions(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 0ab7c08..c6d448c 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -454,13 +454,13 @@ iptablesCreateBaseChainsFW(virFirewallPtr fw,
virFirewallAddRuleFull(fw, layer,
true, NULL, NULL,
"-D", "INPUT", "-j", HOST_IN_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "FORWARD", "1", "-j", VIRT_IN_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "FORWARD", "2", "-j", VIRT_OUT_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "FORWARD", "3", "-j", VIRT_IN_POST_CHAIN, NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-I", "INPUT", "1", "-j", HOST_IN_CHAIN, NULL);
}
@@ -480,7 +480,7 @@ iptablesCreateTmpRootChainFW(virFirewallPtr fw,
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-N", chain, NULL);
}
@@ -588,13 +588,13 @@ iptablesLinkTmpRootChainFW(virFirewallPtr fw,
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
if (incoming)
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-A", basechain,
MATCH_PHYSDEV_IN_FW,
ifname,
"-g", chain, NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-A", basechain,
MATCH_PHYSDEV_OUT_FW,
ifname,
@@ -623,7 +623,7 @@ iptablesSetupVirtInPostFW(virFirewallPtr fw ATTRIBUTE_UNUSED,
"-D", VIRT_IN_POST_CHAIN,
MATCH_PHYSDEV_IN_FW,
ifname, "-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-A", VIRT_IN_POST_CHAIN,
MATCH_PHYSDEV_IN_FW,
ifname, "-j", "ACCEPT", NULL);
@@ -762,7 +762,7 @@ iptablesRenameTmpRootChainFW(virFirewallPtr fw,
PRINT_IPT_ROOT_CHAIN(tmpchain, tmpChainPrefix, ifname);
PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"-E", tmpchain, chain, NULL);
}
@@ -1186,7 +1186,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
switch (rule->prtclType) {
case VIR_NWFILTER_RULE_PROTOCOL_TCP:
case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "tcp",
NULL);
@@ -1245,7 +1245,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_UDP:
case VIR_NWFILTER_RULE_PROTOCOL_UDPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "udp",
NULL);
@@ -1275,7 +1275,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITE:
case VIR_NWFILTER_RULE_PROTOCOL_UDPLITEoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "udplite",
NULL);
@@ -1300,7 +1300,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ESP:
case VIR_NWFILTER_RULE_PROTOCOL_ESPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "esp",
NULL);
@@ -1325,7 +1325,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_AH:
case VIR_NWFILTER_RULE_PROTOCOL_AHoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "ah",
NULL);
@@ -1350,7 +1350,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_SCTP:
case VIR_NWFILTER_RULE_PROTOCOL_SCTPoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "sctp",
NULL);
@@ -1380,7 +1380,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ICMP:
case VIR_NWFILTER_RULE_PROTOCOL_ICMPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
NULL);
@@ -1447,7 +1447,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_IGMP:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "igmp",
NULL);
@@ -1472,7 +1472,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ALL:
case VIR_NWFILTER_RULE_PROTOCOL_ALLoIPV6:
- fwrule = virFirewallAddRule(fw, layer,
+ fwrule = virFirewallAddRule(layer, fw,
"-A", chain,
"-p", "all",
NULL);
@@ -1875,7 +1875,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
switch (rule->prtclType) {
case VIR_NWFILTER_RULE_PROTOCOL_MAC:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat",
"-A", chain, NULL);
@@ -1898,7 +1898,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_VLAN:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -1927,7 +1927,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
return -1;
}
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -1963,7 +1963,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
case VIR_NWFILTER_RULE_PROTOCOL_ARP:
case VIR_NWFILTER_RULE_PROTOCOL_RARP:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2090,7 +2090,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_IP:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2223,7 +2223,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_IPV6:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain, NULL);
if (ebtablesHandleEthHdr(fw, fwrule,
@@ -2423,7 +2423,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
break;
case VIR_NWFILTER_RULE_PROTOCOL_NONE:
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain, NULL);
break;
@@ -2543,7 +2543,7 @@ ebtablesCreateTmpRootChainFW(virFirewallPtr fw,
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-N", chain, NULL);
}
@@ -2558,7 +2558,7 @@ ebtablesLinkTmpRootChainFW(virFirewallPtr fw,
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A",
