Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
src/nwfilter/nwfilter_ebiptables_driver.c | 63 +++++++----------------
src/util/virebtables.c | 24 ++-------
src/util/viriptables.c | 14 ++---
tests/virfirewalltest.c | 50 ++++--------------
4 files changed, 35 insertions(+), 116 deletions(-)
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 6fc8044c8d..8b77578117 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -2863,7 +2863,7 @@ static int
ebtablesApplyBasicRules(const char *ifname,
const virMacAddr *macaddr)
{
- virFirewallPtr fw = virFirewallNew();
+ g_autoptr(virFirewall) fw = virFirewallNew();
char chain[MAX_CHAINNAME_LENGTH];
char chainPrefix = CHAINPREFIX_HOST_IN_TEMP;
char macaddr_str[VIR_MAC_STRING_BUFLEN];
@@ -2871,7 +2871,7 @@ ebtablesApplyBasicRules(const char *ifname,
virMacAddrFormat(macaddr, macaddr_str);
if (ebiptablesAllTeardown(ifname) < 0)
- goto error;
+ return -1;
virFirewallStartTransaction(fw, 0);
@@ -2900,13 +2900,10 @@ ebtablesApplyBasicRules(const char *ifname,
if (virFirewallApply(fw) < 0)
goto tear_down_tmpebchains;
- virFirewallFree(fw);
return 0;
tear_down_tmpebchains:
ebtablesCleanAll(ifname);
- error:
- virFirewallFree(fw);
return -1;
}
@@ -2939,12 +2936,12 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
char macaddr_str[VIR_MAC_STRING_BUFLEN];
unsigned int idx = 0;
unsigned int num_dhcpsrvrs;
- virFirewallPtr fw = virFirewallNew();
+ g_autoptr(virFirewall) fw = virFirewallNew();
virMacAddrFormat(macaddr, macaddr_str);
if (ebiptablesAllTeardown(ifname) < 0)
- goto error;
+ return -1;
virFirewallStartTransaction(fw, 0);
@@ -3019,14 +3016,10 @@ ebtablesApplyDHCPOnlyRules(const char *ifname,
if (virFirewallApply(fw) < 0)
goto tear_down_tmpebchains;
- virFirewallFree(fw);
-
return 0;
tear_down_tmpebchains:
ebtablesCleanAll(ifname);
- error:
- virFirewallFree(fw);
return -1;
}
@@ -3045,10 +3038,10 @@ ebtablesApplyDropAllRules(const char *ifname)
{
char chain_in [MAX_CHAINNAME_LENGTH],
chain_out[MAX_CHAINNAME_LENGTH];
- virFirewallPtr fw = virFirewallNew();
+ g_autoptr(virFirewall) fw = virFirewallNew();
if (ebiptablesAllTeardown(ifname) < 0)
- goto error;
+ return -1;
virFirewallStartTransaction(fw, 0);
@@ -3074,13 +3067,10 @@ ebtablesApplyDropAllRules(const char *ifname)
if (virFirewallApply(fw) < 0)
goto tear_down_tmpebchains;
- virFirewallFree(fw);
return 0;
tear_down_tmpebchains:
ebtablesCleanAll(ifname);
- error:
- virFirewallFree(fw);
return -1;
}
@@ -3095,8 +3085,7 @@ ebtablesRemoveBasicRules(const char *ifname)
static int
ebtablesCleanAll(const char *ifname)
{
- virFirewallPtr fw = virFirewallNew();
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
@@ -3112,9 +3101,7 @@ ebtablesCleanAll(const char *ifname)
ebtablesRemoveTmpRootChainFW(fw, true, ifname);
ebtablesRemoveTmpRootChainFW(fw, false, ifname);
- ret = virFirewallApply(fw);
- virFirewallFree(fw);
- return ret;
+ return virFirewallApply(fw);
}
@@ -3362,7 +3349,7 @@ ebiptablesApplyNewRules(const char *ifname,
size_t nrules)
{
size_t i, j;
- virFirewallPtr fw = virFirewallNew();
+ g_autoptr(virFirewall) fw = virFirewallNew();
virHashTablePtr chains_in_set = virHashCreate(10, NULL);
virHashTablePtr chains_out_set = virHashCreate(10, NULL);
bool haveEbtables = false;
@@ -3563,7 +3550,6 @@ ebiptablesApplyNewRules(const char *ifname,
for (i = 0; i < nsubchains; i++)
VIR_FREE(subchains[i]);
VIR_FREE(subchains);
- virFirewallFree(fw);
virHashFree(chains_in_set);
virHashFree(chains_out_set);
@@ -3591,23 +3577,19 @@ ebiptablesTearNewRulesFW(virFirewallPtr fw, const char *ifname)
static int
ebiptablesTearNewRules(const char *ifname)
{
- virFirewallPtr fw = virFirewallNew();
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
ebiptablesTearNewRulesFW(fw, ifname);
- ret = virFirewallApply(fw);
- virFirewallFree(fw);