incoming ? EBTABLES_CHAIN_INCOMING : EBTABLES_CHAIN_OUTGOING,
incoming ? "-i" : "-o",
@@ -2671,10 +2671,10 @@ ebtablesCreateTmpSubChainFW(virFirewallPtr fw,
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET,
true, NULL, NULL,
"-t", "nat", "-X", chain, NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-N", chain, NULL);
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", rootchain, NULL);
switch (protoidx) {
@@ -2785,7 +2785,7 @@ ebtablesRenameTmpSubChainFW(virFirewallPtr fw,
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
}
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-E", tmpchain, chain, NULL);
}
@@ -2834,7 +2834,7 @@ ebtablesRenameTmpSubAndRootChainsQuery(virFirewallPtr fw,
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_ETHERNET,
true, NULL, NULL,
"-t", "nat", "-X", newchain, NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-E", tmp, newchain, NULL);
}
@@ -2911,19 +2911,19 @@ ebtablesApplyBasicRules(const char *ifname,
ebtablesCreateTmpRootChainFW(fw, true, ifname);
PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-s", "!", macaddr_str,
"-j", "DROP", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-p", "IPv4",
"-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-p", "ARP",
"-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain,
"-j", "DROP", NULL);
@@ -2987,14 +2987,14 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_in,
"-s", macaddr_str,
"-p", "ipv4", "--ip-protocol", "udp",
"--ip-sport", "68", "--ip-dport", "67",
"-j", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_in,
"-j", "DROP", NULL);
@@ -3015,7 +3015,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
*/
for (ctr = 0; ctr < 2; ctr++) {
if (dhcpserver)
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_out,
"-d", (ctr == 0) ? macaddr_str : "ff:ff:ff:ff:ff:ff",
"-p", "ipv4", "--ip-protocol", "udp",
@@ -3023,7 +3023,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
"--ip-sport", "67", "--ip-dport", "68",
"-j", "ACCEPT", NULL);
else
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_out,
"-d", (ctr == 0) ? macaddr_str : "ff:ff:ff:ff:ff:ff",
"-p", "ipv4", "--ip-protocol", "udp",
@@ -3037,7 +3037,7 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
break;
}
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_out,
"-j", "DROP", NULL);
@@ -3091,11 +3091,11 @@ ebtablesApplyDropAllRules(const char *ifname)
PRINT_ROOT_CHAIN(chain_in, CHAINPREFIX_HOST_IN_TEMP, ifname);
PRINT_ROOT_CHAIN(chain_out, CHAINPREFIX_HOST_OUT_TEMP, ifname);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_in,
"-j", "DROP", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-t", "nat", "-A", chain_out,
"-j", "DROP", NULL);
diff --git a/src/util/virebtables.c b/src/util/virebtables.c
index 2ffff08..e608ebb 100644
--- a/src/util/virebtables.c
+++ b/src/util/virebtables.c
@@ -94,15 +94,15 @@ ebtablesAddForwardPolicyReject(ebtablesContext *ctx)
fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"--new-chain", ctx->chain,
NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"--insert", "FORWARD",
"--jump", ctx->chain, NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
"-P", ctx->chain, "DROP",
NULL);
@@ -130,7 +130,7 @@ ebtablesForwardAllowIn(ebtablesContext *ctx,
fw = virFirewallNew();
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_ETHERNET, fw,
action == ADD ? "--insert" : "--delete",
ctx->chain,
"--in-interface", iface,
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index f26fd86..025df5b 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -407,8 +407,8 @@ virFirewallAddRuleFullV(virFirewallPtr firewall,
/**
* virFirewallAddRule:
- * @firewall: firewall ruleset to add to
* @layer: the firewall layer to change
+ * @firewall: firewall ruleset to add to
* @...: NULL terminated list of strings for the rule
*
* Add any type of rule to the firewall ruleset.
@@ -416,13 +416,13 @@ virFirewallAddRuleFullV(virFirewallPtr firewall,
* Returns the new rule
*/
virFirewallRulePtr
-virFirewallAddRule(virFirewallPtr firewall,
- virFirewallLayer layer,
+virFirewallAddRule(virFirewallLayer layer,
+ virFirewallPtr firewall,
...)
{
virFirewallRulePtr rule;
va_list args;
- va_start(args, layer);
+ va_start(args, firewall);
rule = virFirewallAddRuleFullV(firewall, layer, false, NULL, NULL, args);
va_end(args);
return rule;
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index dbf3975..371956c 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -44,8 +44,8 @@ virFirewallPtr virFirewallNew(void);
void virFirewallFree(virFirewallPtr firewall);
-virFirewallRulePtr virFirewallAddRule(virFirewallPtr firewall,
- virFirewallLayer layer,
+virFirewallRulePtr virFirewallAddRule(virFirewallLayer layer,
+ virFirewallPtr firewall,
...)
ATTRIBUTE_SENTINEL;
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index e921954..91b2a40 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -69,7 +69,7 @@ iptablesInput(virFirewallPtr fw,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "INPUT",
"--in-interface", iface,
@@ -92,7 +92,7 @@ iptablesOutput(virFirewallPtr fw,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "OUTPUT",
"--out-interface", iface,
@@ -262,7 +262,7 @@ iptablesForwardAllowOut(virFirewallPtr fw,
return -1;
if (physdev && physdev[0])
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "FORWARD",
"--source", networkstr,
@@ -271,7 +271,7 @@ iptablesForwardAllowOut(virFirewallPtr fw,
"--jump", "ACCEPT",
NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "FORWARD",
"--source", networkstr,
@@ -349,7 +349,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw,
return -1;
if (physdev && physdev[0])
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "FORWARD",
"--destination", networkstr,
@@ -360,7 +360,7 @@ iptablesForwardAllowRelatedIn(virFirewallPtr fw,
"--jump", "ACCEPT",
NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "FORWARD",
"--destination", networkstr,
@@ -438,7 +438,7 @@ iptablesForwardAllowIn(virFirewallPtr fw,
return -1;
if (physdev && physdev[0])
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "FORWARD",
"--destination", networkstr,
@@ -447,7 +447,7 @@ iptablesForwardAllowIn(virFirewallPtr fw,
"--jump", "ACCEPT",
NULL);
else
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
action == ADD ? "--insert" : "--delete", "FORWARD",
"--destination", networkstr,
@@ -520,7 +520,7 @@ iptablesAddForwardAllowCross(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--insert", "FORWARD",
"--in-interface", iface,
@@ -545,7 +545,7 @@ iptablesRemoveForwardAllowCross(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--delete", "FORWARD",
"--in-interface", iface,
@@ -569,7 +569,7 @@ iptablesAddForwardRejectOut(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--insert", "FORWARD",
"--in-interface", iface,
@@ -592,7 +592,7 @@ iptablesRemoveForwardRejectOut(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--delete", "FORWARD",
"--in-interface", iface,
@@ -616,7 +616,7 @@ iptablesAddForwardRejectIn(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--insert", "FORWARD",
"--out-interface", iface,
@@ -639,7 +639,7 @@ iptablesRemoveForwardRejectIn(virFirewallPtr fw,
virFirewallLayer layer,
const char *iface)
{
- virFirewallAddRule(fw, layer,
+ virFirewallAddRule(layer, fw,
"--table", "filter",
"--delete", "FORWARD",
"--out-interface", iface,
@@ -690,7 +690,7 @@ iptablesForwardMasquerade(virFirewallPtr fw,
}
if (protocol && protocol[0]) {
- rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" : "--delete", "POSTROUTING",
"--source", networkstr,
@@ -698,7 +698,7 @@ iptablesForwardMasquerade(virFirewallPtr fw,
"!", "--destination", networkstr,
NULL);
} else {
- rule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ rule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" : "--delete", "POSTROUTING",
"--source", networkstr,
@@ -842,7 +842,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw,
}
if (physdev && physdev[0])
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" : "--delete", "POSTROUTING",
"--out-interface", physdev,
@@ -851,7 +851,7 @@ iptablesForwardDontMasquerade(virFirewallPtr fw,
"--jump", "RETURN",
NULL);
else
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "nat",
action == ADD ? "--insert" : "--delete", "POSTROUTING",
"--source", networkstr,
@@ -927,7 +927,7 @@ iptablesOutputFixUdpChecksum(virFirewallPtr fw,
snprintf(portstr, sizeof(portstr), "%d", port);
portstr[sizeof(portstr) - 1] = '\0';
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"--table", "mangle",
action == ADD ? "--insert" : "--delete", "POSTROUTING",
"--out-interface", iface,
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index 6f4fed5..49bfaa5 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -221,12 +221,12 @@ testFirewallSingleGroup(const void *opaque)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -281,17 +281,17 @@ testFirewallRemoveRule(const void *opaque)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT", NULL);
virFirewallRuleAddArg(fw, fwrule, "--source-host");
virFirewallRemoveRule(fw, fwrule);
- fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ fwrule = virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT", NULL);
virFirewallRuleAddArg(fw, fwrule, "--source-host");
virFirewallRuleAddArgFormat(fw, fwrule, "%s", "!192.168.122.1");
@@ -348,24 +348,24 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--jump", "DROP", NULL);
@@ -444,24 +444,24 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--jump", "DROP", NULL);
@@ -519,7 +519,7 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
@@ -530,12 +530,12 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "OUTPUT",
"--jump", "DROP", NULL);
@@ -591,17 +591,17 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -664,34 +664,34 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -753,38 +753,38 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -850,14 +850,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
@@ -865,24 +865,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.127",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.127",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -890,24 +890,24 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
virFirewallStartRollback(fw, VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "192.168.122.255",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-D", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
@@ -996,7 +996,7 @@ testFirewallQueryCallback(virFirewallPtr fw,
void *opaque ATTRIBUTE_UNUSED)
{
size_t i;
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.129",
"--jump", "REJECT", NULL);
@@ -1054,14 +1054,14 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.1",
"--jump", "ACCEPT", NULL);
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.127",
"--jump", "REJECT", NULL);
@@ -1077,7 +1077,7 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
NULL,
"-t", "nat", "-L", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.130",
"--jump", "REJECT", NULL);
@@ -1085,12 +1085,12 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
virFirewallStartTransaction(fw, 0);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "192.168.122.128",
"--jump", "REJECT", NULL);
- virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
+ virFirewallAddRule(VIR_FIREWALL_LAYER_IPV4, fw,
"-A", "INPUT",
"--source-host", "!192.168.122.1",
"--jump", "REJECT", NULL);
--
2.7.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list