- return ret;
+ return virFirewallApply(fw);
}
static int
ebiptablesTearOldRules(const char *ifname)
{
- virFirewallPtr fw = virFirewallNew();
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
@@ -3626,9 +3608,7 @@ ebiptablesTearOldRules(const char *ifname)
ebtablesRemoveRootChainFW(fw, false, ifname);
ebtablesRenameTmpSubAndRootChainsFW(fw, ifname);
- ret = virFirewallApply(fw);
- virFirewallFree(fw);
- return ret;
+ return virFirewallApply(fw);
}
@@ -3644,8 +3624,7 @@ ebiptablesTearOldRules(const char *ifname)
static int
ebiptablesAllTeardown(const char *ifname)
{
- virFirewallPtr fw = virFirewallNew();
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
@@ -3667,9 +3646,7 @@ ebiptablesAllTeardown(const char *ifname)
ebtablesRemoveRootChainFW(fw, true, ifname);
ebtablesRemoveRootChainFW(fw, false, ifname);
- ret = virFirewallApply(fw);
- virFirewallFree(fw);
- return ret;
+ return virFirewallApply(fw);
}
@@ -3754,8 +3731,7 @@ static int
ebiptablesDriverProbeStateMatch(void)
{
unsigned long version;
- virFirewallPtr fw = virFirewallNew();
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
virFirewallStartTransaction(fw, 0);
virFirewallAddRuleFull(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -3763,7 +3739,7 @@ ebiptablesDriverProbeStateMatch(void)
"--version", NULL);
if (virFirewallApply(fw) < 0)
- goto cleanup;
+ return -1;
/*
* since version 1.4.16 '-m state --state ...' will be converted to
@@ -3772,10 +3748,7 @@ ebiptablesDriverProbeStateMatch(void)
if (version >= 1 * 1000000 + 4 * 1000 + 16)
newMatchState = true;
- ret = 0;
- cleanup:
- virFirewallFree(fw);
- return ret;
+ return 0;
}
static int
diff --git a/src/util/virebtables.c b/src/util/virebtables.c
index 14a922834a..610c399414 100644
--- a/src/util/virebtables.c
+++ b/src/util/virebtables.c
@@ -82,10 +82,8 @@ ebtablesContextFree(ebtablesContext *ctx)
int
ebtablesAddForwardPolicyReject(ebtablesContext *ctx)
{
- virFirewallPtr fw = NULL;
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
- fw = virFirewallNew();
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
"--new-chain", ctx->chain,
@@ -99,13 +97,7 @@ ebtablesAddForwardPolicyReject(ebtablesContext *ctx)
"-P", ctx->chain, "DROP",
NULL);
- if (virFirewallApply(fw) < 0)
- goto cleanup;
-
- ret = 0;
- cleanup:
- virFirewallFree(fw);
- return ret;
+ return virFirewallApply(fw);
}
@@ -118,10 +110,8 @@ ebtablesForwardAllowIn(ebtablesContext *ctx,
const char *macaddr,
int action)
{
- virFirewallPtr fw = NULL;
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
- fw = virFirewallNew();
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
action == ADD ? "--insert" : "--delete",
@@ -131,13 +121,7 @@ ebtablesForwardAllowIn(ebtablesContext *ctx,
"--jump", "ACCEPT",
NULL);
- if (virFirewallApply(fw) < 0)
- goto cleanup;
-
- ret = 0;
- cleanup:
- virFirewallFree(fw);
- return ret;
+ return virFirewallApply(fw);
}
/**
diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 8ccce835b2..b5dd2edbd3 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -128,8 +128,7 @@ iptablesPrivateChainCreate(virFirewallPtr fw,
int
iptablesSetupPrivateChains(virFirewallLayer layer)
{
- virFirewallPtr fw = NULL;
- int ret = -1;
+ g_autoptr(virFirewall) fw = virFirewallNew();
iptablesGlobalChain filter_chains[] = {
{"INPUT", "LIBVIRT_INP"},
{"OUTPUT", "LIBVIRT_OUT"},
@@ -151,8 +150,6 @@ iptablesSetupPrivateChains(virFirewallLayer layer)
};
size_t i;
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
for (i = 0; i < G_N_ELEMENTS(data); i++)
@@ -162,14 +159,9 @@ iptablesSetupPrivateChains(virFirewallLayer layer)
"--list-rules", NULL);
if (virFirewallApply(fw) < 0)
- goto cleanup;
-
- ret = changed ? 1 : 0;
-
- cleanup:
+ return -1;
- virFirewallFree(fw);
- return ret;
+ return changed ? 1 : 0;
}
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index c4827918c3..a11cbe0e23 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -200,7 +200,7 @@ static int
testFirewallSingleGroup(const void *opaque)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -217,8 +217,6 @@ testFirewallSingleGroup(const void *opaque)
else
fwBuf = &cmdbuf;
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -247,7 +245,6 @@ testFirewallSingleGroup(const void *opaque)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -256,7 +253,7 @@ static int
testFirewallRemoveRule(const void *opaque)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -274,8 +271,6 @@ testFirewallRemoveRule(const void *opaque)
else
fwBuf = &cmdbuf;
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -310,7 +305,6 @@ testFirewallRemoveRule(const void *opaque)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -319,7 +313,7 @@ static int
testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -338,8 +332,6 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
else
fwBuf = &cmdbuf;
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -380,7 +372,6 @@ testFirewallManyGroups(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -410,7 +401,7 @@ static int
testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -431,8 +422,6 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
fwError = true;
}
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -473,7 +462,6 @@ testFirewallIgnoreFailGroup(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -482,7 +470,7 @@ static int
testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -503,8 +491,6 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
fwError = true;
}
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -544,7 +530,6 @@ testFirewallIgnoreFailRule(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -553,7 +538,7 @@ static int
testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -572,8 +557,6 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
fwError = true;
}
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -609,7 +592,6 @@ testFirewallNoRollback(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -617,7 +599,7 @@ static int
testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -639,8 +621,6 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
fwBuf = &cmdbuf;
}
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -693,7 +673,6 @@ testFirewallSingleRollback(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -701,7 +680,7 @@ static int
testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -722,8 +701,6 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
fwError = true;
}
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -780,7 +757,6 @@ testFirewallManyRollback(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -788,7 +764,7 @@ static int
testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -813,8 +789,6 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
fwError = true;
}
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -897,7 +871,6 @@ testFirewallChainedRollback(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
@@ -982,7 +955,7 @@ static int
testFirewallQuery(const void *opaque G_GNUC_UNUSED)
{
virBuffer cmdbuf = VIR_BUFFER_INITIALIZER;
- virFirewallPtr fw = NULL;
+ g_autoptr(virFirewall) fw = virFirewallNew();
int ret = -1;
const char *actual = NULL;
const char *expected =
@@ -1010,8 +983,6 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
fwError = true;
}
- fw = virFirewallNew();
-
virFirewallStartTransaction(fw, 0);
virFirewallAddRule(fw, VIR_FIREWALL_LAYER_IPV4,
@@ -1076,7 +1047,6 @@ testFirewallQuery(const void *opaque G_GNUC_UNUSED)
virBufferFreeAndReset(&cmdbuf);
fwBuf = NULL;
virCommandSetDryRun(NULL, NULL, NULL);
- virFirewallFree(fw);
return ret;
}
--
2.25.4
